![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / sbin / isakmpd
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.205 / (download) - annotate - [select for diffs], Mon Aug 7 04:01:30 2023 UTC (9 months, 3 weeks ago) by dlg
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
HEAD
Changes since 1.204: +25 -3 lines
Diff to previous 1.204 (colored)
support configuring interface SAs for route-based ipsec vpns. add "Interface NUMBER" to the config parser to specify that once SAs have been negotiated with a peer, install the SAs with the sadb_x_iface extension set up, but skip installing the flows/SPD entries. this allows for the negotiation of multiple esp tunnels covering all traffic between 0.0.0.0/0 to 0.0.0.0/0, and then being able to do something useful with them using the routing table and sec(4) interfaces instead of having SPD entries fight over those packets in the kernel. this in turn allows interoperation with other ipsec/vpn solutions that require the negotiation of such tunnels. support from many including markus@ tobhe@ claudio@ sthen@ patrick@ now is a good time deraadt@
Revision 1.204 / (download) - annotate - [select for diffs], Mon Jan 31 23:51:15 2022 UTC (2 years, 4 months ago) by sthen
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.203: +6 -1 lines
Diff to previous 1.203 (colored)
In isakmpd's pf_key_v2_enable_sa(), check if proto is NULL and if so, log a warning rather than attempting to dereference it. Check suggested by millert@, ok "your fix shouldn't hurt" mpi@ This isn't fixing the root cause but I don't have a better idea and I'm hitting problems on several systems as I upgrade them, and I think in this case logging rather than dumping core is more helpful. Without this, in recent OpenBSD versions (I have seen it in since at least the snapshot from June 14 2021) I am often seeing isakmpd crashes after SAs come in shortly after isakmpd starts with my usual flags, although they don't seem to occur if I raise logs to heavy debug levels (-DA=90). With this, those connections will fail but isakmpd will stay running and after usually one retry things will be ok. Usually, perhaps always, seen associated with "responder_recv_HASH_SA_NONCE: KEY_EXCH payload without a group desc. attribute" logged previously. Pcap written by isakmpd -L shows a normal-looking proposal though, with proto/ids/group description set, yet printing *isa at the point that message is logged shows zeros in sport/dport/group_desc/etc. (I can give more info and/or test if someone has a better idea!)
Revision 1.203 / (download) - annotate - [select for diffs], Sun Jan 16 14:30:11 2022 UTC (2 years, 4 months ago) by naddy
Branch: MAIN
Changes since 1.202: +1 -8 lines
Diff to previous 1.202 (colored)
isakmpd: fix -Wunused-but-set-variable warnings ok guenther@
Revision 1.202 / (download) - annotate - [select for diffs], Fri Oct 22 12:30:54 2021 UTC (2 years, 7 months ago) by bluhm
Branch: MAIN
Changes since 1.201: +1 -5 lines
Diff to previous 1.201 (colored)
After deleting hifn(4) the only provider for the LZS compression algorithm is gone. Reomve all LZS references from the tree. The v42bis in isakmpd also looks unsupported. OK mvs@ patrick@ sthen@
Revision 1.201 / (download) - annotate - [select for diffs], Fri Nov 29 22:06:19 2019 UTC (4 years, 6 months ago) by tobhe
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.200: +2 -3 lines
Diff to previous 1.200 (colored)
Change the default security level for incoming IPsec flows from isakmpd and iked to REQUIRE. Filter policy violations earlier. ok sashan@ bluhm@
Revision 1.200 / (download) - annotate - [select for diffs], Tue Dec 5 20:31:45 2017 UTC (6 years, 5 months ago) by jca
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4,
OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.199: +4 -5 lines
Diff to previous 1.199 (colored)
Use clock_gettime(CLOCK_MONOTONIC) to schedule timers From Scott Cheloha, ok tb@
Revision 1.199 / (download) - annotate - [select for diffs], Sun Aug 6 13:54:04 2017 UTC (6 years, 9 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.198: +6 -3 lines
Diff to previous 1.198 (colored)
Prevent a use-after-free by always passing dynamically allocated arguments to f_key_v2_connection_check(). The race can be triggered by sending SIGHUP to the daemon. Note that this change do not fix the memory leak if exchange_establish() fails. Reported by MichaĆ Koc. ok hshoexer@, markus@, henning@
Revision 1.198 / (download) - annotate - [select for diffs], Tue Feb 28 16:46:27 2017 UTC (7 years, 3 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.197: +3 -3 lines
Diff to previous 1.197 (colored)
Depending on the addresses, ipsecctl(8) automatically groups sa bundles together. Extend the kernel interface to export the bundle information to userland. Then ipsecctl -ss -v can show the internal relations. Unfortunately the header SADB_X_EXT_PROTOCOL was reused by SADB_X_GRPSPIS, so it cannot be used to transfer the second sa type with sysctl. Introduce a new SADB_X_EXT_SATYPE2 and use it consistently. OK hshoexer@ markus@
Revision 1.197 / (download) - annotate - [select for diffs], Thu Dec 10 17:27:00 2015 UTC (8 years, 5 months ago) by mmcc
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.196: +2 -3 lines
Diff to previous 1.196 (colored)
Remove NULL-checks before free(). ok tb@
Revision 1.196 / (download) - annotate - [select for diffs], Wed Dec 9 21:41:50 2015 UTC (8 years, 5 months ago) by naddy
Branch: MAIN
Changes since 1.195: +1 -7 lines
Diff to previous 1.195 (colored)
Remove plain DES encryption from IPsec. DES is insecure since brute force attacks are practical due to its short key length. This removes support for DES-CBC encryption in ESP and in IKE main and quick mode from the kernel, isakmpd(8), ipsecctl(8), and iked(8). ok mikeb@
Revision 1.195 / (download) - annotate - [select for diffs], Thu Aug 20 22:02:21 2015 UTC (8 years, 9 months ago) by deraadt
Branch: MAIN
Changes since 1.194: +4 -4 lines
Diff to previous 1.194 (colored)
<stdlib.h> is included, so do not need to cast result from malloc, calloc, realloc* ok krw millert
Revision 1.194 / (download) - annotate - [select for diffs], Fri Apr 17 10:04:37 2015 UTC (9 years, 1 month ago) by mikeb
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.193: +3 -11 lines
Diff to previous 1.193 (colored)
Remove unsupported SADB_X_IDENTTYPE_CONNECTION; OK markus, hshoexer
Revision 1.193 / (download) - annotate - [select for diffs], Tue Apr 14 12:22:15 2015 UTC (9 years, 1 month ago) by mikeb
Branch: MAIN
Changes since 1.192: +7 -321 lines
Diff to previous 1.192 (colored)
Remove support for storing credentials and auth information in the kernel. This code is largely unfinished and is not used for anything. The change leaves identities as only objects referenced by ipsec_ref structure and their handling requires some changes to support more advanced matching of IPsec connections. No objections from reyk and hshoexer, with and OK markus.
Revision 1.192 / (download) - annotate - [select for diffs], Thu Mar 26 12:21:37 2015 UTC (9 years, 2 months ago) by mikeb
Branch: MAIN
Changes since 1.191: +1 -39 lines
Diff to previous 1.191 (colored)
Remove bits of unfinished IPsec proxy support. DNS' KX records, anyone? ok markus, hshoexer
Revision 1.191 / (download) - annotate - [select for diffs], Wed Oct 29 06:26:40 2014 UTC (9 years, 7 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.190: +9 -21 lines
Diff to previous 1.190 (colored)
convert simple cases of select() to poll() ok doug
Revision 1.190 / (download) - annotate - [select for diffs], Wed Oct 22 16:35:34 2014 UTC (9 years, 7 months ago) by millert
Branch: MAIN
Changes since 1.189: +3 -3 lines
Diff to previous 1.189 (colored)
Fix error reporting when reallocarray() fails. OK miod@
Revision 1.189 / (download) - annotate - [select for diffs], Sat Oct 18 03:10:00 2014 UTC (9 years, 7 months ago) by doug
Branch: MAIN
Changes since 1.188: +6 -5 lines
Diff to previous 1.188 (colored)
Convert malloc() with a size var using multiplication to reallocarray(). Avoid assigning the size unless reallocarray() succeeds to avoid overflow. ok deraadt@
Revision 1.188 / (download) - annotate - [select for diffs], Sat Jun 30 14:51:31 2012 UTC (11 years, 11 months ago) by naddy
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6,
OPENBSD_5_5_BASE,
OPENBSD_5_5,
OPENBSD_5_4_BASE,
OPENBSD_5_4,
OPENBSD_5_3_BASE,
OPENBSD_5_3,
OPENBSD_5_2_BASE,
OPENBSD_5_2
Changes since 1.187: +2 -2 lines
Diff to previous 1.187 (colored)
enable use of AES-{192,256}-CTR, and explicitly of AES-128-CTR, for IPsec ESP
ok mikeb@
Revision 1.187 / (download) - annotate - [select for diffs], Tue Aug 2 22:51:38 2011 UTC (12 years, 10 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0
Changes since 1.186: +5 -3 lines
Diff to previous 1.186 (colored)
add refcounting for "Configuration" section for acquire-mode SAs ok mikeb@
Revision 1.186 / (download) - annotate - [select for diffs], Wed Sep 22 13:45:16 2010 UTC (13 years, 8 months ago) by mikeb
Branch: MAIN
CVS Tags: OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.185: +9 -1 lines
Diff to previous 1.185 (colored)
Support for use of AES-GCM-16 (as AESGCM) and ENCR_NULL_AUTH_AES_GMAC (as AESGMAC) ciphers in the ISAKMP Phase 2 (aka Quick Mode). Thoroughly tested by me and naddy. Works fine with Linux. Requires updated pfkeyv2.h include file. ok naddy
Revision 1.185 / (download) - annotate - [select for diffs], Wed Jan 28 17:57:15 2009 UTC (15 years, 4 months ago) by hshoexer
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8,
OPENBSD_4_7_BASE,
OPENBSD_4_7,
OPENBSD_4_6_BASE,
OPENBSD_4_6,
OPENBSD_4_5_BASE,
OPENBSD_4_5
Changes since 1.184: +2 -3 lines
Diff to previous 1.184 (colored)
cleaning up my tree: trivial KNF and a comment fix.
