![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / sbin / isakmpd
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.142 / (download) - annotate - [select for diffs], Mon Jan 15 09:54:48 2018 UTC (6 years, 4 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4,
OPENBSD_6_3_BASE,
OPENBSD_6_3,
HEAD
Changes since 1.141: +10 -10 lines
Diff to previous 1.141 (colored)
Spacing, no object change.
Revision 1.141 / (download) - annotate - [select for diffs], Thu Jan 4 14:21:00 2018 UTC (6 years, 5 months ago) by mpi
Branch: MAIN
Changes since 1.140: +28 -28 lines
Diff to previous 1.140 (colored)
space -> tab No object change.
Revision 1.140 / (download) - annotate - [select for diffs], Tue Dec 5 20:31:45 2017 UTC (6 years, 6 months ago) by jca
Branch: MAIN
Changes since 1.139: +3 -3 lines
Diff to previous 1.139 (colored)
Use clock_gettime(CLOCK_MONOTONIC) to schedule timers From Scott Cheloha, ok tb@
Revision 1.139 / (download) - annotate - [select for diffs], Mon Sep 18 07:42:52 2017 UTC (6 years, 8 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.138: +51 -31 lines
Diff to previous 1.138 (colored)
Check for failures of exchange_establish_p{1,2}() and call the given
`finalize' function with the `fail' argument when this happen.
Introduce some sanity checks in exchange_free() to be able to call if
even if the data structure isn't completely initialized.
Plug memory leaks when exchange_establish() fails. While here fix a
double free in one of the error paths.
Based on a diff from hshoexer@, ok stsp@, markus@
Revision 1.138 / (download) - annotate - [select for diffs], Thu Mar 10 07:32:16 2016 UTC (8 years, 3 months ago) by yasuoka
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1,
OPENBSD_6_0_BASE,
OPENBSD_6_0
Changes since 1.137: +10 -1 lines
Diff to previous 1.137 (colored)
Don't retransmit responses for unauthenticated messages. Base on diff from Yuuichi Someya ok markus reyk mikeb
Revision 1.137 / (download) - annotate - [select for diffs], Thu Dec 10 17:27:00 2015 UTC (8 years, 6 months ago) by mmcc
Branch: MAIN
CVS Tags: OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.136: +2 -3 lines
Diff to previous 1.136 (colored)
Remove NULL-checks before free(). ok tb@
Revision 1.136 / (download) - annotate - [select for diffs], Mon Apr 20 17:22:18 2015 UTC (9 years, 1 month ago) by mikeb
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.135: +7 -2 lines
Diff to previous 1.135 (colored)
Log if we refuse to continue the exchange when another one that corresponds to the same policy is already active. OK markus, hshoexer
Revision 1.135 / (download) - annotate - [select for diffs], Thu Jan 23 01:04:28 2014 UTC (10 years, 4 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7,
OPENBSD_5_6_BASE,
OPENBSD_5_6,
OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.134: +3 -3 lines
Diff to previous 1.134 (colored)
Remove a mid-layer which acts like arc4random isn't fairly standard. ok mikeb
Revision 1.134 / (download) - annotate - [select for diffs], Sat Apr 23 03:17:04 2011 UTC (13 years, 1 month ago) by lum
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4,
OPENBSD_5_3_BASE,
OPENBSD_5_3,
OPENBSD_5_2_BASE,
OPENBSD_5_2,
OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0
Changes since 1.133: +4 -2 lines
Diff to previous 1.133 (colored)
Indicate which side of the connection responded during phase 1 while using -v. ok sthen@ markus@
Revision 1.133 / (download) - annotate - [select for diffs], Wed Jan 28 13:24:07 2009 UTC (15 years, 4 months ago) by hshoexer
Branch: MAIN
CVS Tags: OPENBSD_4_9_BASE,
OPENBSD_4_9,
OPENBSD_4_8_BASE,
OPENBSD_4_8,
OPENBSD_4_7_BASE,
OPENBSD_4_7,
OPENBSD_4_6_BASE,
OPENBSD_4_6,
OPENBSD_4_5_BASE,
OPENBSD_4_5
Changes since 1.132: +1 -24 lines
Diff to previous 1.132 (colored)
Remove some dead (#if 0) code.
Revision 1.132 / (download) - annotate - [select for diffs], Sun Sep 2 23:50:04 2007 UTC (16 years, 9 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_4_4_BASE,
OPENBSD_4_4,
OPENBSD_4_3_BASE,
OPENBSD_4_3
Changes since 1.131: +2 -3 lines
Diff to previous 1.131 (colored)
more malloc(n * m) -> calloc(n, m); from Igor Zinovik
Revision 1.131 / (download) - annotate - [select for diffs], Sun Aug 5 09:43:09 2007 UTC (16 years, 10 months ago) by tom
Branch: MAIN
CVS Tags: OPENBSD_4_2_BASE,
OPENBSD_4_2
Changes since 1.130: +55 -1 lines
Diff to previous 1.130 (colored)
Allow key exchange with RSA signature authentication to work with Cisco IOS and other initiators that only send their certs in response to CERT_REQUEST. With input and help from cloder@, Stuart Henderson, mpf@, and several others who did lots of testing - thanks to all. ok hshoexer@
Revision 1.130 / (download) - annotate - [select for diffs], Mon Apr 16 13:01:39 2007 UTC (17 years, 1 month ago) by moritz
Branch: MAIN
Changes since 1.129: +11 -21 lines
Diff to previous 1.129 (colored)
There's no point in checking ptr for NULL before doing free(ptr) since free(NULL) is just fine. ok hshoexer@
Revision 1.129 / (download) - annotate - [select for diffs], Sat Mar 3 10:29:18 2007 UTC (17 years, 3 months ago) by tom
Branch: MAIN
CVS Tags: OPENBSD_4_1_BASE,
OPENBSD_4_1
Changes since 1.128: +8 -1 lines
Diff to previous 1.128 (colored)
Make sure we can't accidentally free() a pointer that's been accepted by message_add_payload(), since we are no longer responsible for it. ok cloder@ hshoexer@ moritz@
Revision 1.128 / (download) - annotate - [select for diffs], Fri Sep 1 00:24:06 2006 UTC (17 years, 9 months ago) by mpf
Branch: MAIN
CVS Tags: OPENBSD_4_0_BASE,
OPENBSD_4_0
Changes since 1.127: +9 -1 lines
Diff to previous 1.127 (colored)
Add a new UI command to force isakmpd into passive only mode. Will be used by sasyncd to prevent two talking isakmpd's in an HA setup. Based on a diff by ho@. OK ho@, hshoexer@, deraadt@
Revision 1.127 / (download) - annotate - [select for diffs], Fri Jun 2 19:35:55 2006 UTC (18 years ago) by hshoexer
Branch: MAIN
Changes since 1.126: +3 -3 lines
Diff to previous 1.126 (colored)
Big spelling cleanup, no binary change. From david@
Revision 1.126 / (download) - annotate - [select for diffs], Wed May 31 04:54:46 2006 UTC (18 years ago) by hshoexer
Branch: MAIN
Changes since 1.125: +10 -6 lines
Diff to previous 1.125 (colored)
Make sure, that phase 1 SAs of active connections stay alive. Fixes a DPD breakage noticed and reported by Mitja Muzenic. ok markus@ ho@, testing by Mitja and cloder@, discussed with Nathanael.
