Revision tags: pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906 pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521
|
#
1.30 |
|
19-May-2018 |
maxv |
Use strict prototypes, when they don't introduce more warnings than they fix. Also localify a few functions.
|
#
1.29 |
|
19-May-2018 |
maxv |
Remove unused variables.
|
Revision tags: netbsd-7-2-RELEASE netbsd-8-0-RELEASE netbsd-8-0-RC2 pgoyette-compat-0502 pgoyette-compat-0422 netbsd-8-0-RC1 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315 netbsd-7-1-2-RELEASE pgoyette-compat-base netbsd-7-1-1-RELEASE matt-nb8-mediatek-base perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1 pgoyette-localcount-20170320 netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 bouyer-socketcan-base pgoyette-localcount-20170107 netbsd-7-1-RC1 pgoyette-localcount-20161104 netbsd-7-0-2-RELEASE localcount-20160914 netbsd-7-nhusb-base pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 netbsd-6-0-6-RELEASE netbsd-6-1-5-RELEASE netbsd-7-base yamt-pagecache-base9 netbsd-6-1-4-RELEASE netbsd-6-0-5-RELEASE tls-earlyentropy-base riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3 netbsd-6-1-3-RELEASE netbsd-6-0-4-RELEASE netbsd-6-1-2-RELEASE netbsd-6-0-3-RELEASE netbsd-6-1-1-RELEASE riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 agc-symver-base netbsd-6-1-RC2 netbsd-6-1-RC1 yamt-pagecache-base8 netbsd-6-0-1-RELEASE yamt-pagecache-base7 matt-nb6-plus-nbase yamt-pagecache-base6 netbsd-6-0-RELEASE netbsd-6-0-RC2 tls-maxphys-base matt-nb6-plus-base netbsd-6-0-RC1 yamt-pagecache-base5 yamt-pagecache-base4 netbsd-6-base
|
#
1.28 |
|
01-Jan-2012 |
tteras |
branches: 1.28.40; From Wolfgang Schmieder <wolfgang@die-schmieders.de>: Fix various typos in comments and log messages. Fix default port used in copy_ph1addresses().
|
#
1.27 |
|
01-Jan-2012 |
tteras |
From Wolfgang Schmieder <wolfgang@die-schmieders.de>: Fix memory leaks from configuration reading code, and clean up error handling.
|
Revision tags: ipsec-tools-0_8_2 ipsec-tools-0_8_1 yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base cherry-xenmp-base ipsec-tools-0_8_0
|
#
1.26 |
|
14-Mar-2011 |
vanhu |
branches: 1.26.6; avoid some memory leaks / free memory access when reloading conf and have inherited config. patch from Roman Hoog Antink <rha@open.ch>
|
Revision tags: bouyer-quota2-nbase
|
#
1.25 |
|
02-Mar-2011 |
vanhu |
free rsa structures when deleting a struct rmconf. patch by Roman Hoog Antink <rha@open.ch>
|
#
1.24 |
|
02-Mar-2011 |
vanhu |
free spspec when deleting a rmconf struct. patch by Roman Hoog Antink <rha@open.ch>
|
#
1.23 |
|
02-Mar-2011 |
vanhu |
fixed some memory leaks in remoteconf. patch by Roman Hoog Antink <rha@open.ch>
|
Revision tags: bouyer-quota2-base
|
#
1.22 |
|
28-Jan-2011 |
tteras |
From Roman Hoog Antink <rha@open.ch>: Clean up rmconf reloading: rename the functions, and remove unneeded global variable.
|
Revision tags: matt-mips64-premerge-20101231
|
#
1.21 |
|
08-Sep-2010 |
vanhu |
branches: 1.21.2; fixed remoteconf selection when no ID specified in configuration, and added some debug to remoteconf selection
|
#
1.20 |
|
26-Aug-2010 |
vanhu |
fix by Sergio.Gelato (at) astro.su.se: duplicate some dynamic values in duprmconf()
|
#
1.19 |
|
22-Jun-2010 |
vanhu |
added a specific script hook when a dead peer is detected
|
Revision tags: matt-premerge-20091211
|
#
1.18 |
|
01-Sep-2009 |
tteras |
Change remote conf matching level to matching score. This way one can override anonymous certificate block config with more exact "inhereted" IP specific block.
