summaryrefslogtreecommitdiff
path: root/sbin/iked
AgeCommit message (Expand)Author
2020-11-30We need to rekey every child SA (even if acquired): Otherwise we cantobhe
2020-11-29Add 'set stickyaddress' option. If this option is enabled, iked will trytobhe
2020-11-28Add support for multiple address pools. The parser already allowstobhe
2020-11-27Remove redundant state change. ikev2_ikesa_delete() sets the correct state.tobhe
2020-11-26Use a counter instead of random IV for AES-GCM. Security depends ontobhe
2020-11-25Fix proposal error handling. If a proposal contains an unknown transformtobhe
2020-11-24Fix duplicate sa->sa_cp assignment.tobhe
2020-11-23Ignore duplicate sigsha2 notify, don't fail the exchange.tobhe
2020-11-22Fix comment typo.tobhe
2020-11-21Clean up NATT hack. Pass 'frompeer' as parameter instead of manipulatingtobhe
2020-11-20add -s to synopsis and usage; -S before -s in options list;Jason McIntyre
2020-11-20Add -s socket option to specify control socket. This can be useful iftobhe
2020-11-19More sa cleanup + constify.tobhe
2020-11-18Constify sa in ikev2_pld_eap(). The parser code must not change anytobhe
2020-11-17Remove redundant indirection via msg_parent. This is only needed intobhe
2020-11-16Reenable ikev2_init_auth() return value check. Make sure sa_stateok()tobhe
2020-11-16Backout ikev2_init_auth() return check to fix regression withtobhe
2020-11-15Document new 'dynamic' keyword to create flows from or to a dynamicallytobhe
2020-11-14Make sure not to replace 0.0.0.0 with dynamic address if it is a a networktobhe
2020-11-13addr_net is already checked in ikev2_cp_setaddr() before sessingtobhe
2020-11-12Close SA if ikev2_init_auth() fails.tobhe
2020-11-12Fail if ikev2_init_ike_auth() is entered with invalid state.tobhe
2020-11-11Cleanup after proc_init() in proc_close().tobhe
2020-11-07Implement 'from dynamic', which installs flows where 'dynamic' is replacedtobhe
2020-11-06Set correct netmask on patched addresses for debug printing.tobhe
2020-11-05Enable support for ASN1_DN ipsec identifiers.Peter Hessler
2020-11-04Add check for static id size.tobhe
2020-11-03Add 'any' keyword for request to allow 'request address any'.tobhe
2020-11-01Add 'dynamic' keyword to configure flows to dynamically assigned addresses.tobhe
2020-10-30Add missing bits to make 'request addr 0.0.0.0' accept ANY dynamic address.tobhe
2020-10-30style(9)tobhe
2020-10-30Whitespace fixes.tobhe
2020-10-30Fix key payload size. Use size from new SA.tobhe
2020-10-29Add initial support to request IP addresses as IKEv2 initiator.tobhe
2020-10-28Refactor parts of the dh_* API.tobhe
2020-10-24Don't modify sa in ikev2_pld_cp. Store cp_type in msg until message hastobhe
2020-10-22Handle NO_PROPOSAL_CHOSEN for initiator in IKE_SA_INIT exchange.tobhe
2020-10-22Add missing break.tobhe
2020-10-21Remove SAs from ike_dstid_sas on 'ikectl reset sa' to prevent use after free.tobhe
2020-10-19Handle NO_PROPOSAL_CHOSEN as IKE_AUTH initiator.tobhe
2020-10-09More unused headers.tobhe
2020-10-09Remove unused "wait.h" includes.tobhe
2020-10-06Always allocate hash_keylength() for buffers passed to hash_final() totobhe
2020-10-05Only handle AUTHENTICATION_FAILED for IKE_AUTH and INFORMATIONAL exchanges.tobhe
2020-10-03React to DELETE notifications only in INFORMATIONAL messagestobhe
2020-10-02Send AUTH_FAILED in ikev2_ike_auth_recv() if the message did not containtobhe
2020-10-01Skip DELETE payload responses only after they are validated.tobhe
2020-09-30Don't accept AUTH payloads with invalid auth_method 0.tobhe
2020-09-30Don't accept ID payloads with ID type IKEV2_ID_NONE.tobhe
2020-09-30Don't leak sa->sa_peerauth.id_buf.tobhe
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-27 01:56:42 +0000