Cross Reference: /illumos-gate/usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ipseckey.c

History log of /illumos-gate/usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ipseckey.c
Revision	Date	Author	Comments Expand
f02131e024f67c2f5ecda4e85e852a0edb3cea0a	21-Jun-2010	Vladimir Kotal <Vladimir.Kotal@Sun.COM>	6945640 ipseckey won't create SA between ipv6 link-local and multicast address; dumps core instead 6949084 pfp_delete_rule() has use-after-free problem ipsecconf.c ipseckey.c
df8eb1c6f8abc69ad7de0e40e0ea573eb3000b0b	07-Jan-2010	Vladimir Kotal <Vladimir.Kotal@Sun.COM>	6913939 'ipseckey get esp inbound' cores ipseckey.c
510c3f914054fe5a373967f2397b3d61a91c5bb9	22-Dec-2009	Vladimir Kotal <Vladimir.Kotal@Sun.COM>	6874992 in.iked does not use network byte order for IP address in sendto() call 6874983 ikedoor.h is not C++ safe 6885833 IPsec utilities should print lifetimes in human readable format 6889086 ikeadm reports kilobyte lifetimes with wrong units 6898492 iked should enforce lower maximum values for lifetimes 6897711 iked debug output should be less confusing for average sysadmin 6902926 SOFT kilobyte expires for inbound SAs should make it to userland and be reacted upon ikeadm.c ipseckey.c /illumos-gate/usr/src/lib/libipsecutil/common/ikedoor.h /illumos-gate/usr/src/lib/libipsecutil/common/ipsec_util.c /illumos-gate/usr/src/lib/libipsecutil/common/ipsec_util.h /illumos-gate/usr/src/lib/libipsecutil/common/mapfile-vers /illumos-gate/usr/src/uts/common/inet/ip/sadb.c
d0115d88cdf265fa2cc0481f8a6db735be47f2b9	20-Nov-2009	Mark Fenwick <Mark.Fenwick@Sun.COM>	6900753 Calls to dump_key in ikeadm.c could be refactored 6896962 ipsecconf incorrectly parses misconfigured hyphenated tokens 6898695 ipsecalgs -s causes kernel buffer corruption 6440628 ipseckey should ensure that argument is a file before parsing ikeadm.c ipsecconf.c ipseckey.c /illumos-gate/usr/src/uts/common/inet/ip/spd.c /illumos-gate/usr/src/uts/common/inet/ip/spdsock.c
5d3b8cb7141cfa596d20cdc5043b8a6df635938d	03-Nov-2009	Bill Sommerfeld <sommerfeld@sun.com>	PSARC/2008/252 Labeled IPsec phase 1 6886771 Labeled IPsec phase 1 6808727 Alignment error panic in tsol_can_accept_raw() 6894979 nightly -0 + -p builds then destroys SUNW0on Makefile ikeadm.c ipseckey.c /illumos-gate/usr/src/cmd/ptools/pfiles/pfiles.c /illumos-gate/usr/src/cmd/truss/print.c /illumos-gate/usr/src/cmd/tsol/tnctl/tnzonecfg /illumos-gate/usr/src/lib/libipsecutil/Makefile.com /illumos-gate/usr/src/lib/libipsecutil/common/ikedoor.h /illumos-gate/usr/src/lib/libipsecutil/common/ipsec_util.c /illumos-gate/usr/src/lib/libipsecutil/common/ipsec_util.h /illumos-gate/usr/src/lib/libipsecutil/common/mapfile-vers /illumos-gate/usr/src/tools/scripts/nightly.sh /illumos-gate/usr/src/uts/common/inet/ip/icmp.c /illumos-gate/usr/src/uts/common/inet/ip/icmp_opt_data.c /illumos-gate/usr/src/uts/common/inet/ip/ip.c /illumos-gate/usr/src/uts/common/inet/ip/ip6.c /illumos-gate/usr/src/uts/common/inet/ip/ip_opt_data.c /illumos-gate/usr/src/uts/common/inet/ip/ip_sadb.c /illumos-gate/usr/src/uts/common/inet/ip/ipclassifier.c /illumos-gate/usr/src/uts/common/inet/ip/ipsecah.c /illumos-gate/usr/src/uts/common/inet/ip/ipsecesp.c /illumos-gate/usr/src/uts/common/inet/ip/sadb.c /illumos-gate/usr/src/uts/common/inet/ip/spd.c /illumos-gate/usr/src/uts/common/inet/ip/tn_ipopt.c /illumos-gate/usr/src/uts/common/inet/ip/tnet.c /illumos-gate/usr/src/uts/common/inet/ipclassifier.h /illumos-gate/usr/src/uts/common/inet/ipsec_impl.h /illumos-gate/usr/src/uts/common/inet/iptun/iptun.c /illumos-gate/usr/src/uts/common/inet/mib2.h /illumos-gate/usr/src/uts/common/inet/sadb.h /illumos-gate/usr/src/uts/common/inet/sctp/sctp.c /illumos-gate/usr/src/uts/common/inet/sctp/sctp_bind.c /illumos-gate/usr/src/uts/common/inet/sctp/sctp_common.c /illumos-gate/usr/src/uts/common/inet/sctp/sctp_cookie.c /illumos-gate/usr/src/uts/common/inet/sctp/sctp_error.c /illumos-gate/usr/src/uts/common/inet/sctp/sctp_impl.h /illumos-gate/usr/src/uts/common/inet/sctp/sctp_opt_data.c /illumos-gate/usr/src/uts/common/inet/sctp/sctp_snmp.c /illumos-gate/usr/src/uts/common/inet/tcp/tcp.c /illumos-gate/usr/src/uts/common/inet/tcp/tcp_opt_data.c /illumos-gate/usr/src/uts/common/inet/udp/udp.c /illumos-gate/usr/src/uts/common/inet/udp/udp_opt_data.c /illumos-gate/usr/src/uts/common/net/pfkeyv2.h /illumos-gate/usr/src/uts/common/os/policy.c /illumos-gate/usr/src/uts/common/os/priv_defs /illumos-gate/usr/src/uts/common/os/putnext.c /illumos-gate/usr/src/uts/common/sys/policy.h /illumos-gate/usr/src/uts/common/sys/socket.h /illumos-gate/usr/src/uts/common/sys/tsol/label.h /illumos-gate/usr/src/uts/common/sys/tsol/tnet.h
628b0c67908adce18522d53bb2bf8d6c3b321579	21-Oct-2009	Mark Fenwick <Mark.Fenwick@Sun.COM>	PSARC 2009/513 Changes to IPsec ESP to support Combined mode ciphers 6704686 IPsec/ESP needs to support Combined mode ciphers 6704682 IPsec/ESP should use AES-CCM 6884664 IPsec/ESP should support AES-GCM Mode 6840342 ipsecalgs out of memory error 6764184 tab instead of space in sadb.h /illumos-gate/usr/src/cmd/cmd-inet/etc/ipsecalgs ikeadm.c ipsecalgs.c ipsecconf.c ipseckey.c /illumos-gate/usr/src/head/netdb.h /illumos-gate/usr/src/lib/libipsecutil/common/algs.c /illumos-gate/usr/src/lib/libipsecutil/common/ipsec_util.c /illumos-gate/usr/src/lib/libipsecutil/common/ipsec_util.h /illumos-gate/usr/src/lib/libnsl/ipsec/algs.c /illumos-gate/usr/src/pkgdefs/common_files/i.ipsecalgsbase /illumos-gate/usr/src/uts/common/inet/ip/ipdrop.c /illumos-gate/usr/src/uts/common/inet/ip/ipsecah.c /illumos-gate/usr/src/uts/common/inet/ip/ipsecesp.c /illumos-gate/usr/src/uts/common/inet/ip/sadb.c /illumos-gate/usr/src/uts/common/inet/ip/spd.c /illumos-gate/usr/src/uts/common/inet/ip/spdsock.c /illumos-gate/usr/src/uts/common/inet/ipdrop.h /illumos-gate/usr/src/uts/common/inet/ipsec_impl.h /illumos-gate/usr/src/uts/common/inet/ipsec_info.h /illumos-gate/usr/src/uts/common/inet/sadb.h /illumos-gate/usr/src/uts/common/net/pfkeyv2.h /illumos-gate/usr/src/uts/common/net/pfpolicy.h
bfe6f8f50e1ad7cfc72f4665989dc9e25e82e872	18-Mar-2009	Vladimir Kotal <Vladimir.Kotal@Sun.COM>	6520458 ikeadm should have command line history capabilities 4313953 ipseckey(1m) needs line editing support. 6814629 ipseckey should employ strict checking for {dump,flush} commands ikeadm.c ipseckey.c /illumos-gate/usr/src/lib/libipsecutil/Makefile.com /illumos-gate/usr/src/lib/libipsecutil/common/ipsec_util.c /illumos-gate/usr/src/lib/libipsecutil/common/ipsec_util.h