Revision 1.184 / (download) - annotate - [select for diffs], Tue Jul 1 15:00:53 2008 UTC (15 years, 11 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_4_4_BASE,
OPENBSD_4_4
Changes since 1.183: +117 -49 lines
Diff to previous 1.183 (colored)
Isakmpd acquire mode did not work with a config generated from ipsec.conf. The config created by isakmpd dynamically was different from the config that ipsecctl generated out of ipsec.conf. Both config formats are changed so that they match. One needs a passive ike line and a require flow line with the same parameters in the ipsec.conf. Then the acquire message generated by the kernel will trigger isakmpd to generate a config that matches the one that ipsecctl generated from the ike line. ok hshoexer, 'sounds good' todd
Revision 1.183 / (download) - annotate - [select for diffs], Tue Jun 10 17:25:57 2008 UTC (15 years, 11 months ago) by bluhm
Branch: MAIN
Changes since 1.182: +5 -5 lines
Diff to previous 1.182 (colored)
Fix implementation of IN6_IS_ADDR_FULL so that IPV6_ADDR is used instead of IPV6_ADDR_SUBNET where appropriate. Then isakmpd has the same behaviour for IPv6 and IPv4. ok markus@
Revision 1.182 / (download) - annotate - [select for diffs], Sun Sep 2 15:19:24 2007 UTC (16 years, 9 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_4_3_BASE,
OPENBSD_4_3
Changes since 1.181: +2 -2 lines
Diff to previous 1.181 (colored)
use calloc() to avoid malloc(n * m) overflows; checked by djm canacar jsg
Revision 1.181 / (download) - annotate - [select for diffs], Sun May 27 18:31:30 2007 UTC (17 years ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_4_2_BASE,
OPENBSD_4_2
Changes since 1.180: +1 -2 lines
Diff to previous 1.180 (colored)
Don't include sys/mbuf.h it is not needed. OK mcbride@ msf@
Revision 1.180 / (download) - annotate - [select for diffs], Mon Apr 16 13:01:39 2007 UTC (17 years, 1 month ago) by moritz
Branch: MAIN
Changes since 1.179: +30 -58 lines
Diff to previous 1.179 (colored)
There's no point in checking ptr for NULL before doing free(ptr) since free(NULL) is just fine. ok hshoexer@
Revision 1.179 / (download) - annotate - [select for diffs], Sun Apr 8 11:20:31 2007 UTC (17 years, 1 month ago) by moritz
Branch: MAIN
Changes since 1.178: +4 -6 lines
Diff to previous 1.178 (colored)
Fix lint comments. s/Fall through/FALLTHROUGH/. ok hshoexer@
Revision 1.178 / (download) - annotate - [select for diffs], Mon Feb 19 09:43:34 2007 UTC (17 years, 3 months ago) by hshoexer
Branch: MAIN
CVS Tags: OPENBSD_4_1_BASE,
OPENBSD_4_1
Changes since 1.177: +5 -1 lines
Diff to previous 1.177 (colored)
isakmpd bits for ESP+NULL encryption. This is useful, when AH can not be used (when being behind NAT). With Martin Hedenfalk <martin.hedenfalk at gmail.com>, thanks!
Revision 1.177 / (download) - annotate - [select for diffs], Fri Nov 24 13:52:14 2006 UTC (17 years, 6 months ago) by reyk
Branch: MAIN
Changes since 1.176: +22 -4 lines
Diff to previous 1.176 (colored)
add support to tag ipsec traffic belonging to specific IKE-initiated phase 2 traffic. this allows policy-based filtering of encrypted and unencrypted ipsec traffic with pf(4). see ipsec.conf(5) and isakmpd.conf(5) for details and examples. this is work in progress and still needs some testing and feedback, but it is safe to put it in now. ok hshoexer@
Revision 1.176 / (download) - annotate - [select for diffs], Fri Sep 1 00:24:06 2006 UTC (17 years, 9 months ago) by mpf
Branch: MAIN
CVS Tags: OPENBSD_4_0_BASE,
OPENBSD_4_0
Changes since 1.175: +4 -2 lines
Diff to previous 1.175 (colored)
Add a new UI command to force isakmpd into passive only mode. Will be used by sasyncd to prevent two talking isakmpd's in an HA setup. Based on a diff by ho@. OK ho@, hshoexer@, deraadt@
Revision 1.175 / (download) - annotate - [select for diffs], Wed Aug 30 22:54:32 2006 UTC (17 years, 9 months ago) by henning
Branch: MAIN
Changes since 1.174: +2 -0 lines
Diff to previous 1.174 (colored)
fix isakmpd -Ka, as used by bgpd, or acquire flows set up via ipsecctl. acquire flows need to be recorded on the fly via connection_record_passive(), otherwise later lookups fail and the policy check fails. ok hshoexer ho markus msf deraadt
Revision 1.174 / (download) - annotate - [select for diffs], Wed Aug 30 18:27:17 2006 UTC (17 years, 9 months ago) by henning
Branch: MAIN
Changes since 1.173: +4 -2 lines
Diff to previous 1.173 (colored)
need to retry writing to pfkey socket on EAGAIN, ok theo hshoexer
Revision 1.173 / (download) - annotate - [select for diffs], Wed Aug 30 10:50:36 2006 UTC (17 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.172: +1 -9 lines
Diff to previous 1.172 (colored)
do not call pf_key_v2_disable_sa twice; ok hshoexer, ho
Revision 1.172 / (download) - annotate - [select for diffs], Sat Jun 10 20:10:02 2006 UTC (17 years, 11 months ago) by hshoexer
Branch: MAIN
Changes since 1.171: +5 -2 lines
Diff to previous 1.171 (colored)
support sha2 for main mode hmacs and aesctr for quick mode encryption. ok markus@ ho@
Revision 1.171 / (download) - annotate - [select for diffs], Wed May 31 04:58:13 2006 UTC (18 years ago) by hshoexer
Branch: MAIN
Changes since 1.170: +2 -2 lines
Diff to previous 1.170 (colored)
tiny KNF
Revision 1.170 / (download) - annotate - [select for diffs], Wed May 31 04:54:46 2006 UTC (18 years ago) by hshoexer
Branch: MAIN
Changes since 1.169: +3 -3 lines
Diff to previous 1.169 (colored)
Make sure, that phase 1 SAs of active connections stay alive. Fixes a DPD breakage noticed and reported by Mitja Muzenic. ok markus@ ho@, testing by Mitja and cloder@, discussed with Nathanael.
Revision 1.169 / (download) - annotate - [select for diffs], Mon May 29 10:17:59 2006 UTC (18 years ago) by markus
Branch: MAIN
Changes since 1.168: +2 -2 lines
Diff to previous 1.168 (colored)
export pf_key_v2_disable_sa() (unbreaks build)
Revision 1.168 / (download) - annotate - [select for diffs], Mon Nov 14 23:25:11 2005 UTC (18 years, 6 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE,
OPENBSD_3_9
Changes since 1.167: +19 -52 lines
Diff to previous 1.167 (colored)
use snprintf; ok cloder. also looked at by a few other people
Revision 1.167 / (download) - annotate - [select for diffs], Tue Jun 14 10:50:47 2005 UTC (18 years, 11 months ago) by hshoexer
Branch: MAIN
CVS Tags: OPENBSD_3_8_BASE,
OPENBSD_3_8
Changes since 1.166: +3 -2 lines
Diff to previous 1.166 (colored)
add ENCAP_UDP_{TUNNEL,TRANSPORT} types according to rfc 3947
ok markus
Revision 1.166 / (download) - annotate - [select for diffs], Wed Jun 1 23:04:35 2005 UTC (19 years ago) by cloder
Branch: MAIN
Changes since 1.165: +2 -1 lines
Diff to previous 1.165 (colored)
Fix memory leak. OK hshoexer
Revision 1.165 / (download) - annotate - [select for diffs], Sun May 22 06:22:53 2005 UTC (19 years ago) by cloder
Branch: MAIN
Changes since 1.164: +1 -629 lines
Diff to previous 1.164 (colored)
No more ifdef KAME. From hshoexer
Revision 1.164 / (download) - annotate - [select for diffs], Fri Apr 8 23:15:26 2005 UTC (19 years, 1 month ago) by hshoexer
Branch: MAIN
Changes since 1.163: +34 -38 lines
Diff to previous 1.163 (colored)
get rid of sysdep_sa_len ok cloder@
Revision 1.163 / (download) - annotate - [select for diffs], Fri Apr 8 19:40:03 2005 UTC (19 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.162: +1 -17 lines
Diff to previous 1.162 (colored)
USE_DEBUG is bye bye
Revision 1.162 / (download) - annotate - [select for diffs], Fri Apr 8 17:15:01 2005 UTC (19 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.161: +1 -5 lines
Diff to previous 1.161 (colored)
keynote and policy always compiled in
Revision 1.161 / (download) - annotate - [select for diffs], Fri Apr 8 16:37:14 2005 UTC (19 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.160: +1 -7 lines
Diff to previous 1.160 (colored)
nat-traversal always
Revision 1.160 / (download) - annotate - [select for diffs], Fri Apr 8 16:09:25 2005 UTC (19 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.159: +1 -13 lines
Diff to previous 1.159 (colored)
kill USE_OLD_SOCKADDR
Revision 1.159 / (download) - annotate - [select for diffs], Fri Apr 8 16:07:21 2005 UTC (19 years, 1 month ago) by cloder
Branch: MAIN
Changes since 1.158: +1 -35 lines
Diff to previous 1.158 (colored)
Remove references to LINUX_IPSEC