|
#
1.17 |
|
19-Aug-2009 |
vanhu |
fixed address check in rmconf_match_type(), just check address with wildcard port
|
#
1.16 |
|
19-Aug-2009 |
tteras |
Have an enum for rmconf_match_type() return values to make the code a bit more readable.
|
#
1.15 |
|
03-Jul-2009 |
tteras |
Get rid of the evil CMPSADDR macro. Trac #295.
|
Revision tags: jym-xensuspend-nbase jym-xensuspend-base
|
#
1.14 |
|
12-Mar-2009 |
he |
When casting to/from a pointer to an integral type (a bad practice, if you ask me), you need to cast via intptr_t for portability.
|
#
1.13 |
|
12-Mar-2009 |
tteras |
Support multiple anonymous remotes and decide remoteconf based on identity, received certificates and other information. General code clean up.
|
Revision tags: netbsd-5-0-RC1 netbsd-5-base matt-mips64-base2
|
#
1.12 |
|
19-Sep-2008 |
tteras |
branches: 1.12.4; 1.12.6; Implement ISAKMP SA rekeying configurable with rekey {on|off|force} option in remote conf.
|
Revision tags: wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 wrstuden-revivesa-base-1 wrstuden-revivesa-base
|
#
1.11 |
|
18-Jun-2008 |
mgrooms |
Use utility functions to evaluate and manipulate network port values. No functional changes. Submitted by Timo Teras.
|
Revision tags: yamt-pf42-base4 yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-baseX yamt-pf42-base2 yamt-pf42-base keiichi-mipv6-base matt-armv6-nbase matt-armv6-prevmlocking cube-autoconf-base matt-armv6-base matt-mips64-base hpcarm-cleanup-base
|
#
1.10 |
|
18-Jul-2007 |
vanhu |
branches: 1.10.12; 1.10.14; use a single PATH_IPSEC_H to fix some path_to_ipsec.h issues
|
Revision tags: ipsec-tools-0_7-rc1 ipsec-tools-0_7-RC1 ipsec-tools-0_7-beta3 ipsec-tools-0_7-beta2 ipsec-tools-0_7-beta1 ipsec-tools-0_7-base
|
#
1.9 |
|
09-Dec-2006 |
manu |
branches: 1.9.4; From Joy Latten: Add support for SELinux security contexts. Also cleanup the libipsec interface for adding and updating security associations.
|
Revision tags: netbsd-4-base
|
#
1.8 |
|
18-Sep-2006 |
manu |
branches: 1.8.2; From Matthew Grooms: ike_frag force option to force the use of IKE on first packet exchange (prior to peer consent)
|
#
1.7 |
|
09-Sep-2006 |
manu |
Migration of ipsec-tools to NetBSD CVS part 2: resolving the import conflicts. Since we previously had a release branch and we import here the HEAD of CVS, let's assume all local changes are to be dumped. Local patches should have been propagated upstream, anyway.
|
Revision tags: abandoned-netbsd-4-base
|
#
1.6 |
|
21-Nov-2005 |
manu |
Merge ipsec-tools 0.6.3 import
|
#
1.5 |
|
20-Aug-2005 |
manu |
Update to ipsec-tools 0.6.1
|
#
1.4 |
|
07-Aug-2005 |
manu |
Resolve conflicts caused by recent ipsec-tools-0.6.1rc1 import by prefering the newer software. Some useful local change might have been overwritten, we'll take care of this soon.
|
#
1.3 |
|
20-May-2005 |
manu |
When altering the lifetime, don't modify to configured proposal, duplicate it instead.
