| History log of /src/sbin/setkey |
| Revision | Date | Author | Comments |
| 1.13 | 04-Jan-2012 |
drochner | -consistently use "char *" for the compiled policy buffer in the
ipsec_*_policy() functions, as it was documented and used by clients
-remove "ipsec_policy_t" which was undocumented and only present
in the KAME version of the ipsec.h header
-misc cleanup of historical artefacts, and to remove unnecessary
differences between KAME ans FAST_IPSEC
|
| 1.12 | 29-Oct-2009 |
christos | branches: 1.12.6;
no need for noinput
|
| 1.11 | 20-Apr-2009 |
drochner | define YY_NO_INPUT where appropriate, from Kurt J. Lidl per PR misc/41160
|
| 1.10 | 11-Apr-2009 |
lukem | Enable WARNS=4 by default except for:
dump dump_lfs fsck_ffs fsck_lfs fsdb mount_smbfs
newfs_ext2fs newfs_lfs resize_lfs setkey
|
| 1.9 | 16-Dec-2005 |
jmc | branches: 1.9.30;
Redo previous rework to generate yacc/lex output again and remove generated
copies from the import as they don't compile clean across all archs.
|
| 1.8 | 15-Dec-2005 |
jmc | Don't yacc/lex here as dist includes generated copies already and depending
on timestamps it's possible for gcc2 on vax to get confused on which .h
to use.
|
| 1.7 | 27-Jun-2005 |
christos | Move WARNS=3 to the Makefile.inc, and add a little const to the remaining
programs that did not compile before.
|
| 1.6 | 24-Feb-2005 |
manu | branches: 1.6.2;
Define SADB_X_EALG_AESCBC=SADB_X_EALG_AES, as we define SADB_X_EALG_AES
in <net/pfkeyv2.h> while ipsec-tools uses SADB_X_EALG_AESCBC in the code.
|
| 1.5 | 19-Feb-2005 |
thorpej | Additional cleanup pass.
|
| 1.4 | 19-Feb-2005 |
thorpej | Switch to ipsec-tools for libipsec, setkey, and racoon. From
Emmanuel Dreyfus, with some small changes by me.
|
| 1.3 | 19-Aug-2002 |
lukem | Use ${NETBSDSRCDIR}/some/path instead of ${.CURDIR}/../../some/path
|
| 1.2 | 29-Oct-2000 |
itojun | use YHEADER, not YFLAGS+=-d. from kre
|
| 1.1 | 13-Jun-2000 |
itojun | branches: 1.1.4;
move setkey(8) from usr.sbin to sbin, to enable us to initialize
IPsec manual key before /usr mount..
(based on "don't use cvsmove" discussion i have seen, I did not use cvsmove)
|
| 1.1.4.2 | 22-Jun-2000 |
minoura | Sync w/ netbsd-1-5-base.
|
| 1.1.4.1 | 13-Jun-2000 |
minoura | file Makefile was added on branch minoura-xpg4dl on 2000-06-22 16:05:47 +0000
|
| 1.6.2.1 | 03-Sep-2005 |
snj | Apply patch (requested by tron in ticket #741):
Update ipsec-tools to version 0.6.1.
|
| 1.9.30.1 | 13-May-2009 |
jym | Sync with HEAD.
Third (and last) commit. See http://mail-index.netbsd.org/source-changes/2009/05/13/msg221222.html
|
| 1.12.6.1 | 17-Apr-2012 |
yamt | sync with head
|
| 1.18 | 19-Feb-2005 |
thorpej | Switch to ipsec-tools for libipsec, setkey, and racoon. From
Emmanuel Dreyfus, with some small changes by me.
|
| 1.17 | 17-Feb-2005 |
xtraeme | Kill __P(), use ANSI function declarations.
|
| 1.16 | 29-Oct-2004 |
dsl | Add (unsigned char) cast to ctype function, reworked to fit on one line
|
| 1.15 | 25-Apr-2004 |
jonathan | Initial commit of a port of the FreeBSD implementation of RFC 2385
(MD5 signatures for TCP, as used with BGP). Credit for original
FreeBSD code goes to Bruce M. Simpson, with FreeBSD sponsorship
credited to sentex.net. Shortening of the setsockopt() name
attributed to Vincent Jardin.
