src - OpenBSD base system

Age	Commit message (Collapse)	Author
2013-04-24	remove old backwards random junk	Theo de Raadt
	ok mikeb
2013-03-21	remove excessive includes	Theo de Raadt

2010-04-15	Log when isakmpd starts - patch from Toni Mueller	lum
	ok ho@ mpf@ krw@ sthen@ kjell@
2008-05-12	Error out with usage line if additional arguments are given after the	Pierre-Yves Ritschard
	option parsing. Found out the hard way by jdixon on ifstated. ok sobrado@, jdixon@, millert@
2007-04-02	Don't let -r fall through to the next case block,	Moritz Jodeit
	if INSECURE_RAND is defined. ok hshoexer@
2006-09-01	Add a new UI command to force isakmpd into passive only mode.	Marco Pfatschbacher
	Will be used by sasyncd to prevent two talking isakmpd's in an HA setup. Based on a diff by ho@. OK ho@, hshoexer@, deraadt@
2006-08-30	Make SA deletion on shutdown the default again. Use -S for failover	Hans-Joerg Hoexer
	situations where you do not want this. Discussed and agreed on with ho, mcbride, markus, cloder,... We will have to teach sasyncd to deal with this. Testing by msf and hshoexer with help from mtu ok markus cloder
2006-06-10	Make deletion of SAs on shutdown optional. The default behaviour	Hans-Joerg Hoexer
	now is to not delete SAs. Needed for reliable ipsec failover. Suggested by mtu@. Moreover, this ensures that packets do not leak when isakmpd is shutdown. ok mcbride@, testing mtu@
2006-06-01	Fix a comment	Hans-Joerg Hoexer

2006-03-20	make sure the command fifo is ready before isakmpd returns. This	Hans-Joerg Hoexer
	resolves a startup race when interacting with ipsecctl. Suggested by and discussed with moritz@ ok moritz@
2005-12-20	let isakmpd(8) remove it's pid/fifo file on exit.	Moritz Jodeit
	rework signal handling in the monitor process to let this work. testing and ok hshoexer@
2005-06-25	/* Fallthrough. / -> / FALLTHROUGH */	Hans-Joerg Hoexer
	now that's useable with lint
2005-05-26	Add ARGSUSED for lint, one comment for me	Hans-Joerg Hoexer

2005-05-03	Remove SIGUSR2-related stuff as suggested by ho@.	Moritz Jodeit
	SA rehashing won't happen anytime soon. ok hshoexer@
2005-05-03	fix signal race, when child dies before the monitor	Moritz Jodeit
	sets it's signal handlers. ok hshoexer@ ho@
2005-04-10	- sort synopsis + options list	Jason McIntyre
	- sync usage() - tidy up lists and displays - misc tweaks
2005-04-08	Make deterministic randomness (only ever used for testing) a compile-time	Chad Loder
	option. Reduces chances of somehow setting regrand when it's not supposed to be set. Remove "-r" option from man page. Also xref certpatch(8) while we are in there. And remove some include sysdep.h where it is no longer needed. OK hshoexer
2005-04-08	USE_DEBUG is bye bye	Theo de Raadt

2005-04-08	keynote and policy always compiled in	Theo de Raadt

2005-04-08	nat-traversal always	Theo de Raadt

2005-04-08	privsep always	Theo de Raadt

2005-04-08	kill HAVE_CLOSEFROM	Theo de Raadt

2005-04-08	more __progname	Theo de Raadt

2005-04-08	use __progname	Theo de Raadt

2005-04-05	Add -T flag to isakmpd to disable NAT-T support from the command line.	Chad Loder
	This lets binat setups work again without having to recompile isakmpd. OK ho, hshoexer.
2005-04-04	spacing; ok cloder	Theo de Raadt

2005-03-22	Compile when nat_traversal is disabled.	Chad Loder
	OK hshoexer
2005-02-27	where possible, use bzero instead of memset	Hans-Joerg Hoexer
	ok cloder henning
2005-02-25	forgot to remove -P from getopt().	Hans-Joerg Hoexer

2005-02-25	Zap -P option. It has never done anything. While there tweak descripton of	Hans-Joerg Hoexer
	-N. zap -P ok ho@
2005-02-24	Add -N switch to select port for udpencap. Thus it's possible to run multiple	Hans-Joerg Hoexer
	isakmpds on different ports specified with -p and -N. ok ho@
2005-02-16	On shutdown also send delete messages for isakmp SAs.	Hans-Joerg Hoexer
	ok ho
2004-09-17	avoid signal race.	Hans-Joerg Hoexer
	ok ho@ otto@
2004-06-25	Keynote policy checking can now be disabled by "-K" switch and config tag	Hans-Joerg Hoexer
	"Use-Keynote". Default is to use keynote. ok henning@ ho@
2004-06-23	Add commandline switch -a / config tag "Acquire-Only" to tell isakmpd to not	Hans-Joerg Hoexer
	touch flows. initial work by markus ok markus@ ho@ henning@
2004-06-20	To make debugging the unprivileged child process easier, make 'isakmpd -dd'	Hakan Olsson
	pause just after privsep; print the PIDs and wait for SIGCONT. hshoexer@ ok
2004-06-14	KNF, style, 80c, etc. hshoexer@ ok	Hakan Olsson

2004-05-23	More KNF. Mainly spaces and line-wraps, no binary change.	Hans-Joerg Hoexer
	ok ho@
2004-05-19	Permit symbolic protocol and service names, such as "Protocol= tcp", in the	Hakan Olsson
	<IPsec-ID> sections. hshoexer@ ok
2004-04-15	partial move to KNF. More to come. This has happened because there	Theo de Raadt
	are a raft of source code auditors who are willing to help improve this code only if this is done, and hey, isakmpd does need our standard auditing process. ok ho hshoexer
2004-04-08	Set timezone before privsep, child uses now correct timezone.	Hans-Joerg Hoexer
	Noticed by david@ ok ho@ david@
2004-03-31	Don't assume closefrom(2) exists everywhere. hshoexer@, markus@ ok.	Hakan Olsson

2004-03-19	Add missing bits to make already present privsep code work. Enable privsep.	Hans-Joerg Hoexer
	ok ho@ deraadt@ markus@
2004-02-19	small cleanup of log messages.	Hans-Joerg Hoexer
	ok ho@
2004-02-19	With -d, SIGINT should do a clean shutdown.	Hakan Olsson
	Without -d, logs should be sent to syslog, level LOG_INFO.
2004-02-19	Cleanup.	Hakan Olsson

2004-01-16	Added -v option. Enables logging of successful exchange completion.	Hans-Joerg Hoexer
	ok ho@
2003-06-04	Remove the rest of clauses 3 and 4. Approved by Niklas Hallqvist, Angelos	Hakan Olsson
	D. Keromytis and Niels Provos.
2003-05-18	More isakmpd privsep work. X509 private keys are now kept in the privileged	Hakan Olsson
	process only. Various cleanup and bugfixes. markus@ ok
2003-05-15	Start of privilege separation for isakmpd.	Hakan Olsson
	There are some kinks left, so keep it default disabled for now. markus@ says ok to commit.