summaryrefslogtreecommitdiff
path: root/sbin
AgeCommit message (Collapse)Author
2000-12-22strlcpy is greatTheo de Raadt
2000-12-22call seteuid(getuid) tooJun-ichiro itojun Hagino
2000-12-22revoke root privilege earliest possibleJun-ichiro itojun Hagino
2000-12-21add /usr/share/ipf/nat.3; ok aaron@Reinhard J. Sammer
2000-12-21document net.inet6.icmp6.mtudisc_{hi,lo}watJun-ichiro itojun Hagino
2000-12-21use strlcpyTheo de Raadt
2000-12-20document "default" argumentTheo de Raadt
2000-12-19make sure isakmpd works with the openssl-0.9.6 APIMarkus Friedl
2000-12-19gmp is gone, make it build again; cvs retardMichael Shalayeff
2000-12-19gmp is gone, make it build againMichael Shalayeff
2000-12-18fix nwid get/setMichael Shalayeff
2000-12-16typoNiels Provos
2000-12-16when a used SA expires and the exchange is gone, start a new one.Niels Provos
2000-12-15.Sh EXAMPLE -> .Sh EXAMPLES. Even if there's only one example, at leastAaron Campbell
this is consistent.
2000-12-15return resource exhaustion message on memory allocation error. poll onNiels Provos
the pfkey fd so that we dont block when a message gets lossed.
2000-12-15only create new exchange on SA expires, when there has been used.Niels Provos
okay angelos@
2000-12-15update email address in copyright.Niels Provos
2000-12-15more cleanup; send SPI needed message if we have state but no SPI onNiels Provos
acquire.
2000-12-15more cleanup. remove last vestiges of gmp.Niels Provos
2000-12-15handle pfkey soft updates. only update when SA has been used.Niels Provos
2000-12-14queue pfkey acquire and expire messages if we are currently waiting forNiels Provos
another pfkey transaction to return. some cleanup.
2000-12-14setup soft lifetimes, handle hard expirations, deal with changed pfkeyNiels Provos
supported extensions. some problems pointed out by Hans-Joerg.Hoexer@rommelwood.de
2000-12-13better debugging. reserve spis with the correct protocol.Niels Provos
2000-12-12pids are useful in syslog; ok angelos@Todd T. Fries
2000-12-12enumerate debugging number meanings; ok angelos@Todd T. Fries
2000-12-12Add support for 802.1D spanning tree protocol.Jason Wright
NOTE: this requires recompiling brconfig with updated include files.
2000-12-12listen to pfkeyv2 acquire messages and set up SAs accordingly.Niels Provos
2000-12-12revert former patch, the correct solution is to not compile this file at allNiklas Hallqvist
for architectures without shlibs
2000-12-12Merge with EOM 1.112Niklas Hallqvist
author: niklas style author: angelos Don't limit Phase 1 SA establishment -- while this does limit resource consumption, it's neither foolproof nor entirely correct (it introduces some synchronization problems).
2000-12-12Merge with EOM 1.79Niklas Hallqvist
author: niklas whitespace author: niklas style author: angelos Pass the local/remote Phase 1 ID to the flow, so it can be reused when an SA is re-negotiated. author: angelos Save the Phase 1 IDs along with the flow. author: angelos Don't block new phase 1 SA establishment -- avoids some sync problems. Also, handle kernel-issued expirations more intelligently. author: angelos isakmpd can now negotiate transport protocol/ports (either through the configuration file or through kernel ACQUIREs). author: angelos Fix flow cleanup/setup on renegotiation (or failure thereof) -- thanks to cedric@wireless-networks.com for testing and feedback. author: angelos Remove unused code. author: angelos Don't be too permissive with the installed flows -- after all, we can just run more negotiations. author: angelos ifndef, not ifdef author: angelos Delete ingress flow correctly. author: angelos Initialize structure.
