summaryrefslogtreecommitdiff
path: root/sbin
AgeCommit message (Collapse)Author
2004-06-25repair tree nanobreak by the nanobumTheo de Raadt
2004-06-25remove two ununsed includesHenning Brauer
2004-06-25remove netiso and netns codeHenning Brauer
2004-06-25Narrow down privsep interface. Remove ui_init to monitor. So we can get rid ofHans-Joerg Hoexer
monitor_mkfifo. Work in progress. ok ho@
2004-06-24iso is goneHenning Brauer
2004-06-24remove netiso stuffHenning Brauer
2004-06-24Remove some unused code.Hans-Joerg Hoexer
Fix handling of sigchild. Now it's possible to sigstop/sigcont isakmpd correclty. ok ho@
2004-06-24Also handle keys from x509-certificates embedded in keynote credentials.Hans-Joerg Hoexer
with msf@ ok ho@
2004-06-23Print corrent prefix. Found and tested by alex at vbone.net.Hakan Olsson
2004-06-23make -w optional; ok miod@David Krause
2004-06-23better dead detect window code; still crapTheo de Raadt
2004-06-23Avoid stat before open. Do open and fstat instead.Hans-Joerg Hoexer
Remove check_file_secrecy() as it is obsoleted be check_file_secrecy_fd(). ok ho@
2004-06-23Make compiling with Boehm's gc possible again.Hakan Olsson
2004-06-23Support IPV{4,6}_ADDR_SUBNET IDs in Phase 1, just like the man pageHakan Olsson
says we do. Noted and tested by alex at vbone.net. Also avoid a potential SEGV here. hshoexer@ok
2004-06-23Add commandline switch -a / config tag "Acquire-Only" to tell isakmpd to notHans-Joerg Hoexer
touch flows. initial work by markus ok markus@ ho@ henning@
2004-06-22horrid horrid horrid. we have a race window where we, ourselves, do anTheo de Raadt
address deletion. yesterday we stopped ignoring deletions. but now dhclient does not see itself coming up, and voila, we get more and processes. so now make a 5-second window where we ignore delete messages, but terminate if we get them at any other time. a very relucant ok from henning who is actively searching for a final solution to this problem.
2004-06-22Make the interactive "update" command match the command-line "-u"Tom Cosgrove
option by updatng/setting the 0xAA55 signature at the end of the sector. ok nick@ weingart@
2004-06-22Rewrite of getmntopts(), making it more robust and getting rid ofOtto Moerbeek
the mount_nfs alternative implementation of the same function. Joint work with millert@. Fixes PR 3642. ok pedro@ millert@
2004-06-22Remove the CNF_ from WI_RID_CNF_ENH_SECURITY and WI_RID_CNF_DBM_ADJUSTTodd C. Miller
to match changes in wi(4). Also, don't exit wicontrol if SIOCGWAVELAN fails; just keep going and get the values we can. OK deraadt@
2004-06-22kn_get_string() may return NULL on failure. Handle this corrctly.Hans-Joerg Hoexer
with msf@, ok ho@ markus@
2004-06-22The NAT-T drafts suggest we should drop incoming messages arriving onHakan Olsson
the old port (500) after we've switched to the new one.
2004-06-22acg.cg_nextfreeoff is already relative to &acg so don't subtractTodd C. Miller
&acg.cg_firstfield. Fixes a bogus "panic: cylinder group too big" I see sometimes when using mmap malloc. OK tholo@
2004-06-22do not exit on RTM_DELADDR, dhclient can cause this itself under some rareHenning Brauer
circumstances. instead, exit on RTM_NEWADDR if, and only if, the new IP address is not a lease we got. theo ok
2004-06-22handle interface removals in the poll loop. ok henning@Can Erkin Acar
2004-06-21Describe the [Default]:NAT-T-Keepalive configuration parameter.Hakan Olsson
2004-06-21Make printing of 802.11 fields consistent with the rest by printingTodd C. Miller
a colon (':') after the field name. Noticed by markus@, OK deraadt@
2004-06-21Enable NAT-T support.Hakan Olsson
2004-06-21Implement NAT-T keepalive messages.Hakan Olsson
2004-06-21Update manpage to reflect changes in anchor namingMathieu Sauve-Frankel
ok beck@ claudio@
2004-06-21udpencap_port should be taken from dst transportHakan Olsson
2004-06-21When switching from main to encap transport, copy dst port ifHakan Olsson
translated (NAT).
2004-06-21Strip away umask bits in monitor_fopen(). hshoexer@ ok.Hakan Olsson
2004-06-21style nitHakan Olsson
2004-06-21undo double-patch; Dries SchellekensMarkus Friedl
2004-06-21Don't write too much IKE data in packet captureHakan Olsson
2004-06-21Packet capture should add the ESP-marker when NAT-T is active.Hakan Olsson
2004-06-21dont compare int with NULL, compare to 0 instead, otto@ okAnil Madhavapeddy
2004-06-21Tell the kernel to enable ESP-in-UDP encapsulation when we haveHakan Olsson
SAs negotiated with NAT-T.
2004-06-21Port floating (500->4500) for p1 and p2 exchanges.Hakan Olsson
2004-06-20message_parse_payloads should accept payloads in the private range.Hakan Olsson
While here, also cleanup some messages.
2004-06-20Make the payload array in struct message dynamic, since we need to handleHakan Olsson
payloads in the private range, such as the pre-RFC NAT-D/NAT-OA. Replace TAILQ_FIRST(&msg->payload[i]) instances with function calls.
2004-06-20NAT-Traversal for isakmpd. Work in progress...Hakan Olsson
hshoexer@ ok.
2004-06-20A start towards Dead Peer Detection (DPD) support, as specified in RFC 3706Hakan Olsson
2004-06-20Some vendors send the last Aggressive Mode message unencrypted, which weHakan Olsson
should accept. Problem noted by alex at vbone.net. hshoexer@ ok.
2004-06-20To make debugging the unprivileged child process easier, make 'isakmpd -dd'Hakan Olsson
pause just after privsep; print the PIDs and wait for SIGCONT. hshoexer@ ok
2004-06-19require RTF_MPATH to enter a multipath route with RTM_ADD.Cedric Berger
route(8) takes a new -mpath modifier to enter a multipath route. requested deraadt@, ok itojun@ mcbride@ millert@
2004-06-18Make this better reflect reality; OK and with help from CedricTodd C. Miller
2004-06-17Yet another bunch of memleask found and fixed by Patrick Latifi. Thanks!Hans-Joerg Hoexer
ok ho@
2004-06-17Plug a memleak. Found and fixed (and some cleanup) by Patrick Latifi.Hans-Joerg Hoexer
Thanks! ok ho@
2004-06-17Evaluate result of X509_verify_cert() more carefully.Hans-Joerg Hoexer
ok cloder@
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-26 04:28:40 +0000