Hello,
I am investigating a usb issue on my imx6-based novena, and I tried to
set a breakpoint to inspect the backtrace when the issue occurs. The
problem is, when resuming execution out of ddb, I get a uvm_fault and
then the only way forward is to reboot the system.
Am I missing a step ? or is i
On Thu, 12 Jul 2018 19:54:26 +0200
Alexander Bluhm wrote:
>
> If it is a temporary problem, that will go away when the content
> of the socket buffer is sent away, we should block or return
> EWOULDBLOCK. For a permanent problem return EMSGSIZE. Non atomic
> operations can be split in smaller
So a while back Alexander Markert sent a bug report regarding sendmsg()
behaviour with IP_SENDSRCADDR :
https://marc.info/?l=openbsd-tech&m=149276833923905&w=2
This impacts our dnsmasq port :
https://marc.info/?l=openbsd-tech&m=149234052220818&w=2
Alexander Markert shows in the first thread the
On Tue, 10 Jan 2017 00:27:47 +0100
Stefan Sperling wrote:
> On Mon, Jan 09, 2017 at 01:54:55PM +0100, Stefan Sperling wrote:
> > This diff adds 11n support to the athn(4) driver.
> > Requires -current net80211 code from today.
>
> A better diff which fixes several bugs.
>
> Most notably this
up is never set in ifioctl().
Ok ?
Index: net/if.c
===
RCS file: /cvs/src/sys/net/if.c,v
retrieving revision 1.463
diff -u -p -r1.463 if.c
--- net/if.c28 Nov 2016 11:18:02 - 1.463
+++ net/if.c1 Dec 2016 20:31:27 -000
On Tue, 29 Nov 2016 17:03:44 +0100
Martin Pieuchot wrote:
> Diff below removes the 'struct route_in6' argument from
> in6_selectsrc().
>
> It is only used by in6_pcbselsrc() so move the code there. This
> reduces differences with IPv4 and help me to get rid of 'struct
> route*'.
>
> ok?
Reads
On Tue, 29 Nov 2016 15:13:16 +0100
Alexander Bluhm wrote:
> On Sat, Nov 05, 2016 at 12:41:39PM +0100, Vincent Gross wrote:
> > Updated diff, I reworked the logic to handle the if_get/if_put
> > dance in vxlan_multicast_join(), and fixed an uninitialized
> > variable.
>
On Thu, 10 Nov 2016 22:16:55 +0100
Vincent Gross wrote:
> On Sat, 5 Nov 2016 12:41:39 +0100
> Vincent Gross wrote:
>
> > Updated diff, I reworked the logic to handle the if_get/if_put dance
> > in vxlan_multicast_join(), and fixed an uninitialized variable.
> >
On Sat, 5 Nov 2016 12:41:39 +0100
Vincent Gross wrote:
> Updated diff, I reworked the logic to handle the if_get/if_put dance
> in vxlan_multicast_join(), and fixed an uninitialized variable.
>
> Ok ?
Anyone to comment or ok ? this blocks the submission of
other changes on the n
On Wed, 9 Nov 2016 13:16:46 +
Thomas Klute wrote:
> Hi tech@,
>
> this patch contains fixes for two bugs that break IKE rekeying
> initiated by iked. Please review, and apply or let me know what has to
> be changed! Both bugs are fixed by initializing the respective
> structures of the new I
On Mon, 7 Nov 2016 08:59:53 +0100
Martin Pieuchot wrote:
> On 04/11/16(Fri) 21:33, Vincent Gross wrote:
> > [...]
> > Why are you killing Strict Source Route Record ? Just as you did
> > with rtredirect(), you can check whether RTF_GATEWAY is set and
> > send back an
Updated diff, I reworked the logic to handle the if_get/if_put dance in
vxlan_multicast_join(), and fixed an uninitialized variable.
Ok ?
Index: net/if_vxlan.c
===
RCS file: /cvs/src/sys/net/if_vxlan.c,v
retrieving revision 1.51
diff
On Fri, 4 Nov 2016 12:01:58 +0100
Martin Pieuchot wrote:
> Rather than trying to keep this old routing table like function alive
> by reimplementing rn_refines(), let's get rid of it.