Revision 1.158 / (download) - annotate - [select for diffs], Wed Apr 6 16:00:20 2005 UTC (19 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.157: +43 -47 lines
Diff to previous 1.157 (colored)
knf, ok cloder
Revision 1.157 / (download) - annotate - [select for diffs], Tue Apr 5 20:46:20 2005 UTC (19 years, 2 months ago) by cloder
Branch: MAIN
Changes since 1.156: +3 -3 lines
Diff to previous 1.156 (colored)
Always compile X509 support. Almost everyone uses it. Makes the code much easier to read and to maintain. OK and testing by hshoexer@, more testing by me
Revision 1.156 / (download) - annotate - [select for diffs], Mon Apr 4 19:31:11 2005 UTC (19 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.155: +24 -25 lines
Diff to previous 1.155 (colored)
spacing; ok cloder
Revision 1.155 / (download) - annotate - [select for diffs], Wed Mar 2 12:49:51 2005 UTC (19 years, 3 months ago) by hshoexer
Branch: MAIN
CVS Tags: OPENBSD_3_7_BASE,
OPENBSD_3_7
Changes since 1.154: +97 -100 lines
Diff to previous 1.154 (colored)
knf, linewrapping, whitespaces, no binary change
Revision 1.154 / (download) - annotate - [select for diffs], Sun Feb 27 14:26:00 2005 UTC (19 years, 3 months ago) by pat
Branch: MAIN
Changes since 1.153: +5 -4 lines
Diff to previous 1.153 (colored)
cleanup correctly in some error paths. ok hshoexer
Revision 1.153 / (download) - annotate - [select for diffs], Sun Feb 27 13:12:12 2005 UTC (19 years, 3 months ago) by hshoexer
Branch: MAIN
Changes since 1.152: +8 -8 lines
Diff to previous 1.152 (colored)
where possible, use bzero instead of memset ok cloder henning
Revision 1.152 / (download) - annotate - [select for diffs], Fri Feb 25 03:02:41 2005 UTC (19 years, 3 months ago) by cloder
Branch: MAIN
Changes since 1.151: +2 -3 lines
Diff to previous 1.151 (colored)
Fix an obviously incorrect call to memset. '0' and 0 are not the same thing. Input and OK from markus@, ho@, niklas@, deraadt@, hshoexer@
Revision 1.151 / (download) - annotate - [select for diffs], Mon Dec 27 11:02:03 2004 UTC (19 years, 5 months ago) by hshoexer
Branch: MAIN
Changes since 1.150: +2 -2 lines
Diff to previous 1.150 (colored)
Fix broken pointer arithmetic when receiving a RSA key from the kernel. Found and fix provided by Stefan Miltchev. Thanks! ok otto@
Revision 1.150 / (download) - annotate - [select for diffs], Fri Sep 17 13:53:08 2004 UTC (19 years, 8 months ago) by ho
Branch: MAIN
Changes since 1.149: +3 -1 lines
Diff to previous 1.149 (colored)
Missing #ifdefs.
Revision 1.149 / (download) - annotate - [select for diffs], Thu Aug 12 11:08:54 2004 UTC (19 years, 9 months ago) by ho
Branch: MAIN
CVS Tags: OPENBSD_3_6_BASE,
OPENBSD_3_6
Changes since 1.148: +7 -7 lines
Diff to previous 1.148 (colored)
Avoid memleak on error (Linux/KAME). Found by Benjamin Pineau.
Revision 1.148 / (download) - annotate - [select for diffs], Tue Aug 10 15:59:10 2004 UTC (19 years, 9 months ago) by ho
Branch: MAIN
Changes since 1.147: +199 -2 lines
Diff to previous 1.147 (colored)
Better implementation of the Dead Peer Detection protocol, RFC 3706. hshoexer@ ok.
Revision 1.147 / (download) - annotate - [select for diffs], Sun Aug 8 19:11:06 2004 UTC (19 years, 9 months ago) by deraadt
Branch: MAIN
Changes since 1.146: +11 -11 lines
Diff to previous 1.146 (colored)
spacing
Revision 1.146 / (download) - annotate - [select for diffs], Sat Jun 26 06:07:03 2004 UTC (19 years, 11 months ago) by hshoexer
Branch: MAIN
Changes since 1.145: +3 -4 lines
Diff to previous 1.145 (colored)
Narrow down privsep interface. Move pf_key_v2_open() to monitor. Work in progress. ok ho@
Revision 1.145 / (download) - annotate - [select for diffs], Wed Jun 23 23:36:01 2004 UTC (19 years, 11 months ago) by ho
Branch: MAIN
Changes since 1.144: +4 -4 lines
Diff to previous 1.144 (colored)
Print corrent prefix. Found and tested by alex at vbone.net.
Revision 1.144 / (download) - annotate - [select for diffs], Mon Jun 21 18:41:06 2004 UTC (19 years, 11 months ago) by ho
Branch: MAIN
Changes since 1.143: +5 -14 lines
Diff to previous 1.143 (colored)
udpencap_port should be taken from dst transport
Revision 1.143 / (download) - annotate - [select for diffs], Mon Jun 21 15:15:38 2004 UTC (19 years, 11 months ago) by ho
Branch: MAIN
Changes since 1.142: +68 -37 lines
Diff to previous 1.142 (colored)
Tell the kernel to enable ESP-in-UDP encapsulation when we have SAs negotiated with NAT-T.
Revision 1.142 / (download) - annotate - [select for diffs], Mon Jun 14 09:55:41 2004 UTC (19 years, 11 months ago) by ho
Branch: MAIN
Changes since 1.141: +469 -332 lines
Diff to previous 1.141 (colored)
KNF, style, 80c, etc. hshoexer@ ok
Revision 1.141 / (download) - annotate - [select for diffs], Wed Jun 9 14:02:44 2004 UTC (19 years, 11 months ago) by ho
Branch: MAIN
Changes since 1.140: +10 -10 lines
Diff to previous 1.140 (colored)
Style nits. hshoexer@ ok
Revision 1.140 / (download) - annotate - [select for diffs], Thu Apr 15 18:39:26 2004 UTC (20 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.139: +3401 -3674 lines
Diff to previous 1.139 (colored)
partial move to KNF. More to come. This has happened because there are a raft of source code auditors who are willing to help improve this code only if this is done, and hey, isakmpd does need our standard auditing process. ok ho hshoexer
Revision 1.139 / (download) - annotate - [select for diffs], Wed Apr 7 22:45:49 2004 UTC (20 years, 1 month ago) by ho
Branch: MAIN
Changes since 1.138: +6 -4 lines
Diff to previous 1.138 (colored)
-Wsign-compare nits. hshoexer@ ok.
Revision 1.138 / (download) - annotate - [select for diffs], Wed Mar 10 09:28:46 2004 UTC (20 years, 2 months ago) by ho
Branch: MAIN
CVS Tags: OPENBSD_3_5_BASE,
OPENBSD_3_5
Changes since 1.137: +20 -17 lines
Diff to previous 1.137 (colored)
Fix for PR2429, from Clemens Wittinger.
Revision 1.137 / (download) - annotate - [select for diffs], Thu Nov 6 16:12:07 2003 UTC (20 years, 7 months ago) by ho
Branch: MAIN
Changes since 1.136: +8 -8 lines
Diff to previous 1.136 (colored)
Style nits.
Revision 1.136 / (download) - annotate - [select for diffs], Fri Aug 8 08:37:36 2003 UTC (20 years, 9 months ago) by ho
Branch: MAIN
CVS Tags: OPENBSD_3_4_BASE,
OPENBSD_3_4
Changes since 1.135: +17 -1 lines
Diff to previous 1.135 (colored)
Fine grained selectors for Linux native IPsec. From Jean-Francois Dive.
Revision 1.135 / (download) - annotate - [select for diffs], Fri Jul 25 08:31:16 2003 UTC (20 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.134: +37 -1 lines
Diff to previous 1.134 (colored)
add sha2 support; ok ho@
Revision 1.134 / (download) - annotate - [select for diffs], Thu Jul 24 09:59:03 2003 UTC (20 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.133: +9 -1 lines
Diff to previous 1.133 (colored)
conform to RFC2367 on SADB_xx naming (local name must be prefixed with SADB_X_xx)
Revision 1.133 / (download) - annotate - [select for diffs], Tue Jun 10 16:41:29 2003 UTC (20 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.132: +4 -4 lines
Diff to previous 1.132 (colored)
boring cleanups
Revision 1.132 / (download) - annotate - [select for diffs], Wed Jun 4 07:31:17 2003 UTC (21 years ago) by ho
Branch: MAIN
Changes since 1.131: +1 -6 lines
Diff to previous 1.131 (colored)
Remove the rest of clauses 3 and 4. Approved by Niklas Hallqvist, Angelos D. Keromytis and Niels Provos.
Revision 1.131 / (download) - annotate - [select for diffs], Sun May 18 19:37:46 2003 UTC (21 years ago) by ho
Branch: MAIN
Changes since 1.130: +2 -2 lines
Diff to previous 1.130 (colored)
More isakmpd privsep work. X509 private keys are now kept in the privileged process only. Various cleanup and bugfixes. markus@ ok
Revision 1.130 / (download) - annotate - [select for diffs], Sun May 18 18:16:34 2003 UTC (21 years ago) by ho
Branch: MAIN
Changes since 1.129: +45 -11 lines
Diff to previous 1.129 (colored)
Sysdep for native Linux IPSec, 2.5 and later. From Thomas Walpuski, with various tweaks by me. niklas@ ok.
Revision 1.129 / (download) - annotate - [select for diffs], Thu May 15 00:28:53 2003 UTC (21 years ago) by ho
Branch: MAIN
Changes since 1.128: +4 -3 lines
Diff to previous 1.128 (colored)
Start of privilege separation for isakmpd. There are some kinks left, so keep it default disabled for now. markus@ says ok to commit.
