summaryrefslogtreecommitdiff
path: root/usr/src/man/man7p/pf_key.7p
diff options
context:
space:
mode:
Diffstat (limited to 'usr/src/man/man7p/pf_key.7p')
-rw-r--r--usr/src/man/man7p/pf_key.7p25
1 files changed, 2 insertions, 23 deletions
diff --git a/usr/src/man/man7p/pf_key.7p b/usr/src/man/man7p/pf_key.7p
index 453dc81aa0..1c904048f4 100644
--- a/usr/src/man/man7p/pf_key.7p
+++ b/usr/src/man/man7p/pf_key.7p
@@ -4,11 +4,10 @@
.\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License"). You may not use this file except in compliance with the License.
.\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing. See the License for the specific language governing permissions and limitations under the License.
.\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE. If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
-.TH PF_KEY 7P "Jan 12, 2018"
+.TH PF_KEY 7P "December 28, 2020"
.SH NAME
pf_key \- Security association database interface
.SH SYNOPSIS
-.LP
.nf
#include <sys/types.h>
#include <sys/socket.h>
@@ -20,7 +19,6 @@ pf_key \- Security association database interface
.fi
.SH DESCRIPTION
-.LP
Keying information for IPsec security services is maintained in security
association databases (\fBSADB\fRs). The security associations (\fBSA\fRs) are
used to protect both inbound and outbound packets.
@@ -52,7 +50,6 @@ message and all extensions must be eight-byte aligned. An example message is
the \fBGET\fR message, which requires the base header, the \fBSA \fRextension,
and the \fBADDRESS_DST\fR extension.
.SS "Messages"
-.LP
Messages include:
.sp
.in +2
@@ -229,7 +226,7 @@ struct sadb_key {
.fi
.in -2
-.SS "Indentity Extension"
+.SS "Identity Extension"
.in +2
.nf
struct sadb_ident {
@@ -411,7 +408,6 @@ struct sadb_x_pair {
.in -2
.SS "Message Use and Behavior"
-.LP
Each message has a behavior. A behavior is defined as where the initial message
travels, for example, user to kernel, and what subsequent actions are expected
to take place. Contents of messages are illustrated as:
@@ -512,7 +508,6 @@ Message exceeds the maximum length allowed.
.LP
The following are examples of message use and behavior:
.SS "\fBSADB_GETSPI\fR"
-.LP
Send a \fBSADB_GETSPI\fR message from a user process to the kernel.
.sp
.in +2
@@ -532,7 +527,6 @@ The kernel returns the \fBSADB_GETSPI\fR message to all listening processes.
.in -2
.SS "\fBSADB_UPDATE\fR"
-.LP
Send a \fBSADB_UPDATE\fR message from a user process to the kernel.
.sp
.in +2
@@ -560,7 +554,6 @@ security association contained in that extension. The resulting security
association "pair" can be updated or as a single entity using the
\fBSADB_X_UPDATEPAIR\fR or \fBSADB_X_DELPAIR\fR message types.
.SS "\fBSADB_ADD\fR"
-.LP
Send a \fBSADB_ADD\fR message from a user process to the kernel.
.sp
.in +2
@@ -582,7 +575,6 @@ The kernel returns the \fBSADB_ADD\fR message to all listening processes.
.in -2
.SS "\fBSADB_X_UPDATEPAIR\fR"
-.LP
Send a \fBSADB_X_UPDATEPAIR\fR message from a user process to the kernel.
This message type is used to update the lifetime values of a security
association and the lifetime values of the security association it is paired
@@ -595,7 +587,6 @@ with.
.in -2
.SS "\fBSADB_DELETE | SADB_X_DELPAIR\fR"
-.LP
Send a \fBSADB_DELETE\fR message from a user process to the kernel. The
\fBSADB_X_DELPAIR\fR message type will request deletion of the security
association and the security association it is paired with.