>
> ok?
>
> Index: net/route.c
> ===
> RCS file
On Tue, 1 Nov 2016 18:51:08 +0100
Mike Belopuhov wrote:
> On 1 November 2016 at 18:23, Vincent Gross
> wrote:
> > On Tue, 4 Oct 2016 01:07:51 +0200
> > Vincent Gross wrote:
> >
> >> On Sat, 24 Sep 2016 10:58:10 +0200
> >> Vincent Gross wr
On Tue, 4 Oct 2016 01:07:51 +0200
Vincent Gross wrote:
> On Sat, 24 Sep 2016 10:58:10 +0200
> Vincent Gross wrote:
>
> > Hi,
> >
> [snip]
> >
> > Aside from the mbuf issue, is this Ok ?
>
> I will go back on the mbuff stuff later.
>
> Dif
On Sat, 24 Sep 2016 10:58:10 +0200
Vincent Gross wrote:
> Hi,
>
[snip]
>
> Aside from the mbuf issue, is this Ok ?
I will go back on the mbuff stuff later.
Diff rebased, ok anyone ?
Index: net/if_vxlan.c
===
RCS fi
On Mon, 26 Sep 2016 18:33:43 +0200
j...@wxcvbn.org (Jeremie Courreges-Anglas) wrote:
> Don't ignore the "flags" argument passed to recvfromto. Doesn't
> matter for now in iked (0 is passed), but this kind of code tends to
> be copied.
>
> ok?
>
ok vgross@
>
> Index: util.c
>
Hi,
As said in Subject:.
I would like to get comments on the m_adj/m_pullup dance at the end of
vxlan_lookup() ; I do this because ether_input() access the ethernet header
with mtod(), and under some conditions the mbuf handled would have its
first data chunk empty (mh_len == 0). What is the rule
On Sun, 18 Sep 2016 13:11:58 -0400
David Hill wrote:
> Hello -
>
> Make sure we keep TF_NOPUSH set if TCP_NOPUSH was set.
>
> FreeBSD has the same:
> https://github.com/freebsd/freebsd/blob/c9af4f2541fd437e0805365fbeec46d69e033310/sys/netinet/tcp_syncache.c#L860
>
Ok vgross@
On Thu, 15 Sep 2016 16:29:45 +0200
Martin Pieuchot wrote:
> After discussing with a few people about a new "timed task" API I came
> to the conclusion that mixing timeouts and tasks will result in:
>
> - always including a 'struct timeout' in a 'struct task', or the
> other the way around
> or
On Tue, 13 Sep 2016 14:19:24 +0200
j...@wxcvbn.org (Jeremie Courreges-Anglas) wrote:
> Since it has been introduced, ip6_setpktopt has only been called with
> (sticky=1, cmsg=0) or (sticky=0, cmsg=1). Let's simplify this code.
Ok vgross@
>
>
> Index: ip6_output.c
> ===
On Tue, 13 Sep 2016 10:08:13 +0200
Martin Pieuchot wrote:
> On 12/09/16(Mon) 12:12, Vincent Gross wrote:
> > On Mon, 12 Sep 2016 10:49:03 +0200
> > Martin Pieuchot wrote:
> >
> > > I'd like to use a write lock to serialize accesses to ip_output().
> &
On Mon, 12 Sep 2016 10:49:03 +0200
Martin Pieuchot wrote:
> I'd like to use a write lock to serialize accesses to ip_output().
> This will be used to guarantee that atomic code sections in the
> socket layer stay atomic when the input/forwarding path won't run
> under KERNEL_LOCK().
>
> For such
in6_selectroute() checks whether the struct route it received contains
a valid route whose AF is not AF_INET6, "in case the cache is shared".
Well, is this cache shared or not ?
There's only two ways to get to in6_selectroute()
1) in6_pcbselsrc() -> in6_selectif() -> in6_selectroute()
It is trivia
Objections anyone ?