Revision 1.128 / (download) - annotate - [select for diffs], Wed May 14 23:44:48 2003 UTC (21 years ago) by kjell
Branch: MAIN
Changes since 1.127: +5 -3 lines
Diff to previous 1.127 (colored)
properly terminate debug string (levels >=40) Use "%.*s" as suggested by Niklas. ok ho@. Lost by kjell. oked ho@. lost by kjell again. oked ho@
Revision 1.127 / (download) - annotate - [select for diffs], Wed May 14 17:37:22 2003 UTC (21 years ago) by ho
Branch: MAIN
Changes since 1.126: +2 -2 lines
Diff to previous 1.126 (colored)
I did not test this enough. Unbreak.
Revision 1.126 / (download) - annotate - [select for diffs], Mon May 12 21:43:21 2003 UTC (21 years ago) by ho
Branch: MAIN
Changes since 1.125: +3 -2 lines
Diff to previous 1.125 (colored)
AES -> AES_128_CBC
Revision 1.125 / (download) - annotate - [select for diffs], Sun May 11 02:16:54 2003 UTC (21 years ago) by markus
Branch: MAIN
Changes since 1.124: +25 -9 lines
Diff to previous 1.124 (colored)
fix ID-type for ipv6; ok niklas; report fries
Revision 1.124 / (download) - annotate - [select for diffs], Mon Apr 14 10:22:13 2003 UTC (21 years, 1 month ago) by ho
Branch: MAIN
Changes since 1.123: +17 -14 lines
Diff to previous 1.123 (colored)
More snprintf style
Revision 1.123 / (download) - annotate - [select for diffs], Mon Apr 14 10:14:16 2003 UTC (21 years, 1 month ago) by ho
Branch: MAIN
Changes since 1.122: +4 -4 lines
Diff to previous 1.122 (colored)
A "%d" is 12 chars, not 10. Use sizeof num instead of '10' in snprintf. From Theo.
Revision 1.122 / (download) - annotate - [select for diffs], Mon Feb 24 12:01:04 2003 UTC (21 years, 3 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_3_BASE,
OPENBSD_3_3
Changes since 1.121: +4 -4 lines
Diff to previous 1.121 (colored)
pf_key_v2_flow: typo in debug msg (KAME)
Revision 1.121 / (download) - annotate - [select for diffs], Thu Jan 9 13:10:34 2003 UTC (21 years, 4 months ago) by ho
Branch: MAIN
Changes since 1.120: +3 -3 lines
Diff to previous 1.120 (colored)
Change "Default-Phase-2-Suites" --> "Default-phase-2-suites"
Revision 1.120 / (download) - annotate - [select for diffs], Fri Dec 6 20:28:20 2002 UTC (21 years, 6 months ago) by ho
Branch: MAIN
Changes since 1.119: +12 -8 lines
Diff to previous 1.119 (colored)
Set transform from default. PR#3008
Revision 1.119 / (download) - annotate - [select for diffs], Wed Dec 4 18:08:40 2002 UTC (21 years, 6 months ago) by ho
Branch: MAIN
Changes since 1.118: +2 -2 lines
Diff to previous 1.118 (colored)
bit_ffc(3) returns a -1 location for a full bitset. Problem found by Olivier Courtay.
Revision 1.118 / (download) - annotate - [select for diffs], Wed Dec 4 15:06:33 2002 UTC (21 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.117: +21 -1 lines
Diff to previous 1.117 (colored)
allow ACQUIRE with empty EXT_ADDRESS_SRC; PR 2996; ok angelos@, ho@
Revision 1.117 / (download) - annotate - [select for diffs], Wed Sep 11 09:50:44 2002 UTC (21 years, 8 months ago) by ho
Branch: MAIN
CVS Tags: OPENBSD_3_2_BASE,
OPENBSD_3_2
Changes since 1.116: +10 -11 lines
Diff to previous 1.116 (colored)
signed vs unsigned, some void * arithmetic, from -pedantic. niklas@ ok.
Revision 1.116 / (download) - annotate - [select for diffs], Thu Aug 29 15:15:45 2002 UTC (21 years, 9 months ago) by itojun
Branch: MAIN
Changes since 1.115: +2 -2 lines
Diff to previous 1.115 (colored)
size_t has to be casted to u_long on printing. From: Martti Kuparinen <martti.kuparinen@iki.fi>
Revision 1.115 / (download) - annotate - [select for diffs], Fri Aug 23 18:01:33 2002 UTC (21 years, 9 months ago) by ho
Branch: MAIN
Changes since 1.114: +2 -2 lines
Diff to previous 1.114 (colored)
Small cleanup.
Revision 1.114 / (download) - annotate - [select for diffs], Fri Aug 23 17:11:08 2002 UTC (21 years, 9 months ago) by ho
Branch: MAIN
Changes since 1.113: +2 -2 lines
Diff to previous 1.113 (colored)
Proper format
Revision 1.113 / (download) - annotate - [select for diffs], Thu Jul 11 21:23:28 2002 UTC (21 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.112: +2 -2 lines
Diff to previous 1.112 (colored)
malloc() failure tests; rimshot@pandora.be
Revision 1.112 / (download) - annotate - [select for diffs], Fri Jul 5 11:08:13 2002 UTC (21 years, 11 months ago) by ho
Branch: MAIN
Changes since 1.111: +6 -5 lines
Diff to previous 1.111 (colored)
gcc 3.1 nits. Pointed out by David Krause.
Revision 1.111 / (download) - annotate - [select for diffs], Tue Jun 11 18:50:21 2002 UTC (21 years, 11 months ago) by ho
Branch: MAIN
Changes since 1.110: +9 -2 lines
Diff to previous 1.110 (colored)
set_spi: CPIs are 16 bit. flow: accept IPComp flows.
Revision 1.110 / (download) - annotate - [select for diffs], Tue Jun 11 18:28:01 2002 UTC (21 years, 11 months ago) by ho
Branch: MAIN
Changes since 1.109: +27 -24 lines
Diff to previous 1.109 (colored)
Don't send KEY extensions for IPCOMP.
Revision 1.109 / (download) - annotate - [select for diffs], Tue Jun 11 18:04:28 2002 UTC (21 years, 11 months ago) by ho
Branch: MAIN
Changes since 1.108: +5 -2 lines
Diff to previous 1.108 (colored)
Stupid 16-bit CPI numbers.
Revision 1.108 / (download) - annotate - [select for diffs], Mon Jun 10 20:54:51 2002 UTC (21 years, 11 months ago) by ho
Branch: MAIN
Changes since 1.107: +11 -3 lines
Diff to previous 1.107 (colored)
CPIs cannot be selected from the same range as SPIs.
Revision 1.107 / (download) - annotate - [select for diffs], Sun Jun 9 08:13:06 2002 UTC (21 years, 11 months ago) by todd
Branch: MAIN
Changes since 1.106: +4 -4 lines
Diff to previous 1.106 (colored)
rm trailing whitespace
Revision 1.106 / (download) - annotate - [select for diffs], Fri Jun 7 06:37:08 2002 UTC (22 years ago) by ho
Branch: MAIN
Changes since 1.105: +7 -7 lines
Diff to previous 1.105 (colored)
own sadb_protocol struct for EXT_PROTOCOL
Revision 1.105 / (download) - annotate - [select for diffs], Fri Jun 7 05:07:33 2002 UTC (22 years ago) by angelos
Branch: MAIN
Changes since 1.104: +9 -2 lines
Diff to previous 1.104 (colored)
Send a flow type.
Revision 1.104 / (download) - annotate - [select for diffs], Thu Jun 6 18:35:15 2002 UTC (22 years ago) by ho
Branch: MAIN
Changes since 1.103: +119 -118 lines
Diff to previous 1.103 (colored)
Cleanup / style
Revision 1.103 / (download) - annotate - [select for diffs], Thu Jun 6 02:15:27 2002 UTC (22 years ago) by ho
Branch: MAIN
Changes since 1.102: +13 -12 lines
Diff to previous 1.102 (colored)
Style, and a few additional format/type mods.
Revision 1.102 / (download) - annotate - [select for diffs], Sat Jun 1 07:44:22 2002 UTC (22 years ago) by deraadt
Branch: MAIN
Changes since 1.101: +16 -15 lines
Diff to previous 1.101 (colored)
size_t must be cast to (unsigned long) and printed using %lu
Revision 1.101 / (download) - annotate - [select for diffs], Fri May 31 02:16:55 2002 UTC (22 years ago) by angelos
Branch: MAIN
Changes since 1.100: +131 -55 lines
Diff to previous 1.100 (colored)
Look for the authentication info from the kernel in the correct message.
Revision 1.100 / (download) - annotate - [select for diffs], Tue May 28 10:09:46 2002 UTC (22 years ago) by ho
Branch: MAIN
Changes since 1.99: +4 -4 lines
Diff to previous 1.99 (colored)
Proper types in format strings. From <greg@nest.cx>
Revision 1.99 / (download) - annotate - [select for diffs], Mon May 27 04:21:38 2002 UTC (22 years ago) by deraadt
Branch: MAIN
Changes since 1.98: +3 -3 lines
Diff to previous 1.98 (colored)
correct pid handling
Revision 1.98 / (download) - annotate - [select for diffs], Sun May 26 09:24:35 2002 UTC (22 years ago) by deraadt
Branch: MAIN
Changes since 1.97: +3 -3 lines
Diff to previous 1.97 (colored)
pid_t cleanup
Revision 1.97 / (download) - annotate - [select for diffs], Thu Feb 21 20:12:56 2002 UTC (22 years, 3 months ago) by angelos
Branch: MAIN
CVS Tags: OPENBSD_3_1_BASE,
OPENBSD_3_1
Changes since 1.96: +3 -3 lines
Diff to previous 1.96 (colored)
Use dport instead of sport, shifflett@nps.navy.mil
Revision 1.96 / (download) - annotate - [select for diffs], Tue Feb 19 21:11:19 2002 UTC (22 years, 3 months ago) by miod
Branch: MAIN
Changes since 1.95: +2 -2 lines
Diff to previous 1.95 (colored)
IPsec is written ``IPsec'', not ``IPSec''.
