| #
f02131e0 |
| 21-Jun-2010 |
Vladimir Kotal <Vladimir.Kotal@Sun.COM> |
6945640 ipseckey won't create SA between ipv6 link-local and multicast address; dumps core instead
6949084 pfp_delete_rule() has use-after-free problem
|
| #
df8eb1c6 |
| 07-Jan-2010 |
Vladimir Kotal <Vladimir.Kotal@Sun.COM> |
6913939 'ipseckey get esp inbound' cores
|
| #
510c3f91 |
| 22-Dec-2009 |
Vladimir Kotal <Vladimir.Kotal@Sun.COM> |
6874992 in.iked does not use network byte order for IP address in sendto() call
6874983 ikedoor.h is not C++ safe
6885833 IPsec utilities should print lifetimes in human readable format
6889086 ikead
6874992 in.iked does not use network byte order for IP address in sendto() call
6874983 ikedoor.h is not C++ safe
6885833 IPsec utilities should print lifetimes in human readable format
6889086 ikeadm reports kilobyte lifetimes with wrong units
6898492 iked should enforce lower maximum values for lifetimes
6897711 iked debug output should be less confusing for average sysadmin
6902926 SOFT kilobyte expires for inbound SAs should make it to userland and be reacted upon
show more ...
|
| #
d0115d88 |
| 20-Nov-2009 |
Mark Fenwick <Mark.Fenwick@Sun.COM> |
6900753 Calls to dump_key in ikeadm.c could be refactored
6896962 ipsecconf incorrectly parses misconfigured hyphenated tokens
6898695 ipsecalgs -s causes kernel buffer corruption
6440628 ipseckey sh
6900753 Calls to dump_key in ikeadm.c could be refactored
6896962 ipsecconf incorrectly parses misconfigured hyphenated tokens
6898695 ipsecalgs -s causes kernel buffer corruption
6440628 ipseckey should ensure that argument is a file before parsing
show more ...
|
| #
5d3b8cb7 |
| 03-Nov-2009 |
Bill Sommerfeld <sommerfeld@sun.com> |
PSARC/2008/252 Labeled IPsec phase 1
6886771 Labeled IPsec phase 1
6808727 Alignment error panic in tsol_can_accept_raw()
6894979 nightly -0 + -p builds then destroys SUNW0on
|
| #
628b0c67 |
| 21-Oct-2009 |
Mark Fenwick <Mark.Fenwick@Sun.COM> |
PSARC 2009/513 Changes to IPsec ESP to support Combined mode ciphers
6704686 IPsec/ESP needs to support Combined mode ciphers
6704682 IPsec/ESP should use AES-CCM
6884664 IPsec/ESP should support AES
PSARC 2009/513 Changes to IPsec ESP to support Combined mode ciphers
6704686 IPsec/ESP needs to support Combined mode ciphers
6704682 IPsec/ESP should use AES-CCM
6884664 IPsec/ESP should support AES-GCM Mode
6840342 ipsecalgs out of memory error
6764184 tab instead of space in sadb.h
show more ...
|
| #
bfe6f8f5 |
| 18-Mar-2009 |
Vladimir Kotal <Vladimir.Kotal@Sun.COM> |
6520458 ikeadm should have command line history capabilities
4313953 ipseckey(1m) needs line editing support.
6814629 ipseckey should employ strict checking for {dump,flush} commands
|
| #
9c2c14ab |
| 30-Sep-2008 |
Thejaswini Singarajipura <Thejaswini.Singarajipura@Sun.COM> |
PSARC 2008/523 IPsec session failover
6398024 IPsec should support session failover across machines
6545486 PF_KEY needs to set an SA's sequence number
|
| #
38d95a78 |
| 20-May-2008 |
markfen <none@none> |
PSARC/2008/232 Paired IPsec Security Associations
6584918 in.iked will exit if you try and add a duplicate rule with ikeadm
6595953 Remove SCCS keywords from ipsec{ah,esp}, keysock, and spdsock
66282
PSARC/2008/232 Paired IPsec Security Associations
6584918 in.iked will exit if you try and add a duplicate rule with ikeadm
6595953 Remove SCCS keywords from ipsec{ah,esp}, keysock, and spdsock
6628201 Inbound and Outbound IPsec SA's should be treated as a pair.
6643439 check_rule() in in.iked does not sanity check kilobyte based lifetime values
6668752 ikeadm(1m) get defaults displays wrong value for p2_softlife_kb
6669211 Need a way to disable Soft Expires when using in.iked(1m)
6670612 sadb_address_proto and sadb_address_prefixlen need to be initialized in NAT_T extensions.
