| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
author: ho
Remove early variable initialization.
|
|
not given, but Listen-on is.
|
|
|
|
author: niklas
More error checking of certs
|
|
author: niklas
Add some error checking
|
|
author: niklas
style
author: niklas
strdup error checking
|
|
|
|
author: niklas
As PF_KEY per the specs is a best-effort service, expect messages to get lost.
That means both replies in PF_KEY "RPCs" and expirations, the latter we
solve with extra paranoia and sets timeouts in isakmpd too.
|
|
author: niklas
Doc fixes from OpenBSD
author: niklas
Some extra error checking, documentation and style wrt connections
author: niklas
Initial text for Passive-Connections
author: niklas
Doc fix from OpenBSD
|
|
author: niklas
Some restructuring of ID checks, but still no coupling to names.
|
|
timer.c: Merge with EOM 1.12
author: ho
Logging nitpicks
|
|
author: niklas
Double dots squashed
author: ho
Updated. Minor typos.
|
|
author: ho
Expand the passive connection mechanism.
author: niklas
Some more #if 0 stuff for passive connections
author: ho
Add connections_report and connection_reinit
|
|
author: niklas
Initial stab at Oakley group 5, still an XXX though.
|
|
author: niklas
Style nits
author: ho
Perhaps look into IPCOMP soon?
|
|
author: ho
We do not require flags on implicit passive connections.
author: ho
Fix bug in matching IDs. Cleanup debugging.
author: ho
bug fix of decode_id function.
author: ho
Temp. add some more debugging around setup of passive connection
author: ho
Add more debugging output and correct connection_report
author: niklas
Some extra error checking, documentation and style wrt connections
author: ho
More passive connection support
author: niklas
Small bugfixes and style nits
author: ho
Expand the passive connection mechanism.
author: niklas
Some more #if 0 stuff for passive connections
author: ho
Commit to embryonic code for passive connections
author: niklas
Some type pedantery. Comment style nits.
author: ho
Add connections_report and connection_reinit
|
|
author: ho
New flag
|
|
author: niklas
Style nits
author: ho
Describe debug logging classes in some detail.
|
|
author: niklas
Some extra error checking, documentation and style wrt connections
author: niklas
Some more #if 0 stuff for passive connections
author: niklas
Error handling looked over. Some restructuring of ID checks, but still no
coupling to names.
|
|
author: niklas
Oakley group 5 is of 102 bit ops strength
author: niklas
Initial stab at Oakley group 5, still an XXX though.
|
|
author: ho
Add connection_report
|
|
author: niklas
Some extra error checking, documentation and style wrt connections
author: ho
New flag
author: niklas
SA expiration randomization is really only good on the soft timeout, early
hard expires may break more if we have a situation where our peer only
wants to act as initiator, and trusts the negotiated lifetime.
|
|
author: ho
Add missing #include
author: ho
Add connection_reinit to SIGHUP handler. Add comments.
|
|
|
|
- Sort xrefs by section, and then alphabetically.
- Add missing commas between xref items.
- Remove commas from the last xref entry.
- Remove duplicate entries.
|
|
author: niklas
We forgot to remove messages in-transit from the send queue when freeing it
due to the other side acknowledging it.
|
|
author: ho
seconds should have initial value
|
|
author: niklas
diagnostic
|
|
author: niklas
Do not decrease SA lifetime if we cannot act as initiator
|
|
author: niklas
Reversed a condition by mistake
author: niklas
Another part of the former commit.
author: niklas
Do not add HASH to informational exchanges if we have
no ISAKMP SA.
|
|
author: niklas
Mention flow cleanup
|
|
author: niklas
Plug a message leak
|
|
author: niklas
Correct allocation of contacts
|
|
doi.h: Merge with EOM 1.27
ike_auth.c: Merge with EOM 1.30
ike_quick_mode.c: Merge with EOM 1.85
ipsec.c: Merge with EOM 1.107
ipsec.h: Merge with EOM 1.36
isakmp_doi.c: Merge with EOM 1.39
author: niklas
Factor out keyed hashing of all payloads with SKEYID_a, and make DOI hooks
for informational exchanges to add such hashing. Use it from QM and the IKE
authentication module too. Remove some bogus XXX comments. Add error
reporting
|
|
author: niklas
Use new informational exchange hooks. Never bind incoming phase 2 messages to
ISAKMP SAs that are not ready. It is not clear just yet what to do in that
case, for now just drop such messages.
|
|
author: niklas
Talk about the config file
|
|
author: niklas
Free SAs left in the exchange's SA list always when freeing
the exchange.
author: niklas
disconnect SAs from the exchange when they are ready
author: ho
Don't create SAs for informational exchanges.
|
|
prf.c: Merge with EOM 1.7
author: niklas
Remove bogus XXXes, add allocation error reporting.
|
|
author: niklas
Remove bogus XXXes, add allocation error reporting.
author: ho
Typo.
author: ho
Do not automatically check connections at HARD_EXPIRE.
Also check for existing exchanges in pf_encap_connection_check.
author: ho
Cut'n'paste typo fix.
|
|
|
|
|
|
sa.c: Merge with EOM 1.90
message.c: Merge with EOM 1.131
message.h: Merge with EOM 1.47
author: niklas
Send DELETE payloads in informational exchanges
|
|
author: niklas
Forgot one change in last commit
|
|
author: niklas
Remove larval SAs if an exchange dies. Also use the DOI from the isakmp_sa
if doing an informational exchange in phase 2.
|
|
|
|
DESIGN-NOTES: Merge with EOM 1.42
Makefile: Merge with EOM 1.51
app.c: Merge with EOM 1.6
conf.c: Merge with EOM 1.18
init.c: Merge with EOM 1.14
isakmpd.conf.5: Merge with EOM 1.19
pf_encap.c: Merge with EOM 1.64
pf_encap.h: Merge with EOM 1.12
pf_key_v2.h: Merge with EOM 1.3
sysdep.h: Merge with EOM 1.16
transport.c: Merge with EOM 1.40
ui.c: Merge with EOM 1.32
author: niklas
A new connection abstraction
|
|
author: niklas
typo in debug output
author: niklas
A new connection abstraction
|
|
author: niklas
Sigh, tunnel mode needs a special flag.
|