Revision 1.95 / (download) - annotate - [select for diffs], Fri Jan 25 13:07:23 2002 UTC (22 years, 4 months ago) by ho
Branch: MAIN
Changes since 1.94: +3 -3 lines
Diff to previous 1.94 (colored)
Typo. <mccreary@pch.net>
Revision 1.94 / (download) - annotate - [select for diffs], Wed Jan 23 18:44:47 2002 UTC (22 years, 4 months ago) by ho
Branch: MAIN
Changes since 1.93: +23 -30 lines
Diff to previous 1.93 (colored)
the last few sprintf -> snprintf
Revision 1.93 / (download) - annotate - [select for diffs], Wed Jan 23 17:21:16 2002 UTC (22 years, 4 months ago) by ho
Branch: MAIN
Changes since 1.92: +28 -26 lines
Diff to previous 1.92 (colored)
strcat->strlcat, sprintf->snprintf
Revision 1.92 / (download) - annotate - [select for diffs], Thu Jan 3 09:19:52 2002 UTC (22 years, 5 months ago) by ho
Branch: MAIN
Changes since 1.91: +2 -2 lines
Diff to previous 1.91 (colored)
Typo.
Revision 1.91 / (download) - annotate - [select for diffs], Fri Oct 26 13:29:26 2001 UTC (22 years, 7 months ago) by ho
Branch: MAIN
Changes since 1.90: +30 -30 lines
Diff to previous 1.90 (colored)
Change to use sysdep_sa_len() function.
Revision 1.90 / (download) - annotate - [select for diffs], Fri Oct 12 15:47:49 2001 UTC (22 years, 7 months ago) by ho
Branch: MAIN
CVS Tags: OPENBSD_3_0_BASE,
OPENBSD_3_0
Changes since 1.89: +5 -1 lines
Diff to previous 1.89 (colored)
SADB_X_IDENTTYPE_CONNECTION appeared after 2.9. niklas@ ok.
Revision 1.89 / (download) - annotate - [select for diffs], Mon Aug 27 18:26:16 2001 UTC (22 years, 9 months ago) by ho
Branch: MAIN
Changes since 1.88: +2 -2 lines
Diff to previous 1.88 (colored)
Compile on alpha.
Revision 1.88 / (download) - annotate - [select for diffs], Sat Aug 25 07:42:19 2001 UTC (22 years, 9 months ago) by niklas
Branch: MAIN
Changes since 1.87: +2 -2 lines
Diff to previous 1.87 (colored)
Casting of lhs, is not what you think it is.
Revision 1.87 / (download) - annotate - [select for diffs], Fri Aug 24 13:47:21 2001 UTC (22 years, 9 months ago) by ho
Branch: MAIN
Changes since 1.86: +119 -11 lines
Diff to previous 1.86 (colored)
Initial IPCOMP support.
Revision 1.86 / (download) - annotate - [select for diffs], Thu Aug 23 16:56:46 2001 UTC (22 years, 9 months ago) by markus
Branch: MAIN
Changes since 1.85: +6 -2 lines
Diff to previous 1.85 (colored)
ignore EEXIST for SPDADD on KAME; ok ho@
Revision 1.85 / (download) - annotate - [select for diffs], Sun Aug 19 18:24:29 2001 UTC (22 years, 9 months ago) by angelos
Branch: MAIN
Changes since 1.84: +8 -17 lines
Diff to previous 1.84 (colored)
Prevent section leak in conf space.
Revision 1.84 / (download) - annotate - [select for diffs], Tue Aug 14 20:33:02 2001 UTC (22 years, 9 months ago) by ho
Branch: MAIN
Changes since 1.83: +2 -1 lines
Diff to previous 1.83 (colored)
The same msg length fix for KAME cases.
Revision 1.83 / (download) - annotate - [select for diffs], Tue Aug 14 20:24:40 2001 UTC (22 years, 9 months ago) by ho
Branch: MAIN
Changes since 1.82: +2 -1 lines
Diff to previous 1.82 (colored)
Proper length for PFKEYv2 messages in IPv4-in-IPv6 / IPv6-in-IPv4 flows.
Revision 1.82 / (download) - annotate - [select for diffs], Tue Aug 14 19:38:38 2001 UTC (22 years, 9 months ago) by ho
Branch: MAIN
Changes since 1.81: +3 -3 lines
Diff to previous 1.81 (colored)
Print the correct fields in a debug message. (cut'n'paste bug)
Revision 1.81 / (download) - annotate - [select for diffs], Sun Jul 29 13:45:28 2001 UTC (22 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.80: +9 -2 lines
Diff to previous 1.80 (colored)
-Wunused for KAME case
Revision 1.80 / (download) - annotate - [select for diffs], Wed Jul 25 15:29:47 2001 UTC (22 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.79: +5 -3 lines
Diff to previous 1.79 (colored)
pf_key_v2_flow: sync success and failure messages; ok niklas@
Revision 1.79 / (download) - annotate - [select for diffs], Wed Jul 25 11:42:06 2001 UTC (22 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.78: +3 -1 lines
Diff to previous 1.78 (colored)
do not setup identity extensions for KAME; ok angelos@
Revision 1.78 / (download) - annotate - [select for diffs], Wed Jul 18 20:48:33 2001 UTC (22 years, 10 months ago) by markus
Branch: MAIN
Changes since 1.77: +7 -8 lines
Diff to previous 1.77 (colored)
use correct length for SADB_X_EXT_POLICY message on KAME tested on bsd/os; ok ho@
Revision 1.50.2.2 / (download) - annotate - [select for diffs], Tue Jul 17 04:08:55 2001 UTC (22 years, 10 months ago) by jason
Branch: OPENBSD_2_9
Changes since 1.50.2.1: +5 -1 lines
Diff to previous 1.50.2.1 (colored) to branchpoint 1.50 (colored) next main 1.51 (colored)
Pull in patch from current: Fix (angelos): Do not try to delete SAs that have been proposed in Phase 2 but not accepted (and thus established). This could cause crashes in situations where multiple proposals are offered.
Revision 1.77 / (download) - annotate - [select for diffs], Mon Jul 2 02:28:35 2001 UTC (22 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.76: +5 -4 lines
Diff to previous 1.76 (colored)
make the alpha happy
Revision 1.76 / (download) - annotate - [select for diffs], Sun Jul 1 19:48:44 2001 UTC (22 years, 11 months ago) by niklas
Branch: MAIN
Changes since 1.75: +80 -83 lines
Diff to previous 1.75 (colored)
Style
Revision 1.75 / (download) - annotate - [select for diffs], Sun Jul 1 18:33:50 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.74: +7 -1 lines
Diff to previous 1.74 (colored)
Debug information for IDs.
Revision 1.74 / (download) - annotate - [select for diffs], Sun Jul 1 18:27:37 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.73: +13 -9 lines
Diff to previous 1.73 (colored)
Return the right length for address IDs.
Revision 1.73 / (download) - annotate - [select for diffs], Sun Jul 1 05:16:03 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.72: +5 -1 lines
Diff to previous 1.72 (colored)
Don't try to delete unestablished SPIs.
Revision 1.72 / (download) - annotate - [select for diffs], Fri Jun 29 19:08:11 2001 UTC (22 years, 11 months ago) by ho
Branch: MAIN
Changes since 1.71: +2 -2 lines
Diff to previous 1.71 (colored)
Get rid of redundant lengths in get_spi API.
Revision 1.71 / (download) - annotate - [select for diffs], Fri Jun 29 18:52:17 2001 UTC (22 years, 11 months ago) by ho
Branch: MAIN
Changes since 1.70: +19 -20 lines
Diff to previous 1.70 (colored)
Change get_src/get_dst API as we get the length with sa_len.
Revision 1.70 / (download) - annotate - [select for diffs], Fri Jun 29 18:05:24 2001 UTC (22 years, 11 months ago) by ho
Branch: MAIN
Changes since 1.69: +26 -26 lines
Diff to previous 1.69 (colored)
Since we have a sockaddr struct, use sa_len directly.
Revision 1.69 / (download) - annotate - [select for diffs], Fri Jun 29 05:17:57 2001 UTC (22 years, 11 months ago) by itojun
Branch: MAIN
Changes since 1.68: +12 -10 lines
Diff to previous 1.68 (colored)
fix compilation on netbsd/kame. not really tested
Revision 1.68 / (download) - annotate - [select for diffs], Fri Jun 29 04:12:00 2001 UTC (22 years, 11 months ago) by ho
Branch: MAIN
Changes since 1.67: +351 -147 lines
Diff to previous 1.67 (colored)
Initial IPv6 support. (niklas@ ok)
Revision 1.67 / (download) - annotate - [select for diffs], Wed Jun 27 03:31:43 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.66: +4 -4 lines
Diff to previous 1.66 (colored)
Consistently use "IPsec" capitalization (jsyn@nthought.com)
Revision 1.66 / (download) - annotate - [select for diffs], Wed Jun 27 00:48:21 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.65: +2 -2 lines
Diff to previous 1.65 (colored)
Keep track of the ACQUIRE sequence number, and pass it to the kernel along with the ADD message.
Revision 1.65 / (download) - annotate - [select for diffs], Thu Jun 7 07:50:29 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.64: +2 -2 lines
Diff to previous 1.64 (colored)
Actually, using ACQUIRE can cause lowering of security policy level for outgoing policies -- so, just use USE on the remote.
