From owner-man-jp-reviewer@jp.freebsd.org  Sun Apr  2 15:14:39 2000
Received: (from daemon@localhost)
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) id PAA60361;
	Sun, 2 Apr 2000 15:14:39 +0900 (JST)
	(envelope-from owner-man-jp-reviewer@jp.FreeBSD.org)
Received: from smtp1.interramp.com (smtp1.interramp.com [38.8.45.2])
	by castle.jp.freebsd.org (8.9.3+3.2W/8.7.3) with ESMTP id PAA60356
	for <man-jp-reviewer@jp.freebsd.org>; Sun, 2 Apr 2000 15:14:38 +0900 (JST)
	(envelope-from horikawa@psinet.com)
Received: from [38.26.194.92] (helo=localhost)
	by smtp1.interramp.com with esmtp (Exim 1.90 #1)
	for man-jp-reviewer@jp.freebsd.org
	id 12bdeb-0002A9-00; Sun, 2 Apr 2000 01:14:33 -0500
To: man-jp-reviewer@jp.freebsd.org
X-Mailer: Mew version 1.93 on Emacs 19.34 / Mule 2.3 (SUETSUMUHANA)
Mime-Version: 1.0
Content-Type: Text/Plain; charset=iso-2022-jp
Content-Transfer-Encoding: 7bit
Message-Id: <20000402011104P.horikawa@psinet.com>
Date: Sun, 02 Apr 2000 01:11:04 -0500
From: Kazuo Horikawa <horikawa@psinet.com>
X-Dispatcher: imput version 980905(IM100)
Lines: 729
Reply-To: man-jp-reviewer@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+000315
X-Sequence: man-jp-reviewer 2109
Subject: [man-jp-reviewer 2109] setkey.8
Errors-To: owner-man-jp-reviewer@jp.freebsd.org
Sender: owner-man-jp-reviewer@jp.freebsd.org
X-Originator: horikawa@psinet.com

 $BKY@n$G$9!#(B

 setkey.8 $B$NK]Lu$G$9!#(B

--- setkey.8.eng	Sun Apr  2 01:00:48 2000
+++ setkey.8	Sun Apr  2 01:09:02 2000
@@ -26,17 +26,18 @@
 .\" SUCH DAMAGE.
 .\"
 .\"     $Id: setkey.8,v 1.14 1999/10/27 17:08:58 sakane Exp $
-.\"     $FreeBSD: src/usr.sbin/setkey/setkey.8,v 1.1 2000/01/06 12:40:52 shin Exp $
+.\" jpman %Id: setkey.8,v 0.0 2000/02/06 08:09:52 horikawa Stab %
+.\"     $FreeBSD: src/usr.sbin/setkey/setkey.8,v 1.4 2000/03/13 01:38:46 shin Exp $
 .\"
 .Dd May 17, 1998
 .Dt SETKEY 8
 .Os KAME
 .\" 
-.Sh NAME
+.Sh $BL>>N(B
 .Nm setkey
-.Nd manually manipulate the SA/SP database.
+.Nd $B<jF0$G(B SA/SP $B%G!<%?%Y!<%9$rA`:n$9$k(B
 .\" 
-.Sh SYNOPSIS
+.Sh $B=q<0(B
 .Nm setkey
 .Op Fl dv
 .Fl c
@@ -53,68 +54,70 @@
 .Op Fl h
 .Fl x
 .\" 
-.Sh DESCRIPTION
+.Sh $B2r@b(B
 .Nm
-updates, or lists the content of, Security Association Database (SAD) entries
-in the kernel as well as Security Policy Database (SPD) entries.
+$B$O!"%+!<%M%kFb$N%;%-%e%j%F%#%"%=%7%(!<%7%g%s%G!<%?%Y!<%9(B (SAD) $B%(%s%H%j$H(B
+$B%;%-%e%j%F%#%]%j%7%G!<%?%Y!<%9(B (SPD) $B%(%s%H%j$r!"99?7$*$h$SFbMFNs5s$7$^$9!#(B
 .Pp
 .Nm
-takes a series of operation from standard input
+$B$O!"0lO"$NA`:n$rI8=`F~NO$+$i<h$k$+(B
 .Po
-if invoked with
 .Fl c
+$BIU$G5/F0$5$l$?>l9g(B
 .Pc
-or file named
 .Ar filename
+$B$H$$$&L>A0$N%U%!%$%k$+$i<h$j$^$9(B
 .Po
-if invoked with
 .Fl f Ar filename
-.Pc .
