summaryrefslogtreecommitdiff
path: root/sbin
AgeCommit message (Collapse)Author
2004-06-20message_parse_payloads should accept payloads in the private range.Hakan Olsson
While here, also cleanup some messages.
2004-06-20Make the payload array in struct message dynamic, since we need to handleHakan Olsson
payloads in the private range, such as the pre-RFC NAT-D/NAT-OA. Replace TAILQ_FIRST(&msg->payload[i]) instances with function calls.
2004-06-20NAT-Traversal for isakmpd. Work in progress...Hakan Olsson
hshoexer@ ok.
2004-06-20A start towards Dead Peer Detection (DPD) support, as specified in RFC 3706Hakan Olsson
2004-06-20Some vendors send the last Aggressive Mode message unencrypted, which weHakan Olsson
should accept. Problem noted by alex at vbone.net. hshoexer@ ok.
2004-06-20To make debugging the unprivileged child process easier, make 'isakmpd -dd'Hakan Olsson
pause just after privsep; print the PIDs and wait for SIGCONT. hshoexer@ ok
2004-06-19require RTF_MPATH to enter a multipath route with RTM_ADD.Cedric Berger
route(8) takes a new -mpath modifier to enter a multipath route. requested deraadt@, ok itojun@ mcbride@ millert@
2004-06-18Make this better reflect reality; OK and with help from CedricTodd C. Miller
2004-06-17Yet another bunch of memleask found and fixed by Patrick Latifi. Thanks!Hans-Joerg Hoexer
ok ho@
2004-06-17Plug a memleak. Found and fixed (and some cleanup) by Patrick Latifi.Hans-Joerg Hoexer
Thanks! ok ho@
2004-06-17Evaluate result of X509_verify_cert() more carefully.Hans-Joerg Hoexer
ok cloder@
2004-06-16Fix wrong pointer dereference and plug memleak. Found and patch byHans-Joerg Hoexer
Patrick Latifi. Thanks! ok ho@
2004-06-16fix ipv6-address and ipv6-address-mask mixup.Hans-Joerg Hoexer
Found by Patrick Latifi. Thanks! ok ho@
2004-06-16Fix -S flag with new show code. ok claudio@Cedric Berger
2004-06-15Cleanup last commit here:Todd C. Miller
- pass netname4() a struct sockaddr_in * and check it for NULL - netname6() already deals with NULL mask so remove unneeded check in netname() OK deraadt@
2004-06-15do not crash on 'route flush'Theo de Raadt
2004-06-15also use MSG_AUTHENTICATED flag.Hans-Joerg Hoexer
ok ho@
2004-06-14Remove unused functions. ok beck@ henning@Cedric Berger
2004-06-14avoid stat before openHans-Joerg Hoexer
ok ho@
2004-06-14added a missing message_free().Hans-Joerg Hoexer
ok ho@
2004-06-14KNF, style, 80c, etc. hshoexer@ okHakan Olsson
2004-06-12Fix table add/replace commands with securelevel=2.Cedric Berger
Reported by James J. Lippard. ok otto@
2004-06-12Make route show output similar to netstat -r output.Claudio Jeker
OK cedric@ millert@
2004-06-11typo in commentBrad Smith
2004-06-10Work around an uncovered gcc problem on m88k until it receives proper cure.Miod Vallat
2004-06-10rename struct pf_rule_addr member 'not' to 'neg', as 'not' is a reservedDaniel Hartmeier
keyword in C++. ok henning@, cedric@
2004-06-10Mark authenticated messages explicitly. Better check for authentication beforeHans-Joerg Hoexer
deleteing SAs. This fix is needed to solve the problems reported by Thomas Walpuski, previous diff was not sufficient. Pointed out by Thomas. Thanks! ok ho@ niklas@, testing and spellcheck by todd@ msf@
2004-06-09Fix IPv4 name->address translation. Addresses like "10.1000" will not beCedric Berger
accepted anymore, but constructs like "route add 10.1.2/24 <gw>" will finally do the right thing. ok millert@
2004-06-09Style nits. hshoexer@ okHakan Olsson
2004-06-09only accept DELETEs during an authenticated INFORMATIONAL exchange.Hans-Joerg Hoexer
Fix for recent problem disclosed by Thomas Walpuski. ok ho@
2004-06-09correct mistake in usage(). Chris PinnockJun-ichiro itojun Hagino
2004-06-06- wordingJason McIntyre
- simplify some displays
2004-06-06add new "-src" and "-srcmask" modifiers to make it possible to add a sourceCedric Berger
selector part to the routing table entry. complements existing "-dst" and "-dstmask". typical use: route add -src 20.20.20.22 20.20.20.21 route add -src 192.168.1.0/24 -dst 192.168.2.0/24 20.20.20.21 useful for example to implement symetrical routing on multihomed boxes, or to better select which packets to send to gif/tun/... tunnels. new '-S' flag similar to netstat one. ok deraadt@ mcbride@
2004-06-06Style (KNF, 80c). No binary change.Hakan Olsson
2004-06-0664bit int fixesTed Unangst
2004-06-03fall back to "nobody" when the _dhcp user is not available, theo bob okHenning Brauer
2004-06-02remove unused BIO-functions.Hans-Joerg Hoexer
ok markus@ ho@
2004-05-30interface description, tweaked by deraadt and jcs;Jason McIntyre
2004-05-30various improvements and fixes from jared yanovich;Jason McIntyre
2004-05-29introduce SIOCSIFDESCR and SIOCGIFDESCR to maintain interfacejoshua stein
descriptions, configurable with ifconfig help from various, ok deraadt@
2004-05-29Changes from Andrey Matveev:Todd C. Miller
o only include socket.h once o use errx() not err() where appropriate o close the socket we opened o bzero struct ifreq before use
2004-05-29memory leak; andrushock@korovino.netTheo de Raadt
2004-05-27plug memleak in error pathHenning Brauer
From: Andrey Matveev <andrushock@korovino.net>
2004-05-27Rule parser improvements: line numbers, no nl at eof, handling of linesOtto Moerbeek
with too many tokens. Based on diff from Jared Yanovich. ok tdeval@ deraadt@
2004-05-26do not leak fd on error path.Hans-Joerg Hoexer
ok ho@
2004-05-24Use correct function names in log messages. Kill some spaces.Hans-Joerg Hoexer
ok deraadt@ ho@
2004-05-23use strtonum instead of atoi; dhartmei okTheo de Raadt
2004-05-23More KNF. Mainly spaces and line-wraps, no binary change.Hans-Joerg Hoexer
ok ho@
2004-05-23remove excessive monitor_ prefixesTheo de Raadt
2004-05-23stat before open is flawedTheo de Raadt