summaryrefslogtreecommitdiff
path: root/sbin/iked/ikev2.c
AgeCommit message (Expand)Author
2020-06-15Log errors with log_info and SPI prepended.tobhe
2020-06-09Move AUTH_REQUEST SA state change from parser to IKE_AUTH exchange handler.tobhe
2020-06-03Pass sockaddr instead of sockaddr_storage to sa_address.tobhe
2020-06-02Don't leak authmsg.tobhe
2020-05-30Indentation style(9).tobhe
2020-05-28Move duplicate SA negotiation code to ikev2_sa_negotiate_common().tobhe
2020-05-26Add AES-GCM mode ciphers (IANA IDs 19 and 20) for IKEv2.tobhe
2020-05-11Fix policy lookup edge case for simultaneous transport and tunnel mode SAs.tobhe
2020-05-09Log error notifications other than NO_PROPOSAL_CHOSENtobhe
2020-05-02Use gettimeofday() instead of CLOCK_MONOTONIC in gettime(). The return valuetobhe
2020-05-01When initiating IKE SA rekeying, make sure to send a key from a mutualtobhe
2020-04-26Fix leak of temporary ID ibufs on IKE SA rekey.tobhe
2020-04-24Add some useful log messages for the IKE handshake.tobhe
2020-04-24Log INFORMATIONAL messages with LOG_DEBUG. They are rarely useful fortobhe
2020-04-23Add support for switching rdomain on IPsec encryption/decryption.tobhe
2020-04-22Log authentication verification failure with "info" priority.tobhe
2020-04-15Remove redundant 'sa == NULL' check.tobhe
2020-04-13Try to send a DELETE message if the SA is reset with 'ikectl reset id'.tobhe
2020-04-11If we haven't received any IKE message from our partner for sometobhe
2020-04-09Simplify socket creation logic. Normally iked needs two sockets, onetobhe
2020-04-08Prevent multiple ibuf leaks. Clean up on proccess shutdown.tobhe
2020-04-05Fix size checks in ikev2_getimsgdata().tobhe
2020-04-04It makes no sense to fall back to original policy if the relookup with thetobhe
2020-04-02Store USE_TRANSPORTMODE in iked_message until the full message was parsedtobhe
2020-04-01Properly handle multiple CERTREQ payloads in CA process. Only for thetobhe
2020-03-31Log summary of certificates in cert store when iked fails to find atobhe
2020-03-30Log the received cryptographic proposal when the handshake fails becausetobhe
2020-03-30Log summary of IKE SA for established policy.tobhe
2020-03-27Copy EAP ID to new SA when rekeying IKE SA.tobhe
2020-03-27Fix use of 'idstr' and 'idstrlen' arguments in print_static_id().tobhe
2020-03-24Add ikev2_print_static_id() to print static IDs in log_debug() output.tobhe
2020-03-24Always clear sa_simult when initiating a new CREATE_CHILD_SA exchange, nottobhe
2020-03-24The certreq payload has no use in PSK authenticated exchanges. Once we aretobhe
2020-03-22Add 'ikectl show sa' command to print information about the state oftobhe
2020-03-20Unset 'sa->sa_simult' when the exchange fails with CHILD_SA_NOT_FOUND.tobhe
2020-03-18Add 'ikectl reset id <ID>' command to reset all SAs from policies withtobhe
2020-03-16Correctly calculate IPv6 address leases from small address pools.tobhe
2020-03-10Relookup policy based on received cryptographic parameter proposal.tobhe
2020-03-10Make sure 'pooladdr' is zero initialized.tobhe
2020-03-10Make sure ikev2_next_payload() is only called when there is a previoustobhe
2020-03-10Return when SA lookup fails in ikev2_init_recv().tobhe
2020-03-09Use TAILQ_FOREACH_SAFE instead of hand rolled loops.tobhe
2020-03-01When the proposals are first matched the responder doestobhe
2020-02-21Add transport mode for child SAs. This is useful for GRE over IPsec andtobhe
2020-01-16Add '-p' command line option which allows to configuretobhe
2020-01-08Unify duplicate NOTIFY payload construction code in ikev2_add_notify andtobhe
2020-01-07Link ESP-SA and IPcomp-SA using GRPSPIS instead of using a self-builttobhe
2019-12-28Refactor child SA cleanup.tobhe
2019-12-10We can receive a delete and free an SA that is referenced in sa_nextr.tobhe
2019-12-03Correctly represent flows as traffic selectors as described in RFC 7296. Thistobhe