#
256281 |
|
10-Oct-2013 |
gjb |
Copy head (r256279) to stable/10 as part of the 10.0-RELEASE cycle.
Approved by: re (implicit) Sponsored by: The FreeBSD Foundation |
#
175248 |
|
12-Jan-2008 |
maxim |
o Allow setkey(8) to recognize esp as a protocoal name for spdadd.
PR: bin/107392 Submitted by: Eugene Grosbein MFC after: 1 month
|
#
173412 |
|
07-Nov-2007 |
kevlo |
Cleanup of userland __P use
|
#
171135 |
|
01-Jul-2007 |
gnn |
Commit IPv6 support for FAST_IPSEC to the tree. This commit includes all remaining changes for the time being including user space updates.
Submitted by: bz Approved by: re
|
#
151293 |
|
13-Oct-2005 |
ume |
fixed a crush when either -lh or -ls option is used.
Obtained from: KAME
|
#
129183 |
|
13-May-2004 |
ume |
check if the null encryption is supported or not.
Requested by: bms Obtained from: KAME
|
#
127684 |
|
31-Mar-2004 |
bms |
Fix regression in setkey whereby parser would fail to recognise tcp as both a security protocol and an upper level protocol for encapsulation.
PR: bin/63616 Submitted by: ume@
|
#
125681 |
|
11-Feb-2004 |
bms |
Initial import of RFC 2385 (TCP-MD5) digest support.
This is the second of two commits; bring in the userland support to finish.
Teach libipsec and setkey about the tcp-md5 class of security associations, thus allowing administrators to add per-host keys to the SADB for use by the tcpsignature_compute() function.
Document that a single SPI must be used until such time as the code which adds support to the SPD to specify flows for tcp-md5 treatment is suitable for production.
Sponsored by: sentex.net
|
#
122108 |
|
05-Nov-2003 |
ume |
- do hexdump on send. set length field properly - check for encryption/authentication key together with algorithm. - warned if a deprecated encryption algorithm (that includes "simple") is specified. - changed the syntax how to define a policy of a ICMPv6 type and/or a code, like spdadd ::/0 ::/0 icmp6 134,0 -P out none; - random cleanup in parser. - use yyfatal, or return -1 after yyerror. - deal with strdup() failure. - permit scope notation in policy string (-P esp/tunnel/foo%scope-bar%scope/use) - simplify /prefix and [port]. - g/c some unused symbols.
Obtained from: KAME
|
#
78064 |
|
11-Jun-2001 |
ume |
Sync with recent KAME. This work was based on kame-20010528-freebsd43-snap.tgz and some critical problem after the snap was out were fixed. There are many many changes since last KAME merge.
TODO: - The definitions of SADB_* in sys/net/pfkeyv2.h are still different from RFC2407/IANA assignment because of binary compatibility issue. It should be fixed under 5-CURRENT. - ip6po_m member of struct ip6_pktopts is no longer used. But, it is still there because of binary compatibility issue. It should be removed under 5-CURRENT.
Reviewed by: itojun Obtained from: KAME MFC after: 3 weeks
|
#
62583 |
|
04-Jul-2000 |
itojun |
synchronize with latest kame tree.
behavior change: policy syntax was changed. you may need to update your setkey(8) configuration files.
|
#
55505 |
|
06-Jan-2000 |
shin |
libipsec and IPsec related apps. (and some KAME related man pages)
Reviewed by: freebsd-arch, cvs-committers Obtained from: KAME project
|