Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
167,925 Commits 606 Branches 0 Tags 3.1 GiB
2c1c2b60b2
Commit Graph

1160 Commits

Author SHA1 Message Date
vanhu
b5ae261d16 Generates a log if cert validation has been disabled by configuration 2008-03-06 17:00:03 +00:00
manu
b6b6316484 From Cyrus Rahman <crahman@gmail.com> 
privilegied instance exit when unprivilegied one terminates. Save PID in real root, not in chroot
 2008-03-06 04:29:20 +00:00
mgrooms
1e1f81eb1d Add the ability to initiate IPsec SA negotiations using the admin socket. 
Submitted by Timo Teras.
 2008-03-06 00:46:04 +00:00
mgrooms
3fd729ad89 Refactor admin socket event protocol to be less error prone. Backwards compatibility is provided. Submitted by Timo Teras. 2008-03-06 00:34:11 +00:00
mgrooms
089a95fdcd Refactor admin socket event protocol to be less error prone. Backwards 
compatibility is provided. Submitted by Timmo Teras.
 2008-03-06 00:34:10 +00:00
mgrooms
5e5c5d5011 Properly initialize the unity network struct to prevent erroneous protocol 
and port info from being transmitted.
 2008-03-05 22:27:50 +00:00
mgrooms
f771df75b3 Reload SPD on SIGHUP or adminport reload. Also provide better handling for 
pfkey socket read errors. Submitted by Timo Teras.
 2008-03-05 22:09:44 +00:00
manu
5ae99b01fd Missing entries for last changes 2008-02-25 20:14:05 +00:00
manu
6ee9ace370 From Brian Haley <brian.haley@hp.com> 
There's a cut/paste error in cmp_aproppair_i(), it's supposed to be
checking spi_size but it's not.  I'm not sure this patch is correct, but
what's there isn't either.
 2008-02-25 20:06:55 +00:00
manu
ebc590d76a Fix address length, from Brian Haley 2008-02-22 18:50:03 +00:00
matt
2bbccfb905 yyparse returns int, not void. 2008-02-16 18:29:39 +00:00
spz
a91c432416 closes PR bin/37644 
did not meet violent opposition ( :) ) on ipsec-tools-devel
 2008-02-10 12:11:08 +00:00
christos
8a85bb4332 remove Protocol=2 line; from Jukka Salmi 2008-01-28 13:57:02 +00:00
tls
4781622c25 CRIOGET is gone. Saves one ioctl per session. 2008-01-26 20:46:21 +00:00
tls
9675caff5e Some minor opencrypto fixes, one with a major performance impact for 
OpenSSL:

1) Fix extremely misleading text in crypto.4 manual page so it does not
   appear to claim that a new cloned file descriptor is required for every
   session.

2) Fix severe performance problem (and fd leak!) in openssl cryptodev
   engine resulting from misunderstanding probably caused by said manual
   page text.

