Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
210,086 Commits 606 Branches 0 Tags 3.1 GiB
f9113d007b
Commit Graph

581 Commits

Author SHA1 Message Date
wiz
de33c51b97 Bump date for previous. 2012-02-18 13:51:29 +00:00
drochner
544002eb2d mention esp-udp 2012-02-18 13:42:45 +00:00
wiz
e2fe99ce62 Use the correct constant. 
From FreeBSD via Henning Petersen in PR 46005.
 2012-02-13 13:03:06 +00:00
wiz
71a175ae1b Bump date for previous. 2012-01-26 21:54:26 +00:00
drochner
c51fcdeec7 also mention the aes-gcm ESP variants 2012-01-26 21:11:27 +00:00
tteras
aa9b8479a9 From Rainer Weikusat <rweikusat@mobileactivedefense.com>: Enhance splitnet 
environment variable string value generation.
 2012-01-10 12:07:30 +00:00
wiz
59bb0b8307 Bump date for previous. 2012-01-09 15:41:21 +00:00
drochner
4fa381bcb2 allow setkey(8) set and display the ESP fragment size in the NAT-T case, 
userland part of PR kern/44952 by Wolfgang Stukenbrock, just changed
the "frag" option name to "esp_frag", for consistency to the existing
option of similar effect in racoon(8)
 2012-01-09 15:25:13 +00:00
wiz
8d8e2b7310 Bump date for previous. 2012-01-04 16:30:50 +00:00
drochner
8fd6dadaf8 include <netipsec/ipsec.h> rather than <netinet6/ipsec.h> from userland 
where possible, for consistency and compatibility to FreeBSD
(exception: KAME specific statistics gathering in netstat(1) and systat(1))
 2012-01-04 16:09:40 +00:00
drochner
3712f81ced -consistently use "char *" for the compiled policy buffer in the 
ipsec_*_policy() functions, as it was documented and used by clients
-remove "ipsec_policy_t" which was undocumented and only present
 in the KAME version of the ipsec.h header
-misc cleanup of historical artefacts, and to remove unnecessary
 differences between KAME ans FAST_IPSEC
 2012-01-04 15:55:35 +00:00
tteras
2713c54c73 From Rainer Weikusat <rweikusat@mobileactivedefense.com>: Fix one byte too 
short memory allocation in isakmp_unity.c:splitnet_list_2str().
 2012-01-01 17:31:42 +00:00
tteras
11e30c248c From Wolfgang Schmieder <wolfgang@die-schmieders.de>: Fix default NAT-T 
port for listen { isakmp_natt } config directive.
 2012-01-01 16:14:11 +00:00
tteras
40d768bf75 From Wolfgang Schmieder <wolfgang@die-schmieders.de>: Fix various typos in 
comments and log messages. Fix default port used in copy_ph1addresses().
 2012-01-01 15:57:31 +00:00
tteras
dbe8969919 Fix myaddr_getsport() to return -1 if no suitable address is found. This is 
used in pfkey.c:pk_recvacquire() to check if IKE negotiation should be
started or not.
 2012-01-01 15:54:51 +00:00
tteras
838cfe4724 Fix the previous commit. 2012-01-01 15:44:06 +00:00
tteras
b448c51c51 From Wolfgang Schmieder <wolfgang@die-schmieders.de>: Fix memory leaks from 
configuration reading code, and clean up error handling.
 2012-01-01 15:29:28 +00:00
vanhu
0a7daa593d fixed some crashes in LIST_FOREACH where current element could be removed during the loop 2011-11-17 14:41:55 +00:00
wiz
3efedf2ce7 Bump date for new tls option. 2011-11-15 19:15:58 +00:00
tteras
c7d190f034 From Vincent Bernat <bernat@luffy.cx>: TLS support for LDAP 2011-11-15 13:51:23 +00:00
tteras
84d53e8c5d From Marcelo Leitner <mleitner@redhat.com>: do not shrink pfkey socket 
buffers (if system default is larger than what we want as minimum)
 2011-11-14 13:24:04 +00:00
tteras
a09a6d0cd5 From Rainer Weikusat <rweikusat@mobileactivedefense.com>: Release unused 
phase2 of passive remotes after acquire.
 2011-10-11 14:50:15 +00:00
tteras
4c2f40f96a From Wolfgang Schmieder <wolfgang.schmieder@honeywell.com>: setup phase1 
port properly.
