| History log of /src/lib/libipsec |
| Revision | Date | Author | Comments |
| 1.19 | 09-Mar-2025 |
christos | later is now.
|
| 1.18 | 04-Jan-2012 |
drochner | branches: 1.18.52;
-consistently use "char *" for the compiled policy buffer in the
ipsec_*_policy() functions, as it was documented and used by clients
-remove "ipsec_policy_t" which was undocumented and only present
in the KAME version of the ipsec.h header
-misc cleanup of historical artefacts, and to remove unnecessary
differences between KAME ans FAST_IPSEC
|
| 1.17 | 28-May-2007 |
tls | branches: 1.17.34;
Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the
FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry. RedHat has
evidently built all "core system packages" with this option for some time.
This option should be used at the top of Makefiles (or Makefile.inc where
this is used for subdirectories) but after any setting of LIB.
This is only useful for userland code, and cannot be used in libc or in
any code which includes the libc internals, because it overrides certain
libc functions with macros. Some effort has been made to make USE_FORT=yes
work correctly for a full-system build by having the bsd.sys.mk logic
disable the feature where it should not be used (libc, libssp iteself,
the kernel) but no attempt has been made to build the entire system with
USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.
Adjust the system build so that all programs and libraries that are setuid,
directly handle network data (including serial comm data), perform
authentication, or appear likely to have (or have a history of having)
data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
with the exception of libc, which cannot use USE_FORT and thus uses
only USE_SSP by default. Tested on i386 with no ill results; USE_FORT=no
per-directory or in a system build will disable if desired.
|
| 1.16 | 16-Dec-2005 |
jmc | Redo previous rework to generate yacc/lex output again and remove generated
copies from the import as they don't compile clean across all archs.
|
| 1.15 | 15-Dec-2005 |
jmc | Don't yacc/lex here as dist includes generated copies already and depending
on timestamps it's possible for gcc2 on vax to get confused on which .h
to use.
|
| 1.14 | 28-Jun-2005 |
christos | Ignore lint argument promotion warnings (for now).
|
| 1.13 | 24-Feb-2005 |
manu | branches: 1.13.2;
Define SADB_X_EALG_AESCBC=SADB_X_EALG_AES, as we define SADB_X_EALG_AES
in <net/pfkeyv2.h> while ipsec-tools uses SADB_X_EALG_AESCBC in the code.
|
| 1.12 | 19-Feb-2005 |
thorpej | Enable building the lint library.
|
| 1.11 | 19-Feb-2005 |
thorpej | Additional cleanup pass.
|
| 1.10 | 19-Feb-2005 |
thorpej | Switch to ipsec-tools for libipsec, setkey, and racoon. From
Emmanuel Dreyfus, with some small changes by me.
|
| 1.9 | 10-Jan-2005 |
lukem | Only compile in IPv6 support if ${USE_INET6} != "no"
MKINET6 is for providing IPv6 infrastructure.
USE_INET6 is for compiling IPv6 support into the programs (needs MKINET6).
|
| 1.8 | 19-Aug-2002 |
lukem | Explicitly move setting of NOxxx and USE_SHLIBDIR to the top of the
Makefile (before including <bsd.own.mk>)
|
| 1.7 | 19-Aug-2002 |
lukem | Use ${NETBSDSRCDIR}/some/path instead of ${.CURDIR}/../../some/path (etc).
(Reduces make output by ~ 20%)
|
| 1.6 | 28-Dec-2001 |
lukem | * Add user-controlled mk.conf variables
- SHLIBDIR Location to install shared libraries if ${USE_SHLIBDIR}
is "yes". Defaults to "/usr/lib".
- USE_SHLIBDIR If "yes", install shared libraries in ${SHLIBDIR}
instead of ${LIBDIR}. Defaults to "no".
Sets ${_LIBSODIR} to the appropriate value.
This may be set by individual Makefiles as well.
- SHLINKDIR Location of shared linker. Defaults to "/usr/libexec".
If != "/usr/libexec", change the dynamic-linker
encoded in shared programs
* Set USE_SHLIBDIR for libraries used by /bin and /sbin:
libc libcrypt libcrypto libedit libipsec libkvm libm libmi387
libtermcap libutil libz
* If ${_LIBSODIR} != ${LIBDIR}, add symlinks from ${LIBDIR}/${LIB}.so*
to ${_LIBSODIR}/${LIB}.so* for compatibility.
* Always install /sbin/init statically (for now)
The net effect of these changes depends on how the variables are set:
1.) If nothing is set or changed, there is no change from the
current behaviour:
- Static /bin, /sbin, and bits of /usr/*
- Dynamic rest
- Shared linker is /usr/libexec/ld*so
2.) If the following make variables are set:
LDSTATIC=
SHLINKDIR=/lib
SHLIBDIR=/lib
Then the behaviour becomes:
- Dynamic tools
- .so libraries used by /bin and /sbin are installed to /lib,
with symlinks from /usr/lib/lib*so to -> /lib/lib*so
where appropriate
- Shared linker is /lib/ld*so
3.) As per 2.), but add the following variable:
USE_SHLIBDIR=yes
This forces all .so's to be instaleld in /lib (with compat
symlinks), not just those tagged by their Makefiles to be.
Again, compat symlinks are installed
|
| 1.5 | 09-May-2000 |
thorpej | Need -I${.CURDIR} for ipsec_strerror.h
|
| 1.4 | 13-Mar-2000 |
itojun | hide shouldn't-be-exported symbols from the outside.
don't compile pfkey*, since we expect tons of changes in the near future.
bump shlib major (due to less exported APIs than before - am I correct here?).
|
| 1.3 | 31-Jan-2000 |
itojun | upgrade libipsec to the latest.
- parser now uses yacc/lex (there'll be no symbol conflict).
- outbound policy and inbound policy is now separate
- policy specification for tunnel SA is improved
- api changed, bump shlib major
XXX some of programs will become not buildable - will commit shortly
|
| 1.2 | 03-Jul-1999 |
itojun | s/CFLAGS/CPPFLAGS/ for -D and -I.
remove lint error.
|
| 1.1 | 01-Jul-1999 |
itojun | ipsec support library.
mainly for debugging, and policy text->binary conversion. NO crypto code
is included so it is export safe.
|
| 1.13.2.2 | 21-Nov-2005 |
tron | Apply patch (requested by manu in ticket #981):
Update ipsec-tools to version 0.6.3.
|
| 1.13.2.1 | 03-Sep-2005 |
snj | Apply patch (requested by tron in ticket #741):
Update ipsec-tools to version 0.6.1.
|
| 1.17.34.1 | 17-Apr-2012 |
yamt | sync with head
|
| 1.18.52.1 | 02-Aug-2025 |
perseant | Sync with HEAD
|
| 1.1 | 03-Apr-2013 |
agc | branches: 1.1.2;
file Version.map was initially added on branch agc-symver.
|
| 1.1.2.1 | 03-Apr-2013 |
agc | Add symbol versioning information for the following libraries:
libbluetooth
libbsdmalloc
libexecinfo
libform
libintl
libipsec
libkvm
liblwres
libnpf
libp2k
libpci
libperfuse
libppath
libprop
libpuffs
librefuse
librpcsvc
librt
librumpclient
librumphijack
librumpuser
libukfs
libusbhid
libwrap
|
| 1.10 | 24-Oct-2019 |
kamil | Switch the iconv(3) prototype to the POSIX conformant variation
Remove const from the 2nd argument.
const char ** and char ** are incompatible types and it was a cost to keep
the technically incompatible form for a more purist variation. NetBSD was
almost the last alive OS to still keep the const argument (known leftovers:
Minix and Illumos).
