| #
510c3f91 |
| 22-Dec-2009 |
Vladimir Kotal <Vladimir.Kotal@Sun.COM> |
6874992 in.iked does not use network byte order for IP address in sendto() call
6874983 ikedoor.h is not C++ safe
6885833 IPsec utilities should print lifetimes in human readable format
6889086 ikead
6874992 in.iked does not use network byte order for IP address in sendto() call
6874983 ikedoor.h is not C++ safe
6885833 IPsec utilities should print lifetimes in human readable format
6889086 ikeadm reports kilobyte lifetimes with wrong units
6898492 iked should enforce lower maximum values for lifetimes
6897711 iked debug output should be less confusing for average sysadmin
6902926 SOFT kilobyte expires for inbound SAs should make it to userland and be reacted upon
show more ...
|
| #
5d3b8cb7 |
| 03-Nov-2009 |
Bill Sommerfeld <sommerfeld@sun.com> |
PSARC/2008/252 Labeled IPsec phase 1
6886771 Labeled IPsec phase 1
6808727 Alignment error panic in tsol_can_accept_raw()
6894979 nightly -0 + -p builds then destroys SUNW0on
|
| #
628b0c67 |
| 21-Oct-2009 |
Mark Fenwick <Mark.Fenwick@Sun.COM> |
PSARC 2009/513 Changes to IPsec ESP to support Combined mode ciphers
6704686 IPsec/ESP needs to support Combined mode ciphers
6704682 IPsec/ESP should use AES-CCM
6884664 IPsec/ESP should support AES
PSARC 2009/513 Changes to IPsec ESP to support Combined mode ciphers
6704686 IPsec/ESP needs to support Combined mode ciphers
6704682 IPsec/ESP should use AES-CCM
6884664 IPsec/ESP should support AES-GCM Mode
6840342 ipsecalgs out of memory error
6764184 tab instead of space in sadb.h
show more ...
|
| #
6221cd42 |
| 24-Sep-2009 |
Paul Wernau <Paul.Wernau@Sun.COM> |
6881623 CRYPTO_num_locks() should be used instead of CRYPTO_NUM_LOCKS
|
| #
a1ba8781 |
| 02-Jul-2009 |
Mark Fenwick <Mark.Fenwick@Sun.COM> |
6848192 get_ipsa_pair() does not always follow bucket lock entry rules, could potentially deadlock.
6846548 PF_KEY diagnostics need to be more specific
6853208 ipsecalgs(1m) does not cope when there
6848192 get_ipsa_pair() does not always follow bucket lock entry rules, could potentially deadlock.
6846548 PF_KEY diagnostics need to be more specific
6853208 ipsecalgs(1m) does not cope when there are no algorithms registered.
6856693 sadb_update_sa() checks for duplicate SADB_UPDATE messages in the wrong place.
6846547 Faulty PF_KEY replies should not cause in.iked to halt
show more ...
|
| #
bfe6f8f5 |
| 18-Mar-2009 |
Vladimir Kotal <Vladimir.Kotal@Sun.COM> |
6520458 ikeadm should have command line history capabilities
4313953 ipseckey(1m) needs line editing support.
6814629 ipseckey should employ strict checking for {dump,flush} commands
|
| #
c7777ac8 |
| 21-Jan-2009 |
Paul Wernau <Paul.Wernau@Sun.COM> |
PSARC 2008/525 ikeadm token login
6219638 in.iked(1m) should not have to read PKCS#11 pins off-disk
6780866 ikeadm should use authorizations
|
| #
9c2c14ab |
| 30-Sep-2008 |
Thejaswini Singarajipura <Thejaswini.Singarajipura@Sun.COM> |
PSARC 2008/523 IPsec session failover
6398024 IPsec should support session failover across machines
6545486 PF_KEY needs to set an SA's sequence number
|
| #
a12f8217 |
| 29-Feb-2008 |
pwernau <none@none> |
6658263 ipseckey and ikeadm don't print ASN.1 ID values
|
| #
23c73ecc |
| 24-Oct-2007 |
pwernau <none@none> |
5053475 certlib_load() error messages need improving.