Revision 1.64 / (download) - annotate - [select for diffs], Thu Jun 7 07:45:18 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.63: +6 -4 lines
Diff to previous 1.63 (colored)
Ingress flows should be ACQUIRE, not REQUIRE.
Revision 1.34.2.3 / (download) - annotate - [select for diffs], Wed Jun 6 21:20:04 2001 UTC (23 years ago) by miod
Branch: OPENBSD_2_8
Changes since 1.34.2.2: +3 -3 lines
Diff to previous 1.34.2.2 (colored) to branchpoint 1.34 (colored) next main 1.35 (colored)
Pull in patch from current, requested by ho@ Errata: isakmpd will fail to use a certificate with an identity string that is exactly N * 8 bytes long. Fix(ho): PF_KEY identity extensions are NUL-terminated. Now, also calculate the length properly.
Revision 1.50.2.1 / (download) - annotate - [select for diffs], Wed Jun 6 03:39:07 2001 UTC (23 years ago) by jason
Branch: OPENBSD_2_9
Changes since 1.50: +3 -3 lines
Diff to previous 1.50 (colored)
Pull in patch from current: Errata: isakmpd will fail to use a certificate with an identity string that is exactly N * 8 bytes long. Fix (ho):
Revision 1.63 / (download) - annotate - [select for diffs], Tue Jun 5 21:43:46 2001 UTC (23 years ago) by ho
Branch: MAIN
Changes since 1.62: +7 -7 lines
Diff to previous 1.62 (colored)
PF_KEY identity extensions are NUL-terminated. Now, also calculate the length properly.
Revision 1.62 / (download) - annotate - [select for diffs], Tue Jun 5 10:51:27 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.61: +5 -5 lines
Diff to previous 1.61 (colored)
Correctly initialize remote ID when using prefix.
Revision 1.61 / (download) - annotate - [select for diffs], Tue Jun 5 10:43:56 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.60: +2 -2 lines
Diff to previous 1.60 (colored)
Oops, typo.
Revision 1.60 / (download) - annotate - [select for diffs], Tue Jun 5 10:43:05 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.59: +82 -190 lines
Diff to previous 1.59 (colored)
Use pf_key_v2_convert_id() instead of repeating code for the IDs; log_error() cleanup.
Revision 1.59 / (download) - annotate - [select for diffs], Tue Jun 5 07:59:33 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.58: +302 -79 lines
Diff to previous 1.58 (colored)
SADB_IDENTTYPE_PREFIX support (only for fully-specified hosts), plus punctuation. niklas@ ok
Revision 1.58 / (download) - annotate - [select for diffs], Tue Jun 5 01:29:05 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.57: +16 -5 lines
Diff to previous 1.57 (colored)
Dynamically allocate conn, as this is given to the exchange; cleanup conf space on failure to establish dynamic SA. ok niklas@
Revision 1.57 / (download) - annotate - [select for diffs], Tue Jun 5 01:03:40 2001 UTC (23 years ago) by itojun
Branch: MAIN
Changes since 1.56: +5 -1 lines
Diff to previous 1.56 (colored)
portability; unused function on non-openbsd platform
Revision 1.56 / (download) - annotate - [select for diffs], Tue Jun 5 00:17:46 2001 UTC (23 years ago) by niklas
Branch: MAIN
Changes since 1.55: +85 -80 lines
Diff to previous 1.55 (colored)
Make our pfkeyv2.h more RFC2367 compliant. Also fix some backwards compatibility problems in isakmpd, at least 2.8 stable can compile current isakmpd now. angelos@ ok
Revision 1.55 / (download) - annotate - [select for diffs], Thu May 31 20:30:29 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.54: +235 -78 lines
Diff to previous 1.54 (colored)
If we're passed keys and certs to use, put them in the conf space. Send back keys/certs the peer has sent us during Phase 1.
Revision 1.54 / (download) - annotate - [select for diffs], Wed May 30 22:06:42 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.53: +4 -4 lines
Diff to previous 1.53 (colored)
ifdef out some of the things I inadvertently committed along with the MBOX->USERFQDN commit earlier.
Revision 1.53 / (download) - annotate - [select for diffs], Wed May 30 18:49:16 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.52: +1 -4 lines
Diff to previous 1.52 (colored)
Remove bogus printf
Revision 1.52 / (download) - annotate - [select for diffs], Wed May 30 16:46:33 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.51: +183 -11 lines
Diff to previous 1.51 (colored)
MBOX->FQDN, begining of passing some credentials to the kernel.
Revision 1.34.2.2 / (download) - annotate - [select for diffs], Tue May 8 12:45:25 2001 UTC (23 years ago) by ho
Branch: OPENBSD_2_8
Changes since 1.34.2.1: +424 -139 lines
Diff to previous 1.34.2.1 (colored) to branchpoint 1.34 (colored)
Pull in isakmpd from 2.9 to 2.8 branch.
Revision 1.51 / (download) - annotate - [select for diffs], Sat May 5 00:55:13 2001 UTC (23 years, 1 month ago) by angelos
Branch: MAIN
Changes since 1.50: +334 -37 lines
Diff to previous 1.50 (colored)
pf_key_v2_set_spi now sets the Phase 1 IDs on the Phase 2 SAs; credentials to follow. Dynamic configuration entries are garbage-collected. Default-Phase-2-Suites entry in the [General] section may be used to specify Phase 2 default Suites (overriding the default 3DES-SHA-PFS).
Revision 1.50 / (download) - annotate - [select for diffs], Tue Apr 24 07:27:37 2001 UTC (23 years, 1 month ago) by niklas
Branch: MAIN
CVS Tags: OPENBSD_2_9_BASE
Branch point for: OPENBSD_2_9
Changes since 1.49: +1 -8 lines
Diff to previous 1.49 (colored)
Correct SA refcounting. Fixes a bug where isakmpd could die when a peer was discovered to have rebooted, and old now invalid SAs had to be garbage- collected.
Revision 1.49 / (download) - annotate - [select for diffs], Thu Apr 19 20:12:44 2001 UTC (23 years, 1 month ago) by niklas
Branch: MAIN
Changes since 1.48: +4 -4 lines
Diff to previous 1.48 (colored)
PF_KEY identity extensions are NUL-terminated. Do not forget neither to allocate for the NUL, nor to actually transfer it.
Revision 1.48 / (download) - annotate - [select for diffs], Mon Apr 9 22:09:52 2001 UTC (23 years, 1 month ago) by ho
Branch: MAIN
Changes since 1.47: +6 -6 lines
Diff to previous 1.47 (colored)
More style fixes...
Revision 1.47 / (download) - annotate - [select for diffs], Tue Mar 27 21:09:49 2001 UTC (23 years, 2 months ago) by ho
Branch: MAIN
Changes since 1.46: +24 -12 lines
Diff to previous 1.46 (colored)
Fix another memory leak, found by boehm-gc. While not required, also keep what I think is a cleanup of pf_key_v2_msg_free().
Revision 1.46 / (download) - annotate - [select for diffs], Sat Feb 24 03:59:55 2001 UTC (23 years, 3 months ago) by angelos
Branch: MAIN
Changes since 1.45: +15 -8 lines
Diff to previous 1.45 (colored)
For the GETSPI PFKEY message, use the sequence number from the ACQUIRE message.
Revision 1.45 / (download) - annotate - [select for diffs], Sat Jan 27 12:03:34 2001 UTC (23 years, 4 months ago) by niklas
Branch: MAIN
Changes since 1.44: +3 -3 lines
Diff to previous 1.44 (colored)
(c) 2001
Revision 1.44 / (download) - annotate - [select for diffs], Fri Jan 26 12:12:52 2001 UTC (23 years, 4 months ago) by niklas
Branch: MAIN
Changes since 1.43: +23 -9 lines
Diff to previous 1.43 (colored)
Pedantic style police
Revision 1.43 / (download) - annotate - [select for diffs], Wed Jan 10 21:41:54 2001 UTC (23 years, 4 months ago) by angelos
Branch: MAIN
Changes since 1.42: +3 -2 lines
Diff to previous 1.42 (colored)
Fix comment.
Revision 1.42 / (download) - annotate - [select for diffs], Fri Jan 5 19:30:37 2001 UTC (23 years, 5 months ago) by angelos
Branch: MAIN
Changes since 1.41: +5 -2 lines
Diff to previous 1.41 (colored)
Set the correct direction for KAME SPD entries (problem reported and fix tested by Tim.Ding@qobra.com)
Revision 1.41 / (download) - annotate - [select for diffs], Fri Dec 15 06:34:54 2000 UTC (23 years, 5 months ago) by provos
Branch: MAIN
Changes since 1.40: +14 -4 lines
Diff to previous 1.40 (colored)
only create new exchange on SA expires, when there has been used. okay angelos@
Revision 1.40 / (download) - annotate - [select for diffs], Tue Dec 12 01:46:55 2000 UTC (23 years, 5 months ago) by niklas
Branch: MAIN
Changes since 1.39: +224 -33 lines
Diff to previous 1.39 (colored)
Merge with EOM 1.79 author: niklas whitespace author: niklas style author: angelos Pass the local/remote Phase 1 ID to the flow, so it can be reused when an SA is re-negotiated. author: angelos Save the Phase 1 IDs along with the flow. author: angelos Don't block new phase 1 SA establishment -- avoids some sync problems. Also, handle kernel-issued expirations more intelligently. author: angelos isakmpd can now negotiate transport protocol/ports (either through the configuration file or through kernel ACQUIREs). author: angelos Fix flow cleanup/setup on renegotiation (or failure thereof) -- thanks to cedric@wireless-networks.com for testing and feedback. author: angelos Remove unused code. author: angelos Don't be too permissive with the installed flows -- after all, we can just run more negotiations. author: angelos ifndef, not ifdef author: angelos Delete ingress flow correctly. author: angelos Initialize structure.
