summaryrefslogtreecommitdiff
path: root/sbin/iked/parse.y
AgeCommit message (Expand)Author
2019-08-16Fix segfault in parser when specifying an invalid transform.tobhe
2019-06-28When system calls indicate an error they return -1, not some arbitraryTheo de Raadt
2019-05-11Add support for IKEv2 Message Fragmentation as defined in RFC 7383.Patrick Wildt
2019-04-02When curve25519 was added to iked, it was based on the internet-draft andStuart Henderson
2019-02-13(unsigned) means (unsigned int) which on ptrdiff_t or size_t or otherTheo de Raadt
2018-11-07sync cmdline_symset() changes with src/usr.sbin; OK sashan@ claudio@miko
2018-11-01- odd condition/test in PF lexerAlexandr Nedvedicky
2018-07-11Do for most running out of memory err() what was done for most runningKenneth R Westerback
2018-07-09No need to mention which memory allocation entry point failed (malloc,Kenneth R Westerback
2018-07-08Be consistent in warn() and log_warn() usage whenKenneth R Westerback
2018-06-11Fix an off-by-one line count when using include statements.denis
2018-04-26Plug leak in error case of the common 'varset' implementations.Kenneth R Westerback
2018-01-31Add support for specifying multiple transforms within a single proposal.Patrick Wildt
2018-01-24Implement support for specifying multiple proposals. This means we canPatrick Wildt
2017-12-01The RFC specifies that in an SA payload the proposals must be numberedPatrick Wildt
2017-11-27Implement MOBIKE (RFC 4555) support in iked(8), with us acting asPatrick Wildt
2017-11-15Reset the OCSP URL on config reload. Otherwise we end up not beingPatrick Wildt
2017-04-24Fix configuration of ASN1_DN IDs.Reyk Floeter
2017-03-28Remove RSA from the list of keywords, lookup is now done in a table.Reyk Floeter
2017-03-27Factor out flows into separate configuration messagesMike Belopuhov
2017-03-27Add support for RFC4754 (ECDSA) and RFC7427 authentication.Reyk Floeter
2017-01-20Check bounds of the flows array when configuring traffic selectorsMike Belopuhov
2017-01-05Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQKenneth R Westerback
2017-01-04Remove modular exponential groups specified in RFC5114Mike Belopuhov
2016-09-03Add the missing bits to have NAT on enc(4) support in iked.Vincent Gross
2016-08-06Unbreak PSK authentication, broken by previous.Pascal Stumpf
2016-07-20When parsing the configuration. initialize the auth structureReyk Floeter
2016-06-21do not allow whitespace in macro names, i.e. "this is" = "a variable".Sebastian Benoit
2015-12-09Remove plain DES encryption from IPsec.Christian Weisgerber
2015-11-04Support Chacha20-Poly1305 for Child SAs; ok reykMike Belopuhov
2015-10-31RFC4754 specifies ECDSA-521 (sic), not -512. ok reyk@Christian Weisgerber
2015-10-02Remove MD5 from the default proposals. At least SHA1 seems to be theReyk Floeter
2015-08-21Switch iked to C99-style fixed-width integer types.Reyk Floeter
2015-08-19spacing (no binary change, verified with checksums)Reyk Floeter
2015-07-03Terminate 'config' keyword array with a NULL element.Mike Belopuhov
2015-06-03Do not assume that asprintf() clears the pointer on failure, whichTodd C. Miller
2015-02-08Use AI_ADDRCONFIG when resolv hosts on startup.Reyk Floeter
2015-01-19Remove unnecessary <netinet/ip_ipsp.h> includesMike Belopuhov
2015-01-16Replace <sys/param.h> with <limits.h> and other less dirty headers whereTheo de Raadt
2015-01-12Don't forget about protocol specification when configuring flows.Mike Belopuhov
2014-11-20Don't allow embedded nul characters in strings.Jonathan Gray
2014-11-14Add gcc printf format attributes to iked's parse.y and remove unusedDoug Hogan
2014-08-27Add support for Curve25519 using the public domain code that is foundReyk Floeter
2014-08-25Add support for DH groups 27-30 using the Brainpool curves which haveReyk Floeter
2014-05-06initiate ike sa rekeying (ikesalifetime keyword), re-queue pfkeyMarkus Friedl
2014-02-17basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"'Markus Friedl
2014-02-14initial support for IPCompMarkus Friedl
2014-01-22relax the cfg file secrecy check slightly to allow group readabilityHenning Brauer
2013-12-03never cast to sockaddr_storage, always cast to the abstract 'class' sockaddrMarkus Friedl
2013-11-28support raw pubkey authentication w/o x509 certificates;Markus Friedl