summaryrefslogtreecommitdiff
path: root/sbin/isakmpd/sa.c
AgeCommit message (Expand)Author
2010-12-09When looking up an SA based on peer address, also check the portMartin Hedenfal
2010-09-22Support for use of AES-GCM-16 (as AESGCM) and ENCR_NULL_AUTH_AES_GMACMike Belopuhov
2007-09-02use calloc() to avoid malloc(n * m) overflows; checked by djm canacar jsgTheo de Raadt
2007-06-02safer snprintf construct with more paranoid length calculationPeter Valchev
2007-04-16There's no point in checking ptr for NULL before doing free(ptr)Moritz Jodeit
2006-11-24add support to tag ipsec traffic belonging to specific IKE-initiatedReyk Floeter
2006-08-30Back out r1.103, which caused SA's to leak until memory was exhausted.Chad Loder
2006-06-02Big spelling cleanup, no binary change. From david@Hans-Joerg Hoexer
2006-05-31Make sure, that phase 1 SAs of active connections stay alive. Fixes a DPDHans-Joerg Hoexer
2006-05-29Do not use C++ comments. Noticed by markus.Hans-Joerg Hoexer
2006-05-29Oops, return after calling sa_release()Ryan Thomas McBride
2006-05-28Assign a finalization event to the exchange initiated on soft expiry.Ryan Thomas McBride
2006-05-28also report SA flags.Hans-Joerg Hoexer
2005-09-23Provide UI commands to delete phase 1 SAs.Hans-Joerg Hoexer
2005-08-09Normalize attribute values before comparison. Unbreaks interop with netscreen.Hans-Joerg Hoexer
2005-07-25output some more information on UI command "S"Hans-Joerg Hoexer
2005-07-22spacing and tiny knfHans-Joerg Hoexer
2005-04-08get rid of sysdep_sa_lenHans-Joerg Hoexer
2005-04-08Make deterministic randomness (only ever used for testing) a compile-timeChad Loder
2005-04-08keynote and policy always compiled inTheo de Raadt
2005-04-08always enable aggressive, dpd, and isakmp_cfgTheo de Raadt
2005-04-08nat-traversal alwaysTheo de Raadt
2005-04-06knf, ok cloderTheo de Raadt
2005-04-06Always print transport information correctly.Chad Loder
2005-04-04spacing; ok cloderTheo de Raadt
2005-02-27where possible, use bzero instead of memsetHans-Joerg Hoexer
2005-02-24disable the SA dpd timer on sa_free(). this avoid a raceMarkus Friedl
2005-02-16On shutdown also send delete messages for isakmp SAs.Hans-Joerg Hoexer
2005-01-30Avoid null pointer dereference when deleting not fully established SAs.Hans-Joerg Hoexer
2004-08-10Better implementation of the Dead Peer Detection protocol, RFC 3706.Hakan Olsson
2004-08-08spacingTheo de Raadt
2004-08-02Do not expire unestablished phase 2 SAs on SIGHUP.Hans-Joerg Hoexer
2004-06-21Implement NAT-T keepalive messages.Hakan Olsson
2004-05-23More KNF. Mainly spaces and line-wraps, no binary change.Hans-Joerg Hoexer
2004-05-13Extensions to the FIFO interface:Hakan Olsson
2004-04-15partial move to KNF. More to come. This has happened because thereTheo de Raadt
2004-04-07-Wsign-compare nits. hshoexer@ ok.Hakan Olsson
2004-04-07More careful when walking LIST queues. hshoexer@, david@ ok.Hakan Olsson
2004-03-19Add missing bits to make already present privsep code work. Enable privsep.Hans-Joerg Hoexer
2004-02-27(C)-2004Hakan Olsson
2004-02-27Follow RFC 2408 more closely regarding how to better check the proposalHakan Olsson
2004-01-06small typos fixed.Hans-Joerg Hoexer
2003-07-25add sha2 support; ok ho@Markus Friedl
2003-06-04Remove the rest of clauses 3 and 4. Approved by Niklas Hallqvist, AngelosHakan Olsson
2003-06-03Cleanup. Use 'sizeof variable' instead of magic constants.Hakan Olsson
2003-05-18Add a debug message to sa_reinit() to indicate when we renegotiateHakan Olsson
2003-05-16If the "Renegotiate-on-HUP" tag is defined in the [General] section, aHakan Olsson
2003-05-15Cleanup. Do not store the private key in either the exchange or sa structs.Hakan Olsson
2003-05-14I did not test this enough. Unbreak.Hakan Olsson
2003-05-12AES -> AES_128_CBCHakan Olsson