summaryrefslogtreecommitdiff
path: root/sbin/isakmpd/ike_phase_1.c
AgeCommit message (Collapse)Author
2005-07-05fix commentHans-Joerg Hoexer
2005-06-25Use correct local ID in phase 1 when using IPV[46]_ADDR.Hans-Joerg Hoexer
Diff from st.sch at gmx.net
2005-05-26Use TAILQ_FOREACH where possible, remove payload_last()Hans-Joerg Hoexer
ok markus
2005-04-08Make deterministic randomness (only ever used for testing) a compile-timeChad Loder
option. Reduces chances of somehow setting regrand when it's not supposed to be set. Remove "-r" option from man page. Also xref certpatch(8) while we are in there. And remove some include sysdep.h where it is no longer needed. OK hshoexer
2005-04-08always enable aggressive, dpd, and isakmp_cfgTheo de Raadt
2005-04-08nat-traversal alwaysTheo de Raadt
2005-04-04spacing; ok cloderTheo de Raadt
2005-01-29some knf and space killing, no binary change.Hans-Joerg Hoexer
2004-12-14Allow the Address, Network, or Netmask values of the <IPsec-ID> to beRyan Thomas McBride
specified with an interface name (in which case the first address is used) or the keyword 'default' (in which case the address is selected based on the default route). eg: [roadwarrior-ip] ID-type= IPV4_ADDR Address= default ok ho@ hshoexer@
2004-08-08spacingTheo de Raadt
2004-07-29Repair NAT-T using Aggressive mode, NAT-D checks were in the wrong place.Hakan Olsson
Noted by Yvan VANHULLEBUS.
2004-07-05%lu and cast to unsigned long to print a size_t; ok hoPeter Valchev
2004-06-23Support IPV{4,6}_ADDR_SUBNET IDs in Phase 1, just like the man pageHakan Olsson
says we do. Noted and tested by alex at vbone.net. Also avoid a potential SEGV here. hshoexer@ok
2004-06-20Make the payload array in struct message dynamic, since we need to handleHakan Olsson
payloads in the private range, such as the pre-RFC NAT-D/NAT-OA. Replace TAILQ_FIRST(&msg->payload[i]) instances with function calls.
2004-06-20NAT-Traversal for isakmpd. Work in progress...Hakan Olsson
hshoexer@ ok.
2004-06-14KNF, style, 80c, etc. hshoexer@ okHakan Olsson
2004-06-10Mark authenticated messages explicitly. Better check for authentication beforeHans-Joerg Hoexer
deleteing SAs. This fix is needed to solve the problems reported by Thomas Walpuski, previous diff was not sufficient. Pointed out by Thomas. Thanks! ok ho@ niklas@, testing and spellcheck by todd@ msf@
2004-06-09Style nits. hshoexer@ okHakan Olsson
2004-06-06Style (KNF, 80c). No binary change.Hakan Olsson
2004-04-15partial move to KNF. More to come. This has happened because thereTheo de Raadt
are a raft of source code auditors who are willing to help improve this code only if this is done, and hey, isakmpd does need our standard auditing process. ok ho hshoexer
2004-04-07-Wsign-compare nits. hshoexer@ ok.Hakan Olsson
2004-02-27(C)-2004Hakan Olsson
2004-02-27Follow RFC 2408 more closely regarding how to better check the proposalHakan Olsson
returned by the other peer (the responder). Some implementations (notably the Cisco PIX) does not follow a SHOULD in section 4.2 of the RFC. With certain proposal combinations this caused us to setup the wrong SA resulting in us being unable to process incoming IPsec traffic (over this tunnel). Tested against a number of different IKE implementations. hshoexer@ ok.
2003-12-04TyposMiod Vallat
2003-10-14constant_lookup() to constant_name() cleanup. markus@ ok.Hakan Olsson
2003-10-04Avoid crash on invalid config file (missing value for LIFE_DURATION).Chad Loder
OK ho@
2003-08-08Be more careful when using constant_lookup() in messages. Pointed out byHakan Olsson
Jean-Francois Dive, although I opted for a slightly different patch.
2003-06-10boring cleanupsTheo de Raadt
2003-06-04Remove the rest of clauses 3 and 4. Approved by Niklas Hallqvist, AngelosHakan Olsson
D. Keromytis and Niels Provos.
2003-06-03Cleanup. Use 'sizeof variable' instead of magic constants.Hakan Olsson
2002-09-11signed vs unsigned, some void * arithmetic, from -pedantic. niklas@ ok.Hakan Olsson
2002-07-04styleHakan Olsson
2002-06-06Style, and a few additional format/type mods.Hakan Olsson
2002-06-01size_t must be cast to (unsigned long) and printed using %luTheo de Raadt
2001-10-26Just rename sockaddr_data/len functions to sockaddr_addrdata/addrlen.Hakan Olsson
2001-07-01More Style police, but also sane checking of addressNiklas Hallqvist
family vs stated ID-type.
2001-07-01Set size correctly for IPv6 Phase 1 IDs.Angelos D. Keromytis
2001-06-29Change get_src/get_dst API as we get the length with sa_len.Hakan Olsson
2001-06-29Initial IPv6 support. (niklas@ ok)Hakan Olsson
2001-06-05Print the correct expected Remote ID valueAngelos D. Keromytis
2001-06-05Don't use log_error() in vain.Angelos D. Keromytis
2001-06-05Enforce Remote-ID specified in Phase 1 peer section (whether manuallyAngelos D. Keromytis
or dynamically specified).
2001-03-13Add logging classes for Negotiation and Policy, and change a number ofHakan Olsson
debug messages to use these instead. Change a number of 'log_print' to debug messages to keep the noise down. Use 'log_error' instead of 'log_print' in some cases when we have errno. Some indentation fixes. (niklas@ ok)
2001-03-07Add KEY_ID support (mostly from roland@digitalvampire.org)Angelos D. Keromytis
2000-12-12Merge with EOM 1.31Niklas Hallqvist
author: niklas style nit, we only use NULL in isakmpd when a manpage mandates it author: angelos Also check for default Phase 1 ID.
2000-10-16Merge with EOM 1.29Niklas Hallqvist
author: angelos Add comment on where we could be checking the Remote-ID.
2000-10-07Merge with EOM 1.28Niklas Hallqvist
author: niklas style and < that should be <= author: angelos Handle 32-bit lifetimes (in generating them). author: ho Use log_print() instead of log_error here, no errno here.
2000-04-07Merge with EOM 1.25Niklas Hallqvist
author: niklas wording
2000-03-08Merge with EOM 1.24Niklas Hallqvist
author: niklas line break
2000-02-28Merge with EOM 1.23Niklas Hallqvist
author: niklas nm@wizard.web.am & winquist@cybernet.com both independently found my bug, a %s without a string given.
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-02 06:44:56 +0000