5ae99b01fd
Missing entries for last changes
2008-02-25 20:14:05 +00:00
6ee9ace370
From Brian Haley <brian.haley@hp.com>
...
There's a cut/paste error in cmp_aproppair_i(), it's supposed to be
checking spi_size but it's not. I'm not sure this patch is correct, but
what's there isn't either.
2008-02-25 20:06:55 +00:00
ebc590d76a
Fix address length, from Brian Haley
2008-02-22 18:50:03 +00:00
2bbccfb905
yyparse returns int, not void.
2008-02-16 18:29:39 +00:00
a91c432416
closes PR bin/37644
...
did not meet violent opposition ( :) ) on ipsec-tools-devel
2008-02-10 12:11:08 +00:00
8a85bb4332
remove Protocol=2 line; from Jukka Salmi
2008-01-28 13:57:02 +00:00
4781622c25
CRIOGET is gone. Saves one ioctl per session.
2008-01-26 20:46:21 +00:00
9675caff5e
Some minor opencrypto fixes, one with a major performance impact for
...
OpenSSL:
1) Fix extremely misleading text in crypto.4 manual page so it does not
appear to claim that a new cloned file descriptor is required for every
session.
2) Fix severe performance problem (and fd leak!) in openssl cryptodev
engine resulting from misunderstanding probably caused by said manual
page text.
3) Check for session-ID wraparound in kernel cryptodev provider. Also,
start allocating sessions at 1, not 0 -- this will be necessary when
we add ioctls for the creation of multiple sessions at once, so we
can tell which if any creations failed.
2008-01-25 07:09:56 +00:00
4aacbd15e1
From Timo Teras: reset iph1->dpd_r_u in the scheduler's callback, to avoid access to freed memory.
2008-01-11 14:27:34 +00:00
ca6b517233
reset iph1->dpd_r_u in the scheduler's callback, to avoid some access to freed memory
2008-01-11 14:27:33 +00:00
e0b7c2f9ec
reported somes fixes from Krzysztof Oledzki
2008-01-11 14:09:50 +00:00
90cd29a77c
From Krzysztof Oledzki: Fix compilation with IDEA and recent gcc.
2008-01-11 14:09:05 +00:00
5e3ace1c19
From Krzysztof Oledzki: added some details to some logs (also reported new getph1byaddr() arg).
2008-01-11 14:08:29 +00:00
e8714f7763
From Krzysztof Oledzki: Only search for established ph1 handles in DPD (also reported new getph1byaddr() arg).
2008-01-11 14:07:39 +00:00
223c4f34ce
added an 'established' arg to getph1byaddr()
2008-01-11 14:06:56 +00:00
c825a8ee5f
Add GRE protocol number to racoonctl. Correct id wildcard matching for transport mode. Submitted by Timo Teras.
2007-12-31 01:42:07 +00:00
e2eda5513a
Add GRE protocol number to racoonctl. Correct id wildcard matching for transport mode. Submitted by Timmo Teras.
2007-12-31 01:42:06 +00:00
c9b9889ada
add back #include <sys/socket.h> from Scott Ellis on current-users@
2007-12-21 20:42:03 +00:00
e9e5abe68c
fix typo in comment
2007-12-21 01:03:58 +00:00
53a105b083
Disable the umac-64 MAC for now, it needs to be rewritten from scractch.
...
Addresses PR bin/37562.
2007-12-20 14:14:04 +00:00
d642d06d3d
fixes for alpha: %ld -> %zd, signals are long.
2007-12-18 09:00:30 +00:00
ceafeaa9bc
Eliminate "endian_convert defined but not used" on big-endian platforms;
...
instead of using the "generic" functions for byteswapping in this file,
use le32toh() and friends.
2007-12-18 08:32:21 +00:00
4750a01617
on NetBSD, use %zu for sizeof()
2007-12-18 07:22:32 +00:00
512c2e7e60
merge conflicts
2007-12-18 02:35:25 +00:00
848569aa46
from ftp.openbsd.org
2007-12-17 20:15:38 +00:00
3a210f56fc
Add corrections submitted in a follow up patch for the nat-t oa support.
2007-12-12 05:08:28 +00:00
892304dffa
Add support for nat-t oa payload handling. Submitted by Timo Teras.
2007-12-12 04:45:59 +00:00
85c7ab0640
add a sample XAuthLocation for x.org users as discussed on pkgsrc-users@
2007-12-08 19:03:28 +00:00
4454243c5b
Add changelog entries missed in the last commit.
2007-12-04 19:54:24 +00:00
2ada148e80
Modify ipsecdoi_sockaddr2id() to obtain an id without specifying the exact prefix length. Correct a memory leak in phase2. Both submitted by Timo Teras.
2007-12-04 19:52:30 +00:00
e5326240e8
Fix typos. New sentence, new line.
2007-12-01 19:24:47 +00:00
3139da7ed3
From Natanael Copa: fixed a race condition when building yacc stuff.
2007-11-29 16:22:08 +00:00
45ebb13627
fixed a race condition when building yacc stuff
2007-11-29 16:22:07 +00:00
e76e80b28b
From Arnaud Ebalard: some sanity checks, debug, and a better matching of SPD entries in getsp_r()
2007-11-09 16:28:14 +00:00
faf3c4a53b
From Arnaud Ebalard: Some sanity checking in pk_recv()
2007-11-09 16:27:58 +00:00
70597b6cab
From Arnaud Ebalard: Better matching of SPD entries in getsp_r().
2007-11-09 16:27:47 +00:00
cd8d63d79e
From Arnaud Ebalard: Added some debug in get_proposal_r().
2007-11-09 16:27:42 +00:00
c9951c135d
Fix for CVE-2007-4995 from OpenSSL CVS
2007-10-21 20:34:14 +00:00
57c0ea0775
Add SPLITNET_{INCLUDR_LOCAL}_CIDR to hook scripts
2007-10-19 03:37:18 +00:00
702eac21e5
Try to increase the buffer size of the pfkey socket, this may help things when we have a huge SPD
2007-10-15 16:05:01 +00:00
657e6e5324
new plog macro
2007-10-02 09:48:08 +00:00
4e4df07d61
From Scott Lamb: include plog.h to work with the new plog macro.
2007-10-02 09:47:55 +00:00
400c6ca5a9
From Scott Lamb: plog changed to _plog to work with new plog macro
2007-10-02 09:47:45 +00:00
c12d0d481a
From Scott Lamb: new plog macro.
2007-10-02 09:47:40 +00:00
0e0b59826f
apply a patch from openssl CVS to fix a remaining off-by-one error
...
in an older security fix, see
http://www.securityfocus.com/archive/1/480855/30/0/threaded
2007-09-28 13:09:26 +00:00
26182f1f5d
Set REUSE option on sockets to prevent failures associated with closing and immediately re-opening. Submitted by Gabriel Somlo.
2007-09-19 19:29:36 +00:00
33e6656ef9
Prevent duplicate entries in splitnet list. Submitted by Gabriel Somlo.
2007-09-19 19:20:25 +00:00
8293a09746
Fix autoconf check for selinux support. Submitted by Joy Latten.
2007-09-13 00:26:14 +00:00
aca8e1eed2
Implement clientaddr sainfo remote id option and refine the sainfo man page syntax.
2007-09-12 23:39:49 +00:00
6dda4e3f48
Use poll(2) to wait for rnd(4). The initialisation of OpenSSL's RNG
...
now works reliably if the first FD_SETSIZE file descriptors are in use.
2007-09-07 08:10:00 +00:00
manu