![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / usr.sbin / bgpd
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.68 / (download) - annotate - [select for diffs], Mon Nov 7 22:39:13 2022 UTC (19 months ago) by mbuhl
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
HEAD
Changes since 1.67: +3 -3 lines
Diff to previous 1.67 (colored)
Fix theoretical access to garbage stack memory in pfkey_reply for bgpd and ldpd. Found by CodeChecker. OK claudio@
Revision 1.67 / (download) - annotate - [select for diffs], Wed Aug 17 15:15:26 2022 UTC (21 months, 3 weeks ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.66: +19 -19 lines
Diff to previous 1.66 (colored)
Convert bzero() to memset(), bcmp() to memcmp() and bcopy() to memcpy(). The memory regions passed to memcpy() can not overlap so no need for memmove(). OK tb@ deraadt@
Revision 1.66 / (download) - annotate - [select for diffs], Thu Jul 28 13:11:50 2022 UTC (22 months, 1 week ago) by deraadt
Branch: MAIN
Changes since 1.65: +2 -2 lines
Diff to previous 1.65 (colored)
whitespace found during a read-thru; ok claudio
Revision 1.65 / (download) - annotate - [select for diffs], Thu Jun 16 09:51:07 2022 UTC (23 months, 3 weeks ago) by claudio
Branch: MAIN
Changes since 1.64: +7 -7 lines
Diff to previous 1.64 (colored)
Remove __func__ from warning messages where it does not add anything to the warning. The messages are clear enough and unique. OK tb@
Revision 1.64 / (download) - annotate - [select for diffs], Wed Jun 15 16:00:37 2022 UTC (23 months, 3 weeks ago) by claudio
Branch: MAIN
Changes since 1.63: +4 -1 lines
Diff to previous 1.63 (colored)
Prevent busy poll loop on pfkey message error. When pfkey_reply() detects an error in a message it needs to flush that message out of the buffer because pfkey_read() only did a peak read. OK tb@
Revision 1.63 / (download) - annotate - [select for diffs], Wed Jun 15 14:09:30 2022 UTC (23 months, 3 weeks ago) by claudio
Branch: MAIN
Changes since 1.62: +31 -5 lines
Diff to previous 1.62 (colored)
Do not use defines from pfkeyv2.h in portable code. Instead define our own algorithm enums for the IPsec code. OK tb@ sthen@
Revision 1.62 / (download) - annotate - [select for diffs], Sun Feb 6 09:51:19 2022 UTC (2 years, 4 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.61: +16 -16 lines
Diff to previous 1.61 (colored)
Switch from u_intX_t types to stdint.h uintX_t. Mostly mechanical with a few reindents. OK florian@ tb@
Revision 1.61 / (download) - annotate - [select for diffs], Thu Apr 23 16:13:11 2020 UTC (4 years, 1 month ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.60: +23 -10 lines
Diff to previous 1.60 (colored)
Store local-address by address family. This allows to configure both an IPv4 and IPv6 local-address on a group and the neighbors bind to the right local-address. Also implement 'no local-address' to reset a previously set local address back to zero. This should help with IBGP and multihop session config and hopefully reduce repetition in bgpd configs. OK sthen@ benno@
Revision 1.60 / (download) - annotate - [select for diffs], Tue Oct 1 11:05:30 2019 UTC (4 years, 8 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.59: +17 -2 lines
Diff to previous 1.59 (colored)
Add some TCP MD5SUM specific calls needed by protable. On Linux systems there is no pfkey interface and instead the loading is done via setsockopts. To make this work correctly there are some additional functions needed when peers get reconfigured or when new listeners show up. OK benno@
Revision 1.59 / (download) - annotate - [select for diffs], Mon Sep 30 12:10:38 2019 UTC (4 years, 8 months ago) by claudio
Branch: MAIN
Changes since 1.58: +3 -3 lines
Diff to previous 1.58 (colored)
Pass a struct listen_addr pointer to tcp_md5_listen and not just the fd, the linux shim needs this.
