summaryrefslogtreecommitdiffstats
path: root/sbin/iked/ikev2.c (follow)
Commit message (Expand)AuthorAgeFilesLines
* Don't send DELETE notify if IKE SA is replaced because oftobhe2021-03-231-2/+2
* Ignore msg_ke in CREATE_CHILD_SA if DH negotiation results in grouptobhe2021-03-151-3/+7
* Log errors with log level info and SPI.tobhe2021-03-141-12/+17
* Also log transforms on IKE SA rekey.tobhe2021-03-091-3/+10
* Log ESN for child SAs if enabled.tobhe2021-03-071-3/+6
* whitespacetobhe2021-03-061-2/+2
* Print PFS group for rekeyed Child SAs.tobhe2021-03-051-5/+11
* Log transforms of established IKE and Child SAs.tobhe2021-03-051-7/+36
* Derive config netmask from address pool if not explicitly configured.tobhe2021-03-041-2/+24
* Fail on invalid address family.tobhe2021-02-201-1/+3
* Save one allocation by passing msg_nonce ownership instead of usingtobhe2021-02-181-10/+10
* Pass ownership instead of duplicating ibuf msg_ke.tobhe2021-02-181-12/+5
* Add dynamic address configuration for roadwarrior clients.tobhe2021-02-131-1/+2
* Explicitly unset IKED_REQ_CERTVALID before sending cert to ca process.tobhe2021-02-111-1/+2
* Delay deletion of IKE SAs on rekey when stickyaddress is enabled to maketobhe2021-02-101-2/+10
* Add optional 'group none' transform for child SAs and fix handling oftobhe2021-02-091-5/+25
* Rename 'struct group' to 'struct dh_group' for more clarity andtobhe2021-02-041-8/+8
* Upgrade to OpenSSL 1.1 compatible crypto API. Add additionaltobhe2021-02-041-13/+15
* Take flows into consideration for policy lookup as initiator.tobhe2021-02-011-7/+7
* Ignore addresses that are not 0/32 (dynamic) in ikev2_cp_fixaddr()tobhe2021-01-311-3/+3
* Don't leak flows if ikev2_cp_fixflow() fails.tobhe2021-01-311-3/+8
* Fix typos.tobhe2021-01-231-2/+2
* Handle NO_PROPOSAL_CHOSEN for CREATE_CHILD_SA.tobhe2021-01-211-2/+10
* Add support for INVALID_KE_PAYLOAD in CREATE_CHILD_SAtobhe2021-01-211-29/+86
* Make sure to enforce matching dstid as initiator. Use policy lookuptobhe2021-01-201-1/+23
* Sync SA configuration payload to new SA after IKE SA rekeying.tobhe2021-01-181-1/+6
* Fix "any" and "dynamic" keywords for flows and add proper IPv6 support.tobhe2020-12-271-5/+7
* Use policy_test() to reassign existing SAs to updated policies aftertobhe2020-12-211-2/+33
* We need to rekey every child SA (even if acquired): Otherwise we cantobhe2020-11-301-11/+7
* Add 'set stickyaddress' option. If this option is enabled, iked will trytobhe2020-11-291-1/+62
* Add support for multiple address pools. The parser already allowstobhe2020-11-281-42/+78
* Remove redundant state change. ikev2_ikesa_delete() sets the correct state.tobhe2020-11-271-2/+1
* Fix proposal error handling. If a proposal contains an unknown transformtobhe2020-11-251-2/+2
* Fix duplicate sa->sa_cp assignment.tobhe2020-11-241-4/+1
* Clean up NATT hack. Pass 'frompeer' as parameter instead of manipulatingtobhe2020-11-211-28/+7
* Remove redundant indirection via msg_parent. This is only needed intobhe2020-11-171-3/+3
* Reenable ikev2_init_auth() return value check. Make sure sa_stateok()tobhe2020-11-161-3/+9
* Backout ikev2_init_auth() return check to fix regression withtobhe2020-11-161-8/+2
* Make sure not to replace 0.0.0.0 with dynamic address if it is a a networktobhe2020-11-141-1/+5
* addr_net is already checked in ikev2_cp_setaddr() before sessingtobhe2020-11-131-5/+3
* Close SA if ikev2_init_auth() fails.tobhe2020-11-121-6/+12
* Fail if ikev2_init_ike_auth() is entered with invalid state.tobhe2020-11-121-2/+2
* Implement 'from dynamic', which installs flows where 'dynamic' is replacedtobhe2020-11-071-8/+41
* Set correct netmask on patched addresses for debug printing.tobhe2020-11-061-1/+5
* Add missing bits to make 'request addr 0.0.0.0' accept ANY dynamic address.tobhe2020-10-301-1/+9
* Whitespace fixes.tobhe2020-10-301-3/+3
* Fix key payload size. Use size from new SA.tobhe2020-10-301-2/+2
* Add initial support to request IP addresses as IKEv2 initiator.tobhe2020-10-291-14/+111
* Refactor parts of the dh_* API.tobhe2020-10-281-55/+22
* Don't modify sa in ikev2_pld_cp. Store cp_type in msg until message hastobhe2020-10-241-1/+4
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.