summaryrefslogtreecommitdiff
path: root/sbin/iked/ikev2_pld.c
AgeCommit message (Expand)Author
2017-04-13Add a NAT-T keepalive timer in case we are behind a NAT gateway.Patrick Wildt
2017-03-27Don't cache the DH group in the policyMike Belopuhov
2017-03-27Add support to reflect the responder IKEv2 COOKIE.Reyk Floeter
2017-03-13Resolve simultaneous IKE SA rekeyingMike Belopuhov
2017-03-13Improve reporting of authentication errorsMike Belopuhov
2017-01-20Include only found SPIs into the PAYLOAD_DELETE messageMike Belopuhov
2017-01-20Minor formatting fixMike Belopuhov
2015-10-15Remove some unnecessary NULL-checks before free(). Change two bzero()mmcc
2015-10-01Don't reject an "empty" CERTREQ (one with no CA hashes), instead treat it asStuart Henderson
2015-10-01Fix interoperability with Apple iOS9: If we don't get a (valid)Reyk Floeter
2015-08-21Switch iked to C99-style fixed-width integer types.Reyk Floeter
2015-08-19spacing (no binary change, verified with checksums)Reyk Floeter
2015-03-26initial support for RFC 7427 signatures, so we are no longerMarkus Friedl
2015-02-06unneeded getopt.hTheo de Raadt
2015-01-19Remove unnecessary <netinet/ip_ipsp.h> includesMike Belopuhov
2015-01-16Replace <sys/param.h> with <limits.h> and other less dirty headers whereTheo de Raadt
2014-11-07Run eap_parse on the actual message and only when the length is rightMike Belopuhov
2014-05-06initiate ike sa rekeying (ikesalifetime keyword), re-queue pfkeyMarkus Friedl
2014-05-06don't sa_free() in the receive path (prevents use-after-free); ok mikeb@Markus Friedl
2014-05-06make sure some notify payloads are encrypted; ok mikeb@Markus Friedl
2014-05-06initial support for PFS; ok reyk@Markus Friedl
2014-05-05validate the attribute length, too; from hshoexer; ok mikebMarkus Friedl
2014-04-28spacingReyk Floeter
2014-04-10Add validation routines to ikev2_pld.c: For each payload type overallReyk Floeter
2014-02-17Fix compiler warnings in the format strings: use %zd for ssize_t andReyk Floeter
2014-02-14initial support for IPCompMarkus Friedl
2014-02-12make sure to set the msg_responded flag on the original message; ok mikeb@Markus Friedl
2014-01-24use a bit saner timer apiMike Belopuhov
2014-01-22implement DPD similar to isakmpd, but only send DPD-messages 'on-demand'Markus Friedl
2013-12-03never cast to sockaddr_storage, always cast to the abstract 'class' sockaddrMarkus Friedl
2013-11-28support raw pubkey authentication w/o x509 certificates;Markus Friedl
2013-03-21remove excessive includesTheo de Raadt
2013-01-08Remove private CVS tag from an obsolete repository and bump copyrightReyk Floeter
2012-12-15Don't dereference NULL pointers (and some cleanup here).Reyk Floeter
2012-10-22Fix NAT-T support in iked, both on the initiator and the responderReyk Floeter
2012-09-18update email addresses to match reality.Reyk Floeter
2012-06-22decouple timer initialization from timer_registerMike Belopuhov
2012-05-30more timer changesMike Belopuhov
2012-05-29improve timer framework; will be needed soonMike Belopuhov
2012-05-07Sync up several defines with RFC 5996. IANA has changed the existingMike Belopuhov
2012-03-24fix some leaksJonathan Gray
2011-01-26get rid of acquire flows completely, as they tend to pass trafficMike Belopuhov
2011-01-17Add initial acquire mode support and use it whenever Windows peers decideMike Belopuhov
2011-01-12decouple flow deletion from the ikev2_childsa_delete; ok reykMike Belopuhov
2010-12-22move and rename util.c:print_id() to ikev2.c:ikev2_print_id() becauseReyk Floeter
2010-12-22child sa rekeying revamp plus numerous bugfixes;Mike Belopuhov
2010-09-30check that there are transforms in the proposal before tryingMike Belopuhov
2010-09-22support INVALID_KE_PAYLOAD notification sent by the responder in caseMike Belopuhov
2010-07-28Change back to the pre rev 1.11 behaviour of not treating unexpectedJonathan Gray
2010-07-03Better non-debug logging messages when a session is established/closed.Reyk Floeter
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-12 21:37:02 +0000