| bfe6f8f5 | 18-Mar-2009 |
Vladimir Kotal |
6520458 ikeadm should have command line history capabilities
4313953 ipseckey(1m) needs line editing support.
6814629 ipseckey should employ strict checking for {dump,flush} commands |
| 3afe87eb | 24-Jan-2009 |
Roger A. Faulkner |
6796837 restore parallel build of usr/src/cmd |
| c7777ac8 | 21-Jan-2009 |
Paul Wernau |
PSARC 2008/525 ikeadm token login
6219638 in.iked(1m) should not have to read PKCS#11 pins off-disk
6780866 ikeadm should use authorizations |
| a14de6c8 | 21-Nov-2008 |
Dan McDonald |
6762791 race condition found in ipsecah during ipsec-persock test
6767912 DPD needs to be less aggressive.
6768512 ikeadm(1m) doesn't print in-progress DPD |
| 9c2c14ab | 29-Sep-2008 |
Thejaswini Singarajipura |
PSARC 2008/523 IPsec session failover
6398024 IPsec should support session failover across machines
6545486 PF_KEY needs to set an SA's sequence number |
| 4b56a003 | 27-Aug-2008 |
Daniel Anderson |
5007142 Add ntohll and htonll to sys/byteorder.h
6717509 Need to use bswap/bswapq for byte swap of 64-bit integer on x32/x64
PSARC 2008/474 Add 64-bit htonll() and ntohll() byte order convers
5007142 Add ntohll and htonll to sys/byteorder.h
6717509 Need to use bswap/bswapq for byte swap of 64-bit integer on x32/x64
PSARC 2008/474 Add 64-bit htonll() and ntohll() byte order conversion functions
show more ...
|
| a13e0a0c | 23-Jul-2008 |
pwernau |
6728988 ipsecconf -l doesn't deal with unresolvable hosts when local hostname is fully qualified |
| 38d95a78 | 20-May-2008 |
markfen |
PSARC/2008/232 Paired IPsec Security Associations
6584918 in.iked will exit if you try and add a duplicate rule with ikeadm
6595953 Remove SCCS keywords from ipsec{ah,esp}, keysock, and spdso
PSARC/2008/232 Paired IPsec Security Associations
6584918 in.iked will exit if you try and add a duplicate rule with ikeadm
6595953 Remove SCCS keywords from ipsec{ah,esp}, keysock, and spdsock
6628201 Inbound and Outbound IPsec SA's should be treated as a pair.
6643439 check_rule() in in.iked does not sanity check kilobyte based lifetime values
6668752 ikeadm(1m) get defaults displays wrong value for p2_softlife_kb
6669211 Need a way to disable Soft Expires when using in.iked(1m)
6670612 sadb_address_proto and sadb_address_prefixlen need to be initialized in NAT_T extensions.
6674203 Ordering of src/dst address extensions in pf_key messages is inconsistent.
6676436 ipseckey(1m) error messages could be less cryptic
6683004 Updating hard_usetime on an IPsec SA will cause it to evaporate.
6703265 in.iked can dump core if avl_nearest() returns NULL
show more ...
|
| 349233ac | 18-Mar-2008 |
pwernau |
6671705 ikeadm dump p1 shows bogus values for keylength
6673306 ikeadm does not print phase 1 oakley group used in negotiation
6673443 ikeadm shows PRF as unknown when it should be unavailable |
| 0358d3a6 | 01-Mar-2008 |
danmcd |
PSARC 2008/014 SHA-2 support for IPsec and IKE
6586319 Need to enable SHA-256,384,512 support in AH, ESP, and IKE
6663271 sha2_mac_verify_atomic() function is missing SHA384 exceptions |
| a12f8217 | 29-Feb-2008 |
pwernau |
6658263 ipseckey and ikeadm don't print ASN.1 ID values |
| a050d7e9 | 08-Feb-2008 |
pwernau |
6659486 ipseckey dumps core with encryption key and no other parameters |
| 3abcb969 | 19-Nov-2007 |
pwernau |
6629735 file descriptor leak causes ipsecconf to core dump with many rules
6629812 ipsecconf can core dump when it can't open its internal policy file |
| 23c73ecc | 24-Oct-2007 |
pwernau |
5053475 certlib_load() error messages need improving.
6614180 file permissions on public keys and CRLs should be more open
6614741 keying material with insecure permissions should not be trus
5053475 certlib_load() error messages need improving.
