![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / sbin / isakmpd
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.107 / (download) - annotate - [select for diffs], Fri Oct 27 08:29:32 2017 UTC (6 years, 7 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4,
OPENBSD_6_3_BASE,
OPENBSD_6_3,
HEAD
Changes since 1.106: +9 -5 lines
Diff to previous 1.106 (colored)
Support DH groups 19 to 21 and 25 to 30, just like iked(8) does. ok visa@, markus@
Revision 1.106 / (download) - annotate - [select for diffs], Wed Mar 16 15:41:10 2016 UTC (8 years, 2 months ago) by krw
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2,
OPENBSD_6_1_BASE,
OPENBSD_6_1,
OPENBSD_6_0_BASE,
OPENBSD_6_0
Changes since 1.105: +2 -2 lines
Diff to previous 1.105 (colored)
More "(<blah> *)0" -> NULL, avoiding any stdarg functions. Feedback millert@ kettenis@
Revision 1.105 / (download) - annotate - [select for diffs], Wed Dec 9 21:41:50 2015 UTC (8 years, 5 months ago) by naddy
Branch: MAIN
CVS Tags: OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.104: +7 -7 lines
Diff to previous 1.104 (colored)
Remove plain DES encryption from IPsec. DES is insecure since brute force attacks are practical due to its short key length. This removes support for DES-CBC encryption in ESP and in IKE main and quick mode from the kernel, isakmpd(8), ipsecctl(8), and iked(8). ok mikeb@
Revision 1.104 / (download) - annotate - [select for diffs], Thu Aug 20 22:02:21 2015 UTC (8 years, 9 months ago) by deraadt
Branch: MAIN
Changes since 1.103: +7 -10 lines
Diff to previous 1.103 (colored)
<stdlib.h> is included, so do not need to cast result from malloc, calloc, realloc* ok krw millert
Revision 1.103 / (download) - annotate - [select for diffs], Fri Nov 22 04:12:47 2013 UTC (10 years, 6 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8,
OPENBSD_5_7_BASE,
OPENBSD_5_7,
OPENBSD_5_6_BASE,
OPENBSD_5_6,
OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.102: +5 -5 lines
Diff to previous 1.102 (colored)
Whole bunch of (unsigned char) casts carefully added for ctype calls. Careful second audit by millert
Revision 1.102 / (download) - annotate - [select for diffs], Thu Mar 21 04:30:14 2013 UTC (11 years, 2 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.101: +2 -2 lines
Diff to previous 1.101 (colored)
remove excessive includes
Revision 1.101 / (download) - annotate - [select for diffs], Fri Jul 13 15:16:18 2012 UTC (11 years, 10 months ago) by mikeb
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3,
OPENBSD_5_2_BASE,
OPENBSD_5_2
Changes since 1.100: +4 -3 lines
Diff to previous 1.100 (colored)
Support additional MODP DH groups in the Phase 1 and Phase 2. lteo@ noticed that ipsecctl allowed them within the ike rules while isakmpd failed to load the generated configuration. The fix was verified by hshoexer, ok naddy
Revision 1.100 / (download) - annotate - [select for diffs], Sat Jun 30 14:51:31 2012 UTC (11 years, 11 months ago) by naddy
Branch: MAIN
Changes since 1.99: +7 -2 lines
Diff to previous 1.99 (colored)
enable use of AES-{192,256}-CTR, and explicitly of AES-128-CTR, for IPsec ESP
ok mikeb@
Revision 1.99 / (download) - annotate - [select for diffs], Wed Sep 22 13:45:15 2010 UTC (13 years, 8 months ago) by mikeb
Branch: MAIN
CVS Tags: OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0,
OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.98: +23 -8 lines
Diff to previous 1.98 (colored)
Support for use of AES-GCM-16 (as AESGCM) and ENCR_NULL_AUTH_AES_GMAC (as AESGMAC) ciphers in the ISAKMP Phase 2 (aka Quick Mode). Thoroughly tested by me and naddy. Works fine with Linux. Requires updated pfkeyv2.h include file. ok naddy
Revision 1.98 / (download) - annotate - [select for diffs], Wed Aug 4 18:09:45 2010 UTC (13 years, 10 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.97: +2 -2 lines
Diff to previous 1.97 (colored)
fixup keylength for aes-128-cbc in quickmode from mikeb
Revision 1.97 / (download) - annotate - [select for diffs], Sun Feb 17 10:36:32 2008 UTC (16 years, 3 months ago) by hshoexer
Branch: MAIN
CVS Tags: OPENBSD_4_7_BASE,
OPENBSD_4_7,
OPENBSD_4_6_BASE,
OPENBSD_4_6,
OPENBSD_4_5_BASE,
OPENBSD_4_5,
OPENBSD_4_4_BASE,
OPENBSD_4_4,
OPENBSD_4_3_BASE,
OPENBSD_4_3
Changes since 1.96: +23 -8 lines
Diff to previous 1.96 (colored)
Define default configurations for AES-192 and AES-256. From Mitja Muzenic <mitja at muzenic dot net>, diff provided already quite some time ago, many many thanks. This should have gone in months ago but I was slacking, sorry for that.
