summaryrefslogtreecommitdiff
path: root/sbin/iked/pfkey.c
AgeCommit message (Expand)Author
2023-08-14Improve error message when if_indextoname() fails.Tobias Heider
2023-08-11Add iked support for route based sec(4) tunnels.Tobias Heider
2023-06-13iked: introduce and use print_addr()Theo Buehler
2022-07-22Fix potential leak of reply in error case.Tobias Heider
2021-11-25Remove unused variable fd.Tobias Heider
2021-11-24Unregister event on pfkey socket during pfkey_reply(). Using eventsTobias Heider
2021-11-24Pass env to pfkey API. Consistently call pfkey file descriptor fd.Tobias Heider
2021-03-02Increase the size of iov in pfkey_sa() to be large enough for allJonathan Gray
2021-01-29Add proper padding for pfkey messages. Use ROUNDUP() for auth andtobhe
2021-01-23Fix typos.tobhe
2020-12-04Log pfkey type and message length on write failure.tobhe
2020-12-01Don't log ESRCH as warning.tobhe
2020-11-05Enable support for ASN1_DN ipsec identifiers.Peter Hessler
2020-09-09Delete dead code.tobhe
2020-08-28Rename ikev2_*_sa() functions to make clear they handle Child SAs.tobhe
2020-08-13Properly set flow_saproto for aquire.tobhe
2020-07-21Handle TEMPORARY_FAILURE notification on IKESA rekeying.tobhe
2020-07-19Try to deal with no reply from PF_KEY on pfkey_sa_add.tobhe
2020-06-26Replace SIMPLEQ concatenation loop with SIMPLEQ_CONCATbket
2020-05-13Remove dead 'iked_flow' member 'flow_type'.tobhe
2020-04-23Add support for switching rdomain on IPsec encryption/decryption.tobhe
2020-01-14Remove IPsec flow blocking unencrypted IPv6 traffic which wastobhe
2020-01-07Link ESP-SA and IPcomp-SA using GRPSPIS instead of using a self-builttobhe
2019-11-29Change the default security level for incoming IPsec flows fromtobhe
2018-12-07Make sure the TAP extension is only added to the vector when needed.Martin Pieuchot
2017-11-27Implement MOBIKE (RFC 4555) support in iked(8), with us acting asPatrick Wildt
2017-04-18use freezero()Theo de Raadt
2017-03-27spacingReyk Floeter
2017-03-27Fix another iked leak of SAs in pfkey_sa(), copy tags correctly.Reyk Floeter
2017-03-13NAT-T improvementsReyk Floeter
2017-03-13When setting up IPcomp flows for the networks 'A' and 'B' betweenPatrick Wildt
2017-02-28Depending on the addresses, ipsecctl(8) automatically groups saAlexander Bluhm
2016-09-03Add the missing bits to have NAT on enc(4) support in iked.Vincent Gross
2016-03-07http -> https for IETF/IANA URLs in commentsmmcc
2015-12-10comment typommcc
2015-12-09Remove plain DES encryption from IPsec.Christian Weisgerber
2015-12-02remove unimplemented PF_KEY algorithms; ok sthen@ mpi@ mikeb@Christian Weisgerber
2015-11-04Support Chacha20-Poly1305 for Child SAs; ok reykMike Belopuhov
2015-10-15Remove some unnecessary NULL-checks before free(). Change two bzero()mmcc
2015-08-26use 0xffff not 0xfffff for a 16 bit port constantJonathan Gray
2015-08-21Switch iked to C99-style fixed-width integer types.Reyk Floeter
2015-07-17Assign correct destination port value for the destination netmask.Mike Belopuhov
2015-06-05Fix coupling and decoupling operations.vgross
2015-01-16Replace <sys/param.h> with <limits.h> and other less dirty headers whereTheo de Raadt
2014-10-29convert simple cases of select() to poll()Theo de Raadt
2014-10-18Simple malloc() to reallocarray() conversion to potentially avoid integerDoug Hogan
2014-07-09expire IPcomp SAs too; ok mikeb (some time ago)Markus Friedl
2014-05-09get rid of redundant {csa,flow}_{src,dst}id pointers, so we don't needMarkus Friedl
2014-05-09replace iked_transform pointer with xform id, since target of pointerMarkus Friedl
2014-05-07try postponed requests first, so we do in-order processing; ok mikeb@Markus Friedl