| Age | Commit message (Expand) | Author |
|---|
| 2015-01-16 | Replace <sys/param.h> with <limits.h> and other less dirty headers where | Theo de Raadt |
| 2014-08-18 | Sync proc.c with httpd. httpd needs SIGUSR1 but iked will ignore it | Reyk Floeter |
| 2014-05-09 | get rid of redundant {csa,flow}_{src,dst}id pointers, so we don't need | Markus Friedl |
| 2014-05-09 | replace iked_transform pointer with xform id, since target of pointer | Markus Friedl |
| 2014-05-08 | match iked proc.c infrastructure with proc.c | Bret Lambert |
| 2014-05-07 | make authentication work with X509 certificates that don't have a | Markus Friedl |
| 2014-05-06 | change the create-child-sa responder code, so it does not store any | Markus Friedl |
| 2014-05-06 | initiate ike sa rekeying (ikesalifetime keyword), re-queue pfkey | Markus Friedl |
| 2014-05-06 | initial support for PFS; ok reyk@ | Markus Friedl |
| 2014-05-06 | retire IKED_REQ_DELETE and fix delete parsing; ok reyk@ | Markus Friedl |
| 2014-04-29 | make sure the state machine only advances if the AUTH payload has | Markus Friedl |
| 2014-04-22 | Update iked to use the same proc.c that relayd uses. | Reyk Floeter |
| 2014-04-10 | Add validation routines to ikev2_pld.c: For each payload type overall | Reyk Floeter |
| 2014-02-21 | support rekeying for IPCOMP; ok mikeb@ | Markus Friedl |
| 2014-02-17 | interpret 'config address net/prefix' as a pool of addresses and | Markus Friedl |
| 2014-02-17 | basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"' | Markus Friedl |
| 2014-02-14 | remove unused function that distracts from cleaning up the imsg_flush() mess | Sebastian Benoit |
| 2014-02-14 | initial support for IPComp | Markus Friedl |
| 2014-01-24 | enable format-string checks for log_*(); ok mikeb | Markus Friedl |
| 2014-01-24 | use a bit saner timer api | Mike Belopuhov |
| 2014-01-22 | implement DPD similar to isakmpd, but only send DPD-messages 'on-demand' | Markus Friedl |
| 2013-12-09 | distingush between sa_msgid not set and 0; otherwise we start | Markus Friedl |
| 2013-12-03 | never cast to sockaddr_storage, always cast to the abstract 'class' sockaddr | Markus Friedl |
| 2013-11-28 | document sa_msgid & sa_reqid; ok mikeb@ | Markus Friedl |
| 2013-11-28 | support raw pubkey authentication w/o x509 certificates; | Markus Friedl |
| 2013-11-21 | Make the bit string u_char * in print_bits(). In practice we | Todd C. Miller |
| 2013-11-14 | pass caller to ca_sslerror for better error messages; ok mikeb | Markus Friedl |
| 2013-01-08 | Remove private CVS tag from an obsolete repository and bump copyright | Reyk Floeter |
| 2012-11-29 | Prevent VPN traffic leakages in dual-stack hosts/networks. | Reyk Floeter |
| 2012-10-22 | Fix NAT-T support in iked, both on the initiator and the responder | Reyk Floeter |
| 2012-09-18 | update email addresses to match reality. | Reyk Floeter |
| 2012-07-02 | Don't close IKE SA immediately after creating a new one when rekeying. | Mike Belopuhov |
| 2012-06-29 | Add missing ESN bits | Mike Belopuhov |
| 2012-06-26 | compare exchange types as well when looking up a message; | Mike Belopuhov |
| 2012-06-22 | Add initial support for retransmition timeouts and response retries. | Mike Belopuhov |
| 2012-06-22 | decouple timer initialization from timer_register | Mike Belopuhov |
| 2012-05-30 | more timer changes | Mike Belopuhov |
| 2012-05-30 | pass a file descriptor in the msg_fd instead of a function argument | Mike Belopuhov |
| 2012-05-29 | improve timer framework; will be needed soon | Mike Belopuhov |
| 2012-05-23 | factor out proposal matching code from ikev2_sa_negotiate and eliminate | Mike Belopuhov |
| 2012-05-08 | When setting up NAT-T notify payloads, make sure to supply an | Mike Belopuhov |
| 2012-04-05 | rate-limit accepting of new connections while we are experiencing | Theo de Raadt |
| 2011-05-09 | rename functions in proc.c to proc_* and move some code from imsg_util.c to | Reyk Floeter |
| 2011-05-05 | Small tweak - add direct pointer to env instead of using an indirect one. | Reyk Floeter |
| 2011-05-05 | Move the proc.c-specific runtime state out of struct iked into a sub-struct. | Reyk Floeter |
| 2011-05-05 | rename iked_proc* to privsep_proc*. no functional change. | Reyk Floeter |
| 2011-05-02 | store the peer address as it was specified in the policy in the | Mike Belopuhov |
| 2011-04-18 | When the kernel wants to acquire an SA for an unknown flow, lookup a | Reyk Floeter |
| 2011-04-15 | remove unused function ikev2_flows_delete() | Reyk Floeter |
| 2011-01-26 | get rid of acquire flows completely, as they tend to pass traffic | Mike Belopuhov |
