Age | Commit message (Expand) | Author |
2019-08-24 | Fix conflict when IKE SA and Child SA rekeying happen at the same time. | tobhe |
2019-08-14 | Fix NAT traversal detection bug when "local" option is not explicitly | tobhe |
2019-08-12 | Prepend SPI to send and recv log messages to see which line belongs to | tobhe |
2019-05-11 | Add support for IKEv2 Message Fragmentation as defined in RFC 7383. | Patrick Wildt |
2018-03-22 | The iked(8) fuzzer did not fuzz encrypted payloads. With that changed | Patrick Wildt |
2017-12-07 | Change the SA payload parser to parse more than the first proposal. This | Patrick Wildt |
2017-12-04 | Remove duplicate check that never could execute because the exact same | Patrick Wildt |
2017-12-04 | Consistently log "malformed payload" instead of "payload malformed", and | Patrick Wildt |
2017-12-04 | Remove check that is now a duplicate due to recent refactoring. | Patrick Wildt |
2017-12-04 | The payloads are layered like onions, so you can validate one layer and | Patrick Wildt |
2017-11-30 | Add support for rejecting IKE SA messages. This means that we can reply | Patrick Wildt |
2017-11-27 | Implement MOBIKE (RFC 4555) support in iked(8), with us acting as | Patrick Wildt |
2017-04-13 | Add a NAT-T keepalive timer in case we are behind a NAT gateway. | Patrick Wildt |
2017-03-27 | Don't cache the DH group in the policy | Mike Belopuhov |
2017-03-27 | Add support to reflect the responder IKEv2 COOKIE. | Reyk Floeter |
2017-03-13 | Resolve simultaneous IKE SA rekeying | Mike Belopuhov |
2017-03-13 | Improve reporting of authentication errors | Mike Belopuhov |
2017-01-20 | Include only found SPIs into the PAYLOAD_DELETE message | Mike Belopuhov |
2017-01-20 | Minor formatting fix | Mike Belopuhov |
2015-10-15 | Remove some unnecessary NULL-checks before free(). Change two bzero() | mmcc |
2015-10-01 | Don't reject an "empty" CERTREQ (one with no CA hashes), instead treat it as | Stuart Henderson |
2015-10-01 | Fix interoperability with Apple iOS9: If we don't get a (valid) | Reyk Floeter |
2015-08-21 | Switch iked to C99-style fixed-width integer types. | Reyk Floeter |
2015-08-19 | spacing (no binary change, verified with checksums) | Reyk Floeter |
2015-03-26 | initial support for RFC 7427 signatures, so we are no longer | Markus Friedl |
2015-02-06 | unneeded getopt.h | Theo de Raadt |
2015-01-19 | Remove unnecessary <netinet/ip_ipsp.h> includes | Mike Belopuhov |
2015-01-16 | Replace <sys/param.h> with <limits.h> and other less dirty headers where | Theo de Raadt |
2014-11-07 | Run eap_parse on the actual message and only when the length is right | Mike Belopuhov |
2014-05-06 | initiate ike sa rekeying (ikesalifetime keyword), re-queue pfkey | Markus Friedl |
2014-05-06 | don't sa_free() in the receive path (prevents use-after-free); ok mikeb@ | Markus Friedl |
2014-05-06 | make sure some notify payloads are encrypted; ok mikeb@ | Markus Friedl |
2014-05-06 | initial support for PFS; ok reyk@ | Markus Friedl |
2014-05-05 | validate the attribute length, too; from hshoexer; ok mikeb | Markus Friedl |
2014-04-28 | spacing | Reyk Floeter |
2014-04-10 | Add validation routines to ikev2_pld.c: For each payload type overall | Reyk Floeter |
2014-02-17 | Fix compiler warnings in the format strings: use %zd for ssize_t and | Reyk Floeter |
2014-02-14 | initial support for IPComp | Markus Friedl |
2014-02-12 | make sure to set the msg_responded flag on the original message; ok mikeb@ | Markus Friedl |
2014-01-24 | use a bit saner timer api | Mike Belopuhov |
2014-01-22 | implement DPD similar to isakmpd, but only send DPD-messages 'on-demand' | Markus Friedl |
2013-12-03 | never cast to sockaddr_storage, always cast to the abstract 'class' sockaddr | Markus Friedl |
2013-11-28 | support raw pubkey authentication w/o x509 certificates; | Markus Friedl |
2013-03-21 | remove excessive includes | Theo de Raadt |
2013-01-08 | Remove private CVS tag from an obsolete repository and bump copyright | Reyk Floeter |
2012-12-15 | Don't dereference NULL pointers (and some cleanup here). | Reyk Floeter |
2012-10-22 | Fix NAT-T support in iked, both on the initiator and the responder | Reyk Floeter |
2012-09-18 | update email addresses to match reality. | Reyk Floeter |
2012-06-22 | decouple timer initialization from timer_register | Mike Belopuhov |
2012-05-30 | more timer changes | Mike Belopuhov |