6674203 Ordering of src/dst address extensions in pf_key messages is inconsistent.
6676436 ipseckey(1m) error messages could be less cryptic
6683004 Updating hard_usetime on an IPsec SA will cause it to evaporate.
6703265 in.iked can dump core if avl_nearest() returns NULL
show more ...
|
| #
a050d7e9 |
| 08-Feb-2008 |
pwernau <none@none> |
6659486 ipseckey dumps core with encryption key and no other parameters
|
| #
23c73ecc |
| 24-Oct-2007 |
pwernau <none@none> |
5053475 certlib_load() error messages need improving.
6614180 file permissions on public keys and CRLs should be more open
6614741 keying material with insecure permissions should not be trusted
|
| #
72c8fd38 |
| 02-Oct-2007 |
markfen <none@none> |
6610537 ipseckey error output can get mangled on x86
6610538 ipseckey can core dump with truncated input
|
| #
437220cd |
| 04-Sep-2007 |
danmcd <none@none> |
PSARC 2007/449 Detangle IPsec NAT Traversal
6481450 nattymod calls putnext() on a freed queue.
6558864 remove nattymod
6558870 Implement SA last-used time and idle actions
6582318 "mandatory" is spel
PSARC 2007/449 Detangle IPsec NAT Traversal
6481450 nattymod calls putnext() on a freed queue.
6558864 remove nattymod
6558870 Implement SA last-used time and idle actions
6582318 "mandatory" is spelled wrong in pfiles
6584011 save_assoc() gets confused w.r.t. "proto".
6588015 Missing "encap udp" must be better diagnosed by ipseckey(1M).
6595368 Need "ipsec-nat-t" in /etc/services
6595877 ipseckey(1M) can produce output it can't read back in (line-too-big)
--HG--
rename : usr/src/uts/common/inet/ip/nattymod.c => deleted_files/usr/src/uts/common/inet/ip/nattymod.c
rename : usr/src/uts/intel/nattymod/Makefile => deleted_files/usr/src/uts/intel/nattymod/Makefile
rename : usr/src/uts/sparc/nattymod/Makefile => deleted_files/usr/src/uts/sparc/nattymod/Makefile
show more ...
|
| #
bb3ed8df |
| 15-Aug-2007 |
pwernau <none@none> |
6585305 in.iked in debug mode needs to show phase 2 alg proposals and PF_KEY message contents
|
| #
ec485834 |
| 29-Jun-2007 |
pwernau <none@none> |
6477017 ipseckey could should not reject a hex string that starts '0x'
6499919 ipseckey should throw out encryption keys for "null" algorithm
|
| #
25e435e0 |
| 29-May-2007 |
pwernau <none@none> |
6561665 ipseckey -f does not understand "flush" keyword anymore
|
| #
e3320f40 |
| 15-May-2007 |
markfen <none@none> |
PSARC 2007/200 - Dedicated SMF services for IPsec/IKE
6185380 IPsec should be a separate (set) of smf(5) services
6440610 missing preshared remoteid line causes in.iked core dump on reading config
64
PSARC 2007/200 - Dedicated SMF services for IPsec/IKE
6185380 IPsec should be a separate (set) of smf(5) services
6440610 missing preshared remoteid line causes in.iked core dump on reading config
6462741 ipsecconf should have an option to check config file syntax
6467954 ipseckey exit code on failure inconsistent
6468456 ipsecconf uses strcpy()
6479903 in.iked with SMF should use _enter_daemon_lock()
6488927 ipseckey(1M) could do a better job of dealing with multiple errors
6497802 in.iked should use smf(5) properties instead of /etc/default/ipsec
6519836 ipseckey, ipsecconf require uid == 0, but configured to use profile
6529086 ipsec utilities can't deal with large files
6538478 Timestamp in in.iked debug output does not understand daylight savings time
6542255 in.iked can dump core when forced to load a new ike.preshared file with ikeadm.
6543263 ikeadm uses strcpy()
6543267 ipseckey uses strcpy()
6544087 memory leak with preshared key reloading
--HG--
rename : usr/src/cmd/cmd-inet/usr.sbin/ikeadm.c => usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ikeadm.c
rename : usr/src/cmd/cmd-inet/usr.sbin/ikecert.sh => usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ikecert.sh
rename : usr/src/cmd/cmd-inet/usr.sbin/ipsecalgs.c => usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ipsecalgs.c
rename : usr/src/cmd/cmd-inet/usr.sbin/ipsecconf.c => usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ipsecconf.c
rename : usr/src/cmd/cmd-inet/usr.sbin/ipseckey.c => usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ipseckey.c
show more ...
|