| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
|
|
this is consistent.
|
|
okay angelos@
|
|
|
|
|
|
for architectures without shlibs
|
|
author: niklas
style
author: angelos
Don't limit Phase 1 SA establishment -- while this does limit resource
consumption, it's neither foolproof nor entirely correct (it
introduces some synchronization problems).
|
|
author: niklas
whitespace
author: niklas
style
author: angelos
Pass the local/remote Phase 1 ID to the flow, so it can be reused when
an SA is re-negotiated.
author: angelos
Save the Phase 1 IDs along with the flow.
author: angelos
Don't block new phase 1 SA establishment -- avoids some sync problems.
Also, handle kernel-issued expirations more intelligently.
author: angelos
isakmpd can now negotiate transport protocol/ports (either through the
configuration file or through kernel ACQUIREs).
author: angelos
Fix flow cleanup/setup on renegotiation (or failure thereof) -- thanks
to cedric@wireless-networks.com for testing and feedback.
author: angelos
Remove unused code.
author: angelos
Don't be too permissive with the installed flows -- after all, we can
just run more negotiations.
author: angelos
ifndef, not ifdef
author: angelos
Delete ingress flow correctly.
author: angelos
Initialize structure.
|
|
author: niklas
more fascistoid style
author: angelos
Don't insert the *same* entry in two or more buckets! Thanks to
cedric@wireless-networks.com for reporting/debugging and coming up
with the patch.
author: angelos
Correct format string.
author: angelos
x509_hash() should also skip the cert length (willey@serasystems.com)
author: angelos
Add some error messages (ingham@ara.com)
|
|
author: angelos
Pass the local/remote Phase 1 ID to the flow, so it can be reused when
an SA is re-negotiated.
author: angelos
isakmpd can now negotiate transport protocol/ports (either through the
configuration file or through kernel ACQUIREs).
|
|
pf_encap.h: Merge with EOM 1.13
pf_key_v2.h: Merge with EOM 1.4
sysdep.h: Merge with EOM 1.17
author: angelos
Pass the local/remote Phase 1 ID to the flow, so it can be reused when
an SA is re-negotiated.
|
|
author: angelos
Add Default-phase-1-ID tag in [General], and document its use.
author: angelos
isakmpd can now negotiate transport protocol/ports (either through the
configuration file or through kernel ACQUIREs).
|
|
author: angelos
Add Default-phase-1-ID tag in [General], and document its use.
author: angelos
Default Phase 1 entry.
|
|
author: niklas
style nit, we only use NULL in isakmpd when a manpage mandates it
author: angelos
Also check for default Phase 1 ID.
|
|
author: niklas
Style nits
author: angelos
Pass the local/remote Phase 1 ID to the flow, so it can be reused when
an SA is re-negotiated.
author: angelos
isakmpd can now negotiate transport protocol/ports (either through the
configuration file or through kernel ACQUIREs).
author: angelos
CAST-128 has a maximum of 128bit keys, not 256.
|
|
author: angelos
Careful when copying IDs.
author: angelos
Oops, what am I thinking ?
author: angelos
Ooops again, I reverted the wrong patch.
author: angelos
Oops, shouldn't have committed this.
author: angelos
x509_hash() should also skip the cert length (willey@serasystems.com)
author: angelos
If it's a dynamically established Phase 2 SA, don't keep a copy of it
in isakmpd (the kernel keeps track of everything in this case).
author: angelos
Comment.
author: angelos
If no time-based lifetime was negotiated, don't release the SA.
|
|
author: niklas
Do not try to deal with weak syms on archs that do not have shlibs
|
|
author: angelos
isakmpd can now negotiate transport protocol/ports (either through the
configuration file or through kernel ACQUIREs).
|
|
|
|
|
|
timeout routine (should there be a default expiration if none is
negotiated ?)
|
|
testing and feedback.
|
|
-- willey@serasystems.co
|
|
|
|
|
|
author: niklas
style nits
author: angelos
Typecast so compiler shuts up.
author: ho
Use stat(), not lstat().
author: niklas
style and removal of unused, unneeded code
|
|
author: niklas
style
author: angelos
Better ID matching, should solve (some?) of PGPnet interoperability
problems. From mickey@
|
|
author: niklas
Fix log message
author: niklas
style
|
|
author: niklas
style nits
author: angelos
Print and use correct port when looking at listening sockets.
Don't setup unnecessary flows on the receiver side.
author: angelos
Careful on the type used by inet_ntoa()
author: niklas
byte ordering
|
|
author: niklas
sync with OpenBSD
author: angelos
Update.
|
|
author: angelos
Initialize variable, avoid free() warnings.
author: provos
when cert_get fails dont dereference p if its NULL, found by
francis.dupont@enst-bretagne.fr
|
|
samples/singlehost-west.conf: Merge with EOM 1.10
samples/singlehost-setup.sh: Merge with EOM 1.3
author: niklas
use networks that fits me better
|
|
util.h: Merge with EOM 1.10
author: niklas
style and removal of unused, unneeded code
|
|
author: niklas
sync with OpenBSD
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
util.c: Merge EOM diff 1.20 - 1.21, i.e. 1.19 is still left to be merged
author: ho
Use stat(), not lstat().
|
|
author: niklas
fgetc returns int not char; Boris Prochazka <boris@stargate.ipunplugged.com>
|
|
author: niklas
getopt returns int not char; Boris Prochazka <boris@stargate.ipunplugged.com>
|
|
author: provos
better referencing. okay niklas@
author: angelos
Eliminate bogus freeing of static variable.
|
|
author: angelos
Just to be on the safe side, use a struct stat.
author: angelos
Only do the secrecy check and parse the configuration file if it
actually exists.
author: angelos
Actually create all the pre-configured Transforms and Suites, even if
the user doesn't actually define them in the configuration file; ugly
kludge, but it allows use of isakmpd without a configuration file.
author: angelos
Add RIPEMD negotiation/configuration.
|
|
author: angelos
Fix comment.
author: angelos
Add RIPEMD negotiation/configuration.
|