6614180 file permissions on public keys and CRLs should be more open
6614741 keying material with insecure permissions should not be trusted
|
| #
437220cd |
| 04-Sep-2007 |
danmcd <none@none> |
PSARC 2007/449 Detangle IPsec NAT Traversal
6481450 nattymod calls putnext() on a freed queue.
6558864 remove nattymod
6558870 Implement SA last-used time and idle actions
6582318 "mandatory" is spel
PSARC 2007/449 Detangle IPsec NAT Traversal
6481450 nattymod calls putnext() on a freed queue.
6558864 remove nattymod
6558870 Implement SA last-used time and idle actions
6582318 "mandatory" is spelled wrong in pfiles
6584011 save_assoc() gets confused w.r.t. "proto".
6588015 Missing "encap udp" must be better diagnosed by ipseckey(1M).
6595368 Need "ipsec-nat-t" in /etc/services
6595877 ipseckey(1M) can produce output it can't read back in (line-too-big)
--HG--
rename : usr/src/uts/common/inet/ip/nattymod.c => deleted_files/usr/src/uts/common/inet/ip/nattymod.c
rename : usr/src/uts/intel/nattymod/Makefile => deleted_files/usr/src/uts/intel/nattymod/Makefile
rename : usr/src/uts/sparc/nattymod/Makefile => deleted_files/usr/src/uts/sparc/nattymod/Makefile
show more ...
|
| #
d362b749 |
| 18-Aug-2007 |
vk199839 <none@none> |
PSARC/2006/662 Make err/warn part of Solaris's libc
6495220 add err() et al. to libc
--HG--
rename : usr/src/lib/libipsecutil/common/err.h => usr/src/head/err.h
rename : usr/src/lib/libipsecutil/com
PSARC/2006/662 Make err/warn part of Solaris's libc
6495220 add err() et al. to libc
--HG--
rename : usr/src/lib/libipsecutil/common/err.h => usr/src/head/err.h
rename : usr/src/lib/libipsecutil/common/err.c => usr/src/lib/libc/port/gen/err.c
show more ...
|
| #
bb3ed8df |
| 15-Aug-2007 |
pwernau <none@none> |
6585305 in.iked in debug mode needs to show phase 2 alg proposals and PF_KEY message contents
|
| #
25e435e0 |
| 29-May-2007 |
pwernau <none@none> |
6561665 ipseckey -f does not understand "flush" keyword anymore
|
| #
e3320f40 |
| 15-May-2007 |
markfen <none@none> |
PSARC 2007/200 - Dedicated SMF services for IPsec/IKE
6185380 IPsec should be a separate (set) of smf(5) services
6440610 missing preshared remoteid line causes in.iked core dump on reading config
64
PSARC 2007/200 - Dedicated SMF services for IPsec/IKE
6185380 IPsec should be a separate (set) of smf(5) services
6440610 missing preshared remoteid line causes in.iked core dump on reading config
6462741 ipsecconf should have an option to check config file syntax
6467954 ipseckey exit code on failure inconsistent
6468456 ipsecconf uses strcpy()
6479903 in.iked with SMF should use _enter_daemon_lock()
6488927 ipseckey(1M) could do a better job of dealing with multiple errors
6497802 in.iked should use smf(5) properties instead of /etc/default/ipsec
6519836 ipseckey, ipsecconf require uid == 0, but configured to use profile
6529086 ipsec utilities can't deal with large files
6538478 Timestamp in in.iked debug output does not understand daylight savings time
6542255 in.iked can dump core when forced to load a new ike.preshared file with ikeadm.
