summaryrefslogtreecommitdiff
path: root/sbin
AgeCommit message (Collapse)Author
2000-06-20Merge with EOM 1.41Niklas Hallqvist
author: itojun synchronize with latest KAME PF_KEY interface. need more testing. old: changes sadb_msg, which is bad new: added sadb_x_sa2 for extra meat
2000-06-20Merge with EOM 1.52Niklas Hallqvist
author: niklas Indentation, bad greek
2000-06-19Merge with EOM 1.145Niklas Hallqvist
author: ho Recognize and handle reserved and private payloads differently. A private payload in a message is ignored. A message containing a reserved payload is dropped.
2000-06-19Merge with EOM 1.40Niklas Hallqvist
author: niklas && not &
2000-06-18Fix more buffer overflows... that's 5 in this one program (so far)Aaron Campbell
2000-06-18strcpy() -> strlcpy()Aaron Campbell
2000-06-18routes on down interfaces are disabledNiels Provos
2000-06-18Xr hostname.ifNiklas Hallqvist
2000-06-18- Give more precise definitions for the -d and -f options.Aaron Campbell
- Clean up FILES section. - s/BACKWARD COMPATIBILITY/COMPATIBILITY/ - Use standard options list introduction.
2000-06-18OpenBSD tagNiels Provos
2000-06-18get cipher number correctly.Niels Provos
2000-06-18add mount_tcfsNiels Provos
2000-06-18allows mount of ffs file system as tcfs file system.Niels Provos
2000-06-17Mention -f can be used to bypass the dirty filesystem checkNiklas Hallqvist
2000-06-17Support the -f flag in order to mount dirty filesystems. This makes senseNiklas Hallqvist
with soft-updates, but will leak free blocks. On non-softupdates filesystems this option is strongly unrecommended. It also allows downgrades to readonly by revoking files opened for writing. If the filesystem have mmap'ed files writeable this is dangerous. Thus, we do *not* recommend its use!
2000-06-17-o force is not a negative option, it should set MNT_FORCE, not clear it. ↵Niklas Hallqvist
OK millert
2000-06-16use TP_BSIZE (== BUFSIZ so no problem)Theo de Raadt
2000-06-14document swapencrypt ctl levelNiels Provos
2000-06-14add swapencrypt ctl level.Niels Provos
2000-06-12update icmp6 name lookup code to conform to 05 draft. previous codeJun-ichiro itojun Hagino
was 03/05 chimera. ping6: -n by default due to too many false error report due to too long reverse query delay.
2000-06-110x39 == plan9Markus Friedl
2000-06-10know QNX; jcplace@ibm.neTheo de Raadt
2000-06-08Merge with EOM 1.12Niklas Hallqvist
author: angelos Default value for [KeyNote]:Credential-directory.
2000-06-08Merge with EOM 1.19Niklas Hallqvist
author: angelos Point back to isakmpd.conf(5) author: angelos Remove fixed item from BUGs section. author: angelos Talk about re-loading of policies on SIGHUP.
2000-06-08Merge with EOM 1.17Niklas Hallqvist
author: angelos Some more support for KeyNote credential exchange (not yet done).
2000-06-08Merge with EOM 1.38Niklas Hallqvist
author: angelos No need for NODEBUG actually... author: angelos Use LOG_DBG() instead of log_debug() author: angelos NODEBUG compile option, so regress doesn't barf. author: angelos No point adding a handling attribute for the generic session. author: angelos log_debug() for the action attributes. author: angelos Different policy/Keynote sessions per Phase 1 SA. author: angelos Allow exchange of KeyNote credentials over IKE. Multiple credentials may be passed in a single CERT payload. KeyNote is used if a directory named as the local ID we use in an exchange exists in the KeyNote directory (default: /etc/isakmpd/keynote/). Note that asymmetric credentials are possible (use KeyNote in one direction and X509 in the other); such authentication is envisioned to be the most common: the clients will use KeyNote credentials to authenticate and authorize with a server, whilst the server will just provide an X509 certificate proving its binding to the IP address or ID. Totally asymmetric authentication (e.g., shared key in one direction, RSA in the other) is not supported by the IKE protocol. author: angelos Correct pointer handling. author: angelos A few more certificate handling routines for KeyNote. author: angelos Some more support for KeyNote credential exchange (not yet done). author: angelos Add a couple more KeyNote functions in the sym entries. author: ho Some systems do not define IPPROTO_ETHERIP (yet).