9c2c14ab194d42014417b385d6bf226ba1a37995	30-Sep-2008	Thejaswini Singarajipura <Thejaswini.Singarajipura@Sun.COM>	PSARC 2008/523 IPsec session failover 6398024 IPsec should support session failover across machines 6545486 PF_KEY needs to set an SA's sequence number ikeadm.c ipseckey.c /illumos-gate/usr/src/lib/libipsecutil/common/ikedoor.h /illumos-gate/usr/src/lib/libipsecutil/common/ipsec_util.c /illumos-gate/usr/src/lib/libipsecutil/common/ipsec_util.h /illumos-gate/usr/src/uts/common/inet/ip/ip.c /illumos-gate/usr/src/uts/common/inet/ip/ip_sadb.c /illumos-gate/usr/src/uts/common/inet/ip/ipdrop.c /illumos-gate/usr/src/uts/common/inet/ip/ipsecah.c /illumos-gate/usr/src/uts/common/inet/ip/ipsecesp.c /illumos-gate/usr/src/uts/common/inet/ip/keysock.c /illumos-gate/usr/src/uts/common/inet/ip/sadb.c /illumos-gate/usr/src/uts/common/inet/ipdrop.h /illumos-gate/usr/src/uts/common/inet/sadb.h /illumos-gate/usr/src/uts/common/net/pfkeyv2.h /illumos-gate/usr/src/uts/intel/ia32/ml/modstubs.s /illumos-gate/usr/src/uts/intel/ip/ip.global-objs.debug64 /illumos-gate/usr/src/uts/intel/ip/ip.global-objs.obj64 /illumos-gate/usr/src/uts/sparc/ip/ip.global-objs.debug64 /illumos-gate/usr/src/uts/sparc/ip/ip.global-objs.obj64 /illumos-gate/usr/src/uts/sparc/ml/modstubs.s
38d95a786e32a3f7e21450bff371f0778db4c181	20-May-2008	markfen <none@none>	PSARC/2008/232 Paired IPsec Security Associations 6584918 in.iked will exit if you try and add a duplicate rule with ikeadm 6595953 Remove SCCS keywords from ipsec{ah,esp}, keysock, and spdsock 6628201 Inbound and Outbound IPsec SA's should be treated as a pair. 6643439 check_rule() in in.iked does not sanity check kilobyte based lifetime values 6668752 ikeadm(1m) get defaults displays wrong value for p2_softlife_kb 6669211 Need a way to disable Soft Expires when using in.iked(1m) 6670612 sadb_address_proto and sadb_address_prefixlen need to be initialized in NAT_T extensions. 6674203 Ordering of src/dst address extensions in pf_key messages is inconsistent. 6676436 ipseckey(1m) error messages could be less cryptic 6683004 Updating hard_usetime on an IPsec SA will cause it to evaporate. 6703265 in.iked can dump core if avl_nearest() returns NULL ipseckey.c /illumos-gate/usr/src/lib/libipsecutil/common/ipsec_util.c /illumos-gate/usr/src/uts/common/inet/ip/ipsecah.c /illumos-gate/usr/src/uts/common/inet/ip/ipsecahddi.c /illumos-gate/usr/src/uts/common/inet/ip/ipsecesp.c /illumos-gate/usr/src/uts/common/inet/ip/ipsecespddi.c /illumos-gate/usr/src/uts/common/inet/ip/keysock.c /illumos-gate/usr/src/uts/common/inet/ip/keysockddi.c /illumos-gate/usr/src/uts/common/inet/ip/sadb.c /illumos-gate/usr/src/uts/common/inet/ip/spdsockddi.c /illumos-gate/usr/src/uts/common/inet/sadb.h /illumos-gate/usr/src/uts/common/net/pfkeyv2.h
a050d7e901ad972bf85a70cf6c67b5d4dd69395b	08-Feb-2008	pwernau <none@none>	6659486 ipseckey dumps core with encryption key and no other parameters ipseckey.c
23c73ecc8c565b8247ce7f888170bfbbce3e589c	24-Oct-2007	pwernau <none@none>	5053475 certlib_load() error messages need improving. 6614180 file permissions on public keys and CRLs should be more open 6614741 keying material with insecure permissions should not be trusted ipseckey.c /illumos-gate/usr/src/lib/libipsecutil/common/ipsec_util.h /illumos-gate/usr/src/pkgdefs/SUNWcnetr/postinstall /illumos-gate/usr/src/tools/scripts/bfu.sh
