summaryrefslogtreecommitdiff
path: root/sbin/isakmpd/sa.h
AgeCommit message (Collapse)Author
2002-06-09rm trailing whitespaceTodd T. Fries
2002-06-07Add 'ikecfg' as a valid Flags= value.Hakan Olsson
2002-03-17Move SA_FILE definition to sa.h.Angelos D. Keromytis
2002-03-17Add 'T' and 'S' commands (for tearing-down and reporting all Phase 2Angelos D. Keromytis
SAs), from bdallen@nps.navy.mil
2002-01-25no static for sa_dump, explicit log cls/levelHakan Olsson
2001-06-27Keep track of the ACQUIRE sequence number, and pass it to the kernelAngelos D. Keromytis
along with the ADD message.
2001-06-12comment styleNiklas Hallqvist
2001-05-31Get rid of recv_certlen, add sent_* and keynote_key fields,Angelos D. Keromytis
explanations added.
2001-04-24Correct SA refcounting. Fixes a bug where isakmpd could die when a peer wasNiklas Hallqvist
discovered to have rebooted, and old now invalid SAs had to be garbage- collected.
2001-01-27(c) 2001Niklas Hallqvist
2001-01-14Handling of Phase 1 DELETE and Phase 2 INVALID_SPI messagesAngelos D. Keromytis
(newsham@lava.net)
2000-10-10Merge with EOM 1.58Niklas Hallqvist
author: provos increase size of refcnt. okay niklas@
2000-08-03Merge with EOM 1.57Niklas Hallqvist
author: angelos Add sa_enter() prototype.
2000-06-08Merge with EOM 1.56Niklas Hallqvist
author: angelos Allow exchange of KeyNote credentials over IKE. Multiple credentials may be passed in a single CERT payload. KeyNote is used if a directory named as the local ID we use in an exchange exists in the KeyNote directory (default: /etc/isakmpd/keynote/). Note that asymmetric credentials are possible (use KeyNote in one direction and X509 in the other); such authentication is envisioned to be the most common: the clients will use KeyNote credentials to authenticate and authorize with a server, whilst the server will just provide an X509 certificate proving its binding to the IP address or ID. Totally asymmetric authentication (e.g., shared key in one direction, RSA in the other) is not supported by the IKE protocol. author: angelos Begin support for KeyNote credentials exchanged.
2000-02-01apps/certpatch/certpatch.8: Merge with EOM 1.4Niklas Hallqvist
apps/certpatch/certpatch.c: Merge with EOM 1.6 exchange.c: Merge with EOM 1.114 ike_quick_mode.c: Merge with EOM 1.110 ike_phase_1.c: Merge with EOM 1.16 ike_auth.c: Merge with EOM 1.41 ike_aggressive.c: Merge with EOM 1.4 libcrypto.c: Merge with EOM 1.10 libcrypto.h: Merge with EOM 1.10 isakmpd.8: Merge with EOM 1.19 isakmpd.c: Merge with EOM 1.42 ipsec.h: Merge with EOM 1.40 init.c: Merge with EOM 1.22 message.c: Merge with EOM 1.143 message.h: Merge with EOM 1.49 sa.c: Merge with EOM 1.98 sa.h: Merge with EOM 1.54 policy.c: Merge with EOM 1.14 pf_key_v2.c: Merge with EOM 1.36 x509.c: Merge with EOM 1.32 x509.h: Merge with EOM 1.9 udp.c: Merge with EOM 1.46 author: niklas Angelos copyrights
1999-08-26ike_phase_1.c: Merge with EOM 1.8Niklas Hallqvist
message.c: Merge with EOM 1.135 message.h: Merge with EOM 1.48 sa.c: Merge with EOM 1.97 sa.h: Merge with EOM 1.53 author: angelos Complete policy work; tested for the shared-key case. Documentation needed.
1999-06-02Merge with EOM 1.52Niklas Hallqvist
author: ho New flag
1999-04-27sa.c: Merge with EOM 1.88Niklas Hallqvist
sa.h: Merge with EOM 1.51 author: niklas Handle leftover payloads, esp INITIAL CONTACT notifications. Factor out SA expiration setting. Add commentary. author: ho Keep track of trailing retransmissions by keeping exchanges around longer. Removed references to sa->last_sent_in_setup, use last_sent and last_received in exchange instead. Free setup exchanges by expiration only. author: ho Backout last change. (Go with exchange directly instead of sa->msg) author: ho Handle phase 2 late retransmissions.
1999-04-19./sa.h: Merge with EOM 1.47Niklas Hallqvist
Remove SA_FLAG_REPLACED settings from various parts in preparation of a grand unified setting in exchange_finalize. Fix sa_mark_replaced to not release a referance to the sa, and adjust the API as it won't get called as a finalize func anymore.
1999-04-05Merge with EOM 1.46Niklas Hallqvist
New finalize API. Free keystate. 1999 copyrights
1999-03-31Merge with EOM 1.44Niklas Hallqvist
Add refcounting to SA's. Make phase 1 expirations be able to cause renegotiations if configured to.
1999-03-31Merge with EOM 1.43Niklas Hallqvist
the SA replace flag
1999-03-02sa.c: Merge with EOM 1.67Niklas Hallqvist
Add SA attributes, specifically stayalive sa.h: Merge with EOM 1.42 Add SA attributes, specifically stayalive pf_encap.c: Merge with EOM 1.46 Add SA attributes, specifically stayalive exchange.c: Merge with EOM 1.65 Add SA attributes, specifically stayalive
1999-02-27ipsec.c: Merge with EOM 1.83Niklas Hallqvist
Only accept IPsec SAs when searching for such sa.h: Merge with EOM 1.41 Stayalive connections as a default for now, init pf_encap_socket pf_encap.c: Merge with EOM 1.45 Stayalive connections as a default for now, init pf_encap_socket
1999-02-26Merge from the Ericsson repositoryNiklas Hallqvist
| revision 1.40 | date: 1999/02/14 00:11:40; author: niklas; state: Exp; lines: +7 -4 | Generalize how to find SAs with given attributes. Do SA expiration both hard | and soft, and do not rekey automatically anymore. We will revisit this by | adding some kind of policy what to do at these times. Improve commentary | ----------------------------
1998-12-21Last months worth of work on isakmpd, lots doneNiklas Hallqvist
1998-11-17Add RCS Ids from the EOM repositoryNiklas Hallqvist
1998-11-15openBSD RCS IDsNiklas Hallqvist
1998-11-15Initial import of isakmpd, an IKE (ISAKMP/Oakley) implementation for theNiklas Hallqvist
OpenBSD IPSEC stack by me, Niklas Hallqvist and Niels Provos, funded by Ericsson Radio Systems. It is not yet complete or usable in a real scenario but the missing pieces will soon be there. The early commit is for people who wants early access and who are not afraid of looking at source. isakmpd interops with Cisco, Timestep, SSH & Pluto (Linux FreeS/WAN) so far, so it is not that incomplete. It is really mostly configuration that is lacking.