Revision 1.58 / (download) - annotate - [select for diffs], Tue Jun 25 21:32:08 2019 UTC (4 years, 11 months ago) by benno
Branch: MAIN
Changes since 1.57: +31 -31 lines
Diff to previous 1.57 (colored)
cleanup return code checks for the pfkey_*() functions. ok claudio@
Revision 1.57 / (download) - annotate - [select for diffs], Mon Jun 17 13:35:43 2019 UTC (4 years, 11 months ago) by claudio
Branch: MAIN
Changes since 1.56: +1 -2 lines
Diff to previous 1.56 (colored)
Cleanup, remove some unneded spaces add some other where needed. No binary change according to clang
Revision 1.56 / (download) - annotate - [select for diffs], Wed May 29 08:48:00 2019 UTC (5 years ago) by claudio
Branch: MAIN
Changes since 1.55: +121 -73 lines
Diff to previous 1.55 (colored)
Rework pfkey handling a bit. The old remove then add way of inserting md5sig hit a race frequently where a session ended up with no key/SPI in the kernel. Since there is no way to do atomic updates of SADB_X_SATYPE_TCPSIGNATURE the code is adding a new one then removing the old one. Also make sure keys are correctly cleared when peers are deconfigured. May not be perfect but a lot better than what was there before. Tested by and OK sthen@
Revision 1.55 / (download) - annotate - [select for diffs], Wed May 8 12:41:55 2019 UTC (5 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.54: +102 -36 lines
Diff to previous 1.54 (colored)
Rework the TCP md5sig and IKE handling. Move the pfkey socket to the parent process in this process. The refreshing of the keys is done whenever the session state is changes to state IDLE or ACTIVE. This should behave better when reloading configs with auth changes. OK benno@
Revision 1.54 / (download) - annotate - [select for diffs], Wed Feb 20 16:29:01 2019 UTC (5 years, 3 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.53: +7 -3 lines
Diff to previous 1.53 (colored)
Forgot to set the sockaddr length field which is mandatory on the pfkey socket. Fixes tcp-md5 issues noticed by benno@, OK benno@
Revision 1.53 / (download) - annotate - [select for diffs], Mon Feb 18 09:43:57 2019 UTC (5 years, 3 months ago) by claudio
Branch: MAIN
Changes since 1.52: +6 -5 lines
Diff to previous 1.52 (colored)
Do not depend on the length field of struct sockaddr instead pass the length to the various functions needing it. Helps portability. OK benno@
Revision 1.52 / (download) - annotate - [select for diffs], Thu Sep 20 11:06:04 2018 UTC (5 years, 8 months ago) by benno
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.51: +3 -2 lines
Diff to previous 1.51 (colored)
whitespace cleanup, ok claudio@
Revision 1.51 / (download) - annotate - [select for diffs], Mon Aug 21 14:43:33 2017 UTC (6 years, 9 months ago) by phessler
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3,
OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.50: +3 -1 lines
Diff to previous 1.50 (colored)
undo unintentional commits
Revision 1.50 / (download) - annotate - [select for diffs], Mon Aug 21 14:41:22 2017 UTC (6 years, 9 months ago) by phessler
Branch: MAIN
Changes since 1.49: +1 -3 lines
Diff to previous 1.49 (colored)
When 'enforce neighbor-as no' is set, don't do a config-time check for the neighbor-as, as it is dynamic.