On Wed, 31 Aug 2016 15:57:45 +0200
Vincent Gross wrote:
> On Wed, 31 Aug 2016 15:26:53 +0200
> Vincent Gross wrote:
>
> > On Thu, 11 Aug 2016 16:57:27 +0100
> > Stuart Henderson wrote:
> >
> > > On 2016/06/27 1
ening NAT-T tunnels with iked ?
Cheers
> Would you mind looking at this issue also? :)
>
> Thanks!
>
> Claer
>
> On Thu, Sep 01 2016 at 31:10, Vincent Gross wrote:
>
> > Our IPSec stack rejects UDP-encapsulated traffic using a non
> > encapsulating SA, but n
This diff adds the missing bits to support NAT-on-enc in iked(8).
See OUTGOING NETWORK ADDRESS TRANSLATION in iked.conf(5), and also
http://undeadly.org/cgi?action=article&sid=20090127205841.
Ok ?
diff --git sbin/iked/iked.h sbin/iked/iked.h
index aa40d70..dfa04ad 100644
--- sbin/iked/iked.h
++
Our IPSec stack rejects UDP-encapsulated traffic using a non
encapsulating SA, but not the other way around. This diff adds
the missing check and the corresponding stat counter.
Ok ?
Index: sys/netinet/ip_esp.h
===
RCS file: /cvs/src
On Wed, 31 Aug 2016 16:09:30 +0200
Reyk Floeter wrote:
> On Wed, Aug 31, 2016 at 03:26:53PM +0200, Vincent Gross wrote:
> > On Thu, 11 Aug 2016 16:57:27 +0100
> > Stuart Henderson wrote:
> >
> > > On 2016/06/27 13:00, J?r?mie Courr?ges-Anglas wrote:
> &g
On Wed, 31 Aug 2016 15:26:53 +0200
Vincent Gross wrote:
> On Thu, 11 Aug 2016 16:57:27 +0100
> Stuart Henderson wrote:
>
> > On 2016/06/27 13:00, Jérémie Courrèges-Anglas wrote:
> [...]
> > >
> > > I also gave my ok to vgross by IM.
> > >
>
On Thu, 11 Aug 2016 16:57:27 +0100
Stuart Henderson wrote:
> On 2016/06/27 13:00, Jérémie Courrèges-Anglas wrote:
[...]
> >
> > I also gave my ok to vgross by IM.
> >
> > I know that some concerns have been exposed privately, I was not
> > Cc'd, thus I have no idea what is the current status
e things looking with IN_SENDSRCADDR now, are there any
> remaining concerns that need fixing before it could be committed?
> (Also if anyone has a share-able diff to use this with iked it
> would be quite handy..)
>
I just commited the diff with fixes, enhancements and regression tests.
All manners of testing and feedback are welcome !
--
Vincent Gross
On Wed, 20 Jul 2016 12:36:45 +0200
Vincent Gross wrote:
> This is a completely mechanical diff to get rid of the 7-params
> madness in in6_selectsrc().
>
> I also apply the same treatment to in_selectsrc() for consistency.
>
> Ok?
... and of course I forgot to initialize a
This is a completely mechanical diff to get rid of the 7-params madness
in in6_selectsrc().
I also apply the same treatment to in_selectsrc() for consistency.
Ok?