This commit is a minimal, working version of the FreeBSD code, as
MFC'ed to FreeBSD-4. It has received minimal testing with a ttcp
modified to set the TCP-MD5 option; BMS's additions to tcpdump-current
(tcpdump -M) confirm that the MD5 signatures are correct. Committed
as-is for further testing between a NetBSD BGP speaker (e.g., quagga)
and industry-standard BGP speakers (e.g., Cisco, Juniper).
NOTE: This version has two potential flaws. First, I do see any code
that verifies recieved TCP-MD5 signatures. Second, the TCP-MD5
options are internally padded and assumed to be 32-bit aligned. A more
space-efficient scheme is to pack all TCP options densely (and
possibly unaligned) into the TCP header ; then do one final padding to
a 4-byte boundary. Pre-existing comments note that accounting for
TCP-option space when we add SACK is yet to be done. For now, I'm
punting on that; we can solve it properly, in a way that will handle
SACK blocks, as a separate exercise.
In case a pullup to NetBSD-2 is requested, this adds sys/netipsec/xform_tcp.c
,and modifies:
sys/net/pfkeyv2.h,v 1.15
sys/netinet/files.netinet,v 1.5
sys/netinet/ip.h,v 1.25
sys/netinet/tcp.h,v 1.15
sys/netinet/tcp_input.c,v 1.200
sys/netinet/tcp_output.c,v 1.109
sys/netinet/tcp_subr.c,v 1.165
sys/netinet/tcp_usrreq.c,v 1.89
sys/netinet/tcp_var.h,v 1.109
sys/netipsec/files.netipsec,v 1.3
sys/netipsec/ipsec.c,v 1.11
sys/netipsec/ipsec.h,v 1.7
sys/netipsec/key.c,v 1.11
share/man/man4/tcp.4,v 1.16
lib/libipsec/pfkey.c,v 1.20
lib/libipsec/pfkey_dump.c,v 1.17
lib/libipsec/policy_token.l,v 1.8
sbin/setkey/parse.y,v 1.14
sbin/setkey/setkey.8,v 1.27
sbin/setkey/token.l,v 1.15
Note that the preceding two revisions to tcp.4 will be
required to cleanly apply this diff.
|
| 1.14 | 12-Sep-2003 |
itojun | support DUMP by sysctl
|
| 1.13 | 07-Sep-2003 |
itojun | committed by mistake
|
| 1.12 | 07-Sep-2003 |
itojun | warn that port-number does not work for gateway config. PR kern/22715
add reference. bump date.
|
| 1.11 | 26-Jul-2003 |
mrg | add another (void *) cast to appease gcc3.3
|
| 1.10 | 01-Jul-2003 |
itojun | more error traps on malloc failure. accept "-E null".
various pedantic checks. from kame
|
| 1.9 | 06-Dec-2002 |
thorpej | Avoid strict alias warnings.
|
| 1.8 | 14-May-2002 |
itojun | sync with latest kame setkey(8), modulo icmp6 hack.
pfkey.c is now more picky about buffer length validation.
spddump (setkey -DP) will print lifetime information.
|
| 1.7 | 02-Nov-2001 |
lukem | fix -Wshadow warnings
|
| 1.6 | 20-Sep-2001 |
toshii | Fix a typo which prevented manual keying from working.
|
| 1.5 | 07-Sep-2001 |
itojun | upgrade to the latest KAME setkey(8). allows FQDN hostname in commands.
