summaryrefslogtreecommitdiff
path: root/sbin/iked
AgeCommit message (Expand)Author
2018-03-22The iked(8) fuzzer did not fuzz encrypted payloads. With that changedPatrick Wildt
2018-03-16Consistently spell "IPsec" in comments and debug outputs.Martin Pieuchot
2018-03-05Outsource enabling/disabling the DPD and keepalive timers for SAs intoPatrick Wildt
2018-01-31Add support for specifying multiple transforms within a single proposal.Patrick Wildt
2018-01-24Implement support for specifying multiple proposals. This means we canPatrick Wildt
2017-12-23Since ikev2_init_recv() is supposed to only handle responses to anPatrick Wildt
2017-12-13getsockname(2) needs to be passed the length of the input struct.Patrick Wildt
2017-12-07Change the SA payload parser to parse more than the first proposal. ThisPatrick Wildt
2017-12-05When sending out a proposal we create an SA/SPI for the Child SAs if wePatrick Wildt
2017-12-04Remove duplicate check that never could execute because the exact samePatrick Wildt
2017-12-04Consistently log "malformed payload" instead of "payload malformed", andPatrick Wildt
2017-12-04Remove check that is now a duplicate due to recent refactoring.Patrick Wildt
2017-12-04The payloads are layered like onions, so you can validate one layer andPatrick Wildt
2017-12-04Initialize variable, otherwise the pointer might contain stack garbage.Patrick Wildt
2017-12-03If we wanted to send out more proposals than just one, we need to set aPatrick Wildt
2017-12-03The RFC specifies that to accept a proposal, we must select a transformPatrick Wildt
2017-12-01The RFC specifies that in an SA payload the proposals must be numberedPatrick Wildt
2017-12-01Turns out that, as specified in the RFC, the initial Child SA does notPatrick Wildt
2017-11-30Add support for rejecting IKE SA messages. This means that we can replyPatrick Wildt
2017-11-29Print_host is used mainly in printf style functions. So do not return NULLClaudio Jeker
2017-11-27Implement MOBIKE (RFC 4555) support in iked(8), with us acting asPatrick Wildt
2017-11-15Reset the OCSP URL on config reload. Otherwise we end up not beingPatrick Wildt
2017-11-08Do not accept superfluous arguments.Patrick Wildt
2017-11-08For IPcomp we need to load explicit ESP-flows for the IPIP or IPCOMPPatrick Wildt
2017-10-30In the subjectAltName comparison, the bzero before the while-loop wasPatrick Wildt
2017-10-27Support multiple subjectAltNames by trying each existing until therePatrick Wildt
2017-10-27In the final RFC 5903 the computation for the DH shared secret changed.Patrick Wildt
2017-08-28fix char ** to const char ** conversion warning; ok mikeb@Otto Moerbeek
2017-07-19more depends gc / yacc rules overhaulMarc Espie
2017-07-03no need to generate y.tab.h if nothing uses it, set YFLAGS to nothingMarc Espie
2017-06-01Expand $eapid in iked tags, allowing PF rules to be written based on EAPStuart Henderson
2017-05-21A few more freezero() usesTheo de Raadt
2017-04-26cope with IP address changes. before, we were trying to resend the msgHenning Brauer
2017-04-24Fix configuration of ASN1_DN IDs.Reyk Floeter
2017-04-18use freezero()Theo de Raadt
2017-04-13Add a NAT-T keepalive timer in case we are behind a NAT gateway.Patrick Wildt
2017-03-30Only close the SA if an error happens before ikev2_msg_init() was calledPatrick Wildt
2017-03-28Add helpful debug messages to tell us why public key authentication failed.Reyk Floeter
2017-03-28Remove RSA from the list of keywords, lookup is now done in a table.Reyk Floeter
2017-03-28Don't send informational responses before we're having the key material.Reyk Floeter
2017-03-28Returning -1 in an imsg handler like ikev2_dispatch_cert aborts iked.Reyk Floeter
2017-03-27Don't cache the DH group in the policyMike Belopuhov
2017-03-27correct verb pattern;Jason McIntyre
2017-03-27Factor out flows into separate configuration messagesMike Belopuhov
2017-03-27spacingReyk Floeter
2017-03-27Fix another iked leak of SAs in pfkey_sa(), copy tags correctly.Reyk Floeter
2017-03-27Add support to reflect the responder IKEv2 COOKIE.Reyk Floeter
2017-03-27Add support for RFC4754 (ECDSA) and RFC7427 authentication.Reyk Floeter
2017-03-23set ps_noaction to not fork uneeded children when checking config with -nJonathan Gray
2017-03-21From a syslog perspective it does not make sense to log fatal andAlexander Bluhm