2000-12-12Merge with EOM 1.51Niklas Hallqvist
author: niklas more fascistoid style author: angelos Don't insert the *same* entry in two or more buckets! Thanks to cedric@wireless-networks.com for reporting/debugging and coming up with the patch. author: angelos Correct format string. author: angelos x509_hash() should also skip the cert length (willey@serasystems.com) author: angelos Add some error messages (ingham@ara.com)
2000-12-12Merge with EOM 1.73Niklas Hallqvist
author: angelos Pass the local/remote Phase 1 ID to the flow, so it can be reused when an SA is re-negotiated. author: angelos isakmpd can now negotiate transport protocol/ports (either through the configuration file or through kernel ACQUIREs).
2000-12-12sysdep/openbsd/sysdep.c: Merge with EOM 1.9Niklas Hallqvist
pf_encap.h: Merge with EOM 1.13 pf_key_v2.h: Merge with EOM 1.4 sysdep.h: Merge with EOM 1.17 author: angelos Pass the local/remote Phase 1 ID to the flow, so it can be reused when an SA is re-negotiated.
2000-12-12Merge with EOM 1.55Niklas Hallqvist
author: angelos Add Default-phase-1-ID tag in [General], and document its use. author: angelos isakmpd can now negotiate transport protocol/ports (either through the configuration file or through kernel ACQUIREs).
2000-12-12Merge with EOM 1.48Niklas Hallqvist
author: angelos Add Default-phase-1-ID tag in [General], and document its use. author: angelos Default Phase 1 entry.
2000-12-12Merge with EOM 1.31Niklas Hallqvist
author: niklas style nit, we only use NULL in isakmpd when a manpage mandates it author: angelos Also check for default Phase 1 ID.
2000-12-12Merge with EOM 1.143Niklas Hallqvist
author: niklas Style nits author: angelos Pass the local/remote Phase 1 ID to the flow, so it can be reused when an SA is re-negotiated. author: angelos isakmpd can now negotiate transport protocol/ports (either through the configuration file or through kernel ACQUIREs). author: angelos CAST-128 has a maximum of 128bit keys, not 256.
2000-12-12Merge with EOM 1.143Niklas Hallqvist
author: angelos Careful when copying IDs. author: angelos Oops, what am I thinking ? author: angelos Ooops again, I reverted the wrong patch. author: angelos Oops, shouldn't have committed this. author: angelos x509_hash() should also skip the cert length (willey@serasystems.com) author: angelos If it's a dynamically established Phase 2 SA, don't keep a copy of it in isakmpd (the kernel keeps track of everything in this case). author: angelos Comment. author: angelos If no time-based lifetime was negotiated, don't release the SA.
2000-12-12Merge with EOM 1.17Niklas Hallqvist
author: niklas Do not try to deal with weak syms on archs that do not have shlibs
2000-12-12Merge with EOM 1.42Niklas Hallqvist
author: angelos isakmpd can now negotiate transport protocol/ports (either through the configuration file or through kernel ACQUIREs).
2000-12-11surpress some error messagesNiels Provos
2000-12-11proper logging.Niels Provos
2000-12-11remove lots of unnecssary code, on the way to new spd framework.Niels Provos
2000-12-11make it use bignum.Niels Provos
2000-12-02sync with latest kame.Jun-ichiro itojun Hagino
- validate strdup() error in argument parsing. - use strlcat in complex string manipulation
2000-12-02Error messages.Angelos D. Keromytis
2000-12-02Add comment.Angelos D. Keromytis
2000-12-02Manual sync with EOM -- only release an SA if it's referenced by theAngelos D. Keromytis
timeout routine (should there be a default expiration if none is negotiated ?)
2000-12-02A bunch of stability fixes, thanks to cedric@wireless-networks.com forAngelos D. Keromytis
testing and feedback.
2000-11-30x509_hash() should also ignore the id length (for matching purposes)Angelos D. Keromytis
-- willey@serasystems.co
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-26 22:01:59 +0000