Update to 1.8
Grab maintainership
From the ChangeLog (Summarised)
> * ike-backoff-patterns: Added backoff patterns for Netgear ProSafe
> and Netgear ADSL Firewall Router. Submitted by Paul Askew.
> * ike-scan.c, ike-scan.h, configure.ac: Added new --writepkttofile
> option. This option writes the output packet to the specified file
> rather than sending it to the remote host. It is intended for
> debugging and testing purposes, to allow the IKE packet to be
> easily checked. This option is not documented, because it is
> designed purely for testing.
> * check-packet: New test to check IKE scan packet data. Currently
> tests two sample packets: one default proposal, and one custom
> proposal.
> * ike-scan.c: Added --exchange option to allow the exchange field
> in the ISAKMP header to be set to arbitrary values.
> * ike-scan.c, isakmp.c: Added --hdrflags and --hdrmsgid options to
> allow Flags and MsgID fields in the ISAKMP header to be specified.
> * ike-scan.c: Added --cookie option to allow the initiator cookie in
> the ISAKMP header to be set to a static value.
> * ike-scan.c, isakmp.c: Add --spisize option to allow a random SPI
> of the specified size to be added to the proposal payload.
> * ike-vendor-ids: Added 16 new Vendor IDs, and revised some comments
> on existing entries.
> * ike-scan.c: Added --doi (-D) and --situation (-S) options to allow
> the DOI and Situation in the SA of the outbound packets to be changed
> from the default of DOI_IPSEC and SIT_IDENTITY_ONLY.
> * ike-scan.c: Added --protocol (-j) and --transid (-k) options to
> allow the proposal protocol and transform id of the outbound packets
> to be changed from the defaults.
> * ike-scan.c: Added --certreq (-C) option to add a
> CertificateRequest payload to the outgoing packet.
> * ike-scan.c: Added --headerlen (-L) option to allow the ISAKMP header
> length to be manually specified. Normally, ike-scan will
> automatically calculate the correct length; however, you can use this
> option if you want to use an incorrect length value instead.
> * ike-scan.c, isakmp.c: Added --mbz (-Z) option to allow the value for
> the reserved (MBZ) fields to be set to non-zero values. Doing so
> will make the outgoing packet non-RFC compliant.
> * ike-scan.c, isakmp.c: Added --headerver (-E) option to allow the
> version field in the ISAKMP header to be altered from the default of
> 0x10 (v1.0).
> * ike-scan.c: Added --bandwidth (-B) option to allow the outgoing
> bandwidth to be specified directly instead of using --interval.
> The --bandwidth option calculates the appropriate interval setting,
> taking into account the size of the packet.
> * ike-scan.c: Added --noncelen (-c) option to allow the length of the
> nonce data to be changed. This is only applicable to aggressive
> mode.
2006-01-18 22:37:01 +01:00
|
|
|
$NetBSD: patch-aa,v 1.2 2006/01/18 21:37:01 adrianp Exp $
|
2005-12-08 19:21:16 +01:00
|
|
|
|
Update to 1.8
Grab maintainership
From the ChangeLog (Summarised)
> * ike-backoff-patterns: Added backoff patterns for Netgear ProSafe
> and Netgear ADSL Firewall Router. Submitted by Paul Askew.
> * ike-scan.c, ike-scan.h, configure.ac: Added new --writepkttofile
> option. This option writes the output packet to the specified file
> rather than sending it to the remote host. It is intended for
> debugging and testing purposes, to allow the IKE packet to be
> easily checked. This option is not documented, because it is
> designed purely for testing.
> * check-packet: New test to check IKE scan packet data. Currently
> tests two sample packets: one default proposal, and one custom
> proposal.
> * ike-scan.c: Added --exchange option to allow the exchange field
> in the ISAKMP header to be set to arbitrary values.
> * ike-scan.c, isakmp.c: Added --hdrflags and --hdrmsgid options to
> allow Flags and MsgID fields in the ISAKMP header to be specified.
> * ike-scan.c: Added --cookie option to allow the initiator cookie in
> the ISAKMP header to be set to a static value.
> * ike-scan.c, isakmp.c: Add --spisize option to allow a random SPI
> of the specified size to be added to the proposal payload.
> * ike-vendor-ids: Added 16 new Vendor IDs, and revised some comments
> on existing entries.
> * ike-scan.c: Added --doi (-D) and --situation (-S) options to allow
> the DOI and Situation in the SA of the outbound packets to be changed
> from the default of DOI_IPSEC and SIT_IDENTITY_ONLY.
> * ike-scan.c: Added --protocol (-j) and --transid (-k) options to
> allow the proposal protocol and transform id of the outbound packets
> to be changed from the defaults.
