summaryrefslogtreecommitdiff
path: root/sbin
AgeCommit message (Collapse)Author
2004-06-22The NAT-T drafts suggest we should drop incoming messages arriving onHakan Olsson
the old port (500) after we've switched to the new one.
2004-06-22acg.cg_nextfreeoff is already relative to &acg so don't subtractTodd C. Miller
&acg.cg_firstfield. Fixes a bogus "panic: cylinder group too big" I see sometimes when using mmap malloc. OK tholo@
2004-06-22do not exit on RTM_DELADDR, dhclient can cause this itself under some rareHenning Brauer
circumstances. instead, exit on RTM_NEWADDR if, and only if, the new IP address is not a lease we got. theo ok
2004-06-22handle interface removals in the poll loop. ok henning@Can Erkin Acar
2004-06-21Describe the [Default]:NAT-T-Keepalive configuration parameter.Hakan Olsson
2004-06-21Make printing of 802.11 fields consistent with the rest by printingTodd C. Miller
a colon (':') after the field name. Noticed by markus@, OK deraadt@
2004-06-21Enable NAT-T support.Hakan Olsson
2004-06-21Implement NAT-T keepalive messages.Hakan Olsson
2004-06-21Update manpage to reflect changes in anchor namingMathieu Sauve-Frankel
ok beck@ claudio@
2004-06-21udpencap_port should be taken from dst transportHakan Olsson
2004-06-21When switching from main to encap transport, copy dst port ifHakan Olsson
translated (NAT).
2004-06-21Strip away umask bits in monitor_fopen(). hshoexer@ ok.Hakan Olsson
2004-06-21style nitHakan Olsson
2004-06-21undo double-patch; Dries SchellekensMarkus Friedl
2004-06-21Don't write too much IKE data in packet captureHakan Olsson
2004-06-21Packet capture should add the ESP-marker when NAT-T is active.Hakan Olsson
2004-06-21dont compare int with NULL, compare to 0 instead, otto@ okAnil Madhavapeddy
2004-06-21Tell the kernel to enable ESP-in-UDP encapsulation when we haveHakan Olsson
SAs negotiated with NAT-T.
2004-06-21Port floating (500->4500) for p1 and p2 exchanges.Hakan Olsson
2004-06-20message_parse_payloads should accept payloads in the private range.Hakan Olsson
While here, also cleanup some messages.
2004-06-20Make the payload array in struct message dynamic, since we need to handleHakan Olsson
payloads in the private range, such as the pre-RFC NAT-D/NAT-OA. Replace TAILQ_FIRST(&msg->payload[i]) instances with function calls.
2004-06-20NAT-Traversal for isakmpd. Work in progress...Hakan Olsson
hshoexer@ ok.
2004-06-20A start towards Dead Peer Detection (DPD) support, as specified in RFC 3706Hakan Olsson
2004-06-20Some vendors send the last Aggressive Mode message unencrypted, which weHakan Olsson
should accept. Problem noted by alex at vbone.net. hshoexer@ ok.
2004-06-20To make debugging the unprivileged child process easier, make 'isakmpd -dd'Hakan Olsson
pause just after privsep; print the PIDs and wait for SIGCONT. hshoexer@ ok
2004-06-19require RTF_MPATH to enter a multipath route with RTM_ADD.Cedric Berger
route(8) takes a new -mpath modifier to enter a multipath route. requested deraadt@, ok itojun@ mcbride@ millert@
2004-06-18Make this better reflect reality; OK and with help from CedricTodd C. Miller
2004-06-17Yet another bunch of memleask found and fixed by Patrick Latifi. Thanks!Hans-Joerg Hoexer
ok ho@
2004-06-17Plug a memleak. Found and fixed (and some cleanup) by Patrick Latifi.Hans-Joerg Hoexer
Thanks! ok ho@
2004-06-17Evaluate result of X509_verify_cert() more carefully.Hans-Joerg Hoexer
ok cloder@
2004-06-16Fix wrong pointer dereference and plug memleak. Found and patch byHans-Joerg Hoexer
Patrick Latifi. Thanks! ok ho@
2004-06-16fix ipv6-address and ipv6-address-mask mixup.Hans-Joerg Hoexer
Found by Patrick Latifi. Thanks! ok ho@
2004-06-16Fix -S flag with new show code. ok claudio@Cedric Berger
2004-06-15Cleanup last commit here:Todd C. Miller
- pass netname4() a struct sockaddr_in * and check it for NULL - netname6() already deals with NULL mask so remove unneeded check in netname() OK deraadt@
2004-06-15do not crash on 'route flush'Theo de Raadt
2004-06-15also use MSG_AUTHENTICATED flag.Hans-Joerg Hoexer
ok ho@
2004-06-14Remove unused functions. ok beck@ henning@Cedric Berger
2004-06-14avoid stat before openHans-Joerg Hoexer
ok ho@
2004-06-14added a missing message_free().Hans-Joerg Hoexer
ok ho@
2004-06-14KNF, style, 80c, etc. hshoexer@ okHakan Olsson
2004-06-12Fix table add/replace commands with securelevel=2.Cedric Berger
Reported by James J. Lippard. ok otto@
2004-06-12Make route show output similar to netstat -r output.Claudio Jeker
OK cedric@ millert@
2004-06-11typo in commentBrad Smith
2004-06-10Work around an uncovered gcc problem on m88k until it receives proper cure.Miod Vallat
2004-06-10rename struct pf_rule_addr member 'not' to 'neg', as 'not' is a reservedDaniel Hartmeier
keyword in C++. ok henning@, cedric@
2004-06-10Mark authenticated messages explicitly. Better check for authentication beforeHans-Joerg Hoexer
deleteing SAs. This fix is needed to solve the problems reported by Thomas Walpuski, previous diff was not sufficient. Pointed out by Thomas. Thanks! ok ho@ niklas@, testing and spellcheck by todd@ msf@
2004-06-09Fix IPv4 name->address translation. Addresses like "10.1000" will not beCedric Berger
accepted anymore, but constructs like "route add 10.1.2/24 <gw>" will finally do the right thing. ok millert@
2004-06-09Style nits. hshoexer@ okHakan Olsson
2004-06-09only accept DELETEs during an authenticated INFORMATIONAL exchange.Hans-Joerg Hoexer
Fix for recent problem disclosed by Thomas Walpuski. ok ho@
2004-06-09correct mistake in usage(). Chris PinnockJun-ichiro itojun Hagino
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-01 02:53:51 +0000