![[BACK]](/icons/back.gif){kind=icon}
Up to [cvs.netbsd.org] / src / crypto / dist / ipsec-tools / src / racoon
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.57.6.1 / (download) - annotate - [select for diffs], Tue Apr 17 00:01:42 2012 UTC (5 weeks, 4 days ago) by yamt
Branch: yamt-pagecache
Changes since 1.57: +4 -4
lines
Diff to previous 1.57 (colored) next main 1.58 (colored)
sync with head
Revision 1.58 / (download) - annotate - [select for diffs], Sun Jan 1 15:57:31 2012 UTC (4 months, 3 weeks ago) by tteras
Branch: MAIN
CVS Tags: yamt-pagecache-base5,
yamt-pagecache-base4,
netbsd-6-base,
netbsd-6,
HEAD
Changes since 1.57: +4 -4
lines
Diff to previous 1.57 (colored)
From Wolfgang Schmieder <wolfgang@die-schmieders.de>: Fix various typos in comments and log messages. Fix default port used in copy_ph1addresses().
Revision 1.57 / (download) - annotate - [select for diffs], Tue Mar 15 13:20:14 2011 UTC (14 months, 1 week ago) by vanhu
Branch: MAIN
CVS Tags: yamt-pagecache-base3,
yamt-pagecache-base2,
yamt-pagecache-base,
ipsec-tools-0_8_0,
ipsec-tools-0_8-branch,
cherry-xenmp-base,
cherry-xenmp
Branch point for: yamt-pagecache
Changes since 1.56: +3 -3
lines
Diff to previous 1.56 (colored)
directly call isakmp_ph1delete() instead of scheduling isakmp_ph1delete_stub(), as it is useless an can lead to memory access after free
Revision 1.56 / (download) - annotate - [select for diffs], Mon Mar 14 17:18:13 2011 UTC (14 months, 1 week ago) by tteras
Branch: MAIN
Changes since 1.55: +8 -8
lines
Diff to previous 1.55 (colored)
Explicitly compare return value of cmpsaddr() against a return value define to make it more obvious what is the intended action. One more return value is also added, to fix comparison of security policy descriptors. Namely, getsp() should not allow wildcard matching (as the comment says, it does exact matching) - otherwise we get problems when kernel has generic policy with no ports, and a second similar policy with ports.
Revision 1.54.2.1 / (download) - annotate - [select for diffs], Sat Mar 5 15:08:32 2011 UTC (14 months, 3 weeks ago) by bouyer
Branch: bouyer-quota2
Changes since 1.54: +7 -7
lines
Diff to previous 1.54 (colored) next main 1.55 (colored)
Sync with HEAD
Revision 1.55 / (download) - annotate - [select for diffs], Tue Mar 1 14:33:58 2011 UTC (14 months, 3 weeks ago) by vanhu
Branch: MAIN
CVS Tags: bouyer-quota2-nbase
Changes since 1.54: +7 -7
lines
Diff to previous 1.54 (colored)
plog text fixes, patch from M E Andersson <debian@gisladisker.se>
Revision 1.54 / (download) - annotate - [select for diffs], Fri Nov 12 10:36:37 2010 UTC (18 months, 1 week ago) by tteras
Branch: MAIN
CVS Tags: matt-mips64-premerge-20101231,
bouyer-quota2-base
Branch point for: bouyer-quota2
Changes since 1.53: +5 -5
lines
Diff to previous 1.53 (colored)
isakmp_post_acquire is now called from admin commands too, add a flag so admin commands can be used to establish even passive links on demand.
Revision 1.53 / (download) - annotate - [select for diffs], Thu Oct 21 06:15:28 2010 UTC (19 months ago) by tteras
Branch: MAIN
Changes since 1.52: +3 -3
lines
Diff to previous 1.52 (colored)
Introduce priorities for file descriptor polling mechanism and give priority to admin port. If admin port is used by ISAKMP-SA hook scripts they should be preferred, other wise heavy traffic can delay admin port requests considerably. This in turn may cause renegotiation loop for ISAKMP-SA. This is mostly useful for OpenNHRP setup, but can benefit other setups too.
Revision 1.52 / (download) - annotate - [select for diffs], Tue Feb 9 23:05:16 2010 UTC (2 years, 3 months ago) by wiz
Branch: MAIN
Changes since 1.51: +3 -3
lines
Diff to previous 1.51 (colored)
Fix typo in comment.
Revision 1.51 / (download) - annotate - [select for diffs], Thu Sep 3 09:29:07 2009 UTC (2 years, 8 months ago) by tteras
Branch: MAIN
CVS Tags: matt-premerge-20091211
Changes since 1.50: +27 -22
lines
Diff to previous 1.50 (colored)
When rekeying phase2 use phase1 used to negotiate phase2 as a hint to select the phase1 for rekeying the new phase2.
Revision 1.50 / (download) - annotate - [select for diffs], Mon Aug 10 08:22:13 2009 UTC (2 years, 9 months ago) by tteras
Branch: MAIN
Changes since 1.49: +9 -2
lines
Diff to previous 1.49 (colored)
Don't print EAGAIN error from pfkey_handler(), it can occur normally under some code paths and is not a hard error in any case.
Revision 1.49 / (download) - annotate - [select for diffs], Wed Aug 5 13:16:01 2009 UTC (2 years, 9 months ago) by tteras
Branch: MAIN
Changes since 1.48: +10 -5
lines
Diff to previous 1.48 (colored)
From Paul Wernau: Fix transport mode per-port security associations that got broke during NAT-T fixes.
Revision 1.48 / (download) - annotate - [select for diffs], Fri Jul 3 06:41:46 2009 UTC (2 years, 10 months ago) by tteras
Branch: MAIN
Changes since 1.47: +20 -36
lines
Diff to previous 1.47 (colored)
Get rid of the evil CMPSADDR macro. Trac #295.
Revision 1.47 / (download) - annotate - [select for diffs], Fri Jul 3 06:40:10 2009 UTC (2 years, 10 months ago) by tteras
Branch: MAIN
Changes since 1.46: +51 -22
lines
Diff to previous 1.46 (colored)
From Yvan Vanhullebus: Use SADB_X_EXT_NAT_T_* consistently for passing the NAT-T port information. This might break compatibility with some kernels, but as discussed this is the proper way to pass NAT-T ports and the broken kernels need to be fixed.
