![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.netbsd.org] / src / crypto / dist / ipsec-tools / src / racoon
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.73.2.1 / (download) - annotate - [select for diffs], Tue Apr 17 00:01:41 2012 UTC (5 weeks, 4 days ago) by yamt
Branch: yamt-pagecache
Changes since 1.73: +6 -6
lines
Diff to previous 1.73 (colored) next main 1.74 (colored)
sync with head
Revision 1.74 / (download) - annotate - [select for diffs], Sun Jan 1 15:57:31 2012 UTC (4 months, 3 weeks ago) by tteras
Branch: MAIN
CVS Tags: yamt-pagecache-base5,
yamt-pagecache-base4,
netbsd-6-base,
netbsd-6,
HEAD
Changes since 1.73: +6 -6
lines
Diff to previous 1.73 (colored)
From Wolfgang Schmieder <wolfgang@die-schmieders.de>: Fix various typos in comments and log messages. Fix default port used in copy_ph1addresses().
Revision 1.73 / (download) - annotate - [select for diffs], Tue Oct 11 14:50:15 2011 UTC (7 months, 2 weeks ago) by tteras
Branch: MAIN
CVS Tags: yamt-pagecache-base3,
yamt-pagecache-base2,
yamt-pagecache-base
Branch point for: yamt-pagecache
Changes since 1.72: +2 -2
lines
Diff to previous 1.72 (colored)
From Rainer Weikusat <rweikusat@mobileactivedefense.com>: Release unused phase2 of passive remotes after acquire.
Revision 1.72 / (download) - annotate - [select for diffs], Tue Oct 11 14:37:17 2011 UTC (7 months, 2 weeks ago) by tteras
Branch: MAIN
Changes since 1.71: +2 -2
lines
Diff to previous 1.71 (colored)
From Wolfgang Schmieder <wolfgang.schmieder@honeywell.com>: setup phase1 port properly.
Revision 1.71 / (download) - annotate - [select for diffs], Tue Mar 15 13:20:14 2011 UTC (14 months, 1 week ago) by vanhu
Branch: MAIN
CVS Tags: ipsec-tools-0_8_0,
ipsec-tools-0_8-branch,
cherry-xenmp-base,
cherry-xenmp
Changes since 1.70: +10 -14
lines
Diff to previous 1.70 (colored)
directly call isakmp_ph1delete() instead of scheduling isakmp_ph1delete_stub(), as it is useless an can lead to memory access after free
Revision 1.70 / (download) - annotate - [select for diffs], Mon Mar 14 17:18:12 2011 UTC (14 months, 1 week ago) by tteras
Branch: MAIN
Changes since 1.69: +9 -9
lines
Diff to previous 1.69 (colored)
Explicitly compare return value of cmpsaddr() against a return value define to make it more obvious what is the intended action. One more return value is also added, to fix comparison of security policy descriptors. Namely, getsp() should not allow wildcard matching (as the comment says, it does exact matching) - otherwise we get problems when kernel has generic policy with no ports, and a second similar policy with ports.
Revision 1.69 / (download) - annotate - [select for diffs], Fri Mar 11 14:30:07 2011 UTC (14 months, 2 weeks ago) by vanhu
Branch: MAIN
Changes since 1.68: +4 -1
lines
Diff to previous 1.68 (colored)
directly delete a ph1 in remove_ph1-) instead of scheduling it, to avoid (completely ?) a race condition when reloading configuration
Revision 1.66.2.2 / (download) - annotate - [select for diffs], Sat Mar 5 15:08:32 2011 UTC (14 months, 3 weeks ago) by bouyer
Branch: bouyer-quota2
Changes since 1.66.2.1: +2 -2
lines
Diff to previous 1.66.2.1 (colored) to branchpoint 1.66 (colored) next main 1.67 (colored)
Sync with HEAD
Revision 1.68 / (download) - annotate - [select for diffs], Tue Mar 1 14:33:58 2011 UTC (14 months, 3 weeks ago) by vanhu
Branch: MAIN
CVS Tags: bouyer-quota2-nbase
Changes since 1.67: +2 -2
lines
Diff to previous 1.67 (colored)
plog text fixes, patch from M E Andersson <debian@gisladisker.se>
Revision 1.66.2.1 / (download) - annotate - [select for diffs], Tue Feb 8 16:18:30 2011 UTC (15 months, 2 weeks ago) by bouyer
Branch: bouyer-quota2
Changes since 1.66: +2 -2
lines
Diff to previous 1.66 (colored)
Sync with HEAD
Revision 1.67 / (download) - annotate - [select for diffs], Wed Feb 2 15:21:34 2011 UTC (15 months, 3 weeks ago) by vanhu
Branch: MAIN
CVS Tags: bouyer-quota2-base
Changes since 1.66: +2 -2
lines
Diff to previous 1.66 (colored)
store ph1id in an u_int32_t instead of a (signed)int. Patch from Christophe Carre
Revision 1.66 / (download) - annotate - [select for diffs], Wed Nov 17 10:40:41 2010 UTC (18 months, 1 week ago) by tteras
Branch: MAIN
CVS Tags: matt-mips64-premerge-20101231
Branch point for: bouyer-quota2
Changes since 1.65: +4 -20
lines
Diff to previous 1.65 (colored)
Fix my previous patch to not call purge_remote() twice. Change the place where purge_remote() is called. This fixes also a possible crash from the same patch since ph1->remote can be NULL (when we are responder and config is not yet selected).
Revision 1.65 / (download) - annotate - [select for diffs], Fri Nov 12 10:36:37 2010 UTC (18 months, 1 week ago) by tteras
Branch: MAIN
Changes since 1.64: +5 -4
lines
Diff to previous 1.64 (colored)
isakmp_post_acquire is now called from admin commands too, add a flag so admin commands can be used to establish even passive links on demand.
Revision 1.64 / (download) - annotate - [select for diffs], Fri Nov 12 09:11:37 2010 UTC (18 months, 1 week ago) by tteras
Branch: MAIN
Changes since 1.63: +22 -8
lines
Diff to previous 1.63 (colored)
Purge all IPsec-SA's if the last main ISAKMP-SA for the node is deleted by remote request and the phase1 rekeying is enabled (this will also trigger the new phase1_dead script hook).
Revision 1.63 / (download) - annotate - [select for diffs], Thu Oct 21 06:15:28 2010 UTC (19 months ago) by tteras
Branch: MAIN
Changes since 1.62: +2 -2
lines
Diff to previous 1.62 (colored)
Introduce priorities for file descriptor polling mechanism and give priority to admin port. If admin port is used by ISAKMP-SA hook scripts they should be preferred, other wise heavy traffic can delay admin port requests considerably. This in turn may cause renegotiation loop for ISAKMP-SA. This is mostly useful for OpenNHRP setup, but can benefit other setups too.
Revision 1.62 / (download) - annotate - [select for diffs], Wed Oct 20 13:37:37 2010 UTC (19 months ago) by tteras
Branch: MAIN
Changes since 1.61: +15 -8
lines
Diff to previous 1.61 (colored)
Various improvements to error log messages and a few additional error log messages to improve diagnosing an error condition.
