diff --git a/ja_JP.eucJP/books/handbook/security/chapter.sgml b/ja_JP.eucJP/books/handbook/security/chapter.sgml
index 3c64811c22..4e462665d0 100644
--- a/ja_JP.eucJP/books/handbook/security/chapter.sgml
+++ b/ja_JP.eucJP/books/handbook/security/chapter.sgml
@@ -2,7 +2,7 @@
The FreeBSD Documentation Project
The FreeBSD Japanese Documentation Project
- Original revision: 1.113
+ Original revision: 1.114
Waiting for: 1.123 or mac/chapter.sgml
("mac" referenced from disks).
Translation note: "fs-acl" section added in rev.1.118 is moved to
@@ -3193,13 +3193,11 @@ options IPSEC_ESP #IP security (crypto; define w/IPSEC)</progr
<para>���ˡ��������ƥ��������������������ꤷ�ޤ��礦���ۥ���
A �ȥۥ��� B ��ξ���ǡ�&man.setkey.8; ��¹Ԥ��ޤ���</para>
- <screen>
-&prompt.root; <userinput>setkey -c
-add 10.2.3.4 10.6.7.8 ah-old 1000 -m transport -A keyed-md5 "MYSECRETMYSECRET" ;
-add 10.6.7.8 10.2.3.4 ah 2000 -m transport -A hmac-sha1 "KAMEKAMEKAMEKAMEKAME" ;
-add 10.6.7.8 10.2.3.4 esp 3000 -m transport -E des-cbc "PASSWORD" ;
-^D</userinput>
-</screen>
+ <screen>&prompt.root; <userinput>setkey -c
+ add 10.2.3.4 10.6.7.8 ah-old 1000 -m transport -A keyed-md5 "MYSECRETMYSECRET" ;
+ add 10.6.7.8 10.2.3.4 ah 2000 -m transport -A hmac-sha1 "KAMEKAMEKAMEKAMEKAME" ;
+ add 10.6.7.8 10.2.3.4 esp 3000 -m transport -E des-cbc "PASSWORD" ;
+ ^D</userinput></screen>
<para>�ºݤˤϡ��������ƥ��ݥꥷ�Υ���ȥ꤬��������ޤǤ�
IPsec �ˤ���̿��ϹԤ��ޤ���
@@ -3209,18 +3207,18 @@ add 10.6.7.8 10.2.3.4 esp 3000 -m transport -E des-cbc "PASSWORD" ;
A ��:
&prompt.root; <userinput>setkey -c
-spdadd 10.2.3.4 10.6.7.8 any -P out ipsec
+ spdadd 10.2.3.4 10.6.7.8 any -P out ipsec
ah/transport/10.2.3.4-10.6.7.8/require ;
-^D</userinput>
+ ^D</userinput>
B ��:
&prompt.root; <userinput>setkey -c
-spdadd 10.6.7.8 10.2.3.4 any -P out ipsec
+ spdadd 10.6.7.8 10.2.3.4 any -P out ipsec
esp/transport/10.6.7.8-10.2.3.4/require ;
-spdadd 10.6.7.8 10.2.3.4 any -P out ipsec
+ spdadd 10.6.7.8 10.2.3.4 any -P out ipsec
ah/transport/10.6.7.8-10.2.3.4/require ;
-^D</userinput>
+ ^D</userinput>
�ۥ��� A -------------------------------------> �ۥ��� B
@@ -3252,38 +3250,35 @@ spdadd 10.6.7.8 10.2.3.4 any -P out ipsec
ǧ�ڥ��르�ꥺ��� hmac-sha1 �ǡ����θ��� <quote>this is the test
key</quote> �Ȥ��ޤ����ۥ���-A ������ϼ��Τ褦�ˤʤ�ޤ���</para>
- <screen>
- &prompt.root; <userinput>setkey -c <<<filename>EOF</filename>
- spdadd fec0::10[any] fec0::11[110] tcp -P out ipsec
- esp/transport/fec0::10-fec0::11/use ;
- spdadd fec0::11[110] fec0::10[any] tcp -P in ipsec
- esp/transport/fec0::11-fec0::10/use ;
- add fec0::10 fec0::11 esp 0x10001
- -m transport
- -E blowfish-cbc "kamekame"
