summaryrefslogtreecommitdiff
path: root/sbin/iked
AgeCommit message (Expand)Author
2014-05-09get rid of redundant {csa,flow}_{src,dst}id pointers, so we don't needMarkus Friedl
2014-05-09replace iked_transform pointer with xform id, since target of pointerMarkus Friedl
2014-05-08match iked proc.c infrastructure with proc.cBret Lambert
2014-05-07try postponed requests first, so we do in-order processing; ok mikeb@Markus Friedl
2014-05-07print msgid for debugging; ok reyk & mikebMarkus Friedl
2014-05-07make authentication work with X509 certificates that don't have aMarkus Friedl
2014-05-07factor out ikev2_ike_auth() (state machine; used multiple times via callbacks)Markus Friedl
2014-05-06change the create-child-sa responder code, so it does not store anyMarkus Friedl
2014-05-06zap stray word; ok markusJason McIntyre
2014-05-06Explicitly zero out the ibufs before releasing the memory to make sureReyk Floeter
2014-05-06initiate ike sa rekeying (ikesalifetime keyword), re-queue pfkeyMarkus Friedl
2014-05-06cleanup IKE-SA tree handling (fixes repeated-insert & double-remove)Markus Friedl
2014-05-06don't sa_free() in the receive path (prevents use-after-free); ok mikeb@Markus Friedl
2014-05-06send the delete with the locally allocated SPI in ikev2_init_create_child_sa()Markus Friedl
2014-05-06make sure some notify payloads are encrypted; ok mikeb@Markus Friedl
2014-05-06initial support for PFS; ok reyk@Markus Friedl
2014-05-06retire IKED_REQ_DELETE and fix delete parsing; ok reyk@Markus Friedl
2014-05-06no need to include rand.h now the RAND_seed() calls are gone.Jonathan Gray
2014-05-05ca_x509_serialize: don't leak the bio buffer; ok reyk@Markus Friedl
2014-05-05make the ca_pubkey_serialize() code similar to the private key code, andMarkus Friedl
2014-05-05pfkey is unreliable, so add a select-timeout before MSG_PEEK;Markus Friedl
2014-05-05the caller of ikev2_msg_retransmit_response already frees the sa; ok mikebMarkus Friedl
2014-05-05don't leak on pid mismatch; ok mikebMarkus Friedl
2014-05-05validate the attribute length, too; from hshoexer; ok mikebMarkus Friedl
2014-05-05change surprisingly consistent mispelling of length ("lenght")Bret Lambert
2014-05-04With the recent change by deraadt@ to introduce kern.nosuidcoredump=3,Reyk Floeter
2014-04-29make sure the state machine only advances if the AUTH payload hasMarkus Friedl
2014-04-28macro fixes for previous; ok reykJason McIntyre
2014-04-28spacingReyk Floeter
2014-04-28spacingReyk Floeter
2014-04-28bump copyrightReyk Floeter
2014-04-28Add missing documentation for ipcomp(4) support and the configurationReyk Floeter
2014-04-28It's about time to remove the infamous CAVEATS section in iked(8).Reyk Floeter
2014-04-25don't access a pointer till after the null checkJonathan Gray
2014-04-22Update iked to use the same proc.c that relayd uses.Reyk Floeter
2014-04-18round up some enemy sympathizers found calling RAND_seed().Ted Unangst
2014-04-16More des_foo -> DES_fooMiod Vallat
2014-04-14Fix the following idiom in the following way:Bret Lambert
2014-04-10Add validation routines to ikev2_pld.c: For each payload type overallReyk Floeter
2014-03-12don't leak an ibuf for each expired SA; ok mikeb@Markus Friedl
2014-03-12unbreak config-address w/o pool; ok mikeb@Markus Friedl
2014-02-26don't policy_ref an activate policy (policy_ref/unref are assymetrical),Markus Friedl
2014-02-21support rekeying for IPCOMP; ok mikeb@Markus Friedl
2014-02-18check the error from ikev2_cp_setaddrMarkus Friedl
2014-02-17interpret 'config address net/prefix' as a pool of addresses andMarkus Friedl
2014-02-17basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"'Markus Friedl
2014-02-17Fix compiler warnings in the format strings: use %zd for ssize_t andReyk Floeter
2014-02-14remove unused function that distracts from cleaning up the imsg_flush() messSebastian Benoit
2014-02-14initial support for IPCompMarkus Friedl
2014-02-12make sure to set the msg_responded flag on the original message; ok mikeb@Markus Friedl