| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2012-06-26 | Add some more paranoia and make code clearer. Check that the required | Kenneth R Westerback | |
| length field for the option is present before using it. Reject lease if no length field is present. | |||
| 2012-06-26 | RFC 2132 says "Options containing NVT ASCII data SHOULD NOT include | Kenneth R Westerback | |
| a trailing NULL; however, the receiver of such options MUST be prepared to delete trailing nulls if they exist." So delete (all) trailing NUL's when parsing NVT ASCII options. Should fix odd results when 'append'ing info to such options via dhclient.conf. FreeBSD commit to fix 'append' logic in a different way pointed out by brad. | |||
| 2012-06-26 | improve ikev2_msg_retransmit_timeout | Mike Belopuhov | |
| 2012-06-26 | close SA when IKE_SA_INIT or IKE_AUTH exchanges fail; | Mike Belopuhov | |
| don't cache the response to IKE_SA_INIT. | |||
| 2012-06-26 | compare exchange types as well when looking up a message; | Mike Belopuhov | |
| proceed with a response only when the appropriate request is found. | |||
| 2012-06-25 | log all, not log-all; ok henning | Jason McIntyre | |
| 2012-06-24 | Nuke interface_link_status() (check media status only) and use | Kenneth R Westerback | |
| interface_status() (check IFF_UP|IFF_RUNNING and media status). The interface is forced up when dhclient starts so the flags should be correct. Thanks to guenther@ for pointing out the original raison d'etre of the difference between the two. | |||
| 2012-06-22 | Add initial support for retransmition timeouts and response retries. | Mike Belopuhov | |
| This should still be considered an experimental work in progress. | |||
| 2012-06-22 | decouple timer initialization from timer_register | Mike Belopuhov | |
| 2012-06-22 | Two 'ioctl() < 0' -> 'ioctl() == -1'. guenther@ says they're odd. | Kenneth R Westerback | |
| 2012-06-22 | Set state to S_REBOOTING when calling state_reboot() and set state | Kenneth R Westerback | |
| inside state_reboot() to S_INIT when calling state_init(). Rather than the other way around. Makes for more consistant idiom and might reduce state confusion. | |||
| 2012-06-20 | Cancel all timeouts in state_reboot(), since we can get there from any state | Mark Kettenis | |
| if a link state change happens. Fixes a problem where we'd continue to send (corrupted) discover packets after binding. ok krw@ | |||
| 2012-06-20 | no more boot_mac68k(8); | Jason McIntyre | |
| 2012-06-20 | more mac68k bits for the attic | Matthew Dempsky | |
| 2012-06-20 | Delete some more SUBDIR += mac68k. | Matthew Dempsky | |
| 2012-06-04 | Rounding up a number of bytes in a bignum returned by the BN_num_bytes() | Mike Belopuhov | |
| has implications when dealing with leading zeroes. Prevent an incorrect conversion of the EC point to the binary representation by inferring the X and Y components' lengths from the EC group length and zeroing out the appropriate chunks of the target buffer. From hshoexer@ | |||
| 2012-06-01 | revert previous, breaks tcpdump | Jonathan Gray | |
| spotted by jmc@ | |||
| 2012-06-01 | Make the -P flag work with -ss, so that states can be printed with port | Lawrence Teo | |
| names if desired. ok henning | |||
| 2012-05-31 | Clarify issues del (bridge command) vs delete (IP address command); | Theo de Raadt | |
| documentation not fixed after ifconfig/brconfig merge spotted by Pieter Verberne ok camield | |||
| 2012-05-31 | Let quotacheck work with duid based fstab. Missed one open() -> opendev() | Kenneth R Westerback | |
| from Rogier Krieger's original diff. Found by and fix tested by dlg@ | |||
| 2012-05-30 | more timer changes | Mike Belopuhov | |
| 2012-05-30 | when changing peer's address in the SA, remove the old entry from the | Mike Belopuhov | |
| tree before doing the actual change, otherwise we won't remove anything for real. also add the newly created SA to the peer's tree so that initiator timer will treat the ike policy as "in progress". | |||
