| Age | Commit message (Collapse) | Author |
|---|
|
author: angelos
Pass the local/remote Phase 1 ID to the flow, so it can be reused when
an SA is re-negotiated.
author: angelos
isakmpd can now negotiate transport protocol/ports (either through the
configuration file or through kernel ACQUIREs).
|
|
author: ho
DOI IPSEC is default if not specified.
|
|
regress/dh/Makefile: Merge with EOM 1.7
regress/group/Makefile: Merge with EOM 1.9
regress/prf/Makefile: Merge with EOM 1.4
regress/rsakeygen/Makefile: Merge with EOM 1.8
regress/x509/Makefile: Merge with EOM 1.10
Makefile: Merge with EOM 1.62
attribute.c: Merge with EOM 1.10
sa.c: Merge with EOM 1.99
conf.c: Merge with EOM 1.20
crypto.c: Merge with EOM 1.28
isakmpd.c: Merge with EOM 1.45
connection.c: Merge with EOM 1.19
doi.h: Merge with EOM 1.28
field.c: Merge with EOM 1.11
exchange.c: Merge with EOM 1.116
ike_auth.c: Merge with EOM 1.44
pf_key_v2.c: Merge with EOM 1.37
ike_phase_1.c: Merge with EOM 1.22
ipsec.c: Merge with EOM 1.118
isakmp_doi.c: Merge with EOM 1.40
log.c: Merge with EOM 1.26
log.h: Merge with EOM 1.18
math_group.c: Merge with EOM 1.23
message.c: Merge with EOM 1.144
pf_encap.c: Merge with EOM 1.70
policy.c: Merge with EOM 1.18
timer.c: Merge with EOM 1.13
transport.c: Merge with EOM 1.41
udp.c: Merge with EOM 1.47
ui.c: Merge with EOM 1.37
x509.c: Merge with EOM 1.36
author: niklas
Made debug logging a compile time selectable feature
|
|
author: niklas
Remove bogus XXXes, add allocation error reporting.
author: ho
Typo.
author: ho
Do not automatically check connections at HARD_EXPIRE.
Also check for existing exchanges in pf_encap_connection_check.
author: ho
Cut'n'paste typo fix.
|
|
author: niklas
Forgot one change in last commit
|
|
DESIGN-NOTES: Merge with EOM 1.42
Makefile: Merge with EOM 1.51
app.c: Merge with EOM 1.6
conf.c: Merge with EOM 1.18
init.c: Merge with EOM 1.14
isakmpd.conf.5: Merge with EOM 1.19
pf_encap.c: Merge with EOM 1.64
pf_encap.h: Merge with EOM 1.12
pf_key_v2.h: Merge with EOM 1.3
sysdep.h: Merge with EOM 1.16
transport.c: Merge with EOM 1.40
ui.c: Merge with EOM 1.32
author: niklas
A new connection abstraction
|
|
remove warning
Simplify the checks of existing exchanges by moving it into
exchange_establish. This means we need to change the finalize API.
Try to make PF_ENCAP support handle multiple connections to a single
security gateway.
Sigh, log the SPIs in network byte order, please
|
|
Mem leak plugging. New finalize API.
Do not renegotiate on already replaced SA expirations
Only establish on-demand route if we know how to
If we get an EEXIST from RTM_ADD, try to RTM_CHANGE the route.
Correct buffer size in log printout
make compile
Make "Connections" handling nicer, and even implement it for KLIPS.
A stab at reregestering the on-demand routes for PF_ENCAP.
typo found by ho@netman.se
|
|
ipsec.h: Merge with EOM 1.33
pf_encap.c: Merge with EOM 1.52
pf_key_v2.c: Merge with EOM 1.3
Fix case of missing client ID payloads, a case the standards allow. Thanks
to Michael Paddon (mwp@aba.net.au) for the diffs I based my fix upon. His
diff also made me realize I stored the address information in host order in
internal structures where I had planned to use network order. Fix this,
and remove the XXXes I had due to this elsewhere. Add commentary.
|
|
Async PF_ENCAP messages might be handled earlier so recheck readability in
the handler. Remove some XXX comments. Fix some byte order conversions in
debugging output.
|
|
New sysdep API. Fix an allocation size typo. Use correct SPIs and
addresses all over.
Simplify flow
Correct log headers
s/LOG_PF_ENCAP/LOG_SYSDEP/
|
|
Add SA attributes, specifically stayalive
sa.h: Merge with EOM 1.42
Add SA attributes, specifically stayalive
pf_encap.c: Merge with EOM 1.46
Add SA attributes, specifically stayalive
exchange.c: Merge with EOM 1.65
Add SA attributes, specifically stayalive
|
|
Only accept IPsec SAs when searching for such
sa.h: Merge with EOM 1.41
Stayalive connections as a default for now, init pf_encap_socket
pf_encap.c: Merge with EOM 1.45
Stayalive connections as a default for now, init pf_encap_socket
|
|
| revision 1.44
| date: 1999/02/25 14:03:54; author: niklas; state: Exp; lines: +13 -13
| do not use the app_socket name. correct some LOG_* syms
| ----------------------------
| revision 1.43
| date: 1999/02/25 11:39:17; author: niklas; state: Exp; lines: +3 -2
| include sysdep.h everywhere
| ----------------------------
| revision 1.42
| date: 1999/02/25 09:30:28; author: niklas; state: Exp; lines: +3 -3
| Replay protection window configurable
| ----------------------------
| revision 1.41
| date: 1999/02/14 00:17:15; author: niklas; state: Exp; lines: +68 -28
| Better PF_ENCAP expiration and SA request handling
| ----------------------------
| revision 1.40
| date: 1999/02/06 15:08:33; author: niklas; state: Exp; lines: +6 -1
| Drop SA request notifies if an exchange or SA already exist
| ----------------------------
| revision 1.39
| date: 1999/01/31 01:20:37; author: niklas; state: Exp; lines: +217 -51
| on-demand keying
| ----------------------------
|
|
|
|
|
|
|
|
OpenBSD IPSEC stack by me, Niklas Hallqvist and Niels Provos, funded by
Ericsson Radio Systems. It is not yet complete or usable in a real scenario
but the missing pieces will soon be there. The early commit is for people
who wants early access and who are not afraid of looking at source.
isakmpd interops with Cisco, Timestep, SSH & Pluto (Linux FreeS/WAN) so
far, so it is not that incomplete. It is really mostly configuration that
is lacking.
|
