summaryrefslogtreecommitdiff
path: root/security/skip/files/patch-au
diff options
context:
space:
mode:
Diffstat (limited to 'security/skip/files/patch-au')
-rw-r--r--security/skip/files/patch-au105
1 files changed, 27 insertions, 78 deletions
diff --git a/security/skip/files/patch-au b/security/skip/files/patch-au
index 8c7922f5de7b..4a77530b6c78 100644
--- a/security/skip/files/patch-au
+++ b/security/skip/files/patch-au
@@ -1,78 +1,27 @@
-diff -ur --unidirectional-new-file skipsrc-1.0.orig/doc/README.FreeBSD skipsrc-1.0/doc/README.FreeBSD
---- skipsrc-1.0.orig/doc/README.FreeBSD Wed Dec 31 16:00:00 1969
-+++ skipsrc-1.0/doc/README.FreeBSD Sun Apr 12 16:10:32 1998
-@@ -0,0 +1,74 @@
-+
-+Some notes regarding the FreeBSD port of SKIP
-+December 8, 1997
-+
-+- Most of the non-man page documentation has NOT be patched to
-+ reflect the different locations of files, etc. The main difference
-+ is that the original version of SKIP puts everything under /usr/skip,
-+ wheras the FreeBSD port puts it under /usr/local (or elsewhere if
-+ you set ${PREFIX}). This documentation can be found under
-+ /usr/local/share/doc/skip.
-+
-+- Thanks to S. Wehner, skiphost now takes a new argument for specifying
-+ the source address for encrypted packets. This allows encrypted packets
-+ that are being tunnelled between two routers to have source and dest
-+ IP addresses of only those two routers. This reduces firewall complexity
-+ in many cases. From his description:
-+
-+ This adds another command line option to skiphost, namely
-+ -f <source address> . Every packet going out to the other host
-+ will then have this source address in the packet.
-+
-+- SKIP is applied to packets *after* any ipfw(8) filtering is applied.
-+ This is true for both incoming and outgoing packets. Note that SKIP
-+ has its own access control functionality.
-+
-+ One way to deal with this is to do the following:
-+
-+ - Setup ipfw as you normally would to restrict access to your machine.
-+ - Add additional ipfw rules to allow SKIP related traffic:
-+ - ipfw add 10 allow 57 from any to any
-+ - ipfw add 10 allow 79 from any to any (if using SunScreen mode)
-+ - ipfw add 10 allow 50 from any to any (if using raw ESP/AH mode)
-+ - ipfw add 10 allow 51 from any to any (if using raw ESP/AH mode)
-+ - ipfw add 10 allow udp from any to <your-address> 1640
-+ - ipfw add 10 allow udp from <your-address> 1640 to any
-+ - Set the default rule for SKIP to be to allow access.
-+
-+- Skipd will logs via syslog(3) instead of logging directly
-+ to /var/log/skip.log as before, using the LOG_DAEMON facility.
-+
-+ You may want to redirect this output to its own log file.
-+ This is done by the following steps:
-+
-+ 1. touch /var/log/skipd.log
-+ 2. Edit /etc/syslog.conf and add these lines at the end:
-+
-+ !skipd
-+ *.* /var/log/skipd.log
-+
-+ 3. Edit /etc/newsyslog.conf as appropriate
-+ 4. Restart syslogd
-+
-+- Each time skip is started (at reboot time), the skiphost
-+ output is written to /var/log/skiphost.log. You may also
-+ want to add an entry to /etc/newsyslog.conf for this one
-+ as well.
-+
-+- Users of skip should subscribe to the SKIP mailing list
-+ by sending an email to "majordomo@skip.org" containing
-+ the line "subscribe skip-info".
-+
-+- If you have trouble:
-+
-+ - If there is a problem with the port itself (e.g., it won't
-+ compile on your system), use send-pr(1) to send a problem report.
-+
-+ - If you are having trouble with SKIP configuration, use,
-+ compatibility, etc., send your questions to the SKIP
-+ mailing list: skip-info@skip.org (you should subscribe
-+ to it first).
-+
-+Thanks,
-+-Archie Cobbs <archie@whistle.com>
-+
+diff -ur --unidirectional-new-file skipsrc-1.0.orig/doc/INSTALL work.new/doc/INSTALL
+--- skipsrc-1.0.orig/doc/INSTALL Fri Oct 25 13:11:55 1996
++++ work.new/doc/INSTALL Mon Mar 8 21:33:38 1999
+@@ -1,6 +1,13 @@
+ Quick-Start Guide
+ -----------------
+
++ ***
++ *** NOTE TO FREEBSD PORT USERS
++ ***
++ *** If you've installed SKIP using the FreeBSD port
++ *** or package, you can go directly to step #4.
++ ***
++
+ This is a quick-start guide for SKIP. It covers installing the SKIP
+ binaries and setting up IP-level encryption between two hosts.
+
+@@ -64,7 +71,8 @@
+ View the key manager log file to see if the the certificate
+ exchange and the shared secret computation succeeded:
+
+- tail /var/log/skip.log
++ tail /var/log/skiphost.log
++ tail /var/log/messages
+
+ If you have tcpdump, etherfind, snoop, or some other packet dumping
+ utility, you can verify that encrypted packets are using protocol 57.
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-13 01:36:51 +0000