Revision 1.96 / (download) - annotate - [select for diffs], Fri Jun 1 10:27:17 2007 UTC (17 years ago) by moritz
Branch: MAIN
CVS Tags: OPENBSD_4_2_BASE,
OPENBSD_4_2
Changes since 1.95: +26 -70 lines
Diff to previous 1.95 (colored)
Let conf_trans_node() set all parts of the node, so that we don't have to expose the node to the outside. Without this, conf_trans_node() created a node, linked it into the conf_trans queue and returned it to the caller. If something failed in one of the callers, the half-initialized node would still be linked in the queue and could get accessed later on. ok hshoexer@
Revision 1.95 / (download) - annotate - [select for diffs], Sun Apr 22 11:34:36 2007 UTC (17 years, 1 month ago) by moritz
Branch: MAIN
Changes since 1.94: +2 -4 lines
Diff to previous 1.94 (colored)
Free allocated node in conf_set_now() before failing, so we do not leak memory. ok hshoexer@
Revision 1.94 / (download) - annotate - [select for diffs], Mon Apr 16 13:01:39 2007 UTC (17 years, 1 month ago) by moritz
Branch: MAIN
Changes since 1.93: +23 -45 lines
Diff to previous 1.93 (colored)
There's no point in checking ptr for NULL before doing free(ptr) since free(NULL) is just fine. ok hshoexer@
Revision 1.93 / (download) - annotate - [select for diffs], Mon Feb 19 09:43:34 2007 UTC (17 years, 3 months ago) by hshoexer
Branch: MAIN
CVS Tags: OPENBSD_4_1_BASE,
OPENBSD_4_1
Changes since 1.92: +3 -3 lines
Diff to previous 1.92 (colored)
isakmpd bits for ESP+NULL encryption. This is useful, when AH can not be used (when being behind NAT). With Martin Hedenfalk <martin.hedenfalk at gmail.com>, thanks!
Revision 1.92 / (download) - annotate - [select for diffs], Tue Aug 29 08:51:28 2006 UTC (17 years, 9 months ago) by hshoexer
Branch: MAIN
CVS Tags: OPENBSD_4_0_BASE,
OPENBSD_4_0
Changes since 1.91: +22 -6 lines
Diff to previous 1.91 (colored)
Properly define quick mode suites for AH. With naddy. ok ho
Revision 1.91 / (download) - annotate - [select for diffs], Sat Jun 10 21:15:45 2006 UTC (17 years, 11 months ago) by hshoexer
Branch: MAIN
Changes since 1.90: +3 -1 lines
Diff to previous 1.90 (colored)
Make deletion of SAs on shutdown optional. The default behaviour now is to not delete SAs. Needed for reliable ipsec failover. Suggested by mtu@. Moreover, this ensures that packets do not leak when isakmpd is shutdown. ok mcbride@, testing mtu@
Revision 1.90 / (download) - annotate - [select for diffs], Sat Jun 10 21:09:45 2006 UTC (17 years, 11 months ago) by msf
Branch: MAIN
Changes since 1.89: +3 -1 lines
Diff to previous 1.89 (colored)
Allow isakmpd to use a different private rsa key per isakmp ID. Hans wrote this a long time ago, I synced it to -current and tested. ok hshoexer@
Revision 1.89 / (download) - annotate - [select for diffs], Sat Jun 10 21:07:10 2006 UTC (17 years, 11 months ago) by hshoexer
Branch: MAIN
Changes since 1.88: +1 -3 lines
Diff to previous 1.88 (colored)
This shouldn't have been commited yet.
Revision 1.88 / (download) - annotate - [select for diffs], Sat Jun 10 20:10:02 2006 UTC (17 years, 11 months ago) by hshoexer
Branch: MAIN
Changes since 1.87: +19 -10 lines
Diff to previous 1.87 (colored)
support sha2 for main mode hmacs and aesctr for quick mode encryption. ok markus@ ho@
Revision 1.87 / (download) - annotate - [select for diffs], Sat May 27 17:01:46 2006 UTC (18 years ago) by hshoexer
Branch: MAIN
Changes since 1.86: +6 -5 lines
Diff to previous 1.86 (colored)
add group15/modp3072 to default configurations.
Revision 1.86 / (download) - annotate - [select for diffs], Wed Dec 28 10:57:35 2005 UTC (18 years, 5 months ago) by hshoexer
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE,
OPENBSD_3_9
Changes since 1.85: +1 -86 lines
Diff to previous 1.85 (colored)
remove some unused functions and an unused variable found by lint. ok markus@
Revision 1.85 / (download) - annotate - [select for diffs], Mon Nov 14 23:25:11 2005 UTC (18 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.84: +6 -15 lines
Diff to previous 1.84 (colored)
use snprintf; ok cloder. also looked at by a few other people
Revision 1.84 / (download) - annotate - [select for diffs], Tue Aug 2 09:08:40 2005 UTC (18 years, 10 months ago) by hshoexer
Branch: MAIN
CVS Tags: OPENBSD_3_8_BASE,
OPENBSD_3_8
Changes since 1.83: +10 -10 lines
Diff to previous 1.83 (colored)
Make sure to always load at least the default configuration values. Fixes a problem noticed by Yaron Wahl, who also pointed out that problem. Thanks! ok mpf@
Revision 1.83 / (download) - annotate - [select for diffs], Thu May 26 02:38:35 2005 UTC (19 years ago) by cloder
Branch: MAIN
Changes since 1.82: +22 -4 lines
Diff to previous 1.82 (colored)
Handle strdup returning NULL. OK hshoexer
Revision 1.82 / (download) - annotate - [select for diffs], Fri Apr 8 22:32:09 2005 UTC (19 years, 1 month ago) by cloder
Branch: MAIN
Changes since 1.81: +1 -3 lines
Diff to previous 1.81 (colored)
Make deterministic randomness (only ever used for testing) a compile-time option. Reduces chances of somehow setting regrand when it's not supposed to be set. Remove "-r" option from man page. Also xref certpatch(8) while we are in there. And remove some include sysdep.h where it is no longer needed. OK hshoexer
Revision 1.81 / (download) - annotate - [select for diffs], Fri Apr 8 17:15:01 2005 UTC (19 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.80: +1 -3 lines
Diff to previous 1.80 (colored)
keynote and policy always compiled in
Revision 1.80 / (download) - annotate - [select for diffs], Fri Apr 8 16:04:17 2005 UTC (19 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.79: +2 -2 lines
Diff to previous 1.79 (colored)
un-ifdef USE_BLOWFISH
Revision 1.79 / (download) - annotate - [select for diffs], Wed Apr 6 16:00:20 2005 UTC (19 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.78: +3 -3 lines
Diff to previous 1.78 (colored)
knf, ok cloder
Revision 1.78 / (download) - annotate - [select for diffs], Tue Apr 5 20:46:20 2005 UTC (19 years, 2 months ago) by cloder
Branch: MAIN
Changes since 1.77: +1 -3 lines
Diff to previous 1.77 (colored)
Always compile X509 support. Almost everyone uses it. Makes the code much easier to read and to maintain. OK and testing by hshoexer@, more testing by me
Revision 1.77 / (download) - annotate - [select for diffs], Mon Apr 4 19:31:11 2005 UTC (19 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.76: +3 -3 lines
Diff to previous 1.76 (colored)
spacing; ok cloder
Revision 1.76 / (download) - annotate - [select for diffs], Tue Mar 15 20:33:07 2005 UTC (19 years, 2 months ago) by moritz
Branch: MAIN
CVS Tags: OPENBSD_3_7_BASE,
OPENBSD_3_7
Changes since 1.75: +5 -6 lines
Diff to previous 1.75 (colored)
reset config line numbers, when daemon gets reinitialized. prevents wrong line numbers in error cases. help from jaredy@ and ok hshoexer@.