- -A hmac-sha1 "this is the test key" ;
- add fec0::11 fec0::10 esp 0x10002
- -m transport
- -E blowfish-cbc "kamekame"
- -A hmac-sha1 "this is the test key" ;
- EOF</userinput>
-</screen>
+ <screen>&prompt.root; <userinput>setkey -c <<<filename>EOF</filename>
+ spdadd fec0::10[any] fec0::11[110] tcp -P out ipsec
+ esp/transport/fec0::10-fec0::11/use ;
+ spdadd fec0::11[110] fec0::10[any] tcp -P in ipsec
+ esp/transport/fec0::11-fec0::10/use ;
+ add fec0::10 fec0::11 esp 0x10001
+ -m transport
+ -E blowfish-cbc "kamekame"
+ -A hmac-sha1 "this is the test key" ;
+ add fec0::11 fec0::10 esp 0x10002
+ -m transport
+ -E blowfish-cbc "kamekame"
+ -A hmac-sha1 "this is the test key" ;
+ EOF</userinput></screen>
<para>�����ƥۥ���-B ������ϼ��Τ褦�ˤʤ�ޤ���</para>
<screen>&prompt.root; <userinput>setkey -c <<<filename>EOF</filename>
- spdadd fec0::11[110] fec0::10[any] tcp -P out ipsec
- esp/transport/fec0::11-fec0::10/use ;
- spdadd fec0::10[any] fec0::11[110] tcp -P in ipsec
- esp/transport/fec0::10-fec0::11/use ;
- add fec0::10 fec0::11 esp 0x10001 -m transport
- -E blowfish-cbc "kamekame"
- -A hmac-sha1 "this is the test key" ;
- add fec0::11 fec0::10 esp 0x10002 -m transport
- -E blowfish-cbc "kamekame"
- -A hmac-sha1 "this is the test key" ;
- EOF</userinput>
-</screen>
+ spdadd fec0::11[110] fec0::10[any] tcp -P out ipsec
+ esp/transport/fec0::11-fec0::10/use ;
+ spdadd fec0::10[any] fec0::11[110] tcp -P in ipsec
+ esp/transport/fec0::10-fec0::11/use ;
+ add fec0::10 fec0::11 esp 0x10001 -m transport
+ -E blowfish-cbc "kamekame"
+ -A hmac-sha1 "this is the test key" ;
+ add fec0::11 fec0::10 esp 0x10002 -m transport
+ -E blowfish-cbc "kamekame"
+ -A hmac-sha1 "this is the test key" ;
+ EOF</userinput></screen>
<para>SP �����������դ��Ƥ���������</para>
</sect2>
@@ -3306,19 +3301,17 @@ spdadd 10.6.7.8 10.2.3.4 any -P out ipsec
<para>�����ȥ�����-A �ˤ���������ϼ��Τ褦�ˤʤ�ޤ���</para>
- <screen>
- &prompt.root; <userinput>setkey -c <<<filename>EOF</filename>
- spdadd 10.0.1.0/24 10.0.2.0/24 any -P out ipsec
- ah/tunnel/172.16.0.1-172.16.0.2/require ;
- spdadd 10.0.2.0/24 10.0.1.0/24 any -P in ipsec
- ah/tunnel/172.16.0.2-172.16.0.1/require ;
- add 172.16.0.1 172.16.0.2 ah-old 0x10003 -m any
- -A keyed-md5 "this is the test" ;
- add 172.16.0.2 172.16.0.1 ah-old 0x10004 -m any
- -A keyed-md5 "this is the test" ;
+ <screen>&prompt.root; <userinput>setkey -c <<<filename>EOF</filename>
+ spdadd 10.0.1.0/24 10.0.2.0/24 any -P out ipsec
+ ah/tunnel/172.16.0.1-172.16.0.2/require ;
+ spdadd 10.0.2.0/24 10.0.1.0/24 any -P in ipsec
+ ah/tunnel/172.16.0.2-172.16.0.1/require ;
+ add 172.16.0.1 172.16.0.2 ah-old 0x10003 -m any