Revision 1.61 / (download) - annotate - [select for diffs], Tue Jun 22 09:41:33 2010 UTC (23 months ago) by vanhu
Branch: MAIN
Changes since 1.60: +3 -1
lines
Diff to previous 1.60 (colored)
added a specific script hook when a dead peer is detected
Revision 1.42.4.1.4.1 / (download) - annotate - [select for diffs], Wed Apr 21 05:17:36 2010 UTC (2 years, 1 month ago) by matt
Branch: matt-nb5-mips64
CVS Tags: matt-nb5-mips64-premerge-20101231,
matt-nb5-mips64-k15
Changes since 1.42.4.1: +11 -1
lines
Diff to previous 1.42.4.1 (colored) next main 1.42.4.2 (colored)
sync to netbsd-5
Revision 1.42.4.2 / (download) - annotate - [select for diffs], Sat Jan 30 19:44:31 2010 UTC (2 years, 3 months ago) by snj
Branch: netbsd-5
CVS Tags: netbsd-5-1-RELEASE,
netbsd-5-1-RC4,
netbsd-5-1-RC3,
netbsd-5-1-RC2,
netbsd-5-1-RC1,
netbsd-5-1-2-RELEASE,
netbsd-5-1-1-RELEASE,
netbsd-5-1,
matt-nb5-pq3-base,
matt-nb5-pq3
Changes since 1.42.4.1: +11 -1
lines
Diff to previous 1.42.4.1 (colored) to branchpoint 1.42 (colored) next main 1.43 (colored)
Pull up following revision(s) (requested by hubertf in ticket #1281): crypto/dist/ipsec-tools/src/racoon/isakmp.c: revision 1.59 crypto/dist/ipsec-tools/src/racoon/racoon.conf.5: revision 1.57 From Maik Broemme: export ISAKMP SA identity as REMOTE_ID for phase1 up script (trac #313).
Revision 1.60 / (download) - annotate - [select for diffs], Thu Sep 3 09:29:07 2009 UTC (2 years, 8 months ago) by tteras
Branch: MAIN
CVS Tags: matt-premerge-20091211
Changes since 1.59: +84 -78
lines
Diff to previous 1.59 (colored)
When rekeying phase2 use phase1 used to negotiate phase2 as a hint to select the phase1 for rekeying the new phase2.
Revision 1.59 / (download) - annotate - [select for diffs], Tue Sep 1 09:24:21 2009 UTC (2 years, 8 months ago) by tteras
Branch: MAIN
Changes since 1.58: +11 -1
lines
Diff to previous 1.58 (colored)
From Maik Broemme: export ISAKMP SA identity as REMOTE_ID for phase1 up script (trac #313).
Revision 1.58 / (download) - annotate - [select for diffs], Fri Jul 3 06:41:46 2009 UTC (2 years, 10 months ago) by tteras
Branch: MAIN
Changes since 1.57: +21 -71
lines
Diff to previous 1.57 (colored)
Get rid of the evil CMPSADDR macro. Trac #295.
Revision 1.57 / (download) - annotate - [select for diffs], Fri Jul 3 06:40:10 2009 UTC (2 years, 10 months ago) by tteras
Branch: MAIN
Changes since 1.56: +12 -1
lines
Diff to previous 1.56 (colored)
From Yvan Vanhullebus: Use SADB_X_EXT_NAT_T_* consistently for passing the NAT-T port information. This might break compatibility with some kernels, but as discussed this is the proper way to pass NAT-T ports and the broken kernels need to be fixed.
Revision 1.56 / (download) - annotate - [select for diffs], Tue May 19 09:34:52 2009 UTC (3 years ago) by tteras
Branch: MAIN
Changes since 1.55: +2 -2
lines
Diff to previous 1.55 (colored)
From Jukka Salmi: Fix couple of typos from previous commit.
Revision 1.55 / (download) - annotate - [select for diffs], Mon May 18 17:40:38 2009 UTC (3 years ago) by tteras
Branch: MAIN
Changes since 1.54: +11 -18
lines
Diff to previous 1.54 (colored)
From Tomas Mraz: Introduce union sockaddr_any and use it to make code more readable. Related to trac #293.
Revision 1.50.2.1 / (download) - annotate - [select for diffs], Wed May 13 19:15:54 2009 UTC (3 years ago) by jym
Branch: jym-xensuspend
Changes since 1.50: +80 -57
lines
Diff to previous 1.50 (colored) next main 1.51 (colored)
Sync with HEAD. Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
Revision 1.54 / (download) - annotate - [select for diffs], Mon Apr 20 13:24:36 2009 UTC (3 years, 1 month ago) by tteras
Branch: MAIN
CVS Tags: jym-xensuspend-nbase,
jym-xensuspend-base
Changes since 1.53: +6 -2
lines
Diff to previous 1.53 (colored)
Fix a memory leak in certificate request generation.
Revision 1.53 / (download) - annotate - [select for diffs], Thu Mar 12 23:05:27 2009 UTC (3 years, 2 months ago) by he
Branch: MAIN
Changes since 1.52: +2 -2
lines
Diff to previous 1.52 (colored)
When casting to/from a pointer to an integral type (a bad practice, if you ask me), you need to cast via intptr_t for portability.
Revision 1.52 / (download) - annotate - [select for diffs], Thu Mar 12 10:57:26 2009 UTC (3 years, 2 months ago) by tteras
Branch: MAIN
Changes since 1.51: +65 -56
lines
Diff to previous 1.51 (colored)
Support multiple anonymous remotes and decide remoteconf based on identity, received certificates and other information. General code clean up.
Revision 1.51 / (download) - annotate - [select for diffs], Wed Feb 11 15:18:59 2009 UTC (3 years, 3 months ago) by vanhu
Branch: MAIN
Changes since 1.50: +11 -1
lines
Diff to previous 1.50 (colored)
trac#301: fixed IPsec SAs flush in purge_remote() when NAT-T enabled but no NAT-T on tunnel
Revision 1.42.4.1 / (download) - annotate - [select for diffs], Sun Feb 8 18:42:16 2009 UTC (3 years, 3 months ago) by snj
Branch: netbsd-5
CVS Tags: netbsd-5-0-RELEASE,
netbsd-5-0-RC4,
netbsd-5-0-RC3,
netbsd-5-0-RC2,
netbsd-5-0-2-RELEASE,
netbsd-5-0-1-RELEASE,
netbsd-5-0,
matt-nb5-mips64-u2-k2-k4-k7-k8-k9,
matt-nb5-mips64-u1-k1-k5,
matt-nb5-mips64-premerge-20091211,
matt-nb4-mips64-k7-u2a-k9b
Branch point for: matt-nb5-mips64
Changes since 1.42: +135 -266
lines
Diff to previous 1.42 (colored)
Apply patch (requested by manu/spz in #378): Downgrade ipsec-tools to 0.7.1nb1.
Revision 1.50 / (download) - annotate - [select for diffs], Tue Feb 3 20:21:45 2009 UTC (3 years, 3 months ago) by tteras
Branch: MAIN
Branch point for: jym-xensuspend
Changes since 1.49: +3 -8
lines
Diff to previous 1.49 (colored)
From: Phil Sutter. Fix script environment variables with IPv6 addresses.
Revision 1.49 / (download) - annotate - [select for diffs], Fri Jan 23 08:23:51 2009 UTC (3 years, 4 months ago) by tteras
Branch: MAIN
Changes since 1.48: +3 -3
lines
Diff to previous 1.48 (colored)
Fix authentication method ambiguity by internally using unique ID and setting/interpreting the wire format based on received vendor ID:s. Fixes trac #280.
