Commit Graph

612 Commits

Author SHA1 Message Date
christos 59bf05d0af fix grammar stupidity: ipandport takes an optional port but has 2 grammar
productions, one with and one without an optional port. make the port
not optional and kill reduce-reduce conflicts.
2014-09-10 21:04:08 +00:00
christos 52f10dbca1 remove dup 2014-09-10 21:01:33 +00:00
christos 1aafa42e67 don't warn for 80211 messages 2014-06-14 22:39:36 +00:00
riastradh 6cb10275d0 Merge riastradh-drm2 to HEAD. 2014-03-18 18:20:35 +00:00
tteras a96c32cedb From Adam Majer <adamm@zombino.com>: Support IPv6 in X509 subjectAltName 2014-02-27 08:37:58 +00:00
christos 7eb6f06c8c remove unused variables 2013-10-20 21:17:28 +00:00
wiz a5684d07dd Use Mt for email addresses. 2013-07-20 21:39:55 +00:00
tteras 2d9f2eda4f From Rainer Weikusat <rweikusat@mobileactivedefense.com>: Export phase1
remote address as Radius Calling-Station-Id.
2013-07-19 10:54:52 +00:00
christos a2f4868d2a add RTM_LOSING, RTM_REDIRECT 2013-07-18 17:02:58 +00:00
tteras 4595769cee From Sven Vermeulen <sven.vermeulen@siphos.be>: Moves ploginit() up,
allowing logging events from init_avc() to show up as well.
2013-07-12 13:11:50 +00:00
christos c59ba37534 Add an option --enable-wildcard-match to enable wildcard matching and explain
why we might want it and why it is a bad idea in general that's why it is
not enabled by default. ok tteras@, manu@
2013-06-20 15:41:18 +00:00
tteras 4f62ef74bd From Paul Barker: Remove redundant memset after calloc that caused compile
failures with gcc 4.8 due to error: argument to 'sizeof' in 'memset' call
is the same expression as the destination; did you mean to dereference.
2013-06-18 05:39:50 +00:00
christos 54da44c072 Accept - as stdin
Be nice and let the user know which file it could not open.
2013-06-14 16:29:14 +00:00
tteras 05fbc8efab From Alexander Sbitnev <alexander.sbitnev@gmail.com>: fix admin port
establish-sa for tunnel mode SAs.
2013-06-03 05:49:31 +00:00
tteras fdd5bac4fc From Rainer Weikusat <rweikusat@mobileactivedefense.com>: Fix
SADB_X_EALG_CASTCBC definition to use system definition (which
differs at least on Linux).
------------------------
2013-05-23 05:42:29 +00:00
mbalmer b1090dff8a racoon default config is in /etc/racoon/racoon.conf 2013-05-08 20:03:02 +00:00
tteras 32d6075c95 From Rainer Weikusat <rweikusat@mobileactivedefense.com>: Do not send out
illegal zero length MODE_CFG attributes.
2013-04-12 10:03:45 +00:00
tteras 3d2760a386 Some logging improvements. 2013-04-12 09:53:10 +00:00
tteras fde1259d48 Fix source port selection 2013-02-05 11:36:17 +00:00
tteras 0849876e12 From Ian West <ian@niw.com.au>: Fix double free of the radius info on
config reload.
2013-02-05 06:22:29 +00:00
tteras b889f6fc93 Fix handling of deletion notification. 2013-01-24 06:47:50 +00:00
tteras b607d37b51 Fix errors from automake 1.13 2013-01-08 12:42:31 +00:00
tteras 252bdda2a4 Don't derefence the directory symlink which we might be recreating. 2013-01-08 12:38:40 +00:00
tteras c577d46f00 From Götz Babin-Ebell <g.babin-ebell@novamedia.de>: Smarter X.509 subject
name compare.
2012-12-24 14:50:04 +00:00
tteras 411eef5f44 From Götz Babin-Ebell <g.babin-ebell@novamedia.de:
Require OpenSSL 0.9.8s or higher
2012-12-24 08:46:27 +00:00
wiz 43e793251e Bump date for previous. 2012-11-30 08:19:01 +00:00
vanhu 2bdb1d3e0a Added support for AES GCM 16 in phase2 negociations. Code from Christophe Carre / NETASQ 2012-11-29 15:31:24 +00:00
tteras 880340da60 From Roman Hoog Antink <rha@open.ch>: Accept DPD messages with cookies
also in reversed order for compatiblity. At least Cisco 836 running
IOS 12.3(8)T does this.
