8988 SADB_ACQUIRE proposals don't include mechanism salt length
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Tim Kordas <tim.kordas@joyent.com>
Reviewed by: Richard Lowe <ri

8988 SADB_ACQUIRE proposals don't include mechanism salt length
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Tim Kordas <tim.kordas@joyent.com>
Reviewed by: Richard Lowe <richlowe@richlowe.net>
Approved by: Gordon Ross <gordon.ross@nexenta.com>

show more ...

8989 Allow IKEV2 pf_key(7P) key management cookies to be updated after set
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Richard Lowe <richlowe@richlowe.net>
Approved by: Gor

8989 Allow IKEV2 pf_key(7P) key management cookies to be updated after set
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Richard Lowe <richlowe@richlowe.net>
Approved by: Gordon Ross <gordon.ross@nexenta.com>

show more ...

8927 sadb_x_kmc_t's KM cookie should be 64-bits
Reviewed by: Jason King <jason.king@joyent.com>
Reviewed by: Robert Mustacchi <rm@joyent.com>
Reviewed by: Yuri Pankov <yuripv@gmx.com>

8927 sadb_x_kmc_t's KM cookie should be 64-bits
Reviewed by: Jason King <jason.king@joyent.com>
Reviewed by: Robert Mustacchi <rm@joyent.com>
Reviewed by: Yuri Pankov <yuripv@gmx.com>
Approved by: Richard Lowe <richlowe@richlowe.net>

show more ...

PSARC/2008/252 Labeled IPsec phase 1
6886771 Labeled IPsec phase 1
6808727 Alignment error panic in tsol_can_accept_raw()
6894979 nightly -0 + -p builds then destroys SUNW0on

PSARC 2009/513 Changes to IPsec ESP to support Combined mode ciphers
6704686 IPsec/ESP needs to support Combined mode ciphers
6704682 IPsec/ESP should use AES-CCM
6884664 IPsec/ESP should

PSARC 2009/513 Changes to IPsec ESP to support Combined mode ciphers
6704686 IPsec/ESP needs to support Combined mode ciphers
6704682 IPsec/ESP should use AES-CCM
6884664 IPsec/ESP should support AES-GCM Mode
6840342 ipsecalgs out of memory error
6764184 tab instead of space in sadb.h

show more ...

6848192 get_ipsa_pair() does not always follow bucket lock entry rules, could potentially deadlock.
6846548 PF_KEY diagnostics need to be more specific
6853208 ipsecalgs(1m) does not cope whe

6848192 get_ipsa_pair() does not always follow bucket lock entry rules, could potentially deadlock.
6846548 PF_KEY diagnostics need to be more specific
6853208 ipsecalgs(1m) does not cope when there are no algorithms registered.
6856693 sadb_update_sa() checks for duplicate SADB_UPDATE messages in the wrong place.
6846547 Faulty PF_KEY replies should not cause in.iked to halt

show more ...

PSARC 2008/523 IPsec session failover
6398024 IPsec should support session failover across machines
6545486 PF_KEY needs to set an SA's sequence number

6719641 RFC 3947 section 7 (port-reassignment) on paired-ESP and IKE SAs on the non-NAT side.

PSARC/2008/232 Paired IPsec Security Associations
6584918 in.iked will exit if you try and add a duplicate rule with ikeadm
6595953 Remove SCCS keywords from ipsec{ah,esp}, keysock, and spdso

PSARC/2008/232 Paired IPsec Security Associations
6584918 in.iked will exit if you try and add a duplicate rule with ikeadm
6595953 Remove SCCS keywords from ipsec{ah,esp}, keysock, and spdsock
6628201 Inbound and Outbound IPsec SA's should be treated as a pair.
6643439 check_rule() in in.iked does not sanity check kilobyte based lifetime values
6668752 ikeadm(1m) get defaults displays wrong value for p2_softlife_kb
6669211 Need a way to disable Soft Expires when using in.iked(1m)
6670612 sadb_address_proto and sadb_address_prefixlen need to be initialized in NAT_T extensions.
6674203 Ordering of src/dst address extensions in pf_key messages is inconsistent.
6676436 ipseckey(1m) error messages could be less cryptic
6683004 Updating hard_usetime on an IPsec SA will cause it to evaporate.
6703265 in.iked can dump core if avl_nearest() returns NULL

show more ...

PSARC 2008/014 SHA-2 support for IPsec and IKE
6586319 Need to enable SHA-256,384,512 support in AH, ESP, and IKE
6663271 sha2_mac_verify_atomic() function is missing SHA384 exceptions

PSARC 2005/516 IPsec Tunnel Reform
4882852 tunnels vs. inverse acquire.
4970365 Support of ESP tunnel mode within Solaris
5027528 in.iked should be more intelligent about tunnel addresses

PSARC 2005/516 IPsec Tunnel Reform
4882852 tunnels vs. inverse acquire.
4970365 Support of ESP tunnel mode within Solaris
5027528 in.iked should be more intelligent about tunnel addresses
6180161 need to support multiple tunnels to a single nat
6208976 ipsecconf error messages make me think there are monsters under the bed
6313012 Clean up from removal of ipsec_inbound_debug_tag()
6351840 assertion failed: (ipha->ipha_protocol != 6) && (ipha->ipha_protocol != 17), ip.c, line: 15351
6359831 multicast tunnels don't get their IPsec policy checked.
6369094 ipseckey shouldn't accept/save-out encryption algorithm even it's none/any
6374560 ipseckey debug functions should be moved to libipsecutil
6374596 dump utilities need to be able to understand inner tunnel addresses and netmasks
6402781 Five dead declarations in IPsec code
6405338 spdsock leaks policy head references
6437366 NAT-OA payloads not processed early enough.
6465594 ipsec_policy_delete() uses wrong ipsec_selkey_t structure.
6467596 spdsock_ext_to_actvec() needs to reset "act" upon every SPD_ATTR_NEXT.
6470725 PF_POLICY shouldn't accept '0' for an algorithm value.
6475903 Outbound DROP rules are not enforced
6480815 INVERSE_ACQUIRE failures leak in in.iked
6482403 Race in in.iked, early door call vs. rest of initialization code
6482653 Don't accept UDP-encapsulated ESP on non-NAT SAs.
6487857 Post-ACQUIRE, AH+ESP packets misinitalized ipha/ip6

show more ...

OpenSolaris Launch