summaryrefslogtreecommitdiff
path: root/sbin/iked/parse.y
AgeCommit message (Expand)Author
2021-09-18upon length check or other failure, explicit_bzero an object, because it mayTheo de Raadt
2021-05-28Add experimental post-quantum hybrid key exchange methodtobhe
2021-03-16Add 'grp31' alias for curve25519 as documented in iked.conf(5).tobhe
2021-03-05Move policy printing code from parse.y to new print.ctobhe
2021-02-13Add dynamic address configuration for roadwarrior clients.tobhe
2021-02-09Add optional 'group none' transform for child SAs and fix handling oftobhe
2021-02-07Fix address leaks in expand_flows().tobhe
2021-02-01Whitespacetobhe
2020-12-29getifaddrs() can return entries where ifa_addr is NULL. Check for thisSebastian Benoit
2020-12-27Fix "any" and "dynamic" keywords for flows and add proper IPv6 support.tobhe
2020-12-20Don't leak ipsec_hosts when building hosts_list.tobhe
2020-12-15Fix leak of REQUEST string.tobhe
2020-12-13Make sure flow src and dst addresses have the same address family.tobhe
2020-12-10Print valid ikesa/childsa configuration at startup. Comma seperatedtobhe
2020-11-29Add 'set stickyaddress' option. If this option is enabled, iked will trytobhe
2020-11-03Add 'any' keyword for request to allow 'request address any'.tobhe
2020-11-01Add 'dynamic' keyword to configure flows to dynamically assigned addresses.tobhe
2020-10-29Add initial support to request IP addresses as IKEv2 initiator.tobhe
2020-09-23Add new 'set cert_partial_chain' config option to allow verification oftobhe
2020-09-19Add SHA2_384 and SHA2_512 to default proposals.tobhe
2020-09-18Fix memory leak in 'n->name'.tobhe
2020-09-16Fix EAP authentication if the initiator sends no certificatetobhe
2020-09-05Initialize flow_dir and flow_saproto so policy_test() can find the policytobhe
2020-08-25Fix undefined symbol.tobhe
2020-08-25Add dpd_check_interval configuration option. If for any IKE SA no IPsectobhe
2020-08-23Add a new configuration option to limit the number of connections fortobhe
2020-08-18Add optional time-stamp validaten for ocsp. The new optional 'tolerate'tobhe
2020-08-14Delete unused variable 'idtype'.tobhe
2020-07-20Fix dst/src port configuration bug with multiple flows.tobhe
2020-07-20iked: fix typo in fatalxStuart Henderson
2020-06-25Rework 'ikeauth' configuration option. The key and cert checks in the configtobhe
2020-06-05Add default proposals for AES-GCM ciphers in IKE and ESP.tobhe
2020-05-26Add AES-GCM mode ciphers (IANA IDs 19 and 20) for IKEv2.tobhe
2020-04-30Add ECDH groups and higher order MODP DH groups to default proposal.tobhe
2020-04-29Remove trailing tabtobhe
2020-04-29Missing whitespace.tobhe
2020-04-28Remove support for insecure EC2N groups. Clarify which Diffie-Hellmantobhe
2020-04-26Only print valid rdomains. '-1' is used as default value and shouldtobhe
2020-04-23Add support for switching rdomain on IPsec encryption/decryption.tobhe
2020-04-14Print 'ipcomp' in print_policy() if configured.tobhe
2020-04-12No need to call lc_idtype(). idstr does not contain a leading typetobhe
2020-04-10Only make the type part of the idstring lowercase when looking for certs intobhe
2020-03-28Plug some memory leaks.tobhe
2020-02-21Add transport mode for child SAs. This is useful for GRE over IPsec andtobhe
2019-12-03Correctly represent flows as traffic selectors as described in RFC 7296. Thistobhe
2019-11-28Merge host_v{4,6}() into host_ip(), simplify host()kn
2019-11-28Introduce copy_sockaddrtoipa() and set_ipmask() bits from pfctlkn
2019-11-12Add configuration options to explicitly specify ESN support for child SAs.tobhe
2019-09-26Fix leaks by cleaning up after configuration parser.tobhe
2019-08-26Fix file descriptor leak in config parser. Inspired by bgpd parse.y.tobhe