Revision 1.45.2.1 / (download) - annotate - [select for diffs], Wed May 13 19:15:54 2009 UTC (3 years ago) by jym
Branch: jym-xensuspend
Changes since 1.45: +4 -4
lines
Diff to previous 1.45 (colored) next main 1.46 (colored)
Sync with HEAD. Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
Revision 1.46 / (download) - annotate - [select for diffs], Fri Mar 13 04:49:16 2009 UTC (3 years, 2 months ago) by tteras
Branch: MAIN
CVS Tags: jym-xensuspend-nbase,
jym-xensuspend-base
Changes since 1.45: +4 -4
lines
Diff to previous 1.45 (colored)
From Arnaud Ebalard: Fix couple of problems with previous commit.
Revision 1.35.2.1 / (download) - annotate - [select for diffs], Sun Feb 8 18:42:18 2009 UTC (3 years, 3 months ago) by snj
Branch: netbsd-5
CVS Tags: netbsd-5-1-RELEASE,
netbsd-5-1-RC4,
netbsd-5-1-RC3,
netbsd-5-1-RC2,
netbsd-5-1-RC1,
netbsd-5-1-2-RELEASE,
netbsd-5-1-1-RELEASE,
netbsd-5-1,
netbsd-5-0-RELEASE,
netbsd-5-0-RC4,
netbsd-5-0-RC3,
netbsd-5-0-RC2,
netbsd-5-0-2-RELEASE,
netbsd-5-0-1-RELEASE,
netbsd-5-0,
matt-nb5-pq3-base,
matt-nb5-pq3,
matt-nb5-mips64-u2-k2-k4-k7-k8-k9,
matt-nb5-mips64-u1-k1-k5,
matt-nb5-mips64-premerge-20101231,
matt-nb5-mips64-premerge-20091211,
matt-nb5-mips64-k15,
matt-nb5-mips64,
matt-nb4-mips64-k7-u2a-k9b
Changes since 1.35: +124 -111
lines
Diff to previous 1.35 (colored) next main 1.36 (colored)
Apply patch (requested by manu/spz in #378): Downgrade ipsec-tools to 0.7.1nb1.
Revision 1.45 / (download) - annotate - [select for diffs], Fri Jan 23 08:32:58 2009 UTC (3 years, 4 months ago) by tteras
Branch: MAIN
Branch point for: jym-xensuspend
Changes since 1.44: +99 -19
lines
Diff to previous 1.44 (colored)
From Arnaud Ebalard: Handle reception of MIGRATE message during Phase 1 and Phase 2 negotiation. Also corrects some debugging statements.
Revision 1.44 / (download) - annotate - [select for diffs], Fri Jan 23 08:29:34 2009 UTC (3 years, 4 months ago) by tteras
Branch: MAIN
Changes since 1.43: +75 -60
lines
Diff to previous 1.43 (colored)
From Arnaud Ebalard: On the responder (for instance), there is a need to not only migrate local and remote addresses of Phase 1 that match previous addresses but also the local and remote addresses of a Phase 1 *associated* with a migrated Phase 2. For instance, we have that need when receiving the first MIGRATE/KMADDRESS message because the old addresses are still the HoA and the address of the HA (while the peer has contacted us using the CoA and we have negotiated this address as src attribute in Phase 2). The patch fixes that by having migrate_ph1_ike_addresses() called from migrate_ph2_ike_addresses() callback.
Revision 1.43 / (download) - annotate - [select for diffs], Fri Jan 23 08:05:58 2009 UTC (3 years, 4 months ago) by tteras
Branch: MAIN
Changes since 1.42: +3 -3
lines
Diff to previous 1.42 (colored)
Remove "fastquit" configure option and make it the default behaviour. The previous normal behaviour is buggy, as after flush kernel can immediately create larval SA:s which would prevent exit.
Revision 1.42 / (download) - annotate - [select for diffs], Tue Dec 23 14:03:12 2008 UTC (3 years, 5 months ago) by tteras
Branch: MAIN
Changes since 1.41: +15 -22
lines
Diff to previous 1.41 (colored)
rewrite local address detection make some functions static that arr not needed globally rework how fd_set is construction for the main loop select()
Revision 1.41 / (download) - annotate - [select for diffs], Thu Dec 18 07:20:25 2008 UTC (3 years, 5 months ago) by tteras
Branch: MAIN
Changes since 1.40: +33 -24
lines
Diff to previous 1.40 (colored)
From Arnaud Ebalard: Delete larval ph2handles when expire with hard lifetime received
Revision 1.40 / (download) - annotate - [select for diffs], Tue Dec 16 06:08:46 2008 UTC (3 years, 5 months ago) by tteras
Branch: MAIN
Changes since 1.39: +16 -22
lines
Diff to previous 1.39 (colored)
Fix transport mode address selection in acquire handling. Some earlier fixes got lost on 2008-12-05 commit.
Revision 1.39 / (download) - annotate - [select for diffs], Mon Dec 8 06:00:53 2008 UTC (3 years, 5 months ago) by tteras
Branch: MAIN
Changes since 1.38: +6 -7
lines
Diff to previous 1.38 (colored)
Do not cache pfkey sockets: it might cause to not handle some pfkey events when select() has marked pfkey socket readable, but a timer callback first calls pfkey_dump_sadb().
Revision 1.38 / (download) - annotate - [select for diffs], Fri Dec 5 06:02:20 2008 UTC (3 years, 5 months ago) by tteras
Branch: MAIN
Changes since 1.37: +844 -108
lines
Diff to previous 1.37 (colored)
From Arnaud Ebalard: Improved Mobile IPv6 support per draft-ebalard-mext-pfkey-enhanced-migrate.
