#
1.40 |
|
27-Feb-2023 |
kardel |
cast to the correct message structure (rt_msghdr instead of if_msghdr)
|
Revision tags: netbsd-10-base cjep_sun2x-base1 cjep_sun2x-base cjep_staticlib_x-base1 cjep_staticlib_x-base
|
#
1.39 |
|
25-Nov-2020 |
christos |
Reduce previous
|
#
1.38 |
|
25-Nov-2020 |
kardel |
Fix address advancing for i386 and other 32-bit platforms. Makes racoon grok IPv6 addresses again on these platforms.
|
Revision tags: netbsd-9-3-RELEASE netbsd-9-2-RELEASE netbsd-9-1-RELEASE phil-wifi-20200421 phil-wifi-20200411 is-mlppp-base phil-wifi-20200406 netbsd-9-0-RELEASE netbsd-9-0-RC2 netbsd-9-0-RC1 phil-wifi-20191119 netbsd-9-base phil-wifi-20190609 pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521
|
#
1.37 |
|
19-May-2018 |
maxv |
branches: 1.37.2; Use strict prototypes, when they don't introduce more warnings than they fix. Also localify a few functions.
|
#
1.36 |
|
19-May-2018 |
maxv |
Remove unused variables.
|
Revision tags: netbsd-8-2-RELEASE netbsd-8-1-RELEASE netbsd-8-1-RC1 netbsd-8-0-RELEASE netbsd-8-0-RC2 pgoyette-compat-0502 pgoyette-compat-0422 netbsd-8-0-RC1 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1
|
#
1.35 |
|
12-Apr-2017 |
roy |
branches: 1.35.10; Use RO_MSGFILTER.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE pgoyette-localcount-20170320 netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 bouyer-socketcan-base pgoyette-localcount-20170107 netbsd-7-1-RC1 pgoyette-localcount-20161104 netbsd-7-0-2-RELEASE localcount-20160914 netbsd-7-nhusb-base pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.34 |
|
14-Jun-2014 |
christos |
branches: 1.34.6; 1.34.10; don't warn for 80211 messages
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15
|
#
1.33 |
|
18-Mar-2014 |
riastradh |
branches: 1.33.2; Merge riastradh-drm2 to HEAD.
|
Revision tags: riastradh-drm2-base3 riastradh-drm2-base2 riastradh-drm2-base1
|
#
1.32 |
|
18-Jul-2013 |
christos |
add RTM_LOSING, RTM_REDIRECT
|
Revision tags: riastradh-drm2-base
|
#
1.31 |
|
12-Apr-2013 |
tteras |
branches: 1.31.4; Some logging improvements.
|
Revision tags: agc-symver-base
|
#
1.30 |
|
05-Feb-2013 |
tteras |
Fix source port selection
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 yamt-pagecache-base8 netbsd-6-0-1-RELEASE yamt-pagecache-base7 matt-nb6-plus-nbase yamt-pagecache-base6 netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 yamt-pagecache-base5 yamt-pagecache-base4 netbsd-6-base
|
#
1.29 |
|
01-Jan-2012 |
tteras |
branches: 1.29.6; Fix myaddr_getsport() to return -1 if no suitable address is found. This is used in pfkey.c:pk_recvacquire() to check if IKE negotiation should be started or not.
|
Revision tags: ipsec-tools-0_8_1 yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base cherry-xenmp-base ipsec-tools-0_8_0
|
#
1.28 |
|
14-Mar-2011 |
tteras |
branches: 1.28.2; 1.28.6; Explicitly compare return value of cmpsaddr() against a return value define to make it more obvious what is the intended action. One more return value is also added, to fix comparison of security policy descriptors. Namely, getsp() should not allow wildcard matching (as the comment says, it does exact matching) - otherwise we get problems when kernel has generic policy with no ports, and a second similar policy with ports.
|
Revision tags: bouyer-quota2-nbase bouyer-quota2-base matt-mips64-premerge-20101231
|
#
1.27 |
|
03-Dec-2010 |
tteras |
Netlink deletion notification does not guarentee actual address deletion: it might still exist on some other interface. Make sure we do not unbind unless the address is really gone.
|
#
1.26 |
|
22-Oct-2010 |
tteras |
Change Linux Netlink address monitoring to monitor local route changes. This works around a kernel bug, and slightly improves behaviour on some special cases.
|
#
1.25 |
|
21-Oct-2010 |
tteras |
Introduce priorities for file descriptor polling mechanism and give priority to admin port. If admin port is used by ISAKMP-SA hook scripts they should be preferred, other wise heavy traffic can delay admin port requests considerably. This in turn may cause renegotiation loop for ISAKMP-SA. This is mostly useful for OpenNHRP setup, but can benefit other setups too.
|
#
1.24 |
|
20-Oct-2010 |
tteras |
Fix address comparison so we actually close sockets which were bound to IP-address that got deconfigured.
|
Revision tags: matt-premerge-20091211
|
#
1.23 |
|
03-Jul-2009 |
tteras |
Get rid of the evil CMPSADDR macro. Trac #295.
|
Revision tags: jym-xensuspend-nbase jym-xensuspend-base
|
#
1.22 |
|
21-Apr-2009 |
tteras |
Fix strict_address to work again. The lists needs to be initialized before configuration is read, which happens before my_addr_init() call.
|
#
1.21 |
|
23-Jan-2009 |
tteras |
branches: 1.21.2; Remove "fastquit" configure option and make it the default behaviour. The previous normal behaviour is buggy, as after flush kernel can immediately create larval SA:s which would prevent exit.
|
#
1.20 |
|
24-Dec-2008 |
christos |
remove sin{6,}_len linux does not have it. From Timo Teras.
|
#
1.19 |
|
24-Dec-2008 |
christos |
I was wrong. addr is actually set.
|
#
1.18 |
|
24-Dec-2008 |
christos |
- make this compile by zeroing out the whole structure not just bogus fields. - set length field of sockets appropriately. - mark bogus no-op code (I don't understand what the author intended here).
|
#
1.17 |
|
23-Dec-2008 |
tteras |
rewrite local address detection make some functions static that arr not needed globally rework how fd_set is construction for the main loop select()
|
#
1.16 |
|
11-Dec-2008 |
vanhu |
Fixed compilation on FreeBSD (RTM_IFINFO and RTM_OIFINFO stuff)
|
#
1.15 |
|
25-Nov-2008 |
bad |
Ignore unspecified and looback addresses. Ignoring unspecified addresses prevents racoon from trying to bind to the wildcard address and specific addresses simultaneously after e.g. dhclient has changed an interface's address to 0.0.0.0.
|
#
1.14 |
|
25-Nov-2008 |
bad |
RTM_DELETE and RTM_IFINFO don't carry info for added or deleted addresses. Ignore them silently.
|
#
1.13 |
|
25-Nov-2008 |
bad |
Ignoring an unsuitable address is not an error. Therefore log it as informational. Make it clear from the log message that a route message is not interesting.
|
#
1.12 |
|
25-Nov-2008 |
bad |
Use insmyaddr() instead of open coding it.
|
#
1.11 |
|
25-Nov-2008 |
bad |
Keep myaddr.sock at -1 when no socket is opened.
|
Revision tags: netbsd-5-0-RC1 netbsd-5-base
|
#
1.10 |
|
27-Oct-2008 |
tteras |
branches: 1.10.2; From Francis Dupont (sent by Arnaud Ebalard): recognize RTM_IFANNOUNCE
|
#
1.9 |
|
27-Oct-2008 |
tteras |
From Arnaud Ebalard: Fix indentation issues for readability
|
Revision tags: matt-mips64-base2 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 wrstuden-revivesa-base-1 wrstuden-revivesa-base
|
#
1.8 |
|
18-Jun-2008 |
mgrooms |
Set sockets to be closed on exec to avoid potential file descriptor inheritance issues. Submitted by Timo Teras.
|
#
1.7 |
|
18-Jun-2008 |
mgrooms |
Use utility functions to evaluate and manipulate network port values. No functional changes. Submitted by Timo Teras.
|
Revision tags: yamt-pf42-base4 yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 yamt-pf42-base keiichi-mipv6-base matt-armv6-nbase matt-armv6-prevmlocking cube-autoconf-base matt-armv6-base matt-mips64-base hpcarm-cleanup-base
|
#
1.6 |
|
16-Jul-2007 |
vanhu |
branches: 1.6.12; fixed a socket leak
|
#
1.5 |
|
15-Mar-2007 |
vanhu |
From Yves-Alexis Perez: enable monitoring of ipv6 address changes on Linux.
|
Revision tags: ipsec-tools-0_7-beta2 ipsec-tools-0_7-beta1 ipsec-tools-0_7-base netbsd-4-base
|
#
1.4 |
|
09-Sep-2006 |
manu |
branches: 1.4.2; 1.4.6; Migration of ipsec-tools to NetBSD CVS part 2: resolving the import conflicts. Since we previously had a release branch and we import here the HEAD of CVS, let's assume all local changes are to be dumped. Local patches should have been propagated upstream, anyway.
|
Revision tags: abandoned-netbsd-4-base
|
#
1.3 |
|
21-Nov-2005 |
manu |
Merge ipsec-tools 0.6.3 import
|
#
1.2 |
|
20-Aug-2005 |
manu |
Update to ipsec-tools 0.6.1
|
#
1.1 |
|
12-Feb-2005 |
manu |
branches: 1.1.1; Initial revision
|
#
1.39 |
|
25-Nov-2020 |
christos |
Reduce previous
|
#
1.38 |
|
25-Nov-2020 |
kardel |
Fix address advancing for i386 and other 32-bit platforms. Makes racoon grok IPv6 addresses again on these platforms.
|
Revision tags: netbsd-9-1-RELEASE phil-wifi-20200421 phil-wifi-20200411 is-mlppp-base phil-wifi-20200406 netbsd-9-0-RELEASE netbsd-9-0-RC2 netbsd-9-0-RC1 phil-wifi-20191119 netbsd-9-base phil-wifi-20190609 pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521
|
#
1.37 |
|
19-May-2018 |
maxv |
branches: 1.37.2; Use strict prototypes, when they don't introduce more warnings than they fix. Also localify a few functions.
|
#
1.36 |
|
19-May-2018 |
maxv |
Remove unused variables.
|
Revision tags: netbsd-8-2-RELEASE netbsd-8-1-RELEASE netbsd-8-1-RC1 netbsd-8-0-RELEASE netbsd-8-0-RC2 pgoyette-compat-0502 pgoyette-compat-0422 netbsd-8-0-RC1 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1
|
#
1.35 |
|
12-Apr-2017 |
roy |
branches: 1.35.10; Use RO_MSGFILTER.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE pgoyette-localcount-20170320 netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 bouyer-socketcan-base pgoyette-localcount-20170107 netbsd-7-1-RC1 pgoyette-localcount-20161104 netbsd-7-0-2-RELEASE localcount-20160914 netbsd-7-nhusb-base pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.34 |
|
14-Jun-2014 |
christos |
branches: 1.34.6; 1.34.10; don't warn for 80211 messages
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15
|
#
1.33 |
|
18-Mar-2014 |
riastradh |
branches: 1.33.2; Merge riastradh-drm2 to HEAD.
|
Revision tags: riastradh-drm2-base3 riastradh-drm2-base2 riastradh-drm2-base1
|
#
1.32 |
|
18-Jul-2013 |
christos |
add RTM_LOSING, RTM_REDIRECT
|
Revision tags: riastradh-drm2-base
|
#
1.31 |
|
12-Apr-2013 |
tteras |
branches: 1.31.4; Some logging improvements.
|
Revision tags: agc-symver-base
|
#
1.30 |
|
05-Feb-2013 |
tteras |
Fix source port selection
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 yamt-pagecache-base8 netbsd-6-0-1-RELEASE yamt-pagecache-base7 matt-nb6-plus-nbase yamt-pagecache-base6 netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 yamt-pagecache-base5 yamt-pagecache-base4 netbsd-6-base
|
#
1.29 |
|
01-Jan-2012 |
tteras |
branches: 1.29.6; Fix myaddr_getsport() to return -1 if no suitable address is found. This is used in pfkey.c:pk_recvacquire() to check if IKE negotiation should be started or not.
|
Revision tags: ipsec-tools-0_8_1 yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base cherry-xenmp-base ipsec-tools-0_8_0
|
#
1.28 |
|
14-Mar-2011 |
tteras |
branches: 1.28.2; 1.28.6; Explicitly compare return value of cmpsaddr() against a return value define to make it more obvious what is the intended action. One more return value is also added, to fix comparison of security policy descriptors. Namely, getsp() should not allow wildcard matching (as the comment says, it does exact matching) - otherwise we get problems when kernel has generic policy with no ports, and a second similar policy with ports.
|
Revision tags: bouyer-quota2-nbase bouyer-quota2-base matt-mips64-premerge-20101231
|
#
1.27 |
|
03-Dec-2010 |
tteras |
Netlink deletion notification does not guarentee actual address deletion: it might still exist on some other interface. Make sure we do not unbind unless the address is really gone.
|
#
1.26 |
|
22-Oct-2010 |
tteras |
Change Linux Netlink address monitoring to monitor local route changes. This works around a kernel bug, and slightly improves behaviour on some special cases.
|
#
1.25 |
|
21-Oct-2010 |
tteras |
Introduce priorities for file descriptor polling mechanism and give priority to admin port. If admin port is used by ISAKMP-SA hook scripts they should be preferred, other wise heavy traffic can delay admin port requests considerably. This in turn may cause renegotiation loop for ISAKMP-SA. This is mostly useful for OpenNHRP setup, but can benefit other setups too.
|
#
1.24 |
|
20-Oct-2010 |
tteras |
Fix address comparison so we actually close sockets which were bound to IP-address that got deconfigured.
|
Revision tags: matt-premerge-20091211
|
#
1.23 |
|
03-Jul-2009 |
tteras |
Get rid of the evil CMPSADDR macro. Trac #295.
|
Revision tags: jym-xensuspend-nbase jym-xensuspend-base
|
#
1.22 |
|
21-Apr-2009 |
tteras |
Fix strict_address to work again. The lists needs to be initialized before configuration is read, which happens before my_addr_init() call.
|
#
1.21 |
|
23-Jan-2009 |
tteras |
branches: 1.21.2; Remove "fastquit" configure option and make it the default behaviour. The previous normal behaviour is buggy, as after flush kernel can immediately create larval SA:s which would prevent exit.
|
#
1.20 |
|
24-Dec-2008 |
christos |
remove sin{6,}_len linux does not have it. From Timo Teras.
|
#
1.19 |
|
24-Dec-2008 |
christos |
I was wrong. addr is actually set.
|
#
1.18 |
|
24-Dec-2008 |
christos |
- make this compile by zeroing out the whole structure not just bogus fields. - set length field of sockets appropriately. - mark bogus no-op code (I don't understand what the author intended here).
|
#
1.17 |
|
23-Dec-2008 |
tteras |
rewrite local address detection make some functions static that arr not needed globally rework how fd_set is construction for the main loop select()
|
#
1.16 |
|
11-Dec-2008 |
vanhu |
Fixed compilation on FreeBSD (RTM_IFINFO and RTM_OIFINFO stuff)
|
#
1.15 |
|
25-Nov-2008 |
bad |
Ignore unspecified and looback addresses. Ignoring unspecified addresses prevents racoon from trying to bind to the wildcard address and specific addresses simultaneously after e.g. dhclient has changed an interface's address to 0.0.0.0.
|
#
1.14 |
|
25-Nov-2008 |
bad |
RTM_DELETE and RTM_IFINFO don't carry info for added or deleted addresses. Ignore them silently.
|
#
1.13 |
|
25-Nov-2008 |
bad |
Ignoring an unsuitable address is not an error. Therefore log it as informational. Make it clear from the log message that a route message is not interesting.
|
#
1.12 |
|
25-Nov-2008 |
bad |
Use insmyaddr() instead of open coding it.
|
#
1.11 |
|
25-Nov-2008 |
bad |
Keep myaddr.sock at -1 when no socket is opened.
|
Revision tags: netbsd-5-0-RC1 netbsd-5-base
|
#
1.10 |
|
27-Oct-2008 |
tteras |
branches: 1.10.2; From Francis Dupont (sent by Arnaud Ebalard): recognize RTM_IFANNOUNCE
|
#
1.9 |
|
27-Oct-2008 |
tteras |
From Arnaud Ebalard: Fix indentation issues for readability
|
Revision tags: matt-mips64-base2 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 wrstuden-revivesa-base-1 wrstuden-revivesa-base
|
#
1.8 |
|
18-Jun-2008 |
mgrooms |
Set sockets to be closed on exec to avoid potential file descriptor inheritance issues. Submitted by Timo Teras.
|
#
1.7 |
|
18-Jun-2008 |
mgrooms |
Use utility functions to evaluate and manipulate network port values. No functional changes. Submitted by Timo Teras.
|
Revision tags: yamt-pf42-base4 yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 yamt-pf42-base keiichi-mipv6-base matt-armv6-nbase matt-armv6-prevmlocking cube-autoconf-base matt-armv6-base matt-mips64-base hpcarm-cleanup-base
|
#
1.6 |
|
16-Jul-2007 |
vanhu |
branches: 1.6.12; fixed a socket leak
|
#
1.5 |
|
15-Mar-2007 |
vanhu |
From Yves-Alexis Perez: enable monitoring of ipv6 address changes on Linux.
|
Revision tags: ipsec-tools-0_7-beta2 ipsec-tools-0_7-beta1 ipsec-tools-0_7-base netbsd-4-base
|
#
1.4 |
|
09-Sep-2006 |
manu |
branches: 1.4.2; 1.4.6; Migration of ipsec-tools to NetBSD CVS part 2: resolving the import conflicts. Since we previously had a release branch and we import here the HEAD of CVS, let's assume all local changes are to be dumped. Local patches should have been propagated upstream, anyway.
|
Revision tags: abandoned-netbsd-4-base
|
#
1.3 |
|
21-Nov-2005 |
manu |
Merge ipsec-tools 0.6.3 import
|
#
1.2 |
|
20-Aug-2005 |
manu |
Update to ipsec-tools 0.6.1
|
#
1.1 |
|
12-Feb-2005 |
manu |
branches: 1.1.1; Initial revision
|
#
1.39 |
|
25-Nov-2020 |
christos |
Reduce previous
|
#
1.38 |
|
25-Nov-2020 |
kardel |
Fix address advancing for i386 and other 32-bit platforms. Makes racoon grok IPv6 addresses again on these platforms.
|
Revision tags: netbsd-9-1-RELEASE phil-wifi-20200421 phil-wifi-20200411 is-mlppp-base phil-wifi-20200406 netbsd-9-0-RELEASE netbsd-9-0-RC2 netbsd-9-0-RC1 phil-wifi-20191119 netbsd-9-base phil-wifi-20190609 pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521
|
#
1.37 |
|
19-May-2018 |
maxv |
branches: 1.37.2; Use strict prototypes, when they don't introduce more warnings than they fix. Also localify a few functions.
|
#
1.36 |
|
19-May-2018 |
maxv |
Remove unused variables.
|
Revision tags: netbsd-8-2-RELEASE netbsd-8-1-RELEASE netbsd-8-1-RC1 netbsd-8-0-RELEASE netbsd-8-0-RC2 pgoyette-compat-0502 pgoyette-compat-0422 netbsd-8-0-RC1 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1
|
#
1.35 |
|
12-Apr-2017 |
roy |
branches: 1.35.10; Use RO_MSGFILTER.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE pgoyette-localcount-20170320 netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 bouyer-socketcan-base pgoyette-localcount-20170107 netbsd-7-1-RC1 pgoyette-localcount-20161104 netbsd-7-0-2-RELEASE localcount-20160914 netbsd-7-nhusb-base pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.34 |
|
14-Jun-2014 |
christos |
branches: 1.34.6; 1.34.10; don't warn for 80211 messages
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15
|
#
1.33 |
|
18-Mar-2014 |
riastradh |
branches: 1.33.2; Merge riastradh-drm2 to HEAD.
|
Revision tags: riastradh-drm2-base3 riastradh-drm2-base2 riastradh-drm2-base1
|
#
1.32 |
|
18-Jul-2013 |
christos |
add RTM_LOSING, RTM_REDIRECT
|
Revision tags: riastradh-drm2-base
|
#
1.31 |
|
12-Apr-2013 |
tteras |
branches: 1.31.4; Some logging improvements.
|
Revision tags: agc-symver-base
|
#
1.30 |
|
05-Feb-2013 |
tteras |
Fix source port selection
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 yamt-pagecache-base8 netbsd-6-0-1-RELEASE yamt-pagecache-base7 matt-nb6-plus-nbase yamt-pagecache-base6 netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 yamt-pagecache-base5 yamt-pagecache-base4 netbsd-6-base
|
#
1.29 |
|
01-Jan-2012 |
tteras |
branches: 1.29.6; Fix myaddr_getsport() to return -1 if no suitable address is found. This is used in pfkey.c:pk_recvacquire() to check if IKE negotiation should be started or not.
|
Revision tags: ipsec-tools-0_8_1 yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base cherry-xenmp-base ipsec-tools-0_8_0
|
#
1.28 |
|
14-Mar-2011 |
tteras |
branches: 1.28.2; 1.28.6; Explicitly compare return value of cmpsaddr() against a return value define to make it more obvious what is the intended action. One more return value is also added, to fix comparison of security policy descriptors. Namely, getsp() should not allow wildcard matching (as the comment says, it does exact matching) - otherwise we get problems when kernel has generic policy with no ports, and a second similar policy with ports.
|
Revision tags: bouyer-quota2-nbase bouyer-quota2-base matt-mips64-premerge-20101231
|
#
1.27 |
|
03-Dec-2010 |
tteras |
Netlink deletion notification does not guarentee actual address deletion: it might still exist on some other interface. Make sure we do not unbind unless the address is really gone.
|
#
1.26 |
|
22-Oct-2010 |
tteras |
Change Linux Netlink address monitoring to monitor local route changes. This works around a kernel bug, and slightly improves behaviour on some special cases.
|
#
1.25 |
|
21-Oct-2010 |
tteras |
Introduce priorities for file descriptor polling mechanism and give priority to admin port. If admin port is used by ISAKMP-SA hook scripts they should be preferred, other wise heavy traffic can delay admin port requests considerably. This in turn may cause renegotiation loop for ISAKMP-SA. This is mostly useful for OpenNHRP setup, but can benefit other setups too.
|
#
1.24 |
|
20-Oct-2010 |
tteras |
Fix address comparison so we actually close sockets which were bound to IP-address that got deconfigured.
|
Revision tags: matt-premerge-20091211
|
#
1.23 |
|
03-Jul-2009 |
tteras |
Get rid of the evil CMPSADDR macro. Trac #295.
|
Revision tags: jym-xensuspend-nbase jym-xensuspend-base
|
#
1.22 |
|
21-Apr-2009 |
tteras |
Fix strict_address to work again. The lists needs to be initialized before configuration is read, which happens before my_addr_init() call.
|
#
1.21 |
|
23-Jan-2009 |
tteras |
branches: 1.21.2; Remove "fastquit" configure option and make it the default behaviour. The previous normal behaviour is buggy, as after flush kernel can immediately create larval SA:s which would prevent exit.
|
#
1.20 |
|
24-Dec-2008 |
christos |
remove sin{6,}_len linux does not have it. From Timo Teras.
|
#
1.19 |
|
24-Dec-2008 |
christos |
I was wrong. addr is actually set.
|
#
1.18 |
|
24-Dec-2008 |
christos |
- make this compile by zeroing out the whole structure not just bogus fields. - set length field of sockets appropriately. - mark bogus no-op code (I don't understand what the author intended here).
|
#
1.17 |
|
23-Dec-2008 |
tteras |
rewrite local address detection make some functions static that arr not needed globally rework how fd_set is construction for the main loop select()
|
#
1.16 |
|
11-Dec-2008 |
vanhu |
Fixed compilation on FreeBSD (RTM_IFINFO and RTM_OIFINFO stuff)
|
#
1.15 |
|
25-Nov-2008 |
bad |
Ignore unspecified and looback addresses. Ignoring unspecified addresses prevents racoon from trying to bind to the wildcard address and specific addresses simultaneously after e.g. dhclient has changed an interface's address to 0.0.0.0.
|
#
1.14 |
|
25-Nov-2008 |
bad |
RTM_DELETE and RTM_IFINFO don't carry info for added or deleted addresses. Ignore them silently.
|
#
1.13 |
|
25-Nov-2008 |
bad |
Ignoring an unsuitable address is not an error. Therefore log it as informational. Make it clear from the log message that a route message is not interesting.
|
#
1.12 |
|
25-Nov-2008 |
bad |
Use insmyaddr() instead of open coding it.
|
#
1.11 |
|
25-Nov-2008 |
bad |
Keep myaddr.sock at -1 when no socket is opened.
|
Revision tags: netbsd-5-0-RC1 netbsd-5-base
|
#
1.10 |
|
27-Oct-2008 |
tteras |
branches: 1.10.2; From Francis Dupont (sent by Arnaud Ebalard): recognize RTM_IFANNOUNCE
|
#
1.9 |
|
27-Oct-2008 |
tteras |
From Arnaud Ebalard: Fix indentation issues for readability
|
Revision tags: matt-mips64-base2 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 wrstuden-revivesa-base-1 wrstuden-revivesa-base
|
#
1.8 |
|
18-Jun-2008 |
mgrooms |
Set sockets to be closed on exec to avoid potential file descriptor inheritance issues. Submitted by Timo Teras.
|
#
1.7 |
|
18-Jun-2008 |
mgrooms |
Use utility functions to evaluate and manipulate network port values. No functional changes. Submitted by Timo Teras.
|
Revision tags: yamt-pf42-base4 yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 yamt-pf42-base keiichi-mipv6-base matt-armv6-nbase matt-armv6-prevmlocking cube-autoconf-base matt-armv6-base matt-mips64-base hpcarm-cleanup-base
|
#
1.6 |
|
16-Jul-2007 |
vanhu |
branches: 1.6.12; fixed a socket leak
|
#
1.5 |
|
15-Mar-2007 |
vanhu |
From Yves-Alexis Perez: enable monitoring of ipv6 address changes on Linux.
|
Revision tags: ipsec-tools-0_7-beta2 ipsec-tools-0_7-beta1 ipsec-tools-0_7-base netbsd-4-base
|
#
1.4 |
|
09-Sep-2006 |
manu |
branches: 1.4.2; 1.4.6; Migration of ipsec-tools to NetBSD CVS part 2: resolving the import conflicts. Since we previously had a release branch and we import here the HEAD of CVS, let's assume all local changes are to be dumped. Local patches should have been propagated upstream, anyway.
|
Revision tags: abandoned-netbsd-4-base
|
#
1.3 |
|
21-Nov-2005 |
manu |
Merge ipsec-tools 0.6.3 import
|
#
1.2 |
|
20-Aug-2005 |
manu |
Update to ipsec-tools 0.6.1
|
#
1.1 |
|
12-Feb-2005 |
manu |
branches: 1.1.1; Initial revision
|
Revision tags: pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521
|
#
1.37 |
|
19-May-2018 |
maxv |
Use strict prototypes, when they don't introduce more warnings than they fix. Also localify a few functions.
|
#
1.36 |
|
19-May-2018 |
maxv |
Remove unused variables.
|
Revision tags: netbsd-8-0-RELEASE netbsd-8-0-RC2 pgoyette-compat-0502 pgoyette-compat-0422 netbsd-8-0-RC1 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 pgoyette-compat-base matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1
|
#
1.35 |
|
12-Apr-2017 |
roy |
branches: 1.35.10; Use RO_MSGFILTER.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE pgoyette-localcount-20170320 netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 bouyer-socketcan-base pgoyette-localcount-20170107 netbsd-7-1-RC1 pgoyette-localcount-20161104 netbsd-7-0-2-RELEASE localcount-20160914 netbsd-7-nhusb-base pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.34 |
|
14-Jun-2014 |
christos |
branches: 1.34.6; 1.34.10; don't warn for 80211 messages
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15
|
#
1.33 |
|
18-Mar-2014 |
riastradh |
branches: 1.33.2; Merge riastradh-drm2 to HEAD.
|
Revision tags: riastradh-drm2-base3 riastradh-drm2-base2 riastradh-drm2-base1
|
#
1.32 |
|
18-Jul-2013 |
christos |
add RTM_LOSING, RTM_REDIRECT
|
Revision tags: riastradh-drm2-base
|
#
1.31 |
|
12-Apr-2013 |
tteras |
branches: 1.31.4; Some logging improvements.
|
Revision tags: agc-symver-base
|
#
1.30 |
|
05-Feb-2013 |
tteras |
Fix source port selection
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 yamt-pagecache-base8 netbsd-6-0-1-RELEASE yamt-pagecache-base7 matt-nb6-plus-nbase yamt-pagecache-base6 netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 yamt-pagecache-base5 yamt-pagecache-base4 netbsd-6-base
|
#
1.29 |
|
01-Jan-2012 |
tteras |
branches: 1.29.6; Fix myaddr_getsport() to return -1 if no suitable address is found. This is used in pfkey.c:pk_recvacquire() to check if IKE negotiation should be started or not.
|
Revision tags: ipsec-tools-0_8_1 yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base cherry-xenmp-base ipsec-tools-0_8_0
|
#
1.28 |
|
14-Mar-2011 |
tteras |
branches: 1.28.2; 1.28.6; Explicitly compare return value of cmpsaddr() against a return value define to make it more obvious what is the intended action. One more return value is also added, to fix comparison of security policy descriptors. Namely, getsp() should not allow wildcard matching (as the comment says, it does exact matching) - otherwise we get problems when kernel has generic policy with no ports, and a second similar policy with ports.
|
Revision tags: bouyer-quota2-nbase bouyer-quota2-base matt-mips64-premerge-20101231
|
#
1.27 |
|
03-Dec-2010 |
tteras |
Netlink deletion notification does not guarentee actual address deletion: it might still exist on some other interface. Make sure we do not unbind unless the address is really gone.
|
#
1.26 |
|
22-Oct-2010 |
tteras |
Change Linux Netlink address monitoring to monitor local route changes. This works around a kernel bug, and slightly improves behaviour on some special cases.
|
#
1.25 |
|
21-Oct-2010 |
tteras |
Introduce priorities for file descriptor polling mechanism and give priority to admin port. If admin port is used by ISAKMP-SA hook scripts they should be preferred, other wise heavy traffic can delay admin port requests considerably. This in turn may cause renegotiation loop for ISAKMP-SA. This is mostly useful for OpenNHRP setup, but can benefit other setups too.
|
#
1.24 |
|
20-Oct-2010 |
tteras |
Fix address comparison so we actually close sockets which were bound to IP-address that got deconfigured.
|
Revision tags: matt-premerge-20091211
|
#
1.23 |
|
03-Jul-2009 |
tteras |
Get rid of the evil CMPSADDR macro. Trac #295.
|
Revision tags: jym-xensuspend-nbase jym-xensuspend-base
|
#
1.22 |
|
21-Apr-2009 |
tteras |
Fix strict_address to work again. The lists needs to be initialized before configuration is read, which happens before my_addr_init() call.
|
#
1.21 |
|
23-Jan-2009 |
tteras |
branches: 1.21.2; Remove "fastquit" configure option and make it the default behaviour. The previous normal behaviour is buggy, as after flush kernel can immediately create larval SA:s which would prevent exit.
|
#
1.20 |
|
24-Dec-2008 |
christos |
remove sin{6,}_len linux does not have it. From Timo Teras.
|
#
1.19 |
|
24-Dec-2008 |
christos |
I was wrong. addr is actually set.
|
#
1.18 |
|
24-Dec-2008 |
christos |
- make this compile by zeroing out the whole structure not just bogus fields. - set length field of sockets appropriately. - mark bogus no-op code (I don't understand what the author intended here).
|
#
1.17 |
|
23-Dec-2008 |
tteras |
rewrite local address detection make some functions static that arr not needed globally rework how fd_set is construction for the main loop select()
|
#
1.16 |
|
11-Dec-2008 |
vanhu |
Fixed compilation on FreeBSD (RTM_IFINFO and RTM_OIFINFO stuff)
|
#
1.15 |
|
25-Nov-2008 |
bad |
Ignore unspecified and looback addresses. Ignoring unspecified addresses prevents racoon from trying to bind to the wildcard address and specific addresses simultaneously after e.g. dhclient has changed an interface's address to 0.0.0.0.
|
#
1.14 |
|
25-Nov-2008 |
bad |
RTM_DELETE and RTM_IFINFO don't carry info for added or deleted addresses. Ignore them silently.
|
#
1.13 |
|
25-Nov-2008 |
bad |
Ignoring an unsuitable address is not an error. Therefore log it as informational. Make it clear from the log message that a route message is not interesting.
|
#
1.12 |
|
25-Nov-2008 |
bad |
Use insmyaddr() instead of open coding it.
|
#
1.11 |
|
25-Nov-2008 |
bad |
Keep myaddr.sock at -1 when no socket is opened.
|
Revision tags: netbsd-5-0-RC1 netbsd-5-base
|
#
1.10 |
|
27-Oct-2008 |
tteras |
branches: 1.10.2; From Francis Dupont (sent by Arnaud Ebalard): recognize RTM_IFANNOUNCE
|
#
1.9 |
|
27-Oct-2008 |
tteras |
From Arnaud Ebalard: Fix indentation issues for readability
|
Revision tags: matt-mips64-base2 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 wrstuden-revivesa-base-1 wrstuden-revivesa-base
|
#
1.8 |
|
18-Jun-2008 |
mgrooms |
Set sockets to be closed on exec to avoid potential file descriptor inheritance issues. Submitted by Timo Teras.
|
#
1.7 |
|
18-Jun-2008 |
mgrooms |
Use utility functions to evaluate and manipulate network port values. No functional changes. Submitted by Timo Teras.
