Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
NetBSD/sys/netipsec
History
jonathan 496077ab25 Update sys/netipsec/key.c to check for attempts to add IPv6-related 
SPDs, and to warn about and reject any such attempts.

Addresses a security concern, that the (eas-yet incomplete, experimental)
FAST_IPSEC+INET6 does not honour IPv6 SPDs.  The security risk is that
Naive users may not realize this, and their data may get leaked in
cleartext, rather than IPsec'ed, if they use IPv6.

Security issue raised by: Thor Lancelot Simon
reviewed and OKed by: Thor Lancelot Simon

2.0 Pullup request after: 24 hours for further public comment.
 		2004-04-27 23:57:19 +00:00
..
ah.h Initial import of Sam Leffler's `Fast-IPsec' from FreeBSD 4. 2003-08-13 20:06:49 +00:00
ah_var.h Initial import of Sam Leffler's `Fast-IPsec' from FreeBSD 4. 2003-08-13 20:06:49 +00:00
esp.h Initial import of Sam Leffler's `Fast-IPsec' from FreeBSD 4. 2003-08-13 20:06:49 +00:00
esp_var.h Initial import of Sam Leffler's `Fast-IPsec' from FreeBSD 4. 2003-08-13 20:06:49 +00:00
files.netipsec xform_tcp.c is needed only with FAST_IPSEC 2004-04-26 03:50:57 +00:00
ipcomp.h Initial import of Sam Leffler's `Fast-IPsec' from FreeBSD 4. 2003-08-13 20:06:49 +00:00
ipcomp_var.h Initial import of Sam Leffler's `Fast-IPsec' from FreeBSD 4. 2003-08-13 20:06:49 +00:00
ipip_var.h Initial import of Sam Leffler's `Fast-IPsec' from FreeBSD 4. 2003-08-13 20:06:49 +00:00
ipsec.c Initial commit of a port of the FreeBSD implementation of RFC 2385 2004-04-25 22:25:03 +00:00
ipsec.h Initial commit of a port of the FreeBSD implementation of RFC 2385 2004-04-25 22:25:03 +00:00
ipsec6.h Dynamic sysctl. 2003-12-04 19:38:21 +00:00
ipsec_input.c Add `const' to the safety-catch local definition of ip6_protosw, 2004-04-24 23:28:13 +00:00
ipsec_mbuf.c Add missing copyright notice (FreeBSD rev. 1.5.2.2). 2004-03-01 23:24:10 +00:00
ipsec_netbsd.c s/netbsd.org/NetBSD.org/g 2004-04-06 08:48:55 +00:00
ipsec_osdep.h Remove the old, inet4-specific versions of PCB_T, PCB_FAMILY, and PCB_SOCKET, 2004-03-16 22:37:46 +00:00
ipsec_output.c sys/netinet6/ip6_ecn.h is reportedly a FreeBSD-ism; NetBSD has 2004-03-17 00:21:43 +00:00
key.c Update sys/netipsec/key.c to check for attempts to add IPv6-related 2004-04-27 23:57:19 +00:00
key.h Bring the PCB policy cache over from KAME IPsec, including the "hint" 2004-03-02 02:22:56 +00:00
key_debug.c Reversion of "netkey merge", part 2 (replacement of removed files in the 2003-10-06 22:05:15 +00:00
key_debug.h Initial import of Sam Leffler's `Fast-IPsec' from FreeBSD 4. 2003-08-13 20:06:49 +00:00
key_var.h Add KEYCTL_DUMPSA/KEYCTL_DUMPSP support. 2003-12-12 21:04:03 +00:00
keydb.h Initial import of Sam Leffler's `Fast-IPsec' from FreeBSD 4. 2003-08-13 20:06:49 +00:00
keysock.c Remove #else of #if __STDC__ 2004-04-26 01:41:15 +00:00
keysock.h Dynamic sysctl. 2003-12-04 19:38:21 +00:00
xform.h Initial import of Sam Leffler's `Fast-IPsec' from FreeBSD 4. 2003-08-13 20:06:49 +00:00
xform_ah.c sys/netinet6/ip6_ecn.h is reportedly a FreeBSD-ism; NetBSD has 2004-03-17 00:21:43 +00:00
xform_esp.c sys/netinet6/ip6_ecn.h is reportedly a FreeBSD-ism; NetBSD has 2004-03-17 00:21:43 +00:00
xform_ipcomp.c Reversion of "netkey merge", part 2 (replacement of removed files in the 2003-10-06 22:05:15 +00:00
xform_ipip.c sys/netinet6/ip6_ecn.h is reportedly a FreeBSD-ism; NetBSD has 2004-03-17 00:21:43 +00:00
xform_tcp.c Initial commit of a port of the FreeBSD implementation of RFC 2385 2004-04-25 22:25:03 +00:00