summaryrefslogtreecommitdiff
path: root/sbin/iked/parse.y
AgeCommit message (Expand)Author
2017-12-01The RFC specifies that in an SA payload the proposals must be numberedPatrick Wildt
2017-11-27Implement MOBIKE (RFC 4555) support in iked(8), with us acting asPatrick Wildt
2017-11-15Reset the OCSP URL on config reload. Otherwise we end up not beingPatrick Wildt
2017-04-24Fix configuration of ASN1_DN IDs.Reyk Floeter
2017-03-28Remove RSA from the list of keywords, lookup is now done in a table.Reyk Floeter
2017-03-27Factor out flows into separate configuration messagesMike Belopuhov
2017-03-27Add support for RFC4754 (ECDSA) and RFC7427 authentication.Reyk Floeter
2017-01-20Check bounds of the flows array when configuring traffic selectorsMike Belopuhov
2017-01-05Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQKenneth R Westerback
2017-01-04Remove modular exponential groups specified in RFC5114Mike Belopuhov
2016-09-03Add the missing bits to have NAT on enc(4) support in iked.Vincent Gross
2016-08-06Unbreak PSK authentication, broken by previous.Pascal Stumpf
2016-07-20When parsing the configuration. initialize the auth structureReyk Floeter
2016-06-21do not allow whitespace in macro names, i.e. "this is" = "a variable".Sebastian Benoit
2015-12-09Remove plain DES encryption from IPsec.Christian Weisgerber
2015-11-04Support Chacha20-Poly1305 for Child SAs; ok reykMike Belopuhov
2015-10-31RFC4754 specifies ECDSA-521 (sic), not -512. ok reyk@Christian Weisgerber
2015-10-02Remove MD5 from the default proposals. At least SHA1 seems to be theReyk Floeter
2015-08-21Switch iked to C99-style fixed-width integer types.Reyk Floeter
2015-08-19spacing (no binary change, verified with checksums)Reyk Floeter
2015-07-03Terminate 'config' keyword array with a NULL element.Mike Belopuhov
2015-06-03Do not assume that asprintf() clears the pointer on failure, whichTodd C. Miller
2015-02-08Use AI_ADDRCONFIG when resolv hosts on startup.Reyk Floeter
2015-01-19Remove unnecessary <netinet/ip_ipsp.h> includesMike Belopuhov
2015-01-16Replace <sys/param.h> with <limits.h> and other less dirty headers whereTheo de Raadt
2015-01-12Don't forget about protocol specification when configuring flows.Mike Belopuhov
2014-11-20Don't allow embedded nul characters in strings.Jonathan Gray
2014-11-14Add gcc printf format attributes to iked's parse.y and remove unusedDoug Hogan
2014-08-27Add support for Curve25519 using the public domain code that is foundReyk Floeter
2014-08-25Add support for DH groups 27-30 using the Brainpool curves which haveReyk Floeter
2014-05-06initiate ike sa rekeying (ikesalifetime keyword), re-queue pfkeyMarkus Friedl
2014-02-17basic OCSP support. enable with 'set ocsp "http://10.0.0.10:8888/"'Markus Friedl
2014-02-14initial support for IPCompMarkus Friedl
2014-01-22relax the cfg file secrecy check slightly to allow group readabilityHenning Brauer
2013-12-03never cast to sockaddr_storage, always cast to the abstract 'class' sockaddrMarkus Friedl
2013-11-28support raw pubkey authentication w/o x509 certificates;Markus Friedl
2013-11-25use u_char for buffers in yylex, for ctype callsSebastian Benoit
2013-11-22Whole bunch of (unsigned char) casts carefully added for ctype calls.Theo de Raadt
2013-03-21remove excessive includesTheo de Raadt
2013-01-08Remove private CVS tag from an obsolete repository and bump copyrightReyk Floeter
2012-10-25Move the arrays of default IKE and ESP transforms into parse.y insteadReyk Floeter
2012-09-18update email addresses to match reality.Reyk Floeter
2012-06-30enable use of AES-{192,256}-CTR, and explicitly of AES-128-CTR, for IPsec ESPChristian Weisgerber
2012-06-29Add missing ESN bitsMike Belopuhov
2012-05-08rename espxforms to ipsecxforms for clarityMike Belopuhov
2012-03-24fix some leaksJonathan Gray
2011-05-27spacingReyk Floeter
2011-04-18When the kernel wants to acquire an SA for an unknown flow, lookup aReyk Floeter
2011-01-21Reimplement the iked(8) policy evaluation for incoming connections toReyk Floeter
2011-01-17move mask2prefixlen functions to the util module; ok reykMike Belopuhov