Revision 1.49 / (download) - annotate - [select for diffs], Tue Apr 18 02:29:56 2017 UTC (7 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.48: +4 -7 lines
Diff to previous 1.48 (colored)
use freezero()
Revision 1.48 / (download) - annotate - [select for diffs], Thu Mar 2 19:54:22 2017 UTC (7 years, 3 months ago) by renato
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.47: +4 -4 lines
Diff to previous 1.47 (colored)
Fix breakage of md5 authentication. The previous commit (rev 1.47) added a missing htonl in pfkey_send() but didn't add a corresponding ntohl in pfkey_reply(). This patch fixes this. Found the hard way by benno@, who also suggested the rename of spip to spi. OK benno@ claudio@ henning@
Revision 1.47 / (download) - annotate - [select for diffs], Wed Feb 22 13:55:14 2017 UTC (7 years, 3 months ago) by renato
Branch: MAIN
Changes since 1.46: +2 -2 lines
Diff to previous 1.46 (colored)
Add missing htonl for IPsec SPI. Also, do not allow to configure SPI values in the 0..255 range. RFC 4302 and RFC 4303 say the following: "The set of SPI values in the range 1 through 255 are reserved by the Internet Assigned Numbers Authority (IANA) for future use; a reserved SPI value will not normally be assigned by IANA unless the use of the assigned SPI value is specified in an RFC. The SPI value of zero (0) is reserved for local, implementation-specific use and MUST NOT be sent on the wire". ok and tweak benno@
Revision 1.46 / (download) - annotate - [select for diffs], Tue Jan 24 04:22:42 2017 UTC (7 years, 4 months ago) by benno
Branch: MAIN
Changes since 1.45: +2 -1 lines
Diff to previous 1.45 (colored)
sync log.c from relayd et al to bgpd. there is still a little difference regarding handling of the verbosity value that will be handled later. ok claudio@ florian@
Revision 1.45 / (download) - annotate - [select for diffs], Sun Sep 13 10:22:16 2015 UTC (8 years, 8 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.44: +4 -4 lines
Diff to previous 1.44 (colored)
explicit_bzero() from Michael McConville, thanks! OK claudio
Revision 1.44 / (download) - annotate - [select for diffs], Tue Feb 10 05:18:39 2015 UTC (9 years, 4 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8,
OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.43: +7 -2 lines
Diff to previous 1.43 (colored)
Make also the special sockets SOCK_NONBLOCK. For the routing socket add a trigger for the case that not a full message has been read. Should not be possible but lets see if this triggers somewhen. With and OK henning@
Revision 1.43 / (download) - annotate - [select for diffs], Mon Feb 9 11:37:31 2015 UTC (9 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.42: +2 -2 lines
Diff to previous 1.42 (colored)
Kill session_socket_blockmode() and replace it with SOCK_CLOEXEC or SOCK_NONBLOCK and accept4(). OK henning@ tested & OK benno@
Revision 1.42 / (download) - annotate - [select for diffs], Wed Oct 8 16:15:37 2014 UTC (9 years, 8 months ago) by deraadt
Branch: MAIN
Changes since 1.41: +3 -3 lines
Diff to previous 1.41 (colored)
Use reallocarray() throughout to spot multiplicative int overflow. ok henning benno
Revision 1.41 / (download) - annotate - [select for diffs], Thu Dec 9 13:50:41 2010 UTC (13 years, 6 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6,
OPENBSD_5_5_BASE,
OPENBSD_5_5,
OPENBSD_5_4_BASE,
OPENBSD_5_4,
OPENBSD_5_3_BASE,
OPENBSD_5_3,
OPENBSD_5_2_BASE,
OPENBSD_5_2,
OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0,
OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.40: +36 -21 lines
Diff to previous 1.40 (colored)
The PF_KEY socket is like the routing socket. It must be polled all the time to consume broadcasted messages or the socket gets full and own messages that are needed are lost. This fixes an infinit loop in pfkey_reply that happens when bgpd tcp md5sum is used on a system that also runs a larger IPsec setup. OK henning, lot of patience, debuging and testing by Thomas Boernert
Revision 1.40 / (download) - annotate - [select for diffs], Mon Dec 14 17:38:18 2009 UTC (14 years, 5 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8,
OPENBSD_4_7_BASE,
OPENBSD_4_7
Changes since 1.39: +6 -3 lines
Diff to previous 1.39 (colored)
addr2sa() will return NULL for AID_UNSPEC and pfkey_send() may end up with one of the src/dst addrs as AID_UNSPEC. So we need to check for NULL before copying. Fixes a crash seen with tcp-md5 enabled peers.
