christos
5ae92982aa
properly fix the variable stack allocation code.
2008-03-28 21:18:45 +00:00
manu
fe6642740b
Still from Cyrus Rahman: fix file descriptor leak introduced by previous
...
commit.
2008-03-28 20:28:14 +00:00
manu
1d223a6207
From Cyrus Rahman: Allow interface reconfiguration when running in privilege separation mode, document privilege separation
2008-03-28 04:18:52 +00:00
manu
182dbe8881
From Cyrus Rahman <crahman@gmail.com>
...
Allow interface reconfiguration when running in privilege separation mode,
document privilege separation
2008-03-28 04:18:51 +00:00
mlelstv
eaec738d10
align cast with heimdal source
...
http://loka.it.su.se/fisheye/changelog/heimdal/?cs=22773
2008-03-24 20:05:57 +00:00
mlelstv
0b9b01afa9
Heimdal cannot easily detect wether the system uses kerberos or not
...
on a client. For now, turn on the hack, that causes heimdal to fail
when there is no config file. ok'd by lha.
2008-03-24 13:56:41 +00:00
dogcow
d0bda29ecc
fix compilation on alpha.
2008-03-24 08:27:23 +00:00
he
b2156dc123
The sig_atomic_t type isn't necessarily compatible with %d printf format;
...
cast to int before printing.
2008-03-23 23:09:04 +00:00
mlelstv
7ae544fc2d
Remove computed source files that may confuse mkdep.
2008-03-22 19:15:21 +00:00
mlelstv
fcf1d7cd15
Remove computed source files that may confuse mkdep.
2008-03-22 16:17:50 +00:00
mlelstv
e160244ccb
match whitespace after RCSID
2008-03-22 13:08:21 +00:00
mlelstv
1ea66c56df
NetBSD uses __RCSID
2008-03-22 13:03:05 +00:00
mlelstv
5d9c8e15e0
Import Heimdal-1.1
...
one more missing file
2008-03-22 10:35:47 +00:00
mlelstv
d5be9e9c1d
Import Heimdal-1.1
...
more files
2008-03-22 09:39:22 +00:00
mlelstv
2370a334ab
Import Heimdal-1.1
...
more missing files
2008-03-22 09:29:55 +00:00
mlelstv
b0f88a0388
Import Heimdal-1.1
2008-03-22 08:36:48 +00:00
vanhu
b5ae261d16
Generates a log if cert validation has been disabled by configuration
2008-03-06 17:00:03 +00:00
manu
b6b6316484
From Cyrus Rahman <crahman@gmail.com>
...
privilegied instance exit when unprivilegied one terminates. Save PID in real root, not in chroot
2008-03-06 04:29:20 +00:00
mgrooms
1e1f81eb1d
Add the ability to initiate IPsec SA negotiations using the admin socket.
...
Submitted by Timo Teras.
2008-03-06 00:46:04 +00:00
mgrooms
3fd729ad89
Refactor admin socket event protocol to be less error prone. Backwards compatibility is provided. Submitted by Timo Teras.
2008-03-06 00:34:11 +00:00
mgrooms
089a95fdcd
Refactor admin socket event protocol to be less error prone. Backwards
...
compatibility is provided. Submitted by Timmo Teras.
2008-03-06 00:34:10 +00:00
mgrooms
5e5c5d5011
Properly initialize the unity network struct to prevent erroneous protocol
...
and port info from being transmitted.
2008-03-05 22:27:50 +00:00
mgrooms
f771df75b3
Reload SPD on SIGHUP or adminport reload. Also provide better handling for
...
pfkey socket read errors. Submitted by Timo Teras.
2008-03-05 22:09:44 +00:00
manu
5ae99b01fd
Missing entries for last changes
2008-02-25 20:14:05 +00:00
manu
6ee9ace370
From Brian Haley <brian.haley@hp.com>
...
There's a cut/paste error in cmp_aproppair_i(), it's supposed to be
checking spi_size but it's not. I'm not sure this patch is correct, but
what's there isn't either.
2008-02-25 20:06:55 +00:00
manu
ebc590d76a
Fix address length, from Brian Haley
2008-02-22 18:50:03 +00:00
matt
2bbccfb905
yyparse returns int, not void.