2012-08-29 12:01:30 +00:00
tteras 6c437507a2 From Roman Hoog Antink <rha@open.ch>: add remote's IP address to the
"certificate not verified" error message.
2012-08-29 11:34:37 +00:00
tteras f2b1919eeb From Roman Hoog Antink <rha@open.ch>: do not print unnecessary warning
about non-verified certificate when using raw plain-rsa.
2012-08-29 11:24:11 +00:00
manu 5fe2cf73eb Fix make test on powermac G5. Patch from Nakano Takaharu 2012-08-15 14:51:30 +00:00
wiz de33c51b97 Bump date for previous. 2012-02-18 13:51:29 +00:00
drochner 544002eb2d mention esp-udp 2012-02-18 13:42:45 +00:00
wiz e2fe99ce62 Use the correct constant.
From FreeBSD via Henning Petersen in PR 46005.
2012-02-13 13:03:06 +00:00
wiz 71a175ae1b Bump date for previous. 2012-01-26 21:54:26 +00:00
drochner c51fcdeec7 also mention the aes-gcm ESP variants 2012-01-26 21:11:27 +00:00
tteras aa9b8479a9 From Rainer Weikusat <rweikusat@mobileactivedefense.com>: Enhance splitnet
environment variable string value generation.
2012-01-10 12:07:30 +00:00
wiz 59bb0b8307 Bump date for previous. 2012-01-09 15:41:21 +00:00
drochner 4fa381bcb2 allow setkey(8) set and display the ESP fragment size in the NAT-T case,
userland part of PR kern/44952 by Wolfgang Stukenbrock, just changed
the "frag" option name to "esp_frag", for consistency to the existing
option of similar effect in racoon(8)
2012-01-09 15:25:13 +00:00
wiz 8d8e2b7310 Bump date for previous. 2012-01-04 16:30:50 +00:00
drochner 8fd6dadaf8 include <netipsec/ipsec.h> rather than <netinet6/ipsec.h> from userland
where possible, for consistency and compatibility to FreeBSD
(exception: KAME specific statistics gathering in netstat(1) and systat(1))
2012-01-04 16:09:40 +00:00
drochner 3712f81ced -consistently use "char *" for the compiled policy buffer in the
ipsec_*_policy() functions, as it was documented and used by clients
-remove "ipsec_policy_t" which was undocumented and only present
 in the KAME version of the ipsec.h header
-misc cleanup of historical artefacts, and to remove unnecessary
 differences between KAME ans FAST_IPSEC
2012-01-04 15:55:35 +00:00
tteras 2713c54c73 From Rainer Weikusat <rweikusat@mobileactivedefense.com>: Fix one byte too
short memory allocation in isakmp_unity.c:splitnet_list_2str().
2012-01-01 17:31:42 +00:00
tteras 11e30c248c From Wolfgang Schmieder <wolfgang@die-schmieders.de>: Fix default NAT-T
port for listen { isakmp_natt } config directive.
2012-01-01 16:14:11 +00:00
tteras 40d768bf75 From Wolfgang Schmieder <wolfgang@die-schmieders.de>: Fix various typos in
comments and log messages. Fix default port used in copy_ph1addresses().
2012-01-01 15:57:31 +00:00
tteras dbe8969919 Fix myaddr_getsport() to return -1 if no suitable address is found. This is
used in pfkey.c:pk_recvacquire() to check if IKE negotiation should be
started or not.
2012-01-01 15:54:51 +00:00
tteras 838cfe4724 Fix the previous commit. 2012-01-01 15:44:06 +00:00
tteras b448c51c51 From Wolfgang Schmieder <wolfgang@die-schmieders.de>: Fix memory leaks from
configuration reading code, and clean up error handling.
2012-01-01 15:29:28 +00:00
vanhu 0a7daa593d fixed some crashes in LIST_FOREACH where current element could be removed during the loop 2011-11-17 14:41:55 +00:00
wiz 3efedf2ce7 Bump date for new tls option. 2011-11-15 19:15:58 +00:00