Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Commits on Jan 9, 2000
  1. If there was no phase 2 negotiation under phase 1, phase 1 will be ne…

    sakane authored
    …gotiated
    
    only one time.  But the next time is deleted.
  2. the commit bit on Phase 1 is forbidden.

    sakane authored
    respond notify message with INVALID-FLAGS.
  3. added base mode. (not tested)

    sakane authored
    delete isakmp_kn2isa().
    alternatively added isakmp_p2ph() to copy payload buffer without isakmp_gen header.
  4. s/-DSSLVERNUM/-DSSLVER/

    itojun authored
  5. add 'question' file.

    sakane authored
  6. move 'HOW DO I DO' to doc/question.

    sakane authored
  7. removed a file.

    sakane authored
  8. don't include tcpip.h (not necessary)

    itojun authored
  9. improve libipsec lookup.

    itojun authored
  10. don't include netinet6/in6.h (not necessary

    itojun authored
  11. sync with FreeBSD-current.

    sumikawa authored
  12. forgot to add, sorry.

    sumikawa authored
  13. sync with FreeBSD-current.

    sumikawa authored
  14. sync with latest racoon directory.

    itojun authored
    XXX racoon/racoon not tested, other directories tested with freebsd2
  15. sync again

    itojun authored
  16. remove duplicated signing.o

    itojun authored
  17. adapt to new racoon directory.

    itojun authored
  18. massive clarification to racoon ISAKMP daemon.

    itojun authored
    - Merged Eric Lemiere's code for limited certificate support.
    - There are two management hander.
    	"Phase 1 handler" is to manage ISAKMP SA.  It is created when
    	phase 1 exchange on both initiator and responder side will be
    	started.
    	"Phase 2 handler" is to manage IPsec SAs.  It is created when
    	pfkey acquire message will be received, and when 1st message
    	in phase 2 will be received on responder side.
    - Vendor id will be sent after negotiating hasn algorithm.
      When we receive vendor id before negotiating it, we use default hash
      algorithm MD5 to check.
    - Post command deleted.
    - msgid_t delted.
    - don't release management handler.  do it only if retry will be
      timed up.
    - separate the function of isakmp exchange.  one is to check received
      data.  other is to reply.  the reason is for handling to resend.
    - change name "dir" to "side" in order to distinguish from policy
      direction.
    - If initiator request PFS, but responder is not ready to do that,
      responder stops the negotiation.  If initiator don't request PFS,
      but responder require it, also responder stops the negotiation.
  19. missing from merger

    itojun authored
  20. - Merged Eric Lemiere's code for limited certificate support.

    itojun authored
    - There are two management hander.
    	"Phase 1 handler" is to manage ISAKMP SA.  It is created when phase 1
    	exchange on both initiator and responder side will be started.
    	"Phase 2 handler" is to manage IPsec SAs.  It is created when pfkey
    	acquire message will be received, and when 1st message in phase 2 will
    	be received on responder side.
    - Vendor id will be sent after negotiating hasn algorithm.
      When we receive vendor id before negotiating it, we use default hash algorithm
      MD5 to check.
    - Post command deleted.
    - msgid_t delted.
    - don't release management handler.  do it only if retry will be timed up.
    - separate the function of isakmp exchange.  one is to check received data.
      other is to reply.  the reason is for handling to resend.
    - change name "dir" to "side" in order to distinguish from policy direction.
    - If initiator request PFS, but responder is not ready to do that,
      responder stops the negotiation.  If initiator don't request PFS,
      but responder require it, also responder stops the negotiation.
    
    From: sakane (with minor clarifications)
    
    XXX
    - unnecessary files should be nuked.  are isakmp_base.[ch] necessary?
    - TODO.jp needs to be incorporated into TODO (not imported).
  21. rename crypto.[ch] into crypto_openssl.[ch]

    itojun authored
  22. mv to racoon/doc/*

    itojun authored
Commits on Jan 8, 2000
  1. * freebsd3/usr.sbin/inetd: support IDENT.

    sumikawa authored
  2. Sync with FreeBSD-current.

    sumikawa authored
  3. support IDENT.

    sumikawa authored
    From: Hajimu UMEMOTO <ume@mahoroba.org>
  4. * freebsd3/ports/heimdal: upgrade to 0.2l.

    sumikawa authored
  5. Upgrade to 0.2l.

    sumikawa authored
  6. * kame/sys/netkey/key.c:

    sakane authored
      - fix kenrel crash when flushing SAD.
      - for stability, increment refcnt of SA when key_getsavbyspi() called.
      - add some error message
  7. - fix kenrel crash when flushing SAD. don't delete SA when refcnt > 1.

    sakane authored
    - for stability, increment refcnt of SA when key_getsavbyspi() called.
    - add some error message
    - fix errno at key_update().
  8. make it look like openbsd port directory.

    itojun authored
    mark it broken (this does not probe libinet6 correctly - fix committed
    to zebra repository)
  9. more use of arc4random() (instead of random()) for openbsd.

    itojun authored
    remove prototype for icmp6_ctloutput() when in case NRL inpcb is used.
    
    in sync with openbsd-current.
  10. use getaddrinfo(3) for final destination.

    itojun authored
    don't freehostent(hp) on gethostby*, they do not dynamically
    allocate the result.  only getipnodeby* allocates them dynamically.
    
    TODO: getaddrinfo(3) and getnameinfo(3) for other occasions
Commits on Jan 7, 2000
  1. * kame/sys/netinet/{frag6,ip6_input,nd6_nbr}.c:

    itojun authored
      use arc4random() on openbsd.  it should give better random value
      for initializing sequence numbers.
      From: deraadt@openbsd.org
Something went wrong with that request. Please try again.