Revision 1.48 / (download) - annotate - [select for diffs], Fri Jan 23 08:05:58 2009 UTC (3 years, 4 months ago) by tteras
Branch: MAIN
Changes since 1.47: +2 -2
lines
Diff to previous 1.47 (colored)
Remove "fastquit" configure option and make it the default behaviour. The previous normal behaviour is buggy, as after flush kernel can immediately create larval SA:s which would prevent exit.
Revision 1.47 / (download) - annotate - [select for diffs], Tue Dec 23 14:03:12 2008 UTC (3 years, 5 months ago) by tteras
Branch: MAIN
Changes since 1.46: +133 -195
lines
Diff to previous 1.46 (colored)
rewrite local address detection make some functions static that arr not needed globally rework how fd_set is construction for the main loop select()
Revision 1.46 / (download) - annotate - [select for diffs], Thu Dec 11 15:33:59 2008 UTC (3 years, 5 months ago) by vanhu
Branch: MAIN
Changes since 1.45: +7 -3
lines
Diff to previous 1.45 (colored)
Fixed compilation when DPD support is disabled
Revision 1.45 / (download) - annotate - [select for diffs], Fri Dec 5 06:02:20 2008 UTC (3 years, 5 months ago) by tteras
Branch: MAIN
Changes since 1.44: +18 -11
lines
Diff to previous 1.44 (colored)
From Arnaud Ebalard: Improved Mobile IPv6 support per draft-ebalard-mext-pfkey-enhanced-migrate.
Revision 1.44 / (download) - annotate - [select for diffs], Tue Nov 25 21:42:36 2008 UTC (3 years, 5 months ago) by bad
Branch: MAIN
Changes since 1.43: +2 -2
lines
Diff to previous 1.43 (colored)
Do not return erroneously from isakmp_open() when setting IPV6_USE_MIN_MTU fails.
Revision 1.43 / (download) - annotate - [select for diffs], Tue Nov 25 21:37:12 2008 UTC (3 years, 5 months ago) by bad
Branch: MAIN
Changes since 1.42: +3 -1
lines
Diff to previous 1.42 (colored)
Keep myaddr.sock at -1 when no socket is opened.
Revision 1.20.6.13 / (download) - annotate - [select for diffs], Thu Sep 25 09:34:39 2008 UTC (3 years, 8 months ago) by vanhu
Branch: ipsec-tools-0_7-branch
CVS Tags: ipsec-tools-0_7_3,
ipsec-tools-0_7_2
Changes since 1.20.6.12: +20 -17
lines
Diff to previous 1.20.6.12 (colored) to branchpoint 1.20 (colored) next main 1.21 (colored)
Fixed resending mechanism to have non-ESP marker for retransmitted packets
Revision 1.42 / (download) - annotate - [select for diffs], Thu Sep 25 09:34:13 2008 UTC (3 years, 8 months ago) by vanhu
Branch: MAIN
CVS Tags: netbsd-5-base,
netbsd-5-0-RC1,
matt-mips64-base2
Branch point for: netbsd-5
Changes since 1.41: +20 -17
lines
Diff to previous 1.41 (colored)
Fixed resending mechanism to have non-ESP marker for retransmitted packets
Revision 1.41 / (download) - annotate - [select for diffs], Fri Sep 19 11:14:49 2008 UTC (3 years, 8 months ago) by tteras
Branch: MAIN
Changes since 1.40: +100 -33
lines
Diff to previous 1.40 (colored)
Implement ISAKMP SA rekeying configurable with rekey {on|off|force} option
in remote conf.
Revision 1.40 / (download) - annotate - [select for diffs], Fri Sep 19 11:01:08 2008 UTC (3 years, 8 months ago) by tteras
Branch: MAIN
Changes since 1.39: +35 -61
lines
Diff to previous 1.39 (colored)
Change struct sched to be allocated be the caller to avoid some memory allocations. Optimize scheduling algorithm to not scan all entries in the main loop.
Revision 1.33.4.2 / (download) - annotate - [select for diffs], Thu Sep 18 04:54:19 2008 UTC (3 years, 8 months ago) by wrstuden
Branch: wrstuden-revivesa
Changes since 1.33.4.1: +20 -22
lines
Diff to previous 1.33.4.1 (colored) to branchpoint 1.33 (colored) next main 1.34 (colored)
Sync with wrstuden-revivesa-base-2.
Revision 1.20.2.1.2.2 / (download) - annotate - [select for diffs], Thu Sep 4 08:46:10 2008 UTC (3 years, 8 months ago) by skrll
Branch: wrstuden-fixsa
Changes since 1.20.2.1.2.1: +27 -124
lines
Diff to previous 1.20.2.1.2.1 (colored) next main 1.20.2.2 (colored)
Sync with netbsd-4.
Revision 1.39 / (download) - annotate - [select for diffs], Fri Aug 29 00:31:37 2008 UTC (3 years, 8 months ago) by gmcgarry
Branch: MAIN
CVS Tags: wrstuden-revivesa-base-3,
wrstuden-revivesa-base-2
Changes since 1.38: +3 -3
lines
Diff to previous 1.38 (colored)
Eliminate gcc-specific feature of empty structures.
Revision 1.20.2.2.2.1 / (download) - annotate - [select for diffs], Mon Aug 18 20:33:33 2008 UTC (3 years, 9 months ago) by jdc
Branch: netbsd-4-0
CVS Tags: netbsd-4-0-1-RELEASE
Changes since 1.20.2.2: +27 -124
lines
Diff to previous 1.20.2.2 (colored) next main 1.20.2.3 (colored)
Upgrade ipsec-tools to release 0.7.1 (requested by manu in ticket #1183).
Revision 1.20.2.3 / (download) - annotate - [select for diffs], Mon Aug 18 20:31:30 2008 UTC (3 years, 9 months ago) by jdc
Branch: netbsd-4
CVS Tags: wrstuden-fixsa-newbase,
wrstuden-fixsa-base
Changes since 1.20.2.2: +27 -124
lines
Diff to previous 1.20.2.2 (colored) to branchpoint 1.20 (colored) next main 1.21 (colored)
Upgrade ipsec-tools to release 0.7.1 (requested by manu in ticket #1183).
Revision 1.20.6.12 / (download) - annotate - [select for diffs], Tue Aug 12 12:47:07 2008 UTC (3 years, 9 months ago) by vanhu
Branch: ipsec-tools-0_7-branch
Changes since 1.20.6.11: +14 -10
lines
Diff to previous 1.20.6.11 (colored) to branchpoint 1.20 (colored)
From Krzysztof Oledzki: Remove ph1handler if we received an invalid first exchange from initiator.
Revision 1.38 / (download) - annotate - [select for diffs], Tue Aug 12 12:45:55 2008 UTC (3 years, 9 months ago) by vanhu
Branch: MAIN
Changes since 1.37: +14 -10
lines
Diff to previous 1.37 (colored)
From Krzysztof Piotr Oledzki: Remove ph1handler if we received an invalid first exchange from initiator.
Revision 1.37 / (download) - annotate - [select for diffs], Mon Jul 14 05:40:13 2008 UTC (3 years, 10 months ago) by tteras
Branch: MAIN
Changes since 1.36: +3 -1
lines
Diff to previous 1.36 (colored)
Clean up notification payload handling. Handle INITIAL-CONTACT notification in last main mode exchange (delayed) and during quick mode exchanges.