Revision 1.125 / (download) - annotate - [select for diffs], Wed Nov 16 18:35:32 2005 UTC (18 years, 6 months ago) by cloder
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE,
OPENBSD_3_9
Changes since 1.124: +4 -2 lines
Diff to previous 1.124 (colored)
Avoid printing a NULL string. ok hshoexer
Revision 1.124 / (download) - annotate - [select for diffs], Wed Oct 26 20:10:49 2005 UTC (18 years, 7 months ago) by markus
Branch: MAIN
Changes since 1.123: +10 -1 lines
Diff to previous 1.123 (colored)
don't send DPD messages before the exchange is finialized, otherwise we have a race between DPD and exchange timeouts and both will release the SA and corrupt the SA list. ok hshoexer@, ho@
Revision 1.123 / (download) - annotate - [select for diffs], Tue Jul 5 11:57:03 2005 UTC (18 years, 11 months ago) by hshoexer
Branch: MAIN
CVS Tags: OPENBSD_3_8_BASE,
OPENBSD_3_8
Changes since 1.122: +4 -3 lines
Diff to previous 1.122 (colored)
use correct function name in log message, tiny KNF
Revision 1.122 / (download) - annotate - [select for diffs], Sat Jun 25 23:20:43 2005 UTC (18 years, 11 months ago) by hshoexer
Branch: MAIN
Changes since 1.121: +2 -2 lines
Diff to previous 1.121 (colored)
/* Fallthrough. */ -> /* FALLTHROUGH */ now that's useable with lint
Revision 1.121 / (download) - annotate - [select for diffs], Thu May 26 06:11:09 2005 UTC (19 years ago) by hshoexer
Branch: MAIN
Changes since 1.120: +4 -5 lines
Diff to previous 1.120 (colored)
Use TAILQ_FOREACH where possible, remove payload_last() ok markus
Revision 1.120 / (download) - annotate - [select for diffs], Thu May 26 05:14:17 2005 UTC (19 years ago) by hshoexer
Branch: MAIN
Changes since 1.119: +2 -2 lines
Diff to previous 1.119 (colored)
get rid of payload mapping ok markus ho cloder
Revision 1.119 / (download) - annotate - [select for diffs], Fri Apr 8 22:32:09 2005 UTC (19 years, 2 months ago) by cloder
Branch: MAIN
Changes since 1.118: +1 -3 lines
Diff to previous 1.118 (colored)
Make deterministic randomness (only ever used for testing) a compile-time option. Reduces chances of somehow setting regrand when it's not supposed to be set. Remove "-r" option from man page. Also xref certpatch(8) while we are in there. And remove some include sysdep.h where it is no longer needed. OK hshoexer
Revision 1.118 / (download) - annotate - [select for diffs], Fri Apr 8 19:40:02 2005 UTC (19 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.117: +1 -15 lines
Diff to previous 1.117 (colored)
USE_DEBUG is bye bye
Revision 1.117 / (download) - annotate - [select for diffs], Fri Apr 8 18:47:19 2005 UTC (19 years, 2 months ago) by hshoexer
Branch: MAIN
Changes since 1.116: +3 -1 lines
Diff to previous 1.116 (colored)
missing includes
Revision 1.116 / (download) - annotate - [select for diffs], Fri Apr 8 18:41:58 2005 UTC (19 years, 2 months ago) by hshoexer
Branch: MAIN
Changes since 1.115: +1 -3 lines
Diff to previous 1.115 (colored)
remove leftovers
Revision 1.115 / (download) - annotate - [select for diffs], Fri Apr 8 16:52:41 2005 UTC (19 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.114: +1 -19 lines
Diff to previous 1.114 (colored)
always enable aggressive, dpd, and isakmp_cfg
Revision 1.114 / (download) - annotate - [select for diffs], Fri Apr 8 16:37:14 2005 UTC (19 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.113: +1 -7 lines
Diff to previous 1.113 (colored)
nat-traversal always
Revision 1.113 / (download) - annotate - [select for diffs], Wed Apr 6 16:00:20 2005 UTC (19 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.112: +15 -19 lines
Diff to previous 1.112 (colored)
knf, ok cloder
Revision 1.112 / (download) - annotate - [select for diffs], Mon Apr 4 19:31:11 2005 UTC (19 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.111: +24 -24 lines
Diff to previous 1.111 (colored)
spacing; ok cloder
Revision 1.91.2.1 / (download) - annotate - [select for diffs], Wed Mar 16 23:45:20 2005 UTC (19 years, 2 months ago) by brad
Branch: OPENBSD_3_5
Changes since 1.91: +2 -2 lines
Diff to previous 1.91 (colored) next main 1.92 (colored)
MFC: Fix by cloder@ Avoid crash on finalization. We have been using this diff in production since mid-2003. ok deraadt@ cloder@
Revision 1.103.2.1 / (download) - annotate - [select for diffs], Wed Mar 16 23:34:56 2005 UTC (19 years, 2 months ago) by brad
Branch: OPENBSD_3_6
Changes since 1.103: +2 -2 lines
Diff to previous 1.103 (colored) next main 1.104 (colored)
MFC: Fix by cloder@ Avoid crash on finalization. We have been using this diff in production since mid-2003. ok deraadt@ cloder@
Revision 1.111 / (download) - annotate - [select for diffs], Thu Mar 10 17:19:08 2005 UTC (19 years, 3 months ago) by cloder
Branch: MAIN
CVS Tags: OPENBSD_3_7_BASE,
OPENBSD_3_7
Changes since 1.110: +4 -2 lines
Diff to previous 1.110 (colored)
Avoid crash on finalization. We have been using this diff in production since mid-2003. OK hshoexer@, markus@, ho@
Revision 1.110 / (download) - annotate - [select for diffs], Sat Mar 5 12:25:12 2005 UTC (19 years, 3 months ago) by ho
Branch: MAIN
Changes since 1.109: +6 -3 lines
Diff to previous 1.109 (colored)
Silence a couple of annoying gcc3 warnings. hshoexer@ ok.
Revision 1.109 / (download) - annotate - [select for diffs], Fri Mar 4 13:33:32 2005 UTC (19 years, 3 months ago) by markus
Branch: MAIN
Changes since 1.108: +5 -2 lines
Diff to previous 1.108 (colored)
fix leak when a phase 2 SA cannot create an exchange for the matching phase 1 ok ho@, hshoexer@
Revision 1.108 / (download) - annotate - [select for diffs], Wed Mar 2 13:27:12 2005 UTC (19 years, 3 months ago) by hshoexer
Branch: MAIN
Changes since 1.107: +3 -3 lines
Diff to previous 1.107 (colored)
correct function name in log message
Revision 1.107 / (download) - annotate - [select for diffs], Sun Feb 27 13:12:12 2005 UTC (19 years, 3 months ago) by hshoexer
Branch: MAIN
Changes since 1.106: +3 -3 lines
Diff to previous 1.106 (colored)
where possible, use bzero instead of memset ok cloder henning
Revision 1.106 / (download) - annotate - [select for diffs], Mon Jan 31 10:30:49 2005 UTC (19 years, 4 months ago) by hshoexer
Branch: MAIN
Changes since 1.105: +3 -3 lines
Diff to previous 1.105 (colored)
Avoid dereferencing a NULL pointer ok msf
Revision 1.105 / (download) - annotate - [select for diffs], Mon Dec 6 12:28:21 2004 UTC (19 years, 6 months ago) by ho
Branch: MAIN
Changes since 1.104: +13 -1 lines
Diff to previous 1.104 (colored)
RFC2409 mandates min and max nonce lengths. hshoexer@ ok.
Revision 1.104 / (download) - annotate - [select for diffs], Fri Sep 17 13:53:08 2004 UTC (19 years, 8 months ago) by ho
Branch: MAIN
Changes since 1.103: +5 -1 lines
Diff to previous 1.103 (colored)
Missing #ifdefs.
