![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / sbin / isakmpd
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.37 / (download) - annotate - [select for diffs], Mon Jan 15 09:54:48 2018 UTC (6 years, 4 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4,
OPENBSD_6_3_BASE,
OPENBSD_6_3,
HEAD
Changes since 1.36: +8 -8 lines
Diff to previous 1.36 (colored)
Spacing, no object change.
Revision 1.36 / (download) - annotate - [select for diffs], Thu Jan 4 14:21:00 2018 UTC (6 years, 5 months ago) by mpi
Branch: MAIN
Changes since 1.35: +9 -9 lines
Diff to previous 1.35 (colored)
space -> tab No object change.
Revision 1.35 / (download) - annotate - [select for diffs], Mon Sep 18 07:42:52 2017 UTC (6 years, 8 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.34: +6 -3 lines
Diff to previous 1.34 (colored)
Check for failures of exchange_establish_p{1,2}() and call the given
`finalize' function with the `fail' argument when this happen.
Introduce some sanity checks in exchange_free() to be able to call if
even if the data structure isn't completely initialized.
Plug memory leaks when exchange_establish() fails. While here fix a
double free in one of the error paths.
Based on a diff from hshoexer@, ok stsp@, markus@
Revision 1.34 / (download) - annotate - [select for diffs], Fri Jan 16 06:39:58 2015 UTC (9 years, 4 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1,
OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9,
OPENBSD_5_8_BASE,
OPENBSD_5_8,
OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.33: +1 -2 lines
Diff to previous 1.33 (colored)
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
Revision 1.33 / (download) - annotate - [select for diffs], Sun Aug 5 09:43:09 2007 UTC (16 years, 10 months ago) by tom
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6,
OPENBSD_5_5_BASE,
OPENBSD_5_5,
OPENBSD_5_4_BASE,
OPENBSD_5_4,
OPENBSD_5_3_BASE,
OPENBSD_5_3,
OPENBSD_5_2_BASE,
OPENBSD_5_2,
OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0,
OPENBSD_4_9_BASE,
OPENBSD_4_9,
OPENBSD_4_8_BASE,
OPENBSD_4_8,
OPENBSD_4_7_BASE,
OPENBSD_4_7,
OPENBSD_4_6_BASE,
OPENBSD_4_6,
OPENBSD_4_5_BASE,
OPENBSD_4_5,
OPENBSD_4_4_BASE,
OPENBSD_4_4,
OPENBSD_4_3_BASE,
OPENBSD_4_3,
OPENBSD_4_2_BASE,
OPENBSD_4_2
Changes since 1.32: +2 -1 lines
Diff to previous 1.32 (colored)
Allow key exchange with RSA signature authentication to work with Cisco IOS and other initiators that only send their certs in response to CERT_REQUEST. With input and help from cloder@, Stuart Henderson, mpf@, and several others who did lots of testing - thanks to all. ok hshoexer@
Revision 1.32 / (download) - annotate - [select for diffs], Sun Jul 2 13:19:00 2006 UTC (17 years, 11 months ago) by hshoexer
Branch: MAIN
CVS Tags: OPENBSD_4_1_BASE,
OPENBSD_4_1,
OPENBSD_4_0_BASE,
OPENBSD_4_0
Changes since 1.31: +2 -1 lines
Diff to previous 1.31 (colored)
Let isakmpd send out a vendor ID announcing isamkpds release version. Will be handy for release specific bug fixes, etc. Suggested by markus@ quite some time ago. ok markus@
Revision 1.31 / (download) - annotate - [select for diffs], Wed May 31 04:54:46 2006 UTC (18 years ago) by hshoexer
Branch: MAIN
Changes since 1.30: +3 -3 lines
Diff to previous 1.30 (colored)
Make sure, that phase 1 SAs of active connections stay alive. Fixes a DPD breakage noticed and reported by Mitja Muzenic. ok markus@ ho@, testing by Mitja and cloder@, discussed with Nathanael.
Revision 1.30 / (download) - annotate - [select for diffs], Mon Jul 25 15:03:47 2005 UTC (18 years, 10 months ago) by hshoexer
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE,
OPENBSD_3_9,
OPENBSD_3_8_BASE,
OPENBSD_3_8
Changes since 1.29: +10 -8 lines
Diff to previous 1.29 (colored)
Use payload NAT-D or NAT-D-DRAFT according to NAT-T vendor ID advertised by the peer. looks good ho
Revision 1.29 / (download) - annotate - [select for diffs], Mon Jan 31 10:07:59 2005 UTC (19 years, 4 months ago) by hshoexer
Branch: MAIN
CVS Tags: OPENBSD_3_7_BASE,
OPENBSD_3_7
Changes since 1.28: +2 -4 lines
Diff to previous 1.28 (colored)
Remove unused stuff. ok markus
Revision 1.28 / (download) - annotate - [select for diffs], Mon Aug 23 11:13:14 2004 UTC (19 years, 9 months ago) by ho
Branch: MAIN
CVS Tags: OPENBSD_3_6_BASE,
OPENBSD_3_6
Changes since 1.27: +2 -2 lines
Diff to previous 1.27 (colored)
Indent nit.
