index
:
src
cvs/HEAD
kms/intel
kms/radeon
master
OpenBSD base system
summary
refs
log
tree
commit
diff
log msg
author
committer
range
path:
root
/
sbin
/
iked
/
ikev2.c
Age
Commit message (
Expand
)
Author
2013-12-09
distingush between sa_msgid not set and 0; otherwise we start
Markus Friedl
2013-12-03
never cast to sockaddr_storage, always cast to the abstract 'class' sockaddr
Markus Friedl
2013-11-28
mark replaced flows as 'not loaded'; this can happen if both
Markus Friedl
2013-11-28
drop duplicate requests
Markus Friedl
2013-11-28
support raw pubkey authentication w/o x509 certificates;
Markus Friedl
2013-06-13
Add support for protected-subnet config types.
Reyk Floeter
2013-03-21
remove excessive includes
Theo de Raadt
2013-01-08
Remove private CVS tag from an obsolete repository and bump copyright
Reyk Floeter
2012-12-15
Don't pass an uninitialized arg to ibuf_release(); initialize it to NULL.
Reyk Floeter
2012-10-23
Add a cast for input to inet_pton() to silence a possible but harmless
Reyk Floeter
2012-10-22
Fix NAT-T support in iked, both on the initiator and the responder
Reyk Floeter
2012-09-18
update email addresses to match reality.
Reyk Floeter
2012-07-05
when rekeying ike sa copy more info from the old one;
Mike Belopuhov
2012-07-03
Improve the key derivation function to produce correct keying material
Mike Belopuhov
2012-07-02
checking state flags make sense only when processing a response
Mike Belopuhov
2012-07-02
augment every sa_free call with a debugging log message
Mike Belopuhov
2012-07-02
Don't close IKE SA immediately after creating a new one when rekeying.
Mike Belopuhov
2012-07-02
a state machine is not worth the trouble when you've got a flag. doh!
Mike Belopuhov
2012-06-29
Add missing ESN bits
Mike Belopuhov
2012-06-26
close SA when IKE_SA_INIT or IKE_AUTH exchanges fail;
Mike Belopuhov
2012-06-26
compare exchange types as well when looking up a message;
Mike Belopuhov
2012-06-22
Add initial support for retransmition timeouts and response retries.
Mike Belopuhov
2012-06-22
decouple timer initialization from timer_register
Mike Belopuhov
2012-05-30
more timer changes
Mike Belopuhov
2012-05-30
when changing peer's address in the SA, remove the old entry from the
Mike Belopuhov
2012-05-30
pass a file descriptor in the msg_fd instead of a function argument
Mike Belopuhov
2012-05-29
improve timer framework; will be needed soon
Mike Belopuhov
2012-05-23
remove hardcoded values for esp and let ikev2_add_proposals decide
Mike Belopuhov
2012-05-23
factor out proposal matching code from ikev2_sa_negotiate and eliminate
Mike Belopuhov
2012-05-08
When setting up NAT-T notify payloads, make sure to supply an
Mike Belopuhov
2012-05-07
Sync up several defines with RFC 5996. IANA has changed the existing
Mike Belopuhov
2011-07-05
Fix IKEV2_N_NO_ADDITIONAL_SAS notification by including the SPI
Mike Belopuhov
2011-05-27
spacing
Reyk Floeter
2011-05-09
rename functions in proc.c to proc_* and move some code from imsg_util.c to
Reyk Floeter
2011-05-05
Small tweak - add direct pointer to env instead of using an indirect one.
Reyk Floeter
2011-05-05
Move the proc.c-specific runtime state out of struct iked into a sub-struct.
Reyk Floeter
2011-05-05
rename iked_proc* to privsep_proc*. no functional change.
Reyk Floeter
2011-05-02
store the peer address as it was specified in the policy in the
Mike Belopuhov
2011-04-18
Improve the iked acquire mode peer <-> policy matching. This change
Reyk Floeter
2011-04-18
When the kernel wants to acquire an SA for an unknown flow, lookup a
Reyk Floeter
2011-04-15
remove unused function ikev2_flows_delete()
Reyk Floeter
2011-01-28
improve behavior of drop_sa: always negotiating a new child sa; ok reyk
Mike Belopuhov
2011-01-26
Don't initiate any connections in passive mode, not even for ACQUIRE messages
Reyk Floeter
2011-01-26
get rid of acquire flows completely, as they tend to pass traffic
Mike Belopuhov
2011-01-26
enable child sas and do sa and flow transfer after succeeding with
Mike Belopuhov
2011-01-25
fixup child sa deletion in drop_sa; ok reyk
Mike Belopuhov
2011-01-24
fixup previous for the responder mode
Mike Belopuhov
2011-01-21
repair rekeying by sending appropriate traffic selector; ok reyk
Mike Belopuhov
2011-01-21
don't use memcmp on comparing two iked_addrs but IKED_ADDR_EQ.
Reyk Floeter
2011-01-21
- Fix traffic selector configuration that it is always "from $localnet
Reyk Floeter
[next]