Keep the const form for the internal purposes inside citrus and rump.
Address the build breakage fallout in the same change.
There are no ABI changes.
Change accepted by core@.
|
| 1.9 | 06-Sep-2018 |
maxv | Remove dead references to netinet6/ipsec.h.
|
| 1.8 | 31-May-2018 |
maxv | branches: 1.8.2;
Disable draft_00 in racoon, discussed on tech-net@ and now in PR/53334.
While here clarify the comments, no #undef.
No need to increase the library version I guess, since draft_00 is not
used in libipsec.
|
| 1.7 | 04-Jan-2012 |
drochner | branches: 1.7.38;
include <netipsec/ipsec.h> rather than <netinet6/ipsec.h> from userland
where possible, for consistency and compatibility to FreeBSD
(exception: KAME specific statistics gathering in netstat(1) and systat(1))
|
| 1.6 | 04-Jan-2012 |
drochner | -consistently use "char *" for the compiled policy buffer in the
ipsec_*_policy() functions, as it was documented and used by clients
-remove "ipsec_policy_t" which was undocumented and only present
in the KAME version of the ipsec.h header
-misc cleanup of historical artefacts, and to remove unnecessary
differences between KAME ans FAST_IPSEC
|
| 1.5 | 18-Jul-2007 |
drochner | branches: 1.5.16; 1.5.34;
stopgap fix: define PATH_IPSEC_H to make it build again
(added manually because there is no template in the distribution anymore)
|
| 1.4 | 09-Sep-2006 |
manu | branches: 1.4.2;
Fix ipsec-tools build after recent import
|
| 1.3 | 21-Nov-2005 |
manu | Merge ipsec-tools 0.6.3 import
|
| 1.2 | 07-Aug-2005 |
manu | Update config.h and package_version.h to match the upcoming import
of ipsec-tools 0.6.1rc1
|
| 1.1 | 19-Feb-2005 |
thorpej | branches: 1.1.2;
Switch to ipsec-tools for libipsec, setkey, and racoon. From
Emmanuel Dreyfus, with some small changes by me.
|
| 1.1.2.2 | 21-Nov-2005 |
tron | Apply patch (requested by manu in ticket #981):
Update ipsec-tools to version 0.6.3.
|
| 1.1.2.1 | 03-Sep-2005 |
snj | Apply patch (requested by tron in ticket #741):
Update ipsec-tools to version 0.6.1.
|
| 1.4.2.2 | 28-Aug-2007 |
liamjfoy | Pull up following revision(s) (requested by manu in ticket #830):
Import ipsec-tools 0.7
|
| 1.4.2.1 | 13-May-2007 |
jdc | branches: 1.4.2.1.2;
Upgrade ipsec-tools to 0.7-beta3 (Requested by manu in ticket #634).
|
| 1.4.2.1.2.1 | 03-Sep-2007 |
wrstuden | Sync w/ NetBSD-4-RC_1
|
| 1.5.34.1 | 17-Apr-2012 |
yamt | sync with head
|
| 1.5.16.2 | 18-Jul-2007 |
drochner | stopgap fix: define PATH_IPSEC_H to make it build again
(added manually because there is no template in the distribution anymore)
|
| 1.5.16.1 | 18-Jul-2007 |
drochner | file config.h was added on branch matt-mips64 on 2007-07-18 17:00:05 +0000
|
| 1.7.38.2 | 30-Sep-2018 |
pgoyette | Ssync with HEAD
|
| 1.7.38.1 | 25-Jun-2018 |
pgoyette | Sync with HEAD
|
| 1.8.2.2 | 13-Apr-2020 |
martin | Mostly merge changes from HEAD upto 20200411
|
| 1.8.2.1 | 10-Jun-2019 |
christos | Sync with HEAD
|
| 1.1 | 21-Nov-2024 |
riastradh | branches: 1.1.4;
libipsec: Add expected symbols list.
PR lib/58838: shared libraries in base should all have expsym lists
|
| 1.1.4.2 | 02-Aug-2025 |
perseant | Sync with HEAD
|
| 1.1.4.1 | 21-Nov-2024 |
perseant | file ipsec.expsym was added on branch perseant-exfatfs on 2025-08-02 05:54:49 +0000
|
| 1.7 | 19-Feb-2005 |
thorpej | Switch to ipsec-tools for libipsec, setkey, and racoon. From
Emmanuel Dreyfus, with some small changes by me.
|
| 1.6 | 16-Nov-2004 |
itojun | NI_WITHSCOPEID was not picked up by IETF standardization process
|
| 1.5 | 09-Mar-2003 |
lukem | use __RCSID()
|
| 1.4 | 27-Jun-2002 |
itojun | correct %d/%u mismatch. sync w/kame
|
| 1.3 | 12-Jun-2000 |
itojun | sync with almost-latest KAME IPsec. full changelog would be too big
to mention here. notable changes are like below.
kernel:
- make PF_KEY kernel interface more robust against broken input stream.
it includes complete internal structure change in sys/netkey/key.c.
- remove non-RFC compliant change in PF_KEY API, in particular,
in struct sadb_msg. we cannot just change these standard structs.
sadb_x_sa2 is introduced instead.
- remove prototypes for pfkey_xx functions from /usr/include/net/pfkeyv2.h.
these functions are not supplied in /usr/lib.
setkey(8):
- get/delete does not require "-m mode" (ignored with warning, if you
specify it)
- spddelete takes direction specification
|
| 1.2 | 13-Mar-2000 |
itojun | branches: 1.2.2;
hide shouldn't-be-exported symbols from the outside.
don't compile pfkey*, since we expect tons of changes in the near future.
bump shlib major (due to less exported APIs than before - am I correct here?).
|
| 1.1 | 01-Feb-2000 |
itojun | sorry, forgot to cvs add new files
|
| 1.2.2.1 | 23-Jun-2000 |
minoura | Sync w/ netbsd-1-5-base.
|
| 1.5 | 19-Feb-2005 |
thorpej | Switch to ipsec-tools for libipsec, setkey, and racoon. From
Emmanuel Dreyfus, with some small changes by me.
|
| 1.4 | 09-Mar-2003 |
lukem | use __RCSID()
|
| 1.3 | 12-Jun-2000 |
itojun | sync with almost-latest KAME IPsec. full changelog would be too big
to mention here. notable changes are like below.
kernel:
- make PF_KEY kernel interface more robust against broken input stream.
it includes complete internal structure change in sys/netkey/key.c.
- remove non-RFC compliant change in PF_KEY API, in particular,
in struct sadb_msg. we cannot just change these standard structs.
sadb_x_sa2 is introduced instead.
- remove prototypes for pfkey_xx functions from /usr/include/net/pfkeyv2.h.
these functions are not supplied in /usr/lib.
setkey(8):
- get/delete does not require "-m mode" (ignored with warning, if you
specify it)
- spddelete takes direction specification
|
| 1.2 | 08-Feb-2000 |
itojun | branches: 1.2.2;
use proper include path (net/pfkeyv2.h)
|
| 1.1 | 01-Feb-2000 |
itojun | sorry, forgot to cvs add new files
|
| 1.2.2.1 | 23-Jun-2000 |
minoura | Sync w/ netbsd-1-5-base.
|
| 1.4 | 31-Jan-2000 |
itojun | upgrade libipsec to the latest.
- parser now uses yacc/lex (there'll be no symbol conflict).