6614180 file permissions on public keys and CRLs should be more open
6614741 keying material with insecure permissions should not be trusted
show more ...
|
| 1a6921e0 | 10-Oct-2007 |
markfen |
6516622 ACQUIRE-specified lifetimes are now ignored by in.iked
6609988 superfluous debugging in isakmp_udp.c
6612767 Logfile time stamp for in.iked a bit OTT
6612771 Some in.iked messages
6516622 ACQUIRE-specified lifetimes are now ignored by in.iked
6609988 superfluous debugging in isakmp_udp.c
6612767 Logfile time stamp for in.iked a bit OTT
6612771 Some in.iked messages contain information thats no longer useful
show more ...
|
| 72c8fd38 | 02-Oct-2007 |
markfen |
6610537 ipseckey error output can get mangled on x86
6610538 ipseckey can core dump with truncated input |
| d5751483 | 23-Sep-2007 |
markfen |
6601982 ipsecconf(1m) may ignore errors in configuration file |
| 437220cd | 04-Sep-2007 |
danmcd |
PSARC 2007/449 Detangle IPsec NAT Traversal
6481450 nattymod calls putnext() on a freed queue.
6558864 remove nattymod
6558870 Implement SA last-used time and idle actions
6582318 "ma
PSARC 2007/449 Detangle IPsec NAT Traversal
6481450 nattymod calls putnext() on a freed queue.
6558864 remove nattymod
6558870 Implement SA last-used time and idle actions
6582318 "mandatory" is spelled wrong in pfiles
6584011 save_assoc() gets confused w.r.t. "proto".
6588015 Missing "encap udp" must be better diagnosed by ipseckey(1M).
6595368 Need "ipsec-nat-t" in /etc/services
6595877 ipseckey(1M) can produce output it can't read back in (line-too-big)
--HG--
rename : usr/src/uts/common/inet/ip/nattymod.c => deleted_files/usr/src/uts/common/inet/ip/nattymod.c
rename : usr/src/uts/intel/nattymod/Makefile => deleted_files/usr/src/uts/intel/nattymod/Makefile
rename : usr/src/uts/sparc/nattymod/Makefile => deleted_files/usr/src/uts/sparc/nattymod/Makefile
show more ...
|
| bb3ed8df | 15-Aug-2007 |
pwernau |
6585305 in.iked in debug mode needs to show phase 2 alg proposals and PF_KEY message contents |
| 020bf065 | 25-Jul-2007 |
markfen |
PSARC/2007/409 RFC 3526 Diffie-Hellman groups for IKE
4886779 RFC 3526 Diffie-Hellman groups for IKE |
| ec485834 | 29-Jun-2007 |
pwernau |
6477017 ipseckey could should not reject a hex string that starts '0x'
6499919 ipseckey should throw out encryption keys for "null" algorithm |
| eec550ad | 14-Jun-2007 |
pwernau |
6568747 ipsecconf has assert failure with port ranges
6569360 ipsecconf tries to put lipstick on a pig |
| 25e435e0 | 29-May-2007 |
pwernau |
6561665 ipseckey -f does not understand "flush" keyword anymore |
| e3320f40 | 15-May-2007 |
markfen |
PSARC 2007/200 - Dedicated SMF services for IPsec/IKE
6185380 IPsec should be a separate (set) of smf(5) services
6440610 missing preshared remoteid line causes in.iked core dump on reading c
PSARC 2007/200 - Dedicated SMF services for IPsec/IKE
6185380 IPsec should be a separate (set) of smf(5) services
6440610 missing preshared remoteid line causes in.iked core dump on reading config
6462741 ipsecconf should have an option to check config file syntax
6467954 ipseckey exit code on failure inconsistent
6468456 ipsecconf uses strcpy()
6479903 in.iked with SMF should use _enter_daemon_lock()
6488927 ipseckey(1M) could do a better job of dealing with multiple errors
6497802 in.iked should use smf(5) properties instead of /etc/default/ipsec
6519836 ipseckey, ipsecconf require uid == 0, but configured to use profile
6529086 ipsec utilities can't deal with large files
6538478 Timestamp in in.iked debug output does not understand daylight savings time
6542255 in.iked can dump core when forced to load a new ike.preshared file with ikeadm.
6543263 ikeadm uses strcpy()
6543267 ipseckey uses strcpy()
6544087 memory leak with preshared key reloading
--HG--
rename : usr/src/cmd/cmd-inet/usr.sbin/ikeadm.c => usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ikeadm.c
rename : usr/src/cmd/cmd-inet/usr.sbin/ikecert.sh => usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ikecert.sh
rename : usr/src/cmd/cmd-inet/usr.sbin/ipsecalgs.c => usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ipsecalgs.c
rename : usr/src/cmd/cmd-inet/usr.sbin/ipsecconf.c => usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ipsecconf.c
rename : usr/src/cmd/cmd-inet/usr.sbin/ipseckey.c => usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ipseckey.c
show more ...
|