Revision 1.27 / (download) - annotate - [select for diffs], Sun Jun 20 15:24:05 2004 UTC (19 years, 11 months ago) by ho
Branch: MAIN
Changes since 1.26: +8 -4 lines
Diff to previous 1.26 (colored)
NAT-Traversal for isakmpd. Work in progress... hshoexer@ ok.
Revision 1.26 / (download) - annotate - [select for diffs], Mon May 3 21:23:51 2004 UTC (20 years, 1 month ago) by hshoexer
Branch: MAIN
Changes since 1.25: +27 -31 lines
Diff to previous 1.25 (colored)
KNF. ok ho@
Revision 1.25 / (download) - annotate - [select for diffs], Thu Apr 15 18:39:25 2004 UTC (20 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.24: +182 -168 lines
Diff to previous 1.24 (colored)
partial move to KNF. More to come. This has happened because there are a raft of source code auditors who are willing to help improve this code only if this is done, and hey, isakmpd does need our standard auditing process. ok ho hshoexer
Revision 1.24 / (download) - annotate - [select for diffs], Wed Apr 7 22:45:49 2004 UTC (20 years, 2 months ago) by ho
Branch: MAIN
Changes since 1.23: +2 -2 lines
Diff to previous 1.23 (colored)
-Wsign-compare nits. hshoexer@ ok.
Revision 1.23 / (download) - annotate - [select for diffs], Tue Jun 3 14:28:16 2003 UTC (21 years ago) by ho
Branch: MAIN
CVS Tags: OPENBSD_3_5_BASE,
OPENBSD_3_5,
OPENBSD_3_4_BASE,
OPENBSD_3_4
Changes since 1.22: +1 -6 lines
Diff to previous 1.22 (colored)
Remove clauses 3 and 4. With approval from Niklas Hallqvist and Niels Provos.
Revision 1.22 / (download) - annotate - [select for diffs], Wed Sep 11 09:50:43 2002 UTC (21 years, 9 months ago) by ho
Branch: MAIN
CVS Tags: OPENBSD_3_3_BASE,
OPENBSD_3_3,
OPENBSD_3_2_BASE,
OPENBSD_3_2
Changes since 1.21: +2 -2 lines
Diff to previous 1.21 (colored)
signed vs unsigned, some void * arithmetic, from -pedantic. niklas@ ok.
Revision 1.21 / (download) - annotate - [select for diffs], Sun Jun 9 08:13:06 2002 UTC (22 years ago) by todd
Branch: MAIN
Changes since 1.20: +3 -3 lines
Diff to previous 1.20 (colored)
rm trailing whitespace
Revision 1.20 / (download) - annotate - [select for diffs], Tue Jun 5 05:59:43 2001 UTC (23 years ago) by niklas
Branch: MAIN
CVS Tags: OPENBSD_3_1_BASE,
OPENBSD_3_1,
OPENBSD_3_0_BASE,
OPENBSD_3_0
Changes since 1.19: +4 -4 lines
Diff to previous 1.19 (colored)
Style issues and commentary
Revision 1.19 / (download) - annotate - [select for diffs], Thu May 31 20:23:52 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.18: +35 -6 lines
Diff to previous 1.18 (colored)
Match the information stored in the sa structure (or the other way around) in terms of certificates and keys.
Revision 1.15.2.1 / (download) - annotate - [select for diffs], Tue May 8 12:45:22 2001 UTC (23 years, 1 month ago) by ho
Branch: OPENBSD_2_8
Changes since 1.15: +6 -3 lines
Diff to previous 1.15 (colored) next main 1.16 (colored)
Pull in isakmpd from 2.9 to 2.8 branch.
Revision 1.18 / (download) - annotate - [select for diffs], Sat Feb 24 03:59:55 2001 UTC (23 years, 3 months ago) by angelos
Branch: MAIN
CVS Tags: OPENBSD_2_9_BASE,
OPENBSD_2_9
Changes since 1.17: +4 -1 lines
Diff to previous 1.17 (colored)
For the GETSPI PFKEY message, use the sequence number from the ACQUIRE message.
