Skip to content


Subversion checkout URL

You can clone with
Download ZIP
Commits on Oct 6, 2000
  1. bsdi uses u_int for srandom

    itojun committed
  2. SIOCSPHY* change

    itojun committed
  3. revise SIOCSIFPHY* handling. everything is done in net/if.c, via

    itojun committed
    ifp->if_ioctl.  no handling in in{6,}_control.
  4. Initial revision

    itojun committed
Commits on Oct 5, 2000
  1. remove a white space diff we do not need

    itojun committed
  2. repair merge error

    itojun committed
  3. make error message more friendly

    itojun committed
  4. racoon assumes /dev/urandom

    itojun committed
  5. as RAND_bytes() hide too much things from the caller, use /dev/urandom

    itojun committed
    directly.  now racoon requires /dev/urandom.
  6. add local random() function, which grabs random number from random nu…

    itojun committed
    device (hopefully).
  7. move esp_stir_iv into key_sa_stir_iv

    itojun committed
  8. improve comment and warning message

    itojun committed
  9. memcpy -> bcopy

    itojun committed
  10. * sys/netkey/key.c: get rid of all uses of random() in IPsec code,

    itojun committed
      where possible (netbsd/freebsd4).  for other operating systems, we
      have no good random number source like rnd(4), and random() will
      be used.  you will see one-line warning when you start using IPsec.
  11. get rid of the use of random() in IPsec procesing.

    itojun committed
    XXX need compilation checking for freebsd4
Commits on Oct 4, 2000
  1. * *bsd*/sys/net/if.c: make sure we have root privilege on SIOCSPHY*

    itojun committed
      operation.  from:
  2. * sys/netkey/key.c: supply two sysctl variables,

    itojun committed
      net.key.{esp,ah}_keymin, that control how ACQUIRE messages are
      formed.  algorithms/key length smaller than the configured value
      will be filtered out.
  3. provide new sysctls. they will control how proposal/combination payload

    itojun committed
    is attached onto SADB_ACQUIRE messages.
    net.key.esp_keymin = 256
    net.key.ah_keymin = 128
    XXX ipsec_esp_auth is not opened to userland, as we may have to think again
    about it.  maybe we should look at SPD entry and figure out whether to have
    ESP auth or not.  i'm not sure.
  4. wget merged as ftp/wget (pretty old?)

    sumikawa committed
  5. add new ciphers

    itojun committed
  6. pedant. now compiles with -Wall -Wstrict-prototypes -Wmissing-prototypes

    itojun committed
    -Wpointer-arith -Wno-uninitialized -Werror
  7. bsdi4 ipsec6 stat support

    jinmei committed
    (sorry, I forgot to commit this)
Commits on Oct 3, 2000
  1. pedant

    itojun committed
  2. repair pfkey.c buffer overrun possibilities

    itojun committed
  3. * sys/net/pfkeyv2.h, racoon: move AES (rijndael) protocol # to the

    itojun committed
      official one.  note that you now lost interoperability between old
      racoon and new racoon, when you negotiate rijndael.
      also note that AES final document is yet to become FIPS standard,
      so there's some uncertainity window, for like 3 months.
  4. add official rijndael (AES) numbers.

    itojun committed
Something went wrong with that request. Please try again.