summaryrefslogtreecommitdiff
path: root/sbin/iked/ikev2.c
AgeCommit message (Expand)Author
2013-06-13Add support for protected-subnet config types.Reyk Floeter
2013-03-21remove excessive includesTheo de Raadt
2013-01-08Remove private CVS tag from an obsolete repository and bump copyrightReyk Floeter
2012-12-15Don't pass an uninitialized arg to ibuf_release(); initialize it to NULL.Reyk Floeter
2012-10-23Add a cast for input to inet_pton() to silence a possible but harmlessReyk Floeter
2012-10-22Fix NAT-T support in iked, both on the initiator and the responderReyk Floeter
2012-09-18update email addresses to match reality.Reyk Floeter
2012-07-05when rekeying ike sa copy more info from the old one;Mike Belopuhov
2012-07-03Improve the key derivation function to produce correct keying materialMike Belopuhov
2012-07-02checking state flags make sense only when processing a responseMike Belopuhov
2012-07-02augment every sa_free call with a debugging log messageMike Belopuhov
2012-07-02Don't close IKE SA immediately after creating a new one when rekeying.Mike Belopuhov
2012-07-02a state machine is not worth the trouble when you've got a flag. doh!Mike Belopuhov
2012-06-29Add missing ESN bitsMike Belopuhov
2012-06-26close SA when IKE_SA_INIT or IKE_AUTH exchanges fail;Mike Belopuhov
2012-06-26compare exchange types as well when looking up a message;Mike Belopuhov
2012-06-22Add initial support for retransmition timeouts and response retries.Mike Belopuhov
2012-06-22decouple timer initialization from timer_registerMike Belopuhov
2012-05-30more timer changesMike Belopuhov
2012-05-30when changing peer's address in the SA, remove the old entry from theMike Belopuhov
2012-05-30pass a file descriptor in the msg_fd instead of a function argumentMike Belopuhov
2012-05-29improve timer framework; will be needed soonMike Belopuhov
2012-05-23remove hardcoded values for esp and let ikev2_add_proposals decideMike Belopuhov
2012-05-23factor out proposal matching code from ikev2_sa_negotiate and eliminateMike Belopuhov
2012-05-08When setting up NAT-T notify payloads, make sure to supply anMike Belopuhov
2012-05-07Sync up several defines with RFC 5996. IANA has changed the existingMike Belopuhov
2011-07-05Fix IKEV2_N_NO_ADDITIONAL_SAS notification by including the SPIMike Belopuhov
2011-05-27spacingReyk Floeter
2011-05-09rename functions in proc.c to proc_* and move some code from imsg_util.c toReyk Floeter
2011-05-05Small tweak - add direct pointer to env instead of using an indirect one.Reyk Floeter
2011-05-05Move the proc.c-specific runtime state out of struct iked into a sub-struct.Reyk Floeter
2011-05-05rename iked_proc* to privsep_proc*. no functional change.Reyk Floeter
2011-05-02store the peer address as it was specified in the policy in theMike Belopuhov
2011-04-18Improve the iked acquire mode peer <-> policy matching. This changeReyk Floeter
2011-04-18When the kernel wants to acquire an SA for an unknown flow, lookup aReyk Floeter
2011-04-15remove unused function ikev2_flows_delete()Reyk Floeter
2011-01-28improve behavior of drop_sa: always negotiating a new child sa; ok reykMike Belopuhov
2011-01-26Don't initiate any connections in passive mode, not even for ACQUIRE messagesReyk Floeter
2011-01-26get rid of acquire flows completely, as they tend to pass trafficMike Belopuhov
2011-01-26enable child sas and do sa and flow transfer after succeeding withMike Belopuhov
2011-01-25fixup child sa deletion in drop_sa; ok reykMike Belopuhov
2011-01-24fixup previous for the responder modeMike Belopuhov
2011-01-21repair rekeying by sending appropriate traffic selector; ok reykMike Belopuhov
2011-01-21don't use memcmp on comparing two iked_addrs but IKED_ADDR_EQ.Reyk Floeter
2011-01-21- Fix traffic selector configuration that it is always "from $localnetReyk Floeter
2011-01-21Remove misleading error message.Reyk Floeter
2011-01-21don't create child sas from empty proposals.Reyk Floeter
2011-01-21Reimplement the iked(8) policy evaluation for incoming connections toReyk Floeter
2011-01-21split pfkey initialization into a privileged and unprivileged part toReyk Floeter
2011-01-17silence stupid gcc warning by initializing a variable with NULL.Reyk Floeter