- outbound policy and inbound policy is now separate
- policy specification for tunnel SA is improved
- api changed, bump shlib major
XXX some of programs will become not buildable - will commit shortly
|
| 1.3 | 04-Jul-1999 |
itojun | add NetBSD RCS ID on the top.
retain KAME RCS ID where there was one.
|
| 1.2 | 02-Jul-1999 |
simonb | More trailing white space.
|
| 1.1 | 01-Jul-1999 |
itojun | ipsec support library.
mainly for debugging, and policy text->binary conversion. NO crypto code
is included so it is export safe.
|
| 1.14 | 19-Feb-2005 |
thorpej | Switch to ipsec-tools for libipsec, setkey, and racoon. From
Emmanuel Dreyfus, with some small changes by me.
|
| 1.13 | 16-Apr-2003 |
wiz | Use
.In header.h
instead of
.Fd #include \*[Lt]header.h\*[Gt]
Much easier to read and write, and supported by groff for ages.
Okayed by ross.
|
| 1.12 | 14-May-2002 |
itojun | typo
|
| 1.11 | 07-Feb-2002 |
ross | Generate <>& symbolically.
|
| 1.10 | 15-Jan-2002 |
wiz | Whitespace nits.
|
| 1.9 | 31-Aug-2001 |
itojun | sync manpage with latest kame.
|
| 1.8 | 06-Apr-2001 |
itojun | description for "discard" was missing. sync with kame
|
| 1.7 | 12-Jun-2000 |
itojun | sync with almost-latest KAME IPsec. full changelog would be too big
to mention here. notable changes are like below.
kernel:
- make PF_KEY kernel interface more robust against broken input stream.
it includes complete internal structure change in sys/netkey/key.c.
- remove non-RFC compliant change in PF_KEY API, in particular,
in struct sadb_msg. we cannot just change these standard structs.
sadb_x_sa2 is introduced instead.
- remove prototypes for pfkey_xx functions from /usr/include/net/pfkeyv2.h.
these functions are not supplied in /usr/lib.
setkey(8):
- get/delete does not require "-m mode" (ignored with warning, if you
specify it)
- spddelete takes direction specification
|
| 1.6 | 31-Jan-2000 |
itojun | branches: 1.6.2;
upgrade libipsec to the latest.
- parser now uses yacc/lex (there'll be no symbol conflict).
- outbound policy and inbound policy is now separate
- policy specification for tunnel SA is improved
- api changed, bump shlib major
XXX some of programs will become not buildable - will commit shortly
|
| 1.5 | 21-Dec-1999 |
itojun | s/.Os KAME/.Os/
From: Klaus Klein <kleink@ira.uka.de>
|
| 1.4 | 04-Jul-1999 |
itojun | branches: 1.4.4;
add NetBSD RCS ID on the top.
retain KAME RCS ID where there was one.
|
| 1.3 | 04-Jul-1999 |
itojun | add LIBRARY section into libipsec manpages.
add ".Lb libipsec" for this.
|
| 1.2 | 02-Jul-1999 |
simonb | More trailing white space.
|
| 1.1 | 01-Jul-1999 |
itojun | ipsec support library.
mainly for debugging, and policy text->binary conversion. NO crypto code
is included so it is export safe.
|
| 1.4.4.1 | 27-Dec-1999 |
wrstuden | Pull up to last week's -current.
|
| 1.6.2.1 | 23-Jun-2000 |
minoura | Sync w/ netbsd-1-5-base.
|
| 1.12 | 19-Feb-2005 |
thorpej | Switch to ipsec-tools for libipsec, setkey, and racoon. From
Emmanuel Dreyfus, with some small changes by me.
|
| 1.11 | 16-Apr-2003 |
wiz | Use
.In header.h
instead of
.Fd #include \*[Lt]header.h\*[Gt]
Much easier to read and write, and supported by groff for ages.
Okayed by ross.
|
| 1.10 | 07-Feb-2002 |
ross | Generate <>& symbolically.
|
| 1.9 | 31-Aug-2001 |
itojun | sync manpage with latest kame.
|
| 1.8 | 30-Jul-2000 |
itojun | make ipsec_strerror(3) to return const char *, not char *. sync with kame.
|
| 1.7 | 12-Jun-2000 |
itojun | branches: 1.7.2;
sync with almost-latest KAME IPsec. full changelog would be too big
to mention here. notable changes are like below.
kernel:
- make PF_KEY kernel interface more robust against broken input stream.
it includes complete internal structure change in sys/netkey/key.c.
- remove non-RFC compliant change in PF_KEY API, in particular,
in struct sadb_msg. we cannot just change these standard structs.
sadb_x_sa2 is introduced instead.
- remove prototypes for pfkey_xx functions from /usr/include/net/pfkeyv2.h.
these functions are not supplied in /usr/lib.
setkey(8):
- get/delete does not require "-m mode" (ignored with warning, if you
specify it)
- spddelete takes direction specification
|
| 1.6 | 31-Jan-2000 |
itojun | branches: 1.6.2;
upgrade libipsec to the latest.
- parser now uses yacc/lex (there'll be no symbol conflict).
- outbound policy and inbound policy is now separate
- policy specification for tunnel SA is improved
- api changed, bump shlib major
XXX some of programs will become not buildable - will commit shortly
|
| 1.5 | 21-Dec-1999 |
itojun | s/.Os KAME/.Os/
From: Klaus Klein <kleink@ira.uka.de>
|
| 1.4 | 04-Jul-1999 |
itojun | branches: 1.4.4;
add NetBSD RCS ID on the top.
retain KAME RCS ID where there was one.
|
| 1.3 | 04-Jul-1999 |
itojun | add LIBRARY section into libipsec manpages.
add ".Lb libipsec" for this.
|
| 1.2 | 02-Jul-1999 |
simonb | More trailing white space.
|
| 1.1 | 01-Jul-1999 |
itojun | ipsec support library.
mainly for debugging, and policy text->binary conversion. NO crypto code
is included so it is export safe.
|
| 1.4.4.1 | 27-Dec-1999 |
wrstuden | Pull up to last week's -current.
|
| 1.6.2.1 | 23-Jun-2000 |
minoura | Sync w/ netbsd-1-5-base.
|
| 1.7.2.1 | 30-Jul-2000 |
itojun | pullup (approved by releng-1-5)
> make ipsec_strerror(3) to return const char *, not char *. sync with kame.
1.7 -> 1.8 basesrc/lib/libipsec/ipsec_strerror.3
1.6 -> 1.7 basesrc/lib/libipsec/ipsec_strerror.c
1.6 -> 1.7 basesrc/lib/libipsec/ipsec_strerror.h
1.14 -> 1.15 syssrc/sys/netinet6/ipsec.h
|
| 1.9 | 19-Feb-2005 |
thorpej | Switch to ipsec-tools for libipsec, setkey, and racoon. From
Emmanuel Dreyfus, with some small changes by me.
|
| 1.8 | 09-Mar-2003 |
lukem | use __RCSID()
|
| 1.7 | 30-Jul-2000 |
itojun | make ipsec_strerror(3) to return const char *, not char *. sync with kame.
|
| 1.6 | 12-Jun-2000 |
itojun | branches: 1.6.2;
sync with almost-latest KAME IPsec. full changelog would be too big
to mention here. notable changes are like below.
kernel:
- make PF_KEY kernel interface more robust against broken input stream.
it includes complete internal structure change in sys/netkey/key.c.
- remove non-RFC compliant change in PF_KEY API, in particular,
in struct sadb_msg. we cannot just change these standard structs.
sadb_x_sa2 is introduced instead.