Index: sys/netinet/in_pcb.c
===
RCS file: /cvs/src/sys/netinet/in_pcb
On Mon, 13 Jun 2016 16:49:01 +0200
Vincent Gross wrote:
>
> While validating source address inside selection functions is the
> right direction, I don't think it would be a good thing to extend
> further in_selectsrc() prototype. However it is easy to add a check
> w
On Mon, 13 Jun 2016 19:57:15 +0200
Jeremie Courreges-Anglas wrote:
> Vincent Gross writes:
>
> > Le Mon, 13 Jun 2016 07:35:16 +0200,
> > j...@wxcvbn.org (Jeremie Courreges-Anglas) a écrit :
> >
> >> j...@wxcvbn.org (Jeremie Courreges-Anglas) writes:
> >
Le Mon, 13 Jun 2016 07:35:16 +0200,
j...@wxcvbn.org (Jérémie Courrèges-Anglas) a écrit :
> j...@wxcvbn.org (Jeremie Courreges-Anglas) writes:
>
> > cc'ing sthen since he also has interest in IP_SENDSRCADDR
> >
> > Jeremie Courreges-Anglas writes:
>
On Sun, 12 Jun 2016 15:29:32 +0200 (CEST)
Mark Kettenis wrote:
> > Date: Sun, 12 Jun 2016 14:59:55 +0200
> > From: Vincent Gross
> >
> > This diff adds support for IP_SENDSRCADDR cmsg on UDP sockets. As
> > for udp6_output(), we check that the source address
On Sun, 12 Jun 2016 15:00:14 +0200
Vincent Gross wrote:
Damn you autowrap ! get off my diff !
(thanks jca@ for spotting)
> This diff moves the cmsg handling code on top of udp_output(). I split
> the whole IP_SENDSRCADDR thung in two chunks so that it's easier to
> audit.
>
This diff moves the cmsg handling code on top of udp_output(). I split
the whole IP_SENDSRCADDR thung in two chunks so that it's easier to
audit.
ok ?
diff --git a/sys/netinet/udp_usrreq.c b/sys/netinet/udp_usrreq.c
index 2db5998..1feea11 100644
--- a/sys/netinet/udp_usrreq.c
+++ b/sys/netinet/ud
This diff adds support for IP_SENDSRCADDR cmsg on UDP sockets. As for
udp6_output(), we check that the source address+port is available only
if inp_laddr != *
Ok ?
diff --git a/share/man/man4/ip.4 b/share/man/man4/ip.4
index 111432b..154b0d1 100644
--- a/share/man/man4/ip.4
+++ b/share/man/man4/i
On Wed, 8 Jun 2016 15:12:23 +0200
Martin Pieuchot wrote:
> On 07/06/16(Tue) 22:02, Stuart Henderson wrote:
> > On 2016/06/07 21:49, Vincent Gross wrote:
> > >
> > > It's how henning@ set things up when integrating the new queuing
> > > mechanism.
>
Le Tue, 7 Jun 2016 10:48:22 +0200,
Martin Pieuchot a écrit :
> On 06/06/16(Mon) 23:52, Vincent Gross wrote:
> > On Mon, 6 Jun 2016 17:33:36 +0100
> > Stuart Henderson wrote:
> >
> > > On 2016/06/06 16:15, Vincent Gross wrote:
> > > > When send
On Mon, 6 Jun 2016 17:33:36 +0100
Stuart Henderson wrote:
> On 2016/06/06 16:15, Vincent Gross wrote:
> > When sending ARP requests, or when writing to a bpf handle (as when
> > sending DHCP Discover), we bypass pf(4) so we have no way to define
> > the priority (m->
When sending ARP requests, or when writing to a bpf handle (as when
sending DHCP Discover), we bypass pf(4) so we have no way to define
the priority (m->m_pkthdr.pf.prio) of the outgoing packets.
My ISP runs two vlans to separate the delivery of general-purpose
internet and TV/phone over fiber; on
On Tue, 31 May 2016 09:51:10 +0200
Martin Pieuchot wrote:
> On 19/04/16(Tue) 10:43, Martin Pieuchot wrote:
> > Mart Tõnso reported [0] a weird case related to the use of
> > ifa_ifwithnet().
> >
> > The problem is that ifa_ifwithroute() does not always use route
> > entries but the poor's man ro
When fragmenting ipv4, we do not preserve DiffServ/ToS field.