|
#
1.2 |
|
08-May-2005 |
manu |
More NAT-T fixes for the situation where racoon acts as a VPN client Flush SA and generated SP on DPD timeout and deletion payloads
|
#
1.1 |
|
12-Feb-2005 |
manu |
branches: 1.1.1; Initial revision
|
#
1.28 |
|
01-Jan-2012 |
tteras |
From Wolfgang Schmieder <wolfgang@die-schmieders.de>: Fix various typos in comments and log messages. Fix default port used in copy_ph1addresses().
|
#
1.27 |
|
01-Jan-2012 |
tteras |
From Wolfgang Schmieder <wolfgang@die-schmieders.de>: Fix memory leaks from configuration reading code, and clean up error handling.
|
#
1.26 |
|
14-Mar-2011 |
vanhu |
branches: 1.26.6; avoid some memory leaks / free memory access when reloading conf and have inherited config. patch from Roman Hoog Antink <rha@open.ch>
|
#
1.25 |
|
02-Mar-2011 |
vanhu |
free rsa structures when deleting a struct rmconf. patch by Roman Hoog Antink <rha@open.ch>
|
#
1.24 |
|
02-Mar-2011 |
vanhu |
free spspec when deleting a rmconf struct. patch by Roman Hoog Antink <rha@open.ch>
|
#
1.23 |
|
02-Mar-2011 |
vanhu |
fixed some memory leaks in remoteconf. patch by Roman Hoog Antink <rha@open.ch>
|
#
1.22 |
|
28-Jan-2011 |
tteras |
From Roman Hoog Antink <rha@open.ch>: Clean up rmconf reloading: rename the functions, and remove unneeded global variable.
|
#
1.21 |
|
08-Sep-2010 |
vanhu |
branches: 1.21.2; fixed remoteconf selection when no ID specified in configuration, and added some debug to remoteconf selection
|
#
1.20 |
|
26-Aug-2010 |
vanhu |
fix by Sergio.Gelato (at) astro.su.se: duplicate some dynamic values in duprmconf()
|
#
1.19 |
|
22-Jun-2010 |
vanhu |
added a specific script hook when a dead peer is detected
|
#
1.18 |
|
01-Sep-2009 |
tteras |
Change remote conf matching level to matching score. This way one can override anonymous certificate block config with more exact "inhereted" IP specific block.
|
#
1.17 |
|
19-Aug-2009 |
vanhu |
fixed address check in rmconf_match_type(), just check address with wildcard port
|
#
1.16 |
|
19-Aug-2009 |
tteras |
Have an enum for rmconf_match_type() return values to make the code a bit more readable.
|
#
1.15 |
|
03-Jul-2009 |
tteras |
Get rid of the evil CMPSADDR macro. Trac #295.
|
#
1.14 |
|
12-Mar-2009 |
he |
When casting to/from a pointer to an integral type (a bad practice, if you ask me), you need to cast via intptr_t for portability.
|
#
1.13 |
|
12-Mar-2009 |
tteras |
Support multiple anonymous remotes and decide remoteconf based on identity, received certificates and other information. General code clean up.
|
#
1.12 |
|
19-Sep-2008 |
tteras |
branches: 1.12.4; 1.12.6; Implement ISAKMP SA rekeying configurable with rekey {on|off|force} option in remote conf.
|
#
1.11 |
|
18-Jun-2008 |
mgrooms |
Use utility functions to evaluate and manipulate network port values. No functional changes. Submitted by Timo Teras.
|
#
1.10 |
|
18-Jul-2007 |
vanhu |
branches: 1.10.12; 1.10.14; use a single PATH_IPSEC_H to fix some path_to_ipsec.h issues
|
#
1.9 |
|
08-Dec-2006 |
manu |
branches: 1.9.4; From Joy Latten: Add support for SELinux security contexts. Also cleanup the libipsec interface for adding and updating security associations.