Revision 1.75 / (download) - annotate - [select for diffs], Thu Mar 10 17:30:31 2005 UTC (19 years, 2 months ago) by cloder
Branch: MAIN
Changes since 1.74: +7 -3 lines
Diff to previous 1.74 (colored)
Avoid memory leak if strdup should fail. OK hshoexer@
Revision 1.74 / (download) - annotate - [select for diffs], Tue Dec 14 10:17:28 2004 UTC (19 years, 5 months ago) by mcbride
Branch: MAIN
Changes since 1.73: +2 -2 lines
Diff to previous 1.73 (colored)
Allow the Address, Network, or Netmask values of the <IPsec-ID> to be specified with an interface name (in which case the first address is used) or the keyword 'default' (in which case the address is selected based on the default route). eg: [roadwarrior-ip] ID-type= IPV4_ADDR Address= default ok ho@ hshoexer@
Revision 1.73 / (download) - annotate - [select for diffs], Sun Aug 8 19:11:06 2004 UTC (19 years, 9 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_3_6_BASE,
OPENBSD_3_6
Changes since 1.72: +4 -4 lines
Diff to previous 1.72 (colored)
spacing
Revision 1.72 / (download) - annotate - [select for diffs], Thu Jul 29 20:02:02 2004 UTC (19 years, 10 months ago) by ho
Branch: MAIN
Changes since 1.71: +5 -5 lines
Diff to previous 1.71 (colored)
Less noise while debugging.
Revision 1.71 / (download) - annotate - [select for diffs], Fri Jun 25 20:25:34 2004 UTC (19 years, 11 months ago) by hshoexer
Branch: MAIN
Changes since 1.70: +2 -1 lines
Diff to previous 1.70 (colored)
Keynote policy checking can now be disabled by "-K" switch and config tag "Use-Keynote". Default is to use keynote. ok henning@ ho@
Revision 1.70 / (download) - annotate - [select for diffs], Mon Jun 14 13:53:31 2004 UTC (19 years, 11 months ago) by hshoexer
Branch: MAIN
Changes since 1.69: +12 -14 lines
Diff to previous 1.69 (colored)
avoid stat before open ok ho@
Revision 1.69 / (download) - annotate - [select for diffs], Mon Jun 14 09:55:41 2004 UTC (19 years, 11 months ago) by ho
Branch: MAIN
Changes since 1.68: +11 -8 lines
Diff to previous 1.68 (colored)
KNF, style, 80c, etc. hshoexer@ ok
Revision 1.68 / (download) - annotate - [select for diffs], Wed Jun 9 14:02:44 2004 UTC (19 years, 11 months ago) by ho
Branch: MAIN
Changes since 1.67: +2 -2 lines
Diff to previous 1.67 (colored)
Style nits. hshoexer@ ok
Revision 1.67 / (download) - annotate - [select for diffs], Fri May 14 08:42:56 2004 UTC (20 years ago) by hshoexer
Branch: MAIN
Changes since 1.66: +135 -129 lines
Diff to previous 1.66 (colored)
Some more KNF, no binary change. ok ho@
Revision 1.66 / (download) - annotate - [select for diffs], Fri Apr 23 14:15:55 2004 UTC (20 years, 1 month ago) by ho
Branch: MAIN
Changes since 1.65: +130 -172 lines
Diff to previous 1.65 (colored)
Make sure KEY_LENGTH attribute is present when checking AES proposals, required when acting as responder to SafeNet peers. Also make conf_load_defaults() readable again (KNF). hshoexer@ ok.
