summaryrefslogtreecommitdiff
path: root/sbin
AgeCommit message (Collapse)Author
2000-06-14document swapencrypt ctl levelNiels Provos
2000-06-14add swapencrypt ctl level.Niels Provos
2000-06-12update icmp6 name lookup code to conform to 05 draft. previous codeJun-ichiro itojun Hagino
was 03/05 chimera. ping6: -n by default due to too many false error report due to too long reverse query delay.
2000-06-110x39 == plan9Markus Friedl
2000-06-10know QNX; jcplace@ibm.neTheo de Raadt
2000-06-08Merge with EOM 1.12Niklas Hallqvist
author: angelos Default value for [KeyNote]:Credential-directory.
2000-06-08Merge with EOM 1.19Niklas Hallqvist
author: angelos Point back to isakmpd.conf(5) author: angelos Remove fixed item from BUGs section. author: angelos Talk about re-loading of policies on SIGHUP.
2000-06-08Merge with EOM 1.17Niklas Hallqvist
author: angelos Some more support for KeyNote credential exchange (not yet done).
2000-06-08Merge with EOM 1.38Niklas Hallqvist
author: angelos No need for NODEBUG actually... author: angelos Use LOG_DBG() instead of log_debug() author: angelos NODEBUG compile option, so regress doesn't barf. author: angelos No point adding a handling attribute for the generic session. author: angelos log_debug() for the action attributes. author: angelos Different policy/Keynote sessions per Phase 1 SA. author: angelos Allow exchange of KeyNote credentials over IKE. Multiple credentials may be passed in a single CERT payload. KeyNote is used if a directory named as the local ID we use in an exchange exists in the KeyNote directory (default: /etc/isakmpd/keynote/). Note that asymmetric credentials are possible (use KeyNote in one direction and X509 in the other); such authentication is envisioned to be the most common: the clients will use KeyNote credentials to authenticate and authorize with a server, whilst the server will just provide an X509 certificate proving its binding to the IP address or ID. Totally asymmetric authentication (e.g., shared key in one direction, RSA in the other) is not supported by the IKE protocol. author: angelos Correct pointer handling. author: angelos A few more certificate handling routines for KeyNote. author: angelos Some more support for KeyNote credential exchange (not yet done). author: angelos Add a couple more KeyNote functions in the sym entries. author: ho Some systems do not define IPPROTO_ETHERIP (yet).
2000-06-08Merge with EOM 1.52Niklas Hallqvist
author: angelos Add the -R option in getopt!!!
2000-06-08Merge with EOM 1.40Niklas Hallqvist
author: angelos Different policy/Keynote sessions per Phase 1 SA. author: angelos Allow exchange of KeyNote credentials over IKE. Multiple credentials may be passed in a single CERT payload. KeyNote is used if a directory named as the local ID we use in an exchange exists in the KeyNote directory (default: /etc/isakmpd/keynote/). Note that asymmetric credentials are possible (use KeyNote in one direction and X509 in the other); such authentication is envisioned to be the most common: the clients will use KeyNote credentials to authenticate and authorize with a server, whilst the server will just provide an X509 certificate proving its binding to the IP address or ID. Totally asymmetric authentication (e.g., shared key in one direction, RSA in the other) is not supported by the IKE protocol.
2000-06-08Merge with EOM 1.104Niklas Hallqvist
author: angelos Allow exchange of KeyNote credentials over IKE. Multiple credentials may be passed in a single CERT payload. KeyNote is used if a directory named as the local ID we use in an exchange exists in the KeyNote directory (default: /etc/isakmpd/keynote/). Note that asymmetric credentials are possible (use KeyNote in one direction and X509 in the other); such authentication is envisioned to be the most common: the clients will use KeyNote credentials to authenticate and authorize with a server, whilst the server will just provide an X509 certificate proving its binding to the IP address or ID. Totally asymmetric authentication (e.g., shared key in one direction, RSA in the other) is not supported by the IKE protocol. author: angelos Cleanup.