Here is how to observe this :
[obsd1](vlan10) (vlan10)[obsd2](vlan20) --mtu600-- (vlan20)[obsd3]
root@obsd2 # sysctl net.inet.ip.forwarding=1
root@obsd2 # tcpdump -ni $VLAN20DEV
user@obsd3 $ nc -4ul
root@obsd1 $ echo "pass
On Sun, 1 May 2016 13:27:29 +0200
Patrick Wildt wrote:
> Hi,
>
> I updated the diff with the feedback received. This basically adds
> a tree-like topology by making mainbus FDT aware and implementing
> a simplebus that can span the tree's roots into more branches.
>
> Next steps (and diffs) ar
in_pcblookup() is always called with *:0 for the remote side.
Remove the useless bits, shuffle the tests around and it's much
easier to audit.
Ok ?
Index: netinet/in_pcb.c
===
RCS file: /cvs/src/sys/netinet/in_pcb.c,v
retrieving revi
When using raw ip6 socket, one can connect(2) then send(2), or
just sendto(2). The code below would try to find the non-connected
raw ip6 socket corresponding to an incoming icmp6 message, to deliver
the failure. This code has been disabled ever since it has been put
in-tree, justifiably so because
The regression test in regress/sys/netinet6/autoport is failing because
my merge of in_pcbbind() and in6_pcbbind() introduced a bug. Long story
short, if nam == NULL, then you skip the part where you check if the socket
is already bound based on inp_laddr/inp_laddr6. Also INPLOOKUP_IPV6 is not
set
On 03/31/16 14:07, Alexander Bluhm wrote:
> On Wed, Mar 30, 2016 at 10:44:14PM +0200, Vincent Gross wrote:
>> This diff moves the "are we binding to a privileged port while not being
>> root ?"
>> check from in(6)_pcbaddrisavail() to in_pcbbind().
>
>> ---
On 03/31/16 14:07, Alexander Bluhm wrote:
> On Wed, Mar 30, 2016 at 10:44:14PM +0200, Vincent Gross wrote:
>> This diff moves the "are we binding to a privileged port while not being
>> root ?"
>> check from in(6)_pcbaddrisavail() to in_pcbbind().
>
>> ---
Hello,
This diff moves the "are we binding to a privileged port while not being root ?"
check from in(6)_pcbaddrisavail() to in_pcbbind().
This way we have a cleaner separation between "is the resource available ?"
and "am I allowed to access the resource ?" (which may or may not get its own
func
The current use of in_pcblookup() in in6_pcbconnect() is suboptimal :
all of the addresses and ports are defined, we are only interested in
exact matches, and its v4 cousin in_pcbconnect() already uses
in_pcbhashlookup().
Ok ?
Index: sys/netinet6/in6_pcb.c
in_pcbbind and in6_pcbbind have a lot in common, the only meaningful
differences are in the checks done to ensure a sockaddr is available.
This diff splits theses checks in their own functions, and merge the
remaining code in one single function. Aside from being easier to read,
it also makes it v
On 12/21/15 11:36, Martin Pieuchot wrote:
> Currently if you try to configure the same IPv6 address twice via the
> SIOCAIFADDR_IN6 ioctl(2) the kernel will return EEXIST and the address
> will be unset:
>
> # ifconfig vether0 inet6 2001::1
> # ifconfig vether0 inet6 2001::1
> ifconfig: SIOCAIFA
On 12/09/15 16:49, Vincent Gross wrote:
> in_pcbbind and in6_pcbbind both extends SO_REUSEADDR for multicast
> addresses so that it turns into a SO_REUSEPORT. But the check is done
> in such a way that you cannot bind a SO_REUSEPORT-enabled socket to a
> multicast address *after*
in_pcbbind and in6_pcbbind both extends SO_REUSEADDR for multicast
addresses so that it turns into a SO_REUSEPORT. But the check is done
in such a way that you cannot bind a SO_REUSEPORT-enabled socket to a
multicast address *after* you bound a SO_REUSEADDR-enabled socket to
the same address.
*But
On 12/07/15 14:57, Martin Pieuchot wrote:
> If the interface is gone that means you're dealing with a cached route
> so there's no need to try to remove it from the table.
>
> Better be explicit and do that before calling rtdeletemsg() rather than
> inside.