Revision 1.103 / (download) - annotate - [select for diffs], Mon Aug 23 11:53:24 2004 UTC (19 years, 9 months ago) by ho
Branch: MAIN
CVS Tags: OPENBSD_3_6_BASE
Branch point for: OPENBSD_3_6
Changes since 1.102: +2 -1 lines
Diff to previous 1.102 (colored)
We need to set sa->initiator before checking if the newly created SA replaces an old one, or the id_i/id_r check will mismatch. Previous behaviour was mostly harmless, but wasted some resources (until normal SA expiration). hshoexer@ "haven't tried, but think it's ok"
Revision 1.102 / (download) - annotate - [select for diffs], Tue Aug 10 15:59:10 2004 UTC (19 years, 10 months ago) by ho
Branch: MAIN
Changes since 1.101: +4 -13 lines
Diff to previous 1.101 (colored)
Better implementation of the Dead Peer Detection protocol, RFC 3706. hshoexer@ ok.
Revision 1.101 / (download) - annotate - [select for diffs], Sun Aug 8 19:11:06 2004 UTC (19 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.100: +7 -7 lines
Diff to previous 1.100 (colored)
spacing
Revision 1.100 / (download) - annotate - [select for diffs], Fri Jul 9 16:06:48 2004 UTC (19 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.99: +2 -2 lines
Diff to previous 1.99 (colored)
ansi
Revision 1.99 / (download) - annotate - [select for diffs], Mon Jun 21 13:09:00 2004 UTC (19 years, 11 months ago) by ho
Branch: MAIN
Changes since 1.98: +21 -2 lines
Diff to previous 1.98 (colored)
Port floating (500->4500) for p1 and p2 exchanges.
Revision 1.98 / (download) - annotate - [select for diffs], Sun Jun 20 17:17:34 2004 UTC (19 years, 11 months ago) by ho
Branch: MAIN
Changes since 1.97: +12 -13 lines
Diff to previous 1.97 (colored)
Make the payload array in struct message dynamic, since we need to handle payloads in the private range, such as the pre-RFC NAT-D/NAT-OA. Replace TAILQ_FIRST(&msg->payload[i]) instances with function calls.
Revision 1.97 / (download) - annotate - [select for diffs], Sun Jun 20 15:20:06 2004 UTC (19 years, 11 months ago) by ho
Branch: MAIN
Changes since 1.96: +14 -5 lines
Diff to previous 1.96 (colored)
A start towards Dead Peer Detection (DPD) support, as specified in RFC 3706
Revision 1.96 / (download) - annotate - [select for diffs], Mon Jun 14 09:55:41 2004 UTC (19 years, 11 months ago) by ho
Branch: MAIN
Changes since 1.95: +3 -2 lines
Diff to previous 1.95 (colored)
KNF, style, 80c, etc. hshoexer@ ok
Revision 1.95 / (download) - annotate - [select for diffs], Wed Jun 9 14:02:44 2004 UTC (20 years ago) by ho
Branch: MAIN
Changes since 1.94: +3 -3 lines
Diff to previous 1.94 (colored)
Style nits. hshoexer@ ok
Revision 1.94 / (download) - annotate - [select for diffs], Thu May 6 10:40:34 2004 UTC (20 years, 1 month ago) by ho
Branch: MAIN
Changes since 1.93: +331 -297 lines
Diff to previous 1.93 (colored)
KNF cleanup. hshoexer@ ok
Revision 1.93 / (download) - annotate - [select for diffs], Mon May 3 21:23:51 2004 UTC (20 years, 1 month ago) by hshoexer
Branch: MAIN
Changes since 1.92: +1367 -1482 lines
Diff to previous 1.92 (colored)
KNF. ok ho@
Revision 1.92 / (download) - annotate - [select for diffs], Wed Mar 31 10:54:46 2004 UTC (20 years, 2 months ago) by ho
Branch: MAIN
Changes since 1.91: +2 -2 lines
Diff to previous 1.91 (colored)
-Wsign-compare nits. hshoexer@ ok.
Revision 1.91 / (download) - annotate - [select for diffs], Mon Feb 16 20:40:34 2004 UTC (20 years, 3 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_5_BASE
Branch point for: OPENBSD_3_5
Changes since 1.90: +2 -2 lines
Diff to previous 1.90 (colored)
check for isakmp_sa->transport != NULL; noticed by bluhm at genua.de ok hshoexer@
Revision 1.90 / (download) - annotate - [select for diffs], Thu Feb 5 11:01:54 2004 UTC (20 years, 4 months ago) by hshoexer
Branch: MAIN
Changes since 1.89: +20 -17 lines
Diff to previous 1.89 (colored)
small logging cleanup and improvement requested by markus ok ho@ markus@
Revision 1.89 / (download) - annotate - [select for diffs], Fri Jan 16 10:51:57 2004 UTC (20 years, 4 months ago) by hshoexer
Branch: MAIN
Changes since 1.88: +6 -1 lines
Diff to previous 1.88 (colored)
Added -v option. Enables logging of successful exchange completion. ok ho@
Revision 1.78.2.1 / (download) - annotate - [select for diffs], Fri Jan 16 00:00:21 2004 UTC (20 years, 4 months ago) by brad
Branch: OPENBSD_3_3
Changes since 1.78: +5 -3 lines
Diff to previous 1.78 (colored) next main 1.79 (colored)
Fixes a few message handling flaws in isakmpd as reported by Thomas Walpuski. ok deraadt@ hshoexer@
Revision 1.84.2.1 / (download) - annotate - [select for diffs], Tue Jan 13 22:50:07 2004 UTC (20 years, 4 months ago) by brad
Branch: OPENBSD_3_4
Changes since 1.84: +5 -3 lines
Diff to previous 1.84 (colored) next main 1.85 (colored)
Fixes a few message handling flaws in isakmpd as reported by Thomas Walpuski. ok deraadt@ hshoexer@
Revision 1.88 / (download) - annotate - [select for diffs], Thu Nov 6 16:12:07 2003 UTC (20 years, 7 months ago) by ho
Branch: MAIN
Changes since 1.87: +4 -4 lines
Diff to previous 1.87 (colored)
Style nits.
Revision 1.87 / (download) - annotate - [select for diffs], Thu Nov 6 15:55:54 2003 UTC (20 years, 7 months ago) by ho
Branch: MAIN
Changes since 1.86: +5 -3 lines
Diff to previous 1.86 (colored)
Require encrypted messages are soon as we have the keystate for it. Require DELETE payloads to be accompanied by HASHes, and add validation for HASH payloads without active exchanges. From Hans-Joerg Hoexer with various modifications and suggestions from me and markus@. Ok markus@.
Revision 1.86 / (download) - annotate - [select for diffs], Tue Oct 14 14:29:15 2003 UTC (20 years, 7 months ago) by ho
Branch: MAIN
Changes since 1.85: +6 -7 lines
Diff to previous 1.85 (colored)
constant_lookup() to constant_name() cleanup. markus@ ok.
Revision 1.85 / (download) - annotate - [select for diffs], Thu Sep 25 14:15:15 2003 UTC (20 years, 8 months ago) by cloder
Branch: MAIN
Changes since 1.84: +9 -4 lines
Diff to previous 1.84 (colored)
Fix one case of set length before realloc. Fix another case of foo = realloc(foo...) and avoid possible memory leaks. Avoid leaving things pointing to freed memory on failure.
Revision 1.84 / (download) - annotate - [select for diffs], Fri Aug 8 08:46:59 2003 UTC (20 years, 10 months ago) by ho
Branch: MAIN
CVS Tags: OPENBSD_3_4_BASE
Branch point for: OPENBSD_3_4
Changes since 1.83: +7 -6 lines
Diff to previous 1.83 (colored)
Be more careful when using constant_lookup() in messages. Pointed out by Jean-Francois Dive, although I opted for a slightly different patch.