|
#
1.8 |
|
18-Sep-2006 |
manu |
branches: 1.8.2; From Matthew Grooms: ike_frag force option to force the use of IKE on first packet exchange (prior to peer consent)
|
#
1.7 |
|
08-Sep-2006 |
manu |
Migration of ipsec-tools to NetBSD CVS part 2: resolving the import conflicts. Since we previously had a release branch and we import here the HEAD of CVS, let's assume all local changes are to be dumped. Local patches should have been propagated upstream, anyway.
|
#
1.6 |
|
21-Nov-2005 |
manu |
Merge ipsec-tools 0.6.3 import
|
#
1.5 |
|
19-Aug-2005 |
manu |
Update to ipsec-tools 0.6.1
|
#
1.4 |
|
07-Aug-2005 |
manu |
Resolve conflicts caused by recent ipsec-tools-0.6.1rc1 import by prefering the newer software. Some useful local change might have been overwritten, we'll take care of this soon.
|
#
1.3 |
|
19-May-2005 |
manu |
When altering the lifetime, don't modify to configured proposal, duplicate it instead.
|
#
1.2 |
|
08-May-2005 |
manu |
More NAT-T fixes for the situation where racoon acts as a VPN client Flush SA and generated SP on DPD timeout and deletion payloads
|
#
1.1 |
|
12-Feb-2005 |
manu |
branches: 1.1.1; Initial revision
|
#
1.1.1.6 |
|
08-Sep-2006 |
manu |
Migrate ipsec-tools CVS to cvs.netbsd.org
|
#
1.1.1.5 |
|
21-Nov-2005 |
manu |
Import IPsec-tools 0.6.3. This fixes several bugs, including bugs that caused DoS.
|
#
1.1.1.4 |
|
07-Aug-2005 |
manu |
Update ipsec-tools to 0.6.1rc1 Most of the changes since 0.6b4 have already been committed to the NetBSD tree. This upgrade fixes some IPcomp and NAT-T related problems that were left unadressed in the NetBSD tree.
|
#
1.1.1.3 |
|
16-Mar-2005 |
manu |
branches: 1.1.1.3.2; Updated ipsec-tools:
2005-03-16 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/{cftoken.l|localconf.h|privsep.c|racoon.conf.5} src/racoon/remoteconf.c: When running in privsep mode, check that private key and script paths match those given in the path section.
2005-03-15 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/{isakmp_cfg|isakmp_cfg.h|isakmp_xauth.c}: initialize RADIUS accounting at startup * src/racoon/privsep.c: fix minor bug in PAM cleanup * src/racoon/isakmp_cfg.c: only call cleanup_pam if PAM is used
2005-03-14 Emmanuel Dreyfus <manu@netbsd.org>
* configure.ac: handle correctly dynamic libradius * src/racoon/cfparse.y: correctly initialize address pool
|
#
1.1.1.2 |
|
23-Feb-2005 |
manu |
Import ipsec-tools 0.6 branch as of 2005/02/23. News from last imported version according to ipsec-tools' ChangeLog:
2005-02-23 Emmanuel Dreyfus <manu@netbsd.org>
* configure.ac, src/racoon/{Makefile.am|crypto_openssl.c}: optionnal support for patented algorithms: IDEA and RC5. * src/racoon/{isakmp_xauth.c|main.c}: don't initialize RADIUS if it is not required in the configuration * src/racoon/isakmp.c: do not reject addresses for which kernel refused UDP encapsulation, they can still be used for non NAT-T traffic (eg: NAT-T enabled racoon on non NAT-T enabled kernel)
2005-02-18 Emmanuel Dreyfus <manu@netbsd.org>
* src/racoon/{main.c|eaytest.c|plairsa-gen.c} src/setkey/setkey.c: don't use fuzzy paths for package_version.h
2005-02-18 Yvan Vanhullebus <vanhu@free.fr>
* src/racoon/isakmp_inf.c: Purge generated SPDs when getting a related DELETE_SA * src/racoon/pfkey.c: do NOT unbindph12() when SA acquire
2005-02-17 Emmanuel Dreyfus <manu@netbsd.org>
From Fred Senault <fred.letter@lacave.net> * src/racoon/remoteconf.c: Fix a bug in script init
2005-02-17 Yvan Vanhullebus <vanhu@free.fr>
* src/racoon/ipsec_doi.c: Workaround for phase1 lifetime checks
2005-02-15 Michal Ludvig <michal@logix.cz>
* configure.ac: Changed --enable-natt_NN to --enable-natt-versions=NN,NN
|
#
1.1.1.1 |
|
12-Feb-2005 |
manu |
Import ipsec-tools (tag ipsec-tools-0_6-base in ipsec-tools CVS) ipsec-tools is a fork from KAME racoon/libipsec/setkey, with many enhancements.
