| Age | Commit message (Collapse) | Author |
|---|
|
author: ho
seconds should have initial value
|
|
author: niklas
Do not decrease SA lifetime if we cannot act as initiator
|
|
sa.c: Merge with EOM 1.90
message.c: Merge with EOM 1.131
message.h: Merge with EOM 1.47
author: niklas
Send DELETE payloads in informational exchanges
|
|
author: niklas
Do not put multiple expirations on a single SA
|
|
sa.h: Merge with EOM 1.51
author: niklas
Handle leftover payloads, esp INITIAL CONTACT notifications.
Factor out SA expiration setting. Add commentary.
author: ho
Keep track of trailing retransmissions by keeping exchanges around longer.
Removed references to sa->last_sent_in_setup, use last_sent and
last_received in exchange instead. Free setup exchanges by expiration only.
author: ho
Backout last change. (Go with exchange directly instead of sa->msg)
author: ho
Handle phase 2 late retransmissions.
|
|
author: ho
Style
|
|
Off by one (< -> <=)
Added classes LOG_SA and LOG_EXCHANGE, converted
many LOG_MISC to new classes, adjusted levels slightly.
More SA logging.
Simplify the checks of existing exchanges by moving it into
exchange_establish. This means we need to change the finalize API.
Try to make PF_ENCAP support handle multiple connections to a single
security gateway.
Dump the SA refcount when doing sa_dump
Add LOG_REPORT to always go to logchannel regardless of level; misc small fixes
Remove SA_FLAG_REPLACED settings from various parts in preparation of a
grand unified setting in exchange_finalize. Fix sa_mark_replaced to not
release a referance to the sa, and adjust the API as it won't get called
as a finalize func anymore.
Garbage collect transports via refcounting. Fix commentary.
|
|
Allocation failure reporting. Debug printouts. Typecast correctly.
New finalize API. Free keystate.
|
|
refcounting on exchanges
Do not malloc zero bytes, some implementations dislike
Only find non-replaced SAs when searching by name
resource track exchange->name and sa->name
|
|
Add refcounting to SA's. Make phase 1 expirations be able to cause
renegotiations if configured to.
|
|
Add debugging. Provide a way to say an SA has been replaced wrt the flows.
Do not free the flow information before calling the sysdep delete_spi
routine, as it may use it.
|
|
Stash SPIs in the right slots
|
|
Add SA attributes, specifically stayalive
sa.h: Merge with EOM 1.42
Add SA attributes, specifically stayalive
pf_encap.c: Merge with EOM 1.46
Add SA attributes, specifically stayalive
exchange.c: Merge with EOM 1.65
Add SA attributes, specifically stayalive
|
|
| revision 1.66
| date: 1999/02/25 11:39:20; author: niklas; state: Exp; lines: +3 -1
| include sysdep.h everywhere
| ----------------------------
| revision 1.65
| date: 1999/02/25 10:21:33; author: niklas; state: Exp; lines: +2 -2
| Replay window changes was done at the wrong level
| ----------------------------
| revision 1.64
| date: 1999/02/25 09:30:30; author: niklas; state: Exp; lines: +6 -1
| Replay protection window configurable
| ----------------------------
| revision 1.63
| date: 1999/02/14 00:11:38; author: niklas; state: Exp; lines: +52 -27
| Generalize how to find SAs with given attributes. Do SA expiration both hard
| and soft, and do not rekey automatically anymore. We will revisit this by
| adding some kind of policy what to do at these times. Improve commentary
| ----------------------------
| revision 1.62
| date: 1999/02/06 15:07:23; author: niklas; state: Exp; lines: +3 -1
| remove referense to rekey event when it has happened
| ----------------------------
|
|
|
|
|
|
sa_isakmp_lookup_by_peer
|
|
|
|
|
|
OpenBSD IPSEC stack by me, Niklas Hallqvist and Niels Provos, funded by
Ericsson Radio Systems. It is not yet complete or usable in a real scenario
but the missing pieces will soon be there. The early commit is for people
who wants early access and who are not afraid of looking at source.
isakmpd interops with Cisco, Timestep, SSH & Pluto (Linux FreeS/WAN) so
far, so it is not that incomplete. It is really mostly configuration that
is lacking.
|