Revision 1.83 / (download) - annotate - [select for diffs], Sun Jun 15 10:32:15 2003 UTC (20 years, 11 months ago) by ho
Branch: MAIN
Changes since 1.82: +20 -20 lines
Diff to previous 1.82 (colored)
ID copying should happen earlier in exchange_finalize so that we won't lose data during rekeying. From Jean-Francois Dive.
Revision 1.82 / (download) - annotate - [select for diffs], Tue Jun 10 16:41:29 2003 UTC (21 years ago) by deraadt
Branch: MAIN
Changes since 1.81: +3 -3 lines
Diff to previous 1.81 (colored)
boring cleanups
Revision 1.81 / (download) - annotate - [select for diffs], Wed Jun 4 07:31:16 2003 UTC (21 years ago) by ho
Branch: MAIN
Changes since 1.80: +1 -6 lines
Diff to previous 1.80 (colored)
Remove the rest of clauses 3 and 4. Approved by Niklas Hallqvist, Angelos D. Keromytis and Niels Provos.
Revision 1.80 / (download) - annotate - [select for diffs], Tue Jun 3 12:51:38 2003 UTC (21 years ago) by ho
Branch: MAIN
Changes since 1.79: +3 -2 lines
Diff to previous 1.79 (colored)
Cleanup. Use 'sizeof variable' instead of magic constants.
Revision 1.79 / (download) - annotate - [select for diffs], Thu May 15 02:28:55 2003 UTC (21 years, 1 month ago) by ho
Branch: MAIN
Changes since 1.78: +1 -7 lines
Diff to previous 1.78 (colored)
Cleanup. Do not store the private key in either the exchange or sa structs.
Revision 1.78 / (download) - annotate - [select for diffs], Thu Mar 6 13:32:42 2003 UTC (21 years, 3 months ago) by ho
Branch: MAIN
CVS Tags: OPENBSD_3_3_BASE
Branch point for: OPENBSD_3_3
Changes since 1.77: +5 -9 lines
Diff to previous 1.77 (colored)
Bad cut'n'paste msg plus style fixes.
Revision 1.77 / (download) - annotate - [select for diffs], Wed Feb 26 08:17:59 2003 UTC (21 years, 3 months ago) by david
Branch: MAIN
Changes since 1.76: +2 -2 lines
Diff to previous 1.76 (colored)
IPsec is written ``IPsec'', not ``IPSec''. ok ho@
Revision 1.76 / (download) - annotate - [select for diffs], Thu Jan 9 02:50:00 2003 UTC (21 years, 5 months ago) by ho
Branch: MAIN
Changes since 1.75: +13 -1 lines
Diff to previous 1.75 (colored)
Add some #ifdef USE_ISAKMP_CFG, no need to compile in code that will never be used.
Revision 1.75 / (download) - annotate - [select for diffs], Thu Jan 9 02:34:43 2003 UTC (21 years, 5 months ago) by ho
Branch: MAIN
Changes since 1.74: +35 -1 lines
Diff to previous 1.74 (colored)
Enable SET/ACK (ike-mode-cfg) when acting as responder. From Tomas Walpuski.
Revision 1.74 / (download) - annotate - [select for diffs], Thu Nov 21 12:09:20 2002 UTC (21 years, 6 months ago) by ho
Branch: MAIN
Changes since 1.73: +2 -2 lines
Diff to previous 1.73 (colored)
-Wshadow nits.
Revision 1.73 / (download) - annotate - [select for diffs], Fri Nov 15 14:58:38 2002 UTC (21 years, 6 months ago) by ho
Branch: MAIN
Changes since 1.72: +5 -20 lines
Diff to previous 1.72 (colored)
Missing "Configuration" tag in a Phase-1 peer was not handled correctly, pointed out by Aref Taidi. Replace this with a "Default-Phase-1-Configuration" that will be used if this tag is missing from the peer. Update manpage accordingly. niklas@ ok.
Revision 1.72 / (download) - annotate - [select for diffs], Fri Nov 8 10:16:30 2002 UTC (21 years, 7 months ago) by ho
Branch: MAIN
Changes since 1.71: +2 -1 lines
Diff to previous 1.71 (colored)
I missed a 'return' statement. Also spotted by Aref Taidi. Thanks.
Revision 1.71 / (download) - annotate - [select for diffs], Wed Nov 6 23:57:36 2002 UTC (21 years, 7 months ago) by ho
Branch: MAIN
Changes since 1.70: +7 -1 lines
Diff to previous 1.70 (colored)
More careful will alloc/free. Spotted by Aref Taidi.
Revision 1.70 / (download) - annotate - [select for diffs], Wed Sep 11 09:50:43 2002 UTC (21 years, 9 months ago) by ho
Branch: MAIN
CVS Tags: OPENBSD_3_2_BASE,
OPENBSD_3_2
Changes since 1.69: +2 -2 lines
Diff to previous 1.69 (colored)
signed vs unsigned, some void * arithmetic, from -pedantic. niklas@ ok.
Revision 1.69 / (download) - annotate - [select for diffs], Thu Sep 5 17:30:03 2002 UTC (21 years, 9 months ago) by ho
Branch: MAIN
Changes since 1.68: +10 -1 lines
Diff to previous 1.68 (colored)
Without IDs wait until next step/retry to handle CERTREQs. This should make certificate auth work better with some clients, such as SSH Sentinel.
Revision 1.68 / (download) - annotate - [select for diffs], Thu Sep 5 14:54:16 2002 UTC (21 years, 9 months ago) by ho
Branch: MAIN
Changes since 1.67: +3 -2 lines
Diff to previous 1.67 (colored)
Do not create SAs for transaction exchanges either. By niklas@
Revision 1.67 / (download) - annotate - [select for diffs], Mon Jun 10 18:08:58 2002 UTC (22 years ago) by ho
Branch: MAIN
Changes since 1.66: +2 -2 lines
Diff to previous 1.66 (colored)
The dlopen() stuff goes away.
Revision 1.66 / (download) - annotate - [select for diffs], Fri Jun 7 19:53:19 2002 UTC (22 years ago) by ho
Branch: MAIN
Changes since 1.65: +60 -13 lines
Diff to previous 1.65 (colored)
Start for support of IKECFG in SET/ACK mode. Server side only so far.
Revision 1.65 / (download) - annotate - [select for diffs], Sat Jun 1 07:44:21 2002 UTC (22 years ago) by deraadt
Branch: MAIN
Changes since 1.64: +10 -9 lines
Diff to previous 1.64 (colored)
size_t must be cast to (unsigned long) and printed using %lu
Revision 1.64 / (download) - annotate - [select for diffs], Wed Jan 23 18:24:34 2002 UTC (22 years, 4 months ago) by ho
Branch: MAIN
CVS Tags: OPENBSD_3_1_BASE,
OPENBSD_3_1
Changes since 1.63: +12 -2 lines
Diff to previous 1.63 (colored)
snprintf, and only dump exchange data if USE_DEBUG is defined
Revision 1.63 / (download) - annotate - [select for diffs], Thu Jan 3 16:27:41 2002 UTC (22 years, 5 months ago) by ho
Branch: MAIN
Changes since 1.62: +5 -6 lines
Diff to previous 1.62 (colored)
str[n]{cpy,cat} -> strl{cpy,cat}, sprintf -> snprintf
Revision 1.62 / (download) - annotate - [select for diffs], Sat Aug 25 22:13:27 2001 UTC (22 years, 9 months ago) by niklas
Branch: MAIN
CVS Tags: OPENBSD_3_0_BASE,
OPENBSD_3_0
Changes since 1.61: +5 -5 lines
Diff to previous 1.61 (colored)
Style
Revision 1.61 / (download) - annotate - [select for diffs], Wed Aug 22 07:09:03 2001 UTC (22 years, 9 months ago) by angelos
Branch: MAIN
Changes since 1.60: +5 -2 lines
Diff to previous 1.60 (colored)
Need an extra sa_release() when de-allocating exchange-associated SAs; thus, failed exchanges/negotiations don't leak SAs and transports. ok niklas@
Revision 1.60 / (download) - annotate - [select for diffs], Wed Aug 15 13:06:53 2001 UTC (22 years, 9 months ago) by ho
Branch: MAIN
Changes since 1.59: +2 -2 lines
Diff to previous 1.59 (colored)
Some more style...