Revision 1.37 / (download) - annotate - [select for diffs], Thu Nov 27 11:08:48 2008 UTC (3 years, 5 months ago) by tteras
Branch: MAIN
Changes since 1.36: +29 -44
lines
Diff to previous 1.36 (colored)
From Arnaud Ebalard: Remove MAXNESTEDSA weirdness. It's probably meant for bundle support which is not done. When someone actually writes bundle support, the nested SA stuff would probably be reworked too anyway.
Revision 1.36 / (download) - annotate - [select for diffs], Thu Nov 27 10:53:48 2008 UTC (3 years, 5 months ago) by tteras
Branch: MAIN
Changes since 1.35: +27 -2
lines
Diff to previous 1.35 (colored)
From: Matthew Krenzer Ability to set pfkey socket buffer size via configuration file directive. (Indentation and minor fixes by me.)
Revision 1.35 / (download) - annotate - [select for diffs], Mon Oct 27 06:27:05 2008 UTC (3 years, 6 months ago) by tteras
Branch: MAIN
CVS Tags: netbsd-5-base,
netbsd-5-0-RC1
Branch point for: netbsd-5
Changes since 1.34: +3 -2
lines
Diff to previous 1.34 (colored)
From Arnaud Ebalard: Add missing return to error path
Revision 1.27.4.3 / (download) - annotate - [select for diffs], Wed Sep 24 16:30:24 2008 UTC (3 years, 8 months ago) by wrstuden
Branch: wrstuden-revivesa
Changes since 1.27.4.2: +4 -4
lines
Diff to previous 1.27.4.2 (colored) to branchpoint 1.27 (colored) next main 1.28 (colored)
Merge in changes between wrstuden-revivesa-base-2 and wrstuden-revivesa-base-3.
Revision 1.34 / (download) - annotate - [select for diffs], Fri Sep 19 11:14:49 2008 UTC (3 years, 8 months ago) by tteras
Branch: MAIN
CVS Tags: matt-mips64-base2
Changes since 1.33: +2 -12
lines
Diff to previous 1.33 (colored)
Implement ISAKMP SA rekeying configurable with rekey {on|off|force} option
in remote conf.
Revision 1.33 / (download) - annotate - [select for diffs], Fri Sep 19 11:01:08 2008 UTC (3 years, 8 months ago) by tteras
Branch: MAIN
Changes since 1.32: +7 -36
lines
Diff to previous 1.32 (colored)
Change struct sched to be allocated be the caller to avoid some memory allocations. Optimize scheduling algorithm to not scan all entries in the main loop.
Revision 1.27.4.2 / (download) - annotate - [select for diffs], Thu Sep 18 04:54:19 2008 UTC (3 years, 8 months ago) by wrstuden
Branch: wrstuden-revivesa
Changes since 1.27.4.1: +77 -22
lines
Diff to previous 1.27.4.1 (colored) to branchpoint 1.27 (colored)
Sync with wrstuden-revivesa-base-2.
Revision 1.32 / (download) - annotate - [select for diffs], Tue Sep 9 11:50:42 2008 UTC (3 years, 8 months ago) by vanhu
Branch: MAIN
CVS Tags: wrstuden-revivesa-base-3
Changes since 1.31: +4 -4
lines
Diff to previous 1.31 (colored)
Some calls to set_port() were not correctly updated in the previous commit
Revision 1.16.2.1.2.2 / (download) - annotate - [select for diffs], Thu Sep 4 08:46:11 2008 UTC (3 years, 8 months ago) by skrll
Branch: wrstuden-fixsa
Changes since 1.16.2.1.2.1: +6 -8
lines
Diff to previous 1.16.2.1.2.1 (colored) next main 1.16.2.2 (colored)
Sync with netbsd-4.
Revision 1.31 / (download) - annotate - [select for diffs], Wed Sep 3 16:08:26 2008 UTC (3 years, 8 months ago) by vanhu
Branch: MAIN
CVS Tags: wrstuden-revivesa-base-2
Changes since 1.30: +65 -19
lines
Diff to previous 1.30 (colored)
From Tomas Mraz: Duplicate addresses in pk_sendxxx functions, as they may be altered for NAT-T stuff.
Revision 1.30 / (download) - annotate - [select for diffs], Wed Sep 3 09:57:28 2008 UTC (3 years, 8 months ago) by tteras
Branch: MAIN
Changes since 1.29: +6 -3
lines
Diff to previous 1.29 (colored)
- Fix reloading of SPD (Linux satype check, handling of SPD dump responses) - Remove some spurious error log message from extract_port()
Revision 1.16.2.2.2.1 / (download) - annotate - [select for diffs], Mon Aug 18 20:33:33 2008 UTC (3 years, 9 months ago) by jdc
Branch: netbsd-4-0
CVS Tags: netbsd-4-0-1-RELEASE
Changes since 1.16.2.2: +6 -8
lines
Diff to previous 1.16.2.2 (colored) next main 1.16.2.3 (colored)
Upgrade ipsec-tools to release 0.7.1 (requested by manu in ticket #1183).
Revision 1.16.2.3 / (download) - annotate - [select for diffs], Mon Aug 18 20:31:30 2008 UTC (3 years, 9 months ago) by jdc
Branch: netbsd-4
CVS Tags: wrstuden-fixsa-newbase,
wrstuden-fixsa-base
Changes since 1.16.2.2: +6 -8
lines
Diff to previous 1.16.2.2 (colored) to branchpoint 1.16 (colored) next main 1.17 (colored)
Upgrade ipsec-tools to release 0.7.1 (requested by manu in ticket #1183).
Revision 1.29 / (download) - annotate - [select for diffs], Mon Jul 14 05:45:15 2008 UTC (3 years, 10 months ago) by tteras
Branch: MAIN
Changes since 1.28: +10 -4
lines
Diff to previous 1.28 (colored)
Handle RESPONDER-LIFETIME notification in quick mode.
Revision 1.27.4.1 / (download) - annotate - [select for diffs], Mon Jun 23 04:26:46 2008 UTC (3 years, 11 months ago) by wrstuden
Branch: wrstuden-revivesa
Changes since 1.27: +3 -3
lines
Diff to previous 1.27 (colored)
Sync w/ -current. 34 merge conflicts to follow.