Revision 1.65 / (download) - annotate - [select for diffs], Thu Apr 15 20:20:55 2004 UTC (20 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.64: +123 -109 lines
Diff to previous 1.64 (colored)
more knf; ok hshoexer
Revision 1.64 / (download) - annotate - [select for diffs], Thu Apr 15 18:53:56 2004 UTC (20 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.63: +49 -45 lines
Diff to previous 1.63 (colored)
knf
Revision 1.63 / (download) - annotate - [select for diffs], Thu Apr 15 18:39:25 2004 UTC (20 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.62: +849 -878 lines
Diff to previous 1.62 (colored)
partial move to KNF. More to come. This has happened because there are a raft of source code auditors who are willing to help improve this code only if this is done, and hey, isakmpd does need our standard auditing process. ok ho hshoexer
Revision 1.62 / (download) - annotate - [select for diffs], Fri Mar 19 14:04:43 2004 UTC (20 years, 2 months ago) by hshoexer
Branch: MAIN
CVS Tags: OPENBSD_3_5_BASE,
OPENBSD_3_5
Changes since 1.61: +2 -2 lines
Diff to previous 1.61 (colored)
Add missing bits to make already present privsep code work. Enable privsep. ok ho@ deraadt@ markus@
Revision 1.61 / (download) - annotate - [select for diffs], Fri Feb 27 19:07:16 2004 UTC (20 years, 3 months ago) by hshoexer
Branch: MAIN
Changes since 1.60: +5 -5 lines
Diff to previous 1.60 (colored)
Add group 14 (modp2048) to predefined suites. Manpage also updated. ok ho@
Revision 1.60 / (download) - annotate - [select for diffs], Tue Jan 6 00:22:48 2004 UTC (20 years, 5 months ago) by hshoexer
Branch: MAIN
Changes since 1.59: +6 -5 lines
Diff to previous 1.59 (colored)
small typos fixed. ok markus@
Revision 1.59 / (download) - annotate - [select for diffs], Tue Sep 2 18:15:55 2003 UTC (20 years, 9 months ago) by ho
Branch: MAIN
CVS Tags: OPENBSD_3_4_BASE,
OPENBSD_3_4
Changes since 1.58: +2 -2 lines
Diff to previous 1.58 (colored)
A couple of nits. deraadt@ ok.
Revision 1.58 / (download) - annotate - [select for diffs], Thu Aug 28 14:43:35 2003 UTC (20 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.57: +3 -3 lines
Diff to previous 1.57 (colored)
support AES in phase 1, too. switch to OpenSSL EVP interface; with Hans-Joerg.Hoexer at yerbouti.franken.de; ok ho@
Revision 1.57 / (download) - annotate - [select for diffs], Fri Jul 25 08:31:16 2003 UTC (20 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.56: +8 -4 lines
Diff to previous 1.56 (colored)
add sha2 support; ok ho@
Revision 1.56 / (download) - annotate - [select for diffs], Tue Jun 10 16:41:29 2003 UTC (20 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.55: +2 -2 lines
Diff to previous 1.55 (colored)
boring cleanups
Revision 1.55 / (download) - annotate - [select for diffs], Tue Jun 3 14:28:16 2003 UTC (21 years ago) by ho
Branch: MAIN
Changes since 1.54: +1 -6 lines
Diff to previous 1.54 (colored)
Remove clauses 3 and 4. With approval from Niklas Hallqvist and Niels Provos.
Revision 1.54 / (download) - annotate - [select for diffs], Tue Jun 3 12:51:38 2003 UTC (21 years ago) by ho
Branch: MAIN
Changes since 1.53: +4 -4 lines
Diff to previous 1.53 (colored)
Cleanup. Use 'sizeof variable' instead of magic constants.
Revision 1.53 / (download) - annotate - [select for diffs], Sun May 18 19:37:46 2003 UTC (21 years ago) by ho
Branch: MAIN
Changes since 1.52: +2 -2 lines
Diff to previous 1.52 (colored)
More isakmpd privsep work. X509 private keys are now kept in the privileged process only. Various cleanup and bugfixes. markus@ ok
Revision 1.52 / (download) - annotate - [select for diffs], Thu May 15 00:28:53 2003 UTC (21 years ago) by ho
Branch: MAIN
Changes since 1.51: +4 -3 lines
Diff to previous 1.51 (colored)
Start of privilege separation for isakmpd. There are some kinks left, so keep it default disabled for now. markus@ says ok to commit.
Revision 1.51 / (download) - annotate - [select for diffs], Wed May 14 18:11:18 2003 UTC (21 years ago) by ho
Branch: MAIN
Changes since 1.50: +2 -1 lines
Diff to previous 1.50 (colored)
Default public key directory definition sanity.
Revision 1.50 / (download) - annotate - [select for diffs], Wed Apr 30 15:15:11 2003 UTC (21 years, 1 month ago) by jason
Branch: MAIN
Changes since 1.49: +3 -2 lines
Diff to previous 1.49 (colored)
cast size_t to unsigned long and use %lu;ok ho
Revision 1.49 / (download) - annotate - [select for diffs], Tue Feb 4 20:02:34 2003 UTC (21 years, 4 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_3_BASE,
OPENBSD_3_3
Changes since 1.48: +1 -6 lines
Diff to previous 1.48 (colored)
don't set the Transform for Default-phase-1-configuration twice, ok ho@
Revision 1.48 / (download) - annotate - [select for diffs], Fri Dec 6 07:46:50 2002 UTC (21 years, 6 months ago) by ho
Branch: MAIN
Changes since 1.47: +3 -3 lines
Diff to previous 1.47 (colored)
Section and tag comparisions should be case-insensitive. PR#3010, Mike Neuman.
Revision 1.47 / (download) - annotate - [select for diffs], Fri Nov 15 14:58:38 2002 UTC (21 years, 6 months ago) by ho
Branch: MAIN
Changes since 1.46: +7 -1 lines
Diff to previous 1.46 (colored)
Missing "Configuration" tag in a Phase-1 peer was not handled correctly, pointed out by Aref Taidi. Replace this with a "Default-Phase-1-Configuration" that will be used if this tag is missing from the peer. Update manpage accordingly. niklas@ ok.
