6874992 in.iked does not use network byte order for IP address in sendto() call
6874983 ikedoor.h is not C++ safe
6885833 IPsec utilities should print lifetimes in human readable format
6889086 ikead

6874992 in.iked does not use network byte order for IP address in sendto() call
6874983 ikedoor.h is not C++ safe
6885833 IPsec utilities should print lifetimes in human readable format
6889086 ikeadm reports kilobyte lifetimes with wrong units
6898492 iked should enforce lower maximum values for lifetimes
6897711 iked debug output should be less confusing for average sysadmin
6902926 SOFT kilobyte expires for inbound SAs should make it to userland and be reacted upon

show more ...

PSARC/2008/252 Labeled IPsec phase 1
6886771 Labeled IPsec phase 1
6808727 Alignment error panic in tsol_can_accept_raw()
6894979 nightly -0 + -p builds then destroys SUNW0on

PSARC 2009/513 Changes to IPsec ESP to support Combined mode ciphers
6704686 IPsec/ESP needs to support Combined mode ciphers
6704682 IPsec/ESP should use AES-CCM
6884664 IPsec/ESP should support AES

PSARC 2009/513 Changes to IPsec ESP to support Combined mode ciphers
6704686 IPsec/ESP needs to support Combined mode ciphers
6704682 IPsec/ESP should use AES-CCM
6884664 IPsec/ESP should support AES-GCM Mode
6840342 ipsecalgs out of memory error
6764184 tab instead of space in sadb.h

show more ...

6848192 get_ipsa_pair() does not always follow bucket lock entry rules, could potentially deadlock.
6846548 PF_KEY diagnostics need to be more specific
6853208 ipsecalgs(1m) does not cope when there

6848192 get_ipsa_pair() does not always follow bucket lock entry rules, could potentially deadlock.
6846548 PF_KEY diagnostics need to be more specific
6853208 ipsecalgs(1m) does not cope when there are no algorithms registered.
6856693 sadb_update_sa() checks for duplicate SADB_UPDATE messages in the wrong place.
6846547 Faulty PF_KEY replies should not cause in.iked to halt

show more ...

6520458 ikeadm should have command line history capabilities
4313953 ipseckey(1m) needs line editing support.
6814629 ipseckey should employ strict checking for {dump,flush} commands

PSARC 2008/523 IPsec session failover
6398024 IPsec should support session failover across machines
6545486 PF_KEY needs to set an SA's sequence number

6728539 64-bit version of libipsecutil

6719641 RFC 3947 section 7 (port-reassignment) on paired-ESP and IKE SAs on the non-NAT side.

PSARC/2008/232 Paired IPsec Security Associations
6584918 in.iked will exit if you try and add a duplicate rule with ikeadm
6595953 Remove SCCS keywords from ipsec{ah,esp}, keysock, and spdsock
66282

PSARC/2008/232 Paired IPsec Security Associations
6584918 in.iked will exit if you try and add a duplicate rule with ikeadm
6595953 Remove SCCS keywords from ipsec{ah,esp}, keysock, and spdsock
6628201 Inbound and Outbound IPsec SA's should be treated as a pair.
6643439 check_rule() in in.iked does not sanity check kilobyte based lifetime values
6668752 ikeadm(1m) get defaults displays wrong value for p2_softlife_kb
6669211 Need a way to disable Soft Expires when using in.iked(1m)
6670612 sadb_address_proto and sadb_address_prefixlen need to be initialized in NAT_T extensions.
6674203 Ordering of src/dst address extensions in pf_key messages is inconsistent.
6676436 ipseckey(1m) error messages could be less cryptic
6683004 Updating hard_usetime on an IPsec SA will cause it to evaporate.
6703265 in.iked can dump core if avl_nearest() returns NULL

show more ...