Revision 1.28 / (download) - annotate - [select for diffs], Wed Jun 18 06:11:38 2008 UTC (3 years, 11 months ago) by mgrooms
Branch: MAIN
CVS Tags: wrstuden-revivesa-base-1,
wrstuden-revivesa-base
Changes since 1.27: +3 -3
lines
Diff to previous 1.27 (colored)
Correct a phase2 status event. Submitted by Timo Teras.
Revision 1.25.2.1 / (download) - annotate - [select for diffs], Mon Mar 24 07:14:30 2008 UTC (4 years, 2 months ago) by keiichi
Branch: keiichi-mipv6
Changes since 1.25: +25 -62
lines
Diff to previous 1.25 (colored) next main 1.26 (colored)
sync with head.
Revision 1.22.4.3 / (download) - annotate - [select for diffs], Sun Mar 23 00:13:34 2008 UTC (4 years, 2 months ago) by matt
Branch: matt-armv6
Changes since 1.22.4.2: +25 -62
lines
Diff to previous 1.22.4.2 (colored) to branchpoint 1.22 (colored) next main 1.23 (colored)
sync with HEAD
Revision 1.27 / (download) - annotate - [select for diffs], Thu Mar 6 00:46:04 2008 UTC (4 years, 2 months ago) by mgrooms
Branch: MAIN
CVS Tags: yamt-pf42-baseX,
yamt-pf42-base4,
yamt-pf42-base3,
yamt-pf42-base2,
yamt-pf42-base,
yamt-pf42,
matt-armv6-nbase,
keiichi-mipv6-base,
hpcarm-cleanup-nbase
Branch point for: wrstuden-revivesa
Changes since 1.26: +6 -56
lines
Diff to previous 1.26 (colored)
Add the ability to initiate IPsec SA negotiations using the admin socket. Submitted by Timo Teras.
Revision 1.18.4.5 / (download) - annotate - [select for diffs], Wed Mar 5 22:14:24 2008 UTC (4 years, 2 months ago) by mgrooms
Branch: ipsec-tools-0_7-branch
CVS Tags: ipsec-tools-0_7_3,
ipsec-tools-0_7_2,
ipsec-tools-0_7_1
Changes since 1.18.4.4: +6 -8
lines
Diff to previous 1.18.4.4 (colored) to branchpoint 1.18 (colored) next main 1.19 (colored)
Provide better handling for pfkey socket read errors. Submitted by Timo Teras.
Revision 1.26 / (download) - annotate - [select for diffs], Wed Mar 5 22:09:44 2008 UTC (4 years, 2 months ago) by mgrooms
Branch: MAIN
Changes since 1.25: +21 -8
lines
Diff to previous 1.25 (colored)
Reload SPD on SIGHUP or adminport reload. Also provide better handling for pfkey socket read errors. Submitted by Timo Teras.
Revision 1.22.4.2 / (download) - annotate - [select for diffs], Wed Jan 9 01:22:36 2008 UTC (4 years, 4 months ago) by matt
Branch: matt-armv6
Changes since 1.22.4.1: +9 -4
lines
Diff to previous 1.22.4.1 (colored) to branchpoint 1.22 (colored)
sync with HEAD
Revision 1.25 / (download) - annotate - [select for diffs], Wed Dec 12 04:46:00 2007 UTC (4 years, 5 months ago) by mgrooms
Branch: MAIN
CVS Tags: matt-armv6-base,
hpcarm-cleanup-base
Branch point for: keiichi-mipv6
Changes since 1.24: +4 -4
lines
Diff to previous 1.24 (colored)
Add support for nat-t oa payload handling. Submitted by Timo Teras.
Revision 1.24 / (download) - annotate - [select for diffs], Fri Nov 9 16:27:58 2007 UTC (4 years, 6 months ago) by vanhu
Branch: MAIN
CVS Tags: cube-autoconf-base,
cube-autoconf
Changes since 1.23: +7 -2
lines
Diff to previous 1.23 (colored)
From Arnaud Ebalard: Some sanity checking in pk_recv()
Revision 1.22.4.1 / (download) - annotate - [select for diffs], Tue Nov 6 23:07:37 2007 UTC (4 years, 6 months ago) by matt
Branch: matt-armv6
CVS Tags: matt-armv6-prevmlocking
Changes since 1.22: +3 -3
lines
Diff to previous 1.22 (colored)
sync with HEAD
Revision 1.23 / (download) - annotate - [select for diffs], Wed Sep 12 23:39:50 2007 UTC (4 years, 8 months ago) by mgrooms
Branch: MAIN
Changes since 1.22: +3 -3
lines
Diff to previous 1.22 (colored)
Implement clientaddr sainfo remote id option and refine the sainfo man page syntax.