+$BIU$G5/F0$5$l$?>l9g(B
+.Pc
+$B!#(B
 .Bl -tag -width Ds
 .It Fl D
-Dump the SAD entries.
-If with
-.Fl P ,
-the SPD entries are dumped.
+SAD $B%(%s%H%j$r%@%s%W$7$^$9!#(B
+.Fl P
+$BIU$N>l9g!"(BSPD $B%(%s%H%j$r%@%s%W$7$^$9!#(B
 .It Fl F
-Flush the SAD.
-If with
-.Fl P ,
-the SPD are flushed.
+SAD $B$r%U%i%C%7%e$7$^$9!#(B
+.Fl P
+$BIU$N>l9g!"(BSPD $B$r%U%i%C%7%e$7$^$9!#(B
 .It Fl a
 .Nm
-usually do not display dead SAD entries on
-.Fl D .
-With
-.Fl a ,
-dead SAD entries will be displayed as well.
-Dead SAD entries are kept in the kernel,
-when they are referenced from any of SPD entries in the kernel.
+$B$ODL>o!"(B
+.Fl D
+$B$KBP$7!";`$s$@(B SAD $B%(%s%H%j$rI=<($7$^$;$s!#(B
+.Fl a
+$BIU$N>l9g!";`$s$@(B SAD $B%(%s%H%j$bI=<($7$^$9!#(B
+$B;`$s$@(B SAD $B%(%s%H%j$O!"(B
+$B%+!<%M%kFb$N(B SPD $B%(%s%H%j$+$i;2>H$5$l$?$H$-!"(B
+$B%+!<%M%kFb$KJ]B8$5$l$^$9!#(B
 .It Fl d
-Enable debugging messages.
+$B%G%P%C%0MQ%a%C%;!<%8$rM-8z$K$7$^$9!#(B
 .It Fl x
-Loop forever and dump all the messages transmitted to
+$BL58B%k!<%W$7!"(B
 .Dv PF_KEY
-socket.
+$B%=%1%C%H$XAw$i$l$?A4%a%C%;!<%8$r%@%s%W$7$^$9!#(B
 .It Fl h
-Add hexadecimal dump on
 .Fl x
-mode. The order is significant.
+$B%b!<%I$K$*$$$F!"(B16 $B?J?t%@%s%W$rDI2C$7$^$9!#(B
+$B=g=x$,=EMW$G$9!#(B
 .It Fl l
-Loop forever with short output on
-.Fl D .
+.Fl D
+$B$K$*$$$F!"C;$+$$=PNO$GL58B%k!<%W$7$^$9!#(B
 .It Fl v
-Be verbose.
-l.Dv PF_KEY
-socket
+$B>iD9$K$J$j$^$9!#(B
+.Dv PF_KEY
+$B%=%1%C%H(B
 .Po
-including messages sent from other processes
-.Pc .
+$BB>$N%W%m%;%9$+$iAw?.$5$l$?%a%C%;!<%8$b4^$_$^$9(B
+.Pc
+$B!#(B
 .El
 .Pp
-Operation has the following grammar. Note that lines, that start with a
-hashmark ('#') are treated as comment lines.
-Description of meta-arguments follows.
+$BA`:n$O<!$NJ8K!$G$9!#(B
+$B%O%C%7%e%^!<%/(B ('#') $B$G3+;O$9$k9T$O(B
+$B%3%a%s%H9T$H$7$F07$o$l$k$3$H$KCm0U$7$F$/$@$5$$!#(B
+$B%a%?0z?t$N2r@b$,!"$=$N8e$KB3$-$^$9!#(B
 .Bl -tag -width Ds
 .It Xo
 .Li add
@@ -123,7 +126,7 @@
 .Ar algorithm...
 .Li ;
 .Xc
-Add a SAD entry.
