summaryrefslogtreecommitdiff
path: root/sbin/iked
AgeCommit message (Expand)Author
2019-09-26Use SPI_SA() instead of __func__ in all logging calls. Use log_infotobhe
2019-09-26Fix leaks by cleaning up after configuration parser.tobhe
2019-08-29Remove redundant ikev2_msg_valid_ike_sa() call.tobhe
2019-08-26Fix file descriptor leak in config parser. Inspired by bgpd parse.y.tobhe
2019-08-24Clarify "protected-subnet" option.tobhe
2019-08-24Fix conflict when IKE SA and Child SA rekeying happen at the same time.tobhe
2019-08-16Add explanation for the [IKE/ESP only] column of the transform table.tobhe
2019-08-16Fix segfault in parser when specifying an invalid transform.tobhe
2019-08-14Fix NAT traversal detection bug when "local" option is not explicitlytobhe
2019-08-12Prepend SPI to send and recv log messages to see which line belongs totobhe
2019-07-03snprintf/vsnprintf return < 0 on error, rather than -1.Theo de Raadt
2019-06-28When system calls indicate an error they return -1, not some arbitraryTheo de Raadt
2019-05-11Add support for IKEv2 Message Fragmentation as defined in RFC 7383.Patrick Wildt
2019-05-10Set the IKED_REQ_INFORMATIONAL flag when sending a delete requestPatrick Wildt
2019-05-10Enforce messages after IKE_SA_INIT exchange to contain onlyPatrick Wildt
2019-04-02When curve25519 was added to iked, it was based on the internet-draft andStuart Henderson
2019-02-27update RFC references, from tobias_heider at genua.de, ok claudio@Stuart Henderson
2019-02-26Fix sending IKEV2_CFG_INTERNAL_IP6_DNS, IKEV2_CFG_INTERNAL_IP6_NBNS,Patrick Wildt
2019-02-13(unsigned) means (unsigned int) which on ptrdiff_t or size_t or otherTheo de Raadt
2018-12-07Make sure the TAP extension is only added to the vector when needed.Martin Pieuchot
2018-12-07Make sure that the prefixlen returned by mask2prefixlen6 is never biggerClaudio Jeker
2018-11-07sync cmdline_symset() changes with src/usr.sbin; OK sashan@ claudio@miko
2018-11-01- odd condition/test in PF lexerAlexandr Nedvedicky
2018-08-06Remove cpath pledge(2) promise. We decided that not deleting the unix controlRicardo Mestre
2018-07-11Do for most running out of memory err() what was done for most runningKenneth R Westerback
2018-07-09No need to mention which memory allocation entry point failed (malloc,Kenneth R Westerback
2018-07-08Be consistent in warn() and log_warn() usage whenKenneth R Westerback
2018-07-03Rephrase a misleading sentence in iked(8), and add a missingStefan Sperling
2018-06-22Use __func__ in log_debug calls.rob
2018-06-11Fix an off-by-one line count when using include statements.denis
2018-04-26Plug leak in error case of the common 'varset' implementations.Kenneth R Westerback
2018-03-22The iked(8) fuzzer did not fuzz encrypted payloads. With that changedPatrick Wildt
2018-03-16Consistently spell "IPsec" in comments and debug outputs.Martin Pieuchot
2018-03-05Outsource enabling/disabling the DPD and keepalive timers for SAs intoPatrick Wildt
2018-01-31Add support for specifying multiple transforms within a single proposal.Patrick Wildt
2018-01-24Implement support for specifying multiple proposals. This means we canPatrick Wildt
2017-12-23Since ikev2_init_recv() is supposed to only handle responses to anPatrick Wildt
2017-12-13getsockname(2) needs to be passed the length of the input struct.Patrick Wildt
2017-12-07Change the SA payload parser to parse more than the first proposal. ThisPatrick Wildt
2017-12-05When sending out a proposal we create an SA/SPI for the Child SAs if wePatrick Wildt
2017-12-04Remove duplicate check that never could execute because the exact samePatrick Wildt
2017-12-04Consistently log "malformed payload" instead of "payload malformed", andPatrick Wildt
2017-12-04Remove check that is now a duplicate due to recent refactoring.Patrick Wildt
2017-12-04The payloads are layered like onions, so you can validate one layer andPatrick Wildt
2017-12-04Initialize variable, otherwise the pointer might contain stack garbage.Patrick Wildt
2017-12-03If we wanted to send out more proposals than just one, we need to set aPatrick Wildt
2017-12-03The RFC specifies that to accept a proposal, we must select a transformPatrick Wildt
2017-12-01The RFC specifies that in an SA payload the proposals must be numberedPatrick Wildt
2017-12-01Turns out that, as specified in the RFC, the initial Child SA does notPatrick Wildt
2017-11-30Add support for rejecting IKE SA messages. This means that we can replyPatrick Wildt