Revision 1.17 / (download) - annotate - [select for diffs], Sat Jan 27 12:03:32 2001 UTC (23 years, 4 months ago) by niklas
Branch: MAIN
Changes since 1.16: +2 -2 lines
Diff to previous 1.16 (colored)
(c) 2001
Revision 1.16 / (download) - annotate - [select for diffs], Fri Jan 26 12:12:51 2001 UTC (23 years, 4 months ago) by niklas
Branch: MAIN
Changes since 1.15: +2 -2 lines
Diff to previous 1.15 (colored)
Pedantic style police
Revision 1.15 / (download) - annotate - [select for diffs], Sat Oct 7 06:59:46 2000 UTC (23 years, 8 months ago) by niklas
Branch: MAIN
CVS Tags: OPENBSD_2_8_BASE
Branch point for: OPENBSD_2_8
Changes since 1.14: +3 -3 lines
Diff to previous 1.14 (colored)
Merge with EOM 1.28 author: niklas Obsolete commentary
Revision 1.14 / (download) - annotate - [select for diffs], Thu Jun 8 20:49:44 2000 UTC (24 years ago) by niklas
Branch: MAIN
Changes since 1.13: +6 -2 lines
Diff to previous 1.13 (colored)
cert.h: Merge with EOM 1.7 exchange.h: Merge with EOM 1.27 x509.h: Merge with EOM 1.10 author: angelos Allow exchange of KeyNote credentials over IKE. Multiple credentials may be passed in a single CERT payload. KeyNote is used if a directory named as the local ID we use in an exchange exists in the KeyNote directory (default: /etc/isakmpd/keynote/). Note that asymmetric credentials are possible (use KeyNote in one direction and X509 in the other); such authentication is envisioned to be the most common: the clients will use KeyNote credentials to authenticate and authorize with a server, whilst the server will just provide an X509 certificate proving its binding to the IP address or ID. Totally asymmetric authentication (e.g., shared key in one direction, RSA in the other) is not supported by the IKE protocol.
Revision 1.13 / (download) - annotate - [select for diffs], Sat Jul 17 21:54:39 1999 UTC (24 years, 10 months ago) by niklas
Branch: MAIN
CVS Tags: OPENBSD_2_7_BASE,
OPENBSD_2_7,
OPENBSD_2_6_BASE,
OPENBSD_2_6
Changes since 1.12: +10 -2 lines
Diff to previous 1.12 (colored)
regress/rsakeygen/Makefile: Merge with EOM 1.4 regress/rsakeygen/rsakeygen.c: Merge with EOM 1.8 regress/x509/Makefile: Merge with EOM 1.6 regress/x509/x509test.c: Merge with EOM 1.6 regress/Makefile: Merge with EOM 1.8 samples/VPN-east.conf: Merge with EOM 1.6 samples/VPN-west.conf: Merge with EOM 1.6 samples/singlehost-east.conf: Merge with EOM 1.3 samples/singlehost-west.conf: Merge with EOM 1.3 sysdep/openbsd/Makefile.sysdep: Merge with EOM 1.5 x509.h: Merge with EOM 1.6 x509.c: Merge with EOM 1.17 DESIGN-NOTES: Merge with EOM 1.46 Makefile: Merge with EOM 1.55 cert.c: Merge with EOM 1.11 cert.h: Merge with EOM 1.6 exchange.c: Merge with EOM 1.109 exchange.h: Merge with EOM 1.26 ike_auth.c: Merge with EOM 1.32 ike_phase_1.c: Merge with EOM 1.7 init.c: Merge with EOM 1.16 isakmpd.conf.5: Merge with EOM 1.27 README.PKI: Merge with EOM 1.1 author: niklas From Niels Provos, edited by me: certificate support using SSLeay
Revision 1.12 / (download) - annotate - [select for diffs], Wed Jul 7 22:09:53 1999 UTC (24 years, 11 months ago) by niklas
Branch: MAIN
Changes since 1.11: +4 -2 lines
Diff to previous 1.11 (colored)
exchange.h: Merge with EOM 1.25 ike_quick_mode.c: Merge with EOM 1.90 init.c: Merge with EOM 1.15 author: ho Add keynote policy support (with USE_KEYNOTE). angelos@openbsd.org
Revision 1.11 / (download) - annotate - [select for diffs], Fri Apr 30 11:47:11 1999 UTC (25 years, 1 month ago) by niklas
Branch: MAIN
Changes since 1.10: +8 -2 lines
Diff to previous 1.10 (colored)
Merge with EOM 1.24 author: niklas Keep track of messages in the send queue from the exchange point of view.