- remove prototypes for pfkey_xx functions from /usr/include/net/pfkeyv2.h.
these functions are not supplied in /usr/lib.
setkey(8):
- get/delete does not require "-m mode" (ignored with warning, if you
specify it)
- spddelete takes direction specification
|
| 1.5 | 13-Mar-2000 |
itojun | branches: 1.5.2;
hide shouldn't-be-exported symbols from the outside.
don't compile pfkey*, since we expect tons of changes in the near future.
bump shlib major (due to less exported APIs than before - am I correct here?).
|
| 1.4 | 31-Jan-2000 |
itojun | upgrade libipsec to the latest.
- parser now uses yacc/lex (there'll be no symbol conflict).
- outbound policy and inbound policy is now separate
- policy specification for tunnel SA is improved
- api changed, bump shlib major
XXX some of programs will become not buildable - will commit shortly
|
| 1.3 | 04-Jul-1999 |
itojun | add NetBSD RCS ID on the top.
retain KAME RCS ID where there was one.
|
| 1.2 | 02-Jul-1999 |
simonb | More trailing white space.
|
| 1.1 | 01-Jul-1999 |
itojun | ipsec support library.
mainly for debugging, and policy text->binary conversion. NO crypto code
is included so it is export safe.
|
| 1.5.2.1 | 23-Jun-2000 |
minoura | Sync w/ netbsd-1-5-base.
|
| 1.6.2.1 | 30-Jul-2000 |
itojun | pullup (approved by releng-1-5)
> make ipsec_strerror(3) to return const char *, not char *. sync with kame.
1.7 -> 1.8 basesrc/lib/libipsec/ipsec_strerror.3
1.6 -> 1.7 basesrc/lib/libipsec/ipsec_strerror.c
1.6 -> 1.7 basesrc/lib/libipsec/ipsec_strerror.h
1.14 -> 1.15 syssrc/sys/netinet6/ipsec.h
|
| 1.8 | 19-Feb-2005 |
thorpej | Switch to ipsec-tools for libipsec, setkey, and racoon. From
Emmanuel Dreyfus, with some small changes by me.
|
| 1.7 | 30-Jul-2000 |
itojun | make ipsec_strerror(3) to return const char *, not char *. sync with kame.
|
| 1.6 | 12-Jun-2000 |
itojun | branches: 1.6.2;
sync with almost-latest KAME IPsec. full changelog would be too big
to mention here. notable changes are like below.
kernel:
- make PF_KEY kernel interface more robust against broken input stream.
it includes complete internal structure change in sys/netkey/key.c.
- remove non-RFC compliant change in PF_KEY API, in particular,
in struct sadb_msg. we cannot just change these standard structs.
sadb_x_sa2 is introduced instead.
- remove prototypes for pfkey_xx functions from /usr/include/net/pfkeyv2.h.
these functions are not supplied in /usr/lib.
setkey(8):
- get/delete does not require "-m mode" (ignored with warning, if you
specify it)
- spddelete takes direction specification
|
| 1.5 | 13-Mar-2000 |
itojun | branches: 1.5.2;
hide shouldn't-be-exported symbols from the outside.
don't compile pfkey*, since we expect tons of changes in the near future.
bump shlib major (due to less exported APIs than before - am I correct here?).
|
| 1.4 | 31-Jan-2000 |
itojun | upgrade libipsec to the latest.
- parser now uses yacc/lex (there'll be no symbol conflict).
- outbound policy and inbound policy is now separate
- policy specification for tunnel SA is improved
- api changed, bump shlib major
XXX some of programs will become not buildable - will commit shortly
|
| 1.3 | 04-Jul-1999 |
itojun | add NetBSD RCS ID on the top.
retain KAME RCS ID where there was one.
|
| 1.2 | 02-Jul-1999 |
simonb | More trailing white space.
|
| 1.1 | 01-Jul-1999 |
itojun | ipsec support library.
mainly for debugging, and policy text->binary conversion. NO crypto code
is included so it is export safe.
|
| 1.5.2.1 | 23-Jun-2000 |
minoura | Sync w/ netbsd-1-5-base.
|
| 1.6.2.1 | 30-Jul-2000 |
itojun | pullup (approved by releng-1-5)
> make ipsec_strerror(3) to return const char *, not char *. sync with kame.
1.7 -> 1.8 basesrc/lib/libipsec/ipsec_strerror.3
1.6 -> 1.7 basesrc/lib/libipsec/ipsec_strerror.c
1.6 -> 1.7 basesrc/lib/libipsec/ipsec_strerror.h
1.14 -> 1.15 syssrc/sys/netinet6/ipsec.h
|
| 1.3 | 19-Feb-2005 |
thorpej | Switch to ipsec-tools for libipsec, setkey, and racoon. From
Emmanuel Dreyfus, with some small changes by me.
|
| 1.2 | 14-May-2002 |
itojun | sync with latest kame setkey(8), modulo icmp6 hack.
pfkey.c is now more picky about buffer length validation.
spddump (setkey -DP) will print lifetime information.
|
| 1.1 | 12-Jun-2000 |
itojun | branches: 1.1.4;
sync with almost-latest KAME IPsec. full changelog would be too big
to mention here. notable changes are like below.
kernel:
- make PF_KEY kernel interface more robust against broken input stream.
it includes complete internal structure change in sys/netkey/key.c.
- remove non-RFC compliant change in PF_KEY API, in particular,
in struct sadb_msg. we cannot just change these standard structs.
sadb_x_sa2 is introduced instead.
- remove prototypes for pfkey_xx functions from /usr/include/net/pfkeyv2.h.
these functions are not supplied in /usr/lib.
setkey(8):
- get/delete does not require "-m mode" (ignored with warning, if you
specify it)
- spddelete takes direction specification
|
| 1.1.4.2 | 23-Jun-2000 |
minoura | Sync w/ netbsd-1-5-base.
|
| 1.1.4.1 | 12-Jun-2000 |
minoura | file libpfkey.h was added on branch minoura-xpg4dl on 2000-06-23 16:16:35 +0000
|
| 1.18 | 09-Sep-2006 |
manu | branches: 1.18.2; 1.18.20;
Migration of ipsec-tools to NetBSD cvs: the version is "cvs" now...
|
| 1.17 | 04-Dec-2005 |
manu | Add NAT ports to SAD in setkey so that NAT SAD entries generated by
racoon can be removed by hand.
|
| 1.16 | 21-Nov-2005 |
manu | Merge ipsec-tools 0.6.3 import
|
| 1.15 | 14-Oct-2005 |
manu | Update ipsec-tools version
|
| 1.14 | 20-Aug-2005 |
manu | Update to ipsec-tools 0.6.1
|
| 1.13 | 07-Aug-2005 |
manu | Update config.h and package_version.h to match the upcoming import
of ipsec-tools 0.6.1rc1
|
| 1.12 | 20-May-2005 |
manu | Bump version number
|
| 1.11 | 13-May-2005 |
manu | - Fix a double free
- For acquire messages, when NAT-T is in use, consider null port as a
wildcard and use IKE port
|
| 1.10 | 10-May-2005 |
manu | Update sample config file to higher security settings
|
| 1.9 | 08-May-2005 |
manu | More NAT-T fixes for the situation where racoon acts as a VPN client
Flush SA and generated SP on DPD timeout and deletion payloads
|
| 1.8 | 03-May-2005 |
manu | on phase 2 acquire, lookup phase 2 by (src, dst, policy id) so that
multiple SA can be used in transport mode
While I'm there, patch ipsec-tools ChangeLog to reflect the changes we
took from ipsec-tools-0_6-branch
|
| 1.7 | 27-Apr-2005 |
manu | Bug fixes from the ipsec-tools 0.6 branch:
- Fix NAT-T problems that prevented multiple peers behind the same NAT
to talk to the same machine outside the NAT. This also require kernel
fixes (already committed eralier)
- Fix a LP64 bug
- Fix NAT-T RFC conformance bugs (missing non ESP marker in packets)
- Add a -p option to setkey to display ports that could be used for ESP
over UDP when printing policies
|
| 1.6 | 10-Apr-2005 |
manu | Resurrect TCP-MD5 support. This fixes bin/29915
|
| 1.5 | 16-Mar-2005 |
manu | branches: 1.5.2;
update ipsec-tools version
|
| 1.4 | 14-Mar-2005 |
manu | update ipsec-tools version
|
| 1.3 | 24-Feb-2005 |
manu | update ipsec-tools version
|
| 1.2 | 23-Feb-2005 |
manu | bump ipsec-tools package version
|
| 1.1 | 19-Feb-2005 |
thorpej | Switch to ipsec-tools for libipsec, setkey, and racoon. From
Emmanuel Dreyfus, with some small changes by me.
