summaryrefslogtreecommitdiff
path: root/sbin/iked/ikev2.c
AgeCommit message (Expand)Author
2014-12-05Store return value of i2d_X509_NAME in a signed integer to makeMike Belopuhov
2014-11-07Fixup a few problems with EAP state transitionMike Belopuhov
2014-11-07Repair initiator with PSK authMike Belopuhov
2014-07-09expire IPcomp SAs too; ok mikeb (some time ago)Markus Friedl
2014-05-13pass SA initiator not the exchange initator to sa_address(); ok mikeb@Markus Friedl
2014-05-09get rid of redundant {csa,flow}_{src,dst}id pointers, so we don't needMarkus Friedl
2014-05-09replace iked_transform pointer with xform id, since target of pointerMarkus Friedl
2014-05-07make authentication work with X509 certificates that don't have aMarkus Friedl
2014-05-07factor out ikev2_ike_auth() (state machine; used multiple times via callbacks)Markus Friedl
2014-05-06change the create-child-sa responder code, so it does not store anyMarkus Friedl
2014-05-06initiate ike sa rekeying (ikesalifetime keyword), re-queue pfkeyMarkus Friedl
2014-05-06cleanup IKE-SA tree handling (fixes repeated-insert & double-remove)Markus Friedl
2014-05-06send the delete with the locally allocated SPI in ikev2_init_create_child_sa()Markus Friedl
2014-05-06initial support for PFS; ok reyk@Markus Friedl
2014-05-06retire IKED_REQ_DELETE and fix delete parsing; ok reyk@Markus Friedl
2014-04-29make sure the state machine only advances if the AUTH payload hasMarkus Friedl
2014-04-28spacingReyk Floeter
2014-04-10Add validation routines to ikev2_pld.c: For each payload type overallReyk Floeter
2014-03-12don't leak an ibuf for each expired SA; ok mikeb@Markus Friedl
2014-03-12unbreak config-address w/o pool; ok mikeb@Markus Friedl
2014-02-26don't policy_ref an activate policy (policy_ref/unref are assymetrical),Markus Friedl
2014-02-21support rekeying for IPCOMP; ok mikeb@Markus Friedl
2014-02-18check the error from ikev2_cp_setaddrMarkus Friedl
2014-02-17interpret 'config address net/prefix' as a pool of addresses andMarkus Friedl
2014-02-17Fix compiler warnings in the format strings: use %zd for ssize_t andReyk Floeter
2014-02-14initial support for IPCompMarkus Friedl
2014-01-24re-lookup the policy as soon as we have the ID of the peer (destid)Markus Friedl
2014-01-24use a bit saner timer apiMike Belopuhov
2014-01-22implement DPD similar to isakmpd, but only send DPD-messages 'on-demand'Markus Friedl
2013-12-09distingush between sa_msgid not set and 0; otherwise we startMarkus Friedl
2013-12-03never cast to sockaddr_storage, always cast to the abstract 'class' sockaddrMarkus Friedl
2013-11-28mark replaced flows as 'not loaded'; this can happen if bothMarkus Friedl
2013-11-28drop duplicate requestsMarkus Friedl
2013-11-28support raw pubkey authentication w/o x509 certificates;Markus Friedl
2013-06-13Add support for protected-subnet config types.Reyk Floeter
2013-03-21remove excessive includesTheo de Raadt
2013-01-08Remove private CVS tag from an obsolete repository and bump copyrightReyk Floeter
2012-12-15Don't pass an uninitialized arg to ibuf_release(); initialize it to NULL.Reyk Floeter
2012-10-23Add a cast for input to inet_pton() to silence a possible but harmlessReyk Floeter
2012-10-22Fix NAT-T support in iked, both on the initiator and the responderReyk Floeter
2012-09-18update email addresses to match reality.Reyk Floeter
2012-07-05when rekeying ike sa copy more info from the old one;Mike Belopuhov
2012-07-03Improve the key derivation function to produce correct keying materialMike Belopuhov
2012-07-02checking state flags make sense only when processing a responseMike Belopuhov
2012-07-02augment every sa_free call with a debugging log messageMike Belopuhov
2012-07-02Don't close IKE SA immediately after creating a new one when rekeying.Mike Belopuhov
2012-07-02a state machine is not worth the trouble when you've got a flag. doh!Mike Belopuhov
2012-06-29Add missing ESN bitsMike Belopuhov
2012-06-26close SA when IKE_SA_INIT or IKE_AUTH exchanges fail;Mike Belopuhov
2012-06-26compare exchange types as well when looking up a message;Mike Belopuhov
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-03 21:04:58 +0000