3) Check for session-ID wraparound in kernel cryptodev provider.  Also,
   start allocating sessions at 1, not 0 -- this will be necessary when
   we add ioctls for the creation of multiple sessions at once, so we
   can tell which if any creations failed.
 2008-01-25 07:09:56 +00:00
vanhu
4aacbd15e1 From Timo Teras: reset iph1->dpd_r_u in the scheduler's callback, to avoid access to freed memory. 2008-01-11 14:27:34 +00:00
vanhu
ca6b517233 reset iph1->dpd_r_u in the scheduler's callback, to avoid some access to freed memory 2008-01-11 14:27:33 +00:00
vanhu
e0b7c2f9ec reported somes fixes from Krzysztof Oledzki 2008-01-11 14:09:50 +00:00
vanhu
90cd29a77c From Krzysztof Oledzki: Fix compilation with IDEA and recent gcc. 2008-01-11 14:09:05 +00:00
vanhu
5e3ace1c19 From Krzysztof Oledzki: added some details to some logs (also reported new getph1byaddr() arg). 2008-01-11 14:08:29 +00:00
vanhu
e8714f7763 From Krzysztof Oledzki: Only search for established ph1 handles in DPD (also reported new getph1byaddr() arg). 2008-01-11 14:07:39 +00:00
vanhu
223c4f34ce added an 'established' arg to getph1byaddr() 2008-01-11 14:06:56 +00:00
mgrooms
c825a8ee5f Add GRE protocol number to racoonctl. Correct id wildcard matching for transport mode. Submitted by Timo Teras. 2007-12-31 01:42:07 +00:00
mgrooms
e2eda5513a Add GRE protocol number to racoonctl. Correct id wildcard matching for transport mode. Submitted by Timmo Teras. 2007-12-31 01:42:06 +00:00
jnemeth
c9b9889ada add back #include <sys/socket.h> from Scott Ellis on current-users@ 2007-12-21 20:42:03 +00:00
tnn
e9e5abe68c fix typo in comment 2007-12-21 01:03:58 +00:00
martin
53a105b083 Disable the umac-64 MAC for now, it needs to be rewritten from scractch. 
Addresses PR bin/37562.
 2007-12-20 14:14:04 +00:00
dogcow
d642d06d3d fixes for alpha: %ld -> %zd, signals are long. 2007-12-18 09:00:30 +00:00
dogcow
ceafeaa9bc Eliminate "endian_convert defined but not used" on big-endian platforms; 
instead of using the "generic" functions for byteswapping in this file,
use le32toh() and friends.
 2007-12-18 08:32:21 +00:00
dogcow
4750a01617 on NetBSD, use %zu for sizeof() 2007-12-18 07:22:32 +00:00
christos
512c2e7e60 merge conflicts 2007-12-18 02:35:25 +00:00
christos
848569aa46 from ftp.openbsd.org 2007-12-17 20:15:38 +00:00
mgrooms
3a210f56fc Add corrections submitted in a follow up patch for the nat-t oa support. 2007-12-12 05:08:28 +00:00
mgrooms
892304dffa Add support for nat-t oa payload handling. Submitted by Timo Teras. 2007-12-12 04:45:59 +00:00
jnemeth
85c7ab0640 add a sample XAuthLocation for x.org users as discussed on pkgsrc-users@ 2007-12-08 19:03:28 +00:00
mgrooms
4454243c5b Add changelog entries missed in the last commit. 2007-12-04 19:54:24 +00:00
mgrooms
2ada148e80 Modify ipsecdoi_sockaddr2id() to obtain an id without specifying the exact prefix length. Correct a memory leak in phase2. Both submitted by Timo Teras. 2007-12-04 19:52:30 +00:00
wiz
e5326240e8 Fix typos. New sentence, new line. 2007-12-01 19:24:47 +00:00
vanhu
3139da7ed3 From Natanael Copa: fixed a race condition when building yacc stuff. 2007-11-29 16:22:08 +00:00
vanhu
45ebb13627 fixed a race condition when building yacc stuff 2007-11-29 16:22:07 +00:00
vanhu
e76e80b28b From Arnaud Ebalard: some sanity checks, debug, and a better matching of SPD entries in getsp_r() 2007-11-09 16:28:14 +00:00
vanhu
faf3c4a53b From Arnaud Ebalard: Some sanity checking in pk_recv() 2007-11-09 16:27:58 +00:00
vanhu
70597b6cab From Arnaud Ebalard: Better matching of SPD entries in getsp_r(). 2007-11-09 16:27:47 +00:00
vanhu
cd8d63d79e From Arnaud Ebalard: Added some debug in get_proposal_r(). 2007-11-09 16:27:42 +00:00
adrianp
c9951c135d Fix for CVE-2007-4995 from OpenSSL CVS 2007-10-21 20:34:14 +00:00
manu
57c0ea0775 Add SPLITNET_{INCLUDR_LOCAL}_CIDR to hook scripts 2007-10-19 03:37:18 +00:00
vanhu
702eac21e5 Try to increase the buffer size of the pfkey socket, this may help things when we have a huge SPD 2007-10-15 16:05:01 +00:00
vanhu
657e6e5324 new plog macro 2007-10-02 09:48:08 +00:00
vanhu
4e4df07d61 From Scott Lamb: include plog.h to work with the new plog macro. 2007-10-02 09:47:55 +00:00
vanhu
400c6ca5a9 From Scott Lamb: plog changed to _plog to work with new plog macro 2007-10-02 09:47:45 +00:00