> * ike-scan.c: Added --certreq (-C) option to add a
> CertificateRequest payload to the outgoing packet.
> * ike-scan.c: Added --headerlen (-L) option to allow the ISAKMP header
> length to be manually specified. Normally, ike-scan will
> automatically calculate the correct length; however, you can use this
> option if you want to use an incorrect length value instead.
> * ike-scan.c, isakmp.c: Added --mbz (-Z) option to allow the value for
> the reserved (MBZ) fields to be set to non-zero values. Doing so
> will make the outgoing packet non-RFC compliant.
> * ike-scan.c, isakmp.c: Added --headerver (-E) option to allow the
> version field in the ISAKMP header to be altered from the default of
> 0x10 (v1.0).
> * ike-scan.c: Added --bandwidth (-B) option to allow the outgoing
> bandwidth to be specified directly instead of using --interval.
> The --bandwidth option calculates the appropriate interval setting,
> taking into account the size of the packet.
> * ike-scan.c: Added --noncelen (-c) option to allow the length of the
> nonce data to be changed. This is only applicable to aggressive
> mode.
2006-01-18 22:37:01 +01:00
|
|
|
--- configure.orig 2005-12-07 09:23:32.000000000 +0000
|
2005-12-08 19:21:16 +01:00
|
|
|
+++ configure
|
Update to 1.8
Grab maintainership
From the ChangeLog (Summarised)
> * ike-backoff-patterns: Added backoff patterns for Netgear ProSafe
> and Netgear ADSL Firewall Router. Submitted by Paul Askew.
> * ike-scan.c, ike-scan.h, configure.ac: Added new --writepkttofile
> option. This option writes the output packet to the specified file
> rather than sending it to the remote host. It is intended for
> debugging and testing purposes, to allow the IKE packet to be
> easily checked. This option is not documented, because it is
> designed purely for testing.
> * check-packet: New test to check IKE scan packet data. Currently
> tests two sample packets: one default proposal, and one custom
> proposal.
> * ike-scan.c: Added --exchange option to allow the exchange field
> in the ISAKMP header to be set to arbitrary values.
> * ike-scan.c, isakmp.c: Added --hdrflags and --hdrmsgid options to
> allow Flags and MsgID fields in the ISAKMP header to be specified.
> * ike-scan.c: Added --cookie option to allow the initiator cookie in
> the ISAKMP header to be set to a static value.
> * ike-scan.c, isakmp.c: Add --spisize option to allow a random SPI
> of the specified size to be added to the proposal payload.
> * ike-vendor-ids: Added 16 new Vendor IDs, and revised some comments
> on existing entries.
> * ike-scan.c: Added --doi (-D) and --situation (-S) options to allow
> the DOI and Situation in the SA of the outbound packets to be changed
> from the default of DOI_IPSEC and SIT_IDENTITY_ONLY.
> * ike-scan.c: Added --protocol (-j) and --transid (-k) options to
> allow the proposal protocol and transform id of the outbound packets
> to be changed from the defaults.
> * ike-scan.c: Added --certreq (-C) option to add a
> CertificateRequest payload to the outgoing packet.
> * ike-scan.c: Added --headerlen (-L) option to allow the ISAKMP header
> length to be manually specified. Normally, ike-scan will
> automatically calculate the correct length; however, you can use this
> option if you want to use an incorrect length value instead.
> * ike-scan.c, isakmp.c: Added --mbz (-Z) option to allow the value for
> the reserved (MBZ) fields to be set to non-zero values. Doing so
> will make the outgoing packet non-RFC compliant.
> * ike-scan.c, isakmp.c: Added --headerver (-E) option to allow the
> version field in the ISAKMP header to be altered from the default of
> 0x10 (v1.0).
> * ike-scan.c: Added --bandwidth (-B) option to allow the outgoing
> bandwidth to be specified directly instead of using --interval.
> The --bandwidth option calculates the appropriate interval setting,
> taking into account the size of the packet.
> * ike-scan.c: Added --noncelen (-c) option to allow the length of the
> nonce data to be changed. This is only applicable to aggressive
> mode.
2006-01-18 22:37:01 +01:00
|
|
|
@@ -5643,6 +5643,7 @@ cat >>conftest.$ac_ext <<_ACEOF
|
|
|
|
|
#ifdef STDC_HEADERS
|
|
|
|
|
#include <stdlib.h>
|
|
|
|
|
#endif
|
2005-12-08 19:21:16 +01:00
|
|
|
+#include <sys/types.h>
|
|
|
|
|
#include <openssl/md5.h>
|
|
|
|
|
#include <openssl/sha.h>
|
|
|
|
|
|
