setkey.8 - OpenGrok cross reference for /freebsd/sbin/setkey/setkey.8

Lines Matching +full:p +full:- +full:384
77 .Bl -tag -width indent
81 .Fl P ,
86 .Fl P ,
92 .Fl P
98 .Fl P
133 .Bl -tag -width indent
200 .Ar src_range Ar dst_range Ar upperspec Fl P Ar direction
223 Meta-arguments are as follows:
225 .Bl -tag -compact -width indent
254 .Bl -tag -width Fl -compact
257 .It Li esp-old
261 .It Li ah-old
266 TCP-MD5 based on rfc2385
284 .Bl -tag -width Fl natt_mtu -compact
297 Specify the bitmap size in octets of the anti-replay window.
299 is a 32-bit unsigned integer, and its value is one eighth of the
300 anti-replay window size in packets.
303 is zero or not specified, an anti-replay check does not take place.
314 .Bl -tag -width random-pad -compact
315 .It Li zero-pad
317 .It Li random-pad
319 .It Li seq-pad
323 .It Fl f Li nocyclic-seq
330 Manually configure NAT-T for the SA, by specifying initiator
343 Configure NAT-T fragment size.
355 .Bl -tag -width Fl -compact
384 the kernel will use well-known CPI on wire, and
390 must be double-quoted character string, or a series of hexadecimal digits
408 .Bd -unfilled
458 .Dl "spdadd ::/0 ::/0 icmp6 135,0 -P in none;"
474 .Bl -tag -width 2n -compact
475 .It Fl P Ar direction Li discard
476 .It Fl P Ar direction Li none
477 .It Xo Fl P Ar direction Li ipsec
478 .Ar protocol/mode/src-dst/level Op ...
482 .Bl -tag -compact -width "policy level"
496 .Bl -compact -bullet
513 .It Ar protocol/mode/src-dst/level
515 .Ar protocol/mode/src-dst/level
517 .Bl -compact -bullet
539 you must specify the end-point addresses of the SA as
544 .Sq - ,
566 .Bl -compact -bullet
589 but, in addition, it allows the policy to bind with the unique out-bound SA.
593 .Xr racoon 8 Pq Pa ports/security/ipsec-tools
643 .Bd -literal -offset indent
645 hmac-sha1	160		ah/esp: rfc2404
646 		160		ah-old/esp-old: 128bit ICV (no document)
648 hmac-sha2-256	256		ah/esp: 128bit ICV (RFC4868)
649 		256		ah-old/esp-old: 128bit ICV (no document)
650 hmac-sha2-384	384		ah/esp: 192bit ICV (RFC4868)
651 		384		ah-old/esp-old: 128bit ICV (no document)
652 hmac-sha2-512	512		ah/esp: 256bit ICV (RFC4868)
653 		512		ah-old/esp-old: 128bit ICV (no document)
654 aes-xcbc-mac	128		ah/esp: 96bit ICV (RFC3566)
655 		128		ah-old/esp-old: 128bit ICV (no document)
656 tcp-md5		8 to 640	tcp: rfc2385
657 chacha20-poly1305	256	ah/esp: 128bit ICV (RFC7634)
667 .Bd -literal -offset indent
670 aes-cbc		128/192/256	rfc3602
671 aes-ctr		160/224/288	rfc3686
672 aes-gcm-16	160/224/288	AEAD; rfc4106
673 chacha20-poly1305	256	rfc7634
677 .Li aes-ctr
679 .Li aes-gcm-16
684 .Li aes-gcm-16
697 .Bd -literal -offset indent
703 .Ex -std
707 AES-GCM AEAD algorithm.
708 .Bd -literal -offset indent
710 	-E aes-gcm-16 0x3ffe050148193ffe050148193ffe050148193ffe ;
715 .Bd -literal -offset indent
716 add -6 myhost.example.com yourhost.example.com ah 123456
717 	-A hmac-sha2-256 "AH SA configuration!" ;
721 .Bd -literal -offset indent
726 .Bd -literal -offset indent
731 .Bd -literal -offset indent
736 .Bd -literal -offset indent
738 	-P out ipsec esp/tunnel/192.168.0.1-192.168.1.2/require ;
742 .Bd -literal -offset indent
743 add 10.1.10.34 10.1.10.36 tcp 0x1000 -A tcp-md5 "TCP-MD5 BGP secret" ;
744 add 10.1.10.36 10.1.10.34 tcp 0x1001 -A tcp-md5 "TCP-MD5 BGP secret" ;
750 .Xr racoon 8 Pq Pa ports/security/ipsec-tools ,
762 The utility was completely re-designed in June 1998.
778 (cannot inspect upper-layer headers).