"add localhost localhost esp 9999 -E des-cbc hogehoge" adds two keys,
for 127.0.0.1 and ::1
|
| 1.4 | 16-Feb-2001 |
thorpej | Add a "deleteall" command that takes a src/dst/protocol.
|
| 1.3 | 04-Feb-2001 |
christos | remove redundant decl
|
| 1.2 | 18-Jul-2000 |
itojun | sync with recent net/pfkeyv2.h change (sorry forgot to commit). from kame
|
| 1.1 | 13-Jun-2000 |
itojun | branches: 1.1.2; 1.1.4;
move setkey(8) from usr.sbin to sbin, to enable us to initialize
IPsec manual key before /usr mount..
(based on "don't use cvsmove" discussion i have seen, I did not use cvsmove)
|
| 1.1.4.2 | 22-Jun-2000 |
minoura | Sync w/ netbsd-1-5-base.
|
| 1.1.4.1 | 13-Jun-2000 |
minoura | file parse.y was added on branch minoura-xpg4dl on 2000-06-22 16:05:47 +0000
|
| 1.1.2.1 | 25-Jul-2000 |
itojun | pullup 1.1 -> 1.2 (approved by releng-1-5)
sync with recent net/pfkeyv2.h change (sorry forgot to commit). from kame
|
| 1.4 | 19-Feb-2005 |
thorpej | Switch to ipsec-tools for libipsec, setkey, and racoon. From
Emmanuel Dreyfus, with some small changes by me.
|
| 1.3 | 07-Sep-2001 |
itojun | upgrade to the latest KAME setkey(8). allows FQDN hostname in commands.
"add localhost localhost esp 9999 -E des-cbc hogehoge" adds two keys,
for 127.0.0.1 and ::1
|
| 1.2 | 14-Jun-2000 |
itojun | branches: 1.2.4;
update examples, so that they would at least pass the parser.
|
| 1.1 | 13-Jun-2000 |
itojun | move setkey(8) from usr.sbin to sbin, to enable us to initialize
IPsec manual key before /usr mount..
(based on "don't use cvsmove" discussion i have seen, I did not use cvsmove)
|
| 1.2.4.2 | 22-Jun-2000 |
minoura | Sync w/ netbsd-1-5-base.
|
| 1.2.4.1 | 14-Jun-2000 |
minoura | file sample.cf was added on branch minoura-xpg4dl on 2000-06-22 16:05:48 +0000
|
| 1.4 | 19-Feb-2005 |
thorpej | Switch to ipsec-tools for libipsec, setkey, and racoon. From
Emmanuel Dreyfus, with some small changes by me.
|
| 1.3 | 07-Sep-2001 |
itojun | upgrade to the latest KAME setkey(8). allows FQDN hostname in commands.
"add localhost localhost esp 9999 -E des-cbc hogehoge" adds two keys,
for 127.0.0.1 and ::1
|
| 1.2 | 18-Jul-2000 |
itojun | sync with the current usage. from kame.
note th at the file will not be installed into locations like
/usr/sibn or /sbin.
|
| 1.1 | 13-Jun-2000 |
itojun | branches: 1.1.2; 1.1.4;
move setkey(8) from usr.sbin to sbin, to enable us to initialize
IPsec manual key before /usr mount..
(based on "don't use cvsmove" discussion i have seen, I did not use cvsmove)
|
| 1.1.4.2 | 22-Jun-2000 |
minoura | Sync w/ netbsd-1-5-base.
|
| 1.1.4.1 | 13-Jun-2000 |
minoura | file scriptdump.pl was added on branch minoura-xpg4dl on 2000-06-22 16:05:49 +0000
|
| 1.1.2.1 | 25-Jul-2000 |
itojun | pullup 1.1 -> 1.2 (approved by releng-1-5)
sync with the current usage. from kame.
note that the file will not be installed into locations like
/usr/sbin or /sbin.
|
| 1.30 | 19-Feb-2005 |
thorpej | Switch to ipsec-tools for libipsec, setkey, and racoon. From
Emmanuel Dreyfus, with some small changes by me.
|
| 1.29 | 29-Apr-2004 |
wiz | Bump date for previous.
|
| 1.28 | 25-Apr-2004 |
jonathan | Initial commit of a port of the FreeBSD implementation of RFC 2385
(MD5 signatures for TCP, as used with BGP). Credit for original
FreeBSD code goes to Bruce M. Simpson, with FreeBSD sponsorship
credited to sentex.net. Shortening of the setsockopt() name
attributed to Vincent Jardin.
