diff options
Diffstat (limited to 'security/skip/files/patch-au')
-rw-r--r-- | security/skip/files/patch-au | 105 |
1 files changed, 27 insertions, 78 deletions
diff --git a/security/skip/files/patch-au b/security/skip/files/patch-au index 8c7922f5de7b..4a77530b6c78 100644 --- a/security/skip/files/patch-au +++ b/security/skip/files/patch-au @@ -1,78 +1,27 @@ -diff -ur --unidirectional-new-file skipsrc-1.0.orig/doc/README.FreeBSD skipsrc-1.0/doc/README.FreeBSD ---- skipsrc-1.0.orig/doc/README.FreeBSD Wed Dec 31 16:00:00 1969 -+++ skipsrc-1.0/doc/README.FreeBSD Sun Apr 12 16:10:32 1998 -@@ -0,0 +1,74 @@ -+ -+Some notes regarding the FreeBSD port of SKIP -+December 8, 1997 -+ -+- Most of the non-man page documentation has NOT be patched to -+ reflect the different locations of files, etc. The main difference -+ is that the original version of SKIP puts everything under /usr/skip, -+ wheras the FreeBSD port puts it under /usr/local (or elsewhere if -+ you set ${PREFIX}). This documentation can be found under -+ /usr/local/share/doc/skip. -+ -+- Thanks to S. Wehner, skiphost now takes a new argument for specifying -+ the source address for encrypted packets. This allows encrypted packets -+ that are being tunnelled between two routers to have source and dest -+ IP addresses of only those two routers. This reduces firewall complexity -+ in many cases. From his description: -+ -+ This adds another command line option to skiphost, namely -+ -f <source address> . Every packet going out to the other host -+ will then have this source address in the packet. -+ -+- SKIP is applied to packets *after* any ipfw(8) filtering is applied. -+ This is true for both incoming and outgoing packets. Note that SKIP -+ has its own access control functionality. -+ -+ One way to deal with this is to do the following: -+ -+ - Setup ipfw as you normally would to restrict access to your machine. -+ - Add additional ipfw rules to allow SKIP related traffic: -+ - ipfw add 10 allow 57 from any to any -+ - ipfw add 10 allow 79 from any to any (if using SunScreen mode) -+ - ipfw add 10 allow 50 from any to any (if using raw ESP/AH mode) -+ - ipfw add 10 allow 51 from any to any (if using raw ESP/AH mode) -+ - ipfw add 10 allow udp from any to <your-address> 1640 -+ - ipfw add 10 allow udp from <your-address> 1640 to any -+ - Set the default rule for SKIP to be to allow access. -+ -+- Skipd will logs via syslog(3) instead of logging directly -+ to /var/log/skip.log as before, using the LOG_DAEMON facility. -+ -+ You may want to redirect this output to its own log file. -+ This is done by the following steps: -+ -+ 1. touch /var/log/skipd.log -+ 2. Edit /etc/syslog.conf and add these lines at the end: -+ -+ !skipd -+ *.* /var/log/skipd.log -+ -+ 3. Edit /etc/newsyslog.conf as appropriate -+ 4. Restart syslogd -+ -+- Each time skip is started (at reboot time), the skiphost -+ output is written to /var/log/skiphost.log. You may also -+ want to add an entry to /etc/newsyslog.conf for this one -+ as well. -+ -+- Users of skip should subscribe to the SKIP mailing list -+ by sending an email to "majordomo@skip.org" containing -+ the line "subscribe skip-info". -+ -+- If you have trouble: -+ -+ - If there is a problem with the port itself (e.g., it won't -+ compile on your system), use send-pr(1) to send a problem report. -+ -+ - If you are having trouble with SKIP configuration, use, -+ compatibility, etc., send your questions to the SKIP -+ mailing list: skip-info@skip.org (you should subscribe -+ to it first). -+ -+Thanks, -+-Archie Cobbs <archie@whistle.com> -+ +diff -ur --unidirectional-new-file skipsrc-1.0.orig/doc/INSTALL work.new/doc/INSTALL +--- skipsrc-1.0.orig/doc/INSTALL Fri Oct 25 13:11:55 1996 ++++ work.new/doc/INSTALL Mon Mar 8 21:33:38 1999 +@@ -1,6 +1,13 @@ + Quick-Start Guide + ----------------- + ++ *** ++ *** NOTE TO FREEBSD PORT USERS ++ *** ++ *** If you've installed SKIP using the FreeBSD port ++ *** or package, you can go directly to step #4. ++ *** ++ + This is a quick-start guide for SKIP. It covers installing the SKIP + binaries and setting up IP-level encryption between two hosts. + +@@ -64,7 +71,8 @@ + View the key manager log file to see if the the certificate + exchange and the shared secret computation succeeded: + +- tail /var/log/skip.log ++ tail /var/log/skiphost.log ++ tail /var/log/messages + + If you have tcpdump, etherfind, snoop, or some other packet dumping + utility, you can verify that encrypted packets are using protocol 57. |