Age | Commit message (Collapse) | Author |
|
|
|
|
|
Update the description of available channel for Japan.
The regulations has been changed to adopt 802.11b since Oct. 99.
For 11Mbps NICs sold in Japan, all DS channels (1..14) are available.
|
|
|
|
|
|
|
|
print partition number in the message.
|
|
test with the following:
# ifconfig gif0 inet giftunnel localhost localhost
# ifconfig gif0 inet6 giftunnel localhost localhost
|
|
constant). These are not security holes but it is worth fixing
them anyway both for robustness and so folks looking for examples
in the tree are not misled into doing something potentially dangerous.
Furthermore, it is a bad idea to assume that pathnames will not
include '%' in them and that error routines don't return strings
with '%' in them (especially in light of the possibility of locales).
|
|
|
|
|
|
|
|
|
|
|
|
- add OpenBSD tags and copyright notice where missing.
- check the return value of mount(), like EOPTNOTSUPP, and the like.
- remove unused declarations and headers
- rearrange manpage a bit. Add history section
|
|
|
|
|
|
|
|
author: itojun
synchronize with latest KAME PF_KEY interface. need more testing.
old: changes sadb_msg, which is bad
new: added sadb_x_sa2 for extra meat
|
|
author: niklas
Indentation, bad greek
|
|
author: ho
Recognize and handle reserved and private payloads differently.
A private payload in a message is ignored.
A message containing a reserved payload is dropped.
|
|
author: niklas
&& not &
|
|
|
|
|
|
|
|
|
|
- Clean up FILES section.
- s/BACKWARD COMPATIBILITY/COMPATIBILITY/
- Use standard options list introduction.
|
|
|
|
|
|
|
|
|
|
|
|
with soft-updates, but will leak free blocks. On non-softupdates filesystems
this option is strongly unrecommended. It also allows downgrades to readonly
by revoking files opened for writing. If the filesystem have mmap'ed files
writeable this is dangerous. Thus, we do *not* recommend its use!
|
|
OK millert
|
|
|
|
|
|
|
|
was 03/05 chimera.
ping6: -n by default due to too many false error report due to too long
reverse query delay.
|
|
|
|
|
|
author: angelos
Default value for [KeyNote]:Credential-directory.
|
|
author: angelos
Point back to isakmpd.conf(5)
author: angelos
Remove fixed item from BUGs section.
author: angelos
Talk about re-loading of policies on SIGHUP.
|
|
author: angelos
Some more support for KeyNote credential exchange (not yet done).
|
|
author: angelos
No need for NODEBUG actually...
author: angelos
Use LOG_DBG() instead of log_debug()
author: angelos
NODEBUG compile option, so regress doesn't barf.
author: angelos
No point adding a handling attribute for the generic session.
author: angelos
log_debug() for the action attributes.
author: angelos
Different policy/Keynote sessions per Phase 1 SA.
author: angelos
Allow exchange of KeyNote credentials over IKE. Multiple credentials
may be passed in a single CERT payload. KeyNote is used if a
directory named as the local ID we use in an exchange exists in the
KeyNote directory (default: /etc/isakmpd/keynote/). Note that
asymmetric credentials are possible (use KeyNote in one direction and
X509 in the other); such authentication is envisioned to be the most
common: the clients will use KeyNote credentials to authenticate and
authorize with a server, whilst the server will just provide an X509
certificate proving its binding to the IP address or ID.
Totally asymmetric authentication (e.g., shared key in one direction,
RSA in the other) is not supported by the IKE protocol.
author: angelos
Correct pointer handling.
author: angelos
A few more certificate handling routines for KeyNote.
author: angelos
Some more support for KeyNote credential exchange (not yet done).
author: angelos
Add a couple more KeyNote functions in the sym entries.
author: ho
Some systems do not define IPPROTO_ETHERIP (yet).
|
|
author: angelos
Add the -R option in getopt!!!
|
|
author: angelos
Different policy/Keynote sessions per Phase 1 SA.
author: angelos
Allow exchange of KeyNote credentials over IKE. Multiple credentials
may be passed in a single CERT payload. KeyNote is used if a
directory named as the local ID we use in an exchange exists in the
KeyNote directory (default: /etc/isakmpd/keynote/). Note that
asymmetric credentials are possible (use KeyNote in one direction and
X509 in the other); such authentication is envisioned to be the most
common: the clients will use KeyNote credentials to authenticate and
authorize with a server, whilst the server will just provide an X509
certificate proving its binding to the IP address or ID.
Totally asymmetric authentication (e.g., shared key in one direction,
RSA in the other) is not supported by the IKE protocol.
|
|
author: angelos
Allow exchange of KeyNote credentials over IKE. Multiple credentials
may be passed in a single CERT payload. KeyNote is used if a
directory named as the local ID we use in an exchange exists in the
KeyNote directory (default: /etc/isakmpd/keynote/). Note that
asymmetric credentials are possible (use KeyNote in one direction and
X509 in the other); such authentication is envisioned to be the most
common: the clients will use KeyNote credentials to authenticate and
authorize with a server, whilst the server will just provide an X509
certificate proving its binding to the IP address or ID.
Totally asymmetric authentication (e.g., shared key in one direction,
RSA in the other) is not supported by the IKE protocol.
author: angelos
Cleanup.
|
|
author: angelos
Some more text.
author: angelos
Allow exchange of KeyNote credentials over IKE. Multiple credentials
may be passed in a single CERT payload. KeyNote is used if a
directory named as the local ID we use in an exchange exists in the
KeyNote directory (default: /etc/isakmpd/keynote/). Note that
asymmetric credentials are possible (use KeyNote in one direction and
X509 in the other); such authentication is envisioned to be the most
common: the clients will use KeyNote credentials to authenticate and
authorize with a server, whilst the server will just provide an X509
certificate proving its binding to the IP address or ID.
Totally asymmetric authentication (e.g., shared key in one direction,
RSA in the other) is not supported by the IKE protocol.
author: ho
Update re DOI:IPSEC and default p1/p2 lifetimes.
|
|
author: angelos
Different policy/Keynote sessions per Phase 1 SA.
author: angelos
Allow exchange of KeyNote credentials over IKE. Multiple credentials
may be passed in a single CERT payload. KeyNote is used if a
directory named as the local ID we use in an exchange exists in the
KeyNote directory (default: /etc/isakmpd/keynote/). Note that
asymmetric credentials are possible (use KeyNote in one direction and
X509 in the other); such authentication is envisioned to be the most
common: the clients will use KeyNote credentials to authenticate and
authorize with a server, whilst the server will just provide an X509
certificate proving its binding to the IP address or ID.
Totally asymmetric authentication (e.g., shared key in one direction,
RSA in the other) is not supported by the IKE protocol.
author: angelos
A few more definitions.
author: angelos
Some more support for KeyNote credential exchange (not yet done).
|
|
author: provos
typo
|