| #
c2cbc6b8 |
| 13-Aug-2024 |
Andy Fiddaman <illumos@fiddaman.net> |
16705 Want lifetime extensions for TCP_MD5SIG SAs
Reviewed by: Robert Mustacchi <rm+illumos@fingolfin.org>
Reviewed by: Rich Lowe <richlowe@richlowe.net>
Approved by: Dan McDonald <danmcd@mnx.io>
|
| #
1edba515 |
| 12-Apr-2024 |
Andy Fiddaman <illumos@fiddaman.net> |
16455 want TCP_MD5SIG socket option
Reviewed by: Robert Mustacchi <rm+illumos@fingolfin.org>
Reviewed by: Dan McDonald <danmcd@mnx.io>
Approved by: Gordon Ross <gordon.w.ross@gmail.com>
|
| #
bbf21555 |
| 26-Feb-2022 |
Richard Lowe <richlowe@richlowe.net> |
14443 resection manual pages per IPD4
Reviewed by: Toomas Soome <tsoome@me.com>
Reviewed by: Robert Mustacchi <rm@fingolfin.org>
Reviewed by: Peter Tribble <peter.tribble@gmail.com>
Reviewed by: Andy
14443 resection manual pages per IPD4
Reviewed by: Toomas Soome <tsoome@me.com>
Reviewed by: Robert Mustacchi <rm@fingolfin.org>
Reviewed by: Peter Tribble <peter.tribble@gmail.com>
Reviewed by: Andy Fiddaman <andy@omnios.org>
Approved by: Dan McDonald <danmcd@joyent.com>
show more ...
|
| #
bdc560ab |
| 27-Feb-2018 |
Jason King <jason.king@joyent.com> |
5159 ipsec_libssl_setup.c loads libcrypto
Reviewed by: Andy Fiddaman <andy@omniosce.org>
Reviewed by: Igor Kozhukhov <igor@dilos.org>
Reviewed by: Toomas Soome <tsoome@me.com>
Approved by: Dan McDona
5159 ipsec_libssl_setup.c loads libcrypto
Reviewed by: Andy Fiddaman <andy@omniosce.org>
Reviewed by: Igor Kozhukhov <igor@dilos.org>
Reviewed by: Toomas Soome <tsoome@me.com>
Approved by: Dan McDonald <danmcd@joyent.com>
show more ...
|
| #
351128ad |
| 11-Jan-2018 |
Jason King <jason.king@joyent.com> |
8988 SADB_ACQUIRE proposals don't include mechanism salt length
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Tim Kordas <tim.kordas@joyent.com>
Reviewed by: Richard Lowe <richlowe@richl
8988 SADB_ACQUIRE proposals don't include mechanism salt length
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Tim Kordas <tim.kordas@joyent.com>
Reviewed by: Richard Lowe <richlowe@richlowe.net>
Approved by: Gordon Ross <gordon.ross@nexenta.com>
show more ...
|
| #
4c5582ef |
| 01-Dec-2017 |
Jason King <jason.king@joyent.com> |
8989 Allow IKEV2 pf_key(7P) key management cookies to be updated after set
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Richard Lowe <richlowe@richlowe.net>
Approved by: Gordon Ross <go
8989 Allow IKEV2 pf_key(7P) key management cookies to be updated after set
Reviewed by: Dan McDonald <danmcd@joyent.com>
Reviewed by: Richard Lowe <richlowe@richlowe.net>
Approved by: Gordon Ross <gordon.ross@nexenta.com>
show more ...
|
| #
cbc1abb4 |
| 10-Jan-2018 |
Dan McDonald <danmcd@joyent.com> |
8927 sadb_x_kmc_t's KM cookie should be 64-bits (fix improper upstream)
|
| #
f4a6f97e |
| 12-Sep-2017 |
Dan McDonald <danmcd@joyent.com> |
8927 sadb_x_kmc_t's KM cookie should be 64-bits
Reviewed by: Jason King <jason.king@joyent.com>
Reviewed by: Robert Mustacchi <rm@joyent.com>
Reviewed by: Yuri Pankov <yuripv@gmx.com>
Approved by: Ri
8927 sadb_x_kmc_t's KM cookie should be 64-bits
Reviewed by: Jason King <jason.king@joyent.com>
Reviewed by: Robert Mustacchi <rm@joyent.com>
Reviewed by: Yuri Pankov <yuripv@gmx.com>
Approved by: Richard Lowe <richlowe@richlowe.net>
show more ...
