Re: CVS commit: src/sys/netipsec
Le 14/05/2018 à 04:16, Ryota Ozaki a écrit : Module Name:src Committed By: ozaki-r Date: Mon May 14 02:16:30 UTC 2018 Modified Files: src/sys/netipsec: xform_tcp.c Log Message: Restore TCP header inclusions for TCP_SIGNATURE To generate a diff of this commit: cvs rdiff -u -r1.20 -r1.21 src/sys/netipsec/xform_tcp.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. arrrfff yes this file doesn't get built by default, phew
Re: CVS commit: src/sys/netipsec
On Mar 7, 7:36pm, ja...@uninett.no (Jarle Greipsland) wrote: -- Subject: Re: CVS commit: src/sys/netipsec | "Christos Zoulas" writes: | > Module Name:src | > Committed By: christos | > Date: Sat Mar 5 20:13:40 UTC 2016 | > | > Modified Files: | > src/sys/netipsec: key.c | > | > Log Message: | > Fix port matching; we need to ignore ports when they are 0 not only in | > the second saidx but the first one too. Fixes NAT-T issue with NetBSD | > being the host behind NAT. | Will this fix also resolve bin/47894? Or is that one an entirely | different beast? I am not sure. From the log it does not seem that it fails to complete find the saidx entry for it. But I would definitely give it a try, because being behind NAT was not working for me before and now it is. I also have a much better clue how to debug the problem now :-) christos
Re: CVS commit: src/sys/netipsec
"Christos Zoulas" writes: > Module Name: src > Committed By: christos > Date: Sat Mar 5 20:13:40 UTC 2016 > > Modified Files: > src/sys/netipsec: key.c > > Log Message: > Fix port matching; we need to ignore ports when they are 0 not only in > the second saidx but the first one too. Fixes NAT-T issue with NetBSD > being the host behind NAT. Will this fix also resolve bin/47894? Or is that one an entirely different beast? -jarle
Re: CVS commit: src/sys/netipsec
Hi, Thus wrote Manuel Bouyer (bou...@antioche.eu.org): > On Fri, Apr 01, 2011 at 08:29:30AM +, S.P.Zeidler wrote: > > Module Name:src > > Committed By: spz > > Date: Fri Apr 1 08:29:30 UTC 2011 > > > > Modified Files: > > src/sys/netipsec: xform_ipcomp.c > > > > Log Message: > > mitigation for CVE-2011-1024 > > Hi, > are you sure about this CVE number ? It's wrong, should have been CVE-2011-1547 Please see tech-net for further discussion. Improvements, tests, etc greatly appreciated. "Someone with a clue about the network stack should look this over". regards, spz -- s...@serpens.de (S.P.Zeidler)
Re: CVS commit: src/sys/netipsec
On Jul 30, 2009, at 8:02 PM, Erik Fair wrote: On Jul 30, 2009, at 07:41, Jonathan A. Kollasch wrote: Module Name:src Committed By: jakllsch Date: Thu Jul 30 14:41:59 UTC 2009 Modified Files: src/sys/netipsec: ipsec.c Log Message: As explained in kern/41701 there's a missing splx() here. To generate a diff of this commit: cvs rdiff -u -r1.45 -r1.46 src/sys/netipsec/ipsec.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Has a pullup request for the netbsd-5 branch been submitted? Yes.
Re: CVS commit: src/sys/netipsec
On Jul 30, 2009, at 07:41, Jonathan A. Kollasch wrote: Module Name:src Committed By: jakllsch Date: Thu Jul 30 14:41:59 UTC 2009 Modified Files: src/sys/netipsec: ipsec.c Log Message: As explained in kern/41701 there's a missing splx() here. To generate a diff of this commit: cvs rdiff -u -r1.45 -r1.46 src/sys/netipsec/ipsec.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. Has a pullup request for the netbsd-5 branch been submitted? Erik