docs/172913: [ipsec] [patch] setkey(8) is unclear on anti-replay window size option semantics
John W. O'Brien
john at saltant.com
Sat Oct 20 21:10:01 UTC 2012
>Number: 172913
>Category: docs
>Synopsis: [ipsec] [patch] setkey(8) is unclear on anti-replay window size option semantics
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-doc
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: doc-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Oct 20 21:10:00 UTC 2012
>Closed-Date:
>Last-Modified:
>Originator: John W. O'Brien
>Release: 9.1-PRERELEASE
>Organization:
Saltant Solutions
>Environment:
FreeBSD XXXX.saltant.net 9.1-PRERELEASE FreeBSD 9.1-PRERELEASE #0 r241198: Thu Oct 4 17:24:35 EDT 2012 root at XXXX.saltant.net:/usr/obj/usr/src/sys/NIPPL amd64
>Description:
The manpage for setkey(8) does not crisply and unambiguously explain how to choose and specify a value for the -r option.
>How-To-Repeat:
Read setkey(8) to learn how to specify the anti-replay window size when creating an SA from the command line.
>Fix:
Apply the attached patch to head/sbin/setkey/setkey.8
Patch attached with submission follows:
Index: setkey.8
===================================================================
--- setkey.8 (revision 241789)
+++ setkey.8 (working copy)
@@ -29,7 +29,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd May 13, 2006
+.Dd Oct 20, 2012
.Dt SETKEY 8
.Os
.\"
@@ -289,12 +289,13 @@
.Li any .
.\"
.It Fl r Ar size
-Specify window size of bytes for replay prevention.
+Specify the bitmap size in octets of the anti-replay window.
.Ar size
-must be decimal number in 32-bit word.
+is a 32-bit unsigned integer, and its value is one eighth of the
+anti-replay window size in packets.
If
.Ar size
-is zero or not specified, replay check does not take place.
+is zero or not specified, an anti-replay check does not take place.
.\"
.It Fl u Ar id
Specify the identifier of the policy entry in SPD.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-doc
mailing list