svn commit: r266800 - in head/sys: netinet6 netipsec

2014-05-28 Thread VANHULLEBUS Yvan
Author: vanhu Date: Wed May 28 12:45:27 2014 New Revision: 266800 URL: http://svnweb.freebsd.org/changeset/base/266800 Log: Fixed IPv4-in-IPv6 and IPv6-in-IPv4 IPsec tunnels. For IPv6-in-IPv4, you may need to do the following command on the tunnel interface if it is configured as IPv4 only:

svn commit: r240392 - head/sys/netipsec

2012-09-12 Thread VANHULLEBUS Yvan
Author: vanhu Date: Wed Sep 12 12:14:50 2012 New Revision: 240392 URL: http://svn.freebsd.org/changeset/base/240392 Log: In NAT-T transport mode, allow a client to open a new connection just after closing another. It worked only in tunnel mode before. Submitted by: Andreas Longwitz M

svn commit: r221692 - head/sys/netipsec

2011-05-09 Thread VANHULLEBUS Yvan
Author: vanhu Date: Mon May 9 13:16:21 2011 New Revision: 221692 URL: http://svn.freebsd.org/changeset/base/221692 Log: Release SP's refcount in key_get_spdbyid(). PR: 156676 Submitted by: Tobias Brunner (tob...@strongswan.org) MFC after:1 week Modified: head/sys/netipsec/key.

svn commit: r219026 - head/sys/opencrypto

2011-02-25 Thread VANHULLEBUS Yvan
Author: vanhu Date: Fri Feb 25 09:29:32 2011 New Revision: 219026 URL: http://svn.freebsd.org/changeset/base/219026 Log: fixed size of AH_ALEN_MAX, which is 64 bytes for SHA-512. Obtained from:Matthias Drochner MFC after: 3d Modified: head/sys/opencrypto/xform.h Modified: hea

Re: svn commit: r218794 - in head: . sys/netipsec

2011-02-21 Thread VANHULLEBUS Yvan
On Mon, Feb 21, 2011 at 10:21:43AM +0100, Pawel Jakub Dawidek wrote: > On Mon, Feb 21, 2011 at 09:40:25AM +0100, VANHULLEBUS Yvan wrote: [RFC4868 and MFC] > You can't talk to two such peers with sysctl or without anyway. I assume > that if someone already has tunnels configured and t

Re: svn commit: r218794 - in head: . sys/netipsec

2011-02-21 Thread VANHULLEBUS Yvan
Hi. On Sat, Feb 19, 2011 at 08:34:12AM +0100, Pawel Jakub Dawidek wrote: > On Fri, Feb 18, 2011 at 09:40:13AM +0000, VANHULLEBUS Yvan wrote: > > Author: vanhu > > Date: Fri Feb 18 09:40:13 2011 > > New Revision: 218794 > > URL: http://svn.freebsd.org/changes

svn commit: r218796 - head

2011-02-18 Thread VANHULLEBUS Yvan
Author: vanhu Date: Fri Feb 18 13:21:30 2011 New Revision: 218796 URL: http://svn.freebsd.org/changeset/base/218796 Log: Moved the general note about FreeBSD 9.x at the beginning of the list. Modified: head/UPDATING Modified: head/UPDATING

svn commit: r218794 - in head: . sys/netipsec

2011-02-18 Thread VANHULLEBUS Yvan
Author: vanhu Date: Fri Feb 18 09:40:13 2011 New Revision: 218794 URL: http://svn.freebsd.org/changeset/base/218794 Log: Fixed IPsec's HMAC_SHA256-512 support to be RFC4868 compliant. This will break interoperability with all older versions of FreeBSD for those algorithms. Reviewed by:

svn commit: r207652 - head/sys/netipsec

2010-05-05 Thread VANHULLEBUS Yvan
Author: vanhu Date: Wed May 5 08:58:58 2010 New Revision: 207652 URL: http://svn.freebsd.org/changeset/base/207652 Log: Set SA's natt_type before calling key_mature() in key_add(), as the SA may be used as soon as key_mature() has been done. Obtained from:NETASQ MFC after:1

svn commit: r207651 - head/sys/netipsec

2010-05-05 Thread VANHULLEBUS Yvan
Author: vanhu Date: Wed May 5 08:55:26 2010 New Revision: 207651 URL: http://svn.freebsd.org/changeset/base/207651 Log: Update SA's NAT-T stuff before calling key_mature() in key_update(), as SA may be used as soon as key_mature() has been called. Obtained from:NETASQ MFC after

svn commit: r206659 - head/sys/netipsec

2010-04-15 Thread VANHULLEBUS Yvan
Author: vanhu Date: Thu Apr 15 12:40:33 2010 New Revision: 206659 URL: http://svn.freebsd.org/changeset/base/206659 Log: Locks SPTREE when setting some SP entries to state DEAD. This can prevent kernel panics when updating SPs while there is some traffic for them. Obtained from: NETASQ