2000-06-08Merge with EOM 1.45Niklas Hallqvist
author: angelos Some more text. author: angelos Allow exchange of KeyNote credentials over IKE. Multiple credentials may be passed in a single CERT payload. KeyNote is used if a directory named as the local ID we use in an exchange exists in the KeyNote directory (default: /etc/isakmpd/keynote/). Note that asymmetric credentials are possible (use KeyNote in one direction and X509 in the other); such authentication is envisioned to be the most common: the clients will use KeyNote credentials to authenticate and authorize with a server, whilst the server will just provide an X509 certificate proving its binding to the IP address or ID. Totally asymmetric authentication (e.g., shared key in one direction, RSA in the other) is not supported by the IKE protocol. author: ho Update re DOI:IPSEC and default p1/p2 lifetimes.
2000-06-08Merge with EOM 1.11Niklas Hallqvist
author: angelos Different policy/Keynote sessions per Phase 1 SA. author: angelos Allow exchange of KeyNote credentials over IKE. Multiple credentials may be passed in a single CERT payload. KeyNote is used if a directory named as the local ID we use in an exchange exists in the KeyNote directory (default: /etc/isakmpd/keynote/). Note that asymmetric credentials are possible (use KeyNote in one direction and X509 in the other); such authentication is envisioned to be the most common: the clients will use KeyNote credentials to authenticate and authorize with a server, whilst the server will just provide an X509 certificate proving its binding to the IP address or ID. Totally asymmetric authentication (e.g., shared key in one direction, RSA in the other) is not supported by the IKE protocol. author: angelos A few more definitions. author: angelos Some more support for KeyNote credential exchange (not yet done).
2000-06-08Merge with EOM 1.119Niklas Hallqvist
author: provos typo
2000-06-08Merge with EOM 1.31Niklas Hallqvist
author: angelos Initialize [Keynote]:Credential-directory. author: ho Autogenerated p1/p2 default lifetimes can be defined in config. author: niklas style
2000-06-08Merge with EOM 1.126Niklas Hallqvist
author: angelos Be a bit more verbose when printing policy results. author: angelos Correct environment cleanup. author: angelos Different policy/Keynote sessions per Phase 1 SA. author: angelos &&, not || author: angelos Begin support for KeyNote credentials exchanged.
2000-06-08Merge with EOM 1.56Niklas Hallqvist
author: angelos Allow exchange of KeyNote credentials over IKE. Multiple credentials may be passed in a single CERT payload. KeyNote is used if a directory named as the local ID we use in an exchange exists in the KeyNote directory (default: /etc/isakmpd/keynote/). Note that asymmetric credentials are possible (use KeyNote in one direction and X509 in the other); such authentication is envisioned to be the most common: the clients will use KeyNote credentials to authenticate and authorize with a server, whilst the server will just provide an X509 certificate proving its binding to the IP address or ID. Totally asymmetric authentication (e.g., shared key in one direction, RSA in the other) is not supported by the IKE protocol. author: angelos Begin support for KeyNote credentials exchanged.
2000-06-08Merge with EOM 1.123Niklas Hallqvist
author: angelos Reset policy_id and recv_key after we've moved them over from the exchange to the isakmp_sa, so they don't get free'ed. author: angelos Allow exchange of KeyNote credentials over IKE. Multiple credentials may be passed in a single CERT payload. KeyNote is used if a directory named as the local ID we use in an exchange exists in the KeyNote directory (default: /etc/isakmpd/keynote/). Note that asymmetric credentials are possible (use KeyNote in one direction and X509 in the other); such authentication is envisioned to be the most common: the clients will use KeyNote credentials to authenticate and authorize with a server, whilst the server will just provide an X509 certificate proving its binding to the IP address or ID. Totally asymmetric authentication (e.g., shared key in one direction, RSA in the other) is not supported by the IKE protocol. author: angelos Add CERTENC_KEYNOTE. author: ho DOI IPSEC is default if not specified.
2000-06-08cert.h: Merge with EOM 1.7Niklas Hallqvist
exchange.h: Merge with EOM 1.27 x509.h: Merge with EOM 1.10 author: angelos Allow exchange of KeyNote credentials over IKE. Multiple credentials may be passed in a single CERT payload. KeyNote is used if a directory named as the local ID we use in an exchange exists in the KeyNote directory (default: /etc/isakmpd/keynote/). Note that asymmetric credentials are possible (use KeyNote in one direction and X509 in the other); such authentication is envisioned to be the most common: the clients will use KeyNote credentials to authenticate and authorize with a server, whilst the server will just provide an X509 certificate proving its binding to the IP address or ID. Totally asymmetric authentication (e.g., shared key in one direction, RSA in the other) is not supported by the IKE protocol.