|
| #
80ad54c9 |
| 15-Feb-2017 |
Toomas Soome <tsoome@me.com> |
8456 libipsecutil: variable might be clobbered by longjmp
Reviewed by: Gary Mills <gary_mills@fastmail.fm>
Reviewed by: Igor Kozhukhov <igor@dilos.org>
Approved by: Dan McDonald <danmcd@joyent.com>
|
| #
33f5ff17 |
| 18-Feb-2012 |
Milan Jurik <milan.jurik@xylab.cz> |
2077 lots of unreachable breaks in illumos gate
Reviewed by: Dan McDonald <danmcd@nexenta.com>
Reviewed by: Garrett D'Amore <garrett@damore.org>
Approved by: Richard Lowe <richlowe@richlowe.net>
|
| #
510c3f91 |
| 22-Dec-2009 |
Vladimir Kotal <Vladimir.Kotal@Sun.COM> |
6874992 in.iked does not use network byte order for IP address in sendto() call
6874983 ikedoor.h is not C++ safe
6885833 IPsec utilities should print lifetimes in human readable format
6889086 ikead
6874992 in.iked does not use network byte order for IP address in sendto() call
6874983 ikedoor.h is not C++ safe
6885833 IPsec utilities should print lifetimes in human readable format
6889086 ikeadm reports kilobyte lifetimes with wrong units
6898492 iked should enforce lower maximum values for lifetimes
6897711 iked debug output should be less confusing for average sysadmin
6902926 SOFT kilobyte expires for inbound SAs should make it to userland and be reacted upon
show more ...
|
| #
5d3b8cb7 |
| 03-Nov-2009 |
Bill Sommerfeld <sommerfeld@sun.com> |
PSARC/2008/252 Labeled IPsec phase 1
6886771 Labeled IPsec phase 1
6808727 Alignment error panic in tsol_can_accept_raw()
6894979 nightly -0 + -p builds then destroys SUNW0on
|
| #
628b0c67 |
| 21-Oct-2009 |
Mark Fenwick <Mark.Fenwick@Sun.COM> |
PSARC 2009/513 Changes to IPsec ESP to support Combined mode ciphers
6704686 IPsec/ESP needs to support Combined mode ciphers
6704682 IPsec/ESP should use AES-CCM
6884664 IPsec/ESP should support AES
PSARC 2009/513 Changes to IPsec ESP to support Combined mode ciphers
6704686 IPsec/ESP needs to support Combined mode ciphers
6704682 IPsec/ESP should use AES-CCM
6884664 IPsec/ESP should support AES-GCM Mode
6840342 ipsecalgs out of memory error
6764184 tab instead of space in sadb.h
show more ...
|
| #
a1ba8781 |
| 02-Jul-2009 |
Mark Fenwick <Mark.Fenwick@Sun.COM> |
6848192 get_ipsa_pair() does not always follow bucket lock entry rules, could potentially deadlock.
6846548 PF_KEY diagnostics need to be more specific
6853208 ipsecalgs(1m) does not cope when there
6848192 get_ipsa_pair() does not always follow bucket lock entry rules, could potentially deadlock.
6846548 PF_KEY diagnostics need to be more specific
6853208 ipsecalgs(1m) does not cope when there are no algorithms registered.
6856693 sadb_update_sa() checks for duplicate SADB_UPDATE messages in the wrong place.
6846547 Faulty PF_KEY replies should not cause in.iked to halt
show more ...
|
| #
bfe6f8f5 |
| 18-Mar-2009 |
Vladimir Kotal <Vladimir.Kotal@Sun.COM> |
6520458 ikeadm should have command line history capabilities
4313953 ipseckey(1m) needs line editing support.