|
| 1.5.2.10 | 07-Dec-2005 |
tron | Pull up following revision(s) (requested by manu in ticket #1029):
crypto/dist/ipsec-tools/ChangeLog: revision 1.32
crypto/dist/ipsec-tools/src/libipsec/libpfkey.h: revision 1.9
crypto/dist/ipsec-tools/src/setkey/setkey.8: revision 1.18
crypto/dist/ipsec-tools/src/setkey/setkey.c: revision 1.10
lib/libipsec/package_version.h: revision 1.17
crypto/dist/ipsec-tools/src/libipsec/pfkey_dump.c: revision 1.12
crypto/dist/ipsec-tools/src/setkey/parse.y: revision 1.8
Add NAT ports to SAD in setkey so that NAT SAD entries generated by
racoon can be removed by hand.
|
| 1.5.2.9 | 21-Nov-2005 |
tron | Apply patch (requested by manu in ticket #981):
Update ipsec-tools to version 0.6.3.
|
| 1.5.2.8 | 21-Oct-2005 |
riz | Pull up the following revisions (requested by manu in ticket #894):
crypto/dist/ipsec-tools/ChangeLog 1.28-1.30
crypto/dist/ipsec-tools/NEWS 1.1.1.4
crypto/dist/ipsec-tools/configure.ac 1.1.1.7
crypto/dist/ipsec-tools/src/libipsec/pfkey.c 1.7-1.8
crypto/dist/ipsec-tools/src/libipsec/pfkey_dump.c 1.10
crypto/dist/ipsec-tools/src/libipsec/policy_parse.y 1.7
crypto/dist/ipsec-tools/src/racoon/cfparse.y 1.5-1.9
crypto/dist/ipsec-tools/src/racoon/evt.c 1.3
crypto/dist/ipsec-tools/src/racoon/ipsec_doi.c 1.11
crypto/dist/ipsec-tools/src/racoon/isakmp.c 1.10
crypto/dist/ipsec-tools/src/racoon/isakmp_agg.c 1.5-1.6
crypto/dist/ipsec-tools/src/racoon/isakmp_base.c 1.3-1.4
crypto/dist/ipsec-tools/src/racoon/isakmp_ident.c 1.3
crypto/dist/ipsec-tools/src/racoon/oakley.c 1.6
crypto/dist/ipsec-tools/src/racoon/pfkey.c 1.10
crypto/dist/ipsec-tools/src/racoon/policy.c 1.3
crypto/dist/ipsec-tools/src/racoon/racoon.conf.5 1.21-1.23
crypto/dist/ipsec-tools/src/racoon/sockmisc.c 1.3
crypto/dist/ipsec-tools/src/racoon/sockmisc.h 1.5
crypto/dist/ipsec-tools/src/setkey/setkey.8 1.17
lib/libipsec/package_version.h 1.15
Update to ipsec-tools 0.6.2
|
| 1.5.2.7 | 03-Sep-2005 |
snj | Apply patch (requested by tron in ticket #741):
Update ipsec-tools to version 0.6.1.
|
| 1.5.2.6 | 27-May-2005 |
riz | Pull up revision 1.11 (requested by manu in ticket #325):
- Fix a double free
- For acquire messages, when NAT-T is in use, consider null port as a
wildcard and use IKE port
|
| 1.5.2.5 | 11-May-2005 |
tron | Pull up revision 1.10 (requested by manu in ticket #286):
Update sample config file to higher security settings
|
| 1.5.2.4 | 11-May-2005 |
tron | Pull up revision 1.9 (requested by manu in ticket #277):
More NAT-T fixes for the situation where racoon acts as a VPN client
Flush SA and generated SP on DPD timeout and deletion payloads
|
| 1.5.2.3 | 10-May-2005 |
tron | Pull up revision 1.8 (requested by manu in ticket #274):
on phase 2 acquire, lookup phase 2 by (src, dst, policy id) so that
multiple SA can be used in transport mode
While I'm there, patch ipsec-tools ChangeLog to reflect the changes we
took from ipsec-tools-0_6-branch
|
| 1.5.2.2 | 01-May-2005 |
tron | Pull up revision 1.7 (requested by manu in ticket #215):
Bug fixes from the ipsec-tools 0.6 branch:
- Fix NAT-T problems that prevented multiple peers behind the same NAT
to talk to the same machine outside the NAT. This also require kernel
fixes (already committed eralier)
- Fix a LP64 bug
- Fix NAT-T RFC conformance bugs (missing non ESP marker in packets)
- Add a -p option to setkey to display ports that could be used for ESP
over UDP when printing policies
|
| 1.5.2.1 | 12-Apr-2005 |
tron | Pull up revision 1.6 (requested by manu in ticket #132):
Resurrect TCP-MD5 support. This fixes bin/29915
|
| 1.18.20.1 | 08-Feb-2009 |
snj | Apply patch (requested by manu/spz in #378):
Downgrade ipsec-tools to 0.7.1nb1.
|
| 1.18.2.3 | 18-Aug-2008 |
jdc | Upgrade ipsec-tools to release 0.7.1 (requested by manu in ticket #1183).
|
| 1.18.2.2 | 28-Aug-2007 |
liamjfoy | branches: 1.18.2.2.2;
Pull up following revision(s) (requested by manu in ticket #830):
Import ipsec-tools 0.7
|
| 1.18.2.1 | 13-May-2007 |
jdc | branches: 1.18.2.1.2;
Upgrade ipsec-tools to 0.7-beta3 (Requested by manu in ticket #634).
|
| 1.18.2.2.2.1 | 18-Aug-2008 |
jdc | Upgrade ipsec-tools to release 0.7.1 (requested by manu in ticket #1183).
|
| 1.18.2.1.2.2 | 04-Sep-2008 |
skrll | Sync with netbsd-4.
|
| 1.18.2.1.2.1 | 03-Sep-2007 |
wrstuden | Sync w/ NetBSD-4-RC_1
|
| 1.23 | 19-Feb-2005 |
thorpej | Switch to ipsec-tools for libipsec, setkey, and racoon. From
Emmanuel Dreyfus, with some small changes by me.
|
| 1.22 | 13-Oct-2004 |
abs | I'm not sure what the comment is trying to say, but it can say it with
'making' at least as well as 'makeing'.
|
| 1.21 | 25-Apr-2004 |
jonathan | Initial commit of a port of the FreeBSD implementation of RFC 2385
(MD5 signatures for TCP, as used with BGP). Credit for original
FreeBSD code goes to Bruce M. Simpson, with FreeBSD sponsorship
credited to sentex.net. Shortening of the setsockopt() name
attributed to Vincent Jardin.