Revision 1.16.2.1.2.1 / (download) - annotate - [select for diffs], Mon Sep 3 06:51:18 2007 UTC (4 years, 8 months ago) by wrstuden
Branch: wrstuden-fixsa
Changes since 1.16.2.1: +12 -7
lines
Diff to previous 1.16.2.1 (colored)
Sync w/ NetBSD-4-RC_1
Revision 1.16.2.2 / (download) - annotate - [select for diffs], Tue Aug 28 11:14:46 2007 UTC (4 years, 8 months ago) by liamjfoy
Branch: netbsd-4
CVS Tags: wrstuden-fixsa-base-1,
netbsd-4-0-RELEASE,
netbsd-4-0-RC5,
netbsd-4-0-RC4,
netbsd-4-0-RC3,
netbsd-4-0-RC2,
netbsd-4-0-RC1
Branch point for: netbsd-4-0
Changes since 1.16.2.1: +12 -7
lines
Diff to previous 1.16.2.1 (colored) to branchpoint 1.16 (colored)
Pull up following revision(s) (requested by manu in ticket #830): Import ipsec-tools 0.7
Revision 1.18.4.4 / (download) - annotate - [select for diffs], Wed Aug 1 11:52:21 2007 UTC (4 years, 9 months ago) by vanhu
Branch: ipsec-tools-0_7-branch
CVS Tags: ipsec-tools-0_7
Changes since 1.18.4.3: +3 -7
lines
Diff to previous 1.18.4.3 (colored) to branchpoint 1.18 (colored)
use a single PATH_IPSEC_H to fix some path_to_ipsec.h issues
Revision 1.22.6.2 / (download) - annotate - [select for diffs], Wed Jul 18 12:07:53 2007 UTC (4 years, 10 months ago) by vanhu
Branch: matt-mips64
Changes since 1.22.6.1: +3142 -0
lines
Diff to previous 1.22.6.1 (colored) to branchpoint 1.22 (colored) next main 1.23 (colored)
use a single PATH_IPSEC_H to fix some path_to_ipsec.h issues
Revision 1.22.6.1, Wed Jul 18 12:07:52 2007 UTC (4 years, 10 months ago) by vanhu
Branch: matt-mips64
Changes since 1.22: +0 -3142
lines
FILE REMOVED
file pfkey.c was added on branch matt-mips64 on 2007-07-18 12:07:53 +0000
Revision 1.22 / (download) - annotate - [select for diffs], Wed Jul 18 12:07:52 2007 UTC (4 years, 10 months ago) by vanhu
Branch: MAIN
CVS Tags: matt-mips64-base,
hpcarm-cleanup
Branch point for: matt-mips64,
matt-armv6
Changes since 1.21: +3 -7
lines
Diff to previous 1.21 (colored)
use a single PATH_IPSEC_H to fix some path_to_ipsec.h issues
Revision 1.16.2.1 / (download) - annotate - [select for diffs], Sun May 13 10:14:06 2007 UTC (5 years ago) by jdc
Branch: netbsd-4
Branch point for: wrstuden-fixsa
Changes since 1.16: +327 -171
lines
Diff to previous 1.16 (colored)
Upgrade ipsec-tools to 0.7-beta3 (Requested by manu in ticket #634).
Revision 1.18.4.3 / (download) - annotate - [select for diffs], Fri May 4 09:11:57 2007 UTC (5 years ago) by vanhu
Branch: ipsec-tools-0_7-branch
CVS Tags: ipsec-tools-0_7-rc1,
ipsec-tools-0_7-RC1
Changes since 1.18.4.2: +11 -2
lines
Diff to previous 1.18.4.2 (colored) to branchpoint 1.18 (colored)
Force the update of ph2 in pk_recvupdate() if NAT_T support, to solve some port match problems with the first IPSec SAs negociated as initiator
Revision 1.21 / (download) - annotate - [select for diffs], Fri May 4 09:09:26 2007 UTC (5 years ago) by vanhu
Branch: MAIN
Changes since 1.20: +11 -2
lines
Diff to previous 1.20 (colored)
Force the update of ph2 in pk_recvupdate() if NAT_T support, to solve some port match problems with the first IPSec SAs negociated as initiator
Revision 1.18.4.2 / (download) - annotate - [select for diffs], Wed Mar 21 14:30:08 2007 UTC (5 years, 2 months ago) by vanhu
Branch: ipsec-tools-0_7-branch
CVS Tags: ipsec-tools-0_7-beta3
Changes since 1.18.4.1: +3 -4
lines
Diff to previous 1.18.4.1 (colored) to branchpoint 1.18 (colored)
NULL sched check is now done in SCHED_KILL
Revision 1.20 / (download) - annotate - [select for diffs], Wed Mar 21 14:29:22 2007 UTC (5 years, 2 months ago) by vanhu
Branch: MAIN
Changes since 1.19: +3 -4
lines
Diff to previous 1.19 (colored)
NULL sched check is now done in SCHED_KILL
Revision 1.19 / (download) - annotate - [select for diffs], Tue Feb 20 09:11:03 2007 UTC (5 years, 3 months ago) by vanhu
Branch: MAIN
Changes since 1.18: +61 -2
lines
Diff to previous 1.18 (colored)
fills creation date of generated SPDs
Revision 1.18.4.1 / (download) - annotate - [select for diffs], Tue Feb 20 09:08:19 2007 UTC (5 years, 3 months ago) by vanhu
Branch: ipsec-tools-0_7-branch
CVS Tags: ipsec-tools-0_7-beta2
Changes since 1.18: +61 -2
lines
Diff to previous 1.18 (colored)
fills creation date of generated SPDs
Revision 1.18 / (download) - annotate - [select for diffs], Sun Dec 10 18:46:39 2006 UTC (5 years, 5 months ago) by manu
Branch: MAIN
CVS Tags: ipsec-tools-0_7-beta1,
ipsec-tools-0_7-base
Branch point for: ipsec-tools-0_7-branch
Changes since 1.17: +10 -9
lines
Diff to previous 1.17 (colored)
Bring back API and ABI backward compatibility with previous libipsec before recent interface change. Bump libipsec minor version. Remove ifdefs in struct pfkey_send_sa_args to avoid ABI compatibility lossage. Add a capability flags to detect missing optional feature in libipsec
Revision 1.17 / (download) - annotate - [select for diffs], Sat Dec 9 05:52:57 2006 UTC (5 years, 5 months ago) by manu
Branch: MAIN
Changes since 1.16: +264 -167
lines
Diff to previous 1.16 (colored)
From Joy Latten: Add support for SELinux security contexts. Also cleanup the libipsec interface for adding and updating security associations.
Revision 1.16 / (download) - annotate - [select for diffs], Fri Oct 6 12:02:27 2006 UTC (5 years, 7 months ago) by manu
Branch: MAIN
CVS Tags: netbsd-4-base
Branch point for: netbsd-4
Changes since 1.15: +6 -2
lines
Diff to previous 1.15 (colored)
Camelia cipher support as in RFC 4312, from Tomoyuki Okazaki <okazaki@kick.gr.jp>
Revision 1.15 / (download) - annotate - [select for diffs], Tue Oct 3 08:02:51 2006 UTC (5 years, 7 months ago) by vanhu
Branch: MAIN
Changes since 1.14: +14 -3
lines
Diff to previous 1.14 (colored)
Uses remoteid/ph1id values
Revision 1.14 / (download) - annotate - [select for diffs], Mon Oct 2 07:17:57 2006 UTC (5 years, 7 months ago) by manu
Branch: MAIN
Changes since 1.13: +3 -2
lines
Diff to previous 1.13 (colored)
Don't use NULL pointer (Coverity 944)
Revision 1.13 / (download) - annotate - [select for diffs], Tue Sep 26 04:41:26 2006 UTC (5 years, 8 months ago) by manu
Branch: MAIN
Changes since 1.12: +45 -7
lines
Diff to previous 1.12 (colored)
fix SA bundle (e.g.: for negotiating ESP+IPcomp)
Revision 1.12 / (download) - annotate - [select for diffs], Sat Sep 9 16:22:10 2006 UTC (5 years, 8 months ago) by manu
Branch: MAIN
Changes since 1.11: +52 -19
lines
Diff to previous 1.11 (colored)
Migration of ipsec-tools to NetBSD CVS part 2: resolving the import conflicts. Since we previously had a release branch and we import here the HEAD of CVS, let's assume all local changes are to be dumped. Local patches should have been propagated upstream, anyway.
