summaryrefslogtreecommitdiff
path: root/sbin
AgeCommit message (Collapse)Author
2001-01-04Read a struct kmembuckets, rather than individual values.Angelos D. Keromytis
2001-01-04Print the kern.malloc.* branchAngelos D. Keromytis
2001-01-01New command "setpid", just changes the ID of a partition (no otherAngelos D. Keromytis
parameters editing) -- vassilip@dsl.cis.upenn.edu
2000-12-31Bring the manual in sync with reality: when using the -u flag, anyAngelos D. Keromytis
options in /etc/fstab are ignored; only the options specified in the mount command line are used.
2000-12-31merge mistake. -m is not available in *bsd-currentJun-ichiro itojun Hagino
2000-12-31Update example and text.Angelos D. Keromytis
2000-12-30Remove the dstsa/srcsa/clearsa directives, the bridge will be usingAngelos D. Keromytis
the gif interface instead.
2000-12-30Don't do a getnetbyname() if the address is in dot notation already;Angelos D. Keromytis
solves a DNS-related deadlock. Patch by gluk@ptci.ru (PR 1582)
2000-12-29Don't mark filesystem clean if fsck needs to be rerun (PR 1572)Angelos D. Keromytis
2000-12-29correct m88k definitions.Steve Murphree
2000-12-28indent. couple of pedant. from deraadt (sync with kame)Jun-ichiro itojun Hagino
2000-12-28make it obvious the key/authkey pairs can be distinct; Gordon Greene.Jason Wright
2000-12-22strlcpy is greatTheo de Raadt
2000-12-22call seteuid(getuid) tooJun-ichiro itojun Hagino
2000-12-22revoke root privilege earliest possibleJun-ichiro itojun Hagino
2000-12-21add /usr/share/ipf/nat.3; ok aaron@Reinhard J. Sammer
2000-12-21document net.inet6.icmp6.mtudisc_{hi,lo}watJun-ichiro itojun Hagino
2000-12-21use strlcpyTheo de Raadt
2000-12-20document "default" argumentTheo de Raadt
2000-12-19make sure isakmpd works with the openssl-0.9.6 APIMarkus Friedl
2000-12-19gmp is gone, make it build again; cvs retardMichael Shalayeff
2000-12-19gmp is gone, make it build againMichael Shalayeff
2000-12-18fix nwid get/setMichael Shalayeff
2000-12-16typoNiels Provos
2000-12-16when a used SA expires and the exchange is gone, start a new one.Niels Provos
2000-12-15.Sh EXAMPLE -> .Sh EXAMPLES. Even if there's only one example, at leastAaron Campbell
this is consistent.
2000-12-15return resource exhaustion message on memory allocation error. poll onNiels Provos
the pfkey fd so that we dont block when a message gets lossed.
2000-12-15only create new exchange on SA expires, when there has been used.Niels Provos
okay angelos@
2000-12-15update email address in copyright.Niels Provos
2000-12-15more cleanup; send SPI needed message if we have state but no SPI onNiels Provos
acquire.
2000-12-15more cleanup. remove last vestiges of gmp.Niels Provos
2000-12-15handle pfkey soft updates. only update when SA has been used.Niels Provos
2000-12-14queue pfkey acquire and expire messages if we are currently waiting forNiels Provos
another pfkey transaction to return. some cleanup.
2000-12-14setup soft lifetimes, handle hard expirations, deal with changed pfkeyNiels Provos
supported extensions. some problems pointed out by Hans-Joerg.Hoexer@rommelwood.de
2000-12-13better debugging. reserve spis with the correct protocol.Niels Provos
2000-12-12pids are useful in syslog; ok angelos@Todd T. Fries
2000-12-12enumerate debugging number meanings; ok angelos@Todd T. Fries
2000-12-12Add support for 802.1D spanning tree protocol.Jason Wright
NOTE: this requires recompiling brconfig with updated include files.