+$BC10l$N(B SAD $B%(%s%H%j$rDI2C$7$^$9!#(B
 .\"
 .It Xo
 .Li get
@@ -131,7 +134,7 @@
 .Op Ar mode
 .Li ;
 .Xc
-Show a SAD entry.
+$BC10l$N(B SAD $B%(%s%H%j$rI=<($7$^$9!#(B
 .\"
 .It Xo
 .Li delete
@@ -139,193 +142,193 @@
 .Op Ar mode
 .Li ;
 .Xc
-Remove a SAD entry.
+$BC10l$N(B SAD $B%(%s%H%j$r:o=|$7$^$9!#(B
 .\"
 .It Xo
 .Li flush
 .Op Ar protocol
 .Li ;
 .Xc
-Clear all SAD entries that matches the options.
+$B%*%W%7%g%s$K%^%C%A$9$kA4(B SAD $B%(%s%H%j$r%/%j%"$7$^$9!#(B
 .\"
 .It Xo
 .Li dump
 .Op Ar protocol
 .Li ;
 .Xc
-Dumps all SAD entries that matches the options.
+$B%*%W%7%g%s$K%^%C%A$9$kA4(B SAD $B%(%s%H%j$r%@%s%W$7$^$9!#(B
 .\"
 .It Xo
 .Li spdadd
 .Ar src_range Ar dst_range Ar upperspec Ar policy
 .Li ;
 .Xc
-Add a SPD entry.
+$BC10l$N(B SPD $B%(%s%H%j$rDI2C$7$^$9!#(B
 .\"
 .It Xo
 .Li spddelete
 .Ar src_range Ar dst_range Ar upperspec
 .Li ;
 .Xc
-Delete a SPD entry.
+$BC10l$N(B SPD $B%(%s%H%j$r:o=|$7$^$9!#(B
 .\"
 .It Xo
 .Li spdflush
 .Li ;
 .Xc
-Clear all SPD entries.
+$BA4(B SPD $B%(%s%H%j$r%/%j%"$7$^$9!#(B
 .\"
 .It Xo
 .Li spddump
 .Li ;
 .Xc
-Dumps all SAD entries.
+.\" rev. 1.3 $B$G(B SAD $B$+$i(B SPD $B$K=$@5(B
+.\" 2000/04/02 $B$K(B horikawa@jp.FreeBSD.org $B3NG'(B
+$BA4(B SPD $B%(%s%H%j$r%@%s%W$7$^$9!#(B
 .El
 .\"
 .Pp
-Meta-arguments are as follows:
+$B%a%?0z?t$K$D$$$F!"0J2<$K2r@b$7$^$9(B:
 .Bl -tag -compact -width Ds
 .It Ar src
 .It Ar dst
-Source/destination of the secure communication is specified as
-IPv4/v6 address.
+$B%;%-%e%"%3%_%e%K%1!<%7%g%s$N;OE@(B/$B=*E@$r(B IPv4/v6 $B%"%I%l%9$G;XDj$7$^$9!#(B
 .Nm
-does not consult hostname-to-address for arguments
+$B$O0z?t(B
 .Ar src
-and
-.Ar dst .
-They must be in numeric form.
+$B$H(B
+.Ar dst
+$B$KBP$7!"L>A0$+$i%"%I%l%9$X$NLd$$9g$o$;$r9T$$$^$;$s!#(B
+$B$3$l$i$O?tCM7A<0$G$"$k$3$H$,I,MW$G$9!#(B
 .\"
 .Pp
 .It Ar protocol
 .Ar protocol
-is one of following:
+$B$O<!$N$$$:$l$+$R$H$D$G$9(B:
 .Bl -tag -width Fl -compact
 .It Li esp
-ESP based on rfc2405
+rfc2405 $B%Y!<%9$N(B ESP
 .It Li esp-old
-ESP based on rfc1827
+rfc1827 $B%Y!<%9$N(B ESP
 .It Li ah
-AH based on rfc2402
+rfc2402 $B%Y!<%9$N(B AH
 .It Li ah-old
-AH based on rfc1826
+rfc1826 $B%Y!<%9$N(B AH
 .It Li ipcomp
 IPCOMP
 .El
 .\"
 .Pp
 .It Ar spi
-Security Parameter Index (SPI) for the SA and SPD.