2000-06-08Merge with EOM 1.52Niklas Hallqvist
author: angelos Add the -R option in getopt!!!
2000-06-08Merge with EOM 1.40Niklas Hallqvist
author: angelos Different policy/Keynote sessions per Phase 1 SA. author: angelos Allow exchange of KeyNote credentials over IKE. Multiple credentials may be passed in a single CERT payload. KeyNote is used if a directory named as the local ID we use in an exchange exists in the KeyNote directory (default: /etc/isakmpd/keynote/). Note that asymmetric credentials are possible (use KeyNote in one direction and X509 in the other); such authentication is envisioned to be the most common: the clients will use KeyNote credentials to authenticate and authorize with a server, whilst the server will just provide an X509 certificate proving its binding to the IP address or ID. Totally asymmetric authentication (e.g., shared key in one direction, RSA in the other) is not supported by the IKE protocol.
2000-06-08Merge with EOM 1.104Niklas Hallqvist
author: angelos Allow exchange of KeyNote credentials over IKE. Multiple credentials may be passed in a single CERT payload. KeyNote is used if a directory named as the local ID we use in an exchange exists in the KeyNote directory (default: /etc/isakmpd/keynote/). Note that asymmetric credentials are possible (use KeyNote in one direction and X509 in the other); such authentication is envisioned to be the most common: the clients will use KeyNote credentials to authenticate and authorize with a server, whilst the server will just provide an X509 certificate proving its binding to the IP address or ID. Totally asymmetric authentication (e.g., shared key in one direction, RSA in the other) is not supported by the IKE protocol. author: angelos Cleanup.
2000-06-08Merge with EOM 1.45Niklas Hallqvist
author: angelos Some more text. author: angelos Allow exchange of KeyNote credentials over IKE. Multiple credentials may be passed in a single CERT payload. KeyNote is used if a directory named as the local ID we use in an exchange exists in the KeyNote directory (default: /etc/isakmpd/keynote/). Note that asymmetric credentials are possible (use KeyNote in one direction and X509 in the other); such authentication is envisioned to be the most common: the clients will use KeyNote credentials to authenticate and authorize with a server, whilst the server will just provide an X509 certificate proving its binding to the IP address or ID. Totally asymmetric authentication (e.g., shared key in one direction, RSA in the other) is not supported by the IKE protocol. author: ho Update re DOI:IPSEC and default p1/p2 lifetimes.
2000-06-08Merge with EOM 1.11Niklas Hallqvist
author: angelos Different policy/Keynote sessions per Phase 1 SA. author: angelos Allow exchange of KeyNote credentials over IKE. Multiple credentials may be passed in a single CERT payload. KeyNote is used if a directory named as the local ID we use in an exchange exists in the KeyNote directory (default: /etc/isakmpd/keynote/). Note that asymmetric credentials are possible (use KeyNote in one direction and X509 in the other); such authentication is envisioned to be the most common: the clients will use KeyNote credentials to authenticate and authorize with a server, whilst the server will just provide an X509 certificate proving its binding to the IP address or ID. Totally asymmetric authentication (e.g., shared key in one direction, RSA in the other) is not supported by the IKE protocol. author: angelos A few more definitions. author: angelos Some more support for KeyNote credential exchange (not yet done).
2000-06-08Merge with EOM 1.119Niklas Hallqvist
author: provos typo
2000-06-08Merge with EOM 1.31Niklas Hallqvist
author: angelos Initialize [Keynote]:Credential-directory. author: ho Autogenerated p1/p2 default lifetimes can be defined in config. author: niklas style
2000-06-08Merge with EOM 1.126Niklas Hallqvist
author: angelos Be a bit more verbose when printing policy results. author: angelos Correct environment cleanup. author: angelos Different policy/Keynote sessions per Phase 1 SA. author: angelos &&, not || author: angelos Begin support for KeyNote credentials exchanged.