Revision 1.20.6.11 / (download) - annotate - [select for diffs], Fri Jul 11 08:08:41 2008 UTC (3 years, 10 months ago) by tteras
Branch: ipsec-tools-0_7-branch
CVS Tags: ipsec-tools-0_7_1
Changes since 1.20.6.10: +3 -11
lines
Diff to previous 1.20.6.10 (colored) to branchpoint 1.20 (colored)
Original patch from Atis Elsts: Fix a double memory free and a memory corruption (LIST_REMOVE() on an uninserted node) in some error handling paths.
Revision 1.36 / (download) - annotate - [select for diffs], Fri Jul 11 08:02:06 2008 UTC (3 years, 10 months ago) by tteras
Branch: MAIN
Changes since 1.35: +3 -11
lines
Diff to previous 1.35 (colored)
Original patch from Atis Elsts: Fix a double memory free and a memory corruption (LIST_REMOVE() on an uninserted node) in some error handling paths.
Revision 1.33.4.1 / (download) - annotate - [select for diffs], Mon Jun 23 04:26:46 2008 UTC (3 years, 11 months ago) by wrstuden
Branch: wrstuden-revivesa
Changes since 1.33: +20 -108
lines
Diff to previous 1.33 (colored)
Sync w/ -current. 34 merge conflicts to follow.
Revision 1.20.6.10 / (download) - annotate - [select for diffs], Wed Jun 18 07:30:19 2008 UTC (3 years, 11 months ago) by mgrooms
Branch: ipsec-tools-0_7-branch
Changes since 1.20.6.9: +19 -108
lines
Diff to previous 1.20.6.9 (colored) to branchpoint 1.20 (colored)
Use utility functions to evaluate and manipulate network port values. No functional changes. Submitted by Timo Teras.
Revision 1.35 / (download) - annotate - [select for diffs], Wed Jun 18 07:04:23 2008 UTC (3 years, 11 months ago) by mgrooms
Branch: MAIN
CVS Tags: wrstuden-revivesa-base-1,
wrstuden-revivesa-base
Changes since 1.34: +2 -1
lines
Diff to previous 1.34 (colored)
Set sockets to be closed on exec to avoid potential file descriptor inheritance issues. Submitted by Timo Teras.
Revision 1.34 / (download) - annotate - [select for diffs], Wed Jun 18 06:47:25 2008 UTC (3 years, 11 months ago) by mgrooms
Branch: MAIN
Changes since 1.33: +19 -108
lines
Diff to previous 1.33 (colored)
Use utility functions to evaluate and manipulate network port values. No functional changes. Submitted by Timo Teras.
Revision 1.33 / (download) - annotate - [select for diffs], Fri Mar 28 04:18:52 2008 UTC (4 years, 1 month ago) by manu
Branch: MAIN
CVS Tags: yamt-pf42-baseX,
yamt-pf42-base4,
yamt-pf42-base3,
yamt-pf42-base2,
yamt-pf42-base,
yamt-pf42,
hpcarm-cleanup-nbase
Branch point for: wrstuden-revivesa
Changes since 1.32: +4 -3
lines
Diff to previous 1.32 (colored)
From Cyrus Rahman: Allow interface reconfiguration when running in privilege separation mode, document privilege separation
Revision 1.29.2.1 / (download) - annotate - [select for diffs], Mon Mar 24 07:14:30 2008 UTC (4 years, 2 months ago) by keiichi
Branch: keiichi-mipv6
Changes since 1.29: +84 -19
lines
Diff to previous 1.29 (colored) next main 1.30 (colored)
sync with head.
Revision 1.27.4.2 / (download) - annotate - [select for diffs], Sun Mar 23 00:13:34 2008 UTC (4 years, 2 months ago) by matt
Branch: matt-armv6
Changes since 1.27.4.1: +89 -24
lines
Diff to previous 1.27.4.1 (colored) to branchpoint 1.27 (colored) next main 1.28 (colored)
sync with HEAD
Revision 1.32 / (download) - annotate - [select for diffs], Thu Mar 6 00:46:04 2008 UTC (4 years, 2 months ago) by mgrooms
Branch: MAIN
CVS Tags: matt-armv6-nbase,
keiichi-mipv6-base
Changes since 1.31: +69 -1
lines
Diff to previous 1.31 (colored)
Add the ability to initiate IPsec SA negotiations using the admin socket. Submitted by Timo Teras.
Revision 1.31 / (download) - annotate - [select for diffs], Thu Mar 6 00:34:11 2008 UTC (4 years, 2 months ago) by mgrooms
Branch: MAIN
Changes since 1.30: +15 -18
lines
Diff to previous 1.30 (colored)
Refactor admin socket event protocol to be less error prone. Backwards compatibility is provided. Submitted by Timo Teras.
Revision 1.20.6.9 / (download) - annotate - [select for diffs], Fri Feb 22 18:52:32 2008 UTC (4 years, 3 months ago) by manu
Branch: ipsec-tools-0_7-branch
Changes since 1.20.6.8: +2 -2
lines
Diff to previous 1.20.6.8 (colored) to branchpoint 1.20 (colored)
Fix bad address length computation, from Brian Haley.
Revision 1.30 / (download) - annotate - [select for diffs], Fri Feb 22 18:50:03 2008 UTC (4 years, 3 months ago) by manu
Branch: MAIN
CVS Tags: hpcarm-cleanup-base
Changes since 1.29: +2 -2
lines
Diff to previous 1.29 (colored)
Fix address length, from Brian Haley
Revision 1.20.6.8 / (download) - annotate - [select for diffs], Fri Jan 11 14:12:13 2008 UTC (4 years, 4 months ago) by vanhu
Branch: ipsec-tools-0_7-branch
Changes since 1.20.6.7: +6 -6
lines
Diff to previous 1.20.6.7 (colored) to branchpoint 1.20 (colored)
From Krzysztof Oledzki: Only search for established ph1 handles in DPD (also reported new getph1byaddr() arg).
Revision 1.29 / (download) - annotate - [select for diffs], Fri Jan 11 14:07:39 2008 UTC (4 years, 4 months ago) by vanhu
Branch: MAIN
Branch point for: keiichi-mipv6
Changes since 1.28: +6 -6
lines
Diff to previous 1.28 (colored)
From Krzysztof Oledzki: Only search for established ph1 handles in DPD (also reported new getph1byaddr() arg).
Revision 1.27.4.1 / (download) - annotate - [select for diffs], Tue Nov 6 23:07:34 2007 UTC (4 years, 6 months ago) by matt
Branch: matt-armv6
CVS Tags: matt-armv6-prevmlocking
Changes since 1.27: +15 -1
lines
Diff to previous 1.27 (colored)
sync with HEAD
Revision 1.28 / (download) - annotate - [select for diffs], Wed Sep 19 19:29:36 2007 UTC (4 years, 8 months ago) by mgrooms
Branch: MAIN
CVS Tags: matt-armv6-base,
cube-autoconf-base,
cube-autoconf
Changes since 1.27: +15 -1
lines
Diff to previous 1.27 (colored)
Set REUSE option on sockets to prevent failures associated with closing and immediately re-opening. Submitted by Gabriel Somlo.