-It must be decimal number or hexadecimal number
+SA $B$*$h$S(B SPD $BMQ$N!"%;%-%e%j%F%#%Q%i%a!<%?%$%s%G%C%/%9(B (SPI)$B!#(B
+10 $B?J?t$^$?$O(B 16 $B?J?t(B
 .Po
-with
 .Li 0x
-attached
-.Pc .
+$BIU(B
+.Pc
+$B$G$"$k$3$H$,I,MW$G$9!#(B
 .\"
 .Pp
 .It Ar extensions
-takes some of the following:
+$B<!$K<($9$b$N$N$$$/$D$+$r<h$j$^$9(B:
 .Bl -tag -width Fl -compact 
 .It Fl m Ar mode
-Specify an security protocol mode for use.  By default,
-.Li any .
+$B;EMM$9$k%;%-%e%j%F%#%W%m%H%3%k%b!<%I$r;XDj$7$^$9!#(B
+$B%G%U%)%k%H$G$O(B
+.Li any
+$B$G$9!#(B
 .Ar mode
-is one of following:
-.Li transport , tunnel
-or
-.Li any .
+$B$O<!$N$$$:$l$+$R$H$D$G$9(B:
+.Li transport , tunnel ,
+.Li any
+$B!#(B
 .It Fl r Ar size
-Specify window size of bytes for replay prevention.
+$B7+$jJV$7967b$rKI$0$?$a$N%&%#%s%I%&%5%$%:$r%P%$%H?t$G;XDj$7$^$9!#(B
 .Ar size
-must be decimal number in 32-bit word.  If
+$B$O(B 32 $B%S%C%H%o!<%I$N(B 10 $B?J?t$G$"$k$3$H$,I,MW$G$9!#(B
 .Ar size
-is zero or not specified, replay check don't take place.
+$B$,(B 0 $B$^$?$O;XDj$5$l$J$+$C$?>l9g!"7+$jJV$7$N%A%'%C%/$O9T$o$l$^$;$s!#(B
 .It Fl f Ar pad_option
 .Ar pad_option
-is one of following:
-.Li zero-pad , random-pad
-or
+$B$O<!$N$$$:$l$+$R$H$D$G$9(B:
+.Li zero-pad , random-pad ,
 .Li seq-pad
+$B!#(B
 .It Fl f Li cyclic-seq
-Allow cyclic sequence number.
+$B<~4|E*$J=g=xHV9f$r5v$7$^$9!#(B
 .It Fl lh Ar time
 .It Fl ls Ar time
-Specify hard/soft lifetime.
+$B%O!<%IM-8z4|4V(B/$B%=%U%HM-8z4|4V$r;XDj$7$^$9!#(B
 .El
 .\"
 .Pp
 .It Ar algorithm
 .Bl -tag -width Fl -compact 
 .It Fl E Ar ealgo Ar key
-Specify encryption algorithm.
+$B0E9f2=%"%k%4%j%:%`$r;XDj$7$^$9!#(B
 .It Fl A Ar ealgo Ar key
-Specify authentication algorithm.
-If
+$BG'>Z%"%k%4%j%:%`$r;XDj$7$^$9!#(B
 .Fl A
-is used for esp, it will be treated as ESP payload authentication algorithm.
+$B$,(B esp $BMQ$K;HMQ$5$l$k$H!"(BESP $B%Z%$%m!<%IG'>Z%"%k%4%j%:%`$H$7$F2r<a$5$l$^$9!#(B
 .It Fl C Ar calgo Op Fl R
-Specify compression algorithm.
-If
+$B05=L%"%k%4%j%:%`$r;XDj$7$^$9!#(B
 .Fl R
-is specified with
+$B$,(B
 .Li ipcomp
-line, the kernel will use well-known IPComp CPI
-.Pq compression parameter index
-on IPComp CPI field on packets, and
+$B9T$H6&$K;XDj$5$l$k$H!"%+!<%M%k$ONI$/CN$i$l$?(B (well-known) IPComp CPI
+.Pq $B05=L%Q%i%a!<%?%$%s%G%C%/%9(B
+$B$r%Q%1%C%H>e$N(B IPComp CPI $B%U%#!<%k%I$G;HMQ$7!"(B
 .Ar spi
-field will be ignored.
