src - OpenBSD base system

Age	Commit message (Collapse)	Author
2014-04-22	Update iked to use the same proc.c that relayd uses.	Reyk Floeter
	Less differences, less code to audit. ok mikeb@
2014-02-17	Fix compiler warnings in the format strings: use %zd for ssize_t and	Reyk Floeter
	%zu for size_t. From Andre de Oliveira With input and OK from blambert@ markus@
2013-03-21	remove excessive includes	Theo de Raadt

2013-01-08	Remove private CVS tag from an obsolete repository and bump copyright	Reyk Floeter
	to 2013 while I'm here... this is my way of saying "happy new year!".
2012-09-18	update email addresses to match reality.	Reyk Floeter
	sure jsg@ mikeb@
2011-05-09	rename functions in proc.c to proc_* and move some code from imsg_util.c to	Reyk Floeter
	proc.c. this is the first sync to what i did for relayd but does not include the multi-instance handling - so no functional change.
2011-05-05	Small tweak - add direct pointer to env instead of using an indirect one.	Reyk Floeter

2011-05-05	Move the proc.c-specific runtime state out of struct iked into a sub-struct.	Reyk Floeter
	This removes iked-specific stuff from proc.c.
2011-05-05	rename iked_proc* to privsep_proc*. no functional change.	Reyk Floeter

2011-01-21	Reimplement the iked(8) policy evaluation for incoming connections to	Reyk Floeter
	use the last matching semantics of PF. The previous rbtree-based implementation was broken and tried to do a longest prefix match. But instead of prefix match and using radix-trees to fix it I decided with mikeb@ to implement it as last matching policy evaluation. The last matching policy wins; the "quick" keyword can enforce first matching; additional keywords like "skip" are specific to iked(8). See iked.conf(5) for more details. The implementation also uses skip steps based on PF's code. It significantly speeds up the evaluation of many policies but also adds a little delay when loading them (only noticeable with thousands of policies). This allows iked(8) to scale well with thousands of configured policies but I also liked the fact to have skip steps in another piece of code. ok dhartmei@ for using his skip step code under the ISC license in policy.c ok mikeb@, jmc@
2010-06-24	unbreak the ikectl log verbose/brief commands.	Reyk Floeter

2010-06-14	cleanup messages and parsed information correctly	Reyk Floeter

2010-06-10	add new commands: the couple/decouple commands will set loading of the	Reyk Floeter
	learned flows and SAs to the kernel which is useful for testing and debugging. the active/passive commands are required to use iked with sasyncd(8); sasyncd just needs to call "ikectl active/passive" or send the appropriate imsg to support iked but this is not implemented yet.
2010-06-10	i don't like splitting source code in too many source files but ikev2.c	Reyk Floeter
	has grown too large, so split it in 3 files and rename a few functions to organize the code a bit better.
2010-06-03	Import iked, a new implementation of the IKEv2 protocol.	Reyk Floeter
	iked(8) is an automatic keying daemon for IPsec, like isakmpd(8), that IPsec creates flows and SAs automatically. Unlike isakmpd, iked(8) implements the newer IKEv2 protocol instead of IKEv1/ISAKMP. The daemon is still work-in-progress and not enabled in the builds, but is already able to establish IKEv2 sessions with some other IKEv2 implementations as a responder. with lots of help and debugging by jsg@ ok deraadt@