6658263 ipseckey and ikeadm don't print ASN.1 ID values

6653436 iked should be more resilient to ipsecalgs contents

PSARC 2007/449 Detangle IPsec NAT Traversal
6481450 nattymod calls putnext() on a freed queue.
6558864 remove nattymod
6558870 Implement SA last-used time and idle actions
6582318 "mandatory" is spel

PSARC 2007/449 Detangle IPsec NAT Traversal
6481450 nattymod calls putnext() on a freed queue.
6558864 remove nattymod
6558870 Implement SA last-used time and idle actions
6582318 "mandatory" is spelled wrong in pfiles
6584011 save_assoc() gets confused w.r.t. "proto".
6588015 Missing "encap udp" must be better diagnosed by ipseckey(1M).
6595368 Need "ipsec-nat-t" in /etc/services
6595877 ipseckey(1M) can produce output it can't read back in (line-too-big)

show more ...

6585305 in.iked in debug mode needs to show phase 2 alg proposals and PF_KEY message contents

6576171 ipsec_kmc_map file processing is broken

6561665 ipseckey -f does not understand "flush" keyword anymore

PSARC 2007/200 - Dedicated SMF services for IPsec/IKE
6185380 IPsec should be a separate (set) of smf(5) services
6440610 missing preshared remoteid line causes in.iked core dump on reading config
64

PSARC 2007/200 - Dedicated SMF services for IPsec/IKE
6185380 IPsec should be a separate (set) of smf(5) services
6440610 missing preshared remoteid line causes in.iked core dump on reading config
6462741 ipsecconf should have an option to check config file syntax
6467954 ipseckey exit code on failure inconsistent
6468456 ipsecconf uses strcpy()
6479903 in.iked with SMF should use _enter_daemon_lock()
6488927 ipseckey(1M) could do a better job of dealing with multiple errors
6497802 in.iked should use smf(5) properties instead of /etc/default/ipsec
6519836 ipseckey, ipsecconf require uid == 0, but configured to use profile
6529086 ipsec utilities can't deal with large files
6538478 Timestamp in in.iked debug output does not understand daylight savings time
6542255 in.iked can dump core when forced to load a new ike.preshared file with ikeadm.
6543263 ikeadm uses strcpy()
6543267 ipseckey uses strcpy()
6544087 memory leak with preshared key reloading

show more ...

6500413 libipsecutil uses gettext() instead of dgettext()

PSARC 2005/516 IPsec Tunnel Reform
4882852 tunnels vs. inverse acquire.
4970365 Support of ESP tunnel mode within Solaris
5027528 in.iked should be more intelligent about tunnel addresses
6180161 nee

PSARC 2005/516 IPsec Tunnel Reform
4882852 tunnels vs. inverse acquire.
4970365 Support of ESP tunnel mode within Solaris
5027528 in.iked should be more intelligent about tunnel addresses
6180161 need to support multiple tunnels to a single nat
6208976 ipsecconf error messages make me think there are monsters under the bed
6313012 Clean up from removal of ipsec_inbound_debug_tag()
6351840 assertion failed: (ipha->ipha_protocol != 6) && (ipha->ipha_protocol != 17), ip.c, line: 15351
6359831 multicast tunnels don't get their IPsec policy checked.
6369094 ipseckey shouldn't accept/save-out encryption algorithm even it's none/any
6374560 ipseckey debug functions should be moved to libipsecutil
6374596 dump utilities need to be able to understand inner tunnel addresses and netmasks
6402781 Five dead declarations in IPsec code
6405338 spdsock leaks policy head references
6437366 NAT-OA payloads not processed early enough.
6465594 ipsec_policy_delete() uses wrong ipsec_selkey_t structure.
6467596 spdsock_ext_to_actvec() needs to reset "act" upon every SPD_ATTR_NEXT.
6470725 PF_POLICY shouldn't accept '0' for an algorithm value.
6475903 Outbound DROP rules are not enforced
6480815 INVERSE_ACQUIRE failures leak in in.iked
6482403 Race in in.iked, early door call vs. rest of initialization code
6482653 Don't accept UDP-encapsulated ESP on non-NAT SAs.
6487857 Post-ACQUIRE, AH+ESP packets misinitalized ipha/ip6

show more ...

OpenSolaris Launch