summaryrefslogtreecommitdiff
path: root/sbin
AgeCommit message (Expand)Author
2012-07-07copy&paste mistake in error messageChristian Weisgerber
2012-07-07remove incorrect check in pfctl preventing set-tos for ipvshit.Henning Brauer
2012-07-07rename prio in struct pf_rule and related structs to set_prio so it isHenning Brauer
2012-07-07Replace atoi() with strtonum() where it's easy. Make related errorKenneth R Westerback
2012-07-05don't output "esn" string in the rule section as we can't use theMike Belopuhov
2012-07-05when rekeying ike sa copy more info from the old one;Mike Belopuhov
2012-07-03Improve the key derivation function to produce correct keying materialMike Belopuhov
2012-07-02checking state flags make sense only when processing a responseMike Belopuhov
2012-07-02augment every sa_free call with a debugging log messageMike Belopuhov
2012-07-02Don't close IKE SA immediately after creating a new one when rekeying.Mike Belopuhov
2012-07-02a state machine is not worth the trouble when you've got a flag. doh!Mike Belopuhov
2012-06-30enable use of AES-{192,256}-CTR, and explicitly of AES-128-CTR, for IPsec ESPChristian Weisgerber
2012-06-29Add missing ESN bitsMike Belopuhov
2012-06-29Print esn flag when dumping SAs with ESN enabledMike Belopuhov
2012-06-28prevent salt_len overflow; reported by andrew nelless, ok otto, teduMike Belopuhov
2012-06-27leftover code re-enqueued the same item on the list multiple timesMike Belopuhov
2012-06-27prevent an endless loopMike Belopuhov
2012-06-26Add some more paranoia and make code clearer. Check that the requiredKenneth R Westerback
2012-06-26RFC 2132 says "Options containing NVT ASCII data SHOULD NOT includeKenneth R Westerback
2012-06-26improve ikev2_msg_retransmit_timeoutMike Belopuhov
2012-06-26close SA when IKE_SA_INIT or IKE_AUTH exchanges fail;Mike Belopuhov
2012-06-26compare exchange types as well when looking up a message;Mike Belopuhov
2012-06-25log all, not log-all; ok henningJason McIntyre
2012-06-24Nuke interface_link_status() (check media status only) and useKenneth R Westerback
2012-06-22Add initial support for retransmition timeouts and response retries.Mike Belopuhov
2012-06-22decouple timer initialization from timer_registerMike Belopuhov
2012-06-22Two 'ioctl() < 0' -> 'ioctl() == -1'. guenther@ says they're odd.Kenneth R Westerback
2012-06-22Set state to S_REBOOTING when calling state_reboot() and set stateKenneth R Westerback
2012-06-20Cancel all timeouts in state_reboot(), since we can get there from any stateMark Kettenis
2012-06-20no more boot_mac68k(8);Jason McIntyre
2012-06-20more mac68k bits for the atticMatthew Dempsky
2012-06-20Delete some more SUBDIR += mac68k.Matthew Dempsky
2012-06-04Rounding up a number of bytes in a bignum returned by the BN_num_bytes()Mike Belopuhov
2012-06-01revert previous, breaks tcpdumpJonathan Gray
2012-06-01Make the -P flag work with -ss, so that states can be printed with portLawrence Teo
2012-05-31Clarify issues del (bridge command) vs delete (IP address command);Theo de Raadt
2012-05-31Let quotacheck work with duid based fstab. Missed one open() -> opendev()Kenneth R Westerback
2012-05-30more timer changesMike Belopuhov
2012-05-30when changing peer's address in the SA, remove the old entry from theMike Belopuhov
2012-05-30pass a file descriptor in the msg_fd instead of a function argumentMike Belopuhov
2012-05-29Fix tyop in error message; this was copied from/to umount(8)'s umount.c which...Jasper Lievisse Adriaanse
2012-05-29Make 'mount nfssrv:/path' without mount point work again :Landry Breuil
2012-05-29Fix typo in error message ("Cannot MNT PRC"->RPC)Landry Breuil
2012-05-29improve timer framework; will be needed soonMike Belopuhov
2012-05-24don't increment the next expected message id when sending a response back.Mike Belopuhov
2012-05-23fixup from/to specificationMike Belopuhov
2012-05-23remove hardcoded values for esp and let ikev2_add_proposals decideMike Belopuhov
2012-05-23factor out proposal matching code from ikev2_sa_negotiate and eliminateMike Belopuhov
2012-05-14ansi. no binary changeJonathan Gray
2012-05-08When setting up NAT-T notify payloads, make sure to supply anMike Belopuhov