maxv
9cc33dc2c2
drop __P, suggested by sevan
2018-05-28 20:45:38 +00:00
maxv
02ed4ce0ae
drop __P, suggested by sevan
2018-05-28 20:34:45 +00:00
maxv
d5ded68d11
fix -Wold-style-definition
2018-05-28 19:52:18 +00:00
maxv
a8c2f61e83
Remove ipsec_bindump, there is no prototype, so the function can't be used.
2018-05-28 19:39:21 +00:00
maxv
ff1d84b094
fix -Wdiscarded-qualifiers
2018-05-28 19:36:42 +00:00
maxv
abcef802a2
fix -Wunused and -Wold-style-definition
2018-05-28 19:22:40 +00:00
maxv
df9d65850f
Add a note about FreeBSD.
2018-05-20 09:14:18 +00:00
maxv
dc0ca504c7
Update, after ten years. Importantly, add a "History" section, to explain
...
what's going on.
We have now become "upstream", and most of the ipsec-tools development is
done in NetBSD's CVS. However, many distributions still take their
tarballs from SourceForge (which is defunct, and not maintained).
2018-05-20 08:55:25 +00:00
maxv
4eb599a9b3
Style.
2018-05-20 06:15:45 +00:00
maxv
79383b8281
Remove dead code, and style.
2018-05-19 20:40:40 +00:00
maxv
e2ff693411
Remove unused 'error' variables, it's obvious they should have no use.
2018-05-19 20:21:23 +00:00
maxv
165b31ce96
Use strict prototypes, when they don't introduce more warnings than they fix.
...
Also localify a few functions.
2018-05-19 20:14:56 +00:00
maxv
abe88a07be
Remove unused labels, functions, and function prototypes.
2018-05-19 19:47:47 +00:00
maxv
78d5ecb35f
More unused variables.
2018-05-19 19:32:16 +00:00
maxv
ff699fb469
Remove unused variables.
2018-05-19 19:23:15 +00:00
maxv
253ae9a65a
Style, a little...
2018-05-19 18:51:59 +00:00
christos
e24b32683b
Avoid double frees (thanks asan)
2018-04-01 22:59:57 +00:00
christos
7b335de413
make debugrm compile again.
2018-04-01 22:35:22 +00:00
christos
5ff0fb825b
Welcome to the 21st century Buck Rogers: OpenSSL-1.1
2018-02-07 03:59:03 +00:00
knakahara
cbf21dcddc
fix typo. (does not affect actual operation, but confuses reader...)
...
The function is called when racoon receives SADB_X_MIGRATE pfkey message,
however the message is not used now. It was compatible code for KAME.
2017-11-09 08:34:50 +00:00
christos
afbc9755de
PR/51682: Antoine Beaupré: Simplify and comment previous patch.
...
XXX: pullup-8
2017-07-23 05:40:27 +00:00
ozaki-r
a607076325
Add update command for testing
...
Updating an SA (SADB_UPDATE) requires that a process issuing
SADB_UPDATE is the same as a process issued SADB_ADD (or SADB_GETSPI).
This means that update command must be used with add command in a
configuration of setkey. This usage is normally meaningless but
useful for testing (and debugging) purposes.
2017-07-05 01:22:40 +00:00
christos
8277ddc197
PR/52292: Shinichi Doyashiki: Fix reversed comments.
2017-06-11 22:12:56 +00:00
ozaki-r
6aaeb7bc8b
Print protocol number as well as its name
...
ex.) before: "reserved" -> after: "255(reserved)"
The original author is hsuenaga@IIJ
2017-04-26 03:19:49 +00:00
ozaki-r
2ea60f03d0
Correct the length of the SADB_EXT header in debug outputs
...
The length is shifted 3 bits in PF_KEY protocol.
Originally fixed by hsuenaga@IIJ
2017-04-26 03:16:06 +00:00
ozaki-r
e27c60ccce
Fix parsing ah without a key
2017-04-13 01:19:17 +00:00
roy
fcede00eff
Use RO_MSGFILTER.
2017-04-12 16:47:39 +00:00
christos
7e9937c7a6
PR/51682: Avoid DoS with fragment out of order insertion; keep fragments
...
sorted in the list.
2017-01-24 19:23:31 +00:00
christos
8cf4c21bed
CID 1356385: Add fallthrough comment
2016-03-16 21:09:39 +00:00
christos
a8a1a8c522
PR/50943: David Binderman: Fix misplaced parenthesis.