2000-06-08Merge with EOM 1.56Niklas Hallqvist
author: angelos Allow exchange of KeyNote credentials over IKE. Multiple credentials may be passed in a single CERT payload. KeyNote is used if a directory named as the local ID we use in an exchange exists in the KeyNote directory (default: /etc/isakmpd/keynote/). Note that asymmetric credentials are possible (use KeyNote in one direction and X509 in the other); such authentication is envisioned to be the most common: the clients will use KeyNote credentials to authenticate and authorize with a server, whilst the server will just provide an X509 certificate proving its binding to the IP address or ID. Totally asymmetric authentication (e.g., shared key in one direction, RSA in the other) is not supported by the IKE protocol. author: angelos Begin support for KeyNote credentials exchanged.
2000-06-08Merge with EOM 1.123Niklas Hallqvist
author: angelos Reset policy_id and recv_key after we've moved them over from the exchange to the isakmp_sa, so they don't get free'ed. author: angelos Allow exchange of KeyNote credentials over IKE. Multiple credentials may be passed in a single CERT payload. KeyNote is used if a directory named as the local ID we use in an exchange exists in the KeyNote directory (default: /etc/isakmpd/keynote/). Note that asymmetric credentials are possible (use KeyNote in one direction and X509 in the other); such authentication is envisioned to be the most common: the clients will use KeyNote credentials to authenticate and authorize with a server, whilst the server will just provide an X509 certificate proving its binding to the IP address or ID. Totally asymmetric authentication (e.g., shared key in one direction, RSA in the other) is not supported by the IKE protocol. author: angelos Add CERTENC_KEYNOTE. author: ho DOI IPSEC is default if not specified.
2000-06-08cert.h: Merge with EOM 1.7Niklas Hallqvist
exchange.h: Merge with EOM 1.27 x509.h: Merge with EOM 1.10 author: angelos Allow exchange of KeyNote credentials over IKE. Multiple credentials may be passed in a single CERT payload. KeyNote is used if a directory named as the local ID we use in an exchange exists in the KeyNote directory (default: /etc/isakmpd/keynote/). Note that asymmetric credentials are possible (use KeyNote in one direction and X509 in the other); such authentication is envisioned to be the most common: the clients will use KeyNote credentials to authenticate and authorize with a server, whilst the server will just provide an X509 certificate proving its binding to the IP address or ID. Totally asymmetric authentication (e.g., shared key in one direction, RSA in the other) is not supported by the IKE protocol.
2000-06-08Merge with EOM 1.3Niklas Hallqvist
author: angelos Add CERTENC_KEYNOTE.
2000-06-08Merge with EOM 1.3Niklas Hallqvist
author: ho Correct definition.
2000-06-08Merge with EOM 1.71Niklas Hallqvist
author: ho DOI IPSEC is default if not specified.
2000-06-08Merge with EOM 1.4Niklas Hallqvist
author: ho Use math_mp_t in prototype.
2000-06-08Merge with EOM 1.6Niklas Hallqvist
author: ho Attempt to get GMP usable here.
2000-06-08Merge with EOM 1.51Niklas Hallqvist
author: angelos Don't add the callback at initialization time, we must set it before each invokation. author: angelos Different policy/Keynote sessions per Phase 1 SA. author: angelos Allow exchange of KeyNote credentials over IKE. Multiple credentials may be passed in a single CERT payload. KeyNote is used if a directory named as the local ID we use in an exchange exists in the KeyNote directory (default: /etc/isakmpd/keynote/). Note that asymmetric credentials are possible (use KeyNote in one direction and X509 in the other); such authentication is envisioned to be the most common: the clients will use KeyNote credentials to authenticate and authorize with a server, whilst the server will just provide an X509 certificate proving its binding to the IP address or ID. Totally asymmetric authentication (e.g., shared key in one direction, RSA in the other) is not supported by the IKE protocol.
2000-06-08make sure to clear ni_flags on ping6 -w.Jun-ichiro itojun Hagino
2000-06-07s/PIMCTL/PIM6CTL/ for less confusion.Jun-ichiro itojun Hagino
2000-06-04Don't exit just because we couldn't get the default label...Todd C. Miller
2000-06-04Add 'D' and 'z' commands to editor to use the default partition andTodd C. Miller
to zero out the partition table respectively.
2000-05-31It's "DMA" not "DMS" for the ATA-4 queued feature set!!Chris Cappuccio
2000-05-31Cleaner loop structure when reading panic string from the core image.Todd C. Miller
We now check the return value of KREAD() which may solve PR 1254.
2000-05-30examplesTheo de Raadt