This commit is a minimal, working version of the FreeBSD code, as
MFC'ed to FreeBSD-4. It has received minimal testing with a ttcp
modified to set the TCP-MD5 option; BMS's additions to tcpdump-current
(tcpdump -M) confirm that the MD5 signatures are correct. Committed
as-is for further testing between a NetBSD BGP speaker (e.g., quagga)
and industry-standard BGP speakers (e.g., Cisco, Juniper).
NOTE: This version has two potential flaws. First, I do see any code
that verifies recieved TCP-MD5 signatures. Second, the TCP-MD5
options are internally padded and assumed to be 32-bit aligned. A more
space-efficient scheme is to pack all TCP options densely (and
possibly unaligned) into the TCP header ; then do one final padding to
a 4-byte boundary. Pre-existing comments note that accounting for
TCP-option space when we add SACK is yet to be done. For now, I'm
punting on that; we can solve it properly, in a way that will handle
SACK blocks, as a separate exercise.
In case a pullup to NetBSD-2 is requested, this adds sys/netipsec/xform_tcp.c
,and modifies:
sys/net/pfkeyv2.h,v 1.15
sys/netinet/files.netinet,v 1.5
sys/netinet/ip.h,v 1.25
sys/netinet/tcp.h,v 1.15
sys/netinet/tcp_input.c,v 1.200
sys/netinet/tcp_output.c,v 1.109
sys/netinet/tcp_subr.c,v 1.165
sys/netinet/tcp_usrreq.c,v 1.89
sys/netinet/tcp_var.h,v 1.109
sys/netipsec/files.netipsec,v 1.3
sys/netipsec/ipsec.c,v 1.11
sys/netipsec/ipsec.h,v 1.7
sys/netipsec/key.c,v 1.11
share/man/man4/tcp.4,v 1.16
lib/libipsec/pfkey.c,v 1.20
lib/libipsec/pfkey_dump.c,v 1.17
lib/libipsec/policy_token.l,v 1.8
sbin/setkey/parse.y,v 1.14
sbin/setkey/setkey.8,v 1.27
sbin/setkey/token.l,v 1.15
Note that the preceding two revisions to tcp.4 will be
required to cleanly apply this diff.
|
| 1.20 | 24-Feb-2004 |
wiz | occured -> occurred. From Peter Postma.
|
| 1.19 | 26-Sep-2003 |
wiz | Process has only one c. From miod@openbsd.
|
| 1.18 | 26-Aug-2003 |
itojun | protect SADB_X_EXT_TAG with #ifdef
|
| 1.17 | 26-Aug-2003 |
itojun | typo
|
| 1.16 | 22-Jul-2003 |
itojun | cosmetic
|
| 1.15 | 09-Mar-2003 |
lukem | use __RCSID()
|
| 1.14 | 04-Mar-2003 |
christos | Avoid memory leak. Pointed out by Patrick Latifi <patrickl at secureops dot com>
|
| 1.13 | 14-May-2002 |
itojun | sync with latest kame setkey(8), modulo icmp6 hack.
pfkey.c is now more picky about buffer length validation.
spddump (setkey -DP) will print lifetime information.
|
| 1.12 | 16-Sep-2001 |
wiz | Spell 'occurred' with two 'r's.
|
| 1.11 | 03-Jul-2000 |
matt | More include cleanup. Remvoe (p) from #undef in libipsec.
|
| 1.10 | 12-Jun-2000 |
itojun | sync with almost-latest KAME IPsec. full changelog would be too big
to mention here. notable changes are like below.
kernel:
- make PF_KEY kernel interface more robust against broken input stream.
it includes complete internal structure change in sys/netkey/key.c.
- remove non-RFC compliant change in PF_KEY API, in particular,
in struct sadb_msg. we cannot just change these standard structs.
sadb_x_sa2 is introduced instead.
- remove prototypes for pfkey_xx functions from /usr/include/net/pfkeyv2.h.
these functions are not supplied in /usr/lib.
setkey(8):
- get/delete does not require "-m mode" (ignored with warning, if you
specify it)
- spddelete takes direction specification
|
| 1.9 | 13-Mar-2000 |
itojun | branches: 1.9.2;
hide shouldn't-be-exported symbols from the outside.
don't compile pfkey*, since we expect tons of changes in the near future.
bump shlib major (due to less exported APIs than before - am I correct here?).
|
| 1.8 | 08-Feb-2000 |
itojun | use proper include path (net/pfkeyv2.h)
|
| 1.7 | 08-Feb-2000 |
itojun | don't include in6.h directly.
|
| 1.6 | 31-Jan-2000 |
itojun | upgrade libipsec to the latest.
- parser now uses yacc/lex (there'll be no symbol conflict).
- outbound policy and inbound policy is now separate
- policy specification for tunnel SA is improved
- api changed, bump shlib major
XXX some of programs will become not buildable - will commit shortly
|
| 1.5 | 16-Sep-1999 |
itojun | temporary workaround against KAME PR 154.
http://www2.kame.net/dev/query-pr.cgi?pr=154
This allows many keys to be dumped via "setkey -D", or many keys
to be configured by single "setkey -c < foo" command.
|
| 1.4 | 04-Jul-1999 |
itojun | add NetBSD RCS ID on the top.
retain KAME RCS ID where there was one.
|
| 1.3 | 03-Jul-1999 |
itojun | s/CFLAGS/CPPFLAGS/ for -D and -I.
remove lint error.
|
| 1.2 | 02-Jul-1999 |
simonb | More trailing white space.
|
| 1.1 | 01-Jul-1999 |
itojun | ipsec support library.
mainly for debugging, and policy text->binary conversion. NO crypto code
is included so it is export safe.
|
| 1.9.2.1 | 23-Jun-2000 |
minoura | Sync w/ netbsd-1-5-base.
|
| 1.19 | 19-Feb-2005 |
thorpej | Switch to ipsec-tools for libipsec, setkey, and racoon. From
Emmanuel Dreyfus, with some small changes by me.
|
| 1.18 | 25-Apr-2004 |
jonathan | Initial commit of a port of the FreeBSD implementation of RFC 2385
(MD5 signatures for TCP, as used with BGP). Credit for original
FreeBSD code goes to Bruce M. Simpson, with FreeBSD sponsorship
credited to sentex.net. Shortening of the setsockopt() name
attributed to Vincent Jardin.
This commit is a minimal, working version of the FreeBSD code, as
MFC'ed to FreeBSD-4. It has received minimal testing with a ttcp
modified to set the TCP-MD5 option; BMS's additions to tcpdump-current
(tcpdump -M) confirm that the MD5 signatures are correct. Committed
as-is for further testing between a NetBSD BGP speaker (e.g., quagga)
and industry-standard BGP speakers (e.g., Cisco, Juniper).
NOTE: This version has two potential flaws. First, I do see any code
that verifies recieved TCP-MD5 signatures. Second, the TCP-MD5
options are internally padded and assumed to be 32-bit aligned. A more
space-efficient scheme is to pack all TCP options densely (and
possibly unaligned) into the TCP header ; then do one final padding to
a 4-byte boundary. Pre-existing comments note that accounting for
TCP-option space when we add SACK is yet to be done. For now, I'm
punting on that; we can solve it properly, in a way that will handle
SACK blocks, as a separate exercise.