Revision 1.46 / (download) - annotate - [select for diffs], Thu Nov 14 16:13:27 2002 UTC (21 years, 6 months ago) by ho
Branch: MAIN
Changes since 1.45: +19 -35 lines
Diff to previous 1.45 (colored)
Better whitespace/newline handling, this should make broken lines and multiple values parse correctly again, as well as fix PR#2974. Also fix some int/u_int mismatches, and remove conf_get_line() (obsolete).
Revision 1.45 / (download) - annotate - [select for diffs], Wed Sep 11 09:50:43 2002 UTC (21 years, 8 months ago) by ho
Branch: MAIN
CVS Tags: OPENBSD_3_2_BASE,
OPENBSD_3_2
Changes since 1.44: +3 -3 lines
Diff to previous 1.44 (colored)
signed vs unsigned, some void * arithmetic, from -pedantic. niklas@ ok.
Revision 1.44 / (download) - annotate - [select for diffs], Wed Aug 7 13:19:20 2002 UTC (21 years, 10 months ago) by ho
Branch: MAIN
Changes since 1.43: +3 -2 lines
Diff to previous 1.43 (colored)
A rewrite of the CRL support code, also from <Thomas.Walpuski@gmx.net>. Some style mods, and checks added for OpenSSL version 0.9.7 or later. Currently CRLs are not supported for earlier versions. Manual pages updated.
Revision 1.43 / (download) - annotate - [select for diffs], Fri Aug 2 13:10:41 2002 UTC (21 years, 10 months ago) by ho
Branch: MAIN
Changes since 1.42: +2 -1 lines
Diff to previous 1.42 (colored)
CRL support for isakmpd. From <Thomas.Walpuski@gmx.net> with some minor modifications by me. ok niklas@.
Revision 1.42 / (download) - annotate - [select for diffs], Sun Jun 9 08:13:06 2002 UTC (21 years, 11 months ago) by todd
Branch: MAIN
Changes since 1.41: +4 -4 lines
Diff to previous 1.41 (colored)
rm trailing whitespace
Revision 1.41 / (download) - annotate - [select for diffs], Sat Jun 1 07:44:21 2002 UTC (22 years ago) by deraadt
Branch: MAIN
Changes since 1.40: +7 -6 lines
Diff to previous 1.40 (colored)
size_t must be cast to (unsigned long) and printed using %lu
Revision 1.40 / (download) - annotate - [select for diffs], Tue May 28 11:23:20 2002 UTC (22 years ago) by ho
Branch: MAIN
Changes since 1.39: +2 -2 lines
Diff to previous 1.39 (colored)
off_t to size_t change for printf format and malloc. Pointed out by <greg@nest.cx>
Revision 1.39 / (download) - annotate - [select for diffs], Mon Apr 29 06:26:50 2002 UTC (22 years, 1 month ago) by pvalchev
Branch: MAIN
Changes since 1.38: +2 -2 lines
Diff to previous 1.38 (colored)
wierd -> weird
Revision 1.38 / (download) - annotate - [select for diffs], Mon Apr 22 12:52:39 2002 UTC (22 years, 1 month ago) by ho
Branch: MAIN
Changes since 1.37: +17 -8 lines
Diff to previous 1.37 (colored)
Handle configuration lines that end in whitespace or ^M. Also avoid a potential memory leak.
Revision 1.37 / (download) - annotate - [select for diffs], Fri Mar 1 14:54:20 2002 UTC (22 years, 3 months ago) by ho
Branch: MAIN
CVS Tags: OPENBSD_3_1_BASE,
OPENBSD_3_1
Changes since 1.36: +74 -60 lines
Diff to previous 1.36 (colored)
Change DH group handling in the pre-generated parts of the
configuration. Add a -GRP{1,2,5} component to transform and suite
names to directly specify which group to use. If no group is
specified, use DH group 2 (MODP_1024). Earlier transforms and suites
using the MD5 hash defaulted to DH group 1, this is no longer true.
niklas@ ok.
Revision 1.36 / (download) - annotate - [select for diffs], Wed Jan 23 18:44:47 2002 UTC (22 years, 4 months ago) by ho
Branch: MAIN
Changes since 1.35: +8 -6 lines
Diff to previous 1.35 (colored)
the last few sprintf -> snprintf
Revision 1.35 / (download) - annotate - [select for diffs], Thu Jan 3 16:27:41 2002 UTC (22 years, 5 months ago) by ho
Branch: MAIN
Changes since 1.34: +15 -14 lines
Diff to previous 1.34 (colored)
str[n]{cpy,cat} -> strl{cpy,cat}, sprintf -> snprintf
Revision 1.34 / (download) - annotate - [select for diffs], Fri Oct 5 05:59:06 2001 UTC (22 years, 8 months ago) by ho
Branch: MAIN
CVS Tags: OPENBSD_3_0_BASE,
OPENBSD_3_0
Changes since 1.33: +9 -9 lines
Diff to previous 1.33 (colored)
Missed this file; some more debug level fixes.
Revision 1.33 / (download) - annotate - [select for diffs], Thu Jul 5 12:36:47 2001 UTC (22 years, 11 months ago) by ho
Branch: MAIN
Changes since 1.32: +13 -4 lines
Diff to previous 1.32 (colored)
Add prototypes and some other various cleanup.
