Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
137,969 Commits 606 Branches 0 Tags 3.1 GiB
Commit Graph

792 Commits

Author SHA1 Message Date
manu dd3259cec0 NAT-T fix: We treat null ports in SPD as wildcard so that IKE ports 
are used instead. This was done on phase 2 initiation from the kernel
(acquire message), but not on phase 2 initiation retries when the
phase 2 had been queued  for a phase 1.
 2005-06-22 21:28:18 +00:00
manu 13ca728372 Consume NAT-T packets that have already been seen through MSG_PEEK 2005-06-15 07:29:20 +00:00
chs 7bbdd188e1 appease gcc -Wuninitialized on hp700. 2005-06-05 19:08:28 +00:00
manu 6ec5a5a9b7 Fix Xauth login with PAM authentication 2005-06-04 22:09:27 +00:00
manu 2c39301c40 Endianness bug fix 2005-06-04 21:55:05 +00:00
manu 311dff8be0 Missing 0th element in rm_idtype2doi array 2005-06-03 22:27:06 +00:00
lukem d687f4502c appease gcc -Wuninitialized 2005-06-02 04:59:17 +00:00
lukem 936a4cd73f Don't attempt to close a random file descriptor upon error. 
Detected with gcc -Wuninitialized.
 2005-06-02 04:57:33 +00:00
lukem 08ef6270ca appease gcc -Wuninitialized 2005-06-02 04:56:14 +00:00
lukem 89f4d29f7d Appease gcc -Wuninitialized, in a similar method used elsewhere in the 
same function.
 2005-06-02 04:43:45 +00:00
lukem 6e3cdc676d appease gcc -Wuninitialized 2005-06-01 12:07:00 +00:00
wiz 8bf012821a Drop trailing whitespace. 2005-05-25 16:57:39 +00:00
wiz bf77c4e4b3 Drop trailing whitespace and a grammar fix. 2005-05-25 10:09:36 +00:00
manu bd592e6e99 Really delete phase 1 on Xauth failure 2005-05-20 07:34:47 +00:00
manu 48fade8581 Fix NAT-T plus IPcomp 2005-05-20 01:28:13 +00:00
manu c6660c31c6 Fix parse bug in IPsec policies 2005-05-20 00:57:33 +00:00
manu 2e090d4afb When altering the lifetime, don't modify to configured proposal, duplicate 
it instead.
 2005-05-20 00:54:55 +00:00
christos 137ea645ec PR/30198: Lubomir Sedlacik: The forwarding listening host is optional; don't 
try to free it.
 2005-05-18 16:11:11 +00:00
manu 6add206c2f - Fix a double free 
- For acquire messages, when NAT-T is in use, consider null port as a
  wildcard and use IKE port
 2005-05-13 14:09:44 +00:00
manu a5a80e2b4d Update sample config file to higher security settings 2005-05-10 10:22:03 +00:00
manu aed94b2d22 Add two Cisco extensions for pushing PFS group and save password 
setting throug ISAKMP mode config
 2005-05-10 09:54:43 +00:00
manu db7c068992 proposal_check fixes: 
- fix claim behavior in phase 1
- also check lifebyte
 2005-05-10 09:23:36 +00:00
lukem 56b6919254 Remove a stale #endif, and add one missing at EOF. 
Noticed by code inspection and confirming by diffing against the vendor source.
The previous code compiled, but it certainly wouldn't have DTRT ...
 2005-05-08 23:30:46 +00:00
christos 0a3fafc305 Update PAM from the "portable openssh" 4.0p1 2005-05-08 21:15:04 +00:00
he 8d29e11e90 Add a prototype for getph2bysaddr(), fixes build problem for isakmp.c. 2005-05-08 14:14:18 +00:00
manu 873e8e21a9 More NAT-T fixes for the situation where racoon acts as a VPN client 
Flush SA and generated SP on DPD timeout and deletion payloads
 2005-05-08 08:57:26 +00:00
manu 63a609062e From Manisha Malla <mmanisha@novell.com>: 
fix unsigned int checked for being negative
 2005-05-04 17:23:10 +00:00
manu 8bf053b3f3 on phase 2 acquire, lookup phase 2 by (src, dst, policy id) so that 
multiple SA can be used in transport mode

While I'm there, patch ipsec-tools ChangeLog to reflect the changes we
took from ipsec-tools-0_6-branch
 2005-05-03 21:08:47 +00:00
uwe f3b48582e5 return statements in void functions make lint very confused. 2005-04-27 22:38:56 +00:00
manu 10802677c9 Bug fixes from the ipsec-tools 0.6 branch: 
- Fix NAT-T problems that prevented multiple peers behind the same NAT
  to talk to the same machine outside the NAT. This also require kernel
  fixes (already committed eralier)
- Fix a LP64 bug
- Fix NAT-T RFC conformance bugs (missing non ESP marker in packets)
- Add a -p option to setkey to display ports that could be used for ESP
  over UDP when printing policies
 2005-04-27 05:19:49 +00:00
matt d627c3edde Don't emit struct units [] anymore. emit a struct units * const foo and 
in the C file initialize that to the static list.
 2005-04-25 17:20:51 +00:00
matt 5ac7f26c22 Emit headers with #include <parse_units.h> so that struct units is defined 
so that extern struct units <foo> will not cause errors with gcc4.x
 2005-04-25 01:25:25 +00:00
kleink 14fc3b7ba8 Fix printf format/argument mismatch. 2005-04-24 13:31:01 +00:00
christos a8090b3963 add back moduli 2005-04-23 21:12:47 +00:00
christos 31ed567522 resolve conflicts. 2005-04-23 19:31:14 +00:00
christos ed314b4eb0 from www.openssl.org 2005-04-23 19:10:56 +00:00
christos 0df7655544 bring back files that this update removed. 2005-04-23 16:55:03 +00:00
christos 8471a3b7da resolve conflicts. 2005-04-23 16:53:28 +00:00
christos 70917d9a4b Import OpenSSH 4.0 from ftp.openbsd.org 2005-04-23 16:28:01 +00:00
manu 6845962b31 Fix simple DES support (security problems for racoon to racoon setups) 
Fix broken generated policies flush
 2005-04-19 19:42:08 +00:00
christos 97b2d3b1c8 check for pwd != NULL in getpwnam_r. From John Nemeth. 2005-04-19 12:55:31 +00:00
manu d3e5d568cd Fix SA lifebyte check 2005-04-18 11:15:01 +00:00
wiz e35111eeee Some more minor changes, ok manu@. 2005-04-17 01:03:46 +00:00
wiz 1390e25dcf Some more English improvements after feedback from manu@; more formatting. 2005-04-15 13:23:58 +00:00
wiz 6e35cd769e Improve English in comments. 2005-04-15 11:10:32 +00:00
wiz 0f822df19c Improve english, improve formatting, sort options. 2005-04-15 10:58:11 +00:00
wiz c0259e4629 Grammar fixes & improvements. 2005-04-14 11:47:26 +00:00
wiz 57066c3ab7 Grammar improvements. 2005-04-14 11:41:53 +00:00
wiz 097b641d74 kerberos -> Kerberos. 2005-04-14 11:35:08 +00:00
wiz 1b303684c3 Fix typo. 2005-04-14 11:34:37 +00:00