+$B%U%#!<%k%I$OL5;k$5$l$^$9!#$3$N>l9g!"(B
 .Ar spi
-field is only for kernel internal use in this case.
+$B%U%#!<%k%I$O%+!<%M%kFbIt$G$N$_;HMQ$5$l$^$9!#(B
 .\"Therefore, compression protocol number will appear on IPComp CPI field.
-If
 .Fl R
-is not used,
-the value on
+$B$,;HMQ$5$l$J$$$H!"(B
 .Ar spi
-field will appear on IPComp CPI field on outgoing packets.
+$B%U%#!<%k%I>e$NCM$,!"=PNO%Q%1%C%H$N(B IPComp CPI $B%U%#!<%k%I$K$J$j$^$9!#(B
+$B$3$N>l9g!"(B
 .Ar spi
-field needs to be smaller than
+$B%U%#!<%k%I$O(B
 .Li 0x10000
-in this case.
+$BL$K~$G$"$k$3$H$,I,MW$G$9!#(B
 .El
 .Pp
 .Li esp
-SAs accept
+SA $B$O(B
 .Fl E
-and
-.Fl A .
+$B$H(B
+.Fl A
+$B$r<u$1IU$1$^$9!#(B
 .Li esp-old
-SAs accept
+SA $B$O(B
 .Fl E
-only.
+$B$N$_$r<u$1IU$1$^$9!#(B
 .Li ah
-and
+$B$H(B
 .Li ah-old
-SAs accept
+$B$N(B SA $B$O(B
 .Fl A
-only.
+$B$N$_$r<u$1IU$1$^$9!#(B
 .Li ipcomp
-SAs accept
+SA $B$O(B
 .Fl C
-only.
+$B$N$_$r<u$1IU$1$^$9!#(B
 .Pp
 .Ar key
-must be double-quoted character string or a series of hexadecimal digits.
+$B$O!"%@%V%k%/%)!<%H$G3g$i$l$?J8;zNs$+!"0lO"$N(B 16 $B?J?t$G$"$k$3$H$,I,MW$G$9!#(B
 .Pp
-Possible values for
 .Ar ealgo ,
-.Ar aalgo
-and
+.Ar aalgo ,
 .Ar calgo
-are specified in separate section.
+$B$,<h$jF@$kCM$OJL$N@a$G5,Dj$7$^$9!#(B
 .\"
 .It Ar src_range
 .It Ar dst_range
-These are selection of the secure communication is specified as
-IPv4/v6 address or IPv4/v6 address range, and it may accompany
-TCP/UDP port specification.
-This takes the following form:
+$B%;%-%e%"%3%_%e%K%1!<%7%g%s$NA*Br$G$"$j!"(B
+IPv4/v6 $B%"%I%l%9$^$?$O(B IPv4/v6 $BHO0O$G;XDj$7$^$9!#(B
+TCP/UDP $B%]!<%H;XDj$rH<$&$3$H$b$"$j$^$9!#(B
+$B$3$l$O<!$N7A<0$r<h$jF@$^$9(B:
 .Bd -literal -offset
 .Ar address
 .Ar address/prefixlen
@@ -334,42 +337,43 @@
 .Ed
 .Pp
 .Ar prefixlen
-and
+$B$H(B
 .Ar port
-must be decimal number.
-The square bracket around
+$B$O(B 10 $B?J?t$G$"$k$3$H$,I,MW$G$9!#(B
 .Ar port
-is really necessary.
-They are not manpage metacharacters.
+$B$N<~$j$N3Q3g8L$O!"K\Ev$KI,MW$G$9!#(B
+$B%^%K%e%"%k%Z!<%8$N%a%?J8;z$G$O$"$j$^$;$s!#(B
 .Pp
 .Nm
-does not consult hostname-to-address for arguments
+$B$O0z?t(B
 .Ar src
-and
-.Ar dst .