Revision 1.39 / (download) - annotate - [select for diffs], Sun Dec 6 11:42:22 2009 UTC (14 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.38: +3 -3 lines
Diff to previous 1.38 (colored)
Doh, switch src and dst in memcpy calls or the wrong thing gets copied. For some reasons memcpy has the argument reversed - grmbl. Found the hard way by Insan Praja.
Revision 1.38 / (download) - annotate - [select for diffs], Tue Dec 1 14:28:05 2009 UTC (14 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.37: +17 -29 lines
Diff to previous 1.37 (colored)
Use an artificial address family id in struct bgpd_addr and almost everywhere else. Adds conversion functions to map AFI/SAFI and the Unix AF_ values from and into AID used in bgpd. This is needed to support things like MPLS VPN and other upcomming changes that need to play a lot with AFI/SAFI pairs. Mostly mechanical change, henning@ has no particular issues with this. Must go in so that I can continue working.
Revision 1.37 / (download) - annotate - [select for diffs], Tue Apr 21 15:25:52 2009 UTC (15 years, 1 month ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_4_6_BASE,
OPENBSD_4_6
Changes since 1.36: +7 -3 lines
Diff to previous 1.36 (colored)
instead of calling getpid() all over the place do it once, claudio ok
Revision 1.36 / (download) - annotate - [select for diffs], Tue Apr 21 13:57:14 2009 UTC (15 years, 1 month ago) by henning
Branch: MAIN
Changes since 1.35: +19 -6 lines
Diff to previous 1.35 (colored)
ignore pfkey replies not for us and discard them From: Matthew Dempsky <matthew@dempsky.org> markus and hshoexer and claudio agree
Revision 1.35 / (download) - annotate - [select for diffs], Wed Feb 25 19:18:04 2009 UTC (15 years, 3 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_4_5_BASE,
OPENBSD_4_5
Changes since 1.34: +3 -1 lines
Diff to previous 1.34 (colored)
add a stupid workaround for a race somewhere in the crypto code in the kernel. a one second sleep has made it go away in all my tests. ok theo
Revision 1.31.6.1 / (download) - annotate - [select for diffs], Sat Nov 4 19:53:37 2006 UTC (17 years, 7 months ago) by brad
Branch: OPENBSD_3_9
Changes since 1.31: +66 -50 lines
Diff to previous 1.31 (colored) next main 1.32 (colored)
MFC: Fix by henning@ rev 1.33 make sure we keep copies of everything we need to remove SAs and flows later again, even if the configuration info changed due to reload. rev 1.34 storing the dynamically acquired SPIs for tcpmd5 inside the conf struct is not such a good idea - it gets nulled on config reloads, and thus we fail to clear the old SAs when the session is restarted after a config reload occured. obvious solution: store the SPIs outside the config area. ok henning@
Revision 1.32.2.1 / (download) - annotate - [select for diffs], Sat Nov 4 05:19:06 2006 UTC (17 years, 7 months ago) by brad
Branch: OPENBSD_4_0
Changes since 1.32: +66 -50 lines
Diff to previous 1.32 (colored) next main 1.33 (colored)
MFC: Fix by henning@ rev 1.33 make sure we keep copies of everything we need to remove SAs and flows later again, even if the configuration info changed due to reload. rev 1.34 storing the dynamically acquired SPIs for tcpmd5 inside the conf struct is not such a good idea - it gets nulled on config reloads, and thus we fail to clear the old SAs when the session is restarted after a config reload occured. obvious solution: store the SPIs outside the config area. ok henning@
Revision 1.34 / (download) - annotate - [select for diffs], Thu Oct 26 14:26:49 2006 UTC (17 years, 7 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_4_4_BASE,
OPENBSD_4_4,
OPENBSD_4_3_BASE,
OPENBSD_4_3,
OPENBSD_4_2_BASE,
OPENBSD_4_2,
OPENBSD_4_1_BASE,
OPENBSD_4_1
Changes since 1.33: +53 -37 lines
Diff to previous 1.33 (colored)
* make sure we keep copies of everything we need to
* remove SAs and flows later again, even if the
* configuration info changed due to reload.