Revision 1.59 / (download) - annotate - [select for diffs], Sat Aug 11 05:27:36 2001 UTC (22 years, 10 months ago) by angelos
Branch: MAIN
Changes since 1.58: +2 -2 lines
Diff to previous 1.58 (colored)
Fix keynote credential case again.
Revision 1.58 / (download) - annotate - [select for diffs], Thu Jul 5 12:36:50 2001 UTC (22 years, 11 months ago) by ho
Branch: MAIN
Changes since 1.57: +11 -4 lines
Diff to previous 1.57 (colored)
Add prototypes and some other various cleanup.
Revision 1.57 / (download) - annotate - [select for diffs], Tue Jul 3 12:51:39 2001 UTC (22 years, 11 months ago) by markus
Branch: MAIN
Changes since 1.56: +4 -3 lines
Diff to previous 1.56 (colored)
strlcpy->strncpy for now
Revision 1.56 / (download) - annotate - [select for diffs], Sun Jul 1 19:48:43 2001 UTC (22 years, 11 months ago) by niklas
Branch: MAIN
Changes since 1.55: +10 -9 lines
Diff to previous 1.55 (colored)
Style
Revision 1.55 / (download) - annotate - [select for diffs], Sun Jul 1 06:03:34 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.54: +1 -3 lines
Diff to previous 1.54 (colored)
Remove inaccurate "Assumes IPv4" comments.
Revision 1.54 / (download) - annotate - [select for diffs], Fri Jun 29 19:59:51 2001 UTC (22 years, 11 months ago) by niklas
Branch: MAIN
Changes since 1.53: +4 -4 lines
Diff to previous 1.53 (colored)
oops
Revision 1.53 / (download) - annotate - [select for diffs], Fri Jun 29 19:55:51 2001 UTC (22 years, 11 months ago) by niklas
Branch: MAIN
Changes since 1.52: +13 -4 lines
Diff to previous 1.52 (colored)
more AF-independence
Revision 1.52 / (download) - annotate - [select for diffs], Fri Jun 29 18:52:16 2001 UTC (22 years, 11 months ago) by ho
Branch: MAIN
Changes since 1.51: +2 -3 lines
Diff to previous 1.51 (colored)
Change get_src/get_dst API as we get the length with sa_len.
Revision 1.51 / (download) - annotate - [select for diffs], Wed Jun 27 00:48:21 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.50: +2 -1 lines
Diff to previous 1.50 (colored)
Keep track of the ACQUIRE sequence number, and pass it to the kernel along with the ADD message.
Revision 1.50 / (download) - annotate - [select for diffs], Tue Jun 5 10:14:56 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.49: +2 -2 lines
Diff to previous 1.49 (colored)
Style.
Revision 1.49 / (download) - annotate - [select for diffs], Tue Jun 5 05:59:43 2001 UTC (23 years ago) by niklas
Branch: MAIN
Changes since 1.48: +40 -44 lines
Diff to previous 1.48 (colored)
Style issues and commentary
Revision 1.48 / (download) - annotate - [select for diffs], Tue Jun 5 01:29:05 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.47: +15 -1 lines
Diff to previous 1.47 (colored)
Dynamically allocate conn, as this is given to the exchange; cleanup conf space on failure to establish dynamic SA. ok niklas@
Revision 1.47 / (download) - annotate - [select for diffs], Thu May 31 20:25:10 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.46: +36 -47 lines
Diff to previous 1.46 (colored)
Copy the new information from the exchange to the sa at the end of the exchange, and generalize certificate copying by taking advantage of the new routines in the cert handler.
Revision 1.34.2.1 / (download) - annotate - [select for diffs], Tue May 8 12:45:22 2001 UTC (23 years, 1 month ago) by ho
Branch: OPENBSD_2_8
Changes since 1.34: +52 -23 lines
Diff to previous 1.34 (colored) next main 1.35 (colored)
Pull in isakmpd from 2.9 to 2.8 branch.
Revision 1.46 / (download) - annotate - [select for diffs], Sat May 5 00:48:11 2001 UTC (23 years, 1 month ago) by angelos
Branch: MAIN
Changes since 1.45: +8 -1 lines
Diff to previous 1.45 (colored)
Add comment about finalize routine processing.
Revision 1.45 / (download) - annotate - [select for diffs], Tue Apr 24 07:27:36 2001 UTC (23 years, 1 month ago) by niklas
Branch: MAIN
CVS Tags: OPENBSD_2_9_BASE,
OPENBSD_2_9
Changes since 1.44: +4 -8 lines
Diff to previous 1.44 (colored)
Correct SA refcounting. Fixes a bug where isakmpd could die when a peer was discovered to have rebooted, and old now invalid SAs had to be garbage- collected.
Revision 1.44 / (download) - annotate - [select for diffs], Mon Apr 9 22:09:51 2001 UTC (23 years, 2 months ago) by ho
Branch: MAIN
Changes since 1.43: +2 -2 lines
Diff to previous 1.43 (colored)
More style fixes...
Revision 1.43 / (download) - annotate - [select for diffs], Sun Apr 8 21:23:02 2001 UTC (23 years, 2 months ago) by ho
Branch: MAIN
Changes since 1.42: +2 -2 lines
Diff to previous 1.42 (colored)
log_print, not log_error
Revision 1.42 / (download) - annotate - [select for diffs], Wed Mar 28 22:33:48 2001 UTC (23 years, 2 months ago) by angelos
Branch: MAIN
Changes since 1.41: +28 -4 lines
Diff to previous 1.41 (colored)
Take into consideration the IDs when determining whether two Phase 1 SAs match.
Revision 1.41 / (download) - annotate - [select for diffs], Sat Feb 24 03:59:54 2001 UTC (23 years, 3 months ago) by angelos
Branch: MAIN
Changes since 1.40: +5 -1 lines
Diff to previous 1.40 (colored)
For the GETSPI PFKEY message, use the sequence number from the ACQUIRE message.
Revision 1.40 / (download) - annotate - [select for diffs], Sat Jan 27 12:03:32 2001 UTC (23 years, 4 months ago) by niklas
Branch: MAIN
Changes since 1.39: +3 -3 lines
Diff to previous 1.39 (colored)
(c) 2001
Revision 1.39 / (download) - annotate - [select for diffs], Fri Jan 26 12:12:51 2001 UTC (23 years, 4 months ago) by niklas
Branch: MAIN
Changes since 1.38: +4 -4 lines
Diff to previous 1.38 (colored)
Pedantic style police
Revision 1.38 / (download) - annotate - [select for diffs], Mon Jan 22 08:37:05 2001 UTC (23 years, 4 months ago) by angelos
Branch: MAIN
Changes since 1.37: +4 -4 lines
Diff to previous 1.37 (colored)
Fix comment and error message reporting.