2008-02-16 18:29:39 +00:00
spz
a91c432416
closes PR bin/37644
...
did not meet violent opposition ( :) ) on ipsec-tools-devel
2008-02-10 12:11:08 +00:00
christos
8a85bb4332
remove Protocol=2 line; from Jukka Salmi
2008-01-28 13:57:02 +00:00
tls
4781622c25
CRIOGET is gone. Saves one ioctl per session.
2008-01-26 20:46:21 +00:00
tls
9675caff5e
Some minor opencrypto fixes, one with a major performance impact for
...
OpenSSL:
1) Fix extremely misleading text in crypto.4 manual page so it does not
appear to claim that a new cloned file descriptor is required for every
session.
2) Fix severe performance problem (and fd leak!) in openssl cryptodev
engine resulting from misunderstanding probably caused by said manual
page text.
3) Check for session-ID wraparound in kernel cryptodev provider. Also,
start allocating sessions at 1, not 0 -- this will be necessary when
we add ioctls for the creation of multiple sessions at once, so we
can tell which if any creations failed.
2008-01-25 07:09:56 +00:00
vanhu
4aacbd15e1
From Timo Teras: reset iph1->dpd_r_u in the scheduler's callback, to avoid access to freed memory.
2008-01-11 14:27:34 +00:00
vanhu
ca6b517233
reset iph1->dpd_r_u in the scheduler's callback, to avoid some access to freed memory
2008-01-11 14:27:33 +00:00
vanhu
e0b7c2f9ec
reported somes fixes from Krzysztof Oledzki
2008-01-11 14:09:50 +00:00
vanhu
90cd29a77c
From Krzysztof Oledzki: Fix compilation with IDEA and recent gcc.
2008-01-11 14:09:05 +00:00
vanhu
5e3ace1c19
From Krzysztof Oledzki: added some details to some logs (also reported new getph1byaddr() arg).
2008-01-11 14:08:29 +00:00
vanhu
e8714f7763
From Krzysztof Oledzki: Only search for established ph1 handles in DPD (also reported new getph1byaddr() arg).
2008-01-11 14:07:39 +00:00
vanhu
223c4f34ce
added an 'established' arg to getph1byaddr()
2008-01-11 14:06:56 +00:00
mgrooms
c825a8ee5f
Add GRE protocol number to racoonctl. Correct id wildcard matching for transport mode. Submitted by Timo Teras.
2007-12-31 01:42:07 +00:00
mgrooms
e2eda5513a
Add GRE protocol number to racoonctl. Correct id wildcard matching for transport mode. Submitted by Timmo Teras.
2007-12-31 01:42:06 +00:00
jnemeth
c9b9889ada
add back #include <sys/socket.h> from Scott Ellis on current-users@
2007-12-21 20:42:03 +00:00
tnn
e9e5abe68c
fix typo in comment
2007-12-21 01:03:58 +00:00
martin
53a105b083
Disable the umac-64 MAC for now, it needs to be rewritten from scractch.
...
Addresses PR bin/37562.
2007-12-20 14:14:04 +00:00
dogcow
d642d06d3d
fixes for alpha: %ld -> %zd, signals are long.
2007-12-18 09:00:30 +00:00
dogcow
ceafeaa9bc
Eliminate "endian_convert defined but not used" on big-endian platforms;
...
instead of using the "generic" functions for byteswapping in this file,
use le32toh() and friends.
2007-12-18 08:32:21 +00:00
dogcow
4750a01617
on NetBSD, use %zu for sizeof()
2007-12-18 07:22:32 +00:00
christos
512c2e7e60
merge conflicts
2007-12-18 02:35:25 +00:00
christos
848569aa46
from ftp.openbsd.org
2007-12-17 20:15:38 +00:00
mgrooms
3a210f56fc
Add corrections submitted in a follow up patch for the nat-t oa support.
2007-12-12 05:08:28 +00:00
mgrooms
892304dffa
Add support for nat-t oa payload handling. Submitted by Timo Teras.
2007-12-12 04:45:59 +00:00