This commit is a minimal, working version of the FreeBSD code, as
MFC'ed to FreeBSD-4. It has received minimal testing with a ttcp
modified to set the TCP-MD5 option; BMS's additions to tcpdump-current
(tcpdump -M) confirm that the MD5 signatures are correct. Committed
as-is for further testing between a NetBSD BGP speaker (e.g., quagga)
and industry-standard BGP speakers (e.g., Cisco, Juniper).
NOTE: This version has two potential flaws. First, I do see any code
that verifies recieved TCP-MD5 signatures. Second, the TCP-MD5
options are internally padded and assumed to be 32-bit aligned. A more
space-efficient scheme is to pack all TCP options densely (and
possibly unaligned) into the TCP header ; then do one final padding to
a 4-byte boundary. Pre-existing comments note that accounting for
TCP-option space when we add SACK is yet to be done. For now, I'm
punting on that; we can solve it properly, in a way that will handle
SACK blocks, as a separate exercise.
In case a pullup to NetBSD-2 is requested, this adds sys/netipsec/xform_tcp.c
,and modifies:
sys/net/pfkeyv2.h,v 1.15
sys/netinet/files.netinet,v 1.5
sys/netinet/ip.h,v 1.25
sys/netinet/tcp.h,v 1.15
sys/netinet/tcp_input.c,v 1.200
sys/netinet/tcp_output.c,v 1.109
sys/netinet/tcp_subr.c,v 1.165
sys/netinet/tcp_usrreq.c,v 1.89
sys/netinet/tcp_var.h,v 1.109
sys/netipsec/files.netipsec,v 1.3
sys/netipsec/ipsec.c,v 1.11
sys/netipsec/ipsec.h,v 1.7
sys/netipsec/key.c,v 1.11
share/man/man4/tcp.4,v 1.16
lib/libipsec/pfkey.c,v 1.20
lib/libipsec/pfkey_dump.c,v 1.17
lib/libipsec/policy_token.l,v 1.8
sbin/setkey/parse.y,v 1.14
sbin/setkey/setkey.8,v 1.27
sbin/setkey/token.l,v 1.15
Note that the preceding two revisions to tcp.4 will be
required to cleanly apply this diff.
|
| 1.27 | 21-Oct-2003 |
itojun | aes-xcbc-mac is now an RFC. bump date.
|
| 1.26 | 12-Sep-2003 |
itojun | support DUMP by sysctl
|
| 1.25 | 08-Sep-2003 |
wiz | Punctuation nit; bump date for previous.
|
| 1.24 | 08-Sep-2003 |
itojun | make it possible to process files.
|
| 1.23 | 07-Sep-2003 |
itojun | "tagged" policy is not introduced to netbsd-current yet
|
| 1.22 | 07-Sep-2003 |
itojun | warn that port-number does not work for gateway config. PR kern/22715
add reference. bump date.
|
| 1.21 | 25-Jul-2003 |
itojun | support new algorithms
|
| 1.20 | 22-Jul-2003 |
itojun | support hmac-sha2
|
| 1.19 | 04-Jul-2003 |
wiz | Bump date for last.
|
| 1.18 | 01-Jul-2003 |
itojun | more error traps on malloc failure. accept "-E null".
various pedantic checks. from kame
|
| 1.17 | 30-Jun-2003 |
wiz | Remove unnecessary space before dot.
