#
331722 |
|
29-Mar-2018 |
eadler |
Revert r330897:
This was intended to be a non-functional change. It wasn't. The commit message was thus wrong. In addition it broke arm, and merged crypto related code.
Revert with prejudice.
This revert skips files touched in r316370 since that commit was since MFCed. This revert also skips files that require $FreeBSD$ property changes.
Thank you to those who helped me get out of this mess including but not limited to gonzo, kevans, rgrimes.
Requested by: gjb (re)
|
#
330897 |
|
14-Mar-2018 |
eadler |
Partial merge of the SPDX changes
These changes are incomplete but are making it difficult to determine what other changes can/should be merged.
No objections from: pfg
|
#
317502 |
|
27-Apr-2017 |
ae |
MFC r316759: Add large replay widow support to setkey(8) and libipsec.
When the replay window size is large than UINT8_MAX, add to the request the SADB_X_EXT_SA_REPLAY extension header that was added in r309144.
Also add support of SADB_X_EXT_NAT_T_TYPE, SADB_X_EXT_NAT_T_SPORT, SADB_X_EXT_NAT_T_DPORT, SADB_X_EXT_NAT_T_OAI, SADB_X_EXT_NAT_T_OAR, SADB_X_EXT_SA_REPLAY, SADB_X_EXT_NEW_ADDRESS_SRC, SADB_X_EXT_NEW_ADDRESS_DST extension headers to the key_debug that is used by `setkey -x`.
Modify kdebug_sockaddr() to use inet_ntop() for IP addresses formatting. And modify kdebug_sadb_x_policy() to show policy scope and priority.
Reviewed by: gnn, Emeric Poupon Differential Revision: https://reviews.freebsd.org/D10375
|
#
302408 |
|
07-Jul-2016 |
gjb |
Copy head@r302406 to stable/11 as part of the 11.0-RELEASE cycle. Prune svn:mergeinfo from the new branch, as nothing has been merged here.
Additional commits post-branch will follow.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
286143 |
|
31-Jul-2015 |
gnn |
Add support for keys that include 4 byte SALT values, including GCM and ICM/CTR modes for AES.
Reviewed by: jmg MFC after: 1 week Sponsored by: Rubicon Communications (Netgate)
|
#
175248 |
|
12-Jan-2008 |
maxim |
o Allow setkey(8) to recognize esp as a protocoal name for spdadd.
PR: bin/107392 Submitted by: Eugene Grosbein MFC after: 1 month
|
#
173412 |
|
07-Nov-2007 |
kevlo |
Cleanup of userland __P use
|
#
171135 |
|
01-Jul-2007 |
gnn |
Commit IPv6 support for FAST_IPSEC to the tree. This commit includes all remaining changes for the time being including user space updates.
Submitted by: bz Approved by: re
|
#
151293 |
|
13-Oct-2005 |
ume |
fixed a crush when either -lh or -ls option is used.
Obtained from: KAME
|
#
129183 |
|
13-May-2004 |
ume |
check if the null encryption is supported or not.
Requested by: bms Obtained from: KAME
|
#
127684 |
|
31-Mar-2004 |
bms |
Fix regression in setkey whereby parser would fail to recognise tcp as both a security protocol and an upper level protocol for encapsulation.
PR: bin/63616 Submitted by: ume@
|
#
125681 |
|
11-Feb-2004 |
bms |
Initial import of RFC 2385 (TCP-MD5) digest support.
This is the second of two commits; bring in the userland support to finish.
Teach libipsec and setkey about the tcp-md5 class of security associations, thus allowing administrators to add per-host keys to the SADB for use by the tcpsignature_compute() function.
Document that a single SPI must be used until such time as the code which adds support to the SPD to specify flows for tcp-md5 treatment is suitable for production.
Sponsored by: sentex.net
|
#
122108 |
|
05-Nov-2003 |
ume |
- do hexdump on send. set length field properly - check for encryption/authentication key together with algorithm. - warned if a deprecated encryption algorithm (that includes "simple") is specified. - changed the syntax how to define a policy of a ICMPv6 type and/or a code, like spdadd ::/0 ::/0 icmp6 134,0 -P out none; - random cleanup in parser. - use yyfatal, or return -1 after yyerror. - deal with strdup() failure. - permit scope notation in policy string (-P esp/tunnel/foo%scope-bar%scope/use) - simplify /prefix and [port]. - g/c some unused symbols.
Obtained from: KAME
|
#
78064 |
|
11-Jun-2001 |
ume |
Sync with recent KAME. This work was based on kame-20010528-freebsd43-snap.tgz and some critical problem after the snap was out were fixed. There are many many changes since last KAME merge.
TODO: - The definitions of SADB_* in sys/net/pfkeyv2.h are still different from RFC2407/IANA assignment because of binary compatibility issue. It should be fixed under 5-CURRENT. - ip6po_m member of struct ip6_pktopts is no longer used. But, it is still there because of binary compatibility issue. It should be removed under 5-CURRENT.
Reviewed by: itojun Obtained from: KAME MFC after: 3 weeks
|
#
62583 |
|
04-Jul-2000 |
itojun |
synchronize with latest kame tree.
behavior change: policy syntax was changed. you may need to update your setkey(8) configuration files.
|
#
55505 |
|
06-Jan-2000 |
shin |
libipsec and IPsec related apps. (and some KAME related man pages)
Reviewed by: freebsd-arch, cvs-committers Obtained from: KAME project
|