| 2012-05-30 | pass a file descriptor in the msg_fd instead of a function argument | Mike Belopuhov | |
| 2012-05-29 | Fix tyop in error message; this was copied from/to umount(8)'s umount.c ↵ | Jasper Lievisse Adriaanse | |
| which was just fixed. | |||
| 2012-05-29 | Make 'mount nfssrv:/path' without mount point work again : | Landry Breuil | |
| - dont error out in realpath() check if argv contains @ or : (ie, is a nfs remote path) - relax getfsspec() call so that it succeeds for nfs remote paths too, not only for duid devices. Now we behave like Linux & FreeBSD (at least).. Prompted by a diff from giovanni@ for xfce4-mount ok jsing@ krw@ | |||
| 2012-05-29 | Fix typo in error message ("Cannot MNT PRC"->RPC) | Landry Breuil | |
| ok krw@ | |||
| 2012-05-29 | improve timer framework; will be needed soon | Mike Belopuhov | |
| 2012-05-24 | don't increment the next expected message id when sending a response back. | Mike Belopuhov | |
| while it might look like a step backwards, this fixes up eap negotiation and bigger changes to this code are in the pipe anyways. | |||
| 2012-05-23 | fixup from/to specification | Mike Belopuhov | |
| 2012-05-23 | remove hardcoded values for esp and let ikev2_add_proposals decide | Mike Belopuhov | |
| which proposals to include if protocol is not specified explicitely; allows iked to successfully negotiate ah. | |||
| 2012-05-23 | factor out proposal matching code from ikev2_sa_negotiate and eliminate | Mike Belopuhov | |
| the protoid argument as a first step towards successful ah negotiation; make code a bit more readable while here. | |||
| 2012-05-14 | ansi. no binary change | Jonathan Gray | |
| 2012-05-08 | When setting up NAT-T notify payloads, make sure to supply an | Mike Belopuhov | |
| actual source address so that a valid hash can be generated. Fixes a bug introduces some time ago that prevented iked from initiating if NAT-T wasn't disabled (via -T) and local address wasn't specified. | |||
| 2012-05-08 | rename espxforms to ipsecxforms for clarity | Mike Belopuhov | |
| 2012-05-07 | fixup formatting in the generated files | Mike Belopuhov | |
| 2012-05-07 | fix printing of wildcard anchors, from lteo, ok phessler sthen me | Henning Brauer | |
| 2012-05-07 | Sync up several defines with RFC 5996. IANA has changed the existing | Mike Belopuhov | |
| IKEv2 Payload Type "Encrypted" (E) to "Encrypted and Authenticated" (SK). | |||
| 2012-05-02 | remove redundant check; from lteo; ok haesbaert | Henning Brauer | |
| 2012-05-02 | don't call getifmtu in -n mode, assume 1500. calling getifmtu requires | Henning Brauer | |
| the interface in question to be there, breaking ruleset verification From: Silamael <Silamael at coronamundi dot de> | |||
| 2012-04-25 | Before writing it to disk, warn the user if their new MBR contains | Matthew Dempsky | |
| more than one OpenBSD partition. ok deraadt | |||
| 2012-04-24 | take a stab at documenting when arguments need quoted, and valid macro | Jason McIntyre | |
| characters; prompted by a diff from robert peichaer org thanks gilles and henning for feedback ok deraadt zinke | |||
| 2012-04-19 | clear memory before passing to ioctl routines instead of praying it | Theo de Raadt | |
| will be ok and not break things upon return. ok claudio | |||
| 2012-04-18 | not (unsigned); ok henning | Theo de Raadt | |
| 2012-04-18 | undo an error introduced by myself in previous; | Jason McIntyre | |
| spotted by Sebastian Rother | |||
| 2012-04-17 | typo | Theo de Raadt | |
| 2012-04-17 | Add type numbers for upcoming sgi work, forgotten during newport(4) import. | Miod Vallat | |
| 2012-04-15 | fix a leak | Jonathan Gray | |
| ok krw@ | |||
| 2012-04-12 | do not downsize a type before calling malloc | Theo de Raadt | |
| 2012-04-12 | remove rfork(); ok guenther miod | Theo de Raadt | |
| 2012-04-10 | Document new KERN_NTHREADS and KERN_MAXTHREAD sysctls | Philip Guenthe | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |