cast to the correct message structure (rt_msghdr instead of if_msghdr)

Reduce previous

Fix address advancing for i386 and other 32-bit platforms.
Makes racoon grok IPv6 addresses again on these platforms.

branches: 1.37.2;
Use strict prototypes, when they don't introduce more warnings than they fix.
Also localify a few functions.

Remove unused variables.

branches: 1.35.10;
Use RO_MSGFILTER.

branches: 1.34.6; 1.34.10;
don't warn for 80211 messages

branches: 1.33.2;
Merge riastradh-drm2 to HEAD.

add RTM_LOSING, RTM_REDIRECT

branches: 1.31.4;
Some logging improvements.

Fix source port selection

branches: 1.29.6;
Fix myaddr_getsport() to return -1 if no suitable address is found. This is
used in pfkey.c:pk_recvacquire() to check if IKE negotiation should be
started or not.

branches: 1.28.2; 1.28.6;
Explicitly compare return value of cmpsaddr() against a return value
define to make it more obvious what is the intended action. One more
return value is also added, to fix comparison of security policy
descriptors. Namely, getsp() should not allow wildcard matching (as the
comment says, it does exact matching) - otherwise we get problems when
kernel has generic policy with no ports, and a second similar policy with
ports.

Netlink deletion notification does not guarentee actual address deletion:
it might still exist on some other interface. Make sure we do not unbind
unless the address is really gone.

Change Linux Netlink address monitoring to monitor local route changes.
This works around a kernel bug, and slightly improves behaviour on some
special cases.

Introduce priorities for file descriptor polling mechanism and give
priority to admin port. If admin port is used by ISAKMP-SA hook scripts
they should be preferred, other wise heavy traffic can delay admin port
requests considerably. This in turn may cause renegotiation loop for
ISAKMP-SA. This is mostly useful for OpenNHRP setup, but can benefit
other setups too.

Fix address comparison so we actually close sockets which were bound to
IP-address that got deconfigured.

Get rid of the evil CMPSADDR macro. Trac #295.

Fix strict_address to work again. The lists needs to be initialized
before configuration is read, which happens before my_addr_init() call.

branches: 1.21.2;
Remove "fastquit" configure option and make it the default behaviour. The
previous normal behaviour is buggy, as after flush kernel can immediately
create larval SA:s which would prevent exit.

remove sin{6,}_len linux does not have it. From Timo Teras.

I was wrong. addr is actually set.

- make this compile by zeroing out the whole structure not just bogus fields.
- set length field of sockets appropriately.
- mark bogus no-op code (I don't understand what the author intended here).

rewrite local address detection
make some functions static that arr not needed globally
rework how fd_set is construction for the main loop select()

Fixed compilation on FreeBSD (RTM_IFINFO and RTM_OIFINFO stuff)

Ignore unspecified and looback addresses. Ignoring unspecified addresses
prevents racoon from trying to bind to the wildcard address and specific
addresses simultaneously after e.g. dhclient has changed an interface's
address to 0.0.0.0.

RTM_DELETE and RTM_IFINFO don't carry info for added or deleted addresses.
Ignore them silently.

Ignoring an unsuitable address is not an error. Therefore log it as
informational.
Make it clear from the log message that a route message is not interesting.

Use insmyaddr() instead of open coding it.

Keep myaddr.sock at -1 when no socket is opened.

branches: 1.10.2;
From Francis Dupont (sent by Arnaud Ebalard):
recognize RTM_IFANNOUNCE

From Arnaud Ebalard:
Fix indentation issues for readability

Set sockets to be closed on exec to avoid potential file descriptor inheritance issues. Submitted by Timo Teras.

Use utility functions to evaluate and manipulate network port values. No functional changes. Submitted by Timo Teras.

branches: 1.6.12;
fixed a socket leak

From Yves-Alexis Perez: enable monitoring of ipv6 address changes on Linux.

branches: 1.4.2; 1.4.6;
Migration of ipsec-tools to NetBSD CVS part 2: resolving the import conflicts.
Since we previously had a release branch and we import here the HEAD of CVS,
let's assume all local changes are to be dumped. Local patches should have
been propagated upstream, anyway.

Merge ipsec-tools 0.6.3 import

Update to ipsec-tools 0.6.1

branches: 1.1.1;
Initial revision

Reduce previous

Fix address advancing for i386 and other 32-bit platforms.
Makes racoon grok IPv6 addresses again on these platforms.

branches: 1.37.2;
Use strict prototypes, when they don't introduce more warnings than they fix.
Also localify a few functions.

Remove unused variables.

branches: 1.35.10;
Use RO_MSGFILTER.

branches: 1.34.6; 1.34.10;
don't warn for 80211 messages

branches: 1.33.2;
Merge riastradh-drm2 to HEAD.

add RTM_LOSING, RTM_REDIRECT

branches: 1.31.4;
Some logging improvements.

Fix source port selection

branches: 1.29.6;
Fix myaddr_getsport() to return -1 if no suitable address is found. This is
used in pfkey.c:pk_recvacquire() to check if IKE negotiation should be
started or not.

branches: 1.28.2; 1.28.6;
Explicitly compare return value of cmpsaddr() against a return value
define to make it more obvious what is the intended action. One more
return value is also added, to fix comparison of security policy
descriptors. Namely, getsp() should not allow wildcard matching (as the
comment says, it does exact matching) - otherwise we get problems when
kernel has generic policy with no ports, and a second similar policy with
ports.

Netlink deletion notification does not guarentee actual address deletion:
it might still exist on some other interface. Make sure we do not unbind
unless the address is really gone.

Change Linux Netlink address monitoring to monitor local route changes.
This works around a kernel bug, and slightly improves behaviour on some
special cases.

Introduce priorities for file descriptor polling mechanism and give
priority to admin port. If admin port is used by ISAKMP-SA hook scripts
they should be preferred, other wise heavy traffic can delay admin port
requests considerably. This in turn may cause renegotiation loop for
ISAKMP-SA. This is mostly useful for OpenNHRP setup, but can benefit
other setups too.

Fix address comparison so we actually close sockets which were bound to
IP-address that got deconfigured.

Get rid of the evil CMPSADDR macro. Trac #295.

Fix strict_address to work again. The lists needs to be initialized
before configuration is read, which happens before my_addr_init() call.

branches: 1.21.2;
Remove "fastquit" configure option and make it the default behaviour. The
previous normal behaviour is buggy, as after flush kernel can immediately
create larval SA:s which would prevent exit.

remove sin{6,}_len linux does not have it. From Timo Teras.

I was wrong. addr is actually set.

- make this compile by zeroing out the whole structure not just bogus fields.
- set length field of sockets appropriately.
- mark bogus no-op code (I don't understand what the author intended here).

rewrite local address detection
make some functions static that arr not needed globally
rework how fd_set is construction for the main loop select()

Fixed compilation on FreeBSD (RTM_IFINFO and RTM_OIFINFO stuff)

Ignore unspecified and looback addresses. Ignoring unspecified addresses
prevents racoon from trying to bind to the wildcard address and specific
addresses simultaneously after e.g. dhclient has changed an interface's
address to 0.0.0.0.

RTM_DELETE and RTM_IFINFO don't carry info for added or deleted addresses.
Ignore them silently.

Ignoring an unsuitable address is not an error. Therefore log it as
informational.
Make it clear from the log message that a route message is not interesting.

Use insmyaddr() instead of open coding it.

Keep myaddr.sock at -1 when no socket is opened.

branches: 1.10.2;
From Francis Dupont (sent by Arnaud Ebalard):
recognize RTM_IFANNOUNCE

From Arnaud Ebalard:
Fix indentation issues for readability

Set sockets to be closed on exec to avoid potential file descriptor inheritance issues. Submitted by Timo Teras.

Use utility functions to evaluate and manipulate network port values. No functional changes. Submitted by Timo Teras.

branches: 1.6.12;
fixed a socket leak

From Yves-Alexis Perez: enable monitoring of ipv6 address changes on Linux.

branches: 1.4.2; 1.4.6;
Migration of ipsec-tools to NetBSD CVS part 2: resolving the import conflicts.
Since we previously had a release branch and we import here the HEAD of CVS,
let's assume all local changes are to be dumped. Local patches should have
been propagated upstream, anyway.

Merge ipsec-tools 0.6.3 import

Update to ipsec-tools 0.6.1

branches: 1.1.1;
Initial revision

Reduce previous

Fix address advancing for i386 and other 32-bit platforms.
Makes racoon grok IPv6 addresses again on these platforms.

branches: 1.37.2;
Use strict prototypes, when they don't introduce more warnings than they fix.
Also localify a few functions.

Remove unused variables.

branches: 1.35.10;
Use RO_MSGFILTER.

branches: 1.34.6; 1.34.10;
don't warn for 80211 messages

branches: 1.33.2;
Merge riastradh-drm2 to HEAD.

add RTM_LOSING, RTM_REDIRECT

branches: 1.31.4;
Some logging improvements.

Fix source port selection

branches: 1.29.6;
Fix myaddr_getsport() to return -1 if no suitable address is found. This is
used in pfkey.c:pk_recvacquire() to check if IKE negotiation should be
started or not.

branches: 1.28.2; 1.28.6;
Explicitly compare return value of cmpsaddr() against a return value
define to make it more obvious what is the intended action. One more
return value is also added, to fix comparison of security policy
descriptors. Namely, getsp() should not allow wildcard matching (as the
comment says, it does exact matching) - otherwise we get problems when
kernel has generic policy with no ports, and a second similar policy with
ports.

Netlink deletion notification does not guarentee actual address deletion:
it might still exist on some other interface. Make sure we do not unbind
unless the address is really gone.

Change Linux Netlink address monitoring to monitor local route changes.
This works around a kernel bug, and slightly improves behaviour on some
special cases.

Introduce priorities for file descriptor polling mechanism and give
priority to admin port. If admin port is used by ISAKMP-SA hook scripts
they should be preferred, other wise heavy traffic can delay admin port
requests considerably. This in turn may cause renegotiation loop for
ISAKMP-SA. This is mostly useful for OpenNHRP setup, but can benefit
other setups too.

Fix address comparison so we actually close sockets which were bound to
IP-address that got deconfigured.

Get rid of the evil CMPSADDR macro. Trac #295.

Fix strict_address to work again. The lists needs to be initialized
before configuration is read, which happens before my_addr_init() call.

branches: 1.21.2;
Remove "fastquit" configure option and make it the default behaviour. The
previous normal behaviour is buggy, as after flush kernel can immediately
create larval SA:s which would prevent exit.

remove sin{6,}_len linux does not have it. From Timo Teras.

I was wrong. addr is actually set.

- make this compile by zeroing out the whole structure not just bogus fields.
- set length field of sockets appropriately.
- mark bogus no-op code (I don't understand what the author intended here).

rewrite local address detection
make some functions static that arr not needed globally
rework how fd_set is construction for the main loop select()

Fixed compilation on FreeBSD (RTM_IFINFO and RTM_OIFINFO stuff)

Ignore unspecified and looback addresses. Ignoring unspecified addresses
prevents racoon from trying to bind to the wildcard address and specific
addresses simultaneously after e.g. dhclient has changed an interface's
address to 0.0.0.0.

RTM_DELETE and RTM_IFINFO don't carry info for added or deleted addresses.
Ignore them silently.

Ignoring an unsuitable address is not an error. Therefore log it as
informational.
Make it clear from the log message that a route message is not interesting.

Use insmyaddr() instead of open coding it.

Keep myaddr.sock at -1 when no socket is opened.

branches: 1.10.2;
From Francis Dupont (sent by Arnaud Ebalard):
recognize RTM_IFANNOUNCE

From Arnaud Ebalard:
Fix indentation issues for readability

Set sockets to be closed on exec to avoid potential file descriptor inheritance issues. Submitted by Timo Teras.

Use utility functions to evaluate and manipulate network port values. No functional changes. Submitted by Timo Teras.

branches: 1.6.12;
fixed a socket leak

From Yves-Alexis Perez: enable monitoring of ipv6 address changes on Linux.

branches: 1.4.2; 1.4.6;
Migration of ipsec-tools to NetBSD CVS part 2: resolving the import conflicts.
Since we previously had a release branch and we import here the HEAD of CVS,
let's assume all local changes are to be dumped. Local patches should have
been propagated upstream, anyway.

Merge ipsec-tools 0.6.3 import

Update to ipsec-tools 0.6.1

branches: 1.1.1;
Initial revision

Use strict prototypes, when they don't introduce more warnings than they fix.
Also localify a few functions.

Remove unused variables.

branches: 1.35.10;
Use RO_MSGFILTER.

branches: 1.34.6; 1.34.10;
don't warn for 80211 messages

branches: 1.33.2;
Merge riastradh-drm2 to HEAD.

add RTM_LOSING, RTM_REDIRECT

branches: 1.31.4;
Some logging improvements.

Fix source port selection

branches: 1.29.6;
Fix myaddr_getsport() to return -1 if no suitable address is found. This is
used in pfkey.c:pk_recvacquire() to check if IKE negotiation should be
started or not.

branches: 1.28.2; 1.28.6;
Explicitly compare return value of cmpsaddr() against a return value
define to make it more obvious what is the intended action. One more
return value is also added, to fix comparison of security policy
descriptors. Namely, getsp() should not allow wildcard matching (as the
comment says, it does exact matching) - otherwise we get problems when
kernel has generic policy with no ports, and a second similar policy with
ports.

Netlink deletion notification does not guarentee actual address deletion:
it might still exist on some other interface. Make sure we do not unbind
unless the address is really gone.

Change Linux Netlink address monitoring to monitor local route changes.
This works around a kernel bug, and slightly improves behaviour on some
special cases.

Introduce priorities for file descriptor polling mechanism and give
priority to admin port. If admin port is used by ISAKMP-SA hook scripts
they should be preferred, other wise heavy traffic can delay admin port
requests considerably. This in turn may cause renegotiation loop for
ISAKMP-SA. This is mostly useful for OpenNHRP setup, but can benefit
other setups too.

Fix address comparison so we actually close sockets which were bound to
IP-address that got deconfigured.

Get rid of the evil CMPSADDR macro. Trac #295.

Fix strict_address to work again. The lists needs to be initialized
before configuration is read, which happens before my_addr_init() call.

branches: 1.21.2;
Remove "fastquit" configure option and make it the default behaviour. The
previous normal behaviour is buggy, as after flush kernel can immediately
create larval SA:s which would prevent exit.

remove sin{6,}_len linux does not have it. From Timo Teras.

I was wrong. addr is actually set.

- make this compile by zeroing out the whole structure not just bogus fields.
- set length field of sockets appropriately.
- mark bogus no-op code (I don't understand what the author intended here).

rewrite local address detection
make some functions static that arr not needed globally
rework how fd_set is construction for the main loop select()

Fixed compilation on FreeBSD (RTM_IFINFO and RTM_OIFINFO stuff)

Ignore unspecified and looback addresses. Ignoring unspecified addresses
prevents racoon from trying to bind to the wildcard address and specific
addresses simultaneously after e.g. dhclient has changed an interface's
address to 0.0.0.0.

RTM_DELETE and RTM_IFINFO don't carry info for added or deleted addresses.
Ignore them silently.

Ignoring an unsuitable address is not an error. Therefore log it as
informational.
Make it clear from the log message that a route message is not interesting.

Use insmyaddr() instead of open coding it.

Keep myaddr.sock at -1 when no socket is opened.

branches: 1.10.2;
From Francis Dupont (sent by Arnaud Ebalard):
recognize RTM_IFANNOUNCE

From Arnaud Ebalard:
Fix indentation issues for readability

Set sockets to be closed on exec to avoid potential file descriptor inheritance issues. Submitted by Timo Teras.

Use utility functions to evaluate and manipulate network port values. No functional changes. Submitted by Timo Teras.

branches: 1.6.12;
fixed a socket leak

From Yves-Alexis Perez: enable monitoring of ipv6 address changes on Linux.

branches: 1.4.2; 1.4.6;
Migration of ipsec-tools to NetBSD CVS part 2: resolving the import conflicts.
Since we previously had a release branch and we import here the HEAD of CVS,
let's assume all local changes are to be dumped. Local patches should have
been propagated upstream, anyway.

Merge ipsec-tools 0.6.3 import

Update to ipsec-tools 0.6.1

branches: 1.1.1;
Initial revision

Use RO_MSGFILTER.

branches: 1.34.6; 1.34.10;
don't warn for 80211 messages

branches: 1.33.2;
Merge riastradh-drm2 to HEAD.

add RTM_LOSING, RTM_REDIRECT

branches: 1.31.4;
Some logging improvements.

Fix source port selection

branches: 1.29.6;
Fix myaddr_getsport() to return -1 if no suitable address is found. This is
used in pfkey.c:pk_recvacquire() to check if IKE negotiation should be
started or not.

branches: 1.28.2; 1.28.6;
Explicitly compare return value of cmpsaddr() against a return value
define to make it more obvious what is the intended action. One more
return value is also added, to fix comparison of security policy
descriptors. Namely, getsp() should not allow wildcard matching (as the
comment says, it does exact matching) - otherwise we get problems when
kernel has generic policy with no ports, and a second similar policy with
ports.

Netlink deletion notification does not guarentee actual address deletion:
it might still exist on some other interface. Make sure we do not unbind
unless the address is really gone.

Change Linux Netlink address monitoring to monitor local route changes.
This works around a kernel bug, and slightly improves behaviour on some
special cases.

Introduce priorities for file descriptor polling mechanism and give
priority to admin port. If admin port is used by ISAKMP-SA hook scripts
they should be preferred, other wise heavy traffic can delay admin port
requests considerably. This in turn may cause renegotiation loop for
ISAKMP-SA. This is mostly useful for OpenNHRP setup, but can benefit
other setups too.

Fix address comparison so we actually close sockets which were bound to
IP-address that got deconfigured.

Get rid of the evil CMPSADDR macro. Trac #295.

Fix strict_address to work again. The lists needs to be initialized
before configuration is read, which happens before my_addr_init() call.

branches: 1.21.2;
Remove "fastquit" configure option and make it the default behaviour. The
previous normal behaviour is buggy, as after flush kernel can immediately
create larval SA:s which would prevent exit.

remove sin{6,}_len linux does not have it. From Timo Teras.

I was wrong. addr is actually set.

- make this compile by zeroing out the whole structure not just bogus fields.
- set length field of sockets appropriately.
- mark bogus no-op code (I don't understand what the author intended here).

rewrite local address detection
make some functions static that arr not needed globally
rework how fd_set is construction for the main loop select()

Fixed compilation on FreeBSD (RTM_IFINFO and RTM_OIFINFO stuff)

Ignore unspecified and looback addresses. Ignoring unspecified addresses
prevents racoon from trying to bind to the wildcard address and specific
addresses simultaneously after e.g. dhclient has changed an interface's
address to 0.0.0.0.

RTM_DELETE and RTM_IFINFO don't carry info for added or deleted addresses.
Ignore them silently.

Ignoring an unsuitable address is not an error. Therefore log it as
informational.
Make it clear from the log message that a route message is not interesting.

Use insmyaddr() instead of open coding it.

Keep myaddr.sock at -1 when no socket is opened.

branches: 1.10.2;
From Francis Dupont (sent by Arnaud Ebalard):
recognize RTM_IFANNOUNCE

From Arnaud Ebalard:
Fix indentation issues for readability

Set sockets to be closed on exec to avoid potential file descriptor inheritance issues. Submitted by Timo Teras.

Use utility functions to evaluate and manipulate network port values. No functional changes. Submitted by Timo Teras.

branches: 1.6.12;
fixed a socket leak

From Yves-Alexis Perez: enable monitoring of ipv6 address changes on Linux.

branches: 1.4.2; 1.4.6;
Migration of ipsec-tools to NetBSD CVS part 2: resolving the import conflicts.
Since we previously had a release branch and we import here the HEAD of CVS,
let's assume all local changes are to be dumped. Local patches should have
been propagated upstream, anyway.

Merge ipsec-tools 0.6.3 import

Update to ipsec-tools 0.6.1

branches: 1.1.1;
Initial revision

don't warn for 80211 messages

branches: 1.33.2;
Merge riastradh-drm2 to HEAD.

add RTM_LOSING, RTM_REDIRECT

branches: 1.31.4;
Some logging improvements.

Fix source port selection

branches: 1.29.6;
Fix myaddr_getsport() to return -1 if no suitable address is found. This is
used in pfkey.c:pk_recvacquire() to check if IKE negotiation should be
started or not.

branches: 1.28.2; 1.28.6;
Explicitly compare return value of cmpsaddr() against a return value
define to make it more obvious what is the intended action. One more
return value is also added, to fix comparison of security policy
descriptors. Namely, getsp() should not allow wildcard matching (as the
comment says, it does exact matching) - otherwise we get problems when
kernel has generic policy with no ports, and a second similar policy with
ports.

Netlink deletion notification does not guarentee actual address deletion:
it might still exist on some other interface. Make sure we do not unbind
unless the address is really gone.

Change Linux Netlink address monitoring to monitor local route changes.
This works around a kernel bug, and slightly improves behaviour on some
special cases.

Introduce priorities for file descriptor polling mechanism and give
priority to admin port. If admin port is used by ISAKMP-SA hook scripts
they should be preferred, other wise heavy traffic can delay admin port
requests considerably. This in turn may cause renegotiation loop for
ISAKMP-SA. This is mostly useful for OpenNHRP setup, but can benefit
other setups too.

Fix address comparison so we actually close sockets which were bound to
IP-address that got deconfigured.

Get rid of the evil CMPSADDR macro. Trac #295.

Fix strict_address to work again. The lists needs to be initialized
before configuration is read, which happens before my_addr_init() call.

branches: 1.21.2;
Remove "fastquit" configure option and make it the default behaviour. The
previous normal behaviour is buggy, as after flush kernel can immediately
create larval SA:s which would prevent exit.

remove sin{6,}_len linux does not have it. From Timo Teras.

I was wrong. addr is actually set.

- make this compile by zeroing out the whole structure not just bogus fields.
- set length field of sockets appropriately.
- mark bogus no-op code (I don't understand what the author intended here).

rewrite local address detection
make some functions static that arr not needed globally
rework how fd_set is construction for the main loop select()

Fixed compilation on FreeBSD (RTM_IFINFO and RTM_OIFINFO stuff)

Ignore unspecified and looback addresses. Ignoring unspecified addresses
prevents racoon from trying to bind to the wildcard address and specific
addresses simultaneously after e.g. dhclient has changed an interface's
address to 0.0.0.0.

RTM_DELETE and RTM_IFINFO don't carry info for added or deleted addresses.
Ignore them silently.

Ignoring an unsuitable address is not an error. Therefore log it as
informational.
Make it clear from the log message that a route message is not interesting.

Use insmyaddr() instead of open coding it.

Keep myaddr.sock at -1 when no socket is opened.

branches: 1.10.2;
From Francis Dupont (sent by Arnaud Ebalard):
recognize RTM_IFANNOUNCE

From Arnaud Ebalard:
Fix indentation issues for readability

Set sockets to be closed on exec to avoid potential file descriptor inheritance issues. Submitted by Timo Teras.