In case a pullup to NetBSD-2 is requested, this adds sys/netipsec/xform_tcp.c
,and modifies:
sys/net/pfkeyv2.h,v 1.15
sys/netinet/files.netinet,v 1.5
sys/netinet/ip.h,v 1.25
sys/netinet/tcp.h,v 1.15
sys/netinet/tcp_input.c,v 1.200
sys/netinet/tcp_output.c,v 1.109
sys/netinet/tcp_subr.c,v 1.165
sys/netinet/tcp_usrreq.c,v 1.89
sys/netinet/tcp_var.h,v 1.109
sys/netipsec/files.netipsec,v 1.3
sys/netipsec/ipsec.c,v 1.11
sys/netipsec/ipsec.h,v 1.7
sys/netipsec/key.c,v 1.11
share/man/man4/tcp.4,v 1.16
lib/libipsec/pfkey.c,v 1.20
lib/libipsec/pfkey_dump.c,v 1.17
lib/libipsec/policy_token.l,v 1.8
sbin/setkey/parse.y,v 1.14
sbin/setkey/setkey.8,v 1.27
sbin/setkey/token.l,v 1.15
Note that the preceding two revisions to tcp.4 will be
required to cleanly apply this diff.
|
| 1.17 | 08-Sep-2003 |
itojun | deal with policy without selector. sync w/ kame
|
| 1.16 | 26-Aug-2003 |
itojun | protect SADB_X_EXT_TAG with #ifdef
|
| 1.15 | 26-Aug-2003 |
itojun | typo
|
| 1.14 | 25-Jul-2003 |
itojun | support new algorithms
|
| 1.13 | 22-Jul-2003 |
itojun | support hmac-sha2
|
| 1.12 | 09-Mar-2003 |
lukem | use __RCSID()
|
| 1.11 | 27-Jun-2002 |
itojun | correct %d/%u mismatch. sync w/kame
|
| 1.10 | 14-May-2002 |
itojun | sync with latest kame setkey(8), modulo icmp6 hack.
pfkey.c is now more picky about buffer length validation.
spddump (setkey -DP) will print lifetime information.
|
| 1.9 | 03-Oct-2000 |
itojun | support rijndael-cbc
|
| 1.8 | 20-Jul-2000 |
itojun | do not rely upon algorithm ordering in pfkey spec. sync with kame
|
| 1.7 | 12-Jun-2000 |
itojun | branches: 1.7.2;
sync with almost-latest KAME IPsec. full changelog would be too big
to mention here. notable changes are like below.
kernel:
- make PF_KEY kernel interface more robust against broken input stream.
it includes complete internal structure change in sys/netkey/key.c.
- remove non-RFC compliant change in PF_KEY API, in particular,
in struct sadb_msg. we cannot just change these standard structs.
sadb_x_sa2 is introduced instead.
- remove prototypes for pfkey_xx functions from /usr/include/net/pfkeyv2.h.
these functions are not supplied in /usr/lib.
setkey(8):
- get/delete does not require "-m mode" (ignored with warning, if you
specify it)
- spddelete takes direction specification
|
| 1.6 | 08-Feb-2000 |
itojun | branches: 1.6.2;
use proper include path (net/pfkeyv2.h)
|
| 1.5 | 08-Feb-2000 |
itojun | don't include in6.h directly.
|
| 1.4 | 31-Jan-2000 |
itojun | upgrade libipsec to the latest.
- parser now uses yacc/lex (there'll be no symbol conflict).
- outbound policy and inbound policy is now separate
- policy specification for tunnel SA is improved
- api changed, bump shlib major
XXX some of programs will become not buildable - will commit shortly
|
| 1.3 | 04-Jul-1999 |
itojun | add NetBSD RCS ID on the top.
retain KAME RCS ID where there was one.
|
| 1.2 | 02-Jul-1999 |
simonb | More trailing white space.
|
| 1.1 | 01-Jul-1999 |
itojun | ipsec support library.
mainly for debugging, and policy text->binary conversion. NO crypto code
is included so it is export safe.
|
| 1.6.2.1 | 23-Jun-2000 |
minoura | Sync w/ netbsd-1-5-base.
|
| 1.7.2.2 | 04-Oct-2000 |
itojun | pullup (approved by releng-1-5)
rijndael-cbc userland support.
usr.sbin/netstat/ipsec.c 1.2 -> 1.3
sbin/setkey/setkey.8 1.4 -> 1.5
sbin/setkey/setkey.c 1.1 -> 1.2
sbin/setkey/token.l 1.2 -> 1.3
lib/libipsec/pfkey_dump.c 1.8 -> 1.9
usr.sbin/tcpdump/ipsec_doi.h 1.2 -> 1.3
usr.sbin/tcpdump/isakmp.h 1.3 -> 1.4
usr.sbin/tcpdump/print-isakmp.h 1.5 -> 1.6
|
| 1.7.2.1 | 30-Jul-2000 |
itojun | pullup (approved by releng-1-5)
> make ipsec_strerror(3) to return const char *, not char *. sync with kame.
1.7 -> 1.8 basesrc/lib/libipsec/ipsec_strerror.3
1.6 -> 1.7 basesrc/lib/libipsec/ipsec_strerror.c
1.6 -> 1.7 basesrc/lib/libipsec/ipsec_strerror.h
1.14 -> 1.15 syssrc/sys/netinet6/ipsec.h
|
| 1.15 | 19-Feb-2005 |
thorpej | Switch to ipsec-tools for libipsec, setkey, and racoon. From
Emmanuel Dreyfus, with some small changes by me.
|
| 1.14 | 23-Nov-2003 |
itojun | avoid memory leak. hint from Andrew Lunn
|
| 1.13 | 23-Nov-2003 |
itojun | do not malloc(0). Andrew Lunn
|
| 1.12 | 03-Oct-2003 |
itojun | realloc error check failure; Greg Troxel, sync w/ kame
|
| 1.11 | 02-Oct-2003 |
itojun | correct unsafe use of realloc().
|
| 1.10 | 22-Jul-2003 |
itojun | don't explicitly clear "reserved" field. instead clear "id" field.
|
| 1.9 | 27-Jun-2003 |
itojun | clear malloc'ed memory. sync w/kame
|
| 1.8 | 31-Jul-2002 |
itojun | plug memory leak. from ebisawa@iij, sync w/kame
|
| 1.7 | 31-Aug-2001 |
itojun | branches: 1.7.2;
sync manpage with latest kame.
|
| 1.6 | 30-Mar-2001 |
agc | Revert previous overzealous change, committed in error.
|
| 1.5 | 30-Mar-2001 |
agc | Put back prototype of yyparse(), since the function name is modified
by the Makefile
YPREFIX+=__libyy
setting, and we thus get an unprototyped function.
|
| 1.4 | 04-Feb-2001 |
christos | remove redundant declaration of yyparse.
|
| 1.3 | 12-Jun-2000 |
itojun | branches: 1.3.2;
sync with almost-latest KAME IPsec. full changelog would be too big
to mention here. notable changes are like below.
kernel:
- make PF_KEY kernel interface more robust against broken input stream.
it includes complete internal structure change in sys/netkey/key.c.
- remove non-RFC compliant change in PF_KEY API, in particular,
in struct sadb_msg. we cannot just change these standard structs.
sadb_x_sa2 is introduced instead.
