Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
260,901 Commits 606 Branches 0 Tags 3.1 GiB
Commit Graph

647 Commits

Author SHA1 Message Date
maxv 9cc33dc2c2 drop __P, suggested by sevan 2018-05-28 20:45:38 +00:00
maxv 02ed4ce0ae drop __P, suggested by sevan 2018-05-28 20:34:45 +00:00
maxv d5ded68d11 fix -Wold-style-definition 2018-05-28 19:52:18 +00:00
maxv a8c2f61e83 Remove ipsec_bindump, there is no prototype, so the function can't be used. 2018-05-28 19:39:21 +00:00
maxv ff1d84b094 fix -Wdiscarded-qualifiers 2018-05-28 19:36:42 +00:00
maxv abcef802a2 fix -Wunused and -Wold-style-definition 2018-05-28 19:22:40 +00:00
maxv df9d65850f Add a note about FreeBSD. 2018-05-20 09:14:18 +00:00
maxv dc0ca504c7 Update, after ten years. Importantly, add a "History" section, to explain 
what's going on.

We have now become "upstream", and most of the ipsec-tools development is
done in NetBSD's CVS. However, many distributions still take their
tarballs from SourceForge (which is defunct, and not maintained).
 2018-05-20 08:55:25 +00:00
maxv 4eb599a9b3 Style. 2018-05-20 06:15:45 +00:00
maxv 79383b8281 Remove dead code, and style. 2018-05-19 20:40:40 +00:00
maxv e2ff693411 Remove unused 'error' variables, it's obvious they should have no use. 2018-05-19 20:21:23 +00:00
maxv 165b31ce96 Use strict prototypes, when they don't introduce more warnings than they fix. 
Also localify a few functions.
 2018-05-19 20:14:56 +00:00
maxv abe88a07be Remove unused labels, functions, and function prototypes. 2018-05-19 19:47:47 +00:00
maxv 78d5ecb35f More unused variables. 2018-05-19 19:32:16 +00:00
maxv ff699fb469 Remove unused variables. 2018-05-19 19:23:15 +00:00
maxv 253ae9a65a Style, a little... 2018-05-19 18:51:59 +00:00
christos e24b32683b Avoid double frees (thanks asan) 2018-04-01 22:59:57 +00:00
christos 7b335de413 make debugrm compile again. 2018-04-01 22:35:22 +00:00
christos 5ff0fb825b Welcome to the 21st century Buck Rogers: OpenSSL-1.1 2018-02-07 03:59:03 +00:00
knakahara cbf21dcddc fix typo. (does not affect actual operation, but confuses reader...) 
The function is called when racoon receives SADB_X_MIGRATE pfkey message,
however the message is not used now. It was compatible code for KAME.
 2017-11-09 08:34:50 +00:00
christos afbc9755de PR/51682: Antoine Beaupré: Simplify and comment previous patch. 
XXX: pullup-8
 2017-07-23 05:40:27 +00:00
ozaki-r a607076325 Add update command for testing 
Updating an SA (SADB_UPDATE) requires that a process issuing
SADB_UPDATE is the same as a process issued SADB_ADD (or SADB_GETSPI).
This means that update command must be used with add command in a
configuration of setkey. This usage is normally meaningless but
useful for testing (and debugging) purposes.
 2017-07-05 01:22:40 +00:00
christos 8277ddc197 PR/52292: Shinichi Doyashiki: Fix reversed comments. 2017-06-11 22:12:56 +00:00
ozaki-r 6aaeb7bc8b Print protocol number as well as its name 
ex.) before: "reserved" -> after: "255(reserved)"

The original author is hsuenaga@IIJ
 2017-04-26 03:19:49 +00:00
ozaki-r 2ea60f03d0 Correct the length of the SADB_EXT header in debug outputs 
The length is shifted 3 bits in PF_KEY protocol.