|
| 1.16 | 27-May-2003 |
itojun | correct bad RFC ref. KAME problem report 480
|
| 1.15 | 15-Mar-2003 |
wiz | Fix some typos. From Igor Sobrado in PR 20722.
|
| 1.14 | 14-May-2002 |
itojun | sync with latest kame setkey(8), modulo icmp6 hack.
pfkey.c is now more picky about buffer length validation.
spddump (setkey -DP) will print lifetime information.
|
| 1.13 | 16-Nov-2001 |
wiz | Slightly improve markup in two places, sort sections.
|
| 1.12 | 16-Nov-2001 |
wiz | Whitespace nits
|
| 1.11 | 07-Sep-2001 |
itojun | upgrade to the latest KAME setkey(8). allows FQDN hostname in commands.
"add localhost localhost esp 9999 -E des-cbc hogehoge" adds two keys,
for 127.0.0.1 and ::1
|
| 1.10 | 16-Aug-2001 |
itojun | we have never supported lzs. sync with kame
|
| 1.9 | 12-Aug-2001 |
itojun | sync with latest kame. clarifies hex key and other things.
|
| 1.8 | 05-Jun-2001 |
wiz | Drop trailing dot in Nd.
|
| 1.7 | 16-Feb-2001 |
thorpej | Add a "deleteall" command that takes a src/dst/protocol.
|
| 1.6 | 15-Oct-2000 |
itojun | have description on -v. sync with kame
|
| 1.5 | 03-Oct-2000 |
itojun | support rijndael-cbc.
|
| 1.4 | 20-Sep-2000 |
gmcgarry | Fix spelling.
|
| 1.3 | 04-Sep-2000 |
kleink | For commands and utilities, use EXIT STATUS rather than RETURN VALUES as
appropriate (and documented in mdoc(7)).
|
| 1.2 | 01-Jul-2000 |
itojun | mention resesrved SPI range, which is not usable from userland
|
| 1.1 | 13-Jun-2000 |
itojun | branches: 1.1.2; 1.1.4;
move setkey(8) from usr.sbin to sbin, to enable us to initialize
IPsec manual key before /usr mount..
(based on "don't use cvsmove" discussion i have seen, I did not use cvsmove)
|
| 1.1.4.2 | 22-Jun-2000 |
minoura | Sync w/ netbsd-1-5-base.
|
| 1.1.4.1 | 13-Jun-2000 |
minoura | file setkey.8 was added on branch minoura-xpg4dl on 2000-06-22 16:05:49 +0000
|
| 1.1.2.2 | 04-Oct-2000 |
itojun | pullup (approved by releng-1-5)
rijndael-cbc userland support.
usr.sbin/netstat/ipsec.c 1.2 -> 1.3
sbin/setkey/setkey.8 1.4 -> 1.5
sbin/setkey/setkey.c 1.1 -> 1.2
sbin/setkey/token.l 1.2 -> 1.3
lib/libipsec/pfkey_dump.c 1.8 -> 1.9
usr.sbin/tcpdump/ipsec_doi.h 1.2 -> 1.3
usr.sbin/tcpdump/isakmp.h 1.3 -> 1.4
usr.sbin/tcpdump/print-isakmp.h 1.5 -> 1.6
|
| 1.1.2.1 | 01-Jul-2000 |
itojun | pullup 1.1 -> 1.2: (approved by: releng-1-5)
mention resesrved SPI range, which is not usable from userland
|
| 1.14 | 19-Feb-2005 |
thorpej | Switch to ipsec-tools for libipsec, setkey, and racoon. From
Emmanuel Dreyfus, with some small changes by me.
|
| 1.13 | 17-Feb-2005 |
xtraeme | Kill __P(), use ANSI function declarations.
|
| 1.12 | 23-Jul-2004 |
yamt | ignore promiscuous messages by checking sadb_msg_pid.