 2011-10-11 14:37:17 +00:00
tteras
cbb586e05f Allow inherited remote blocks without additional remote statements to 
be specified in a simpler way. patch by Roman Hoog Antink <rha@open.ch>
 2011-08-19 05:36:47 +00:00
tteras
cd00f2949d Have privilege separation child process exit if the parent exits. 2011-08-12 05:21:50 +00:00
drochner
b9e08c16fb replace questionable pointer games which could cause reads of 
uninitialized memory, from Wolfgang Stukenbrock per PR bin/44951
 2011-05-27 18:00:21 +00:00
drochner
0a8dabda40 pull in AES-GCM/GMAC support from OpenBSD 
This is still somewhat experimental. Tested between 2 similar boxes
so far. There is much potential for performance improvement. For now,
I've changed the gmac code to accept any data alignment, as the "char *"
pointer suggests. As the code is practically used, 32-bit alignment
can be assumed, at the cost of data copies. I don't know whether
bytewise access or copies are worse performance-wise. For efficient
implementations using SSE2 instructions on x86, even stricter
alignment requirements might arise.
 2011-05-26 21:50:02 +00:00
wiz
e20f01d499 Bump date for previous. 2011-05-24 08:54:40 +00:00
drochner
fed8f3aa3c update draft-ipsec-* -> RFC 
clarify a sentence
 2011-05-23 16:00:07 +00:00
christos
45d5b08c5f fix prototype. 2011-05-15 17:13:23 +00:00
vanhu
2337f22d7b fixed a memory leak in oakley_append_rmconf_cr() while generating plist. patch by Roman Hoog Antink <rha@open.ch> 2011-03-17 14:42:58 +00:00
vanhu
949304356c free name later, to avoid a memory use after free in oakley_check_certid(). also give iph1->remote to some plog() calls. patch by Roman Hoog Antink <rha@open.ch> 2011-03-17 14:39:06 +00:00
vanhu
ebfca0c74d fixed a memory leak in oakley_check_certid(). patch by Roman Hoog Antink <rha@open.ch> 2011-03-17 14:35:24 +00:00
vanhu
5279815e7c directly call isakmp_ph1delete() instead of scheduling isakmp_ph1delete_stub(), as it is useless an can lead to memory access after free 2011-03-15 13:20:14 +00:00
tteras
4e499ee605 Explicitly compare return value of cmpsaddr() against a return value 
define to make it more obvious what is the intended action. One more
return value is also added, to fix comparison of security policy
descriptors. Namely, getsp() should not allow wildcard matching (as the
comment says, it does exact matching) - otherwise we get problems when
kernel has generic policy with no ports, and a second similar policy with
ports.
 2011-03-14 17:18:12 +00:00
vanhu
fd67cc6416 avoid some memory leaks / free memory access when reloading conf and have inherited config. patch from Roman Hoog Antink <rha@open.ch> 2011-03-14 15:50:36 +00:00
vanhu
ba228a2812 removed an useless comment 2011-03-14 14:54:07 +00:00
vanhu
7683f452c1 check if we got RMCONF_ERR_MULTIPLE from getrmconf_by_ph1() in revalidate_ph1tree_rmconf() 2011-03-14 09:19:23 +00:00
vanhu
ffa3b61f55 directly delete a ph1 in remove_ph1-) instead of scheduling it, to avoid (completely ?) a race condition when reloading configuration 2011-03-11 14:30:07 +00:00
tteras
349228b78c Quiet a gcc warning when strict-aliasing checks are enabled. Reported by 
Stephen Clark.
 2011-03-06 08:28:10 +00:00
vanhu
65023b30e4 flush sainfo list when closing session. patch by Roman Hoog Antink <rha@open.ch> 2011-03-02 15:09:16 +00:00
vanhu
7e1e999bc0 free rsa structures when deleting a struct rmconf. patch by Roman Hoog Antink <rha@open.ch> 2011-03-02 15:04:01 +00:00
vanhu
78c9c4b8d1 free spspec when deleting a rmconf struct. patch by Roman Hoog Antink <rha@open.ch> 2011-03-02 14:58:27 +00:00
vanhu
82409028c9 fixed some memory leaks in remoteconf. patch by Roman Hoog Antink <rha@open.ch> 2011-03-02 14:52:32 +00:00
vanhu
ff2e315ab3 fixed some memory leaks during configuration parsing. patch by Roman Hoog Antink <rha@open.ch> 2011-03-02 14:49:21 +00:00
vanhu
acd79fcecf plog text fixes, patch from M E Andersson <debian@gisladisker.se> 2011-03-01 14:33:58 +00:00
vanhu
3b9e5ba27f reset yyerrorcount before doing parse stuff. patch by Roman Hoog Antink <rha@open.ch> 2011-03-01 14:14:50 +00:00
tteras
004dc7976f From Roman Hoog Antink <rha@open.ch>: Fix memory leak when using plain RSA 
key authentication.
 2011-02-20 17:32:02 +00:00
tteras
093488593b From Mats E Andersson <debian@gisladisker.se>: Fix fprintf format specifier 
usage from previous patch.
 2011-02-11 10:07:19 +00:00
tteras
1f21513187 From Mats Erik Andersson <debian@gisladisker.se>: Implement importing of 
RSA keys from PEM files.
 2011-02-10 11:20:08 +00:00