summaryrefslogtreecommitdiff
path: root/sbin/iked/iked.h
AgeCommit message (Expand)Author
2021-11-24Unregister event on pfkey socket during pfkey_reply(). Using eventsTobias Heider
2021-11-24Pass env to pfkey API. Consistently call pfkey file descriptor fd.Tobias Heider
2021-10-26Make proto config option accept a list to allow specifying multipleTobias Heider
2021-10-12Change responder to prefer DH group from KE payload.Tobias Heider
2021-09-01Add client side support for DNS configuration. Use RTM_PROPOSAL_STATICTobias Heider
2021-06-23Factor out vroute_addr().tobhe
2021-05-13Refactor iked process shutdown and cleanup. Remember configuredtobhe
2021-04-20Move TAILQ initialization to files where they are used.dv
2021-03-05Print PFS group for rekeyed Child SAs.tobhe
2021-03-05Move policy printing code from parse.y to new print.ctobhe
2021-02-25Constify cipher API.tobhe
2021-02-22Don't pass 'id' as argument to make function signature match similartobhe
2021-02-13Add dynamic address configuration for roadwarrior clients.tobhe
2021-02-04Rename 'struct group' to 'struct dh_group' for more clarity andtobhe
2021-02-01Take flows into consideration for policy lookup as initiator.tobhe
2021-01-28Extern privsep_process. Fixes compilation with -fno-common.mortimer
2021-01-26Add support for RSA-PSS PKCS1 signatures. Don't enable them bytobhe
2021-01-21Add support for INVALID_KE_PAYLOAD in CREATE_CHILD_SAtobhe
2020-12-21Use policy_test() to reassign existing SAs to updated policies aftertobhe
2020-12-03Fix type mismatch. auth_method should be uint8_t.tobhe
2020-11-30We need to rekey every child SA (even if acquired): Otherwise we cantobhe
2020-11-29Add 'set stickyaddress' option. If this option is enabled, iked will trytobhe
2020-11-26Use a counter instead of random IV for AES-GCM. Security depends ontobhe
2020-11-25Fix proposal error handling. If a proposal contains an unknown transformtobhe
2020-11-21Clean up NATT hack. Pass 'frompeer' as parameter instead of manipulatingtobhe
2020-11-18Constify sa in ikev2_pld_eap(). The parser code must not change anytobhe
2020-10-30style(9)tobhe
2020-10-29Add initial support to request IP addresses as IKEv2 initiator.tobhe
2020-10-24Don't modify sa in ikev2_pld_cp. Store cp_type in msg until message hastobhe
2020-10-19Handle NO_PROPOSAL_CHOSEN as IKE_AUTH initiator.tobhe
2020-10-03React to DELETE notifications only in INFORMATIONAL messagestobhe
2020-09-23Add new 'set cert_partial_chain' config option to allow verification oftobhe
2020-09-16Move all the EAP logic from a single branch in the message parsing code totobhe
2020-08-28Rename ikev2_*_sa() functions to make clear they handle Child SAs.tobhe
2020-08-26Allow disabling DPD liveness checks by setting dpd_check_interval to 0.tobhe
2020-08-25Add dpd_check_interval configuration option. If for any IKE SA no IPsectobhe
2020-08-24Reduce the amount of boilerplate code and imsgs for config options bytobhe
2020-08-23Add a new configuration option to limit the number of connections fortobhe
2020-08-23Rename natt_mode to sc_nattmode for consistency.tobhe
2020-08-21Use trusted CA from /etc/iked/ca/ as OCSP issuer to get rid oftobhe
2020-08-18Add optional time-stamp validaten for ocsp. The new optional 'tolerate'tobhe
2020-08-16Clean up unused parameters.tobhe
2020-08-11Prioritize incoming certificate requests by the order of CERTEQ payloadstobhe
2020-07-21Handle TEMPORARY_FAILURE notification on IKESA rekeying.tobhe
2020-07-15Make CERT and CERTREQ payloads optional for public key authentication.tobhe
2020-06-03Pass sockaddr instead of sockaddr_storage to sa_address.tobhe
2020-05-26Add AES-GCM mode ciphers (IANA IDs 19 and 20) for IKEv2.tobhe
2020-05-14Stricter return value checking for EVP_Cipher* calls.tobhe
2020-05-13Remove dead 'iked_flow' member 'flow_type'.tobhe
2020-05-08Remove unneccessary X509_NAME_oneline wrapper. Passing NULL as buftobhe
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-29 14:24:12 +0000