ok'ed by itojun.
|
| 1.11 | 12-Sep-2003 |
itojun | support DUMP by sysctl
|
| 1.10 | 08-Sep-2003 |
itojun | make it possible to use /kern/ipsec{sp,sa} for dumping policy/SA. it will
workaround the issue with socket buffer size in PF_KEY SADB_DUMP.
|
| 1.9 | 08-Sep-2003 |
wiz | Add file ... mode to usage.
|
| 1.8 | 08-Sep-2003 |
itojun | make it possible to process files.
|
| 1.7 | 01-Jul-2003 |
itojun | more error traps on malloc failure. accept "-E null".
various pedantic checks. from kame
|
| 1.6 | 15-Apr-2003 |
itojun | use NI_MAX*. 10 is not enough for port number. sync w/kame
|
| 1.5 | 07-Sep-2001 |
itojun | upgrade to the latest KAME setkey(8). allows FQDN hostname in commands.
"add localhost localhost esp 9999 -E des-cbc hogehoge" adds two keys,
for 127.0.0.1 and ::1
|
| 1.4 | 07-May-2001 |
kleink | getopt(3): EOF -> -1.
|
| 1.3 | 20-Dec-2000 |
cgd | avoid use of ANSI C trigraph ??/
|
| 1.2 | 03-Oct-2000 |
itojun | support rijndael-cbc.
|
| 1.1 | 13-Jun-2000 |
itojun | branches: 1.1.2; 1.1.4;
move setkey(8) from usr.sbin to sbin, to enable us to initialize
IPsec manual key before /usr mount..
(based on "don't use cvsmove" discussion i have seen, I did not use cvsmove)
|
| 1.1.4.2 | 22-Jun-2000 |
minoura | Sync w/ netbsd-1-5-base.
|
| 1.1.4.1 | 13-Jun-2000 |
minoura | file setkey.c was added on branch minoura-xpg4dl on 2000-06-22 16:05:50 +0000
|
| 1.1.2.1 | 04-Oct-2000 |
itojun | pullup (approved by releng-1-5)
rijndael-cbc userland support.
usr.sbin/netstat/ipsec.c 1.2 -> 1.3
sbin/setkey/setkey.8 1.4 -> 1.5
sbin/setkey/setkey.c 1.1 -> 1.2
sbin/setkey/token.l 1.2 -> 1.3
lib/libipsec/pfkey_dump.c 1.8 -> 1.9
usr.sbin/tcpdump/ipsec_doi.h 1.2 -> 1.3
usr.sbin/tcpdump/isakmp.h 1.3 -> 1.4
usr.sbin/tcpdump/print-isakmp.h 1.5 -> 1.6
|
| 1.4 | 19-Feb-2005 |
thorpej | Switch to ipsec-tools for libipsec, setkey, and racoon. From
Emmanuel Dreyfus, with some small changes by me.
|
| 1.3 | 17-Feb-2005 |
xtraeme | Kill __P(), use ANSI function declarations.
|
| 1.2 | 05-Jan-2004 |
jmmv | Homogenize usage messages: make the 'usage' word all lowercase, as this seems
to be the most common practice in our tree.
|
| 1.1 | 13-Jun-2000 |
itojun | branches: 1.1.4;
move setkey(8) from usr.sbin to sbin, to enable us to initialize
IPsec manual key before /usr mount..
(based on "don't use cvsmove" discussion i have seen, I did not use cvsmove)
|
| 1.1.4.2 | 22-Jun-2000 |
minoura | Sync w/ netbsd-1-5-base.
|
| 1.1.4.1 | 13-Jun-2000 |
minoura | file test-pfkey.c was added on branch minoura-xpg4dl on 2000-06-22 16:05:51 +0000
|
| 1.3 | 19-Feb-2005 |
thorpej | Switch to ipsec-tools for libipsec, setkey, and racoon. From
Emmanuel Dreyfus, with some small changes by me.
|
| 1.2 | 17-Feb-2005 |
xtraeme | Kill __P(), use ANSI function declarations.
|
| 1.1 | 13-Jun-2000 |
itojun | branches: 1.1.4;
move setkey(8) from usr.sbin to sbin, to enable us to initialize
IPsec manual key before /usr mount..