@@ -617,7 +608,6 @@ The kernel returns the \fBSADB_DELETE\fR message to all listening processes.
.in -2
.SS "\fBSADB_GET\fR"
-.LP
Send a \fBSADB_GET\fR message from a user process to the kernel.
.sp
.in +2
@@ -639,7 +629,6 @@ The kernel returns the \fBSADB_GET\fR message to the socket that sent the
.in -2
.SS "\fBSADB_ACQUIRE\fR"
-.LP
The kernel sends a \fBSADB_ACQUIRE\fR message to registered sockets. Note that
any \fBGETSPI\fR, \fBADD\fR, or \fBUPDATE\fR calls in reaction to an
\fBACQUIRE\fR must fill in the \fBsadb_msg_seq\fR of those messages with the
@@ -678,7 +667,6 @@ If key management fails, send an \fBSADB_ACQUIRE\fR to indicate failure.
.in -2
.SS "\fBSADB_X_INVERSE_ACQUIRE\fR"
-.LP
For inbound Key Management processing, a Key Management application may wish to
consult the kernel for its policy. The application should send to the kernel:
.sp
@@ -700,7 +688,6 @@ The kernel returns a message similar to a kernel-generated extended ACQUIRE:
.in -2
.SS "\fBSADB_REGISTER\fR"
-.LP
Send a \fBSADB_REGISTER\fR message from a user process to the kernel.
.sp
.in +2
@@ -738,7 +725,6 @@ extended ACQUIREs.
Which returns a series of SADB_REGISTER replies (one for each security protocol
registered) from the kernel.
.SS "\fBSADB_EXPIRE\fR"
-.LP
The kernel sends a \fBSADB_EXPIRE\fR message to all listeners when the soft
limit of a security association has been expired.
.sp
@@ -749,7 +735,6 @@ limit of a security association has been expired.
.in -2
.SS "\fBSADB_FLUSH\fR"
-.LP
Send a \fBSADB_FLUSH\fR message from a user process to the kernel.
.sp
.in +2
@@ -769,7 +754,6 @@ The kernel returns the \fBSADB_FLUSH\fR message to all listening sockets.
.in -2
.SS "\fBSADB_DUMP\fR"
-.LP
Send a \fBSADB_DUMP\fR message from a user process to the kernel.
.sp
.in +2
@@ -802,7 +786,6 @@ To mark the end of a dump a single base header arrives with its
.in -2
.SS "\fBSADB_X_PROMISC\fR"
-.LP
Send a \fBSADB_X_PROMISC\fR message from a user process to the kernel.
.sp
.in +2
@@ -822,7 +805,6 @@ The kernel returns the \fBSADB_X_PROMISC\fR message to all listening processes.
.in -2
.SH DIAGNOSTICS
-.LP
The message returning from the kernel will contain a diagnostic value in the
base message header, the diagnostic value will indicate if action requested by
the original message was a success.
@@ -939,7 +921,6 @@ Diagnostic Values:
.in -2
.SH ATTRIBUTES
-.LP
See \fBattributes\fR(5) for descriptions of the following attributes:
.sp
@@ -953,7 +934,6 @@ Interface Stability Evolving
.TE
.SH SEE ALSO
-.LP
\fBin.iked\fR(1M), \fBipseckey\fR(1M), \fBsockaddr\fR(3SOCKET),
\fBipsec\fR(7P), \fBipsecah\fR(7P),
\fBipsecesp\fR(7P), \fBroute\fR(7P), \fBudp\fR(7P)
@@ -962,6 +942,5 @@ Interface Stability Evolving
McDonald, D.L., Metz, C.W., and Phan, B.G., \fIRFC 2367, PF_KEY Key Management
API, Version 2\fR, The Internet Society, July 1998.
.SH NOTES
-.LP
Time-based lifetimes may not expire with exact precision in seconds because
kernel load may affect the aging of \fBSA\fR's.
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-04 23:02:58 +0000