Revision 1.20.2.1.2.1 / (download) - annotate - [select for diffs], Mon Sep 3 06:51:12 2007 UTC (4 years, 8 months ago) by wrstuden
Branch: wrstuden-fixsa
Changes since 1.20.2.1: +23 -9
lines
Diff to previous 1.20.2.1 (colored)
Sync w/ NetBSD-4-RC_1
Revision 1.20.2.2 / (download) - annotate - [select for diffs], Tue Aug 28 11:14:44 2007 UTC (4 years, 8 months ago) by liamjfoy
Branch: netbsd-4
CVS Tags: wrstuden-fixsa-base-1,
netbsd-4-0-RELEASE,
netbsd-4-0-RC5,
netbsd-4-0-RC4,
netbsd-4-0-RC3,
netbsd-4-0-RC2,
netbsd-4-0-RC1
Branch point for: netbsd-4-0
Changes since 1.20.2.1: +23 -9
lines
Diff to previous 1.20.2.1 (colored) to branchpoint 1.20 (colored)
Pull up following revision(s) (requested by manu in ticket #830): Import ipsec-tools 0.7
Revision 1.20.6.7 / (download) - annotate - [select for diffs], Wed Aug 1 11:52:20 2007 UTC (4 years, 9 months ago) by vanhu
Branch: ipsec-tools-0_7-branch
CVS Tags: ipsec-tools-0_7
Changes since 1.20.6.6: +2 -6
lines
Diff to previous 1.20.6.6 (colored) to branchpoint 1.20 (colored)
use a single PATH_IPSEC_H to fix some path_to_ipsec.h issues
Revision 1.27.6.2 / (download) - annotate - [select for diffs], Wed Jul 18 12:07:52 2007 UTC (4 years, 10 months ago) by vanhu
Branch: matt-mips64
Changes since 1.27.6.1: +3718 -0
lines
Diff to previous 1.27.6.1 (colored) to branchpoint 1.27 (colored) next main 1.28 (colored)
use a single PATH_IPSEC_H to fix some path_to_ipsec.h issues
Revision 1.27.6.1, Wed Jul 18 12:07:51 2007 UTC (4 years, 10 months ago) by vanhu
Branch: matt-mips64
Changes since 1.27: +0 -3718
lines
FILE REMOVED
file isakmp.c was added on branch matt-mips64 on 2007-07-18 12:07:52 +0000
Revision 1.27 / (download) - annotate - [select for diffs], Wed Jul 18 12:07:51 2007 UTC (4 years, 10 months ago) by vanhu
Branch: MAIN
CVS Tags: matt-mips64-base,
hpcarm-cleanup
Branch point for: matt-mips64,
matt-armv6
Changes since 1.26: +2 -6
lines
Diff to previous 1.26 (colored)
use a single PATH_IPSEC_H to fix some path_to_ipsec.h issues
Revision 1.20.2.1 / (download) - annotate - [select for diffs], Sun May 13 10:14:05 2007 UTC (5 years ago) by jdc
Branch: netbsd-4
Branch point for: wrstuden-fixsa
Changes since 1.20: +71 -24
lines
Diff to previous 1.20 (colored)
Upgrade ipsec-tools to 0.7-beta3 (Requested by manu in ticket #634).
Revision 1.20.6.6 / (download) - annotate - [select for diffs], Fri May 4 09:12:20 2007 UTC (5 years ago) by vanhu
Branch: ipsec-tools-0_7-branch
CVS Tags: ipsec-tools-0_7-rc1,
ipsec-tools-0_7-RC1
Changes since 1.20.6.5: +22 -4
lines
Diff to previous 1.20.6.5 (colored) to branchpoint 1.20 (colored)
added some debug in isakmp_chkph1there() to track some port matching problems with NAT-T
Revision 1.26 / (download) - annotate - [select for diffs], Fri May 4 09:09:47 2007 UTC (5 years ago) by vanhu
Branch: MAIN
Changes since 1.25: +22 -4
lines
Diff to previous 1.25 (colored)
added some debug in isakmp_chkph1there() to track some port matching problems with NAT-T
Revision 1.20.6.5 / (download) - annotate - [select for diffs], Wed Mar 21 14:30:08 2007 UTC (5 years, 2 months ago) by vanhu
Branch: ipsec-tools-0_7-branch
CVS Tags: ipsec-tools-0_7-beta3
Changes since 1.20.6.4: +4 -7
lines
Diff to previous 1.20.6.4 (colored) to branchpoint 1.20 (colored)
NULL sched check is now done in SCHED_KILL
Revision 1.25 / (download) - annotate - [select for diffs], Wed Mar 21 14:29:22 2007 UTC (5 years, 2 months ago) by vanhu
Branch: MAIN
Changes since 1.24: +4 -7
lines
Diff to previous 1.24 (colored)
NULL sched check is now done in SCHED_KILL
Revision 1.20.6.4 / (download) - annotate - [select for diffs], Thu Mar 15 10:38:34 2007 UTC (5 years, 2 months ago) by vanhu
Branch: ipsec-tools-0_7-branch
Changes since 1.20.6.3: +3 -3
lines
Diff to previous 1.20.6.3 (colored) to branchpoint 1.20 (colored)
Consider a negociation timeout when retry_counter is <=0 instead of < 0
Revision 1.24 / (download) - annotate - [select for diffs], Thu Mar 15 10:37:44 2007 UTC (5 years, 2 months ago) by vanhu
Branch: MAIN
Changes since 1.23: +3 -3
lines
Diff to previous 1.23 (colored)
Consider a negociation timeout when retry_counter is <=0 instead of < 0
Revision 1.23 / (download) - annotate - [select for diffs], Tue Feb 20 09:11:30 2007 UTC (5 years, 3 months ago) by vanhu
Branch: MAIN
Changes since 1.22: +21 -3
lines
Diff to previous 1.22 (colored)
Only delete a generated SPD if it's creation date matches the creation date of the SA we are currently deleting
Revision 1.20.6.3 / (download) - annotate - [select for diffs], Tue Feb 20 09:09:27 2007 UTC (5 years, 3 months ago) by vanhu
Branch: ipsec-tools-0_7-branch
CVS Tags: ipsec-tools-0_7-beta2
Changes since 1.20.6.2: +21 -3
lines
Diff to previous 1.20.6.2 (colored) to branchpoint 1.20 (colored)
Only delete a generated SPD if it's creation date matches the creation date of the SA we are currently deleting
Revision 1.20.6.2 / (download) - annotate - [select for diffs], Mon Feb 19 13:11:15 2007 UTC (5 years, 3 months ago) by vanhu
Branch: ipsec-tools-0_7-branch
Changes since 1.20.6.1: +1 -3
lines
Diff to previous 1.20.6.1 (colored) to branchpoint 1.20 (colored)
Removed a debug printf....
Revision 1.22 / (download) - annotate - [select for diffs], Mon Feb 19 13:08:47 2007 UTC (5 years, 3 months ago) by vanhu
Branch: MAIN
Changes since 1.21: +1 -3
lines
Diff to previous 1.21 (colored)
Removed a debug printf....