-They must be in numeric form.
+$B$H(B
+.Ar dst
+$B$KBP$7!"L>A0$+$i%"%I%l%9$X$NLd$$9g$o$;$r9T$$$^$;$s!#(B
+$B$3$l$i$O?tCM7A<0$G$"$k$3$H$,I,MW$G$9!#(B
 .\"
 .It Ar upperspec
-Upper-layer protocol to be used.
-Currently
+$B;HMQ$9$k>e0LAX%W%m%H%3%k!#(B
+$B8=:_!"(B
 .Li tcp ,
-.Li udp
-and
+.Li udp ,
 .Li any
-can be specified.
+$B$r;XDj2DG=$G$9!#(B
 .Li any
-stands for
-.Dq any protocol .
+$B$O(B
+.Dq $BG$0U$N%W%m%H%3%k(B
+$B$r0UL#$7$^$9!#(B
 .Pp
-NOTE:
+$BCm(B:
 .Ar upperspec
-does not work against forwarding case at this moment,
-as it requires extra reassembly at forwarding node
-.Pq not implemented as this moment .
+$B$O!"8=:_$G$OE>Aw$KBP$7$F$O5!G=$7$^$;$s!#(B
+$BE>Aw%N!<%I$K$*$$$F!"DI2C$N:F9=@.(B
+.Pq $B8=;~E@$G$OL$<BAu(B
+$B$,I,MW$H$J$k$+$i$G$9!#(B
 .\"
 .It Ar policy
 .Ar policy
-is the one of following:
+$B$O<!$N$$$:$l$+$R$H$D$G$9(B:
 .Bd -literal -offset
 .Xo
 .Fl P
@@ -389,132 +393,137 @@
 .Xc
 .Ed
 .Pp
-You must specify the direction of its policy as
-.Ar direction .
-Either
+$B%]%j%7$NJ}8~$r(B
+.Ar direction
+$B$G;XDj$9$kI,MW$,$"$j$^$9!#(B
 .Li out
-or
+$B$^$?$O(B
 .Li in
-are used.
+$B$,;HMQ$5$l$^$9!#(B
 .Li discard
-means the packet matching indexes will be discarded.
+$B$O!"%$%s%G%C%/%9$K%^%C%A$9$k%Q%1%C%H$O<N$F$i$l$k$3$H$r0UL#$7$^$9!#(B
 .Li none
-means that IPsec operation will not take place onto the packet.
+$B$O!"3:%Q%1%C%H$KBP$7$F(B IPsec $BA`:n$O<B;\$5$l$J$$$3$H$r0UL#$7$^$9!#(B
 .Li ipsec
-means that IPsec operation will take place onto the packet.
-Either
+$B$O!"3:%Q%1%C%H$KBP$7$F(B IPsec $BA`:n$,<B;\$5$l$k$3$H$r0UL#$7$^$9!#(B
 .Li ah ,
-.Li esp
-or
+.Li esp ,
 .Li ipcomp
-is to be set as
-.Ar protocol .
+$B$N$$$:$l$+$,!"(B
+.Ar protocol
+$B$K@_Dj$5$l$^$9!#(B
 .Ar mode
-is either
+$B$O(B
 .Li transport
-or
-.Li tunnel .
-You must specify the end-points addresses of the SA as
+$B$^$?$O(B
+.Li tunnel
+$B$N$$$:$l$+$G$9!#(B
+SA $B$NKvC<%"%I%l%9$r!"(B
 .Ar src
-and
+$B$*$h$S(B
 .Ar dst
-with
+$B$G!"N>%"%I%l%94V$K(B
 .Sq -
-between these addresses which is used to specify the SA to use.
+$B$rIU$1$F;XDj$9$k$3$H$,I,MW$G$9!#(B
+$B$3$l$O!";HMQ$9$k(B SA $B$r;XDj$9$k$?$a$K;HMQ$7$^$9!#(B
 .Ar level
-is to be one of the following:
-.Li default , use
-or
-.Li require .
+$B$O<!$N$$$:$l$+$R$H$D$G$9(B:
+.Li default , use ,
+.Li require
+$B!#(B
 .Li default
-means kernel consults to the system wide default against protocol you
-specified, e.g.
