The NetBSD Project

CVS log for src/lib/libipsec/Attic/pfkey.c

[BACK] Up to [cvs.NetBSD.org] / src / lib / libipsec

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.23, Sat Feb 19 16:55:04 2005 UTC (19 years, 1 month ago) by thorpej
Branch: MAIN
CVS Tags: yamt-pf42-base4, yamt-pf42-base3, yamt-pf42-base2, yamt-pf42-base, yamt-pf42, yamt-pagecache-tag8, yamt-pagecache-base9, yamt-pagecache-base8, yamt-pagecache-base7, yamt-pagecache-base6, yamt-pagecache-base5, yamt-pagecache-base4, yamt-pagecache-base3, yamt-pagecache-base2, yamt-pagecache-base, yamt-pagecache, tls-maxphys-base, tls-earlyentropy-base, tls-earlyentropy, riastradh-xf86-video-intel-2-7-1-pre-2-21-15, riastradh-drm2-base3, prg-localcount2-base3, prg-localcount2-base2, prg-localcount2-base1, prg-localcount2-base, prg-localcount2, phil-wifi-20200421, phil-wifi-20200411, phil-wifi-20200406, pgoyette-localcount-base, pgoyette-localcount-20170426, pgoyette-localcount-20170320, pgoyette-localcount-20170107, pgoyette-localcount-20161104, pgoyette-localcount-20160806, pgoyette-localcount-20160726, pgoyette-localcount, pgoyette-compat-merge-20190127, pgoyette-compat-base, pgoyette-compat-20190127, pgoyette-compat-20190118, pgoyette-compat-1226, pgoyette-compat-1126, pgoyette-compat-1020, pgoyette-compat-0930, pgoyette-compat-0906, pgoyette-compat-0728, pgoyette-compat-0625, pgoyette-compat-0521, pgoyette-compat-0502, pgoyette-compat-0422, pgoyette-compat-0415, pgoyette-compat-0407, pgoyette-compat-0330, pgoyette-compat-0322, pgoyette-compat-0315, pgoyette-compat, perseant-stdc-iso10646-base, perseant-stdc-iso10646, netbsd-5-base, netbsd-5-2-RELEASE, netbsd-5-2-RC1, netbsd-5-2-3-RELEASE, netbsd-5-2-2-RELEASE, netbsd-5-2-1-RELEASE, netbsd-5-2, netbsd-5-1-RELEASE, netbsd-5-1-RC4, netbsd-5-1-RC3, netbsd-5-1-RC2, netbsd-5-1-RC1, netbsd-5-1-5-RELEASE, netbsd-5-1-4-RELEASE, netbsd-5-1-3-RELEASE, netbsd-5-1-2-RELEASE, netbsd-5-1-1-RELEASE, netbsd-5-1, netbsd-5-0-RELEASE, netbsd-5-0-RC4, netbsd-5-0-RC3, netbsd-5-0-RC2, netbsd-5-0-RC1, netbsd-5-0-2-RELEASE, netbsd-5-0-1-RELEASE, netbsd-5-0, netbsd-5, mjf-devfs2-base, mjf-devfs2, matt-nb5-pq3-base, matt-nb5-pq3, localcount-20160914, keiichi-mipv6-base, keiichi-mipv6, jym-xensuspend-nbase, jym-xensuspend-base, jym-xensuspend, hpcarm-cleanup-nbase, hpcarm-cleanup-base, hpcarm-cleanup, cube-autoconf-base, cube-autoconf, cjep_sun2x-base, cjep_sun2x, cjep_staticlib_x-base1, cjep_staticlib_x-base, cjep_staticlib_x, bouyer-socketcan-base1, bouyer-socketcan-base, bouyer-socketcan, bouyer-quota2-nbase, bouyer-quota2-base, bouyer-quota2, agc-symver-base, agc-symver, HEAD
Changes since 1.22: +1 -1 lines
FILE REMOVED

Switch to ipsec-tools for libipsec, setkey, and racoon.  From
Emmanuel Dreyfus, with some small changes by me.

Revision 1.22 / (download) - annotate - [select for diffs], Wed Oct 13 23:46:46 2004 UTC (19 years, 5 months ago) by abs
Branch: MAIN
Changes since 1.21: +2 -2 lines
Diff to previous 1.21 (colored)

I'm not sure what the comment is trying to say, but it can say it with
'making' at least as well as 'makeing'.