(based on "don't use cvsmove" discussion i have seen, I did not use cvsmove)
|
| 1.1.4.2 | 22-Jun-2000 |
minoura | Sync w/ netbsd-1-5-base.
|
| 1.1.4.1 | 13-Jun-2000 |
minoura | file test-policy.c was added on branch minoura-xpg4dl on 2000-06-22 16:05:51 +0000
|
| 1.18 | 19-Feb-2005 |
thorpej | Switch to ipsec-tools for libipsec, setkey, and racoon. From
Emmanuel Dreyfus, with some small changes by me.
|
| 1.17 | 17-Feb-2005 |
xtraeme | Kill __P(), use ANSI function declarations.
|
| 1.16 | 25-Apr-2004 |
jonathan | Initial commit of a port of the FreeBSD implementation of RFC 2385
(MD5 signatures for TCP, as used with BGP). Credit for original
FreeBSD code goes to Bruce M. Simpson, with FreeBSD sponsorship
credited to sentex.net. Shortening of the setsockopt() name
attributed to Vincent Jardin.
This commit is a minimal, working version of the FreeBSD code, as
MFC'ed to FreeBSD-4. It has received minimal testing with a ttcp
modified to set the TCP-MD5 option; BMS's additions to tcpdump-current
(tcpdump -M) confirm that the MD5 signatures are correct. Committed
as-is for further testing between a NetBSD BGP speaker (e.g., quagga)
and industry-standard BGP speakers (e.g., Cisco, Juniper).
NOTE: This version has two potential flaws. First, I do see any code
that verifies recieved TCP-MD5 signatures. Second, the TCP-MD5
options are internally padded and assumed to be 32-bit aligned. A more
space-efficient scheme is to pack all TCP options densely (and
possibly unaligned) into the TCP header ; then do one final padding to
a 4-byte boundary. Pre-existing comments note that accounting for
TCP-option space when we add SACK is yet to be done. For now, I'm
punting on that; we can solve it properly, in a way that will handle
SACK blocks, as a separate exercise.
In case a pullup to NetBSD-2 is requested, this adds sys/netipsec/xform_tcp.c
,and modifies:
sys/net/pfkeyv2.h,v 1.15
sys/netinet/files.netinet,v 1.5
sys/netinet/ip.h,v 1.25
sys/netinet/tcp.h,v 1.15
sys/netinet/tcp_input.c,v 1.200
sys/netinet/tcp_output.c,v 1.109
sys/netinet/tcp_subr.c,v 1.165
sys/netinet/tcp_usrreq.c,v 1.89
sys/netinet/tcp_var.h,v 1.109
sys/netipsec/files.netipsec,v 1.3
sys/netipsec/ipsec.c,v 1.11
sys/netipsec/ipsec.h,v 1.7
sys/netipsec/key.c,v 1.11
share/man/man4/tcp.4,v 1.16
lib/libipsec/pfkey.c,v 1.20
lib/libipsec/pfkey_dump.c,v 1.17
lib/libipsec/policy_token.l,v 1.8
sbin/setkey/parse.y,v 1.14
sbin/setkey/setkey.8,v 1.27
sbin/setkey/token.l,v 1.15
Note that the preceding two revisions to tcp.4 will be
required to cleanly apply this diff.
|
| 1.15 | 21-Oct-2003 |
fvdl | Don't assign NULL to a char.
|
| 1.14 | 12-Sep-2003 |
itojun | support DUMP by sysctl
|
| 1.13 | 07-Sep-2003 |
itojun | committed by mistake
|
| 1.12 | 07-Sep-2003 |
itojun | warn that port-number does not work for gateway config. PR kern/22715
add reference. bump date.