2016-03-11 18:28:43 +00:00
christos
71f53a526c
From Frank Wille:
...
Request "IKE mode config" in "rsasig" (certificates on both sides only)
authentication mode, if "mode_cfg" is configured to "on".
Tested with a Lancom router, using the following configuration:
path include "/etc/racoon";
path certificate "/etc/racoon/certs";
path script "/etc/racoon/scripts";
remote "wpsd"
{
remote_address 1.2.3.4;
exchange_mode main,base;
my_identifier asn1dn;
certificate_type x509 "vpnclient15.crt" "vpnclient15.key";
ca_type x509 "ca.crt";
mode_cfg on;
dpd_delay 20;
nat_traversal on;
lifetime time 8 hour;
script "phase1-up.sh" phase1_up;
script "phase1-down.sh" phase1_down;
proposal {
encryption_algorithm aes;
hash_algorithm md5;
authentication_method rsasig;
dh_group 2;
}
proposal_check obey;
}
sainfo anonymous
{
pfs_group 2;
lifetime time 8 hour;
encryption_algorithm aes;
authentication_algorithm hmac_md5;
compression_algorithm deflate;
}
2016-03-09 22:27:17 +00:00
christos
d2bf8aa2c7
PR/50918: David Binderman: Fix memory leak
2016-03-09 15:58:25 +00:00
christos
f91581fb8e
PR/50815: David Binderman: Remove dup test
2016-02-17 20:11:17 +00:00
christos
e0b253ee23
Detect error earlier to avoid memory leak.
...
XXX: pullup-7
2015-05-19 15:16:00 +00:00
christos
58416d2a6d
Protect against a NULL pointer dereference described in:
...
https://www.altsci.com/ipsec/
XXX: pullup-7
2015-05-19 15:14:25 +00:00
christos
59bf05d0af
fix grammar stupidity: ipandport takes an optional port but has 2 grammar
...
productions, one with and one without an optional port. make the port
not optional and kill reduce-reduce conflicts.
2014-09-10 21:04:08 +00:00
christos
52f10dbca1
remove dup
2014-09-10 21:01:33 +00:00
christos
1aafa42e67
don't warn for 80211 messages
2014-06-14 22:39:36 +00:00
riastradh
6cb10275d0
Merge riastradh-drm2 to HEAD.
2014-03-18 18:20:35 +00:00
tteras
a96c32cedb
From Adam Majer <adamm@zombino.com>: Support IPv6 in X509 subjectAltName
2014-02-27 08:37:58 +00:00
christos
7eb6f06c8c
remove unused variables
2013-10-20 21:17:28 +00:00
wiz
a5684d07dd
Use Mt for email addresses.
2013-07-20 21:39:55 +00:00
tteras
2d9f2eda4f
From Rainer Weikusat <rweikusat@mobileactivedefense.com>: Export phase1
...
remote address as Radius Calling-Station-Id.
2013-07-19 10:54:52 +00:00
christos
a2f4868d2a
add RTM_LOSING, RTM_REDIRECT
2013-07-18 17:02:58 +00:00
tteras
4595769cee
From Sven Vermeulen <sven.vermeulen@siphos.be>: Moves ploginit() up,
...
allowing logging events from init_avc() to show up as well.
2013-07-12 13:11:50 +00:00
christos
c59ba37534
Add an option --enable-wildcard-match to enable wildcard matching and explain
...
why we might want it and why it is a bad idea in general that's why it is
not enabled by default. ok tteras@, manu@
2013-06-20 15:41:18 +00:00
tteras
4f62ef74bd
From Paul Barker: Remove redundant memset after calloc that caused compile
...
failures with gcc 4.8 due to error: argument to 'sizeof' in 'memset' call
is the same expression as the destination; did you mean to dereference.
2013-06-18 05:39:50 +00:00
christos
54da44c072
Accept - as stdin
...
Be nice and let the user know which file it could not open.
2013-06-14 16:29:14 +00:00
tteras
05fbc8efab
From Alexander Sbitnev <alexander.sbitnev@gmail.com>: fix admin port
...
establish-sa for tunnel mode SAs.
2013-06-03 05:49:31 +00:00
tteras
fdd5bac4fc
From Rainer Weikusat <rweikusat@mobileactivedefense.com>: Fix
...
SADB_X_EALG_CASTCBC definition to use system definition (which
differs at least on Linux).
------------------------
2013-05-23 05:42:29 +00:00