|
Revision tags: yamt-pf42-base4 yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 yamt-pf42-base keiichi-mipv6-base matt-armv6-nbase matt-armv6-prevmlocking cube-autoconf-base matt-armv6-base matt-mips64-base hpcarm-cleanup-base
|
#
1.6 |
|
16-Jul-2007 |
vanhu |
branches: 1.6.12; fixed a socket leak
|
#
1.5 |
|
15-Mar-2007 |
vanhu |
From Yves-Alexis Perez: enable monitoring of ipv6 address changes on Linux.
|
Revision tags: ipsec-tools-0_7-beta2 ipsec-tools-0_7-beta1 ipsec-tools-0_7-base netbsd-4-base
|
#
1.4 |
|
09-Sep-2006 |
manu |
branches: 1.4.2; 1.4.6; Migration of ipsec-tools to NetBSD CVS part 2: resolving the import conflicts. Since we previously had a release branch and we import here the HEAD of CVS, let's assume all local changes are to be dumped. Local patches should have been propagated upstream, anyway.
|
Revision tags: abandoned-netbsd-4-base
|
#
1.3 |
|
21-Nov-2005 |
manu |
Merge ipsec-tools 0.6.3 import
|
#
1.2 |
|
20-Aug-2005 |
manu |
Update to ipsec-tools 0.6.1
|
#
1.1 |
|
12-Feb-2005 |
manu |
branches: 1.1.1; Initial revision
|
Revision tags: prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1
|
#
1.35 |
|
12-Apr-2017 |
roy |
Use RO_MSGFILTER.
|
Revision tags: pgoyette-localcount-20170320 netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 bouyer-socketcan-base pgoyette-localcount-20170107 netbsd-7-1-RC1 pgoyette-localcount-20161104 netbsd-7-0-2-RELEASE localcount-20160914 netbsd-7-nhusb-base pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.34 |
|
14-Jun-2014 |
christos |
branches: 1.34.6; 1.34.10; don't warn for 80211 messages
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15
|
#
1.33 |
|
18-Mar-2014 |
riastradh |
branches: 1.33.2; Merge riastradh-drm2 to HEAD.
|
Revision tags: riastradh-drm2-base3 riastradh-drm2-base2 riastradh-drm2-base1
|
#
1.32 |
|
18-Jul-2013 |
christos |
add RTM_LOSING, RTM_REDIRECT
|
Revision tags: riastradh-drm2-base
|
#
1.31 |
|
12-Apr-2013 |
tteras |
branches: 1.31.4; Some logging improvements.
|
Revision tags: agc-symver-base
|
#
1.30 |
|
05-Feb-2013 |
tteras |
Fix source port selection
|
Revision tags: netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 yamt-pagecache-base8 netbsd-6-0-1-RELEASE yamt-pagecache-base7 matt-nb6-plus-nbase yamt-pagecache-base6 netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 yamt-pagecache-base5 yamt-pagecache-base4 netbsd-6-base
|
#
1.29 |
|
01-Jan-2012 |
tteras |
branches: 1.29.6; Fix myaddr_getsport() to return -1 if no suitable address is found. This is used in pfkey.c:pk_recvacquire() to check if IKE negotiation should be started or not.
|
Revision tags: ipsec-tools-0_8_1 yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base cherry-xenmp-base ipsec-tools-0_8_0
|
#
1.28 |
|
14-Mar-2011 |
tteras |
branches: 1.28.2; 1.28.6; Explicitly compare return value of cmpsaddr() against a return value define to make it more obvious what is the intended action. One more return value is also added, to fix comparison of security policy descriptors. Namely, getsp() should not allow wildcard matching (as the comment says, it does exact matching) - otherwise we get problems when kernel has generic policy with no ports, and a second similar policy with ports.
|
Revision tags: bouyer-quota2-nbase bouyer-quota2-base matt-mips64-premerge-20101231
|
#
1.27 |
|
03-Dec-2010 |
tteras |
Netlink deletion notification does not guarentee actual address deletion: it might still exist on some other interface. Make sure we do not unbind unless the address is really gone.
|
#
1.26 |
|
22-Oct-2010 |
tteras |
Change Linux Netlink address monitoring to monitor local route changes. This works around a kernel bug, and slightly improves behaviour on some special cases.
|
#
1.25 |
|
21-Oct-2010 |
tteras |
Introduce priorities for file descriptor polling mechanism and give priority to admin port. If admin port is used by ISAKMP-SA hook scripts they should be preferred, other wise heavy traffic can delay admin port requests considerably. This in turn may cause renegotiation loop for ISAKMP-SA. This is mostly useful for OpenNHRP setup, but can benefit other setups too.
|
#
1.24 |
|
20-Oct-2010 |
tteras |
Fix address comparison so we actually close sockets which were bound to IP-address that got deconfigured.
|
Revision tags: matt-premerge-20091211
|
#
1.23 |
|
03-Jul-2009 |
tteras |
Get rid of the evil CMPSADDR macro. Trac #295.
|
Revision tags: jym-xensuspend-nbase jym-xensuspend-base
|
#
1.22 |
|
21-Apr-2009 |
tteras |
Fix strict_address to work again. The lists needs to be initialized before configuration is read, which happens before my_addr_init() call.
|
#
1.21 |
|
23-Jan-2009 |
tteras |
branches: 1.21.2; Remove "fastquit" configure option and make it the default behaviour. The previous normal behaviour is buggy, as after flush kernel can immediately create larval SA:s which would prevent exit.
|
#
1.20 |
|
24-Dec-2008 |
christos |
remove sin{6,}_len linux does not have it. From Timo Teras.
|
#
1.19 |
|
24-Dec-2008 |
christos |
I was wrong. addr is actually set.
|
#
1.18 |
|
24-Dec-2008 |
christos |
- make this compile by zeroing out the whole structure not just bogus fields. - set length field of sockets appropriately. - mark bogus no-op code (I don't understand what the author intended here).
|
#
1.17 |
|
23-Dec-2008 |
tteras |
rewrite local address detection make some functions static that arr not needed globally rework how fd_set is construction for the main loop select()
|
#
1.16 |
|
11-Dec-2008 |
vanhu |
Fixed compilation on FreeBSD (RTM_IFINFO and RTM_OIFINFO stuff)
|
#
1.15 |
|
25-Nov-2008 |
bad |
Ignore unspecified and looback addresses. Ignoring unspecified addresses prevents racoon from trying to bind to the wildcard address and specific addresses simultaneously after e.g. dhclient has changed an interface's address to 0.0.0.0.
|
#
1.14 |
|
25-Nov-2008 |
bad |
RTM_DELETE and RTM_IFINFO don't carry info for added or deleted addresses. Ignore them silently.
|
#
1.13 |
|
25-Nov-2008 |
bad |
Ignoring an unsuitable address is not an error. Therefore log it as informational. Make it clear from the log message that a route message is not interesting.
|
#
1.12 |
|
25-Nov-2008 |
bad |
Use insmyaddr() instead of open coding it.
|
#
1.11 |
|
25-Nov-2008 |
bad |
Keep myaddr.sock at -1 when no socket is opened.