Revision 1.32 / (download) - annotate - [select for diffs], Sun Jul 1 19:48:43 2001 UTC (22 years, 11 months ago) by niklas
Branch: MAIN
Changes since 1.31: +20 -20 lines
Diff to previous 1.31 (colored)
Style
Revision 1.31 / (download) - annotate - [select for diffs], Fri Jun 29 19:42:16 2001 UTC (22 years, 11 months ago) by niklas
Branch: MAIN
Changes since 1.30: +22 -1 lines
Diff to previous 1.30 (colored)
Provide an API to get sockaddrs out of the config db
Revision 1.24.2.1 / (download) - annotate - [select for diffs], Tue May 8 12:45:21 2001 UTC (23 years ago) by ho
Branch: OPENBSD_2_8
Changes since 1.24: +65 -31 lines
Diff to previous 1.24 (colored) next main 1.25 (colored)
Pull in isakmpd from 2.9 to 2.8 branch.
Revision 1.30 / (download) - annotate - [select for diffs], Tue Mar 27 15:46:29 2001 UTC (23 years, 2 months ago) by ho
Branch: MAIN
CVS Tags: OPENBSD_2_9_BASE,
OPENBSD_2_9
Changes since 1.29: +2 -2 lines
Diff to previous 1.29 (colored)
(c)-2001
Revision 1.29 / (download) - annotate - [select for diffs], Tue Mar 13 17:56:31 2001 UTC (23 years, 2 months ago) by ho
Branch: MAIN
Changes since 1.28: +31 -13 lines
Diff to previous 1.28 (colored)
Somewhere along the line we stopped using the configuration file defaults properly. Make them work again. (niklas@ ok)
Revision 1.28 / (download) - annotate - [select for diffs], Wed Feb 28 08:49:43 2001 UTC (23 years, 3 months ago) by angelos
Branch: MAIN
Changes since 1.27: +15 -16 lines
Diff to previous 1.27 (colored)
Make sure the default lifetimes in the General section are taken into consideration.
Revision 1.27 / (download) - annotate - [select for diffs], Sat Jan 27 12:03:31 2001 UTC (23 years, 4 months ago) by niklas
Branch: MAIN
Changes since 1.26: +2 -2 lines
Diff to previous 1.26 (colored)
(c) 2001
Revision 1.26 / (download) - annotate - [select for diffs], Fri Jan 26 12:12:51 2001 UTC (23 years, 4 months ago) by niklas
Branch: MAIN
Changes since 1.25: +7 -5 lines
Diff to previous 1.25 (colored)
Pedantic style police
Revision 1.25 / (download) - annotate - [select for diffs], Tue Dec 12 01:45:55 2000 UTC (23 years, 5 months ago) by niklas
Branch: MAIN
Changes since 1.24: +17 -2 lines
Diff to previous 1.24 (colored)
Merge with EOM 1.48 author: angelos Add Default-phase-1-ID tag in [General], and document its use. author: angelos Default Phase 1 entry.
Revision 1.24 / (download) - annotate - [select for diffs], Fri Oct 27 19:22:36 2000 UTC (23 years, 7 months ago) by niklas
Branch: MAIN
CVS Tags: OPENBSD_2_8_BASE
Branch point for: OPENBSD_2_8
Changes since 1.23: +3 -3 lines
Diff to previous 1.23 (colored)
conf.c: Merge with EOM 1.46 util.c: Merge EOM diff 1.20 - 1.21, i.e. 1.19 is still left to be merged author: ho Use stat(), not lstat().
Revision 1.23 / (download) - annotate - [select for diffs], Thu Oct 26 22:28:16 2000 UTC (23 years, 7 months ago) by niklas
Branch: MAIN
Changes since 1.22: +3 -3 lines
Diff to previous 1.22 (colored)
Merge with EOM 1.45 author: niklas fgetc returns int not char; Boris Prochazka <boris@stargate.ipunplugged.com>
Revision 1.22 / (download) - annotate - [select for diffs], Mon Oct 16 23:28:56 2000 UTC (23 years, 7 months ago) by niklas
Branch: MAIN
Changes since 1.21: +42 -30 lines
Diff to previous 1.21 (colored)
Merge with EOM 1.44 author: angelos Just to be on the safe side, use a struct stat. author: angelos Only do the secrecy check and parse the configuration file if it actually exists. author: angelos Actually create all the pre-configured Transforms and Suites, even if the user doesn't actually define them in the configuration file; ugly kludge, but it allows use of isakmpd without a configuration file. author: angelos Add RIPEMD negotiation/configuration.
Revision 1.21 / (download) - annotate - [select for diffs], Fri Oct 13 13:22:01 2000 UTC (23 years, 7 months ago) by niklas
Branch: MAIN
Changes since 1.20: +7 -23 lines
Diff to previous 1.20 (colored)
regress/b2n/Makefile: Merge with EOM 1.12 regress/ec2n/Makefile: Merge with EOM 1.9 conf.c: Merge with EOM 1.40 util.c: Merge with EOM 1.17 author: ho Add file permission check to private key file. Split out check function to util.c.
Revision 1.20 / (download) - annotate - [select for diffs], Fri Oct 13 12:19:57 2000 UTC (23 years, 7 months ago) by niklas
Branch: MAIN
Changes since 1.19: +8 -4 lines
Diff to previous 1.19 (colored)
Merge with EOM 1.39 author: ho Revert. Be strict about file mode.
Revision 1.19 / (download) - annotate - [select for diffs], Fri Oct 13 11:44:10 2000 UTC (23 years, 7 months ago) by niklas
Branch: MAIN
Changes since 1.18: +4 -8 lines
Diff to previous 1.18 (colored)
Merge with EOM 1.38 author: ho Warn but continue on isakmpd.conf permissions.