* We need: SPIs, method, local_addr, remote_addr.
* remote_addr cannot change, so no copy.
with this, I have just migrated a session from tcp md5sig to ipsec esp ike,
just with bgpctl reload (both sides) followed by bgpctl neighbor $foo clear
(just one side)!
claudio ok
Revision 1.33 / (download) - annotate - [select for diffs], Thu Oct 26 13:17:00 2006 UTC (17 years, 7 months ago) by henning
Branch: MAIN
Changes since 1.32: +14 -14 lines
Diff to previous 1.32 (colored)
storing the dynamically acquired SPIs for tcpmd5 inside the conf struct is not such a good idea - it gets nulled on config reloads, and thus we fail to clear the old SAs when the session is restarted after a config reload occured. obvious solution: store the SPIs outside the config area. ok claudio
Revision 1.32 / (download) - annotate - [select for diffs], Wed Aug 30 17:58:40 2006 UTC (17 years, 9 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_4_0_BASE
Branch point for: OPENBSD_4_0
Changes since 1.31: +9 -10 lines
Diff to previous 1.31 (colored)
writing to the pfkey socket can give EAGAIN and we must retry. ok claudio hshoexer deraadt
Revision 1.31 / (download) - annotate - [select for diffs], Wed Nov 10 14:48:25 2004 UTC (19 years, 7 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE,
OPENBSD_3_8_BASE,
OPENBSD_3_8,
OPENBSD_3_7_BASE,
OPENBSD_3_7
Branch point for: OPENBSD_3_9
Changes since 1.30: +1 -3 lines
Diff to previous 1.30 (colored)
"not reached" does not help LINT use NOTREACHED instead and use it only in places where needed. OK henning@
Revision 1.30 / (download) - annotate - [select for diffs], Fri May 28 18:39:09 2004 UTC (20 years ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_3_6_BASE,
OPENBSD_3_6
Changes since 1.29: +9 -6 lines
Diff to previous 1.29 (colored)
detect absence of PF_KEY interface and/or the TCP_MD5SIG setsockopts at runtime and disable said subsystems if so. helps the guys porting bgpd to $otherBSD, and is actually the right thing to do. claudio ok
Revision 1.29 / (download) - annotate - [select for diffs], Thu May 6 14:51:11 2004 UTC (20 years, 1 month ago) by henning
Branch: MAIN
Changes since 1.28: +4 -1 lines
Diff to previous 1.28 (colored)
actually reset p->auth_established to 0 in pfkey_[md5sig|ipsec]_remove
Revision 1.28 / (download) - annotate - [select for diffs], Thu May 6 14:41:47 2004 UTC (20 years, 1 month ago) by henning
Branch: MAIN
Changes since 1.27: +9 -7 lines
Diff to previous 1.27 (colored)
we need a seperate field for the md5 key len, can't use strlen, noticed by markus some time ago
Revision 1.27 / (download) - annotate - [select for diffs], Wed Apr 28 04:59:32 2004 UTC (20 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.26: +48 -17 lines
Diff to previous 1.26 (colored)
support for AH flows and SAs
Revision 1.26 / (download) - annotate - [select for diffs], Wed Apr 28 03:53:35 2004 UTC (20 years, 1 month ago) by henning
Branch: MAIN
Changes since 1.25: +1 -1 lines
Diff to previous 1.25 (colored)
do not give up on ESRCH, someone might have mucked with ipsecadm behind our back, markus ok
Revision 1.25 / (download) - annotate - [select for diffs], Wed Apr 28 03:34:38 2004 UTC (20 years, 1 month ago) by henning
Branch: MAIN
Changes since 1.24: +7 -3 lines
Diff to previous 1.24 (colored)
make this at least compile
Revision 1.24 / (download) - annotate - [select for diffs], Wed Apr 28 03:19:52 2004 UTC (20 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.23: +25 -1 lines
Diff to previous 1.23 (colored)
make sure send and reply are in sync; ok henning
Revision 1.23 / (download) - annotate - [select for diffs], Wed Apr 28 02:57:00 2004 UTC (20 years, 1 month ago) by henning
Branch: MAIN
Changes since 1.22: +5 -2 lines
Diff to previous 1.22 (colored)
keep track of which ipsec/md5 SAs we inserted - ESRCH on blind removal otherwise, markus ok
Revision 1.22 / (download) - annotate - [select for diffs], Wed Apr 28 00:59:09 2004 UTC (20 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.21: +47 -50 lines
Diff to previous 1.21 (colored)
don't load SAs into the kernel if IKE is used.