|
Revision tags: netbsd-5-0-RC1 netbsd-5-base
|
#
1.10 |
|
27-Oct-2008 |
tteras |
branches: 1.10.2; From Francis Dupont (sent by Arnaud Ebalard): recognize RTM_IFANNOUNCE
|
#
1.9 |
|
27-Oct-2008 |
tteras |
From Arnaud Ebalard: Fix indentation issues for readability
|
Revision tags: matt-mips64-base2 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 wrstuden-revivesa-base-1 wrstuden-revivesa-base
|
#
1.8 |
|
18-Jun-2008 |
mgrooms |
Set sockets to be closed on exec to avoid potential file descriptor inheritance issues. Submitted by Timo Teras.
|
#
1.7 |
|
18-Jun-2008 |
mgrooms |
Use utility functions to evaluate and manipulate network port values. No functional changes. Submitted by Timo Teras.
|
Revision tags: yamt-pf42-base4 yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 yamt-pf42-base keiichi-mipv6-base matt-armv6-nbase matt-armv6-prevmlocking cube-autoconf-base matt-armv6-base matt-mips64-base hpcarm-cleanup-base
|
#
1.6 |
|
16-Jul-2007 |
vanhu |
branches: 1.6.12; fixed a socket leak
|
#
1.5 |
|
15-Mar-2007 |
vanhu |
From Yves-Alexis Perez: enable monitoring of ipv6 address changes on Linux.
|
Revision tags: ipsec-tools-0_7-beta2 ipsec-tools-0_7-beta1 ipsec-tools-0_7-base netbsd-4-base
|
#
1.4 |
|
09-Sep-2006 |
manu |
branches: 1.4.2; 1.4.6; Migration of ipsec-tools to NetBSD CVS part 2: resolving the import conflicts. Since we previously had a release branch and we import here the HEAD of CVS, let's assume all local changes are to be dumped. Local patches should have been propagated upstream, anyway.
|
Revision tags: abandoned-netbsd-4-base
|
#
1.3 |
|
21-Nov-2005 |
manu |
Merge ipsec-tools 0.6.3 import
|
#
1.2 |
|
20-Aug-2005 |
manu |
Update to ipsec-tools 0.6.1
|
#
1.1 |
|
12-Feb-2005 |
manu |
branches: 1.1.1; Initial revision
|
#
1.34 |
|
14-Jun-2014 |
christos |
don't warn for 80211 messages
|
#
1.33 |
|
18-Mar-2014 |
riastradh |
branches: 1.33.2; Merge riastradh-drm2 to HEAD.
|
#
1.32 |
|
18-Jul-2013 |
christos |
add RTM_LOSING, RTM_REDIRECT
|
#
1.31 |
|
12-Apr-2013 |
tteras |
branches: 1.31.4; Some logging improvements.
|
#
1.30 |
|
05-Feb-2013 |
tteras |
Fix source port selection
|
#
1.29 |
|
01-Jan-2012 |
tteras |
branches: 1.29.6; Fix myaddr_getsport() to return -1 if no suitable address is found. This is used in pfkey.c:pk_recvacquire() to check if IKE negotiation should be started or not.
|
#
1.28 |
|
14-Mar-2011 |
tteras |
branches: 1.28.2; 1.28.6; Explicitly compare return value of cmpsaddr() against a return value define to make it more obvious what is the intended action. One more return value is also added, to fix comparison of security policy descriptors. Namely, getsp() should not allow wildcard matching (as the comment says, it does exact matching) - otherwise we get problems when kernel has generic policy with no ports, and a second similar policy with ports.
|
#
1.27 |
|
03-Dec-2010 |
tteras |
Netlink deletion notification does not guarentee actual address deletion: it might still exist on some other interface. Make sure we do not unbind unless the address is really gone.
|
#
1.26 |
|
22-Oct-2010 |
tteras |
Change Linux Netlink address monitoring to monitor local route changes. This works around a kernel bug, and slightly improves behaviour on some special cases.
|
#
1.25 |
|
21-Oct-2010 |
tteras |
Introduce priorities for file descriptor polling mechanism and give priority to admin port. If admin port is used by ISAKMP-SA hook scripts they should be preferred, other wise heavy traffic can delay admin port requests considerably. This in turn may cause renegotiation loop for ISAKMP-SA. This is mostly useful for OpenNHRP setup, but can benefit other setups too.
|
#
1.24 |
|
20-Oct-2010 |
tteras |
Fix address comparison so we actually close sockets which were bound to IP-address that got deconfigured.
|
#
1.23 |
|
03-Jul-2009 |
tteras |
Get rid of the evil CMPSADDR macro. Trac #295.
|
#
1.22 |
|
21-Apr-2009 |
tteras |
Fix strict_address to work again. The lists needs to be initialized before configuration is read, which happens before my_addr_init() call.
|
#
1.21 |
|
23-Jan-2009 |
tteras |
branches: 1.21.2; Remove "fastquit" configure option and make it the default behaviour. The previous normal behaviour is buggy, as after flush kernel can immediately create larval SA:s which would prevent exit.
|
#
1.20 |
|
24-Dec-2008 |
christos |
remove sin{6,}_len linux does not have it. From Timo Teras.
|
#
1.19 |
|
24-Dec-2008 |
christos |
I was wrong. addr is actually set.
|
#
1.18 |
|
24-Dec-2008 |
christos |
- make this compile by zeroing out the whole structure not just bogus fields. - set length field of sockets appropriately. - mark bogus no-op code (I don't understand what the author intended here).
|
#
1.17 |
|
23-Dec-2008 |
tteras |
rewrite local address detection make some functions static that arr not needed globally rework how fd_set is construction for the main loop select()
|
#
1.16 |
|
11-Dec-2008 |
vanhu |
Fixed compilation on FreeBSD (RTM_IFINFO and RTM_OIFINFO stuff)
|
#
1.15 |
|
25-Nov-2008 |
bad |
Ignore unspecified and looback addresses. Ignoring unspecified addresses prevents racoon from trying to bind to the wildcard address and specific addresses simultaneously after e.g. dhclient has changed an interface's address to 0.0.0.0.
|
#
1.14 |
|
25-Nov-2008 |
bad |
RTM_DELETE and RTM_IFINFO don't carry info for added or deleted addresses. Ignore them silently.
|
#
1.13 |
|
25-Nov-2008 |
bad |
Ignoring an unsuitable address is not an error. Therefore log it as informational. Make it clear from the log message that a route message is not interesting.
|
#
1.12 |
|
25-Nov-2008 |
bad |
Use insmyaddr() instead of open coding it.
|
#
1.11 |
|
25-Nov-2008 |
bad |
Keep myaddr.sock at -1 when no socket is opened.
|
#
1.10 |
|
27-Oct-2008 |
tteras |
branches: 1.10.2; From Francis Dupont (sent by Arnaud Ebalard): recognize RTM_IFANNOUNCE
|
#
1.9 |
|
27-Oct-2008 |
tteras |
From Arnaud Ebalard: Fix indentation issues for readability
|
#
1.8 |
|
18-Jun-2008 |
mgrooms |
Set sockets to be closed on exec to avoid potential file descriptor inheritance issues. Submitted by Timo Teras.
