| Age | Commit message (Expand) | Author |
|---|
| 2020-01-07 | Link ESP-SA and IPcomp-SA using GRPSPIS instead of using a self-built | tobhe |
| 2019-12-10 | We can receive a delete and free an SA that is referenced in sa_nextr. | tobhe |
| 2019-12-03 | Correctly represent flows as traffic selectors as described in RFC 7296. This | tobhe |
| 2019-11-30 | Log loaded SPIs and flows. | tobhe |
| 2019-11-28 | Move Notify and Certreq payload handlers after the parser. Modify SA state | tobhe |
| 2019-11-13 | Log reason whenever a child SA is freed. This makes it easier to | tobhe |
| 2019-11-11 | Cleanup message retransmission handling with new helper functions. | tobhe |
| 2019-08-14 | Fix NAT traversal detection bug when "local" option is not explicitly | tobhe |
| 2019-08-12 | Prepend SPI to send and recv log messages to see which line belongs to | tobhe |
| 2019-05-11 | Add support for IKEv2 Message Fragmentation as defined in RFC 7383. | Patrick Wildt |
| 2019-05-10 | Enforce messages after IKE_SA_INIT exchange to contain only | Patrick Wildt |
| 2018-08-06 | Remove cpath pledge(2) promise. We decided that not deleting the unix control | Ricardo Mestre |
| 2018-03-16 | Consistently spell "IPsec" in comments and debug outputs. | Martin Pieuchot |
| 2017-11-30 | Add support for rejecting IKE SA messages. This means that we can reply | Patrick Wildt |
| 2017-11-27 | Implement MOBIKE (RFC 4555) support in iked(8), with us acting as | Patrick Wildt |
| 2017-04-26 | cope with IP address changes. before, we were trying to resend the msg | Henning Brauer |
| 2017-04-13 | Add a NAT-T keepalive timer in case we are behind a NAT gateway. | Patrick Wildt |
| 2017-03-27 | Don't cache the DH group in the policy | Mike Belopuhov |
| 2017-03-27 | Factor out flows into separate configuration messages | Mike Belopuhov |
| 2017-03-27 | Add support to reflect the responder IKEv2 COOKIE. | Reyk Floeter |
| 2017-03-27 | Add support for RFC4754 (ECDSA) and RFC7427 authentication. | Reyk Floeter |
| 2017-03-13 | Resolve simultaneous Child SA rekeying | Mike Belopuhov |
| 2017-03-13 | Resolve simultaneous IKE SA rekeying | Mike Belopuhov |
| 2017-03-13 | Make sure that proposal contains a DH group when rekeying with PFS enabled | Reyk Floeter |
| 2017-03-13 | Don't rekey acquired Child SAs | Mike Belopuhov |
| 2017-03-13 | When setting up IPcomp flows for the networks 'A' and 'B' between | Patrick Wildt |
| 2017-03-13 | Fix and improve the IKE SA rekeying timeout, add a randomized jitter. | Reyk Floeter |
| 2017-03-13 | flow_cmp() must compare the same flow-attributes as the kernel, | Patrick Wildt |
| 2017-02-03 | Stop assuming that in_{addr,port}_t are typedefed in <sys/types.h> and | Philip Guenther |
| 2017-01-20 | Constify the data argument for ibuf_new | Mike Belopuhov |
| 2017-01-09 | Stop accessing verbose and debug variables from log.c directly. | Reyk Floeter |
| 2017-01-03 | Fix pledge of the ca process by calling the right function on startup. | Reyk Floeter |
| 2016-09-04 | Now that we have IP_SENDSRCADDR, add sendtofrom(). | Vincent Gross |
| 2016-09-03 | Add the missing bits to have NAT on enc(4) support in iked. | Vincent Gross |
| 2016-06-01 | Implement a second address pool specifically for IPv6, so that | Patrick Wildt |
| 2015-12-07 | Sync proc.c, use shorter proc_compose[v]() | Reyk Floeter |
| 2015-11-23 | Replace socket_set_blockmode() and fcntl(fd, F_SETFL, O_NONBLOCK) calls | Reyk Floeter |
| 2015-11-22 | Update log.c: change fatal() and fatalx() into variadic functions, | Reyk Floeter |
| 2015-11-21 | Move local logging functions to util.c (which is shared with ikectl), | Reyk Floeter |
| 2015-10-22 | iked hereby pledges that it will run with restricted system | Reyk Floeter |
| 2015-10-19 | Remove the ikev1 stub - Since I started iked, it has an empty privsep | Reyk Floeter |
| 2015-10-01 | Fix interoperability with Apple iOS9: If we don't get a (valid) | Reyk Floeter |
| 2015-08-21 | Switch iked to C99-style fixed-width integer types. | Reyk Floeter |
| 2015-08-19 | spacing (no binary change, verified with checksums) | Reyk Floeter |
| 2015-07-07 | repair policy-ikesa-linking by replacing the broken RB_TREE w/TAILQ | Markus Friedl |
| 2015-06-11 | Use "compliant" header guards by avoiding the reserved '_' namespace. | Reyk Floeter |
| 2015-03-26 | initial support for RFC 7427 signatures, so we are no longer | Markus Friedl |
| 2015-01-16 | Replace <sys/param.h> with <limits.h> and other less dirty headers where | Theo de Raadt |
| 2014-08-18 | Sync proc.c with httpd. httpd needs SIGUSR1 but iked will ignore it | Reyk Floeter |
| 2014-05-09 | get rid of redundant {csa,flow}_{src,dst}id pointers, so we don't need | Markus Friedl |