Revision 1.37 / (download) - annotate - [select for diffs], Tue Dec 12 01:45:17 2000 UTC (23 years, 6 months ago) by niklas
Branch: MAIN
Changes since 1.36: +9 -6 lines
Diff to previous 1.36 (colored)
Merge with EOM 1.143 author: angelos Careful when copying IDs. author: angelos Oops, what am I thinking ? author: angelos Ooops again, I reverted the wrong patch. author: angelos Oops, shouldn't have committed this. author: angelos x509_hash() should also skip the cert length (willey@serasystems.com) author: angelos If it's a dynamically established Phase 2 SA, don't keep a copy of it in isakmpd (the kernel keeps track of everything in this case). author: angelos Comment. author: angelos If no time-based lifetime was negotiated, don't release the SA.
Revision 1.36 / (download) - annotate - [select for diffs], Sat Dec 2 02:09:26 2000 UTC (23 years, 6 months ago) by angelos
Branch: MAIN
Changes since 1.35: +4 -2 lines
Diff to previous 1.35 (colored)
Add comment.
Revision 1.35 / (download) - annotate - [select for diffs], Sat Dec 2 02:08:17 2000 UTC (23 years, 6 months ago) by angelos
Branch: MAIN
Changes since 1.34: +3 -3 lines
Diff to previous 1.34 (colored)
Manual sync with EOM -- only release an SA if it's referenced by the timeout routine (should there be a default expiration if none is negotiated ?)
Revision 1.34 / (download) - annotate - [select for diffs], Mon Oct 16 23:27:33 2000 UTC (23 years, 7 months ago) by niklas
Branch: MAIN
CVS Tags: OPENBSD_2_8_BASE
Branch point for: OPENBSD_2_8
Changes since 1.33: +3 -2 lines
Diff to previous 1.33 (colored)
Merge with EOM 1.134 author: provos better referencing. okay niklas@
Revision 1.33 / (download) - annotate - [select for diffs], Mon Oct 9 23:27:11 2000 UTC (23 years, 8 months ago) by niklas
Branch: MAIN
Changes since 1.32: +8 -5 lines
Diff to previous 1.32 (colored)
Merge with EOM 1.133 author: angelos Use Default entry for Phase 1 configuration if none is found.
Revision 1.32 / (download) - annotate - [select for diffs], Sat Oct 7 06:57:43 2000 UTC (23 years, 8 months ago) by niklas
Branch: MAIN
Changes since 1.31: +6 -2 lines
Diff to previous 1.31 (colored)
Merge with EOM 1.132 author: niklas style author: ho (c)-2000 author: provos proper reference counting for isakmp_sa in struct message, remove bogus calls to sa_reference; fix some more memory leaks in conf.c
Revision 1.31 / (download) - annotate - [select for diffs], Thu Aug 3 07:25:24 2000 UTC (23 years, 10 months ago) by niklas
Branch: MAIN
Changes since 1.30: +49 -27 lines
Diff to previous 1.30 (colored)
Merge with EOM 1.129 author: provos dont strdup exchange->recv_cert, it is not always a 0 terminated string for CERTENC_NONE. we need to malloc and memcpy instead. found by electric fence. author: provos provide transport dependent ID decoding; hope indentation is right now ;) author: ho ISAKMP peer transport defaults to UDP. author: provos make a DOI specific decode_ids, but have isakmp doi decode point to ipsec. author: provos indent author: provos introduce ipsec_decode_ids, also decodes FQDN and USER_FQDN now. new ipsec_clone_id to copy IDs to phase 2 SAs for better status reports. okay angelos@
Revision 1.30 / (download) - annotate - [select for diffs], Thu Jun 8 20:49:54 2000 UTC (24 years ago) by niklas
Branch: MAIN
Changes since 1.29: +30 -30 lines
Diff to previous 1.29 (colored)
Merge with EOM 1.123 author: angelos Reset policy_id and recv_key after we've moved them over from the exchange to the isakmp_sa, so they don't get free'ed. author: angelos Allow exchange of KeyNote credentials over IKE. Multiple credentials may be passed in a single CERT payload. KeyNote is used if a directory named as the local ID we use in an exchange exists in the KeyNote directory (default: /etc/isakmpd/keynote/). Note that asymmetric credentials are possible (use KeyNote in one direction and X509 in the other); such authentication is envisioned to be the most common: the clients will use KeyNote credentials to authenticate and authorize with a server, whilst the server will just provide an X509 certificate proving its binding to the IP address or ID. Totally asymmetric authentication (e.g., shared key in one direction, RSA in the other) is not supported by the IKE protocol. author: angelos Add CERTENC_KEYNOTE. author: ho DOI IPSEC is default if not specified.
Revision 1.29 / (download) - annotate - [select for diffs], Fri Apr 7 22:07:30 2000 UTC (24 years, 2 months ago) by niklas
Branch: MAIN
CVS Tags: OPENBSD_2_7_BASE,
OPENBSD_2_7
Changes since 1.28: +36 -14 lines
Diff to previous 1.28 (colored)
Merge with EOM 1.119 author: niklas log_fatal is only OK during initialization author: ho Missing #ifdef USE_X509 added author: ho Add #ifdef USE_X509
Revision 1.28 / (download) - annotate - [select for diffs], Fri Feb 25 17:23:39 2000 UTC (24 years, 3 months ago) by niklas
Branch: MAIN
Changes since 1.27: +52 -52 lines
Diff to previous 1.27 (colored)
regress/crypto/Makefile: Merge with EOM 1.5 regress/dh/Makefile: Merge with EOM 1.7 regress/group/Makefile: Merge with EOM 1.9 regress/prf/Makefile: Merge with EOM 1.4 regress/rsakeygen/Makefile: Merge with EOM 1.8 regress/x509/Makefile: Merge with EOM 1.10 Makefile: Merge with EOM 1.62 attribute.c: Merge with EOM 1.10 sa.c: Merge with EOM 1.99 conf.c: Merge with EOM 1.20 crypto.c: Merge with EOM 1.28 isakmpd.c: Merge with EOM 1.45 connection.c: Merge with EOM 1.19 doi.h: Merge with EOM 1.28 field.c: Merge with EOM 1.11 exchange.c: Merge with EOM 1.116 ike_auth.c: Merge with EOM 1.44 pf_key_v2.c: Merge with EOM 1.37 ike_phase_1.c: Merge with EOM 1.22 ipsec.c: Merge with EOM 1.118 isakmp_doi.c: Merge with EOM 1.40 log.c: Merge with EOM 1.26 log.h: Merge with EOM 1.18 math_group.c: Merge with EOM 1.23 message.c: Merge with EOM 1.144 pf_encap.c: Merge with EOM 1.70 policy.c: Merge with EOM 1.18 timer.c: Merge with EOM 1.13 transport.c: Merge with EOM 1.41 udp.c: Merge with EOM 1.47 ui.c: Merge with EOM 1.37 x509.c: Merge with EOM 1.36 author: niklas Made debug logging a compile time selectable feature
Revision 1.27 / (download) - annotate - [select for diffs], Sat Feb 19 19:31:32 2000 UTC (24 years, 3 months ago) by niklas
Branch: MAIN
Changes since 1.26: +7 -3 lines
Diff to previous 1.26 (colored)
Makefile: Merge with EOM 1.61 crypto.c: Merge with EOM 1.27 exchange.c: Merge with EOM 1.115 ike_quick_mode.c: Merge with EOM 1.115 x509.c: Merge with EOM 1.35 features/ec: Merge with EOM 1.1 features/aggressive: Merge with EOM 1.1 features/policy: Merge with EOM 1.1 features/x509: Merge with EOM 1.1 author: niklas Allow isakmpd builders to remove optional parts and save bytes.