72c8fd38a6ea9ea08b62d28576758c1181f1012c	02-Oct-2007	markfen <none@none>	6610537 ipseckey error output can get mangled on x86 6610538 ipseckey can core dump with truncated input ipseckey.c
437220cd296f6d8b6654d6d52508b40b1e2d1ac7	04-Sep-2007	danmcd <none@none>	PSARC 2007/449 Detangle IPsec NAT Traversal 6481450 nattymod calls putnext() on a freed queue. 6558864 remove nattymod 6558870 Implement SA last-used time and idle actions 6582318 "mandatory" is spelled wrong in pfiles 6584011 save_assoc() gets confused w.r.t. "proto". 6588015 Missing "encap udp" must be better diagnosed by ipseckey(1M). 6595368 Need "ipsec-nat-t" in /etc/services 6595877 ipseckey(1M) can produce output it can't read back in (line-too-big) --HG-- rename : usr/src/uts/common/inet/ip/nattymod.c => deleted_files/usr/src/uts/common/inet/ip/nattymod.c rename : usr/src/uts/intel/nattymod/Makefile => deleted_files/usr/src/uts/intel/nattymod/Makefile rename : usr/src/uts/sparc/nattymod/Makefile => deleted_files/usr/src/uts/sparc/nattymod/Makefile /illumos-gate/deleted_files/usr/src/uts/common/inet/ip/nattymod.c /illumos-gate/deleted_files/usr/src/uts/intel/nattymod/Makefile /illumos-gate/deleted_files/usr/src/uts/sparc/nattymod/Makefile /illumos-gate/usr/src/cmd/cmd-inet/etc/services ipseckey.c /illumos-gate/usr/src/cmd/ptools/pfiles/pfiles.c /illumos-gate/usr/src/cmd/truss/print.c /illumos-gate/usr/src/lib/libipsecutil/common/ipsec_util.c /illumos-gate/usr/src/lib/libipsecutil/common/ipsec_util.h /illumos-gate/usr/src/pkgdefs/SUNWckr/prototype_i386 /illumos-gate/usr/src/pkgdefs/SUNWckr/prototype_sparc /illumos-gate/usr/src/tools/scripts/bfu.sh /illumos-gate/usr/src/uts/common/Makefile.files /illumos-gate/usr/src/uts/common/inet/ip.h /illumos-gate/usr/src/uts/common/inet/ip/ip.c /illumos-gate/usr/src/uts/common/inet/ip/ip_if.c /illumos-gate/usr/src/uts/common/inet/ip/ipdrop.c /illumos-gate/usr/src/uts/common/inet/ip/ipsecah.c /illumos-gate/usr/src/uts/common/inet/ip/ipsecesp.c /illumos-gate/usr/src/uts/common/inet/ip/sadb.c /illumos-gate/usr/src/uts/common/inet/ipdrop.h /illumos-gate/usr/src/uts/common/inet/ipsec_impl.h /illumos-gate/usr/src/uts/common/inet/ipsecesp.h /illumos-gate/usr/src/uts/common/inet/sadb.h /illumos-gate/usr/src/uts/common/inet/udp/udp.c /illumos-gate/usr/src/uts/common/inet/udp/udp_opt_data.c /illumos-gate/usr/src/uts/common/inet/udp_impl.h /illumos-gate/usr/src/uts/common/netinet/udp.h /illumos-gate/usr/src/uts/intel/Makefile.intel.shared /illumos-gate/usr/src/uts/intel/ia32/ml/modstubs.s /illumos-gate/usr/src/uts/sparc/Makefile.sparc.shared /illumos-gate/usr/src/uts/sparc/ml/modstubs.s
bb3ed8dfcb84e1d06fdc5da3b0ca7758e737644b	15-Aug-2007	pwernau <none@none>	6585305 in.iked in debug mode needs to show phase 2 alg proposals and PF_KEY message contents ikeadm.c ipseckey.c /illumos-gate/usr/src/lib/libipsecutil/common/ipsec_util.c /illumos-gate/usr/src/lib/libipsecutil/common/ipsec_util.h
ec4858345aa8c9134ae2563545c54823cd78b5c8	29-Jun-2007	pwernau <none@none>	6477017 ipseckey could should not reject a hex string that starts '0x' 6499919 ipseckey should throw out encryption keys for "null" algorithm ipseckey.c