>
> ok?
ok vgross@
>
> Index: netine
in6_selectsrc() uses two different rtalloc calls depending on whether or
not the destination address is multicast or not, but there is nothing to
explain why. I dug a bit and found this commit from itojun@ :
diff -u -r1.6 -r1.7
--- src/sys/netinet6/in6_src.c 2000/06/18 04:49:32 1.6
+++ src/sy
On 12/03/15 10:21, Vincent Gross wrote:
> On 12/02/15 20:06, Martin Pieuchot wrote:
>> On 02/12/15(Wed) 16:18, Vincent Gross wrote:
>>> When fed a broadcast address, ifa_ifwitaddr() returns the unicast ifa
>>> whose broadcast address match the input. This is used ma
On 12/02/15 20:06, Martin Pieuchot wrote:
> On 02/12/15(Wed) 16:18, Vincent Gross wrote:
>> When fed a broadcast address, ifa_ifwitaddr() returns the unicast ifa
>> whose broadcast address match the input. This is used mainly to select
>> ifa, and there can be trouble when y
When fed a broadcast address, ifa_ifwitaddr() returns the unicast ifa
whose broadcast address match the input. This is used mainly to select
ifa, and there can be trouble when you have 2 ifas on the same range
(e.g. 10.0.0.1/24@em0 & 10.0.0.20/24@em1) :
netinet/ip_mroute.c:814
net/route.c:785
neti
regress/sys/net/rdomains still passes with this diff.
Ok ?
Index: net/if.c
===
RCS file: /cvs/src/sys/net/if.c,v
retrieving revision 1.398
diff -u -p -r1.398 if.c
--- net/if.c25 Oct 2015 21:58:04 - 1.398
+++ net/if.c
On 10/07/15 14:05, Martin Pieuchot wrote:
> On 01/10/15(Thu) 19:40, Vincent Gross wrote:
>> Although the sysctls controlling the port range are labelled
>> "port(hi)?first" and
>> "port(hi)?last", no ordering is enforced and you can have portf
hanges right now or should ipv4 be validated
first ?
--
Vincent Gross
Index: netinet/in_pcb.c
===
RCS file: /cvs/src/sys/netinet/in_pcb.c,v
retrieving revision 1.180
diff -u -p -r1.180 in_pcb.c
--- netinet/in_pcb.c22 Sep 2015
On 09/18/15 23:39, David Hill wrote:
> On Fri, Sep 18, 2015 at 11:05:55PM +0200, Vincent Gross wrote:
>> On 09/18/15 15:18, David Hill wrote:
>>> Is this 'if (count)' statement needed? We know first > last, so count
>>> will always be positive. las
>
Both remarks are true, but I think it is better to keep a more extensive
refactoring in a separate diff, refactoring that shall get rid of this
yucky code duplication.
--
Vincent Gross
On 09/13/15 11:49, Vincent Gross wrote:
> On 09/13/15 10:37, Claudio Jeker wrote:
>> On Sun, Sep 13, 2015 at 12:18:10AM +0200, Vincent Gross wrote:
>>> On 09/12/15 22:10, Claudio Jeker wrote:
>>>> On Sat, Sep 12, 2015 at 02:40:59PM +0200, Vincent Gross wrote:
>
On 09/13/15 10:37, Claudio Jeker wrote:
> On Sun, Sep 13, 2015 at 12:18:10AM +0200, Vincent Gross wrote:
>> On 09/12/15 22:10, Claudio Jeker wrote:
>>> On Sat, Sep 12, 2015 at 02:40:59PM +0200, Vincent Gross wrote:
>>>> inpt_lastport is never read without
On 09/12/15 22:10, Claudio Jeker wrote:
> On Sat, Sep 12, 2015 at 02:40:59PM +0200, Vincent Gross wrote:
>> inpt_lastport is never read without being written before, and only
>> in_pcbbind()
>> and in6_pcbsetport() are using it. This diff removes inpt_lastport from
>>
inpt_lastport is never read without being written before, and only
in_pcbbind()
and in6_pcbsetport() are using it. This diff removes inpt_lastport from
struct inpcbtable and turns it into a local variable where it is used.