Originally fixed by hsuenaga@IIJ
 2017-04-26 03:16:06 +00:00
ozaki-r e27c60ccce Fix parsing ah without a key 2017-04-13 01:19:17 +00:00
roy fcede00eff Use RO_MSGFILTER. 2017-04-12 16:47:39 +00:00
christos 7e9937c7a6 PR/51682: Avoid DoS with fragment out of order insertion; keep fragments 
sorted in the list.
 2017-01-24 19:23:31 +00:00
christos 8cf4c21bed CID 1356385: Add fallthrough comment 2016-03-16 21:09:39 +00:00
christos a8a1a8c522 PR/50943: David Binderman: Fix misplaced parenthesis. 2016-03-11 18:28:43 +00:00
christos 71f53a526c From Frank Wille: 
Request "IKE mode config" in "rsasig" (certificates on both sides only)
authentication mode, if "mode_cfg" is configured to "on".
Tested with a Lancom router, using the following configuration:

path include "/etc/racoon";
path certificate "/etc/racoon/certs";
path script "/etc/racoon/scripts";

remote "wpsd"
{
    remote_address 1.2.3.4;
    exchange_mode main,base;

    my_identifier asn1dn;
    certificate_type x509 "vpnclient15.crt" "vpnclient15.key";
    ca_type x509 "ca.crt";

    mode_cfg on;
    dpd_delay 20;
    nat_traversal on;
    lifetime time 8 hour;
    script "phase1-up.sh" phase1_up;
    script "phase1-down.sh" phase1_down;

    proposal {
        encryption_algorithm aes;
        hash_algorithm md5;
        authentication_method rsasig;
        dh_group 2;
    }
    proposal_check obey;
}

sainfo anonymous
{
    pfs_group 2;
    lifetime time 8 hour;
    encryption_algorithm aes;
    authentication_algorithm hmac_md5;
    compression_algorithm deflate;
}
 2016-03-09 22:27:17 +00:00
christos d2bf8aa2c7 PR/50918: David Binderman: Fix memory leak 2016-03-09 15:58:25 +00:00
christos f91581fb8e PR/50815: David Binderman: Remove dup test 2016-02-17 20:11:17 +00:00
christos e0b253ee23 Detect error earlier to avoid memory leak. 
XXX: pullup-7
 2015-05-19 15:16:00 +00:00
christos 58416d2a6d Protect against a NULL pointer dereference described in: 
https://www.altsci.com/ipsec/

XXX: pullup-7
 2015-05-19 15:14:25 +00:00
christos 59bf05d0af fix grammar stupidity: ipandport takes an optional port but has 2 grammar 
productions, one with and one without an optional port. make the port
not optional and kill reduce-reduce conflicts.
 2014-09-10 21:04:08 +00:00
christos 52f10dbca1 remove dup 2014-09-10 21:01:33 +00:00
christos 1aafa42e67 don't warn for 80211 messages 2014-06-14 22:39:36 +00:00
riastradh 6cb10275d0 Merge riastradh-drm2 to HEAD. 2014-03-18 18:20:35 +00:00
tteras a96c32cedb From Adam Majer <adamm@zombino.com>: Support IPv6 in X509 subjectAltName 2014-02-27 08:37:58 +00:00
christos 7eb6f06c8c remove unused variables 2013-10-20 21:17:28 +00:00
wiz a5684d07dd Use Mt for email addresses. 2013-07-20 21:39:55 +00:00
tteras 2d9f2eda4f From Rainer Weikusat <rweikusat@mobileactivedefense.com>: Export phase1 
remote address as Radius Calling-Station-Id.
 2013-07-19 10:54:52 +00:00
christos a2f4868d2a add RTM_LOSING, RTM_REDIRECT 2013-07-18 17:02:58 +00:00
tteras 4595769cee From Sven Vermeulen <sven.vermeulen@siphos.be>: Moves ploginit() up, 
allowing logging events from init_avc() to show up as well.
 2013-07-12 13:11:50 +00:00
christos c59ba37534 Add an option --enable-wildcard-match to enable wildcard matching and explain 
why we might want it and why it is a bad idea in general that's why it is
not enabled by default. ok tteras@, manu@
 2013-06-20 15:41:18 +00:00
tteras 4f62ef74bd From Paul Barker: Remove redundant memset after calloc that caused compile 
failures with gcc 4.8 due to error: argument to 'sizeof' in 'memset' call
is the same expression as the destination; did you mean to dereference.
 2013-06-18 05:39:50 +00:00
christos 54da44c072 Accept - as stdin 
Be nice and let the user know which file it could not open.
 2013-06-14 16:29:14 +00:00
tteras 05fbc8efab From Alexander Sbitnev <alexander.sbitnev@gmail.com>: fix admin port 
establish-sa for tunnel mode SAs.
 2013-06-03 05:49:31 +00:00
tteras fdd5bac4fc From Rainer Weikusat <rweikusat@mobileactivedefense.com>: Fix 
SADB_X_EALG_CASTCBC definition to use system definition (which
differs at least on Linux).
------------------------
 2013-05-23 05:42:29 +00:00