+ -A keyed-md5 "this is the test" ;
+ add 172.16.0.2 172.16.0.1 ah-old 0x10004 -m any
+ -A keyed-md5 "this is the test" ;
- EOF</userinput>
-</screen>
+EOF</userinput></screen>
<para>�嵭����Τ褦�ˡ��⤷�ݡ����ֹ�ե�����ɤ�ʤ��ȡ�
<literal>[any]</literal> ��Ʊ����̣�ˤʤ�ޤ���<literal>-m</literal> �ϻ��Ѥ���� SA
@@ -3328,19 +3321,17 @@ spdadd 10.6.7.8 10.2.3.4 any -P out ipsec
<para>�����ƥ����ȥ�����-B �Ǥϼ��Τ褦�ˤʤ�ޤ���</para>
- <screen>
- &prompt.root; <userinput>setkey -c <<<filename>EOF</filename>
- spdadd 10.0.2.0/24 10.0.1.0/24 any -P out ipsec
- ah/tunnel/172.16.0.2-172.16.0.1/require ;
- spdadd 10.0.1.0/24 10.0.2.0/24 any -P in ipsec
- ah/tunnel/172.16.0.1-172.16.0.2/require ;
- add 172.16.0.1 172.16.0.2 ah-old 0x10003 -m any
- -A keyed-md5 "this is the test" ;
- add 172.16.0.2 172.16.0.1 ah-old 0x10004 -m any
- -A keyed-md5 "this is the test" ;
+ <screen>&prompt.root; <userinput>setkey -c <<<filename>EOF</filename>
+ spdadd 10.0.2.0/24 10.0.1.0/24 any -P out ipsec
+ ah/tunnel/172.16.0.2-172.16.0.1/require ;
+ spdadd 10.0.1.0/24 10.0.2.0/24 any -P in ipsec
+ ah/tunnel/172.16.0.1-172.16.0.2/require ;
+ add 172.16.0.1 172.16.0.2 ah-old 0x10003 -m any
+ -A keyed-md5 "this is the test" ;
+ add 172.16.0.2 172.16.0.1 ah-old 0x10004 -m any
+ -A keyed-md5 "this is the test" ;
- EOF</userinput>
-</screen>
+EOF</userinput></screen>
<para>����Υ������ƥ������ȥ������֤� SA ��«�κ���</para>
@@ -3365,27 +3356,25 @@ spdadd 10.6.7.8 10.2.3.4 any -P out ipsec
hmac-sha1 �Ȥ��ޤ���AH ��ǧ�ڥ��르�ꥺ��� hmac-md5 �Ȥ��ޤ���
�����ȥ�����-A �Ǥ�����ϼ��Τ褦�ˤʤ�ޤ���</para>
- <screen>
- &prompt.root; <userinput>setkey -c <<<filename>EOF</filename>
- spdadd fec0:0:0:1::/64 fec0:0:0:2::/64 any -P out ipsec
- esp/tunnel/fec0:0:0:1::1-fec0:0:0:2::1/require
- ah/transport/fec0:0:0:1::1-fec0:0:0:2::1/require ;
- spdadd fec0:0:0:2::/64 fec0:0:0:1::/64 any -P in ipsec
- esp/tunnel/fec0:0:0:2::1-fec0:0:0:1::1/require
- ah/transport/fec0:0:0:2::1-fec0:0:0:1::1/require ;
- add fec0:0:0:1::1 fec0:0:0:2::1 esp 0x10001 -m tunnel
- -E 3des-cbc "kamekame12341234kame1234"
- -A hmac-sha1 "this is the test key" ;
- add fec0:0:0:1::1 fec0:0:0:2::1 ah 0x10001 -m transport
- -A hmac-md5 "this is the test" ;
- add fec0:0:0:2::1 fec0:0:0:1::1 esp 0x10001 -m tunnel
- -E 3des-cbc "kamekame12341234kame1234"
- -A hmac-sha1 "this is the test key" ;
- add fec0:0:0:2::1 fec0:0:0:1::1 ah 0x10001 -m transport
- -A hmac-md5 "this is the test" ;
+ <screen>&prompt.root; <userinput>setkey -c <<<filename>EOF</filename>
+ spdadd fec0:0:0:1::/64 fec0:0:0:2::/64 any -P out ipsec
+ esp/tunnel/fec0:0:0:1::1-fec0:0:0:2::1/require
+ ah/transport/fec0:0:0:1::1-fec0:0:0:2::1/require ;