Revision 1.21 / (download) - annotate - [select for diffs], Thu Feb 15 10:19:25 2007 UTC (5 years, 3 months ago) by vanhu
Branch: MAIN
Changes since 1.20: +46 -12
lines
Diff to previous 1.20 (colored)
Fixed the way phase1/2 messages are sent/resent, to avoid zombie handles and acces to freed memory
Revision 1.20.6.1 / (download) - annotate - [select for diffs], Thu Feb 15 10:18:54 2007 UTC (5 years, 3 months ago) by vanhu
Branch: ipsec-tools-0_7-branch
CVS Tags: ipsec-tools-0_7-beta1
Changes since 1.20: +46 -12
lines
Diff to previous 1.20 (colored)
Fixed the way phase1/2 messages are sent/resent, to avoid zombie handles and acces to freed memory
Revision 1.20 / (download) - annotate - [select for diffs], Mon Oct 2 21:19:43 2006 UTC (5 years, 7 months ago) by manu
Branch: MAIN
CVS Tags: netbsd-4-base,
ipsec-tools-0_7-base
Branch point for: netbsd-4,
ipsec-tools-0_7-branch
Changes since 1.19: +1 -2
lines
Diff to previous 1.19 (colored)
Fix memory leak (Coverity 2001), refactor the code to use port get/set functions
Revision 1.19 / (download) - annotate - [select for diffs], Mon Oct 2 12:04:53 2006 UTC (5 years, 7 months ago) by manu
Branch: MAIN
Changes since 1.18: +3 -3
lines
Diff to previous 1.18 (colored)
Don't use NULL pointer (coverity 3439)
Revision 1.18 / (download) - annotate - [select for diffs], Sun Oct 1 19:23:57 2006 UTC (5 years, 7 months ago) by manu
Branch: MAIN
Changes since 1.17: +17 -11
lines
Diff to previous 1.17 (colored)
Check that iph1->remote is not NULL before using it (Coverity 3436)
Revision 1.17 / (download) - annotate - [select for diffs], Mon Sep 25 17:42:08 2006 UTC (5 years, 8 months ago) by vanhu
Branch: MAIN
Changes since 1.16: +15 -1
lines
Diff to previous 1.16 (colored)
From Yves-Alexis Perez: struct ip -> struct iphdr for Linux
Revision 1.16 / (download) - annotate - [select for diffs], Mon Sep 25 05:08:52 2006 UTC (5 years, 8 months ago) by manu
Branch: MAIN
Changes since 1.15: +2 -2
lines
Diff to previous 1.15 (colored)
style (mostly for testing ipsec-tools-commits@netbsd.org)
Revision 1.15 / (download) - annotate - [select for diffs], Tue Sep 19 07:51:37 2006 UTC (5 years, 8 months ago) by vanhu
Branch: MAIN
Changes since 1.14: +2 -2
lines
Diff to previous 1.14 (colored)
always include some headers, as they are required even without NAT-T
Revision 1.14 / (download) - annotate - [select for diffs], Mon Sep 18 20:32:40 2006 UTC (5 years, 8 months ago) by manu
Branch: MAIN
Changes since 1.13: +26 -2
lines
Diff to previous 1.13 (colored)
From Matthew Grooms: ike_frag force option to force the use of IKE on first packet exchange (prior to peer consent)
Revision 1.13 / (download) - annotate - [select for diffs], Mon Sep 18 08:05:48 2006 UTC (5 years, 8 months ago) by manu
Branch: MAIN
Changes since 1.12: +19 -1
lines
Diff to previous 1.12 (colored)
From Matthew Grooms: handle IKE frag used in the first packet. That should not normally happen, as the initiator does not know yet if the responder can handle IKE frag. However, in some setups, the first packet is too big to get through, and assuming the peer supports IKE frag is the only way to go. racoon should have a setting in the remote section to do taht (something like ike_frag force)
Revision 1.12 / (download) - annotate - [select for diffs], Sat Sep 9 16:22:09 2006 UTC (5 years, 8 months ago) by manu
Branch: MAIN
Changes since 1.11: +361 -252
lines
Diff to previous 1.11 (colored)
Migration of ipsec-tools to NetBSD CVS part 2: resolving the import conflicts. Since we previously had a release branch and we import here the HEAD of CVS, let's assume all local changes are to be dumped. Local patches should have been propagated upstream, anyway.
Revision 1.1.1.7 / (download) - annotate - [select for diffs] (vendor branch), Sat Sep 9 16:11:55 2006 UTC (5 years, 8 months ago) by manu
Branch: IPSEC_TOOLS
CVS Tags: ipsec-tools-base
Changes since 1.1.1.6: +361 -252
lines
Diff to previous 1.1.1.6 (colored)
Migrate ipsec-tools CVS to cvs.netbsd.org
Revision 1.1.1.3.2.9 / (download) - annotate - [select for diffs], Mon Nov 21 21:12:30 2005 UTC (6 years, 6 months ago) by tron
Branch: netbsd-3
CVS Tags: netbsd-3-1-RELEASE,
netbsd-3-1-RC4,
netbsd-3-1-RC3,
netbsd-3-1-RC2,
netbsd-3-1-RC1,
netbsd-3-1-1-RELEASE,
netbsd-3-1,
netbsd-3-0-RELEASE,
netbsd-3-0-RC6,
netbsd-3-0-RC5,
netbsd-3-0-RC4,
netbsd-3-0-RC3,
netbsd-3-0-RC2,
netbsd-3-0-3-RELEASE,
netbsd-3-0-2-RELEASE,
netbsd-3-0-1-RELEASE,
netbsd-3-0
Changes since 1.1.1.3.2.8: +2 -2
lines
Diff to previous 1.1.1.3.2.8 (colored) to branchpoint 1.1.1.3 (colored) next main 1.1.1.4 (colored)
Apply patch (requested by manu in ticket #981): Update ipsec-tools to version 0.6.3.
Revision 1.11 / (download) - annotate - [select for diffs], Mon Nov 21 14:20:29 2005 UTC (6 years, 6 months ago) by manu
Branch: MAIN
CVS Tags: abandoned-netbsd-4-base,
abandoned-netbsd-4
Changes since 1.10: +2 -2
lines
Diff to previous 1.10 (colored)
Merge ipsec-tools 0.6.3 import
Revision 1.1.1.3.2.8 / (download) - annotate - [select for diffs], Fri Oct 21 17:08:17 2005 UTC (6 years, 7 months ago) by riz
Branch: netbsd-3
CVS Tags: netbsd-3-0-RC1
Changes since 1.1.1.3.2.7: +11 -3
lines
Diff to previous 1.1.1.3.2.7 (colored) to branchpoint 1.1.1.3 (colored)
Pull up the following revisions (requested by manu in ticket #894): crypto/dist/ipsec-tools/ChangeLog 1.28-1.30 crypto/dist/ipsec-tools/NEWS 1.1.1.4 crypto/dist/ipsec-tools/configure.ac 1.1.1.7 crypto/dist/ipsec-tools/src/libipsec/pfkey.c 1.7-1.8 crypto/dist/ipsec-tools/src/libipsec/pfkey_dump.c 1.10 crypto/dist/ipsec-tools/src/libipsec/policy_parse.y 1.7 crypto/dist/ipsec-tools/src/racoon/cfparse.y 1.5-1.9 crypto/dist/ipsec-tools/src/racoon/evt.c 1.3 crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c 1.11 crypto/dist/ipsec-tools/src/racoon/isakmp.c 1.10 crypto/dist/ipsec-tools/src/racoon/isakmp_agg.c 1.5-1.6 crypto/dist/ipsec-tools/src/racoon/isakmp_base.c 1.3-1.4 crypto/dist/ipsec-tools/src/racoon/isakmp_ident.c 1.3 crypto/dist/ipsec-tools/src/racoon/oakley.c 1.6 crypto/dist/ipsec-tools/src/racoon/pfkey.c 1.10 crypto/dist/ipsec-tools/src/racoon/policy.c 1.3 crypto/dist/ipsec-tools/src/racoon/racoon.conf.5 1.21-1.23 crypto/dist/ipsec-tools/src/racoon/sockmisc.c 1.3 crypto/dist/ipsec-tools/src/racoon/sockmisc.h 1.5 crypto/dist/ipsec-tools/src/setkey/setkey.8 1.17 lib/libipsec/package_version.h 1.15 Update to ipsec-tools 0.6.2
Revision 1.1.1.6 / (download) - annotate - [select for diffs] (vendor branch), Fri Oct 14 13:21:46 2005 UTC (6 years, 7 months ago) by manu
Branch: IPSEC_TOOLS
CVS Tags: ipsec-tools-0_6_3,
ipsec-tools-0_6_2
Changes since 1.1.1.5: +11 -3
lines
Diff to previous 1.1.1.5 (colored)
Import ipsec-tools-0.6.2. Here is the ChangeLog since 0.6.1 (most of them
have already been pulled up in NetBSD CVS)
---------------------------------------------
0.6.2 released
2005-10-14 Yvan Vanhullebus <vanhu@netasq.com>
* src/racoon/ipsec_doi.c: don't allow NULL or empty FQDNs or
USER_FQDNs (problem reported by Bernhard Suttner).