+$B$O!"%+!<%M%k$,%Q%1%C%H$r=hM}$9$k$H$-!"(B
+$B$"$J$?$,;XDj$7$?%W%m%H%3%k$K$D$$$F!"(B
+$B%7%9%F%`%o%$%I%G%U%)%k%H$rLd$$9g$o$;$k$3$H$r0UL#$7$^$9!#(B
+$B$3$l$ONc$($P(B
 .Li esp_trans_deflev
-sysctl variable, when kernel processes the packet.
+sysctl $BJQ?t$r;X$7$^$9!#(B
 .Li use
-means that kernel use a SA if it's available,
-otherwise kernel keeps normal operation.
+$B$O!"%+!<%M%k$,(B SA $B$r;HMQ2DG=$G$"$l$P;HMQ$7!"(B
+$B;HMQITG=$N>l9g$K$O%+!<%M%k$ODL>oA`:n$rB3$1$k$3$H$r0UL#$7$^$9!#(B
 .Li require
-means SA is required whenever kernel deals with the packet.
-Note that
+$B$O!"%+!<%M%k$,%Q%1%C%H$r07$&;~$K$O(B SA $B$,I,MW$G$"$k$3$H$r0UL#$7$^$9!#(B
 .Dq Li discard
-and
+$B$H(B
 .Dq Li none
-are not in the syntax described in
-.Xr ipsec_set_policy 3 .
-There are little differences in the syntax.
-See
+$B$O(B
 .Xr ipsec_set_policy 3
-for detail.
+$B$K5-=R$5$l$F$$$kJ8K!$K$OL5$$$3$H$KCm0U$7$F$/$@$5$$!#(B
+$BN><T$NJ8K!$K$O$A$g$C$H$7$?0c$$$,$"$j$^$9!#(B
+$B>\:Y$O(B
+.Xr ipsec_set_policy 3
+$B$r;2>H$7$F$/$@$5$$!#(B
 .Pp
 .El
 .Pp
 .\"
-.Sh ALGORITHMS
-The following list shows the supported algorithms.
+.Sh $B%"%k%4%j%:%`(B
+$B<!$N0lMw$O!"%5%]!<%H$5$l$F$$$k%"%k%4%j%:%`$r<($7$F$$$^$9!#(B
 .Sy protocol
-and
+$B$H(B
 .Sy algorithm
-are almost orthogonal.
-Following are the list of authentication algorithms that can be used as
-.Ar aalgo
-in
-.Fl A Ar aalgo
-of
+$B$O!"$[$\D>8r$7$F$$$^$9!#(B
+$B<!$K<($9$N$O!"(B
 .Ar protocol
-parameter:
+$B%Q%i%a!<%?$N(B
+.Fl A Ar aalgo
+$B$G(B
+.Ar aalgo
+$B$H$7$F;HMQ2DG=$JG'>Z%"%k%4%j%:%`$N0lMw$G$9(B:
 .Pp
 .Bd -literal -offset indent
-algorithm	keylen (bits)	comment
+$B%"%k%4%j%:%`(B	$B%-!<D9(B ($B%S%C%H(B)	$B%3%a%s%H(B
 hmac-md5	128		ah: rfc2403
 		128		ah-old: rfc2085
 hmac-sha1	160		ah: rfc2404
-		160		ah-old: 128bit ICV (no document)
-keyed-md5	128		ah: 96bit ICV (no document)
+		160		ah-old: 128bit ICV ($BJ8=qL5$7(B)
+keyed-md5	128		ah: 96bit ICV ($BJ8=qL5$7(B)
 		128		ah-old: rfc1828
-keyed-sha1	160		ah: 96bit ICV (no document)
-		160		ah-old: 128bit ICV (no document)
-null		0 to 2048	for debugging
+keyed-sha1	160		ah: 96bit ICV ($BJ8=qL5$7(B)
+		160		ah-old: 128bit ICV ($BJ8=qL5$7(B)
+null		0 $B$+$i(B 2048	$B%G%P%C%0MQ(B
 .Ed
 .Pp