Revision 1.21 / (download) - annotate - [select for diffs], Sun Apr 25 22:25:05 2004 UTC (19 years, 11 months ago) by jonathan
Branch: MAIN
Changes since 1.20: +16 -3 lines
Diff to previous 1.20 (colored)

Initial commit of a port of the FreeBSD implementation of RFC 2385
(MD5 signatures for TCP, as used with BGP).  Credit for original
FreeBSD code goes to Bruce M. Simpson, with FreeBSD sponsorship
credited to sentex.net.  Shortening of the setsockopt() name
attributed to Vincent Jardin.

This commit is a minimal, working version of the FreeBSD code, as
MFC'ed to FreeBSD-4. It has received minimal testing with a ttcp
modified to set the TCP-MD5 option; BMS's additions to tcpdump-current
(tcpdump -M) confirm that the MD5 signatures are correct.  Committed
as-is for further testing between a NetBSD BGP speaker (e.g., quagga)
and industry-standard BGP speakers (e.g., Cisco, Juniper).


NOTE: This version has two potential flaws. First, I do see any code
that verifies recieved TCP-MD5 signatures.  Second, the TCP-MD5
options are internally padded and assumed to be 32-bit aligned. A more
space-efficient scheme is to pack all TCP options densely (and
possibly unaligned) into the TCP header ; then do one final padding to
a 4-byte boundary.  Pre-existing comments note that accounting for
TCP-option space when we add SACK is yet to be done. For now, I'm
punting on that; we can solve it properly, in a way that will handle
SACK blocks, as a separate exercise.

In case a pullup to NetBSD-2 is requested, this adds sys/netipsec/xform_tcp.c
,and modifies:

sys/net/pfkeyv2.h,v 1.15
sys/netinet/files.netinet,v 1.5
sys/netinet/ip.h,v 1.25
sys/netinet/tcp.h,v 1.15
sys/netinet/tcp_input.c,v 1.200
sys/netinet/tcp_output.c,v 1.109
sys/netinet/tcp_subr.c,v 1.165
sys/netinet/tcp_usrreq.c,v 1.89
sys/netinet/tcp_var.h,v 1.109
sys/netipsec/files.netipsec,v 1.3
sys/netipsec/ipsec.c,v 1.11
sys/netipsec/ipsec.h,v 1.7
sys/netipsec/key.c,v 1.11
share/man/man4/tcp.4,v 1.16
lib/libipsec/pfkey.c,v 1.20
lib/libipsec/pfkey_dump.c,v 1.17
lib/libipsec/policy_token.l,v 1.8
sbin/setkey/parse.y,v 1.14
sbin/setkey/setkey.8,v 1.27
sbin/setkey/token.l,v 1.15

Note that the preceding two revisions to tcp.4 will be
required to cleanly apply this diff.

Revision 1.20 / (download) - annotate - [select for diffs], Tue Feb 24 15:12:51 2004 UTC (20 years, 1 month ago) by wiz
Branch: MAIN
CVS Tags: netbsd-2-base, netbsd-2-1-RELEASE, netbsd-2-1-RC6, netbsd-2-1-RC5, netbsd-2-1-RC4, netbsd-2-1-RC3, netbsd-2-1-RC2, netbsd-2-1-RC1, netbsd-2-1, netbsd-2-0-base, netbsd-2-0-RELEASE, netbsd-2-0-RC5, netbsd-2-0-RC4, netbsd-2-0-RC3, netbsd-2-0-RC2, netbsd-2-0-RC1, netbsd-2-0-3-RELEASE, netbsd-2-0-2-RELEASE, netbsd-2-0-1-RELEASE, netbsd-2-0, netbsd-2
Changes since 1.19: +26 -26 lines
Diff to previous 1.19 (colored)

occured -> occurred. From Peter Postma.

Revision 1.19 / (download) - annotate - [select for diffs], Fri Sep 26 22:23:58 2003 UTC (20 years, 6 months ago) by wiz
Branch: MAIN
Changes since 1.18: +3 -3 lines
Diff to previous 1.18 (colored)

Process has only one c. From miod@openbsd.