Ok ?
--
Vincent
Index: sys/netinet/in_pcb.c
=
Hi folks,
crypto(9) describes functions and constants that are not part of
crypto/cryptodev.h anymore (see 1.58 -> 1.60), this patch fixes that.
Cheers,
--
Vincent / dermiste
Index: crypto.9
===
RCS file: /cvs/src/share/man/man9/c
Hi folks,
this patch makes iked clean its SAs on shutdown: for each existing IKE
SA, all of their Child SAs will be removed from the kernel, and a IKE
DELETE notification payload will be sent to the peer.
Comments ?
Cheers,
--
Vincent / dermiste
Index: iked.h
=
On Mon, Apr 20, 2015 at 07:35:58PM +0059, Jason McIntyre wrote:
> On Wed, Apr 15, 2015 at 05:13:13PM +0200, Vincent Gross wrote:
> > Hello,
> >
> > iked.conf's man page is a bit fuzzy on how local and peer ip defaults
> > are set. This patch below attempts t
Hello,
iked.conf's man page is a bit fuzzy on how local and peer ip defaults
are set. This patch below attempts to fix that.
Also, can you take a look at my previous nat-on-ipsec-on-iked patchset ?
see http://marc.info/?l=openbsd-tech&m=142662971007779&w=2
Cheers,
Index: iked.conf.5
=
inuous Delivery, DR, or just plain old
> laziness). It would be really nice if the OpenBSD installer would handle
> this in a sane fashion.
Do you want me to write an ansible playbook to run a handful of shell
commands over ssh ?
Cheers,
--
Vincent Gross
Hi,
The diff below bring into iked the same nat capabilities that isakmpd
already has.
Tested on a daily basis to tunnel from work to home over UMTS.
Comments ?
--
Vincent Gross
Index: iked.h
===
RCS file: /cvs/src/sbin/iked
On Thu, Jan 15, 2015 at 04:00:20PM +0100, Vincent Gross wrote:
> Hello folks,
>
> This patch brings nat capabilites into iked, the same way that mpf@ did
> with isakmpd about 6 years ago.
>
> Comments ?
bumpity bump bump.
Any comments on this ?
>
> Tested with the fo
Hello folks,
This patch brings nat capabilites into iked, the same way that mpf@ did
with isakmpd about 6 years ago.
Comments ?
Tested with the following setup, with icmp, udp and tcp:
>> Local pf.conf:
table { 172.23.0.0/23 }
set skip on lo
match out on enc0 from ! to nat-to 172.23.50.1
On Tue, Nov 25, 2014 at 05:35:19PM +0100, Mike Belopuhov wrote:
[...]
>
> señior pedro@ was kind enough to send a potential fix for this.
> this will be commited soon.
>
>
> diff --git sbin/iked/ca.c sbin/iked/ca.c
> index e43b58b..a008f99 100644
> --- sbin/iked/ca.c
> +++ sbin/iked/ca.c
> @@ -5
Hi tech@,
I've been using iked for some weeks to tunnel my laptop to home over 3G.
Sunday I upgraded my laptop to the latest snapshot; previous upgrade was
about 2 or 3 weeks ago. When I started iked, it crashed randomly, as in
one time it runs just fine and completes the handshake, the other it
c
Hi,
Two diffs below. The first moves ecdsa_method declaration from
ecs_locl.h to ecdsa.h, as ecs_locl.h is not installed in
/usr/include/openssl/.
The second one adds DSA and ECDSA capabilities to relayd ca engine, and
also checks that when using a DSA certificate, we have enabled EDH in
the rele
On Wed, Jan 15, 2014 at 06:25:53PM +0200, MJ wrote:
>
> I have long held the opinion that Theo is probably the best coder on this
> planet. That?s not any sort of ass-kissing, either, it?s my objective,
> unbiased opinion. And I know Henning personally, as in ?live and worked
> together with hi
85 matches
Mail list logo
