Use clock_gettime(CLOCK_MONOTONIC) to schedule timers

From Scott Cheloha, ok tb@

Do not cast a size_t to (unsigned long) to pass it as an argument to malloc.
Like really, who does??!

<stdlib.h> is included, so do not need to cast result from
malloc, calloc, realloc*
ok krw millert

Nuke yet more obvious #include duplications.

ok deraadt@

backout possible infinit-loop (from rev 1.5) when parsing nat_d;
report from Thomas Proell/Siemens ProductCERT; fix from hshoexer; ok mikeb

Kill a log message which looks like an error message but is actually
both meaningless and harmless. ("nat_t_check_vendor_payload: bad size")
ok todd

There's no point in checking ptr for NULL before doing free(ptr)
since free(NULL) is just fine.

ok hshoexer@

Add a comment that explains, why the VID of draft 2 NAT-T includes
a traling '\n'.

suggested by and ok deraadt@, jmc@

indentation.

Use payload NAT-D or NAT-D-DRAFT according to NAT-T vendor ID advertised by the
peer.

looks good ho

unbreak port floating, noticed by sean at obstacle9 dot com

ok cloder

allow payload types 20 and 21 for nat-t

ok ho

Make deterministic randomness (only ever used for testing) a compile-time
option. Reduces chances of somehow setting regrand when it's not supposed
to be set. Remove "-r" option from man page. Als

Make deterministic randomness (only ever used for testing) a compile-time
option. Reduces chances of somehow setting regrand when it's not supposed
to be set. Remove "-r" option from man page. Also xref certpatch(8) while
we are in there. And remove some include sysdep.h where it is no longer
needed.
OK hshoexer

show more ...

Add -T flag to isakmpd to disable NAT-T support from the command line.
This lets binat setups work again without having to recompile isakmpd.
OK ho, hshoexer.

spacing; ok cloder

Add RFC3947 NAT-T vendor ID string. hshoexer@ ok.

where possible, use bzero instead of memset

ok cloder henning

use hash and not hmac to calculate NAT-D payloads. Also add NAT-D payload for
the destination address first. Remove support for obsolete V1 NAT-T.

This fixes interoperability problems with non-ope

use hash and not hmac to calculate NAT-D payloads. Also add NAT-D payload for
the destination address first. Remove support for obsolete V1 NAT-T.

This fixes interoperability problems with non-openbsd isakmpd implementations.

"looks good" ho@, ok markus@ for hash/hmac
testing by various people (thanks!)

show more ...

spacing

Rewrite the transport reference count code to avoid leaks.
hshoexer@ ok.

Repair NAT-T using Aggressive mode, NAT-D checks were in the wrong place.
Noted by Yvan VANHULLEBUS.

Compile cleanly with gcc3.3.2.

ok ho@

Implement NAT-T keepalive messages.

Make the payload array in struct message dynamic, since we need to handle
payloads in the private range, such as the pre-RFC NAT-D/NAT-OA.
Replace TAILQ_FIRST(&msg->payload[i]) instances with functio

Make the payload array in struct message dynamic, since we need to handle
payloads in the private range, such as the pre-RFC NAT-D/NAT-OA.
Replace TAILQ_FIRST(&msg->payload[i]) instances with function calls.

show more ...

NAT-Traversal for isakmpd. Work in progress...
hshoexer@ ok.