summaryrefslogtreecommitdiff
path: root/sbin/iked/iked.h
AgeCommit message (Expand)Author
2014-05-09replace iked_transform pointer with xform id, since target of pointerMarkus Friedl
2014-05-08match iked proc.c infrastructure with proc.cBret Lambert
2014-05-07make authentication work with X509 certificates that don't have aMarkus Friedl
2014-05-06change the create-child-sa responder code, so it does not store anyMarkus Friedl
2014-05-06initiate ike sa rekeying (ikesalifetime keyword), re-queue pfkeyMarkus Friedl
2014-05-06initial support for PFS; ok reyk@Markus Friedl
2014-05-06retire IKED_REQ_DELETE and fix delete parsing; ok reyk@Markus Friedl
2014-04-29make sure the state machine only advances if the AUTH payload hasMarkus Friedl
2014-04-22Update iked to use the same proc.c that relayd uses.Reyk Floeter
2014-04-10Add validation routines to ikev2_pld.c: For each payload type overallReyk Floeter
2014-02-21support rekeying for IPCOMP; ok mikeb@Markus Friedl
2014-02-17interpret 'config address net/prefix' as a pool of addresses andMarkus Friedl
2014-02-17basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"'Markus Friedl
2014-02-14remove unused function that distracts from cleaning up the imsg_flush() messSebastian Benoit
2014-02-14initial support for IPCompMarkus Friedl
2014-01-24enable format-string checks for log_*(); ok mikebMarkus Friedl
2014-01-24use a bit saner timer apiMike Belopuhov
2014-01-22implement DPD similar to isakmpd, but only send DPD-messages 'on-demand'Markus Friedl
2013-12-09distingush between sa_msgid not set and 0; otherwise we startMarkus Friedl
2013-12-03never cast to sockaddr_storage, always cast to the abstract 'class' sockaddrMarkus Friedl
2013-11-28document sa_msgid & sa_reqid; ok mikeb@Markus Friedl
2013-11-28support raw pubkey authentication w/o x509 certificates;Markus Friedl
2013-11-21Make the bit string u_char * in print_bits(). In practice weTodd C. Miller
2013-11-14pass caller to ca_sslerror for better error messages; ok mikebMarkus Friedl
2013-01-08Remove private CVS tag from an obsolete repository and bump copyrightReyk Floeter
2012-11-29Prevent VPN traffic leakages in dual-stack hosts/networks.Reyk Floeter
2012-10-22Fix NAT-T support in iked, both on the initiator and the responderReyk Floeter
2012-09-18update email addresses to match reality.Reyk Floeter
2012-07-02Don't close IKE SA immediately after creating a new one when rekeying.Mike Belopuhov
2012-06-29Add missing ESN bitsMike Belopuhov
2012-06-26compare exchange types as well when looking up a message;Mike Belopuhov
2012-06-22Add initial support for retransmition timeouts and response retries.Mike Belopuhov
2012-06-22decouple timer initialization from timer_registerMike Belopuhov
2012-05-30more timer changesMike Belopuhov
2012-05-30pass a file descriptor in the msg_fd instead of a function argumentMike Belopuhov
2012-05-29improve timer framework; will be needed soonMike Belopuhov
2012-05-23factor out proposal matching code from ikev2_sa_negotiate and eliminateMike Belopuhov
2012-05-08When setting up NAT-T notify payloads, make sure to supply anMike Belopuhov
2012-04-05rate-limit accepting of new connections while we are experiencingTheo de Raadt
2011-05-09rename functions in proc.c to proc_* and move some code from imsg_util.c toReyk Floeter
2011-05-05Small tweak - add direct pointer to env instead of using an indirect one.Reyk Floeter
2011-05-05Move the proc.c-specific runtime state out of struct iked into a sub-struct.Reyk Floeter
2011-05-05rename iked_proc* to privsep_proc*. no functional change.Reyk Floeter
2011-05-02store the peer address as it was specified in the policy in theMike Belopuhov
2011-04-18When the kernel wants to acquire an SA for an unknown flow, lookup aReyk Floeter
2011-04-15remove unused function ikev2_flows_delete()Reyk Floeter
2011-01-26get rid of acquire flows completely, as they tend to pass trafficMike Belopuhov
2011-01-21don't use memcmp on comparing two iked_addrs but IKED_ADDR_EQ.Reyk Floeter
2011-01-21- Fix traffic selector configuration that it is always "from $localnetReyk Floeter
2011-01-21Reimplement the iked(8) policy evaluation for incoming connections toReyk Floeter
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-03 07:45:10 +0000