Revision 1.39 / (download) - annotate - [select for diffs], Sat Dec 2 01:56:04 2000 UTC (23 years, 6 months ago) by angelos
Branch: MAIN
Changes since 1.38: +5 -52 lines
Diff to previous 1.38 (colored)
A bunch of stability fixes, thanks to cedric@wireless-networks.com for testing and feedback.
Revision 1.34.2.1 / (download) - annotate - [select for diffs], Wed Nov 29 03:44:16 2000 UTC (23 years, 6 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.34: +6 -1 lines
Diff to previous 1.34 (colored)
Pull in changes from current: Fixes (angelos): * ifndef, not ifdef * Fix deletion of flows.
Revision 1.38 / (download) - annotate - [select for diffs], Mon Nov 27 01:42:58 2000 UTC (23 years, 6 months ago) by angelos
Branch: MAIN
Changes since 1.37: +2 -2 lines
Diff to previous 1.37 (colored)
ifndef, not ifdef
Revision 1.37 / (download) - annotate - [select for diffs], Mon Nov 27 01:41:04 2000 UTC (23 years, 6 months ago) by angelos
Branch: MAIN
Changes since 1.36: +6 -1 lines
Diff to previous 1.36 (colored)
Fix deletion of flows.
Revision 1.36 / (download) - annotate - [select for diffs], Fri Nov 17 05:16:36 2000 UTC (23 years, 6 months ago) by angelos
Branch: MAIN
Changes since 1.35: +118 -25 lines
Diff to previous 1.35 (colored)
Merge with EOM (since Niklas won't get off his nether regions)
Revision 1.35 / (download) - annotate - [select for diffs], Fri Nov 17 04:53:57 2000 UTC (23 years, 6 months ago) by angelos
Branch: MAIN
Changes since 1.34: +21 -13 lines
Diff to previous 1.34 (colored)
HMAC96->HMAC as needed.
Revision 1.34 / (download) - annotate - [select for diffs], Mon Oct 30 16:04:00 2000 UTC (23 years, 7 months ago) by angelos
Branch: MAIN
CVS Tags: OPENBSD_2_8_BASE
Branch point for: OPENBSD_2_8
Changes since 1.33: +8 -7 lines
Diff to previous 1.33 (colored)
Fix bug with ACQUIRE message.
Revision 1.33 / (download) - annotate - [select for diffs], Mon Oct 16 23:26:20 2000 UTC (23 years, 7 months ago) by niklas
Branch: MAIN
Changes since 1.32: +670 -125 lines
Diff to previous 1.32 (colored)
Merge with EOM 1.59 author: provos better referencing. okay niklas@ author: niklas Name collissions introduced by me, DOH! author: niklas Allow new and old style configuration simultaneously author: niklas Backward compatibility with old style configuration author: niklas remove redundant ifdefs author: niklas facistoid style and naming pedantery author: angelos Construct the ISAKMP-peer section such that it actually contains the src/dst Phase 1 IDs (so we don't have to worry about configuration conflicts). I should update the manpage.... author: angelos Use local-address, not listen-address. author: angelos First cut of ACQUIRE handling, fully functional but not entirely dynamic (it depends on the pre-defined Transforms and Suites). Nonetheless, it is possible to use isakmpd without a configuration file when using certificates for authentication. author: angelos Add RIPEMD negotiation/configuration.
Revision 1.32 / (download) - annotate - [select for diffs], Tue Oct 10 13:34:58 2000 UTC (23 years, 7 months ago) by niklas
Branch: MAIN
Changes since 1.31: +31 -3 lines
Diff to previous 1.31 (colored)
Merge with EOM 1.49 author: niklas Very ugly, transient fix so isakmpd works in a backward compatible way, instead of requiring the new undocumented ACQUIRE-based setup
Revision 1.31 / (download) - annotate - [select for diffs], Mon Oct 9 23:26:59 2000 UTC (23 years, 7 months ago) by niklas
Branch: MAIN
Changes since 1.30: +8 -2 lines
Diff to previous 1.30 (colored)
Merge with EOM 1.48 author: niklas properly ifdef PF_KEY extension author: angelos AES support.
Revision 1.30 / (download) - annotate - [select for diffs], Sat Oct 7 06:57:56 2000 UTC (23 years, 8 months ago) by niklas
Branch: MAIN
Changes since 1.29: +16 -13 lines
Diff to previous 1.29 (colored)
Merge with EOM 1.46 author: niklas style author: angelos No reserved1 field anymore. author: angelos Begining of ACQUIRE support. author: angelos No need to delete SPIs, they'll just expire. author: angelos Only play with flows if we're using the "old" IPsec code (the new kernel code to be committed).
Revision 1.29 / (download) - annotate - [select for diffs], Tue Sep 19 19:01:31 2000 UTC (23 years, 8 months ago) by angelos
Branch: MAIN
Changes since 1.28: +52 -3 lines
Diff to previous 1.28 (colored)
Manually merge some changes from EOM.
Revision 1.28 / (download) - annotate - [select for diffs], Tue Sep 19 08:38:28 2000 UTC (23 years, 8 months ago) by angelos
Branch: MAIN
Changes since 1.27: +1 -2 lines
Diff to previous 1.27 (colored)
No reserved1 field in sprotocol structure any more.
Revision 1.27 / (download) - annotate - [select for diffs], Tue Jun 20 05:55:27 2000 UTC (23 years, 11 months ago) by niklas
Branch: MAIN
Changes since 1.26: +75 -33 lines
Diff to previous 1.26 (colored)
Merge with EOM 1.41 author: itojun synchronize with latest KAME PF_KEY interface. need more testing. old: changes sadb_msg, which is bad new: added sadb_x_sa2 for extra meat
Revision 1.26 / (download) - annotate - [select for diffs], Mon Jun 19 02:25:31 2000 UTC (23 years, 11 months ago) by niklas
Branch: MAIN
Changes since 1.25: +3 -3 lines
Diff to previous 1.25 (colored)
Merge with EOM 1.40 author: niklas && not &
Revision 1.25 / (download) - annotate - [select for diffs], Wed Mar 8 08:41:57 2000 UTC (24 years, 3 months ago) by niklas
Branch: MAIN
CVS Tags: OPENBSD_2_7_BASE,
OPENBSD_2_7
Changes since 1.24: +19 -19 lines
Diff to previous 1.24 (colored)
Merge with EOM 1.39 author: ho FreeBSD and NetBSD use KAME author: ho Add netbsd
Revision 1.24 / (download) - annotate - [select for diffs], Fri Feb 25 17:23:40 2000 UTC (24 years, 3 months ago) by niklas
Branch: MAIN
Changes since 1.23: +38 -37 lines
Diff to previous 1.23 (colored)
regress/crypto/Makefile: Merge with EOM 1.5 regress/dh/Makefile: Merge with EOM 1.7 regress/group/Makefile: Merge with EOM 1.9 regress/prf/Makefile: Merge with EOM 1.4 regress/rsakeygen/Makefile: Merge with EOM 1.8 regress/x509/Makefile: Merge with EOM 1.10 Makefile: Merge with EOM 1.62 attribute.c: Merge with EOM 1.10 sa.c: Merge with EOM 1.99 conf.c: Merge with EOM 1.20 crypto.c: Merge with EOM 1.28 isakmpd.c: Merge with EOM 1.45 connection.c: Merge with EOM 1.19 doi.h: Merge with EOM 1.28 field.c: Merge with EOM 1.11 exchange.c: Merge with EOM 1.116 ike_auth.c: Merge with EOM 1.44 pf_key_v2.c: Merge with EOM 1.37 ike_phase_1.c: Merge with EOM 1.22 ipsec.c: Merge with EOM 1.118 isakmp_doi.c: Merge with EOM 1.40 log.c: Merge with EOM 1.26 log.h: Merge with EOM 1.18 math_group.c: Merge with EOM 1.23 message.c: Merge with EOM 1.144 pf_encap.c: Merge with EOM 1.70 policy.c: Merge with EOM 1.18 timer.c: Merge with EOM 1.13 transport.c: Merge with EOM 1.41 udp.c: Merge with EOM 1.47 ui.c: Merge with EOM 1.37 x509.c: Merge with EOM 1.36 author: niklas Made debug logging a compile time selectable feature
Revision 1.23 / (download) - annotate - [select for diffs], Tue Feb 1 02:46:18 2000 UTC (24 years, 4 months ago) by niklas
Branch: MAIN
Changes since 1.22: +3 -2 lines
Diff to previous 1.22 (colored)
apps/certpatch/certpatch.8: Merge with EOM 1.4 apps/certpatch/certpatch.c: Merge with EOM 1.6 exchange.c: Merge with EOM 1.114 ike_quick_mode.c: Merge with EOM 1.110 ike_phase_1.c: Merge with EOM 1.16 ike_auth.c: Merge with EOM 1.41 ike_aggressive.c: Merge with EOM 1.4 libcrypto.c: Merge with EOM 1.10 libcrypto.h: Merge with EOM 1.10 isakmpd.8: Merge with EOM 1.19 isakmpd.c: Merge with EOM 1.42 ipsec.h: Merge with EOM 1.40 init.c: Merge with EOM 1.22 message.c: Merge with EOM 1.143 message.h: Merge with EOM 1.49 sa.c: Merge with EOM 1.98 sa.h: Merge with EOM 1.54 policy.c: Merge with EOM 1.14 pf_key_v2.c: Merge with EOM 1.36 x509.c: Merge with EOM 1.32 x509.h: Merge with EOM 1.9 udp.c: Merge with EOM 1.46 author: niklas Angelos copyrights
Revision 1.22 / (download) - annotate - [select for diffs], Mon Jan 31 08:38:29 2000 UTC (24 years, 4 months ago) by niklas
Branch: MAIN
Changes since 1.21: +3 -3 lines
Diff to previous 1.21 (colored)
ike_quick_mode.c: Merge with EOM 1.109 isakmpd.conf.5: Merge with EOM 1.38 message.c: Merge with EOM 1.142 pf_key_v2.c: Merge with EOM 1.35 x509.c: Merge with EOM 1.31 author: niklas (c) 2000
Revision 1.21 / (download) - annotate - [select for diffs], Wed Jan 26 15:36:19 2000 UTC (24 years, 4 months ago) by niklas
Branch: MAIN
Changes since 1.20: +57 -57 lines
Diff to previous 1.20 (colored)
Merge with EOM 1.34
author: niklas
style
author: ho
Lower the common {ADD,DEL}FLOW warnings to log_debug() on OpenBSD.
