summaryrefslogtreecommitdiff
path: root/sbin/isakmpd/ipsec.c
AgeCommit message (Expand)Author
2012-06-30enable use of AES-{192,256}-CTR, and explicitly of AES-128-CTR, for IPsec ESPChristian Weisgerber
2011-10-20For NAT-T with transport mode, use the ISAKMP's SA addresses for theYASUOKA Masahiko
2010-09-22Support for use of AES-GCM-16 (as AESGCM) and ENCR_NULL_AUTH_AES_GMACMike Belopuhov
2010-06-29Replace the hand-crafted Diffie-Hellman implementation in isakmpd withReyk Floeter
2010-03-04don't crash on invalid phase 2 IDs; from hshoexer; ok sthen@Markus Friedl
2010-01-10only substract ISAKMP_ID_DATA_OFF once. otherwise 'buf' might overflowMarkus Friedl
2009-01-29Improve logging:Hans-Joerg Hoexer
2009-01-20Add support to isakmpd(8) and ipsecctl(8) to install SA's with aMarco Pfatschbacher
2007-09-02use calloc() to avoid malloc(n * m) overflows; checked by djm canacar jsgTheo de Raadt
2007-07-31Use correct function name in log message. Noticed by Igor ZinovkHans-Joerg Hoexer
2007-04-16There's no point in checking ptr for NULL before doing free(ptr)Moritz Jodeit
2006-11-24add support to tag ipsec traffic belonging to specific IKE-initiatedReyk Floeter
2006-06-10support sha2 for main mode hmacs and aesctr for quick mode encryption.Hans-Joerg Hoexer
2006-06-09Allow for AH the use of the authentication algorithms added a while ago.Christian Weisgerber
2006-05-29Fix broken merge of patch. Pointed out by nathanael at polymorpheus dot com.Ryan Thomas McBride
2006-05-28Change the default replay window for SAs created by the isakmpd responderRyan Thomas McBride
2005-09-23Provide UI commands to delete phase 1 SAs.Hans-Joerg Hoexer
2005-06-25/* Fallthrough. */ -> /* FALLTHROUGH */Hans-Joerg Hoexer
2005-06-14add ENCAP_UDP_{TUNNEL,TRANSPORT} types according to rfc 3947Hans-Joerg Hoexer
2005-05-26Use TAILQ_FOREACH where possible, remove payload_last()Hans-Joerg Hoexer
2005-05-04clean up KEY_API() wrapper.Hans-Joerg Hoexer
2005-04-08get rid of sysdep_sa_lenHans-Joerg Hoexer
2005-04-08USE_DEBUG is bye byeTheo de Raadt
2005-04-08always enable aggressive, dpd, and isakmp_cfgTheo de Raadt
2005-04-08nat-traversal alwaysTheo de Raadt
2005-04-08kill USE_OLD_SOCKADDRTheo de Raadt
2005-04-06knf, ok cloderTheo de Raadt
2005-04-05Always compile X509 support. Almost everyone uses it. Makes the codeChad Loder
2005-04-04spacing; ok cloderTheo de Raadt
2005-04-04fix byteorder confusionHans-Joerg Hoexer
2005-03-29Always use network byte order when stuffing port numbers into IPSEC IDChad Loder
2005-03-18Back out a possible bogus minor diff until we investigate whatChad Loder
2005-03-05Always use correct byte order when stuffing port numbers into packets.Chad Loder
2004-12-14Allow the Address, Network, or Netmask values of the <IPsec-ID> to beRyan Thomas McBride
2004-09-17Missing #ifdefs.Hakan Olsson
2004-08-10Better implementation of the Dead Peer Detection protocol, RFC 3706.Hakan Olsson
2004-08-08spacingTheo de Raadt
2004-06-23Add commandline switch -a / config tag "Acquire-Only" to tell isakmpd to notHans-Joerg Hoexer
2004-06-21Implement NAT-T keepalive messages.Hakan Olsson
2004-06-21style nitHakan Olsson
2004-06-20Make the payload array in struct message dynamic, since we need to handleHakan Olsson
2004-06-20NAT-Traversal for isakmpd. Work in progress...Hakan Olsson
2004-06-17Yet another bunch of memleask found and fixed by Patrick Latifi. Thanks!Hans-Joerg Hoexer
2004-06-16fix ipv6-address and ipv6-address-mask mixup.Hans-Joerg Hoexer
2004-06-14KNF, style, 80c, etc. hshoexer@ okHakan Olsson
2004-06-10Mark authenticated messages explicitly. Better check for authentication beforeHans-Joerg Hoexer
2004-06-09Style nits. hshoexer@ okHakan Olsson
2004-05-23More KNF. Mainly spaces and line-wraps, no binary change.Hans-Joerg Hoexer
2004-05-19Permit symbolic protocol and service names, such as "Protocol= tcp", in theHakan Olsson
2004-04-15partial move to KNF. More to come. This has happened because thereTheo de Raadt