Revision 1.1.1.5 / (download) - annotate - [select for diffs] (vendor branch), Sat Sep 9 16:12:09 2006 UTC (5 years, 8 months ago) by manu
Branch: IPSEC_TOOLS
CVS Tags: ipsec-tools-base
Changes since 1.1.1.4: +52 -19
lines
Diff to previous 1.1.1.4 (colored)
Migrate ipsec-tools CVS to cvs.netbsd.org
Revision 1.1.1.2.2.8 / (download) - annotate - [select for diffs], Mon Nov 21 21:12:30 2005 UTC (6 years, 6 months ago) by tron
Branch: netbsd-3
CVS Tags: netbsd-3-1-RELEASE,
netbsd-3-1-RC4,
netbsd-3-1-RC3,
netbsd-3-1-RC2,
netbsd-3-1-RC1,
netbsd-3-1-1-RELEASE,
netbsd-3-1,
netbsd-3-0-RELEASE,
netbsd-3-0-RC6,
netbsd-3-0-RC5,
netbsd-3-0-RC4,
netbsd-3-0-RC3,
netbsd-3-0-RC2,
netbsd-3-0-3-RELEASE,
netbsd-3-0-2-RELEASE,
netbsd-3-0-1-RELEASE,
netbsd-3-0
Changes since 1.1.1.2.2.7: +2 -2
lines
Diff to previous 1.1.1.2.2.7 (colored) to branchpoint 1.1.1.2 (colored) next main 1.1.1.3 (colored)
Apply patch (requested by manu in ticket #981): Update ipsec-tools to version 0.6.3.
Revision 1.11 / (download) - annotate - [select for diffs], Mon Nov 21 14:20:29 2005 UTC (6 years, 6 months ago) by manu
Branch: MAIN
CVS Tags: abandoned-netbsd-4-base,
abandoned-netbsd-4
Changes since 1.10: +2 -2
lines
Diff to previous 1.10 (colored)
From Yves-Alexis Perez: use sysdep_sa_len to make it compile on Linux
Revision 1.1.1.2.2.7 / (download) - annotate - [select for diffs], Fri Oct 21 17:08:17 2005 UTC (6 years, 7 months ago) by riz
Branch: netbsd-3
CVS Tags: netbsd-3-0-RC1
Changes since 1.1.1.2.2.6: +5 -1
lines
Diff to previous 1.1.1.2.2.6 (colored) to branchpoint 1.1.1.2 (colored)
Pull up the following revisions (requested by manu in ticket #894): crypto/dist/ipsec-tools/ChangeLog 1.28-1.30 crypto/dist/ipsec-tools/NEWS 1.1.1.4 crypto/dist/ipsec-tools/configure.ac 1.1.1.7 crypto/dist/ipsec-tools/src/libipsec/pfkey.c 1.7-1.8 crypto/dist/ipsec-tools/src/libipsec/pfkey_dump.c 1.10 crypto/dist/ipsec-tools/src/libipsec/policy_parse.y 1.7 crypto/dist/ipsec-tools/src/racoon/cfparse.y 1.5-1.9 crypto/dist/ipsec-tools/src/racoon/evt.c 1.3 crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c 1.11 crypto/dist/ipsec-tools/src/racoon/isakmp.c 1.10 crypto/dist/ipsec-tools/src/racoon/isakmp_agg.c 1.5-1.6 crypto/dist/ipsec-tools/src/racoon/isakmp_base.c 1.3-1.4 crypto/dist/ipsec-tools/src/racoon/isakmp_ident.c 1.3 crypto/dist/ipsec-tools/src/racoon/oakley.c 1.6 crypto/dist/ipsec-tools/src/racoon/pfkey.c 1.10 crypto/dist/ipsec-tools/src/racoon/policy.c 1.3 crypto/dist/ipsec-tools/src/racoon/racoon.conf.5 1.21-1.23 crypto/dist/ipsec-tools/src/racoon/sockmisc.c 1.3 crypto/dist/ipsec-tools/src/racoon/sockmisc.h 1.5 crypto/dist/ipsec-tools/src/setkey/setkey.8 1.17 lib/libipsec/package_version.h 1.15 Update to ipsec-tools 0.6.2
Revision 1.10 / (download) - annotate - [select for diffs], Fri Oct 14 14:01:34 2005 UTC (6 years, 7 months ago) by manu
Branch: MAIN
Changes since 1.9: +5 -1
lines
Diff to previous 1.9 (colored)
Merge ipsec-tools 0.6.2 import.
Revision 1.1.1.4 / (download) - annotate - [select for diffs] (vendor branch), Fri Oct 14 13:21:49 2005 UTC (6 years, 7 months ago) by manu
Branch: IPSEC_TOOLS
CVS Tags: ipsec-tools-0_6_3,
ipsec-tools-0_6_2
Changes since 1.1.1.3: +5 -1
lines
Diff to previous 1.1.1.3 (colored)
Import ipsec-tools-0.6.2. Here is the ChangeLog since 0.6.1 (most of them
have already been pulled up in NetBSD CVS)
---------------------------------------------
0.6.2 released
2005-10-14 Yvan Vanhullebus <vanhu@netasq.com>
* src/racoon/ipsec_doi.c: don't allow NULL or empty FQDNs or
USER_FQDNs (problem reported by Bernhard Suttner).