|
| 1.11 | 25-Jul-2003 |
itojun | support new algorithms
|
| 1.10 | 22-Jul-2003 |
itojun | cleanup
|
| 1.9 | 01-Jul-2003 |
itojun | more error traps on malloc failure. accept "-E null".
various pedantic checks. from kame
|
| 1.8 | 22-May-2003 |
itojun | permit scoped addr notation in policy string (-P esp/tunnel/foo%scope-bar%scope/use). from francis dupont. sync w/kame
|
| 1.7 | 14-May-2002 |
itojun | sync with latest kame setkey(8), modulo icmp6 hack.
pfkey.c is now more picky about buffer length validation.
spddump (setkey -DP) will print lifetime information.
|
| 1.6 | 07-Sep-2001 |
itojun | upgrade to the latest KAME setkey(8). allows FQDN hostname in commands.
"add localhost localhost esp 9999 -E des-cbc hogehoge" adds two keys,
for 127.0.0.1 and ::1
|
| 1.5 | 16-Feb-2001 |
thorpej | Add a "deleteall" command that takes a src/dst/protocol.
|
| 1.4 | 29-Oct-2000 |
itojun | use YHEADER, not YFLAGS+=-d. from kre
|
| 1.3 | 03-Oct-2000 |
itojun | support rijndael-cbc.
|
| 1.2 | 18-Jul-2000 |
itojun | sync with recent net/pfkeyv2.h change (sorry forgot to commit). from kame
|
| 1.1 | 13-Jun-2000 |
itojun | branches: 1.1.2; 1.1.4;
move setkey(8) from usr.sbin to sbin, to enable us to initialize
IPsec manual key before /usr mount..
(based on "don't use cvsmove" discussion i have seen, I did not use cvsmove)
|
| 1.1.4.2 | 22-Jun-2000 |
minoura | Sync w/ netbsd-1-5-base.
|
| 1.1.4.1 | 13-Jun-2000 |
minoura | file token.l was added on branch minoura-xpg4dl on 2000-06-22 16:05:52 +0000
|
| 1.1.2.2 | 04-Oct-2000 |
itojun | pullup (approved by releng-1-5)
rijndael-cbc userland support.
usr.sbin/netstat/ipsec.c 1.2 -> 1.3
sbin/setkey/setkey.8 1.4 -> 1.5
sbin/setkey/setkey.c 1.1 -> 1.2
sbin/setkey/token.l 1.2 -> 1.3
lib/libipsec/pfkey_dump.c 1.8 -> 1.9
usr.sbin/tcpdump/ipsec_doi.h 1.2 -> 1.3
usr.sbin/tcpdump/isakmp.h 1.3 -> 1.4
usr.sbin/tcpdump/print-isakmp.h 1.5 -> 1.6
|
| 1.1.2.1 | 25-Jul-2000 |
itojun | pullup 1.1 -> 1.2 (approved by releng-1-5)
sync with recent net/pfkeyv2.h change (sorry forgot to commit). from kame
|
| 1.2 | 19-Feb-2005 |
thorpej | Switch to ipsec-tools for libipsec, setkey, and racoon. From
Emmanuel Dreyfus, with some small changes by me.
|
| 1.1 | 13-Jun-2000 |
itojun | branches: 1.1.4;
move setkey(8) from usr.sbin to sbin, to enable us to initialize
IPsec manual key before /usr mount..
(based on "don't use cvsmove" discussion i have seen, I did not use cvsmove)
|
| 1.1.4.2 | 22-Jun-2000 |
minoura | Sync w/ netbsd-1-5-base.
|
| 1.1.4.1 | 13-Jun-2000 |
minoura | file vchar.h was added on branch minoura-xpg4dl on 2000-06-22 16:05:52 +0000
|
