Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
195,660 Commits 606 Branches 0 Tags 3.1 GiB
e7b1a862f7
Commit Graph

1469 Commits

Author SHA1 Message Date
tteras
566286569e From Roman Hoog Antink <rha@open.ch>: Fix possible null derefence. 2010-12-14 17:57:31 +00:00
tteras
0303048b1e Use separate SA addresses for phase2's created by admin command. The 
phase2 startup overwrites src/dst with ISAKMP ports if they are zero
and we don't want that to happen for the SA ports.
 2010-12-08 07:38:35 +00:00
joerg
0d0af5032c ANSIfy 2010-12-08 01:55:12 +00:00
joerg
6536213d9e Don't format an error and pass it down as format string again. 2010-12-08 01:45:57 +00:00
joerg
75ccf94c1f Remove useless conditional. 2010-12-07 22:08:27 +00:00
tteras
1246e1db41 Fix spacing and improve wording in some log messages. 2010-12-07 14:28:12 +00:00
tteras
b3dca9dae4 Recognize direction for Linux per-socket policies. 2010-12-03 15:01:11 +00:00
tteras
7d13a088be Support GRE key as upper layer protocol specifier (will be supported in 
Linux kernel 2.6.38).
 2010-12-03 14:32:52 +00:00
tteras
3a9671366f Netlink deletion notification does not guarentee actual address deletion: 
it might still exist on some other interface. Make sure we do not unbind
unless the address is really gone.
 2010-12-03 09:46:24 +00:00
tteras
6a6cffd67e Fix my previous patch to not call purge_remote() twice. Change the place 
where purge_remote() is called. This fixes also a possible crash from the
same patch since ph1->remote can be NULL (when we are responder and config
is not yet selected).
 2010-11-17 10:40:41 +00:00
tteras
939a5bdbb6 isakmp_post_acquire is now called from admin commands too, add a flag so 
admin commands can be used to establish even passive links on demand.
 2010-11-12 10:36:37 +00:00
tteras
fafea48525 Purge all IPsec-SA's if the last main ISAKMP-SA for the node is deleted 
by remote request and the phase1 rekeying is enabled (this will also
trigger the new phase1_dead script hook).
 2010-11-12 09:11:37 +00:00
tteras
3d7d638a63 Improve DPD sequence checks to allow any reply within valid sequence window 
to be proof of livelyness. This can improves things if there's random
packet delays, or if racoon is not getting enough CPU time.
 2010-11-12 09:09:47 +00:00
tteras
731159f704 Extern admin protocol to allow reply packets to exceed 64kb. E.g SA dumps 
with many established SAs can be easily over the limit.
 2010-11-12 09:08:26 +00:00
tteras
0a922db186 Change Linux Netlink address monitoring to monitor local route changes. 
This works around a kernel bug, and slightly improves behaviour on some
special cases.
 2010-10-22 06:26:26 +00:00
tteras
84874398b5 Introduce priorities for file descriptor polling mechanism and give 
priority to admin port. If admin port is used by ISAKMP-SA hook scripts
they should be preferred, other wise heavy traffic can delay admin port
requests considerably. This in turn may cause renegotiation loop for
ISAKMP-SA. This is mostly useful for OpenNHRP setup, but can benefit
other setups too.
 2010-10-21 06:15:28 +00:00
tteras
af50f9e5f9 Remove initial-contact entry when all ISAKMP-SA are purged via adminport. 
This will avoid stale security associations if some of the delete
notifications happens to get lost.
 2010-10-21 06:04:33 +00:00
tteras
976b63b0c6 Use high-level openssl EVP and HMAC functions when possible: this allows 
openssl to perform hardware acceleration if available.
 2010-10-20 13:40:02 +00:00
tteras
fa4803bf0a Various improvements to error log messages and a few additional error log 
messages to improve diagnosing an error condition.
 2010-10-20 13:37:37 +00:00
tteras
49a8dd9d23 Fix address comparison so we actually close sockets which were bound to 
IP-address that got deconfigured.