+ spdadd fec0:0:0:2::/64 fec0:0:0:1::/64 any -P in ipsec
+ esp/tunnel/fec0:0:0:2::1-fec0:0:0:1::1/require
+ ah/transport/fec0:0:0:2::1-fec0:0:0:1::1/require ;
+ add fec0:0:0:1::1 fec0:0:0:2::1 esp 0x10001 -m tunnel
+ -E 3des-cbc "kamekame12341234kame1234"
+ -A hmac-sha1 "this is the test key" ;
+ add fec0:0:0:1::1 fec0:0:0:2::1 ah 0x10001 -m transport
+ -A hmac-md5 "this is the test" ;
+ add fec0:0:0:2::1 fec0:0:0:1::1 esp 0x10001 -m tunnel
+ -E 3des-cbc "kamekame12341234kame1234"
+ -A hmac-sha1 "this is the test key" ;
+ add fec0:0:0:2::1 fec0:0:0:1::1 ah 0x10001 -m transport
+ -A hmac-md5 "this is the test" ;
- EOF</userinput>
-</screen>
+ EOF</userinput></screen>
<para>�ۤʤ��̿�ü�Ǥ� SA �κ���</para>
@@ -3407,31 +3396,29 @@ spdadd 10.6.7.8 10.2.3.4 any -P out ipsec
<para>�ۥ���-A �Ǥ�����ϼ��Τ褦�ˤʤ�ޤ���</para>
- <screen>
- &prompt.root; <userinput>setkey -c <<<filename>EOF</filename>
- spdadd fec0:0:0:1::1[any] fec0:0:0:2::2[80] tcp -P out ipsec
- esp/transport/fec0:0:0:1::1-fec0:0:0:2::2/use
- esp/tunnel/fec0:0:0:1::1-fec0:0:0:2::1/require ;
- spdadd fec0:0:0:2::1[80] fec0:0:0:1::1[any] tcp -P in ipsec
- esp/transport/fec0:0:0:2::2-fec0:0:0:l::1/use
- esp/tunnel/fec0:0:0:2::1-fec0:0:0:1::1/require ;
- add fec0:0:0:1::1 fec0:0:0:2::2 esp 0x10001
- -m transport
- -E cast128-cbc "12341234"
- -A hmac-sha1 "this is the test key" ;
- add fec0:0:0:1::1 fec0:0:0:2::1 esp 0x10002
- -E rc5-cbc "kamekame"
- -A hmac-md5 "this is the test" ;
- add fec0:0:0:2::2 fec0:0:0:1::1 esp 0x10003
- -m transport
- -E cast128-cbc "12341234"
- -A hmac-sha1 "this is the test key" ;
- add fec0:0:0:2::1 fec0:0:0:1::1 esp 0x10004
- -E rc5-cbc "kamekame"
- -A hmac-md5 "this is the test" ;
+ <screen>&prompt.root; <userinput>setkey -c <<<filename>EOF</filename>
+ spdadd fec0:0:0:1::1[any] fec0:0:0:2::2[80] tcp -P out ipsec
+ esp/transport/fec0:0:0:1::1-fec0:0:0:2::2/use
+ esp/tunnel/fec0:0:0:1::1-fec0:0:0:2::1/require ;
+ spdadd fec0:0:0:2::1[80] fec0:0:0:1::1[any] tcp -P in ipsec
+ esp/transport/fec0:0:0:2::2-fec0:0:0:l::1/use
+ esp/tunnel/fec0:0:0:2::1-fec0:0:0:1::1/require ;
+ add fec0:0:0:1::1 fec0:0:0:2::2 esp 0x10001
+ -m transport
+ -E cast128-cbc "12341234"
+ -A hmac-sha1 "this is the test key" ;
+ add fec0:0:0:1::1 fec0:0:0:2::1 esp 0x10002
+ -E rc5-cbc "kamekame"
+ -A hmac-md5 "this is the test" ;
+ add fec0:0:0:2::2 fec0:0:0:1::1 esp 0x10003
+ -m transport
+ -E cast128-cbc "12341234"
+ -A hmac-sha1 "this is the test key" ;
+ add fec0:0:0:2::1 fec0:0:0:1::1 esp 0x10004
+ -E rc5-cbc "kamekame"
+ -A hmac-md5 "this is the test" ;
- EOF</userinput>
-</screen>
+ EOF</userinput></screen>
</sect2>
</sect1>