![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / sbin / iked
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.19, Mon Oct 19 11:25:35 2015 UTC (8 years, 7 months ago) by reyk
Branch: MAIN
CVS Tags: HEAD
Changes since 1.18: +1 -1 lines
FILE REMOVED
Remove the ikev1 stub - Since I started iked, it has an empty privsep process for ISAKMP+IKEv1. I kept it to let somebody either contribute the old protocol one day, I never intended to implement IKEv1 myself, or to add a new kind of pipe to isakmpd to hand off IKEv1 messages. As IKEv2 is widely supported by all major OS and networking vendors now, I'm happy to scrap the idea of supporting ISAKMP+IKEv1. It is still possible to use isakmpd for legacy VPNs. OK mikeb@
Revision 1.18 / (download) - annotate - [select for diffs], Fri Aug 21 11:59:27 2015 UTC (8 years, 9 months ago) by reyk
Branch: MAIN
Changes since 1.17: +4 -4 lines
Diff to previous 1.17 (colored)
Switch iked to C99-style fixed-width integer types. OK mikeb@
Revision 1.17 / (download) - annotate - [select for diffs], Fri Feb 6 10:39:01 2015 UTC (9 years, 4 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8,
OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.16: +1 -2 lines
Diff to previous 1.16 (colored)
unneeded getopt.h
Revision 1.16 / (download) - annotate - [select for diffs], Fri Jan 16 06:39:58 2015 UTC (9 years, 4 months ago) by deraadt
Branch: MAIN
Changes since 1.15: +1 -2 lines
Diff to previous 1.15 (colored)
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
Revision 1.15 / (download) - annotate - [select for diffs], Tue Apr 22 12:00:03 2014 UTC (10 years, 1 month ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.14: +3 -3 lines
Diff to previous 1.14 (colored)
Update iked to use the same proc.c that relayd uses. Less differences, less code to audit. ok mikeb@
Revision 1.14 / (download) - annotate - [select for diffs], Mon Feb 17 11:00:14 2014 UTC (10 years, 3 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.13: +2 -2 lines
Diff to previous 1.13 (colored)
Fix compiler warnings in the format strings: use %zd for ssize_t and %zu for size_t. From Andre de Oliveira With input and OK from blambert@ markus@
Revision 1.13 / (download) - annotate - [select for diffs], Thu Mar 21 04:30:14 2013 UTC (11 years, 2 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.12: +1 -2 lines
Diff to previous 1.12 (colored)
remove excessive includes
Revision 1.12 / (download) - annotate - [select for diffs], Tue Jan 8 10:38:19 2013 UTC (11 years, 5 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3
Changes since 1.11: +2 -3 lines
Diff to previous 1.11 (colored)
Remove private CVS tag from an obsolete repository and bump copyright to 2013 while I'm here... this is my way of saying "happy new year!".
Revision 1.11 / (download) - annotate - [select for diffs], Tue Sep 18 12:07:59 2012 UTC (11 years, 8 months ago) by reyk
Branch: MAIN
Changes since 1.10: +2 -2 lines
Diff to previous 1.10 (colored)
update email addresses to match reality. sure jsg@ mikeb@
Revision 1.10 / (download) - annotate - [select for diffs], Mon May 9 11:15:18 2011 UTC (13 years, 1 month ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_2_BASE,
OPENBSD_5_2,
OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0
Changes since 1.9: +3 -3 lines
Diff to previous 1.9 (colored)
rename functions in proc.c to proc_* and move some code from imsg_util.c to proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
Revision 1.9 / (download) - annotate - [select for diffs], Thu May 5 12:59:31 2011 UTC (13 years, 1 month ago) by reyk
Branch: MAIN
Changes since 1.8: +3 -3 lines
Diff to previous 1.8 (colored)
Small tweak - add direct pointer to env instead of using an indirect one.
Revision 1.8 / (download) - annotate - [select for diffs], Thu May 5 12:55:52 2011 UTC (13 years, 1 month ago) by reyk
Branch: MAIN
Changes since 1.7: +5 -5 lines
Diff to previous 1.7 (colored)
Move the proc.c-specific runtime state out of struct iked into a sub-struct. This removes iked-specific stuff from proc.c.
Revision 1.7 / (download) - annotate - [select for diffs], Thu May 5 12:17:10 2011 UTC (13 years, 1 month ago) by reyk
Branch: MAIN
Changes since 1.6: +9 -9 lines
Diff to previous 1.6 (colored)
rename iked_proc* to privsep_proc*. no functional change.
Revision 1.6 / (download) - annotate - [select for diffs], Fri Jan 21 11:56:00 2011 UTC (13 years, 4 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.5: +3 -1 lines
Diff to previous 1.5 (colored)
Reimplement the iked(8) policy evaluation for incoming connections to use the last matching semantics of PF. The previous rbtree-based implementation was broken and tried to do a longest prefix match. But instead of prefix match and using radix-trees to fix it I decided with mikeb@ to implement it as last matching policy evaluation. The last matching policy wins; the "quick" keyword can enforce first matching; additional keywords like "skip" are specific to iked(8). See iked.conf(5) for more details. The implementation also uses skip steps based on PF's code. It significantly speeds up the evaluation of many policies but also adds a little delay when loading them (only noticeable with thousands of policies). This allows iked(8) to scale well with thousands of configured policies but I also liked the fact to have skip steps in another piece of code. ok dhartmei@ for using his skip step code under the ISC license in policy.c ok mikeb@, jmc@
Revision 1.5 / (download) - annotate - [select for diffs], Thu Jun 24 20:15:30 2010 UTC (13 years, 11 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.4: +10 -2 lines
Diff to previous 1.4 (colored)
unbreak the ikectl log verbose/brief commands.
Revision 1.4 / (download) - annotate - [select for diffs], Mon Jun 14 08:55:59 2010 UTC (14 years ago) by reyk
Branch: MAIN
Changes since 1.3: +3 -3 lines
Diff to previous 1.3 (colored)
cleanup messages and parsed information correctly
Revision 1.3 / (download) - annotate - [select for diffs], Thu Jun 10 14:08:37 2010 UTC (14 years ago) by reyk
Branch: MAIN
Changes since 1.2: +7 -1 lines
Diff to previous 1.2 (colored)
add new commands: the couple/decouple commands will set loading of the learned flows and SAs to the kernel which is useful for testing and debugging. the active/passive commands are required to use iked with sasyncd(8); sasyncd just needs to call "ikectl active/passive" or send the appropriate imsg to support iked but this is not implemented yet.
Revision 1.2 / (download) - annotate - [select for diffs], Thu Jun 10 08:29:47 2010 UTC (14 years ago) by reyk
Branch: MAIN
Changes since 1.1: +8 -8 lines
Diff to previous 1.1 (colored)
i don't like splitting source code in too many source files but ikev2.c has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
Revision 1.1 / (download) - annotate - [select for diffs], Thu Jun 3 16:41:12 2010 UTC (14 years ago) by reyk
Branch: MAIN
Import iked, a new implementation of the IKEv2 protocol. iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder. with lots of help and debugging by jsg@ ok deraadt@