- remove prototypes for pfkey_xx functions from /usr/include/net/pfkeyv2.h.
these functions are not supplied in /usr/lib.
setkey(8):
- get/delete does not require "-m mode" (ignored with warning, if you
specify it)
- spddelete takes direction specification
|
| 1.2 | 13-Mar-2000 |
itojun | branches: 1.2.2;
hide shouldn't-be-exported symbols from the outside.
don't compile pfkey*, since we expect tons of changes in the near future.
bump shlib major (due to less exported APIs than before - am I correct here?).
|
| 1.1 | 01-Feb-2000 |
itojun | sorry, forgot to cvs add new files
|
| 1.2.2.1 | 23-Jun-2000 |
minoura | Sync w/ netbsd-1-5-base.
|
| 1.3.2.1 | 04-Sep-2002 |
itojun | pullup (itojun)
plug memory leak. from ebisawa@iij, sync w/kame
cvs rdiff -r1.7 -r1.8 basesrc/lib/libipsec/policy_parse.y
cvs rdiff -r1.6 -r1.7 basesrc/lib/libipsec/policy_token.l
|
| 1.7.2.4 | 26-Oct-2005 |
riz | Pull up following revision(s) (requested by wiz in ticket #1798):
lib/libipsec/policy_parse.y: revision 1.9-1.10,1.13-1.14
crypto/dist/kame/libipsec/policy_parse.y: revision 1.4-1.5
avoid memory leak, and correct various malloc usage. PR#23625.
|
| 1.7.2.3 | 05-Oct-2003 |
tron | Pull up revision 1.12 via patch (requested by itojun in ticket #1507):
realloc error check failure; Greg Troxel, sync w/ kame
|
| 1.7.2.2 | 02-Oct-2003 |
tron | Pull up revision 1.11 (requested by itojun in ticket #1502):
correct unsafe use of realloc().
|
| 1.7.2.1 | 02-Aug-2002 |
lukem | Pull up revision 1.8 (requested by itojun in ticket #596):
plug memory leak. from ebisawa@iij, sync w/kame
|
| 1.10 | 19-Feb-2005 |
thorpej | Switch to ipsec-tools for libipsec, setkey, and racoon. From
Emmanuel Dreyfus, with some small changes by me.
|
| 1.9 | 25-Apr-2004 |
jonathan | Initial commit of a port of the FreeBSD implementation of RFC 2385
(MD5 signatures for TCP, as used with BGP). Credit for original
FreeBSD code goes to Bruce M. Simpson, with FreeBSD sponsorship
credited to sentex.net. Shortening of the setsockopt() name
attributed to Vincent Jardin.
This commit is a minimal, working version of the FreeBSD code, as
MFC'ed to FreeBSD-4. It has received minimal testing with a ttcp
modified to set the TCP-MD5 option; BMS's additions to tcpdump-current
(tcpdump -M) confirm that the MD5 signatures are correct. Committed
as-is for further testing between a NetBSD BGP speaker (e.g., quagga)
and industry-standard BGP speakers (e.g., Cisco, Juniper).
NOTE: This version has two potential flaws. First, I do see any code
that verifies recieved TCP-MD5 signatures. Second, the TCP-MD5
options are internally padded and assumed to be 32-bit aligned. A more
space-efficient scheme is to pack all TCP options densely (and
possibly unaligned) into the TCP header ; then do one final padding to
a 4-byte boundary. Pre-existing comments note that accounting for
TCP-option space when we add SACK is yet to be done. For now, I'm
punting on that; we can solve it properly, in a way that will handle
SACK blocks, as a separate exercise.
In case a pullup to NetBSD-2 is requested, this adds sys/netipsec/xform_tcp.c
,and modifies:
sys/net/pfkeyv2.h,v 1.15
sys/netinet/files.netinet,v 1.5
sys/netinet/ip.h,v 1.25
sys/netinet/tcp.h,v 1.15
sys/netinet/tcp_input.c,v 1.200
sys/netinet/tcp_output.c,v 1.109
sys/netinet/tcp_subr.c,v 1.165
sys/netinet/tcp_usrreq.c,v 1.89
sys/netinet/tcp_var.h,v 1.109
sys/netipsec/files.netipsec,v 1.3
sys/netipsec/ipsec.c,v 1.11
sys/netipsec/ipsec.h,v 1.7
sys/netipsec/key.c,v 1.11
share/man/man4/tcp.4,v 1.16
lib/libipsec/pfkey.c,v 1.20
lib/libipsec/pfkey_dump.c,v 1.17
lib/libipsec/policy_token.l,v 1.8
sbin/setkey/parse.y,v 1.14
sbin/setkey/setkey.8,v 1.27
sbin/setkey/token.l,v 1.15
Note that the preceding two revisions to tcp.4 will be
required to cleanly apply this diff.
|
| 1.8 | 22-Jul-2003 |
itojun | plug memory leak
|
| 1.7 | 31-Jul-2002 |
itojun | plug memory leak. from ebisawa@iij, sync w/kame
|
| 1.6 | 31-Aug-2001 |
itojun | branches: 1.6.2;
sync manpage with latest kame.
|
| 1.5 | 04-Jul-2000 |
itojun | move ipsec_{hex,bin}dump() into #ifdef wrapper.
libipsec: remove unnecessary #include key_debug.h.
|
| 1.4 | 12-Jun-2000 |
itojun | branches: 1.4.2;
sync with almost-latest KAME IPsec. full changelog would be too big
to mention here. notable changes are like below.
kernel:
- make PF_KEY kernel interface more robust against broken input stream.
it includes complete internal structure change in sys/netkey/key.c.
- remove non-RFC compliant change in PF_KEY API, in particular,
in struct sadb_msg. we cannot just change these standard structs.
sadb_x_sa2 is introduced instead.
- remove prototypes for pfkey_xx functions from /usr/include/net/pfkeyv2.h.
these functions are not supplied in /usr/lib.
setkey(8):
- get/delete does not require "-m mode" (ignored with warning, if you
specify it)
- spddelete takes direction specification
|
| 1.3 | 13-Mar-2000 |
itojun | branches: 1.3.2;
hide shouldn't-be-exported symbols from the outside.
don't compile pfkey*, since we expect tons of changes in the near future.
bump shlib major (due to less exported APIs than before - am I correct here?).
|
| 1.2 | 08-Feb-2000 |
itojun | use proper include path (net/pfkeyv2.h)
|
| 1.1 | 01-Feb-2000 |
itojun | sorry, forgot to cvs add new files
|
| 1.3.2.1 | 23-Jun-2000 |
minoura | Sync w/ netbsd-1-5-base.
|
| 1.4.2.1 | 04-Sep-2002 |
itojun | pullup (itojun)
plug memory leak. from ebisawa@iij, sync w/kame
cvs rdiff -r1.7 -r1.8 basesrc/lib/libipsec/policy_parse.y
cvs rdiff -r1.6 -r1.7 basesrc/lib/libipsec/policy_token.l
|
| 1.6.2.1 | 02-Aug-2002 |
lukem | Pull up revision 1.7 (requested by itojun in ticket #596):
plug memory leak. from ebisawa@iij, sync w/kame
|
| 1.6 | 11-Jan-2009 |
christos | bump shared libraries.
|
| 1.5 | 10-Dec-2006 |
manu | Bump libipsec minor
|
| 1.4 | 19-Feb-2005 |
thorpej | branches: 1.4.10;
Bump shlib version to 2.1 as was intended with ipsec-tools integration.
|
| 1.3 | 13-Mar-2000 |
itojun | hide shouldn't-be-exported symbols from the outside.
don't compile pfkey*, since we expect tons of changes in the near future.
bump shlib major (due to less exported APIs than before - am I correct here?).
|
| 1.2 | 31-Jan-2000 |
itojun | upgrade libipsec to the latest.
- parser now uses yacc/lex (there'll be no symbol conflict).
- outbound policy and inbound policy is now separate
- policy specification for tunnel SA is improved
- api changed, bump shlib major
XXX some of programs will become not buildable - will commit shortly
|
| 1.1 | 01-Jul-1999 |
itojun | ipsec support library.
mainly for debugging, and policy text->binary conversion. NO crypto code
is included so it is export safe.
|
| 1.4.10.1 | 13-May-2007 |
jdc | Upgrade ipsec-tools to 0.7-beta3 (Requested by manu in ticket #634).
|
