summaryrefslogtreecommitdiff
path: root/sbin/iked/config.c
AgeCommit message (Expand)Author
2021-11-24Pass env to pfkey API. Consistently call pfkey file descriptor fd.Tobias Heider
2021-10-12Make sure all copies of MSCHAPv2 passphrase are zeroed after use.Tobias Heider
2021-09-18freezero() instead of free(), because the object may contain a passwordTheo de Raadt
2021-09-01Add client side support for DNS configuration. Use RTM_PROPOSAL_STATICTobias Heider
2021-05-13Refactor iked process shutdown and cleanup. Remember configuredtobhe
2021-02-22Don't pass 'id' as argument to make function signature match similartobhe
2021-02-13Add dynamic address configuration for roadwarrior clients.tobhe
2021-02-08Clean up kernel IPsec flows and security associations on shutdown.tobhe
2021-01-21Add support for INVALID_KE_PAYLOAD in CREATE_CHILD_SAtobhe
2020-11-29Add 'set stickyaddress' option. If this option is enabled, iked will trytobhe
2020-11-25Fix proposal error handling. If a proposal contains an unknown transformtobhe
2020-10-29Add initial support to request IP addresses as IKEv2 initiator.tobhe
2020-10-21Remove SAs from ike_dstid_sas on 'ikectl reset sa' to prevent use after free.tobhe
2020-10-09More unused headers.tobhe
2020-10-09Remove unused "wait.h" includes.tobhe
2020-09-30Don't leak sa->sa_peerauth.id_buf.tobhe
2020-09-25Simplify RB_TREE cleanup loops.tobhe
2020-09-23Add new 'set cert_partial_chain' config option to allow verification oftobhe
2020-08-26Allow disabling DPD liveness checks by setting dpd_check_interval to 0.tobhe
2020-08-25Add dpd_check_interval configuration option. If for any IKE SA no IPsectobhe
2020-08-24Reduce the amount of boilerplate code and imsgs for config options bytobhe
2020-08-23Add a new configuration option to limit the number of connections fortobhe
2020-08-18Add optional time-stamp validaten for ocsp. The new optional 'tolerate'tobhe
2020-08-16Clean up unused parameters.tobhe
2020-08-14Clean up unused variables.tobhe
2020-07-23Fix ibuf leak in sa_localauth when SA is freed.tobhe
2020-04-13Try to send a DELETE message if the SA is reset with 'ikectl reset id'.tobhe
2020-04-09Simplify socket creation logic. Normally iked needs two sockets, onetobhe
2020-03-24Fix user database corruption from 'ikectl reload'. Copy only the new passwordtobhe
2020-03-09Use TAILQ_FOREACH_SAFE instead of hand rolled loops.tobhe
2020-01-16Add '-p' command line option which allows to configuretobhe
2020-01-07Link ESP-SA and IPcomp-SA using GRPSPIS instead of using a self-builttobhe
2019-12-03Correctly represent flows as traffic selectors as described in RFC 7296. Thistobhe
2019-05-11Add support for IKEv2 Message Fragmentation as defined in RFC 7383.Patrick Wildt
2017-11-27Implement MOBIKE (RFC 4555) support in iked(8), with us acting asPatrick Wildt
2017-04-13Add a NAT-T keepalive timer in case we are behind a NAT gateway.Patrick Wildt
2017-03-27Factor out flows into separate configuration messagesMike Belopuhov
2017-03-27spacingReyk Floeter
2017-03-27Fix another iked leak of SAs in pfkey_sa(), copy tags correctly.Reyk Floeter
2017-03-13Resolve simultaneous Child SA rekeyingMike Belopuhov
2017-01-03Fix pledge of the ca process by calling the right function on startup.Reyk Floeter
2016-06-01Implement a second address pool specifically for IPv6, so thatPatrick Wildt
2015-12-07Sync proc.c, use shorter proc_compose[v]()Reyk Floeter
2015-11-18pledge exposed a simple bug: the unprivileged child tried to print theReyk Floeter
2015-10-19Remove the ikev1 stub - Since I started iked, it has an empty privsepReyk Floeter
2015-10-15Remove some unnecessary NULL-checks before free(). Change two bzero()mmcc
2015-08-21Switch iked to C99-style fixed-width integer types.Reyk Floeter
2015-07-07repair policy-ikesa-linking by replacing the broken RB_TREE w/TAILQMarkus Friedl
2015-02-06unneeded getopt.hTheo de Raadt
2015-01-16Replace <sys/param.h> with <limits.h> and other less dirty headers whereTheo de Raadt
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-01 20:07:35 +0000