6543263 ikeadm uses strcpy()
6543267 ipseckey uses strcpy()
6544087 memory leak with preshared key reloading
--HG--
rename : usr/src/cmd/cmd-inet/usr.sbin/ikeadm.c => usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ikeadm.c
rename : usr/src/cmd/cmd-inet/usr.sbin/ikecert.sh => usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ikecert.sh
rename : usr/src/cmd/cmd-inet/usr.sbin/ipsecalgs.c => usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ipsecalgs.c
rename : usr/src/cmd/cmd-inet/usr.sbin/ipsecconf.c => usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ipsecconf.c
rename : usr/src/cmd/cmd-inet/usr.sbin/ipseckey.c => usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ipseckey.c
show more ...
|
| #
a7485808 |
| 19-Apr-2007 |
markfen <none@none> |
6500413 libipsecutil uses gettext() instead of dgettext()
|
| #
8810c16b |
| 03-Nov-2006 |
danmcd <none@none> |
PSARC 2005/516 IPsec Tunnel Reform
4882852 tunnels vs. inverse acquire.
4970365 Support of ESP tunnel mode within Solaris
5027528 in.iked should be more intelligent about tunnel addresses
6180161 nee
PSARC 2005/516 IPsec Tunnel Reform
4882852 tunnels vs. inverse acquire.
4970365 Support of ESP tunnel mode within Solaris
5027528 in.iked should be more intelligent about tunnel addresses
6180161 need to support multiple tunnels to a single nat
6208976 ipsecconf error messages make me think there are monsters under the bed
6313012 Clean up from removal of ipsec_inbound_debug_tag()
6351840 assertion failed: (ipha->ipha_protocol != 6) && (ipha->ipha_protocol != 17), ip.c, line: 15351
6359831 multicast tunnels don't get their IPsec policy checked.
6369094 ipseckey shouldn't accept/save-out encryption algorithm even it's none/any
6374560 ipseckey debug functions should be moved to libipsecutil
6374596 dump utilities need to be able to understand inner tunnel addresses and netmasks
6402781 Five dead declarations in IPsec code
6405338 spdsock leaks policy head references
6437366 NAT-OA payloads not processed early enough.
6465594 ipsec_policy_delete() uses wrong ipsec_selkey_t structure.
6467596 spdsock_ext_to_actvec() needs to reset "act" upon every SPD_ATTR_NEXT.
6470725 PF_POLICY shouldn't accept '0' for an algorithm value.
6475903 Outbound DROP rules are not enforced
6480815 INVERSE_ACQUIRE failures leak in in.iked
6482403 Race in in.iked, early door call vs. rest of initialization code
6482653 Don't accept UDP-encapsulated ESP on non-NAT SAs.
6487857 Post-ACQUIRE, AH+ESP packets misinitalized ipha/ip6
show more ...
|
| #
45916cd2 |
| 24-Mar-2006 |
jpk <none@none> |
PSARC/2002/762 Layered Trusted Solaris
PSARC/2005/060 TSNET: Trusted Networking with Security Labels
PSARC/2005/259 Layered Trusted Solaris Label Interfaces
PSARC/2005/573 Solaris Trusted Extensions
PSARC/2002/762 Layered Trusted Solaris
PSARC/2005/060 TSNET: Trusted Networking with Security Labels
PSARC/2005/259 Layered Trusted Solaris Label Interfaces
PSARC/2005/573 Solaris Trusted Extensions for Printing
PSARC/2005/691 Trusted Extensions for Device Allocation
PSARC/2005/723 Solaris Trusted Extensions Filesystem Labeling
PSARC/2006/009 Labeled Auditing
PSARC/2006/155 Trusted Extensions RBAC Changes
PSARC/2006/191 is_system_labeled
6293271 Zone processes should use zone_kcred instead of kcred
6394554 integrate Solaris Trusted Extensions
--HG--
rename : usr/src/cmd/dminfo/Makefile => deleted_files/usr/src/cmd/dminfo/Makefile
rename : usr/src/cmd/dminfo/dminfo.c => usr/src/cmd/allocate/dminfo.c
show more ...
|
| #
7c478bd9 |
| 14-Jun-2005 |
stevel@tonic-gate <none@none> |
OpenSolaris Launch
|