PSARC 2010/101 in.iked preshared key file extensions 6511591 Support at least remote-prefixes for preshared key entries

PSARC 2010/102 ikeadm dump algs 6927650 provide the list of DH groups in ikeadm 6927657 provide the list of algorithms offered by iked for IKE in ikeadm

PSARC 2010/055 ECP and RFC5114 groups for IKE 6586320 RFC 4753 ECP groups needed for IKE 6900895 RFC 5114 ECP Diffie-Hellman groups 6897862 RFC 5114 integer modulus Diffie-Hellman groups

6874992 in.iked does not use network byte order for IP address in sendto() call 6874983 ikedoor.h is not C++ safe 6885833 IPsec utilities should print lifetimes in human readable format 6889086 ikeadm reports kilobyte lifetimes with wrong units 6898492 iked should enforce lower maximum values for lifetimes 6897711 iked debug output should be less confusing for average sysadmin 6902926 SOFT kilobyte expires for inbound SAs should make it to userland and be reacted upon

6900753 Calls to dump_key in ikeadm.c could be refactored 6896962 ipsecconf incorrectly parses misconfigured hyphenated tokens 6898695 ipsecalgs -s causes kernel buffer corruption 6440628 ipseckey should ensure that argument is a file before parsing

PSARC/2008/252 Labeled IPsec phase 1 6886771 Labeled IPsec phase 1 6808727 Alignment error panic in tsol_can_accept_raw() 6894979 nightly -0 + -p builds then destroys SUNW0on

PSARC 2009/513 Changes to IPsec ESP to support Combined mode ciphers 6704686 IPsec/ESP needs to support Combined mode ciphers 6704682 IPsec/ESP should use AES-CCM 6884664 IPsec/ESP should support AES-GCM Mode 6840342 ipsecalgs out of memory error 6764184 tab instead of space in sadb.h

6824443 Make in.iked a 64-bit process when possible.

6520458 ikeadm should have command line history capabilities 4313953 ipseckey(1m) needs line editing support. 6814629 ipseckey should employ strict checking for {dump,flush} commands

PSARC 2008/525 ikeadm token login 6219638 in.iked(1m) should not have to read PKCS#11 pins off-disk 6780866 ikeadm should use authorizations

6762791 race condition found in ipsecah during ipsec-persock test 6767912 DPD needs to be less aggressive. 6768512 ikeadm(1m) doesn't print in-progress DPD

PSARC 2008/523 IPsec session failover 6398024 IPsec should support session failover across machines 6545486 PF_KEY needs to set an SA's sequence number

5007142 Add ntohll and htonll to sys/byteorder.h 6717509 Need to use bswap/bswapq for byte swap of 64-bit integer on x32/x64 PSARC 2008/474 Add 64-bit htonll() and ntohll() byte order conversion functions

6671705 ikeadm dump p1 shows bogus values for keylength 6673306 ikeadm does not print phase 1 oakley group used in negotiation 6673443 ikeadm shows PRF as unknown when it should be unavailable

PSARC 2008/014 SHA-2 support for IPsec and IKE 6586319 Need to enable SHA-256,384,512 support in AH, ESP, and IKE 6663271 sha2_mac_verify_atomic() function is missing SHA384 exceptions

6658263 ipseckey and ikeadm don't print ASN.1 ID values

6516622 ACQUIRE-specified lifetimes are now ignored by in.iked 6609988 superfluous debugging in isakmp_udp.c 6612767 Logfile time stamp for in.iked a bit OTT 6612771 Some in.iked messages contain information thats no longer useful

6585305 in.iked in debug mode needs to show phase 2 alg proposals and PF_KEY message contents

PSARC/2007/409 RFC 3526 Diffie-Hellman groups for IKE 4886779 RFC 3526 Diffie-Hellman groups for IKE

6561665 ipseckey -f does not understand "flush" keyword anymore

PSARC 2007/200 - Dedicated SMF services for IPsec/IKE 6185380 IPsec should be a separate (set) of smf(5) services 6440610 missing preshared remoteid line causes in.iked core dump on reading config 6462741 ipsecconf should have an option to check config file syntax 6467954 ipseckey exit code on failure inconsistent 6468456 ipsecconf uses strcpy() 6479903 in.iked with SMF should use _enter_daemon_lock() 6488927 ipseckey(1M) could do a better job of dealing with multiple errors 6497802 in.iked should use smf(5) properties instead of /etc/default/ipsec 6519836 ipseckey, ipsecconf require uid == 0, but configured to use profile 6529086 ipsec utilities can't deal with large files 6538478 Timestamp in in.iked debug output does not understand daylight savings time 6542255 in.iked can dump core when forced to load a new ike.preshared file with ikeadm. 6543263 ikeadm uses strcpy() 6543267 ipseckey uses strcpy() 6544087 memory leak with preshared key reloading --HG-- rename : usr/src/cmd/cmd-inet/usr.sbin/ikeadm.c => usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ikeadm.c rename : usr/src/cmd/cmd-inet/usr.sbin/ikecert.sh => usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ikecert.sh rename : usr/src/cmd/cmd-inet/usr.sbin/ipsecalgs.c => usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ipsecalgs.c rename : usr/src/cmd/cmd-inet/usr.sbin/ipsecconf.c => usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ipsecconf.c rename : usr/src/cmd/cmd-inet/usr.sbin/ipseckey.c => usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ipseckey.c