---------------------------------------------
0.6.2.beta3 released
2005-09-05 Emmanuel Dreyfus <manu@netbsd.org>
From Andreas Hasenack <ahasenack@terra.com.br>
* configure.ac: More build fixes for Linux
---------------------------------------------
0.6.2.beta2 released
2005-09-04 Emmanuel Dreyfus <manu@netbsd.org>
From Wilfried Weissmann
* src/libipsec/policy_parse.y src/racoon/{ipsec_doi.c|oakley.c}
src/racoon/{sockmisc.c|sockmisc.h}: build fixes
---------------------------------------------
0.6.2.beta1 released
2005-09-03 Emmanuel Dreyfus <manu@netbsd.org>
From Francis Dupont <Francis.Dupont@enst-bretagne.fr>
* src/libipsec/pfkey.c src/racoon/pfkey.c: Cope with extensions
2005-08-26 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/cfparse.y: handle xauth_login correctly
* src/racoon/isakmp.c: catch internal error
* src/raccon/isakmp_agg.c: fix racoon as Xauth client
* src/raccon/{isakmp_agg.c|isakmp_base.c}: Proposal safety checks
* src/racoon/evt.c: Fix memory leak when event queue overflows
2005-08-23 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/{isakmp_agg.c|isakmp_ident.c|isakmp_base.c}: Correctly
initialize NAT-T VID to avoid freeing unallocated stuff.
2005-08-21 Emmanuel Dreyfus <manu@netbsd.org>
From Matthias Scheler <matthias.scheler@tadpole.com>
* src/racoon/{isakmp_cfg.c|racoon.conf.5}: enable the use of
ISAKMP mode config without Xauth.
2005-09-16 Yvan Vanhullebus <vanhu@free.fr>
* src/racoon/policy.c: Do not parse all sptree in inssp() if we
don't use Policies priority.
2005-08-15 Emmanuel Dreyfus <manu@netbsd.org>
From: Thomas Klausner <wiz@netbsd.org>
src/setkey/setkey.8: Drop trailing spaces
Revision 1.1.1.2.2.6 / (download) - annotate - [select for diffs], Sat Sep 3 07:03:50 2005 UTC (6 years, 8 months ago) by snj
Branch: netbsd-3
Changes since 1.1.1.2.2.5: +25 -7
lines
Diff to previous 1.1.1.2.2.5 (colored) to branchpoint 1.1.1.2 (colored)
Apply patch (requested by tron in ticket #741): Update ipsec-tools to version 0.6.1.
Revision 1.9 / (download) - annotate - [select for diffs], Sat Aug 20 00:57:06 2005 UTC (6 years, 9 months ago) by manu
Branch: MAIN
Changes since 1.8: +1 -1
lines
Diff to previous 1.8 (colored)
Update to ipsec-tools 0.6.1
Revision 1.8 / (download) - annotate - [select for diffs], Sun Aug 7 09:38:46 2005 UTC (6 years, 9 months ago) by manu
Branch: MAIN
Changes since 1.7: +6 -6
lines
Diff to previous 1.7 (colored)
Resolve conflicts caused by recent ipsec-tools-0.6.1rc1 import by prefering the newer software. Some useful local change might have been overwritten, we'll take care of this soon.
Revision 1.1.1.3 / (download) - annotate - [select for diffs] (vendor branch), Sun Aug 7 08:47:44 2005 UTC (6 years, 9 months ago) by manu
Branch: IPSEC_TOOLS
CVS Tags: ipsec-tools-0_6_1-rc1,
ipsec-tools-0_6_1
Changes since 1.1.1.2: +43 -16
lines
Diff to previous 1.1.1.2 (colored)
Update ipsec-tools to 0.6.1rc1 Most of the changes since 0.6b4 have already been committed to the NetBSD tree. This upgrade fixes some IPcomp and NAT-T related problems that were left unadressed in the NetBSD tree.
Revision 1.1.1.2.2.5 / (download) - annotate - [select for diffs], Tue Jul 12 17:39:36 2005 UTC (6 years, 10 months ago) by tron
Branch: netbsd-3
Changes since 1.1.1.2.2.4: +1 -9
lines
Diff to previous 1.1.1.2.2.4 (colored) to branchpoint 1.1.1.2 (colored)
Pull up revision 1.6 (requested by manu in ticket #582): Don't wipe out IKE ports for SA update as it breaks things: the SA is taken from an existing SA and already has matching IKE ports.
Revision 1.1.1.2.2.4 / (download) - annotate - [select for diffs], Tue Jul 12 17:33:44 2005 UTC (6 years, 10 months ago) by tron
Branch: netbsd-3
Changes since 1.1.1.2.2.3: +20 -4
lines
Diff to previous 1.1.1.2.2.3 (colored) to branchpoint 1.1.1.2 (colored)
Pull up revision 1.5 (requested by manu in ticket #580): Set IKE ports to 0 in SA when NAT-T is not in use. This fixes problems when NAT-T is disabled
Revision 1.7 / (download) - annotate - [select for diffs], Tue Jul 12 16:49:52 2005 UTC (6 years, 10 months ago) by manu
Branch: MAIN
Changes since 1.6: +20 -2
lines
Diff to previous 1.6 (colored)
Add SHA2 support
Revision 1.6 / (download) - annotate - [select for diffs], Tue Jul 12 16:24:29 2005 UTC (6 years, 10 months ago) by manu
Branch: MAIN
Changes since 1.5: +1 -9
lines
Diff to previous 1.5 (colored)
Don't wipe out IKE ports for SA update as it breaks things: the SA is taken from an existing SA and already has matching IKE ports.