Revision 1.21 / (download) - annotate - [select for diffs], Wed Apr 28 00:38:39 2004 UTC (20 years, 1 month ago) by henning
Branch: MAIN
Changes since 1.20: +3 -3 lines
Diff to previous 1.20 (colored)
prefix the auth related defines by AUTH_, we had a name clash, markus ok
Revision 1.20 / (download) - annotate - [select for diffs], Tue Apr 27 22:42:13 2004 UTC (20 years, 1 month ago) by henning
Branch: MAIN
Changes since 1.19: +25 -22 lines
Diff to previous 1.19 (colored)
rename the ipsec struct to auth, move all tcpmd5 related fields in there, and add a generic "method" field that expresses what method (none/md5sig/ipsec manual/ipsec ike) is in use markus ok
Revision 1.19 / (download) - annotate - [select for diffs], Tue Apr 27 18:35:48 2004 UTC (20 years, 1 month ago) by henning
Branch: MAIN
Changes since 1.18: +3 -1 lines
Diff to previous 1.18 (colored)
two missing breaks, repairs tcpmd5, with markus
Revision 1.18 / (download) - annotate - [select for diffs], Tue Apr 27 17:56:57 2004 UTC (20 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.17: +127 -43 lines
Diff to previous 1.17 (colored)
restrict the ipsec flows to BGP only; ok henning
Revision 1.17 / (download) - annotate - [select for diffs], Tue Apr 27 04:38:12 2004 UTC (20 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.16: +2 -2 lines
Diff to previous 1.16 (colored)
crud stripping; henning ok
Revision 1.16 / (download) - annotate - [select for diffs], Mon Apr 26 09:35:39 2004 UTC (20 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.15: +224 -28 lines
Diff to previous 1.15 (colored)
load ipsec SAs into the kernel and enable them.
Revision 1.15 / (download) - annotate - [select for diffs], Wed Mar 31 10:25:35 2004 UTC (20 years, 2 months ago) by henning
Branch: MAIN
Changes since 1.14: +7 -1 lines
Diff to previous 1.14 (colored)
allow empty (wildcard) sockaddr for src or dst
Revision 1.14 / (download) - annotate - [select for diffs], Mon Mar 15 16:00:59 2004 UTC (20 years, 3 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_3_5_BASE,
OPENBSD_3_5
Changes since 1.13: +15 -7 lines
Diff to previous 1.13 (colored)
use switch instead of if { } else if { } else { }
Revision 1.13 / (download) - annotate - [select for diffs], Fri Jan 30 23:12:51 2004 UTC (20 years, 4 months ago) by henning
Branch: MAIN
Changes since 1.12: +5 -2 lines
Diff to previous 1.12 (colored)
missing free() in an error path that should be unreachable From: Patrick Latifi <pat@eyeo.org>
Revision 1.12 / (download) - annotate - [select for diffs], Wed Jan 28 23:31:28 2004 UTC (20 years, 4 months ago) by henning
Branch: MAIN
Changes since 1.11: +6 -20 lines
Diff to previous 1.11 (colored)
implement tcp md5sig password so that the key can be given in ascii, what unfortunately limits the key space (cisco/juniper compat...) we keep the ability to specify the key in hex whithout these limits. help & ok markus
Revision 1.11 / (download) - annotate - [select for diffs], Wed Jan 28 20:03:30 2004 UTC (20 years, 4 months ago) by henning
Branch: MAIN
Changes since 1.10: +27 -5 lines
Diff to previous 1.10 (colored)