Revision 1.18 / (download) - annotate - [select for diffs], Tue Aug 26 03:49:05 2003 UTC (20 years, 7 months ago) by itojun
Branch: MAIN
Changes since 1.17: +5 -3 lines
Diff to previous 1.17 (colored)

protect SADB_X_EXT_TAG with #ifdef

Revision 1.17 / (download) - annotate - [select for diffs], Tue Aug 26 03:37:25 2003 UTC (20 years, 7 months ago) by itojun
Branch: MAIN
Changes since 1.16: +27 -26 lines
Diff to previous 1.16 (colored)

typo

Revision 1.16 / (download) - annotate - [select for diffs], Tue Jul 22 03:31:44 2003 UTC (20 years, 8 months ago) by itojun
Branch: MAIN
Changes since 1.15: +6 -6 lines
Diff to previous 1.15 (colored)

cosmetic

Revision 1.15 / (download) - annotate - [select for diffs], Sun Mar 9 01:03:55 2003 UTC (21 years ago) by lukem
Branch: MAIN
Changes since 1.14: +4 -1 lines
Diff to previous 1.14 (colored)

use __RCSID()

Revision 1.14 / (download) - annotate - [select for diffs], Tue Mar 4 18:30:58 2003 UTC (21 years ago) by christos
Branch: MAIN
Changes since 1.13: +8 -5 lines
Diff to previous 1.13 (colored)

Avoid memory leak. Pointed out by Patrick Latifi <patrickl at secureops dot com>

Revision 1.13 / (download) - annotate - [select for diffs], Tue May 14 11:24:21 2002 UTC (21 years, 10 months ago) by itojun
Branch: MAIN
CVS Tags: netbsd-1-6-base, netbsd-1-6-RELEASE, netbsd-1-6-RC3, netbsd-1-6-RC2, netbsd-1-6-RC1, netbsd-1-6-PATCH002-RELEASE, netbsd-1-6-PATCH002-RC4, netbsd-1-6-PATCH002-RC3, netbsd-1-6-PATCH002-RC2, netbsd-1-6-PATCH002-RC1, netbsd-1-6-PATCH002, netbsd-1-6-PATCH001-RELEASE, netbsd-1-6-PATCH001-RC3, netbsd-1-6-PATCH001-RC2, netbsd-1-6-PATCH001-RC1, netbsd-1-6-PATCH001, netbsd-1-6, fvdl_fs64_base
Changes since 1.12: +643 -131 lines
Diff to previous 1.12 (colored)

sync with latest kame setkey(8), modulo icmp6 hack.
pfkey.c is now more picky about buffer length validation.
spddump (setkey -DP) will print lifetime information.

Revision 1.12 / (download) - annotate - [select for diffs], Sun Sep 16 16:34:26 2001 UTC (22 years, 6 months ago) by wiz
Branch: MAIN
Changes since 1.11: +21 -21 lines
Diff to previous 1.11 (colored)

Spell 'occurred' with two 'r's.

Revision 1.11 / (download) - annotate - [select for diffs], Mon Jul 3 03:56:22 2000 UTC (23 years, 9 months ago) by matt
Branch: MAIN
Changes since 1.10: +2 -2 lines
Diff to previous 1.10 (colored)

More include cleanup.  Remvoe (p) from #undef in libipsec.

Revision 1.9.2.1 / (download) - annotate - [select for diffs], Fri Jun 23 16:16:35 2000 UTC (23 years, 9 months ago) by minoura
Branch: minoura-xpg4dl
Changes since 1.9: +326 -154 lines
Diff to previous 1.9 (colored) next main 1.10 (colored)

Sync w/ netbsd-1-5-base.

