summaryrefslogtreecommitdiff
path: root/sbin/iked/iked.h
AgeCommit message (Expand)Author
2013-11-14pass caller to ca_sslerror for better error messages; ok mikebMarkus Friedl
2013-01-08Remove private CVS tag from an obsolete repository and bump copyrightReyk Floeter
2012-11-29Prevent VPN traffic leakages in dual-stack hosts/networks.Reyk Floeter
2012-10-22Fix NAT-T support in iked, both on the initiator and the responderReyk Floeter
2012-09-18update email addresses to match reality.Reyk Floeter
2012-07-02Don't close IKE SA immediately after creating a new one when rekeying.Mike Belopuhov
2012-06-29Add missing ESN bitsMike Belopuhov
2012-06-26compare exchange types as well when looking up a message;Mike Belopuhov
2012-06-22Add initial support for retransmition timeouts and response retries.Mike Belopuhov
2012-06-22decouple timer initialization from timer_registerMike Belopuhov
2012-05-30more timer changesMike Belopuhov
2012-05-30pass a file descriptor in the msg_fd instead of a function argumentMike Belopuhov
2012-05-29improve timer framework; will be needed soonMike Belopuhov
2012-05-23factor out proposal matching code from ikev2_sa_negotiate and eliminateMike Belopuhov
2012-05-08When setting up NAT-T notify payloads, make sure to supply anMike Belopuhov
2012-04-05rate-limit accepting of new connections while we are experiencingTheo de Raadt
2011-05-09rename functions in proc.c to proc_* and move some code from imsg_util.c toReyk Floeter
2011-05-05Small tweak - add direct pointer to env instead of using an indirect one.Reyk Floeter
2011-05-05Move the proc.c-specific runtime state out of struct iked into a sub-struct.Reyk Floeter
2011-05-05rename iked_proc* to privsep_proc*. no functional change.Reyk Floeter
2011-05-02store the peer address as it was specified in the policy in theMike Belopuhov
2011-04-18When the kernel wants to acquire an SA for an unknown flow, lookup aReyk Floeter
2011-04-15remove unused function ikev2_flows_delete()Reyk Floeter
2011-01-26get rid of acquire flows completely, as they tend to pass trafficMike Belopuhov
2011-01-21don't use memcmp on comparing two iked_addrs but IKED_ADDR_EQ.Reyk Floeter
2011-01-21- Fix traffic selector configuration that it is always "from $localnetReyk Floeter
2011-01-21Reimplement the iked(8) policy evaluation for incoming connections toReyk Floeter
2011-01-21split pfkey initialization into a privileged and unprivileged part toReyk Floeter
2011-01-17Add initial acquire mode support and use it whenever Windows peers decideMike Belopuhov
2011-01-17move mask2prefixlen functions to the util module; ok reykMike Belopuhov
2011-01-12postpone processing of pfkey messages received in pfkey_reply instead ofMike Belopuhov
2011-01-12decouple flow deletion from the ikev2_childsa_delete; ok reykMike Belopuhov
2010-12-22move and rename util.c:print_id() to ikev2.c:ikev2_print_id() becauseReyk Floeter
2010-12-22split util.c into two files: imsg_util.c for ibuf/imsg stuff and util forReyk Floeter
2010-12-22child sa rekeying revamp plus numerous bugfixes;Mike Belopuhov
2010-12-01Clarify the internal ibuf API: rename ibuf_copy() to ibuf_get() becauseReyk Floeter
2010-11-17Allow the -D command line flag to actually define macros.Chris Kuethe
2010-09-22support INVALID_KE_PAYLOAD notification sent by the responder in caseMike Belopuhov
2010-09-09- allow esp proposals without integrity and ah proposals withoutMike Belopuhov
2010-07-01Add support for the tap extension (ikev2 ... tap "enc1") that willReyk Floeter
2010-06-29add code to lookup the RSA public keys in /etc/iked/pubkeys/ as anReyk Floeter
2010-06-27When a peer requests a certificate from the local gateway, we firstReyk Floeter
2010-06-27Instead of modifying and fiddling with the IKE SA in the payloadReyk Floeter
2010-06-26revert the files that have been accidentally committed with myReyk Floeter
2010-06-26mixing any (AF_UNSPEC) with AF_INET/INET6 is not an address family mismatchReyk Floeter
2010-06-26Include the Id type in the generated SA tag that is passed to theReyk Floeter
2010-06-14Initiator mode with certificates; needs more work but works.Reyk Floeter
2010-06-14Initial support for initiator mode which allows to run iked as aReyk Floeter
2010-06-14NAT detection again: make it work in initiator and responder modeReyk Floeter
2010-06-14restructure code a bit to move closer to initiator mode:Reyk Floeter
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-13 10:58:22 +0000