6814629 ipseckey should employ strict checking for {dump,flush} commands
|
| #
9c2c14ab |
| 30-Sep-2008 |
Thejaswini Singarajipura <Thejaswini.Singarajipura@Sun.COM> |
PSARC 2008/523 IPsec session failover
6398024 IPsec should support session failover across machines
6545486 PF_KEY needs to set an SA's sequence number
|
| #
c51cb4bc |
| 13-Aug-2008 |
Dan McDonald <danmcd@sun.com> |
6728539 64-bit version of libipsecutil
|
| #
4a179720 |
| 09-Jul-2008 |
danmcd <none@none> |
6719641 RFC 3947 section 7 (port-reassignment) on paired-ESP and IKE SAs on the non-NAT side.
|
| #
38d95a78 |
| 20-May-2008 |
markfen <none@none> |
PSARC/2008/232 Paired IPsec Security Associations
6584918 in.iked will exit if you try and add a duplicate rule with ikeadm
6595953 Remove SCCS keywords from ipsec{ah,esp}, keysock, and spdsock
66282
PSARC/2008/232 Paired IPsec Security Associations
6584918 in.iked will exit if you try and add a duplicate rule with ikeadm
6595953 Remove SCCS keywords from ipsec{ah,esp}, keysock, and spdsock
6628201 Inbound and Outbound IPsec SA's should be treated as a pair.
6643439 check_rule() in in.iked does not sanity check kilobyte based lifetime values
6668752 ikeadm(1m) get defaults displays wrong value for p2_softlife_kb
6669211 Need a way to disable Soft Expires when using in.iked(1m)
6670612 sadb_address_proto and sadb_address_prefixlen need to be initialized in NAT_T extensions.
6674203 Ordering of src/dst address extensions in pf_key messages is inconsistent.
6676436 ipseckey(1m) error messages could be less cryptic
6683004 Updating hard_usetime on an IPsec SA will cause it to evaporate.
6703265 in.iked can dump core if avl_nearest() returns NULL
show more ...
|
| #
a12f8217 |
| 29-Feb-2008 |
pwernau <none@none> |
6658263 ipseckey and ikeadm don't print ASN.1 ID values
|
| #
e70cf235 |
| 25-Jan-2008 |
vk199839 <none@none> |
6653436 iked should be more resilient to ipsecalgs contents
|
| #
437220cd |
| 04-Sep-2007 |
danmcd <none@none> |
PSARC 2007/449 Detangle IPsec NAT Traversal
6481450 nattymod calls putnext() on a freed queue.
6558864 remove nattymod
6558870 Implement SA last-used time and idle actions
6582318 "mandatory" is spel
PSARC 2007/449 Detangle IPsec NAT Traversal
6481450 nattymod calls putnext() on a freed queue.
6558864 remove nattymod
6558870 Implement SA last-used time and idle actions
6582318 "mandatory" is spelled wrong in pfiles
6584011 save_assoc() gets confused w.r.t. "proto".
6588015 Missing "encap udp" must be better diagnosed by ipseckey(1M).
6595368 Need "ipsec-nat-t" in /etc/services
6595877 ipseckey(1M) can produce output it can't read back in (line-too-big)
--HG--
rename : usr/src/uts/common/inet/ip/nattymod.c => deleted_files/usr/src/uts/common/inet/ip/nattymod.c
rename : usr/src/uts/intel/nattymod/Makefile => deleted_files/usr/src/uts/intel/nattymod/Makefile
rename : usr/src/uts/sparc/nattymod/Makefile => deleted_files/usr/src/uts/sparc/nattymod/Makefile
show more ...
|
| #
bb3ed8df |
| 15-Aug-2007 |
pwernau <none@none> |
6585305 in.iked in debug mode needs to show phase 2 alg proposals and PF_KEY message contents
|
| #
c99ab7ce |
| 30-Jul-2007 |
danmcd <none@none> |
6576171 ipsec_kmc_map file processing is broken
|
| #
25e435e0 |
| 29-May-2007 |
pwernau <none@none> |
6561665 ipseckey -f does not understand "flush" keyword anymore
|