Revision 1.18 / (download) - annotate - [select for diffs], Mon Oct 9 23:27:30 2000 UTC (23 years, 7 months ago) by niklas
Branch: MAIN
Changes since 1.17: +5 -5 lines
Diff to previous 1.17 (colored)
samples/VPN-3way-template.conf: Merge with EOM 1.8 samples/VPN-east.conf: Merge with EOM 1.12 samples/VPN-west.conf: Merge with EOM 1.13 samples/policy: Merge with EOM 1.6 samples/singlehost-west.conf: Merge with EOM 1.9 samples/singlehost-east.conf: Merge with EOM 1.9 conf.c: Merge with EOM 1.37 ipsec.c: Merge with EOM 1.133 ipsec_num.cst: Merge with EOM 1.4 isakmpd.conf.5: Merge with EOM 1.48 isakmpd.policy.5: Merge with EOM 1.21 policy.c: Merge with EOM 1.46 author: angelos AES support.
Revision 1.17 / (download) - annotate - [select for diffs], Sat Oct 7 06:59:05 2000 UTC (23 years, 8 months ago) by niklas
Branch: MAIN
Changes since 1.16: +50 -41 lines
Diff to previous 1.16 (colored)
Merge with EOM 1.36 author: niklas Remove some spaces author: niklas do not crash on empty config files author: ho (c)-2000 author: provos style as pointed out by the code style pedant. author: provos proper reference counting for isakmp_sa in struct message, remove bogus calls to sa_reference; fix some more memory leaks in conf.c
Revision 1.16 / (download) - annotate - [select for diffs], Thu Jun 8 20:50:29 2000 UTC (23 years, 11 months ago) by niklas
Branch: MAIN
Changes since 1.15: +14 -7 lines
Diff to previous 1.15 (colored)
Merge with EOM 1.31 author: angelos Initialize [Keynote]:Credential-directory. author: ho Autogenerated p1/p2 default lifetimes can be defined in config. author: niklas style
Revision 1.15 / (download) - annotate - [select for diffs], Wed May 3 13:47:15 2000 UTC (24 years, 1 month ago) by niklas
Branch: MAIN
CVS Tags: OPENBSD_2_7_BASE,
OPENBSD_2_7
Changes since 1.14: +34 -34 lines
Diff to previous 1.14 (colored)
Merge with EOM 1.28 author: niklas style fascism author: ho style fix author: ho Typo in comment. author: ho Typo; Cers-directory -> Cert-directory author: ho Do not load configuration if isakmpd.conf is not owned by the user running isakmpd. Also, do not load config if file modes are too open. Do not warn about ignored duplicate tags when they are autogenerated. author: niklas From ho: provide defaults for requested transforms, shortens config files vastly.
Revision 1.14 / (download) - annotate - [select for diffs], Tue May 2 14:35:54 2000 UTC (24 years, 1 month ago) by niklas
Branch: MAIN
Changes since 1.13: +319 -12 lines
Diff to previous 1.13 (colored)
Merge with EOM 1.26 author: ho Typo in comment. author: ho Typo; Cers-directory -> Cert-directory author: ho Do not load configuration if isakmpd.conf is not owned by the user running isakmpd. Also, do not load config if file modes are too open. Do not warn about ignored duplicate tags when they are autogenerated. author: niklas From ho: provide defaults for requested transforms, shortens config files vastly.
Revision 1.13 / (download) - annotate - [select for diffs], Fri Apr 7 22:10:30 2000 UTC (24 years, 2 months ago) by niklas
Branch: MAIN
Changes since 1.12: +3 -3 lines
Diff to previous 1.12 (colored)
conf.c: Merge with EOM 1.22 gmp_util.c: Merge with EOM 1.5 gmp_util.h: Merge with EOM 1.3 math_mp.h: Merge with EOM 1.2 sa.c: Merge with EOM 1.101 ui.c: Merge with EOM 1.40 author: niklas (c) 2000
Revision 1.12 / (download) - annotate - [select for diffs], Fri Apr 7 22:06:44 2000 UTC (24 years, 2 months ago) by niklas
Branch: MAIN
Changes since 1.11: +7 -6 lines
Diff to previous 1.11 (colored)
conf.c: Merge with EOM 1.21 isakmpd.c: Merge with EOM 1.46 sa.c: Merge with EOM 1.100 ui.c: Merge with EOM 1.39 author: niklas error message style
Revision 1.11 / (download) - annotate - [select for diffs], Fri Feb 25 17:23:38 2000 UTC (24 years, 3 months ago) by niklas
Branch: MAIN
Changes since 1.10: +17 -17 lines
Diff to previous 1.10 (colored)
regress/crypto/Makefile: Merge with EOM 1.5 regress/dh/Makefile: Merge with EOM 1.7 regress/group/Makefile: Merge with EOM 1.9 regress/prf/Makefile: Merge with EOM 1.4 regress/rsakeygen/Makefile: Merge with EOM 1.8 regress/x509/Makefile: Merge with EOM 1.10 Makefile: Merge with EOM 1.62 attribute.c: Merge with EOM 1.10 sa.c: Merge with EOM 1.99 conf.c: Merge with EOM 1.20 crypto.c: Merge with EOM 1.28 isakmpd.c: Merge with EOM 1.45 connection.c: Merge with EOM 1.19 doi.h: Merge with EOM 1.28 field.c: Merge with EOM 1.11 exchange.c: Merge with EOM 1.116 ike_auth.c: Merge with EOM 1.44 pf_key_v2.c: Merge with EOM 1.37 ike_phase_1.c: Merge with EOM 1.22 ipsec.c: Merge with EOM 1.118 isakmp_doi.c: Merge with EOM 1.40 log.c: Merge with EOM 1.26 log.h: Merge with EOM 1.18 math_group.c: Merge with EOM 1.23 message.c: Merge with EOM 1.144 pf_encap.c: Merge with EOM 1.70 policy.c: Merge with EOM 1.18 timer.c: Merge with EOM 1.13 transport.c: Merge with EOM 1.41 udp.c: Merge with EOM 1.47 ui.c: Merge with EOM 1.37 x509.c: Merge with EOM 1.36 author: niklas Made debug logging a compile time selectable feature