2000-06-08Merge with EOM 1.3Niklas Hallqvist
author: angelos Add CERTENC_KEYNOTE.
2000-06-08Merge with EOM 1.3Niklas Hallqvist
author: ho Correct definition.
2000-06-08Merge with EOM 1.71Niklas Hallqvist
author: ho DOI IPSEC is default if not specified.
2000-06-08Merge with EOM 1.4Niklas Hallqvist
author: ho Use math_mp_t in prototype.
2000-06-08Merge with EOM 1.6Niklas Hallqvist
author: ho Attempt to get GMP usable here.
2000-06-08Merge with EOM 1.51Niklas Hallqvist
author: angelos Don't add the callback at initialization time, we must set it before each invokation. author: angelos Different policy/Keynote sessions per Phase 1 SA. author: angelos Allow exchange of KeyNote credentials over IKE. Multiple credentials may be passed in a single CERT payload. KeyNote is used if a directory named as the local ID we use in an exchange exists in the KeyNote directory (default: /etc/isakmpd/keynote/). Note that asymmetric credentials are possible (use KeyNote in one direction and X509 in the other); such authentication is envisioned to be the most common: the clients will use KeyNote credentials to authenticate and authorize with a server, whilst the server will just provide an X509 certificate proving its binding to the IP address or ID. Totally asymmetric authentication (e.g., shared key in one direction, RSA in the other) is not supported by the IKE protocol.
2000-06-08make sure to clear ni_flags on ping6 -w.Jun-ichiro itojun Hagino
2000-06-07s/PIMCTL/PIM6CTL/ for less confusion.Jun-ichiro itojun Hagino
2000-06-04Don't exit just because we couldn't get the default label...Todd C. Miller
2000-06-04Add 'D' and 'z' commands to editor to use the default partition andTodd C. Miller
to zero out the partition table respectively.
2000-05-31It's "DMA" not "DMS" for the ATA-4 queued feature set!!Chris Cappuccio
2000-05-31Cleaner loop structure when reading panic string from the core image.Todd C. Miller
We now check the return value of KREAD() which may solve PR 1254.
2000-05-30examplesTheo de Raadt
2000-05-25synchronize net.inet{,6} with reality.Jun-ichiro itojun Hagino
add some of vfs.*. (not really sure about other potion).
2000-05-25remove net.inet6.ip6.gif_hlimJun-ichiro itojun Hagino
2000-05-24Update to ipf 3.3.16. among other things, this addresses a security issueKjell Wooding
with certain rule configurations: * don't add TCP state if it is an RST packet and (attempt) to send out RST/ICMP packets in a manner that bypasses IP Filter.
2000-05-24a note on how to rule the daemons, nfsio threads in this reincarnationMichael Shalayeff
2000-05-23add vfs.nfs.iothreads short description, add more files and xrefMichael Shalayeff
2000-05-23refer netinet/icmp6.h for ICMPv6 sysctl mib declJun-ichiro itojun Hagino
2000-05-23doc nwid; imain@ymir.netidea.comTheo de Raadt
2000-05-22modify vfs subtree to accomodate for fs-specific variables.Michael Shalayeff
in particular expose vfs.nfs.iothreads, which is a replacement for nfsiod kludge. this is not a netbsd port-over, since this particular implementation builds up the needed variable indexes dynamically (using the already existing `generic' vfs variables), as opposed to netbsd which relies on static matching w/ kernel definitions and configuration... man changes to come soon.
2000-05-22correct gif physical address printing on non-IPv6 kernel.Jun-ichiro itojun Hagino
2000-05-20make this more like our wicontrol(8)Theo de Raadt
2000-05-19kill nfsiodMichael Shalayeff
2000-05-18Recurse down ancontrol, wicontrol, edlabel, fdiskMarc Espie
for man pages.
2000-05-18Prepare to recurse down those directories for all arches, to grab manpages.Marc Espie
2000-05-18add machdep.vsyncblank sysctl for controlling whether vsync is disabledJason Wright
when the monitor is blanked.
2000-05-18correct RETURN VALUES section. sync with latest kame doc.Jun-ichiro itojun Hagino
2000-05-16more XrTheo de Raadt
2000-05-15better scoped address handling on gif physical address printing.Jun-ichiro itojun Hagino
(hide kame ifidx hack)