summaryrefslogtreecommitdiff
path: root/usr.sbin/bgpd/pfkey.c
AgeCommit message (Collapse)Author
2004-11-10"not reached" does not help LINT use NOTREACHED instead and use it only inClaudio Jeker
places where needed. OK henning@
2004-05-28detect absence of PF_KEY interface and/or the TCP_MD5SIG setsockoptsHenning Brauer
at runtime and disable said subsystems if so. helps the guys porting bgpd to $otherBSD, and is actually the right thing to do. claudio ok
2004-05-06actually reset p->auth_established to 0 in pfkey_[md5sig|ipsec]_removeHenning Brauer
2004-05-06we need a seperate field for the md5 key len, can't use strlen, noticedHenning Brauer
by markus some time ago
2004-04-28support for AH flows and SAsMarkus Friedl
2004-04-28do not give up on ESRCH, someone might have mucked with ipsecadm behindHenning Brauer
our back, markus ok
2004-04-28make this at least compileHenning Brauer
2004-04-28make sure send and reply are in sync; ok henningMarkus Friedl
2004-04-28keep track of which ipsec/md5 SAs we inserted - ESRCH on blind removalHenning Brauer
otherwise, markus ok
2004-04-28don't load SAs into the kernel if IKE is used.Markus Friedl
2004-04-28prefix the auth related defines by AUTH_, we had a name clash, markus okHenning Brauer
2004-04-27rename the ipsec struct to auth, move all tcpmd5 related fields in there, andHenning Brauer
add a generic "method" field that expresses what method (none/md5sig/ipsec manual/ipsec ike) is in use markus ok
2004-04-27two missing breaks, repairs tcpmd5, with markusHenning Brauer
2004-04-27restrict the ipsec flows to BGP only; ok henningMarkus Friedl
2004-04-27crud stripping; henning okTheo de Raadt
2004-04-26load ipsec SAs into the kernel and enable them.Markus Friedl
2004-03-31allow empty (wildcard) sockaddr for src or dstHenning Brauer
2004-03-15use switch instead of if { } else if { } else { }Henning Brauer
2004-01-30missing free() in an error path that should be unreachableHenning Brauer
From: Patrick Latifi <pat@eyeo.org>
2004-01-28implementHenning Brauer
tcp md5sig password so that the key can be given in ascii, what unfortunately limits the key space (cisco/juniper compat...) we keep the ability to specify the key in hex whithout these limits. help & ok markus
2004-01-28-rename pfkey_setkey to pfkey_sa_addHenning Brauer
-implement pfkey_sa_remove -use it in pfkey_auth_remove we now properly remove the SAs we added on bgpd shutdown ok markus
2004-01-28fix pfkey_reply() logic:Henning Brauer
we always need to read the full message or we find old crap next time much more difficult to find than it sounds here... with & ok markus
2004-01-28missing free and fix memset misuse; From: Patrick Latifi <pat@eyeo.org>Henning Brauer
tho i fixed that using bzero instead
2004-01-28we need a pfkey_init the gets us a PF_KEY socket before we drop privsHenning Brauer
eases other code quite a bit in exchange...
2004-01-28-struct peer_auth to store the SPIs, linked into struct peerHenning Brauer
-add pfkey_auth_establish(), which sets up flows for both directions and stores the SPIs in above struct -add (yet dummy) pfkey_auth_remove() with markus, ok claudio markus
2004-01-28initial support for SADB_DELETE; ok hshoexerMarkus Friedl
2004-01-28pfkey_setkey: sockaddr -> bgpd_addr; ok claudioMarkus Friedl
2004-01-27missing return()Henning Brauer
2004-01-27use SADB_GETSPI/UPDATE for setting tcpmd5 keys; ok henningMarkus Friedl
2004-01-26when we error out in send_sa_msg() close the file descriptor.Henning Brauer
from Patrick Latifi <pat@eyeo.org>
2004-01-26first cut at tcpmd5 setup seupport from within bgpd. works so far.Henning Brauer
with help from hshoexer@ and markus@ ok claudio@ hshoexer@ markus@
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-04 14:37:33 +0000