---------------------------------------------
0.6.2.beta3 released
2005-09-05 Emmanuel Dreyfus <manu@netbsd.org>
From Andreas Hasenack <ahasenack@terra.com.br>
* configure.ac: More build fixes for Linux
---------------------------------------------
0.6.2.beta2 released
2005-09-04 Emmanuel Dreyfus <manu@netbsd.org>
From Wilfried Weissmann
* src/libipsec/policy_parse.y src/racoon/{ipsec_doi.c|oakley.c}
src/racoon/{sockmisc.c|sockmisc.h}: build fixes
---------------------------------------------
0.6.2.beta1 released
2005-09-03 Emmanuel Dreyfus <manu@netbsd.org>
From Francis Dupont <Francis.Dupont@enst-bretagne.fr>
* src/libipsec/pfkey.c src/racoon/pfkey.c: Cope with extensions
2005-08-26 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/cfparse.y: handle xauth_login correctly
* src/racoon/isakmp.c: catch internal error
* src/raccon/isakmp_agg.c: fix racoon as Xauth client
* src/raccon/{isakmp_agg.c|isakmp_base.c}: Proposal safety checks
* src/racoon/evt.c: Fix memory leak when event queue overflows
2005-08-23 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/{isakmp_agg.c|isakmp_ident.c|isakmp_base.c}: Correctly
initialize NAT-T VID to avoid freeing unallocated stuff.
2005-08-21 Emmanuel Dreyfus <manu@netbsd.org>
From Matthias Scheler <matthias.scheler@tadpole.com>
* src/racoon/{isakmp_cfg.c|racoon.conf.5}: enable the use of
ISAKMP mode config without Xauth.
2005-09-16 Yvan Vanhullebus <vanhu@free.fr>
* src/racoon/policy.c: Do not parse all sptree in inssp() if we
don't use Policies priority.
2005-08-15 Emmanuel Dreyfus <manu@netbsd.org>
From: Thomas Klausner <wiz@netbsd.org>
src/setkey/setkey.8: Drop trailing spaces
Revision 1.10 / (download) - annotate - [select for diffs], Mon Sep 26 16:24:57 2005 UTC (6 years, 8 months ago) by manu
Branch: MAIN
Changes since 1.9: +11 -3
lines
Diff to previous 1.9 (colored)
Fix bug when using hybrid auth in client mode make xauth_login work again add safety checks
Revision 1.1.1.3.2.7 / (download) - annotate - [select for diffs], Sat Sep 3 07:03:49 2005 UTC (6 years, 8 months ago) by snj
Branch: netbsd-3
Changes since 1.1.1.3.2.6: +100 -27
lines
Diff to previous 1.1.1.3.2.6 (colored) to branchpoint 1.1.1.3 (colored)
Apply patch (requested by tron in ticket #741): Update ipsec-tools to version 0.6.1.
Revision 1.9 / (download) - annotate - [select for diffs], Sat Aug 20 00:57:06 2005 UTC (6 years, 9 months ago) by manu
Branch: MAIN
Changes since 1.8: +4 -4
lines
Diff to previous 1.8 (colored)
Update to ipsec-tools 0.6.1
Revision 1.1.1.5 / (download) - annotate - [select for diffs] (vendor branch), Sat Aug 20 00:41:34 2005 UTC (6 years, 9 months ago) by manu
Branch: IPSEC_TOOLS
CVS Tags: ipsec-tools-0_6_1
Changes since 1.1.1.4: +3 -3
lines
Diff to previous 1.1.1.4 (colored)
Import ipsec-tools 0.6.1
Revision 1.8 / (download) - annotate - [select for diffs], Sun Aug 7 09:38:45 2005 UTC (6 years, 9 months ago) by manu
Branch: MAIN
Changes since 1.7: +98 -25
lines
Diff to previous 1.7 (colored)
Resolve conflicts caused by recent ipsec-tools-0.6.1rc1 import by prefering the newer software. Some useful local change might have been overwritten, we'll take care of this soon.
Revision 1.1.1.4 / (download) - annotate - [select for diffs] (vendor branch), Sun Aug 7 08:46:53 2005 UTC (6 years, 9 months ago) by manu
Branch: IPSEC_TOOLS
CVS Tags: ipsec-tools-0_6_1-rc1
Changes since 1.1.1.3: +545 -31
lines
Diff to previous 1.1.1.3 (colored)
Update ipsec-tools to 0.6.1rc1 Most of the changes since 0.6b4 have already been committed to the NetBSD tree. This upgrade fixes some IPcomp and NAT-T related problems that were left unadressed in the NetBSD tree.
Revision 1.1.1.3.2.6 / (download) - annotate - [select for diffs], Sat Jul 2 23:22:34 2005 UTC (6 years, 10 months ago) by tron
Branch: netbsd-3
Changes since 1.1.1.3.2.5: +16 -0
lines
Diff to previous 1.1.1.3.2.5 (colored) to branchpoint 1.1.1.3 (colored)
Pull up revision 1.7 (requested by manu in ticket #503): NAT-T fix: We treat null ports in SPD as wildcard so that IKE ports are used instead. This was done on phase 2 initiation from the kernel (acquire message), but not on phase 2 initiation retries when the phase 2 had been queued for a phase 1.
Revision 1.1.1.3.2.5 / (download) - annotate - [select for diffs], Wed Jun 29 12:17:23 2005 UTC (6 years, 10 months ago) by tron
Branch: netbsd-3
Changes since 1.1.1.3.2.4: +10 -2
lines
Diff to previous 1.1.1.3.2.4 (colored) to branchpoint 1.1.1.3 (colored)
Pull up revision 1.6 (requested by manu in ticket #489): Consume NAT-T packets that have already been seen through MSG_PEEK
Revision 1.7 / (download) - annotate - [select for diffs], Wed Jun 22 21:28:18 2005 UTC (6 years, 11 months ago) by manu
Branch: MAIN
Changes since 1.6: +18 -2
lines
Diff to previous 1.6 (colored)
NAT-T fix: We treat null ports in SPD as wildcard so that IKE ports are used instead. This was done on phase 2 initiation from the kernel (acquire message), but not on phase 2 initiation retries when the phase 2 had been queued for a phase 1.