-Following are the list of encryption algorithms that can be used as
-.Ar ealgo
-in
-.Fl E Ar ealgo
-of
+$B<!$K<($9$N$O!"(B
 .Ar protocol
-parameter:
+$B%Q%i%a!<%?$N(B
+.Fl E Ar ealgo
+$B$G(B
+.Ar ealgo
+$B$H$7$F;HMQ2DG=$J0E9f2=%"%k%4%j%:%`$N0lMw$G$9(B:
 .Pp
 .Bd -literal -offset indent
-algorithm	keylen (bits)	comment
+$B%"%k%4%j%:%`(B	$B%-!<D9(B ($B%S%C%H(B)	$B%3%a%s%H(B
 des-cbc		64		esp-old: rfc1829, esp: rfc2405
 3des-cbc	192		rfc2451
-simple		0 to 2048	rfc2410
-blowfish-cbc	40 to 448	rfc2451
-cast128-cbc	40 to 128	rfc2451
-rc5-cbc		40 to 2040	rfc2451
-des-deriv	64		ipsec-ciph-des-derived-01 (expired)
-3des-deriv	192		no document
+simple		0 $B$+$i(B 2048	rfc2410
+blowfish-cbc	40 $B$+$i(B 448	rfc2451
+cast128-cbc	40 $B$+$i(B 128	rfc2451
+rc5-cbc		40 $B$+$i(B 2040	rfc2451
+des-deriv	64		ipsec-ciph-des-derived-01 ($B4|8B@Z$l(B)
+3des-deriv	192		$BJ8=qL5$7(B
 .Ed
 .Pp
-Following are the list of compression algorithms that can be used as
-.Ar calgo
-in
-.Fl C Ar calgo
-of
+$B<!$K<($9$N$O!"(B
 .Ar protocol
-parameter:
+$B%Q%i%a!<%?$N(B
+.Fl C Ar calgo
+$B$G(B
+.Ar calgo
+$B$H$7$F;HMQ2DG=$J05=L%"%k%4%j%:%`$N0lMw$G$9(B:
 .Pp
 .Bd -literal -offset indent
-algorithm	comment
+$B%"%k%4%j%:%`(B	$B%3%a%s%H(B
 deflate		rfc2394
 lzs		rfc2395
 .Ed
 .\" 
-.Sh EXAMPLES
+.Sh $B;HMQNc(B
+.\" $B2<5-(B "ESP SA!!" $B8e$N(B ; $B$O(B rev 1.4 $B$GDI2C$5$l$?(B
+.\" 2000/04/02 horikawa@jp.FreeBSD.org $B3NG'(B
 .Bd -literal -offset
 add	3ffe:501:4819::1 3ffe:501:481d::1 esp 123457
-		-E des-cbc "ESP SA!!"
+		-E des-cbc "ESP SA!!" ;
 
 add	3ffe:501:4819::1 3ffe:501:481d::1 ah 123456
 		-A hmac-sha1 "AH SA configuration!" ;
@@ -534,17 +543,17 @@
 
 .Ed
 .\" 
-.Sh RETURN VALUES
-The command exits with 0 on success, and non-zero on errors.
+.Sh $BLa$jCM(B
+$BK\%3%^%s%I$O@.8y;~$K(B 0 $B$r!"%(%i!<;~$K(B 0 $B0J30$rJV$7$^$9!#(B
 .\" 
-.Sh SEE ALSO
+.Sh $B4XO"9`L\(B
 .Xr ipsec_set_policy 3 ,
 .Xr sysctl 8
 .\" 
-.Sh HISTORY
-The
+.Sh $BNr;K(B
 .Nm
-command first appeared in WIDE Hydrangea IPv6 protocol stack kit.
-The command was completely re-designed in June 1998.
+$B%3%^%s%I$O(B WIDE Hydrangea IPv6 $B%W%m%H%3%k%9%?%C%/%-%C%H$G(B
+$B$O$8$a$FF3F~$5$l$^$7$?!#(B
+$BK\%3%^%s%I$O(B 1998 $BG/(B 6 $B7n$K!"40A4$K:F%G%6%$%s$5$l$^$7$?!#(B
 .\"
 .\" .Sh BUGS