25e435e0812a1f7baf9b71795cee95da3f7b9098	29-May-2007	pwernau <none@none>	6561665 ipseckey -f does not understand "flush" keyword anymore ikeadm.c ipseckey.c /illumos-gate/usr/src/lib/libipsecutil/common/ipsec_util.c /illumos-gate/usr/src/lib/libipsecutil/common/ipsec_util.h
e3320f40ba20e6851e73a3237eedf089700bf001	15-May-2007	markfen <none@none>	PSARC 2007/200 - Dedicated SMF services for IPsec/IKE 6185380 IPsec should be a separate (set) of smf(5) services 6440610 missing preshared remoteid line causes in.iked core dump on reading config 6462741 ipsecconf should have an option to check config file syntax 6467954 ipseckey exit code on failure inconsistent 6468456 ipsecconf uses strcpy() 6479903 in.iked with SMF should use _enter_daemon_lock() 6488927 ipseckey(1M) could do a better job of dealing with multiple errors 6497802 in.iked should use smf(5) properties instead of /etc/default/ipsec 6519836 ipseckey, ipsecconf require uid == 0, but configured to use profile 6529086 ipsec utilities can't deal with large files 6538478 Timestamp in in.iked debug output does not understand daylight savings time 6542255 in.iked can dump core when forced to load a new ike.preshared file with ikeadm. 6543263 ikeadm uses strcpy() 6543267 ipseckey uses strcpy() 6544087 memory leak with preshared key reloading --HG-- rename : usr/src/cmd/cmd-inet/usr.sbin/ikeadm.c => usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ikeadm.c rename : usr/src/cmd/cmd-inet/usr.sbin/ikecert.sh => usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ikecert.sh rename : usr/src/cmd/cmd-inet/usr.sbin/ipsecalgs.c => usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ipsecalgs.c rename : usr/src/cmd/cmd-inet/usr.sbin/ipsecconf.c => usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ipsecconf.c rename : usr/src/cmd/cmd-inet/usr.sbin/ipseckey.c => usr/src/cmd/cmd-inet/usr.sbin/ipsecutils/ipseckey.c /illumos-gate/usr/src/Targetdirs /illumos-gate/usr/src/cmd/Makefile.cmd /illumos-gate/usr/src/cmd/cmd-inet/usr.sbin/Makefile Makefile ikeadm.c ikecert.sh ipsecalgs.c ipsecalgs.xml ipsecconf.c ipseckey.c manual-key.xml policy.xml /illumos-gate/usr/src/cmd/cvcd/cvc.xml /illumos-gate/usr/src/cmd/dcs/sparc/sun4u/dcs.xml /illumos-gate/usr/src/cmd/sckmd/sckmd.xml /illumos-gate/usr/src/cmd/svc/milestone/net-init /illumos-gate/usr/src/lib/libipsecutil/common/err.c /illumos-gate/usr/src/lib/libipsecutil/common/err.h /illumos-gate/usr/src/lib/libipsecutil/common/ipsec_util.c /illumos-gate/usr/src/lib/libipsecutil/common/ipsec_util.h /illumos-gate/usr/src/lib/libipsecutil/common/mapfile-vers /illumos-gate/usr/src/lib/libsecdb/exec_attr.txt /illumos-gate/usr/src/lib/libsecdb/help/profiles/RtNetIPsec.html /illumos-gate/usr/src/lib/libsecdb/prof_attr.txt /illumos-gate/usr/src/pkgdefs/SUNWcsr/postinstall /illumos-gate/usr/src/pkgdefs/SUNWcsr/preinstall /illumos-gate/usr/src/pkgdefs/SUNWcsr/prototype_com /illumos-gate/usr/src/tools/scripts/bfu.sh

PSARC/2008/252 Labeled IPsec phase 1 6886771 Labeled IPsec phase 1 6808727 Alignment error panic in tsol_can_accept_raw() 6894979 nightly -0 + -p builds then destroys SUNW0on