 2010-10-20 10:56:39 +00:00
vanhu
fe1c6ea2f2 report a higher encryption key length in approval for OBEY / CLAIM / STRICT modes 2010-10-11 14:16:30 +00:00
vanhu
45f0ad8281 fixed some typos in logs (reported by fazaeli (at) sepehrs.com) 2010-09-27 11:57:59 +00:00
vanhu
1da0e31bfc fixed a fd leak, patch by getlaser (at) gmail.com 2010-09-24 15:09:29 +00:00
vanhu
23e038ba26 get the correct length of username when processing ADMIN_LOGOUT_USER, patch by rweikusat (at) mssgmbh.com 2010-09-22 13:37:35 +00:00
vanhu
40e858e050 fixed a typo in macros, reported by marisp (at) mt.lv 2010-09-22 07:34:51 +00:00
vanhu
a4e6ec9d93 moved from utmp.h to utmpx.h (patch provided by marcin.cieslak (at) gmail.com) 2010-09-21 13:14:17 +00:00
vanhu
71f4bdc1a9 fixed remoteconf selection when no ID specified in configuration, and added some debug to remoteconf selection 2010-09-08 12:18:35 +00:00
vanhu
12865805af fix by Sergio.Gelato (at) astro.su.se: duplicate some dynamic values in duprmconf() 2010-08-26 13:31:55 +00:00
reed
75d9fdeb7e Add copyright and license. 
I reported this in October 2009 and it was fixed upstream.
http://github.com/heimdal/heimdal/commits/master/kpasswd/kpasswdd.8
 2010-08-25 15:08:22 +00:00
vanhu
4020e47561 fixed answer for IP4_SUBNET request 2010-08-04 09:16:58 +00:00
vanhu
62c45492f0 updated link to NetBSD's documentation 2010-07-30 14:50:47 +00:00
wiz
432f682f2f Bump date for previous. 2010-06-22 20:51:04 +00:00
vanhu
9049130b27 added a specific script hook when a dead peer is detected 2010-06-22 09:41:33 +00:00
wiz
ee938d1113 New sentence, new line. Bump date for previous. 2010-06-04 21:53:36 +00:00
vanhu
a0bdaf1b16 Added support for spdupdate command in setkey 2010-06-04 13:06:03 +00:00
vanhu
ba30b496b8 by Eric Preston: fixed a typo 2010-04-07 14:53:52 +00:00
christos
ec03fa3be9 handle ctime returning NULL. 2010-04-02 15:26:17 +00:00
christos
467b66f1cd make it obvious to grep that ctime is being checked. 2010-04-02 15:25:04 +00:00
christos
ef20b5e868 handle ctime returning NULL. 2010-04-02 15:23:17 +00:00
christos
53ab8e0b3c make it obvious what ctime is used for. 2010-04-02 15:19:02 +00:00
christos
bd7ae6bd09 handle ctime returning NULL. 2010-04-02 15:13:26 +00:00
christos
fcbd1014fb PR/42363: Yasuoka Masahiko: Second part of the patch: iterate only on the 
phase2 handles that are bound by the given phase1 handle.
 2010-03-11 15:44:48 +00:00
tteras
e3413574b5 From Stefan Bauer: Fix multiple typoes and manpage formatting errors. 2010-03-05 06:47:58 +00:00
vanhu
709abc828e From Pierre POMES: fixed admin port initialization 2010-03-04 15:13:53 +00:00
snj
ccaf1e96be Fight the ever-increasing size of src checkouts by spelling "useful" 
without an extra l.
 2010-02-28 15:52:16 +00:00
wiz
8e35c759e7 Fix typo in comment. 2010-02-09 23:05:16 +00:00
christos
6439b76ce2 make the window size function return the lines and columns variables separately 
instead of depending on the existance of struct winsize. Technically I should
bump the library version or version the symbol, but nothing seems to use this
outside the library!
 2010-01-24 16:45:57 +00:00
christos
6e3a01841c don't expose struct winsize needlessly. 2010-01-24 16:42:12 +00:00
tsutsui
9357df271a Backout previous. 2010-01-20 19:54:07 +00:00
tsutsui
64cc3f120f Backout previous which breaks build on NetBSD. Pointed out by wiz@. 
Probably we have to add a check for HAVE_STRUCT_WINSIZE
in src/tools/configure as src/crypto/dist/heimdal/configure does.
 2010-01-20 15:03:50 +00:00