Revision 1.26 / (download) - annotate - [select for diffs], Tue Feb 1 02:46:17 2000 UTC (24 years, 4 months ago) by niklas
Branch: MAIN
Changes since 1.25: +3 -2 lines
Diff to previous 1.25 (colored)
apps/certpatch/certpatch.8: Merge with EOM 1.4 apps/certpatch/certpatch.c: Merge with EOM 1.6 exchange.c: Merge with EOM 1.114 ike_quick_mode.c: Merge with EOM 1.110 ike_phase_1.c: Merge with EOM 1.16 ike_auth.c: Merge with EOM 1.41 ike_aggressive.c: Merge with EOM 1.4 libcrypto.c: Merge with EOM 1.10 libcrypto.h: Merge with EOM 1.10 isakmpd.8: Merge with EOM 1.19 isakmpd.c: Merge with EOM 1.42 ipsec.h: Merge with EOM 1.40 init.c: Merge with EOM 1.22 message.c: Merge with EOM 1.143 message.h: Merge with EOM 1.49 sa.c: Merge with EOM 1.98 sa.h: Merge with EOM 1.54 policy.c: Merge with EOM 1.14 pf_key_v2.c: Merge with EOM 1.36 x509.c: Merge with EOM 1.32 x509.h: Merge with EOM 1.9 udp.c: Merge with EOM 1.46 author: niklas Angelos copyrights
Revision 1.25 / (download) - annotate - [select for diffs], Wed Jan 26 15:20:29 2000 UTC (24 years, 4 months ago) by niklas
Branch: MAIN
Changes since 1.24: +9 -5 lines
Diff to previous 1.24 (colored)
Merge with EOM 1.113 author: ho Lower common log message from log_print to log_debug 'level'. author: niklas style & wording
Revision 1.24 / (download) - annotate - [select for diffs], Thu Aug 26 22:32:16 1999 UTC (24 years, 9 months ago) by niklas
Branch: MAIN
CVS Tags: OPENBSD_2_6_BASE,
OPENBSD_2_6
Changes since 1.23: +56 -2 lines
Diff to previous 1.23 (colored)
Merge with EOM 1.111 author: niklas Check that ISAKMP-peer's are phase 1 author: angelos Complete policy work; tested for the shared-key case. Documentation needed.
Revision 1.23 / (download) - annotate - [select for diffs], Sat Jul 17 21:54:39 1999 UTC (24 years, 10 months ago) by niklas
Branch: MAIN
Changes since 1.22: +17 -3 lines
Diff to previous 1.22 (colored)
regress/rsakeygen/Makefile: Merge with EOM 1.4 regress/rsakeygen/rsakeygen.c: Merge with EOM 1.8 regress/x509/Makefile: Merge with EOM 1.6 regress/x509/x509test.c: Merge with EOM 1.6 regress/Makefile: Merge with EOM 1.8 samples/VPN-east.conf: Merge with EOM 1.6 samples/VPN-west.conf: Merge with EOM 1.6 samples/singlehost-east.conf: Merge with EOM 1.3 samples/singlehost-west.conf: Merge with EOM 1.3 sysdep/openbsd/Makefile.sysdep: Merge with EOM 1.5 x509.h: Merge with EOM 1.6 x509.c: Merge with EOM 1.17 DESIGN-NOTES: Merge with EOM 1.46 Makefile: Merge with EOM 1.55 cert.c: Merge with EOM 1.11 cert.h: Merge with EOM 1.6 exchange.c: Merge with EOM 1.109 exchange.h: Merge with EOM 1.26 ike_auth.c: Merge with EOM 1.32 ike_phase_1.c: Merge with EOM 1.7 init.c: Merge with EOM 1.16 isakmpd.conf.5: Merge with EOM 1.27 README.PKI: Merge with EOM 1.1 author: niklas From Niels Provos, edited by me: certificate support using SSLeay
Revision 1.22 / (download) - annotate - [select for diffs], Wed Jul 7 22:05:06 1999 UTC (24 years, 11 months ago) by niklas
Branch: MAIN
Changes since 1.21: +12 -2 lines
Diff to previous 1.21 (colored)
Merge with EOM 1.108 author: ho Connection names only match phase 2 exchanges, so let a phase 2 stayalive imply stayalive of the "parent" ISAKMP SA. author: ho 'Connections' should stay alive (SA_FLAG_STAYALIVE)
Revision 1.21 / (download) - annotate - [select for diffs], Wed Jun 2 06:33:00 1999 UTC (25 years ago) by niklas
Branch: MAIN
Changes since 1.20: +4 -4 lines
Diff to previous 1.20 (colored)
exchange.c: Merge with EOM 1.106 timer.c: Merge with EOM 1.12 author: ho Logging nitpicks
Revision 1.20 / (download) - annotate - [select for diffs], Sun May 2 19:17:18 1999 UTC (25 years, 1 month ago) by niklas
Branch: MAIN
Changes since 1.19: +51 -36 lines
Diff to previous 1.19 (colored)
Merge with EOM 1.105 author: niklas Free SAs left in the exchange's SA list always when freeing the exchange. author: niklas disconnect SAs from the exchange when they are ready author: ho Don't create SAs for informational exchanges.
Revision 1.19 / (download) - annotate - [select for diffs], Sat May 1 22:57:14 1999 UTC (25 years, 1 month ago) by niklas
Branch: MAIN
Changes since 1.18: +26 -11 lines
Diff to previous 1.18 (colored)
Merge with EOM 1.102 author: niklas Remove larval SAs if an exchange dies. Also use the DOI from the isakmp_sa if doing an informational exchange in phase 2.
Revision 1.18 / (download) - annotate - [select for diffs], Fri Apr 30 22:32:51 1999 UTC (25 years, 1 month ago) by niklas
Branch: MAIN
Changes since 1.17: +3 -3 lines
Diff to previous 1.17 (colored)
Merge with EOM 1.101 author: niklas Do not free a message twice
Revision 1.17 / (download) - annotate - [select for diffs], Fri Apr 30 11:47:26 1999 UTC (25 years, 1 month ago) by niklas
Branch: MAIN
Changes since 1.16: +13 -7 lines
Diff to previous 1.16 (colored)
Merge with EOM 1.100 author: niklas Try to fix the retransmit business, so info exchanges does not retransmit author: niklas Remove unneccesary code author: niklas Keep track of messages in the send queue from the exchange point of view. author: niklas Free the last sent message when freeing an exchange author: niklas New message_drop API. Generate real INVALID_COOKIE notification. Generate informational exchanges in phase 1 too. Really get these messages to the wire
Revision 1.16 / (download) - annotate - [select for diffs], Tue Apr 27 21:07:40 1999 UTC (25 years, 1 month ago) by niklas
Branch: MAIN
Changes since 1.15: +55 -75 lines
Diff to previous 1.15 (colored)
Merge with EOM 1.95 author: niklas Handle leftover payloads. author: niklas Simplify exchange life logic some. Some style too. author: niklas Collapse MSG_NO_RETRANS & MSG_KEEP into MSG_LAST. author: niklas Style author: ho Keep track of trailing retransmissions by keeping exchanges around longer. Removed references to sa->last_sent_in_setup, use last_sent and last_received in exchange instead. Free setup exchanges by expiration only. author: ho Backout last change. (Go with exchange directly instead of sa->msg) author: ho Handle phase 2 late retransmissions.
