| Age | Commit message (Expand) | Author |
|---|
| 2018-08-06 | Remove cpath pledge(2) promise. We decided that not deleting the unix control | Ricardo Mestre |
| 2018-03-16 | Consistently spell "IPsec" in comments and debug outputs. | Martin Pieuchot |
| 2017-11-30 | Add support for rejecting IKE SA messages. This means that we can reply | Patrick Wildt |
| 2017-11-27 | Implement MOBIKE (RFC 4555) support in iked(8), with us acting as | Patrick Wildt |
| 2017-04-26 | cope with IP address changes. before, we were trying to resend the msg | Henning Brauer |
| 2017-04-13 | Add a NAT-T keepalive timer in case we are behind a NAT gateway. | Patrick Wildt |
| 2017-03-27 | Don't cache the DH group in the policy | Mike Belopuhov |
| 2017-03-27 | Factor out flows into separate configuration messages | Mike Belopuhov |
| 2017-03-27 | Add support to reflect the responder IKEv2 COOKIE. | Reyk Floeter |
| 2017-03-27 | Add support for RFC4754 (ECDSA) and RFC7427 authentication. | Reyk Floeter |
| 2017-03-13 | Resolve simultaneous Child SA rekeying | Mike Belopuhov |
| 2017-03-13 | Resolve simultaneous IKE SA rekeying | Mike Belopuhov |
| 2017-03-13 | Make sure that proposal contains a DH group when rekeying with PFS enabled | Reyk Floeter |
| 2017-03-13 | Don't rekey acquired Child SAs | Mike Belopuhov |
| 2017-03-13 | When setting up IPcomp flows for the networks 'A' and 'B' between | Patrick Wildt |
| 2017-03-13 | Fix and improve the IKE SA rekeying timeout, add a randomized jitter. | Reyk Floeter |
| 2017-03-13 | flow_cmp() must compare the same flow-attributes as the kernel, | Patrick Wildt |
| 2017-02-03 | Stop assuming that in_{addr,port}_t are typedefed in <sys/types.h> and | Philip Guenther |
| 2017-01-20 | Constify the data argument for ibuf_new | Mike Belopuhov |
| 2017-01-09 | Stop accessing verbose and debug variables from log.c directly. | Reyk Floeter |
| 2017-01-03 | Fix pledge of the ca process by calling the right function on startup. | Reyk Floeter |
| 2016-09-04 | Now that we have IP_SENDSRCADDR, add sendtofrom(). | Vincent Gross |
| 2016-09-03 | Add the missing bits to have NAT on enc(4) support in iked. | Vincent Gross |
| 2016-06-01 | Implement a second address pool specifically for IPv6, so that | Patrick Wildt |
| 2015-12-07 | Sync proc.c, use shorter proc_compose[v]() | Reyk Floeter |
| 2015-11-23 | Replace socket_set_blockmode() and fcntl(fd, F_SETFL, O_NONBLOCK) calls | Reyk Floeter |
| 2015-11-22 | Update log.c: change fatal() and fatalx() into variadic functions, | Reyk Floeter |
| 2015-11-21 | Move local logging functions to util.c (which is shared with ikectl), | Reyk Floeter |
| 2015-10-22 | iked hereby pledges that it will run with restricted system | Reyk Floeter |
| 2015-10-19 | Remove the ikev1 stub - Since I started iked, it has an empty privsep | Reyk Floeter |
| 2015-10-01 | Fix interoperability with Apple iOS9: If we don't get a (valid) | Reyk Floeter |
| 2015-08-21 | Switch iked to C99-style fixed-width integer types. | Reyk Floeter |
| 2015-08-19 | spacing (no binary change, verified with checksums) | Reyk Floeter |
| 2015-07-07 | repair policy-ikesa-linking by replacing the broken RB_TREE w/TAILQ | Markus Friedl |
| 2015-06-11 | Use "compliant" header guards by avoiding the reserved '_' namespace. | Reyk Floeter |
| 2015-03-26 | initial support for RFC 7427 signatures, so we are no longer | Markus Friedl |
| 2015-01-16 | Replace <sys/param.h> with <limits.h> and other less dirty headers where | Theo de Raadt |
| 2014-08-18 | Sync proc.c with httpd. httpd needs SIGUSR1 but iked will ignore it | Reyk Floeter |
| 2014-05-09 | get rid of redundant {csa,flow}_{src,dst}id pointers, so we don't need | Markus Friedl |
| 2014-05-09 | replace iked_transform pointer with xform id, since target of pointer | Markus Friedl |
| 2014-05-08 | match iked proc.c infrastructure with proc.c | Bret Lambert |
| 2014-05-07 | make authentication work with X509 certificates that don't have a | Markus Friedl |
| 2014-05-06 | change the create-child-sa responder code, so it does not store any | Markus Friedl |
| 2014-05-06 | initiate ike sa rekeying (ikesalifetime keyword), re-queue pfkey | Markus Friedl |
| 2014-05-06 | initial support for PFS; ok reyk@ | Markus Friedl |
| 2014-05-06 | retire IKED_REQ_DELETE and fix delete parsing; ok reyk@ | Markus Friedl |
| 2014-04-29 | make sure the state machine only advances if the AUTH payload has | Markus Friedl |
| 2014-04-22 | Update iked to use the same proc.c that relayd uses. | Reyk Floeter |
| 2014-04-10 | Add validation routines to ikev2_pld.c: For each payload type overall | Reyk Floeter |
| 2014-02-21 | support rekeying for IPCOMP; ok mikeb@ | Markus Friedl |