Revision 1.5 / (download) - annotate - [select for diffs], Tue Jul 12 14:14:46 2005 UTC (6 years, 10 months ago) by manu
Branch: MAIN
Changes since 1.4: +21 -5
lines
Diff to previous 1.4 (colored)
Set IKE ports to 0 in SA when NAT-T is not in use. This fixes problems when NAT-T is disabled
Revision 1.1.1.2.2.3 / (download) - annotate - [select for diffs], Tue May 10 16:07:17 2005 UTC (7 years ago) by tron
Branch: netbsd-3
Changes since 1.1.1.2.2.2: +4 -1
lines
Diff to previous 1.1.1.2.2.2 (colored) to branchpoint 1.1.1.2 (colored)
Pull up revision 1.4 (requested by manu in ticket #274): on phase 2 acquire, lookup phase 2 by (src, dst, policy id) so that multiple SA can be used in transport mode While I'm there, patch ipsec-tools ChangeLog to reflect the changes we took from ipsec-tools-0_6-branch
Revision 1.4 / (download) - annotate - [select for diffs], Tue May 3 21:08:47 2005 UTC (7 years ago) by manu
Branch: MAIN
Changes since 1.3: +5 -2
lines
Diff to previous 1.3 (colored)
on phase 2 acquire, lookup phase 2 by (src, dst, policy id) so that multiple SA can be used in transport mode While I'm there, patch ipsec-tools ChangeLog to reflect the changes we took from ipsec-tools-0_6-branch
Revision 1.1.1.2.2.2 / (download) - annotate - [select for diffs], Sun May 1 11:01:05 2005 UTC (7 years ago) by tron
Branch: netbsd-3
Changes since 1.1.1.2.2.1: +2 -2
lines
Diff to previous 1.1.1.2.2.1 (colored) to branchpoint 1.1.1.2 (colored)
Pull up revision 1.3 (requested by manu in ticket #215): Bug fixes from the ipsec-tools 0.6 branch: - Fix NAT-T problems that prevented multiple peers behind the same NAT to talk to the same machine outside the NAT. This also require kernel fixes (already committed eralier) - Fix a LP64 bug - Fix NAT-T RFC conformance bugs (missing non ESP marker in packets) - Add a -p option to setkey to display ports that could be used for ESP over UDP when printing policies
Revision 1.3 / (download) - annotate - [select for diffs], Wed Apr 27 05:19:50 2005 UTC (7 years, 1 month ago) by manu
Branch: MAIN
Changes since 1.2: +3 -3
lines
Diff to previous 1.2 (colored)
Bug fixes from the ipsec-tools 0.6 branch: - Fix NAT-T problems that prevented multiple peers behind the same NAT to talk to the same machine outside the NAT. This also require kernel fixes (already committed eralier) - Fix a LP64 bug - Fix NAT-T RFC conformance bugs (missing non ESP marker in packets) - Add a -p option to setkey to display ports that could be used for ESP over UDP when printing policies
Revision 1.1.1.2.2.1 / (download) - annotate - [select for diffs], Thu Apr 21 16:51:40 2005 UTC (7 years, 1 month ago) by tron
Branch: netbsd-3
Changes since 1.1.1.2: +1 -3
lines
Diff to previous 1.1.1.2 (colored)
Pull up revision 1.2 (requested by manu in ticket #179): Fix simple DES support (security problems for racoon to racoon setups) Fix broken generated policies flush
Revision 1.2 / (download) - annotate - [select for diffs], Tue Apr 19 19:42:09 2005 UTC (7 years, 1 month ago) by manu
Branch: MAIN
Changes since 1.1: +3 -1
lines
Diff to previous 1.1 (colored)
Fix simple DES support (security problems for racoon to racoon setups) Fix broken generated policies flush
Revision 1.1.1.2 / (download) - annotate - [select for diffs] (vendor branch), Wed Feb 23 14:54:24 2005 UTC (7 years, 3 months ago) by manu
Branch: IPSEC_TOOLS
CVS Tags: netbsd-3-base,
ipsec-tools-0_6-20050317,
ipsec-tools-0_6-20050314,
ipsec-tools-0_6-20050224,
ipsec-tools-0_6-20050223
Branch point for: netbsd-3
Changes since 1.1.1.1: +6 -2
lines
Diff to previous 1.1.1.1 (colored)
Import ipsec-tools 0.6 branch as of 2005/02/23. News from last imported version
according to ipsec-tools' ChangeLog:
2005-02-23 Emmanuel Dreyfus <manu@netbsd.org>
* configure.ac, src/racoon/{Makefile.am|crypto_openssl.c}: optionnal
support for patented algorithms: IDEA and RC5.
* src/racoon/{isakmp_xauth.c|main.c}: don't initialize RADIUS if it
is not required in the configuration
* src/racoon/isakmp.c: do not reject addresses for which kernel
refused UDP encapsulation, they can still be used for non NAT-T
traffic (eg: NAT-T enabled racoon on non NAT-T enabled kernel)
2005-02-18 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/{main.c|eaytest.c|plairsa-gen.c}
src/setkey/setkey.c: don't use fuzzy paths for package_version.h
2005-02-18 Yvan Vanhullebus <vanhu@free.fr>
* src/racoon/isakmp_inf.c: Purge generated SPDs when getting a
related DELETE_SA
* src/racoon/pfkey.c: do NOT unbindph12() when SA acquire
2005-02-17 Emmanuel Dreyfus <manu@netbsd.org>
From Fred Senault <fred.letter@lacave.net>
* src/racoon/remoteconf.c: Fix a bug in script init
2005-02-17 Yvan Vanhullebus <vanhu@free.fr>
* src/racoon/ipsec_doi.c: Workaround for phase1 lifetime checks
2005-02-15 Michal Ludvig <michal@logix.cz>
* configure.ac: Changed --enable-natt_NN to --enable-natt-versions=NN,NN
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Sat Feb 12 11:12:46 2005 UTC (7 years, 3 months ago) by manu
Branch: IPSEC_TOOLS
CVS Tags: ipsec-tools-0_6-base
Changes since 1.1: +0 -0
lines
Diff to previous 1.1 (colored)
Import ipsec-tools (tag ipsec-tools-0_6-base in ipsec-tools CVS) ipsec-tools is a fork from KAME racoon/libipsec/setkey, with many enhancements.
Revision 1.1 / (download) - annotate - [select for diffs], Sat Feb 12 11:12:46 2005 UTC (7 years, 3 months ago) by manu
Branch: MAIN
Initial revision