Age | Commit message (Expand) | Author |
2016-06-02 | Use the last 32-bits of the IPv6 address to dynamically assign | Patrick Wildt |
2016-06-01 | Implement a second address pool specifically for IPv6, so that | Patrick Wildt |
2016-06-01 | ikev2_cp_fixaddr() is called to replace unspecified (e.g. 0.0.0.0) | Patrick Wildt |
2015-10-22 | iked hereby pledges that it will run with restricted system | Reyk Floeter |
2015-10-19 | Remove the ikev1 stub - Since I started iked, it has an empty privsep | Reyk Floeter |
2015-10-15 | Remove some unnecessary NULL-checks before free(). Change two bzero() | mmcc |
2015-10-02 | If the policy certreqtype is 0, use the global one instead. | Reyk Floeter |
2015-10-01 | Fix interoperability with Apple iOS9: If we don't get a (valid) | Reyk Floeter |
2015-08-21 | Switch iked to C99-style fixed-width integer types. | Reyk Floeter |
2015-08-19 | spacing (no binary change, verified with checksums) | Reyk Floeter |
2015-07-07 | repair policy-ikesa-linking by replacing the broken RB_TREE w/TAILQ | Markus Friedl |
2015-03-26 | initial support for RFC 7427 signatures, so we are no longer | Markus Friedl |
2015-02-06 | unneeded getopt.h | Theo de Raadt |
2015-01-16 | Replace <sys/param.h> with <limits.h> and other less dirty headers where | Theo de Raadt |
2014-12-05 | Store return value of i2d_X509_NAME in a signed integer to make | Mike Belopuhov |
2014-11-07 | Fixup a few problems with EAP state transition | Mike Belopuhov |
2014-11-07 | Repair initiator with PSK auth | Mike Belopuhov |
2014-07-09 | expire IPcomp SAs too; ok mikeb (some time ago) | Markus Friedl |
2014-05-13 | pass SA initiator not the exchange initator to sa_address(); ok mikeb@ | Markus Friedl |
2014-05-09 | get rid of redundant {csa,flow}_{src,dst}id pointers, so we don't need | Markus Friedl |
2014-05-09 | replace iked_transform pointer with xform id, since target of pointer | Markus Friedl |
2014-05-07 | make authentication work with X509 certificates that don't have a | Markus Friedl |
2014-05-07 | factor out ikev2_ike_auth() (state machine; used multiple times via callbacks) | Markus Friedl |
2014-05-06 | change the create-child-sa responder code, so it does not store any | Markus Friedl |
2014-05-06 | initiate ike sa rekeying (ikesalifetime keyword), re-queue pfkey | Markus Friedl |
2014-05-06 | cleanup IKE-SA tree handling (fixes repeated-insert & double-remove) | Markus Friedl |
2014-05-06 | send the delete with the locally allocated SPI in ikev2_init_create_child_sa() | Markus Friedl |
2014-05-06 | initial support for PFS; ok reyk@ | Markus Friedl |
2014-05-06 | retire IKED_REQ_DELETE and fix delete parsing; ok reyk@ | Markus Friedl |
2014-04-29 | make sure the state machine only advances if the AUTH payload has | Markus Friedl |
2014-04-28 | spacing | Reyk Floeter |
2014-04-10 | Add validation routines to ikev2_pld.c: For each payload type overall | Reyk Floeter |
2014-03-12 | don't leak an ibuf for each expired SA; ok mikeb@ | Markus Friedl |
2014-03-12 | unbreak config-address w/o pool; ok mikeb@ | Markus Friedl |
2014-02-26 | don't policy_ref an activate policy (policy_ref/unref are assymetrical), | Markus Friedl |
2014-02-21 | support rekeying for IPCOMP; ok mikeb@ | Markus Friedl |
2014-02-18 | check the error from ikev2_cp_setaddr | Markus Friedl |
2014-02-17 | interpret 'config address net/prefix' as a pool of addresses and | Markus Friedl |
2014-02-17 | Fix compiler warnings in the format strings: use %zd for ssize_t and | Reyk Floeter |
2014-02-14 | initial support for IPComp | Markus Friedl |
2014-01-24 | re-lookup the policy as soon as we have the ID of the peer (destid) | Markus Friedl |
2014-01-24 | use a bit saner timer api | Mike Belopuhov |
2014-01-22 | implement DPD similar to isakmpd, but only send DPD-messages 'on-demand' | Markus Friedl |
2013-12-09 | distingush between sa_msgid not set and 0; otherwise we start | Markus Friedl |
2013-12-03 | never cast to sockaddr_storage, always cast to the abstract 'class' sockaddr | Markus Friedl |
2013-11-28 | mark replaced flows as 'not loaded'; this can happen if both | Markus Friedl |
2013-11-28 | drop duplicate requests | Markus Friedl |
2013-11-28 | support raw pubkey authentication w/o x509 certificates; | Markus Friedl |
2013-06-13 | Add support for protected-subnet config types. | Reyk Floeter |
2013-03-21 | remove excessive includes | Theo de Raadt |