|
#
1.7 |
|
18-Jun-2008 |
mgrooms |
Use utility functions to evaluate and manipulate network port values. No functional changes. Submitted by Timo Teras.
|
#
1.6 |
|
16-Jul-2007 |
vanhu |
branches: 1.6.12; fixed a socket leak
|
#
1.5 |
|
15-Mar-2007 |
vanhu |
From Yves-Alexis Perez: enable monitoring of ipv6 address changes on Linux.
|
#
1.4 |
|
08-Sep-2006 |
manu |
branches: 1.4.2; 1.4.6; Migration of ipsec-tools to NetBSD CVS part 2: resolving the import conflicts. Since we previously had a release branch and we import here the HEAD of CVS, let's assume all local changes are to be dumped. Local patches should have been propagated upstream, anyway.
|
#
1.3 |
|
21-Nov-2005 |
manu |
Merge ipsec-tools 0.6.3 import
|
#
1.2 |
|
19-Aug-2005 |
manu |
Update to ipsec-tools 0.6.1
|
#
1.1 |
|
12-Feb-2005 |
manu |
branches: 1.1.1; Initial revision
|
#
1.1.1.4 |
|
08-Sep-2006 |
manu |
Migrate ipsec-tools CVS to cvs.netbsd.org
|
#
1.1.1.3 |
|
07-Aug-2005 |
manu |
Update ipsec-tools to 0.6.1rc1 Most of the changes since 0.6b4 have already been committed to the NetBSD tree. This upgrade fixes some IPcomp and NAT-T related problems that were left unadressed in the NetBSD tree.
|
#
1.1.1.2 |
|
23-Feb-2005 |
manu |
branches: 1.1.1.2.2; Import ipsec-tools 0.6 branch as of 2005/02/23. News from last imported version according to ipsec-tools' ChangeLog:
2005-02-23 Emmanuel Dreyfus <manu@netbsd.org>
* configure.ac, src/racoon/{Makefile.am|crypto_openssl.c}: optionnal support for patented algorithms: IDEA and RC5. * src/racoon/{isakmp_xauth.c|main.c}: don't initialize RADIUS if it is not required in the configuration * src/racoon/isakmp.c: do not reject addresses for which kernel refused UDP encapsulation, they can still be used for non NAT-T traffic (eg: NAT-T enabled racoon on non NAT-T enabled kernel)
2005-02-18 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/{main.c|eaytest.c|plairsa-gen.c} src/setkey/setkey.c: don't use fuzzy paths for package_version.h
2005-02-18 Yvan Vanhullebus <vanhu@free.fr>
* src/racoon/isakmp_inf.c: Purge generated SPDs when getting a related DELETE_SA * src/racoon/pfkey.c: do NOT unbindph12() when SA acquire
2005-02-17 Emmanuel Dreyfus <manu@netbsd.org>
From Fred Senault <fred.letter@lacave.net> * src/racoon/remoteconf.c: Fix a bug in script init
2005-02-17 Yvan Vanhullebus <vanhu@free.fr>
* src/racoon/ipsec_doi.c: Workaround for phase1 lifetime checks
2005-02-15 Michal Ludvig <michal@logix.cz>
* configure.ac: Changed --enable-natt_NN to --enable-natt-versions=NN,NN
|
#
1.1.1.1 |
|
12-Feb-2005 |
manu |
Import ipsec-tools (tag ipsec-tools-0_6-base in ipsec-tools CVS) ipsec-tools is a fork from KAME racoon/libipsec/setkey, with many enhancements.
|
#
1.1.1.2.2.2 |
|
21-Nov-2005 |
tron |
Apply patch (requested by manu in ticket #981): Update ipsec-tools to version 0.6.3.
|
#
1.1.1.2.2.1 |
|
03-Sep-2005 |
snj |
Apply patch (requested by tron in ticket #741): Update ipsec-tools to version 0.6.1.
|
#
1.4.6.3 |
|
18-Jun-2008 |
mgrooms |
Use utility functions to evaluate and manipulate network port values. No functional changes. Submitted by Timo Teras.
|
#
1.4.6.2 |
|
15-Jul-2007 |
vanhu |
fixed a socket leak
|
#
1.4.6.1 |
|
15-Mar-2007 |
vanhu |
From Yves-Alexis Perez: enable monitoring of ipv6 address changes on Linux.
|
#
1.4.2.3 |
|
18-Aug-2008 |
jdc |
Upgrade ipsec-tools to release 0.7.1 (requested by manu in ticket #1183).
|
#
1.4.2.2 |
|
28-Aug-2007 |
liamjfoy |
branches: 1.4.2.2.2; Pull up following revision(s) (requested by manu in ticket #830):
Import ipsec-tools 0.7
|
#
1.4.2.1 |
|
13-May-2007 |
jdc |
branches: 1.4.2.1.2; Upgrade ipsec-tools to 0.7-beta3 (Requested by manu in ticket #634).
|
#
1.4.2.2.2.1 |
|
18-Aug-2008 |
jdc |
Upgrade ipsec-tools to release 0.7.1 (requested by manu in ticket #1183).
|
#
1.4.2.1.2.2 |
|
04-Sep-2008 |
skrll |
Sync with netbsd-4.
|
#
1.4.2.1.2.1 |
|
03-Sep-2007 |
wrstuden |
Sync w/ NetBSD-4-RC_1
|
#
1.6.12.1 |
|
22-Jun-2008 |
wrstuden |
Sync w/ -current. 34 merge conflicts to follow.
|
#
1.10.2.1 |
|
08-Feb-2009 |
snj |
Apply patch (requested by manu/spz in #378): Downgrade ipsec-tools to 0.7.1nb1.
|
#
1.21.2.1 |
|
13-May-2009 |
jym |
Sync with HEAD.
Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
|
#
1.28.6.2 |
|
22-May-2014 |
yamt |
sync with head.
for a reference, the tree before this commit was tagged as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid a limitation of cvs. ("Protocol error: too many arguments")
|
#
1.28.6.1 |
|
16-Apr-2012 |
yamt |
sync with head
|
#
1.28.2.2 |
|
12-Apr-2013 |
tteras |
Some logging improvements.
|
#
1.28.2.1 |
|
05-Feb-2013 |
tteras |
Fix source port selection
|
#
1.29.6.3 |
|
19-Aug-2014 |
tls |
Rebase to HEAD as of a few days ago.
|
#
1.29.6.2 |
|
23-Jun-2013 |
tls |
resync from head
|
#
1.29.6.1 |
|
24-Feb-2013 |
tls |
resync with head
|
#
1.31.4.1 |
|
23-Jul-2013 |
riastradh |
sync with HEAD
|
#
1.33.2.1 |
|
10-Aug-2014 |
tls |
Rebase.
|