-rename pfkey_setkey to pfkey_sa_add -implement pfkey_sa_remove -use it in pfkey_auth_remove we now properly remove the SAs we added on bgpd shutdown ok markus
Revision 1.10 / (download) - annotate - [select for diffs], Wed Jan 28 20:00:29 2004 UTC (20 years, 4 months ago) by henning
Branch: MAIN
Changes since 1.9: +17 -15 lines
Diff to previous 1.9 (colored)
fix pfkey_reply() logic: we always need to read the full message or we find old crap next time much more difficult to find than it sounds here... with & ok markus
Revision 1.9 / (download) - annotate - [select for diffs], Wed Jan 28 19:04:55 2004 UTC (20 years, 4 months ago) by henning
Branch: MAIN
Changes since 1.8: +4 -2 lines
Diff to previous 1.8 (colored)
missing free and fix memset misuse; From: Patrick Latifi <pat@eyeo.org> tho i fixed that using bzero instead
Revision 1.8 / (download) - annotate - [select for diffs], Wed Jan 28 17:57:08 2004 UTC (20 years, 4 months ago) by henning
Branch: MAIN
Changes since 1.7: +24 -22 lines
Diff to previous 1.7 (colored)
we need a pfkey_init the gets us a PF_KEY socket before we drop privs eases other code quite a bit in exchange...
Revision 1.7 / (download) - annotate - [select for diffs], Wed Jan 28 17:27:55 2004 UTC (20 years, 4 months ago) by henning
Branch: MAIN
Changes since 1.6: +33 -5 lines
Diff to previous 1.6 (colored)
-struct peer_auth to store the SPIs, linked into struct peer -add pfkey_auth_establish(), which sets up flows for both directions and stores the SPIs in above struct -add (yet dummy) pfkey_auth_remove() with markus, ok claudio markus
Revision 1.6 / (download) - annotate - [select for diffs], Wed Jan 28 14:24:29 2004 UTC (20 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.5: +16 -9 lines
Diff to previous 1.5 (colored)
initial support for SADB_DELETE; ok hshoexer
Revision 1.5 / (download) - annotate - [select for diffs], Wed Jan 28 11:03:32 2004 UTC (20 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.4: +17 -17 lines
Diff to previous 1.4 (colored)
pfkey_setkey: sockaddr -> bgpd_addr; ok claudio
Revision 1.4 / (download) - annotate - [select for diffs], Tue Jan 27 14:12:28 2004 UTC (20 years, 4 months ago) by henning
Branch: MAIN
Changes since 1.3: +3 -1 lines
Diff to previous 1.3 (colored)
missing return()
Revision 1.3 / (download) - annotate - [select for diffs], Tue Jan 27 14:09:36 2004 UTC (20 years, 4 months ago) by markus
Branch: MAIN
Changes since 1.2: +184 -91 lines
Diff to previous 1.2 (colored)
use SADB_GETSPI/UPDATE for setting tcpmd5 keys; ok henning
Revision 1.2 / (download) - annotate - [select for diffs], Mon Jan 26 17:50:53 2004 UTC (20 years, 4 months ago) by henning
Branch: MAIN
Changes since 1.1: +6 -2 lines
Diff to previous 1.1 (colored)
when we error out in send_sa_msg() close the file descriptor. from Patrick Latifi <pat@eyeo.org>
Revision 1.1 / (download) - annotate - [select for diffs], Mon Jan 26 14:42:47 2004 UTC (20 years, 4 months ago) by henning
Branch: MAIN
first cut at tcpmd5 setup seupport from within bgpd. works so far. with help from hshoexer@ and markus@ ok claudio@ hshoexer@ markus@