summaryrefslogtreecommitdiff
path: root/sbin/iked/ikev2_msg.c
AgeCommit message (Expand)Author
2019-05-11Add support for IKEv2 Message Fragmentation as defined in RFC 7383.Patrick Wildt
2019-05-10Enforce messages after IKE_SA_INIT exchange to contain onlyPatrick Wildt
2017-11-27Implement MOBIKE (RFC 4555) support in iked(8), with us acting asPatrick Wildt
2017-04-26cope with IP address changes. before, we were trying to resend the msgHenning Brauer
2017-03-27Add support to reflect the responder IKEv2 COOKIE.Reyk Floeter
2017-03-27Add support for RFC4754 (ECDSA) and RFC7427 authentication.Reyk Floeter
2017-03-13NAT-T improvementsReyk Floeter
2017-01-20Reset various pointers in ikev2_msg_cleanupMike Belopuhov
2017-01-20Closed SAs should never be treated as validMike Belopuhov
2016-09-04Now that we have IP_SENDSRCADDR, add sendtofrom().Vincent Gross
2015-10-19Remove the ikev1 stub - Since I started iked, it has an empty privsepReyk Floeter
2015-10-15Remove some unnecessary NULL-checks before free(). Change two bzero()mmcc
2015-08-21Switch iked to C99-style fixed-width integer types.Reyk Floeter
2015-03-26initial support for RFC 7427 signatures, so we are no longerMarkus Friedl
2015-02-15convert bcmp to memcmpTed Unangst
2015-02-06unneeded getopt.hTheo de Raadt
2015-01-19Remove unnecessary <netinet/ip_ipsp.h> includesMike Belopuhov
2015-01-16Replace <sys/param.h> with <limits.h> and other less dirty headers whereTheo de Raadt
2014-11-07Repair initiator with PSK authMike Belopuhov
2014-08-25Delete secret or secret-derived data with explicit_bzero.Doug Hogan
2014-05-07print msgid for debugging; ok reyk & mikebMarkus Friedl
2014-05-06initiate ike sa rekeying (ikesalifetime keyword), re-queue pfkeyMarkus Friedl
2014-05-05the caller of ikev2_msg_retransmit_response already frees the sa; ok mikebMarkus Friedl
2014-04-29make sure the state machine only advances if the AUTH payload hasMarkus Friedl
2014-04-22Update iked to use the same proc.c that relayd uses.Reyk Floeter
2014-04-10Add validation routines to ikev2_pld.c: For each payload type overallReyk Floeter
2014-02-17Fix compiler warnings in the format strings: use %zd for ssize_t andReyk Floeter
2014-01-24use a bit saner timer apiMike Belopuhov
2013-12-03never cast to sockaddr_storage, always cast to the abstract 'class' sockaddrMarkus Friedl
2013-09-26After some manipulations with the buffer, ike message header (hdr)Mike Belopuhov
2013-03-21remove excessive includesTheo de Raadt
2013-01-08Remove private CVS tag from an obsolete repository and bump copyrightReyk Floeter
2012-12-15Remove unused variables.Reyk Floeter
2012-10-22Fix NAT-T support in iked, both on the initiator and the responderReyk Floeter
2012-09-18update email addresses to match reality.Reyk Floeter
2012-06-27leftover code re-enqueued the same item on the list multiple timesMike Belopuhov
2012-06-27prevent an endless loopMike Belopuhov
2012-06-26improve ikev2_msg_retransmit_timeoutMike Belopuhov
2012-06-26compare exchange types as well when looking up a message;Mike Belopuhov
2012-06-22Add initial support for retransmition timeouts and response retries.Mike Belopuhov
2012-05-30pass a file descriptor in the msg_fd instead of a function argumentMike Belopuhov
2012-05-24don't increment the next expected message id when sending a response back.Mike Belopuhov
2012-05-07Sync up several defines with RFC 5996. IANA has changed the existingMike Belopuhov
2011-05-09rename functions in proc.c to proc_* and move some code from imsg_util.c toReyk Floeter
2011-01-21handle empty encrypted payloads (might happen with some informationals)Reyk Floeter
2011-01-21Reimplement the iked(8) policy evaluation for incoming connections toReyk Floeter
2010-12-22child sa rekeying revamp plus numerous bugfixes;Mike Belopuhov
2010-09-30disable padding correctly. therefore we no longer need to supplyMike Belopuhov
2010-06-27Instead of modifying and fiddling with the IKE SA in the payloadReyk Floeter
2010-06-14check if cert is available and validReyk Floeter