summaryrefslogtreecommitdiff
path: root/usr.sbin/bgpd/pfkey.c
AgeCommit message (Expand)Author
2015-09-13explicit_bzero() from Michael McConville, thanks!Florian Obser
2015-02-10Make also the special sockets SOCK_NONBLOCK. For the routing socket addClaudio Jeker
2015-02-09Kill session_socket_blockmode() and replace it with SOCK_CLOEXEC orClaudio Jeker
2014-10-08Use reallocarray() throughout to spot multiplicative int overflow.Theo de Raadt
2010-12-09The PF_KEY socket is like the routing socket. It must be polled all theClaudio Jeker
2009-12-14addr2sa() will return NULL for AID_UNSPEC and pfkey_send() may end up withClaudio Jeker
2009-12-06Doh, switch src and dst in memcpy calls or the wrong thing gets copied.Claudio Jeker
2009-12-01Use an artificial address family id in struct bgpd_addr and almost everywhereClaudio Jeker
2009-04-21instead of calling getpid() all over the place do it once, claudio okHenning Brauer
2009-04-21ignore pfkey replies not for us and discard themHenning Brauer
2009-02-25add a stupid workaround for a race somewhere in the crypto code in theHenning Brauer
2006-10-26 * make sure we keep copies of everything we need toHenning Brauer
2006-10-26storing the dynamically acquired SPIs for tcpmd5 inside the conf structHenning Brauer
2006-08-30writing to the pfkey socket can give EAGAIN and we must retry.Henning Brauer
2004-11-10"not reached" does not help LINT use NOTREACHED instead and use it only inClaudio Jeker
2004-05-28detect absence of PF_KEY interface and/or the TCP_MD5SIG setsockoptsHenning Brauer
2004-05-06actually reset p->auth_established to 0 in pfkey_[md5sig|ipsec]_removeHenning Brauer
2004-05-06we need a seperate field for the md5 key len, can't use strlen, noticedHenning Brauer
2004-04-28support for AH flows and SAsMarkus Friedl
2004-04-28do not give up on ESRCH, someone might have mucked with ipsecadm behindHenning Brauer
2004-04-28make this at least compileHenning Brauer
2004-04-28make sure send and reply are in sync; ok henningMarkus Friedl
2004-04-28keep track of which ipsec/md5 SAs we inserted - ESRCH on blind removalHenning Brauer
2004-04-28don't load SAs into the kernel if IKE is used.Markus Friedl
2004-04-28prefix the auth related defines by AUTH_, we had a name clash, markus okHenning Brauer
2004-04-27rename the ipsec struct to auth, move all tcpmd5 related fields in there, andHenning Brauer
2004-04-27two missing breaks, repairs tcpmd5, with markusHenning Brauer
2004-04-27restrict the ipsec flows to BGP only; ok henningMarkus Friedl
2004-04-27crud stripping; henning okTheo de Raadt
2004-04-26load ipsec SAs into the kernel and enable them.Markus Friedl
2004-03-31allow empty (wildcard) sockaddr for src or dstHenning Brauer
2004-03-15use switch instead of if { } else if { } else { }Henning Brauer
2004-01-30missing free() in an error path that should be unreachableHenning Brauer
2004-01-28implementHenning Brauer
2004-01-28-rename pfkey_setkey to pfkey_sa_addHenning Brauer
2004-01-28fix pfkey_reply() logic:Henning Brauer
2004-01-28missing free and fix memset misuse; From: Patrick Latifi <pat@eyeo.org>Henning Brauer
2004-01-28we need a pfkey_init the gets us a PF_KEY socket before we drop privsHenning Brauer
2004-01-28-struct peer_auth to store the SPIs, linked into struct peerHenning Brauer
2004-01-28initial support for SADB_DELETE; ok hshoexerMarkus Friedl
2004-01-28pfkey_setkey: sockaddr -> bgpd_addr; ok claudioMarkus Friedl
2004-01-27missing return()Henning Brauer
2004-01-27use SADB_GETSPI/UPDATE for setting tcpmd5 keys; ok henningMarkus Friedl
2004-01-26when we error out in send_sa_msg() close the file descriptor.Henning Brauer
2004-01-26first cut at tcpmd5 setup seupport from within bgpd. works so far.Henning Brauer
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-28 00:04:02 +0000