|
#
1.1.1.3.2.4 |
|
21-Nov-2005 |
tron |
Apply patch (requested by manu in ticket #981): Update ipsec-tools to version 0.6.3.
|
#
1.1.1.3.2.3 |
|
03-Sep-2005 |
snj |
Apply patch (requested by tron in ticket #741): Update ipsec-tools to version 0.6.1.
|
#
1.1.1.3.2.2 |
|
28-May-2005 |
tron |
Pull up revision 1.3 (requested by manu in ticket #337): When altering the lifetime, don't modify to configured proposal, duplicate it instead.
|
#
1.1.1.3.2.1 |
|
11-May-2005 |
tron |
Pull up revision 1.2 (requested by manu in ticket #277): More NAT-T fixes for the situation where racoon acts as a VPN client Flush SA and generated SP on DPD timeout and deletion payloads
|
#
1.8.2.3 |
|
18-Aug-2008 |
jdc |
Upgrade ipsec-tools to release 0.7.1 (requested by manu in ticket #1183).
|
#
1.8.2.2 |
|
28-Aug-2007 |
liamjfoy |
branches: 1.8.2.2.2; Pull up following revision(s) (requested by manu in ticket #830):
Import ipsec-tools 0.7
|
#
1.8.2.1 |
|
13-May-2007 |
jdc |
branches: 1.8.2.1.2; Upgrade ipsec-tools to 0.7-beta3 (Requested by manu in ticket #634).
|
#
1.8.2.2.2.1 |
|
18-Aug-2008 |
jdc |
Upgrade ipsec-tools to release 0.7.1 (requested by manu in ticket #1183).
|
#
1.8.2.1.2.2 |
|
04-Sep-2008 |
skrll |
Sync with netbsd-4.
|
#
1.8.2.1.2.1 |
|
03-Sep-2007 |
wrstuden |
Sync w/ NetBSD-4-RC_1
|
#
1.9.4.2 |
|
18-Jun-2008 |
mgrooms |
Use utility functions to evaluate and manipulate network port values. No functional changes. Submitted by Timo Teras.
|
#
1.9.4.1 |
|
01-Aug-2007 |
vanhu |
use a single PATH_IPSEC_H to fix some path_to_ipsec.h issues
|
#
1.10.14.2 |
|
18-Jul-2007 |
vanhu |
use a single PATH_IPSEC_H to fix some path_to_ipsec.h issues
|
#
1.10.14.1 |
|
18-Jul-2007 |
vanhu |
file remoteconf.c was added on branch matt-mips64 on 2007-07-18 12:07:53 +0000
|
#
1.10.12.1 |
|
22-Jun-2008 |
wrstuden |
Sync w/ -current. 34 merge conflicts to follow.
|
#
1.12.6.1 |
|
13-May-2009 |
jym |
Sync with HEAD.
Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
|
#
1.12.4.1 |
|
08-Feb-2009 |
snj |
Apply patch (requested by manu/spz in #378): Downgrade ipsec-tools to 0.7.1nb1.
|
#
1.21.2.2 |
|
05-Mar-2011 |
bouyer |
Sync with HEAD
|
#
1.21.2.1 |
|
08-Feb-2011 |
bouyer |
Sync with HEAD
|
#
1.26.6.1 |
|
16-Apr-2012 |
yamt |
sync with head
|