Revision 1.15 / (download) - annotate - [select for diffs], Mon Apr 19 19:58:17 1999 UTC (25 years, 1 month ago) by niklas
Branch: MAIN
Changes since 1.14: +234 -132 lines
Diff to previous 1.14 (colored)
./exchange.c: Merge with EOM 1.88 Check should be for step > 1, not step > 0. Don't drop new incoming phase 1 exchange request if our existing exchange hasn't gotten past step 0. Style. alloc error reporting. Math error propagation. Allocate right sizes. Off by one (< -> <=) Let's get aggressive\! Added classes LOG_SA and LOG_EXCHANGE, converted many LOG_MISC to new classes, adjusted levels slightly. More SA logging. Simplify the checks of existing exchanges by moving it into exchange_establish. This means we need to change the finalize API. Try to make PF_ENCAP support handle multiple connections to a single security gateway. Include sa_list in exchange_dump Add finalization to exchange when we initiate a new exchange while an old one is being setup. Add LOG_REPORT to always go to logchannel regardless of level; misc small fixes Deal with incoming informational exchanges style At end of an exchange, mark the old SAs as replaced. Do not answer on main-mode initiations from peers we already talk to.
Revision 1.14 / (download) - annotate - [select for diffs], Mon Apr 5 20:58:13 1999 UTC (25 years, 2 months ago) by niklas
Branch: MAIN
CVS Tags: OPENBSD_2_5_BASE,
OPENBSD_2_5
Changes since 1.13: +65 -41 lines
Diff to previous 1.13 (colored)
Merge with EOM 1.75 Plug the leak of the last QM message. More error reporting from insufficient memory. Move the finalize call of exchanges as close to the real deallocation as possible. New finalize API so we can call it when failing too, so we do not leak resources. Plug memory leaks in general. More memory allocation error reporting.
Revision 1.13 / (download) - annotate - [select for diffs], Fri Apr 2 01:08:25 1999 UTC (25 years, 2 months ago) by niklas
Branch: MAIN
Changes since 1.12: +68 -34 lines
Diff to previous 1.12 (colored)
Merge with EOM 1.73 refcounting on exchanges Do not malloc zero bytes, some implementations dislike resource track exchange->name and sa->name
Revision 1.12 / (download) - annotate - [select for diffs], Wed Mar 31 23:46:25 1999 UTC (25 years, 2 months ago) by niklas
Branch: MAIN
Changes since 1.11: +60 -56 lines
Diff to previous 1.11 (colored)
Merge with EOM 1.70 Make it possible to send a notification in a phase 1 informational exchange.
Revision 1.11 / (download) - annotate - [select for diffs], Wed Mar 31 01:50:29 1999 UTC (25 years, 2 months ago) by niklas
Branch: MAIN
Changes since 1.10: +135 -55 lines
Diff to previous 1.10 (colored)
Merge with EOM 1.69 Do not overwrite the last-sent-message of phase 1 with last-sent dittos of phase2. Add some debugging. Make exchange finalization accept added hooks to run. Try to protect better against multiple equal exchanges getting started concurrently. Set the SA names from the exchange name up early. Change "Attributes" to "Flags" to not be mistaken for ISAKMP attributes. Let phase 2 exchanges take finalization functions too.
Revision 1.10 / (download) - annotate - [select for diffs], Wed Mar 24 14:42:18 1999 UTC (25 years, 2 months ago) by niklas
Branch: MAIN
Changes since 1.9: +14 -11 lines
Diff to previous 1.9 (colored)
Merge with EOM 1.68 Only get the destination address when needed If no exchange name, do not look for attributes The SA name is not yet setup, use the exchange name instead
Revision 1.9 / (download) - annotate - [select for diffs], Tue Mar 2 15:48:23 1999 UTC (25 years, 3 months ago) by niklas
Branch: MAIN
Changes since 1.8: +12 -2 lines
Diff to previous 1.8 (colored)
sa.c: Merge with EOM 1.67 Add SA attributes, specifically stayalive sa.h: Merge with EOM 1.42 Add SA attributes, specifically stayalive pf_encap.c: Merge with EOM 1.46 Add SA attributes, specifically stayalive exchange.c: Merge with EOM 1.65 Add SA attributes, specifically stayalive
Revision 1.8 / (download) - annotate - [select for diffs], Fri Feb 26 03:37:56 1999 UTC (25 years, 3 months ago) by niklas
Branch: MAIN
Changes since 1.7: +9 -9 lines
Diff to previous 1.7 (colored)
Merge from the Ericsson repository | revision 1.64 | date: 1999/02/25 11:38:53; author: niklas; state: Exp; lines: +3 -1 | include sysdep.h everywhere | ---------------------------- | revision 1.63 | date: 1999/02/25 11:09:33; author: niklas; state: Exp; lines: +3 -5 | Make conf_get_num take a default value to give back when tag does not exist | ---------------------------- | revision 1.62 | date: 1999/02/06 14:57:51; author: niklas; state: Exp; lines: +3 -3 | Export exchange_lookup_by_name | ---------------------------- | revision 1.61 | date: 1999/01/31 01:14:58; author: niklas; state: Exp; lines: +2 -2 | commentary | ----------------------------
Revision 1.7 / (download) - annotate - [select for diffs], Mon Dec 21 01:02:23 1998 UTC (25 years, 5 months ago) by niklas
Branch: MAIN
Changes since 1.6: +359 -12 lines
Diff to previous 1.6 (colored)
Last months worth of work on isakmpd, lots done
Revision 1.6 / (download) - annotate - [select for diffs], Tue Nov 17 11:10:10 1998 UTC (25 years, 6 months ago) by niklas
Branch: MAIN
Changes since 1.5: +2 -1 lines
Diff to previous 1.5 (colored)
Add RCS Ids from the EOM repository
Revision 1.5 / (download) - annotate - [select for diffs], Mon Nov 16 12:20:33 1998 UTC (25 years, 6 months ago) by niklas
Branch: MAIN
Changes since 1.4: +1 -5 lines
Diff to previous 1.4 (colored)
Add back cert handling, no patent problem here
Revision 1.4 / (download) - annotate - [select for diffs], Sun Nov 15 01:13:26 1998 UTC (25 years, 6 months ago) by niklas
Branch: MAIN
Changes since 1.3: +3 -1 lines
Diff to previous 1.3 (colored)
Remove last warnings after crippling
Revision 1.3 / (download) - annotate - [select for diffs], Sun Nov 15 01:11:25 1998 UTC (25 years, 6 months ago) by niklas
Branch: MAIN
Changes since 1.2: +3 -1 lines
Diff to previous 1.2 (colored)
At the moment we do not do certificates
Revision 1.2 / (download) - annotate - [select for diffs], Sun Nov 15 00:43:52 1998 UTC (25 years, 6 months ago) by niklas
Branch: MAIN
Changes since 1.1: +1 -1 lines
Diff to previous 1.1 (colored)
openBSD RCS IDs
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Sun Nov 15 00:03:48 1998 UTC (25 years, 6 months ago) by niklas
Branch: NIKLAS
CVS Tags: NIKLAS_981114
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)
Initial import of isakmpd, an IKE (ISAKMP/Oakley) implementation for the OpenBSD IPSEC stack by me, Niklas Hallqvist and Niels Provos, funded by Ericsson Radio Systems. It is not yet complete or usable in a real scenario but the missing pieces will soon be there. The early commit is for people who wants early access and who are not afraid of looking at source. isakmpd interops with Cisco, Timestep, SSH & Pluto (Linux FreeS/WAN) so far, so it is not that incomplete. It is really mostly configuration that is lacking.
Revision 1.1 / (download) - annotate - [select for diffs], Sun Nov 15 00:03:48 1998 UTC (25 years, 6 months ago) by niklas
Branch: MAIN
Initial revision