Revision 1.10 / (download) - annotate - [select for diffs], Thu Aug 5 22:41:08 1999 UTC (24 years, 10 months ago) by niklas
Branch: MAIN
CVS Tags: OPENBSD_2_6_BASE,
OPENBSD_2_6
Changes since 1.9: +330 -62 lines
Diff to previous 1.9 (colored)
DESIGN-NOTES: Merge with EOM 1.47 conf.c: Merge with EOM 1.19 conf.h: Merge with EOM 1.10 ui.c: Merge with EOM 1.34 author: niklas Dynamic updates of the configuration database is now possible, either through ui, or through the new conf_* API described in DESIGN-NOTES
Revision 1.9 / (download) - annotate - [select for diffs], Sat May 1 20:43:42 1999 UTC (25 years, 1 month ago) by niklas
Branch: MAIN
Changes since 1.8: +2 -7 lines
Diff to previous 1.8 (colored)
sysdep/openbsd/sysdep.c: Merge with EOM 1.7 DESIGN-NOTES: Merge with EOM 1.42 Makefile: Merge with EOM 1.51 app.c: Merge with EOM 1.6 conf.c: Merge with EOM 1.18 init.c: Merge with EOM 1.14 isakmpd.conf.5: Merge with EOM 1.19 pf_encap.c: Merge with EOM 1.64 pf_encap.h: Merge with EOM 1.12 pf_key_v2.h: Merge with EOM 1.3 sysdep.h: Merge with EOM 1.16 transport.c: Merge with EOM 1.40 ui.c: Merge with EOM 1.32 author: niklas A new connection abstraction
Revision 1.8 / (download) - annotate - [select for diffs], Mon Apr 5 21:00:40 1999 UTC (25 years, 2 months ago) by niklas
Branch: MAIN
CVS Tags: OPENBSD_2_5_BASE,
OPENBSD_2_5
Changes since 1.7: +26 -9 lines
Diff to previous 1.7 (colored)
Merge with EOM 1.17 memory leak fixes 1999 copyrights
Revision 1.7 / (download) - annotate - [select for diffs], Tue Mar 2 15:35:12 1999 UTC (25 years, 3 months ago) by niklas
Branch: MAIN
Changes since 1.6: +2 -3 lines
Diff to previous 1.6 (colored)
conf.c: Merge with EOM 1.15 One include too much conf.h: Merge with EOM 1.7 Forgotten include file
Revision 1.6 / (download) - annotate - [select for diffs], Fri Feb 26 03:34:26 1999 UTC (25 years, 3 months ago) by niklas
Branch: MAIN
Changes since 1.5: +16 -5 lines
Diff to previous 1.5 (colored)
Merge from the Ericsson repository | revision 1.14 | date: 1999/02/25 11:38:47; author: niklas; state: Exp; lines: +3 -1 | include sysdep.h everywhere | ---------------------------- | revision 1.13 | date: 1999/02/25 11:09:31; author: niklas; state: Exp; lines: +7 -4 | Make conf_get_num take a default value to give back when tag does not exist | ---------------------------- | revision 1.12 | date: 1999/01/31 01:20:42; author: niklas; state: Exp; lines: +7 -1 | on-demand keying | ----------------------------
Revision 1.5 / (download) - annotate - [select for diffs], Mon Dec 21 21:52:56 1998 UTC (25 years, 5 months ago) by niklas
Branch: MAIN
Changes since 1.4: +2 -9 lines
Diff to previous 1.4 (colored)
Remove bogus check of printableness of the config file
Revision 1.4 / (download) - annotate - [select for diffs], Fri Nov 20 07:38:30 1998 UTC (25 years, 6 months ago) by niklas
Branch: MAIN
Changes since 1.3: +59 -2 lines
Diff to previous 1.3 (colored)
Add iterator for tags in a section. Add range checking for numbers.
Revision 1.3 / (download) - annotate - [select for diffs], Tue Nov 17 11:10:08 1998 UTC (25 years, 6 months ago) by niklas
Branch: MAIN
Changes since 1.2: +2 -1 lines
Diff to previous 1.2 (colored)
Add RCS Ids from the EOM repository
Revision 1.2 / (download) - annotate - [select for diffs], Sun Nov 15 00:43:50 1998 UTC (25 years, 6 months ago) by niklas
Branch: MAIN
Changes since 1.1: +1 -1 lines
Diff to previous 1.1 (colored)
openBSD RCS IDs
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Sun Nov 15 00:03:48 1998 UTC (25 years, 6 months ago) by niklas
Branch: NIKLAS
CVS Tags: NIKLAS_981114
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)
Initial import of isakmpd, an IKE (ISAKMP/Oakley) implementation for the OpenBSD IPSEC stack by me, Niklas Hallqvist and Niels Provos, funded by Ericsson Radio Systems. It is not yet complete or usable in a real scenario but the missing pieces will soon be there. The early commit is for people who wants early access and who are not afraid of looking at source. isakmpd interops with Cisco, Timestep, SSH & Pluto (Linux FreeS/WAN) so far, so it is not that incomplete. It is really mostly configuration that is lacking.
Revision 1.1 / (download) - annotate - [select for diffs], Sun Nov 15 00:03:48 1998 UTC (25 years, 6 months ago) by niklas
Branch: MAIN
Initial revision