Revision 1.6 / (download) - annotate - [select for diffs], Wed Jun 15 07:29:20 2005 UTC (6 years, 11 months ago) by manu
Branch: MAIN
Changes since 1.5: +11 -3
lines
Diff to previous 1.5 (colored)
Consume NAT-T packets that have already been seen through MSG_PEEK
Revision 1.1.1.3.2.4 / (download) - annotate - [select for diffs], Fri May 27 23:00:33 2005 UTC (7 years ago) by riz
Branch: netbsd-3
Changes since 1.1.1.3.2.3: +18 -4
lines
Diff to previous 1.1.1.3.2.3 (colored) to branchpoint 1.1.1.3 (colored)
Pull up revision 1.5 (requested by manu in ticket #325): - Fix a double free - For acquire messages, when NAT-T is in use, consider null port as a wildcard and use IKE port
Revision 1.5 / (download) - annotate - [select for diffs], Fri May 13 14:09:44 2005 UTC (7 years ago) by manu
Branch: MAIN
Changes since 1.4: +18 -4
lines
Diff to previous 1.4 (colored)
- Fix a double free - For acquire messages, when NAT-T is in use, consider null port as a wildcard and use IKE port
Revision 1.1.1.3.2.3 / (download) - annotate - [select for diffs], Wed May 11 12:17:19 2005 UTC (7 years ago) by tron
Branch: netbsd-3
Changes since 1.1.1.3.2.2: +388 -0
lines
Diff to previous 1.1.1.3.2.2 (colored) to branchpoint 1.1.1.3 (colored)
Pull up revision 1.4 (requested by manu in ticket #277): More NAT-T fixes for the situation where racoon acts as a VPN client Flush SA and generated SP on DPD timeout and deletion payloads
Revision 1.4 / (download) - annotate - [select for diffs], Sun May 8 08:57:26 2005 UTC (7 years ago) by manu
Branch: MAIN
Changes since 1.3: +389 -1
lines
Diff to previous 1.3 (colored)
More NAT-T fixes for the situation where racoon acts as a VPN client Flush SA and generated SP on DPD timeout and deletion payloads
Revision 1.1.1.3.2.2 / (download) - annotate - [select for diffs], Sun May 1 11:01:04 2005 UTC (7 years ago) by tron
Branch: netbsd-3
Changes since 1.1.1.3.2.1: +20 -6
lines
Diff to previous 1.1.1.3.2.1 (colored) to branchpoint 1.1.1.3 (colored)
Pull up revision 1.3 (requested by manu in ticket #215): Bug fixes from the ipsec-tools 0.6 branch: - Fix NAT-T problems that prevented multiple peers behind the same NAT to talk to the same machine outside the NAT. This also require kernel fixes (already committed eralier) - Fix a LP64 bug - Fix NAT-T RFC conformance bugs (missing non ESP marker in packets) - Add a -p option to setkey to display ports that could be used for ESP over UDP when printing policies
Revision 1.3 / (download) - annotate - [select for diffs], Wed Apr 27 05:19:50 2005 UTC (7 years, 1 month ago) by manu
Branch: MAIN
Changes since 1.2: +21 -7
lines
Diff to previous 1.2 (colored)
Bug fixes from the ipsec-tools 0.6 branch: - Fix NAT-T problems that prevented multiple peers behind the same NAT to talk to the same machine outside the NAT. This also require kernel fixes (already committed eralier) - Fix a LP64 bug - Fix NAT-T RFC conformance bugs (missing non ESP marker in packets) - Add a -p option to setkey to display ports that could be used for ESP over UDP when printing policies
Revision 1.1.1.3.2.1 / (download) - annotate - [select for diffs], Thu Apr 21 16:51:40 2005 UTC (7 years, 1 month ago) by tron
Branch: netbsd-3
Changes since 1.1.1.3: +11 -10
lines
Diff to previous 1.1.1.3 (colored)
Pull up revision 1.2 (requested by manu in ticket #179): Fix simple DES support (security problems for racoon to racoon setups) Fix broken generated policies flush
Revision 1.2 / (download) - annotate - [select for diffs], Tue Apr 19 19:42:09 2005 UTC (7 years, 1 month ago) by manu
Branch: MAIN
Changes since 1.1: +18 -15
lines
Diff to previous 1.1 (colored)
Fix simple DES support (security problems for racoon to racoon setups) Fix broken generated policies flush
Revision 1.1.1.3 / (download) - annotate - [select for diffs] (vendor branch), Mon Mar 14 08:14:29 2005 UTC (7 years, 2 months ago) by manu
Branch: IPSEC_TOOLS
CVS Tags: netbsd-3-base,
ipsec-tools-0_6-20050317,
ipsec-tools-0_6-20050314
Branch point for: netbsd-3
Changes since 1.1.1.2: +2 -2
lines
Diff to previous 1.1.1.2 (colored)
Import ipsec-tools ipsec-tools-0_6-20050314
Revision 1.1.1.2 / (download) - annotate - [select for diffs] (vendor branch), Wed Feb 23 14:54:17 2005 UTC (7 years, 3 months ago) by manu
Branch: IPSEC_TOOLS
CVS Tags: ipsec-tools-0_6-20050224,
ipsec-tools-0_6-20050223
Changes since 1.1.1.1: +6 -4
lines
Diff to previous 1.1.1.1 (colored)
Import ipsec-tools 0.6 branch as of 2005/02/23. News from last imported version
according to ipsec-tools' ChangeLog:
2005-02-23 Emmanuel Dreyfus <manu@netbsd.org>
* configure.ac, src/racoon/{Makefile.am|crypto_openssl.c}: optionnal
support for patented algorithms: IDEA and RC5.
* src/racoon/{isakmp_xauth.c|main.c}: don't initialize RADIUS if it
is not required in the configuration
* src/racoon/isakmp.c: do not reject addresses for which kernel
refused UDP encapsulation, they can still be used for non NAT-T
traffic (eg: NAT-T enabled racoon on non NAT-T enabled kernel)
2005-02-18 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/{main.c|eaytest.c|plairsa-gen.c}
src/setkey/setkey.c: don't use fuzzy paths for package_version.h
2005-02-18 Yvan Vanhullebus <vanhu@free.fr>
* src/racoon/isakmp_inf.c: Purge generated SPDs when getting a
related DELETE_SA
* src/racoon/pfkey.c: do NOT unbindph12() when SA acquire
2005-02-17 Emmanuel Dreyfus <manu@netbsd.org>
From Fred Senault <fred.letter@lacave.net>
* src/racoon/remoteconf.c: Fix a bug in script init
2005-02-17 Yvan Vanhullebus <vanhu@free.fr>
* src/racoon/ipsec_doi.c: Workaround for phase1 lifetime checks
2005-02-15 Michal Ludvig <michal@logix.cz>
* configure.ac: Changed --enable-natt_NN to --enable-natt-versions=NN,NN
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Sat Feb 12 11:12:14 2005 UTC (7 years, 3 months ago) by manu
Branch: IPSEC_TOOLS
CVS Tags: ipsec-tools-0_6-base
Changes since 1.1: +0 -0
lines
Diff to previous 1.1 (colored)
Import ipsec-tools (tag ipsec-tools-0_6-base in ipsec-tools CVS) ipsec-tools is a fork from KAME racoon/libipsec/setkey, with many enhancements.
Revision 1.1 / (download) - annotate - [select for diffs], Sat Feb 12 11:12:14 2005 UTC (7 years, 3 months ago) by manu
Branch: MAIN
Initial revision