summaryrefslogtreecommitdiff
path: root/sbin/isakmpd/sa.c
AgeCommit message (Expand)Author
2014-01-23Remove a mid-layer which acts like arc4random isn't fairly standard.Theo de Raadt
2014-01-22improve randomization. remove some junk debugging features that areTheo de Raadt
2013-11-21Keep the flow until last IPsec SA is deleted, if the flow is shared byYASUOKA Masahiko
2012-06-30enable use of AES-{192,256}-CTR, and explicitly of AES-128-CTR, for IPsec ESPChristian Weisgerber
2012-01-16import (and fix) net_addrcmp() from libc as a static function.Eric Faurot
2010-12-09When looking up an SA based on peer address, also check the portMartin Hedenfal
2010-09-22Support for use of AES-GCM-16 (as AESGCM) and ENCR_NULL_AUTH_AES_GMACMike Belopuhov
2007-09-02use calloc() to avoid malloc(n * m) overflows; checked by djm canacar jsgTheo de Raadt
2007-06-02safer snprintf construct with more paranoid length calculationPeter Valchev
2007-04-16There's no point in checking ptr for NULL before doing free(ptr)Moritz Jodeit
2006-11-24add support to tag ipsec traffic belonging to specific IKE-initiatedReyk Floeter
2006-08-30Back out r1.103, which caused SA's to leak until memory was exhausted.Chad Loder
2006-06-02Big spelling cleanup, no binary change. From david@Hans-Joerg Hoexer
2006-05-31Make sure, that phase 1 SAs of active connections stay alive. Fixes a DPDHans-Joerg Hoexer
2006-05-29Do not use C++ comments. Noticed by markus.Hans-Joerg Hoexer
2006-05-29Oops, return after calling sa_release()Ryan Thomas McBride
2006-05-28Assign a finalization event to the exchange initiated on soft expiry.Ryan Thomas McBride
2006-05-28also report SA flags.Hans-Joerg Hoexer
2005-09-23Provide UI commands to delete phase 1 SAs.Hans-Joerg Hoexer
2005-08-09Normalize attribute values before comparison. Unbreaks interop with netscreen.Hans-Joerg Hoexer
2005-07-25output some more information on UI command "S"Hans-Joerg Hoexer
2005-07-22spacing and tiny knfHans-Joerg Hoexer
2005-04-08get rid of sysdep_sa_lenHans-Joerg Hoexer
2005-04-08Make deterministic randomness (only ever used for testing) a compile-timeChad Loder
2005-04-08keynote and policy always compiled inTheo de Raadt
2005-04-08always enable aggressive, dpd, and isakmp_cfgTheo de Raadt
2005-04-08nat-traversal alwaysTheo de Raadt
2005-04-06knf, ok cloderTheo de Raadt
2005-04-06Always print transport information correctly.Chad Loder
2005-04-04spacing; ok cloderTheo de Raadt
2005-02-27where possible, use bzero instead of memsetHans-Joerg Hoexer
2005-02-24disable the SA dpd timer on sa_free(). this avoid a raceMarkus Friedl
2005-02-16On shutdown also send delete messages for isakmp SAs.Hans-Joerg Hoexer
2005-01-30Avoid null pointer dereference when deleting not fully established SAs.Hans-Joerg Hoexer
2004-08-10Better implementation of the Dead Peer Detection protocol, RFC 3706.Hakan Olsson
2004-08-08spacingTheo de Raadt
2004-08-02Do not expire unestablished phase 2 SAs on SIGHUP.Hans-Joerg Hoexer
2004-06-21Implement NAT-T keepalive messages.Hakan Olsson
2004-05-23More KNF. Mainly spaces and line-wraps, no binary change.Hans-Joerg Hoexer
2004-05-13Extensions to the FIFO interface:Hakan Olsson
2004-04-15partial move to KNF. More to come. This has happened because thereTheo de Raadt
2004-04-07-Wsign-compare nits. hshoexer@ ok.Hakan Olsson
2004-04-07More careful when walking LIST queues. hshoexer@, david@ ok.Hakan Olsson
2004-03-19Add missing bits to make already present privsep code work. Enable privsep.Hans-Joerg Hoexer
2004-02-27(C)-2004Hakan Olsson
2004-02-27Follow RFC 2408 more closely regarding how to better check the proposalHakan Olsson
2004-01-06small typos fixed.Hans-Joerg Hoexer
2003-07-25add sha2 support; ok ho@Markus Friedl
2003-06-04Remove the rest of clauses 3 and 4. Approved by Niklas Hallqvist, AngelosHakan Olsson
2003-06-03Cleanup. Use 'sizeof variable' instead of magic constants.Hakan Olsson
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-26 21:30:59 +0000