Revision 1.10 / (download) - annotate - [select for diffs], Mon Jun 12 10:40:52 2000 UTC (23 years, 9 months ago) by itojun
Branch: MAIN
CVS Tags: netbsd-1-5-base, netbsd-1-5-RELEASE, netbsd-1-5-PATCH003, netbsd-1-5-PATCH002, netbsd-1-5-PATCH001, netbsd-1-5-BETA2, netbsd-1-5-BETA, netbsd-1-5-ALPHA2, netbsd-1-5
Changes since 1.9: +326 -154 lines
Diff to previous 1.9 (colored)

sync with almost-latest KAME IPsec.  full changelog would be too big
to mention here.  notable changes are like below.

kernel:
- make PF_KEY kernel interface more robust against broken input stream.
  it includes complete internal structure change in sys/netkey/key.c.
- remove non-RFC compliant change in PF_KEY API, in particular,
  in struct sadb_msg.  we cannot just change these standard structs.
  sadb_x_sa2 is introduced instead.
- remove prototypes for pfkey_xx functions from /usr/include/net/pfkeyv2.h.
  these functions are not supplied in /usr/lib.

setkey(8):
- get/delete does not require "-m mode" (ignored with warning, if you
  specify it)
- spddelete takes direction specification

Revision 1.9 / (download) - annotate - [select for diffs], Mon Mar 13 21:23:56 2000 UTC (24 years ago) by itojun
Branch: MAIN
CVS Tags: minoura-xpg4dl-base
Branch point for: minoura-xpg4dl
Changes since 1.8: +68 -68 lines
Diff to previous 1.8 (colored)

hide shouldn't-be-exported symbols from the outside.
don't compile pfkey*, since we expect tons of changes in the near future.

bump shlib major (due to less exported APIs than before - am I correct here?).

Revision 1.8 / (download) - annotate - [select for diffs], Tue Feb 8 13:17:52 2000 UTC (24 years, 1 month ago) by itojun
Branch: MAIN
Changes since 1.7: +2 -2 lines
Diff to previous 1.7 (colored)

use proper include path (net/pfkeyv2.h)

Revision 1.7 / (download) - annotate - [select for diffs], Tue Feb 8 13:14:35 2000 UTC (24 years, 1 month ago) by itojun
Branch: MAIN
Changes since 1.6: +1 -2 lines
Diff to previous 1.6 (colored)

don't include in6.h directly.

Revision 1.6 / (download) - annotate - [select for diffs], Mon Jan 31 14:15:32 2000 UTC (24 years, 2 months ago) by itojun
Branch: MAIN
Changes since 1.5: +667 -518 lines
Diff to previous 1.5 (colored)

upgrade libipsec to the latest.
- parser now uses yacc/lex (there'll be no symbol conflict).
- outbound policy and inbound policy is now separate
- policy specification for tunnel SA is improved
- api changed, bump shlib major

XXX some of programs will become not buildable - will commit shortly

Revision 1.5 / (download) - annotate - [select for diffs], Thu Sep 16 04:20:03 1999 UTC (24 years, 6 months ago) by itojun
Branch: MAIN
CVS Tags: wrstuden-devbsize-base, wrstuden-devbsize-19991221, wrstuden-devbsize, comdex-fall-1999-base, comdex-fall-1999
Changes since 1.4: +10 -2 lines
Diff to previous 1.4 (colored)

temporary workaround against KAME PR 154.
http://www2.kame.net/dev/query-pr.cgi?pr=154

This allows many keys to be dumped via "setkey -D", or many keys
to be configured by single "setkey -c < foo" command.

Revision 1.4 / (download) - annotate - [select for diffs], Sun Jul 4 01:36:13 1999 UTC (24 years, 9 months ago) by itojun
Branch: MAIN
Changes since 1.3: +7 -1 lines
Diff to previous 1.3 (colored)

add NetBSD RCS ID on the top.
retain KAME RCS ID where there was one.

Revision 1.3 / (download) - annotate - [select for diffs], Sat Jul 3 06:59:28 1999 UTC (24 years, 9 months ago) by itojun
Branch: MAIN
Changes since 1.2: +13 -2 lines
Diff to previous 1.2 (colored)

s/CFLAGS/CPPFLAGS/ for -D and -I.
remove lint error.

Revision 1.2 / (download) - annotate - [select for diffs], Fri Jul 2 16:17:44 1999 UTC (24 years, 9 months ago) by simonb
Branch: MAIN
Changes since 1.1: +7 -7 lines
Diff to previous 1.1 (colored)

More trailing white space.

Revision 1.1 / (download) - annotate - [select for diffs], Thu Jul 1 20:15:28 1999 UTC (24 years, 9 months ago) by itojun
Branch: MAIN

ipsec support library.
mainly for debugging, and policy text->binary conversion.  NO crypto code
is included so it is export safe.

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>