summaryrefslogtreecommitdiff
path: root/sbin/iked/ikev2_msg.c
AgeCommit message (Expand)Author
2020-08-15Remove dead assignments.tobhe
2020-08-11Prioritize incoming certificate requests by the order of CERTEQ payloadstobhe
2020-07-08Always try to retransmit on sendtofrom() errors to ensure the SAtobhe
2020-05-26Add AES-GCM mode ciphers (IANA IDs 19 and 20) for IKEv2.tobhe
2020-05-14Stricter return value checking for EVP_Cipher* calls.tobhe
2020-04-24Log INFORMATIONAL messages with LOG_DEBUG. They are rarely useful fortobhe
2020-04-17Log retransmits of sent requests and responses.tobhe
2020-03-10Delete dead code in ikev2_msg_valid_ike_sa().tobhe
2020-03-10Make sure 'e' is NULL initialized to prevent nullptr dereference intobhe
2020-01-22delete wasteful ;;Theo de Raadt
2020-01-16Add '-p' command line option which allows to configuretobhe
2019-11-28Move Notify and Certreq payload handlers after the parser. Modify SA statetobhe
2019-11-15Fix error handling in ikev2_msg_send.tobhe
2019-11-13Log reason whenever a child SA is freed. This makes it easier totobhe
2019-11-11Cleanup message retransmission handling with new helper functions.tobhe
2019-08-12Prepend SPI to send and recv log messages to see which line belongs totobhe
2019-05-11Add support for IKEv2 Message Fragmentation as defined in RFC 7383.Patrick Wildt
2019-05-10Enforce messages after IKE_SA_INIT exchange to contain onlyPatrick Wildt
2017-11-27Implement MOBIKE (RFC 4555) support in iked(8), with us acting asPatrick Wildt
2017-04-26cope with IP address changes. before, we were trying to resend the msgHenning Brauer
2017-03-27Add support to reflect the responder IKEv2 COOKIE.Reyk Floeter
2017-03-27Add support for RFC4754 (ECDSA) and RFC7427 authentication.Reyk Floeter
2017-03-13NAT-T improvementsReyk Floeter
2017-01-20Reset various pointers in ikev2_msg_cleanupMike Belopuhov
2017-01-20Closed SAs should never be treated as validMike Belopuhov
2016-09-04Now that we have IP_SENDSRCADDR, add sendtofrom().Vincent Gross
2015-10-19Remove the ikev1 stub - Since I started iked, it has an empty privsepReyk Floeter
2015-10-15Remove some unnecessary NULL-checks before free(). Change two bzero()mmcc
2015-08-21Switch iked to C99-style fixed-width integer types.Reyk Floeter
2015-03-26initial support for RFC 7427 signatures, so we are no longerMarkus Friedl
2015-02-15convert bcmp to memcmpTed Unangst
2015-02-06unneeded getopt.hTheo de Raadt
2015-01-19Remove unnecessary <netinet/ip_ipsp.h> includesMike Belopuhov
2015-01-16Replace <sys/param.h> with <limits.h> and other less dirty headers whereTheo de Raadt
2014-11-07Repair initiator with PSK authMike Belopuhov
2014-08-25Delete secret or secret-derived data with explicit_bzero.Doug Hogan
2014-05-07print msgid for debugging; ok reyk & mikebMarkus Friedl
2014-05-06initiate ike sa rekeying (ikesalifetime keyword), re-queue pfkeyMarkus Friedl
2014-05-05the caller of ikev2_msg_retransmit_response already frees the sa; ok mikebMarkus Friedl
2014-04-29make sure the state machine only advances if the AUTH payload hasMarkus Friedl
2014-04-22Update iked to use the same proc.c that relayd uses.Reyk Floeter
2014-04-10Add validation routines to ikev2_pld.c: For each payload type overallReyk Floeter
2014-02-17Fix compiler warnings in the format strings: use %zd for ssize_t andReyk Floeter
2014-01-24use a bit saner timer apiMike Belopuhov
2013-12-03never cast to sockaddr_storage, always cast to the abstract 'class' sockaddrMarkus Friedl
2013-09-26After some manipulations with the buffer, ike message header (hdr)Mike Belopuhov
2013-03-21remove excessive includesTheo de Raadt
2013-01-08Remove private CVS tag from an obsolete repository and bump copyrightReyk Floeter
2012-12-15Remove unused variables.Reyk Floeter
2012-10-22Fix NAT-T support in iked, both on the initiator and the responderReyk Floeter
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-24 13:46:52 +0000