Use utility functions to evaluate and manipulate network port values. No functional changes. Submitted by Timo Teras.

branches: 1.6.12;
fixed a socket leak

From Yves-Alexis Perez: enable monitoring of ipv6 address changes on Linux.

branches: 1.4.2; 1.4.6;
Migration of ipsec-tools to NetBSD CVS part 2: resolving the import conflicts.
Since we previously had a release branch and we import here the HEAD of CVS,
let's assume all local changes are to be dumped. Local patches should have
been propagated upstream, anyway.

Merge ipsec-tools 0.6.3 import

Update to ipsec-tools 0.6.1

branches: 1.1.1;
Initial revision

Migrate ipsec-tools CVS to cvs.netbsd.org

Update ipsec-tools to 0.6.1rc1
Most of the changes since 0.6b4 have already been committed to the NetBSD
tree. This upgrade fixes some IPcomp and NAT-T related problems that were
left unadressed in the NetBSD tree.

branches: 1.1.1.2.2;
Import ipsec-tools 0.6 branch as of 2005/02/23. News from last imported version
according to ipsec-tools' ChangeLog:

2005-02-23 Emmanuel Dreyfus <manu@netbsd.org>

* configure.ac, src/racoon/{Makefile.am|crypto_openssl.c}: optionnal
support for patented algorithms: IDEA and RC5.
* src/racoon/{isakmp_xauth.c|main.c}: don't initialize RADIUS if it
is not required in the configuration
* src/racoon/isakmp.c: do not reject addresses for which kernel
refused UDP encapsulation, they can still be used for non NAT-T
traffic (eg: NAT-T enabled racoon on non NAT-T enabled kernel)

2005-02-18 Emmanuel Dreyfus <manu@netbsd.org>

* src/racoon/{main.c|eaytest.c|plairsa-gen.c}
src/setkey/setkey.c: don't use fuzzy paths for package_version.h

2005-02-18 Yvan Vanhullebus <vanhu@free.fr>

* src/racoon/isakmp_inf.c: Purge generated SPDs when getting a
related DELETE_SA
* src/racoon/pfkey.c: do NOT unbindph12() when SA acquire

2005-02-17 Emmanuel Dreyfus <manu@netbsd.org>

From Fred Senault <fred.letter@lacave.net>
* src/racoon/remoteconf.c: Fix a bug in script init

2005-02-17 Yvan Vanhullebus <vanhu@free.fr>

* src/racoon/ipsec_doi.c: Workaround for phase1 lifetime checks

2005-02-15 Michal Ludvig <michal@logix.cz>

* configure.ac: Changed --enable-natt_NN to --enable-natt-versions=NN,NN

Import ipsec-tools (tag ipsec-tools-0_6-base in ipsec-tools CVS)
ipsec-tools is a fork from KAME racoon/libipsec/setkey, with many
enhancements.

Apply patch (requested by manu in ticket #981):
Update ipsec-tools to version 0.6.3.

Apply patch (requested by tron in ticket #741):
Update ipsec-tools to version 0.6.1.

Use utility functions to evaluate and manipulate network port values. No functional changes. Submitted by Timo Teras.

fixed a socket leak

From Yves-Alexis Perez: enable monitoring of ipv6 address changes on Linux.

Upgrade ipsec-tools to release 0.7.1 (requested by manu in ticket #1183).

branches: 1.4.2.2.2;
Pull up following revision(s) (requested by manu in ticket #830):

Import ipsec-tools 0.7

branches: 1.4.2.1.2;
Upgrade ipsec-tools to 0.7-beta3 (Requested by manu in ticket #634).

Upgrade ipsec-tools to release 0.7.1 (requested by manu in ticket #1183).

Sync with netbsd-4.

Sync w/ NetBSD-4-RC_1

Sync w/ -current. 34 merge conflicts to follow.

Apply patch (requested by manu/spz in #378):
Downgrade ipsec-tools to 0.7.1nb1.

Sync with HEAD.

Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html

sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")

sync with head

Some logging improvements.

Fix source port selection

Rebase to HEAD as of a few days ago.

resync from head

resync with head

sync with HEAD

Rebase.