2000-12-12listen to pfkeyv2 acquire messages and set up SAs accordingly.Niels Provos
2000-12-12revert former patch, the correct solution is to not compile this file at allNiklas Hallqvist
for architectures without shlibs
2000-12-12Merge with EOM 1.112Niklas Hallqvist
author: niklas style author: angelos Don't limit Phase 1 SA establishment -- while this does limit resource consumption, it's neither foolproof nor entirely correct (it introduces some synchronization problems).
2000-12-12Merge with EOM 1.79Niklas Hallqvist
author: niklas whitespace author: niklas style author: angelos Pass the local/remote Phase 1 ID to the flow, so it can be reused when an SA is re-negotiated. author: angelos Save the Phase 1 IDs along with the flow. author: angelos Don't block new phase 1 SA establishment -- avoids some sync problems. Also, handle kernel-issued expirations more intelligently. author: angelos isakmpd can now negotiate transport protocol/ports (either through the configuration file or through kernel ACQUIREs). author: angelos Fix flow cleanup/setup on renegotiation (or failure thereof) -- thanks to cedric@wireless-networks.com for testing and feedback. author: angelos Remove unused code. author: angelos Don't be too permissive with the installed flows -- after all, we can just run more negotiations. author: angelos ifndef, not ifdef author: angelos Delete ingress flow correctly. author: angelos Initialize structure.
2000-12-12Merge with EOM 1.51Niklas Hallqvist
author: niklas more fascistoid style author: angelos Don't insert the *same* entry in two or more buckets! Thanks to cedric@wireless-networks.com for reporting/debugging and coming up with the patch. author: angelos Correct format string. author: angelos x509_hash() should also skip the cert length (willey@serasystems.com) author: angelos Add some error messages (ingham@ara.com)
2000-12-12Merge with EOM 1.73Niklas Hallqvist
author: angelos Pass the local/remote Phase 1 ID to the flow, so it can be reused when an SA is re-negotiated. author: angelos isakmpd can now negotiate transport protocol/ports (either through the configuration file or through kernel ACQUIREs).
2000-12-12sysdep/openbsd/sysdep.c: Merge with EOM 1.9Niklas Hallqvist
pf_encap.h: Merge with EOM 1.13 pf_key_v2.h: Merge with EOM 1.4 sysdep.h: Merge with EOM 1.17 author: angelos Pass the local/remote Phase 1 ID to the flow, so it can be reused when an SA is re-negotiated.
2000-12-12Merge with EOM 1.55Niklas Hallqvist
author: angelos Add Default-phase-1-ID tag in [General], and document its use. author: angelos isakmpd can now negotiate transport protocol/ports (either through the configuration file or through kernel ACQUIREs).
2000-12-12Merge with EOM 1.48Niklas Hallqvist
author: angelos Add Default-phase-1-ID tag in [General], and document its use. author: angelos Default Phase 1 entry.
2000-12-12Merge with EOM 1.31Niklas Hallqvist
author: niklas style nit, we only use NULL in isakmpd when a manpage mandates it author: angelos Also check for default Phase 1 ID.
2000-12-12Merge with EOM 1.143Niklas Hallqvist
author: niklas Style nits author: angelos Pass the local/remote Phase 1 ID to the flow, so it can be reused when an SA is re-negotiated. author: angelos isakmpd can now negotiate transport protocol/ports (either through the configuration file or through kernel ACQUIREs). author: angelos CAST-128 has a maximum of 128bit keys, not 256.
2000-12-12Merge with EOM 1.143Niklas Hallqvist
author: angelos Careful when copying IDs. author: angelos Oops, what am I thinking ? author: angelos Ooops again, I reverted the wrong patch. author: angelos Oops, shouldn't have committed this. author: angelos x509_hash() should also skip the cert length (willey@serasystems.com) author: angelos If it's a dynamically established Phase 2 SA, don't keep a copy of it in isakmpd (the kernel keeps track of everything in this case). author: angelos Comment. author: angelos If no time-based lifetime was negotiated, don't release the SA.
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-28 19:24:33 +0000