Revision 1.10 / (download) - annotate - [select for diffs], Tue Apr 27 21:14:04 1999 UTC (25 years, 1 month ago) by niklas
Branch: MAIN
Changes since 1.9: +2 -7 lines
Diff to previous 1.9 (colored)
Merge with EOM 1.23 author: niklas Simplify exchange life logic some. Some style too.
Revision 1.9 / (download) - annotate - [select for diffs], Mon Apr 19 21:03:35 1999 UTC (25 years, 1 month ago) by niklas
Branch: MAIN
Changes since 1.8: +10 -6 lines
Diff to previous 1.8 (colored)
./exchange.h: Merge with EOM 1.22 Simplify the checks of existing exchanges by moving it into exchange_establish. This means we need to change the finalize API. Try to make PF_ENCAP support handle multiple connections to a single security gateway.
Revision 1.8 / (download) - annotate - [select for diffs], Mon Apr 5 20:58:28 1999 UTC (25 years, 2 months ago) by niklas
Branch: MAIN
CVS Tags: OPENBSD_2_5_BASE,
OPENBSD_2_5
Changes since 1.7: +10 -7 lines
Diff to previous 1.7 (colored)
Merge with EOM 1.21 New finalize API so we can call it when failing too, so we do not leak resources. Plug memory leaks in general. More memory allocation error reporting.
Revision 1.7 / (download) - annotate - [select for diffs], Fri Apr 2 01:08:41 1999 UTC (25 years, 2 months ago) by niklas
Branch: MAIN
Changes since 1.6: +10 -5 lines
Diff to previous 1.6 (colored)
Merge with EOM 1.20 refcounting on exchanges
Revision 1.6 / (download) - annotate - [select for diffs], Wed Mar 31 01:51:05 1999 UTC (25 years, 2 months ago) by niklas
Branch: MAIN
Changes since 1.5: +5 -4 lines
Diff to previous 1.5 (colored)
Merge with EOM 1.19 Do not overwrite the last-sent-message of phase 1 with last-sent dittos of phase2. Add some debugging. Make exchange finalization accept added hooks to run. Try to protect better against multiple equal exchanges getting started concurrently. Set the SA names from the exchange name up early. Change "Attributes" to "Flags" to not be mistaken for ISAKMP attributes. Let phase 2 exchanges take finalization functions too.
Revision 1.5 / (download) - annotate - [select for diffs], Fri Feb 26 03:38:22 1999 UTC (25 years, 3 months ago) by niklas
Branch: MAIN
Changes since 1.4: +3 -2 lines
Diff to previous 1.4 (colored)
Merge from the Ericsson repository | revision 1.18 | date: 1999/02/06 14:57:52; author: niklas; state: Exp; lines: +2 -1 | Export exchange_lookup_by_name | ----------------------------
Revision 1.4 / (download) - annotate - [select for diffs], Mon Dec 21 01:02:23 1998 UTC (25 years, 5 months ago) by niklas
Branch: MAIN
Changes since 1.3: +17 -3 lines
Diff to previous 1.3 (colored)
Last months worth of work on isakmpd, lots done
Revision 1.3 / (download) - annotate - [select for diffs], Tue Nov 17 11:10:10 1998 UTC (25 years, 6 months ago) by niklas
Branch: MAIN
Changes since 1.2: +2 -1 lines
Diff to previous 1.2 (colored)
Add RCS Ids from the EOM repository
Revision 1.2 / (download) - annotate - [select for diffs], Sun Nov 15 00:43:52 1998 UTC (25 years, 6 months ago) by niklas
Branch: MAIN
Changes since 1.1: +1 -1 lines
Diff to previous 1.1 (colored)
openBSD RCS IDs
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Sun Nov 15 00:03:48 1998 UTC (25 years, 6 months ago) by niklas
Branch: NIKLAS
CVS Tags: NIKLAS_981114
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)
Initial import of isakmpd, an IKE (ISAKMP/Oakley) implementation for the OpenBSD IPSEC stack by me, Niklas Hallqvist and Niels Provos, funded by Ericsson Radio Systems. It is not yet complete or usable in a real scenario but the missing pieces will soon be there. The early commit is for people who wants early access and who are not afraid of looking at source. isakmpd interops with Cisco, Timestep, SSH & Pluto (Linux FreeS/WAN) so far, so it is not that incomplete. It is really mostly configuration that is lacking.
Revision 1.1 / (download) - annotate - [select for diffs], Sun Nov 15 00:03:48 1998 UTC (25 years, 6 months ago) by niklas
Branch: MAIN
Initial revision