Revision 1.20 / (download) - annotate - [select for diffs], Wed Jan 26 15:24:32 2000 UTC (24 years, 4 months ago) by niklas
Branch: MAIN
Changes since 1.19: +403 -56 lines
Diff to previous 1.19 (colored)
Merge with EOM 1.32 date: 2000/01/25 13:35:24; author: niklas; state: Exp; lines: +8 -1 Do not assume ingress flows are available date: 2000/01/25 01:24:38; author: angelos; state: Exp; lines: +40 -1 We also allow the remote gateway to talk to the local subnet and the local gateway through the SAs setup. date: 2000/01/25 01:09:20; author: angelos; state: Exp; lines: +2 -2 Don't use REPLACE for ingress flows. date: 2000/01/24 23:28:39; author: angelos; state: Exp; lines: +30 -28 Delete ACL only for incoming SAs... date: 2000/01/23 22:56:43; author: angelos; state: Exp; lines: +2 -2 Send SA payload when deleting ingress flow. date: 2000/01/13 22:54:54; author: angelos; state: Exp; lines: +5 -1 Return on error from ingress flow establishment/deletion. date: 2000/01/13 22:53:21; author: angelos; state: Exp; lines: +25 -5 Interim ingress flows. date: 2000/01/13 06:48:27; author: angelos; state: Exp; lines: +37 -12 Establish (and delete) ingress flows. author: ho Unbreak. author: ho Compile under OpenBSD again. author: niklas Ugly KAME support, will be improved author: angelos Get rid of the LOCALFLOW flag. author: ho log_print -> log_debug for delete_spi: DELETE message. Plus log class typos.
Revision 1.19 / (download) - annotate - [select for diffs], Sun Jan 23 22:50:55 2000 UTC (24 years, 4 months ago) by angelos
Branch: MAIN
Changes since 1.18: +2 -2 lines
Diff to previous 1.18 (colored)
Send an SA payload when we're deleting an ingress flow.
Revision 1.18 / (download) - annotate - [select for diffs], Thu Jan 13 22:55:48 2000 UTC (24 years, 4 months ago) by angelos
Branch: MAIN
Changes since 1.17: +31 -11 lines
Diff to previous 1.17 (colored)
Interim ingress flows when doing linked SAs.
Revision 1.17 / (download) - annotate - [select for diffs], Thu Jan 13 06:42:26 2000 UTC (24 years, 4 months ago) by angelos
Branch: MAIN
Changes since 1.16: +37 -10 lines
Diff to previous 1.16 (colored)
Establish ingress flows.
Revision 1.16 / (download) - annotate - [select for diffs], Sat Dec 4 23:31:42 1999 UTC (24 years, 6 months ago) by angelos
Branch: MAIN
Changes since 1.15: +2 -6 lines
Diff to previous 1.15 (colored)
Get rid of the LOCALFLOW flag.
Revision 1.15 / (download) - annotate - [select for diffs], Fri Jul 16 00:44:49 1999 UTC (24 years, 10 months ago) by niklas
Branch: MAIN
CVS Tags: OPENBSD_2_6_BASE,
OPENBSD_2_6
Changes since 1.14: +18 -15 lines
Diff to previous 1.14 (colored)
Merge with EOM 1.19 author: niklas Do not try to establish an encryption key for AH
Revision 1.14 / (download) - annotate - [select for diffs], Thu Jul 8 17:49:35 1999 UTC (24 years, 11 months ago) by niklas
Branch: MAIN
Changes since 1.13: +4 -2 lines
Diff to previous 1.13 (colored)
sysdep/openbsd/sysdep-os.h: Merge with EOM 1.3 pf_key_v2.c: Merge with EOM 1.18 author: niklas Support building on older PF_KEY systems with non-standard-compliant SADB_- constants.
Revision 1.13 / (download) - annotate - [select for diffs], Wed Jul 7 22:08:10 1999 UTC (24 years, 11 months ago) by niklas
Branch: MAIN
Changes since 1.12: +2 -2 lines
Diff to previous 1.12 (colored)
isakmpd.8: Merge with EOM 1.14 pf_key_v2.c: Merge with EOM 1.17 author: niklas Merge in fixes done in the OpenBSD tree
Revision 1.12 / (download) - annotate - [select for diffs], Fri Jul 2 23:37:32 1999 UTC (24 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.11: +16 -16 lines
Diff to previous 1.11 (colored)
rename SADB_foo_X_bar to SADB_X_foo_bar
Revision 1.11 / (download) - annotate - [select for diffs], Wed Jun 2 06:34:53 1999 UTC (25 years ago) by niklas
Branch: MAIN
Changes since 1.10: +53 -6 lines
Diff to previous 1.10 (colored)
Merge with EOM 1.16 author: niklas As PF_KEY per the specs is a best-effort service, expect messages to get lost. That means both replies in PF_KEY "RPCs" and expirations, the latter we solve with extra paranoia and sets timeouts in isakmpd too.
Revision 1.10 / (download) - annotate - [select for diffs], Sat May 1 20:42:54 1999 UTC (25 years, 1 month ago) by niklas
Branch: MAIN
Changes since 1.9: +9 -47 lines
Diff to previous 1.9 (colored)
Merge with EOM 1.15 author: niklas typo in debug output author: niklas A new connection abstraction
Revision 1.9 / (download) - annotate - [select for diffs], Sat May 1 00:51:45 1999 UTC (25 years, 1 month ago) by niklas
Branch: MAIN
Changes since 1.8: +7 -2 lines
Diff to previous 1.8 (colored)
Merge with EOM 1.13 author: niklas Sigh, tunnel mode needs a special flag.
Revision 1.8 / (download) - annotate - [select for diffs], Tue Apr 27 21:01:28 1999 UTC (25 years, 1 month ago) by niklas
Branch: MAIN
Changes since 1.7: +2 -6 lines
Diff to previous 1.7 (colored)
Merge with EOM 1.12 author: niklas Remove unused macro.
Revision 1.7 / (download) - annotate - [select for diffs], Mon Apr 19 20:58:30 1999 UTC (25 years, 1 month ago) by niklas
Branch: MAIN
Changes since 1.6: +5 -13 lines
Diff to previous 1.6 (colored)
./pf_key_v2.c: Merge with EOM 1.11 exchange_establish do checking of existing exchanges these days Remove SA_FLAG_REPLACED settings from various parts in preparation of a grand unified setting in exchange_finalize. Fix sa_mark_replaced to not release a referance to the sa, and adjust the API as it won't get called as a finalize func anymore.
Revision 1.6 / (download) - annotate - [select for diffs], Mon Apr 5 20:59:22 1999 UTC (25 years, 2 months ago) by niklas
Branch: MAIN
CVS Tags: OPENBSD_2_5_BASE,
OPENBSD_2_5
Changes since 1.5: +19 -10 lines
Diff to previous 1.5 (colored)
Merge with EOM 1.9 Typecast correct Get a private copy of connection names that should live forever. New finalize API. Make "Connections" handling nicer, and even implement it for KLIPS. A stab at reregestering the on-demand routes for PF_ENCAP.
Revision 1.5 / (download) - annotate - [select for diffs], Wed Mar 31 23:48:19 1999 UTC (25 years, 2 months ago) by niklas
Branch: MAIN
Changes since 1.4: +24 -5 lines
Diff to previous 1.4 (colored)
Merge with EOM 1.5 Add a connection checker thread, that sees to that required connections will get restarted if they die for an abnormal reason.
Revision 1.4 / (download) - annotate - [select for diffs], Wed Mar 31 20:30:38 1999 UTC (25 years, 2 months ago) by niklas
Branch: MAIN
Changes since 1.3: +39 -7 lines
Diff to previous 1.3 (colored)
Merge with EOM 1.4 Use SA refcounting where needed. Until we have ACQUIRES do phase 2 connections automatically at startup.
Revision 1.3 / (download) - annotate - [select for diffs], Wed Mar 31 14:27:38 1999 UTC (25 years, 2 months ago) by niklas
Branch: MAIN
Changes since 1.2: +6 -10 lines
Diff to previous 1.2 (colored)
ipsec.c: Merge with EOM 1.86 ipsec.h: Merge with EOM 1.33 pf_encap.c: Merge with EOM 1.52 pf_key_v2.c: Merge with EOM 1.3 Fix case of missing client ID payloads, a case the standards allow. Thanks to Michael Paddon (mwp@aba.net.au) for the diffs I based my fix upon. His diff also made me realize I stored the address information in host order in internal structures where I had planned to use network order. Fix this, and remove the XXXes I had due to this elsewhere. Add commentary.
Revision 1.2 / (download) - annotate - [select for diffs], Wed Mar 31 01:53:00 1999 UTC (25 years, 2 months ago) by niklas
Branch: MAIN
Changes since 1.1: +301 -167 lines
Diff to previous 1.1 (colored)
Merge with EOM 1.2 Use flow replacment openbsd extension. Deleted flows when deleting SAs. Handle expirations. General cleanup.
Revision 1.1 / (download) - annotate - [select for diffs], Wed Mar 24 14:37:13 1999 UTC (25 years, 2 months ago) by niklas
Branch: MAIN
Initial PF_KEYv2 support