summaryrefslogtreecommitdiff
path: root/sbin/isakmpd
AgeCommit message (Collapse)Author
2004-08-03Rewrite the transport reference count code to avoid leaks.Hakan Olsson
hshoexer@ ok.
2004-08-02Do not expire unestablished phase 2 SAs on SIGHUP.Hans-Joerg Hoexer
ok ho@
2004-08-02Missed to add virtual.c here. Noted by Benjamin Pineau.Hakan Olsson
2004-07-30Style.Hakan Olsson
2004-07-29Less noise while debugging.Hakan Olsson
2004-07-29Repair NAT-T using Aggressive mode, NAT-D checks were in the wrong place.Hakan Olsson
Noted by Yvan VANHULLEBUS.
2004-07-09ansiTheo de Raadt
2004-07-08free() and close() in error path.Hans-Joerg Hoexer
ok ho@
2004-07-08typo, and line adjustment;Jason McIntyre
2004-07-07document -a/-K and "Acquire-Only"/"Use-Keynote".Hans-Joerg Hoexer
ok markus@ henning@ ho@ english polish and mdoc help and ok jmc@
2004-07-07plug memleak when receiving an INVALID_HASH_INFORMATION notify.Hans-Joerg Hoexer
Found by Patrick Latifi, thanks! ok ho@
2004-07-07compile cleanly with -Wsign-compare; while around, kill a spaceHans-Joerg Hoexer
ok ho@
2004-07-05%lu and cast to unsigned long to print a size_t; ok hoPeter Valchev
2004-06-30Compile cleanly with gcc3.3.2.Hans-Joerg Hoexer
ok ho@
2004-06-26new sentence, new line;Jason McIntyre
2004-06-26Narrow down privsep interface. Move pf_key_v2_open() to monitor.Hans-Joerg Hoexer
Work in progress. ok ho@
2004-06-26Remove -DHAVE_GETNAMEINFO frome makefiles.Ryan Thomas McBride
Pointed out by ho@
2004-06-25Keynote policy checking can now be disabled by "-K" switch and config tagHans-Joerg Hoexer
"Use-Keynote". Default is to use keynote. ok henning@ ho@
2004-06-25Remove HAVE_GETNAMEINFO alternate code. Compiled binary is unchanged.Ryan Thomas McBride
ok msf@ hshoexer@ itojun@ ho@
2004-06-25Narrow down privsep interface. Remove ui_init to monitor. So we can get rid ofHans-Joerg Hoexer
monitor_mkfifo. Work in progress. ok ho@
2004-06-24Remove some unused code.Hans-Joerg Hoexer
Fix handling of sigchild. Now it's possible to sigstop/sigcont isakmpd correclty. ok ho@
2004-06-24Also handle keys from x509-certificates embedded in keynote credentials.Hans-Joerg Hoexer
with msf@ ok ho@
2004-06-23Print corrent prefix. Found and tested by alex at vbone.net.Hakan Olsson
2004-06-23Avoid stat before open. Do open and fstat instead.Hans-Joerg Hoexer
Remove check_file_secrecy() as it is obsoleted be check_file_secrecy_fd(). ok ho@
2004-06-23Make compiling with Boehm's gc possible again.Hakan Olsson
2004-06-23Support IPV{4,6}_ADDR_SUBNET IDs in Phase 1, just like the man pageHakan Olsson
says we do. Noted and tested by alex at vbone.net. Also avoid a potential SEGV here. hshoexer@ok
2004-06-23Add commandline switch -a / config tag "Acquire-Only" to tell isakmpd to notHans-Joerg Hoexer
touch flows. initial work by markus ok markus@ ho@ henning@
2004-06-22kn_get_string() may return NULL on failure. Handle this corrctly.Hans-Joerg Hoexer
with msf@, ok ho@ markus@
2004-06-22The NAT-T drafts suggest we should drop incoming messages arriving onHakan Olsson
the old port (500) after we've switched to the new one.
2004-06-21Describe the [Default]:NAT-T-Keepalive configuration parameter.Hakan Olsson
2004-06-21Enable NAT-T support.Hakan Olsson
2004-06-21Implement NAT-T keepalive messages.Hakan Olsson
2004-06-21udpencap_port should be taken from dst transportHakan Olsson
2004-06-21When switching from main to encap transport, copy dst port ifHakan Olsson
translated (NAT).
2004-06-21Strip away umask bits in monitor_fopen(). hshoexer@ ok.Hakan Olsson
2004-06-21style nitHakan Olsson
2004-06-21undo double-patch; Dries SchellekensMarkus Friedl
2004-06-21Don't write too much IKE data in packet captureHakan Olsson
2004-06-21Packet capture should add the ESP-marker when NAT-T is active.Hakan Olsson
2004-06-21Tell the kernel to enable ESP-in-UDP encapsulation when we haveHakan Olsson
SAs negotiated with NAT-T.
2004-06-21Port floating (500->4500) for p1 and p2 exchanges.Hakan Olsson
2004-06-20message_parse_payloads should accept payloads in the private range.Hakan Olsson
While here, also cleanup some messages.
2004-06-20Make the payload array in struct message dynamic, since we need to handleHakan Olsson
payloads in the private range, such as the pre-RFC NAT-D/NAT-OA. Replace TAILQ_FIRST(&msg->payload[i]) instances with function calls.
2004-06-20NAT-Traversal for isakmpd. Work in progress...Hakan Olsson
hshoexer@ ok.
2004-06-20A start towards Dead Peer Detection (DPD) support, as specified in RFC 3706Hakan Olsson
2004-06-20Some vendors send the last Aggressive Mode message unencrypted, which weHakan Olsson
should accept. Problem noted by alex at vbone.net. hshoexer@ ok.
2004-06-20To make debugging the unprivileged child process easier, make 'isakmpd -dd'Hakan Olsson
pause just after privsep; print the PIDs and wait for SIGCONT. hshoexer@ ok
2004-06-17Yet another bunch of memleask found and fixed by Patrick Latifi. Thanks!Hans-Joerg Hoexer
ok ho@
2004-06-17Plug a memleak. Found and fixed (and some cleanup) by Patrick Latifi.Hans-Joerg Hoexer
Thanks! ok ho@
2004-06-17Evaluate result of X509_verify_cert() more carefully.Hans-Joerg Hoexer
ok cloder@
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-28 02:12:49 +0000