summaryrefslogtreecommitdiff
path: root/sbin/iked/pfkey.c
AgeCommit message (Expand)Author
2016-09-03Add the missing bits to have NAT on enc(4) support in iked.Vincent Gross
2016-03-07http -> https for IETF/IANA URLs in commentsmmcc
2015-12-10comment typommcc
2015-12-09Remove plain DES encryption from IPsec.Christian Weisgerber
2015-12-02remove unimplemented PF_KEY algorithms; ok sthen@ mpi@ mikeb@Christian Weisgerber
2015-11-04Support Chacha20-Poly1305 for Child SAs; ok reykMike Belopuhov
2015-10-15Remove some unnecessary NULL-checks before free(). Change two bzero()mmcc
2015-08-26use 0xffff not 0xfffff for a 16 bit port constantJonathan Gray
2015-08-21Switch iked to C99-style fixed-width integer types.Reyk Floeter
2015-07-17Assign correct destination port value for the destination netmask.Mike Belopuhov
2015-06-05Fix coupling and decoupling operations.vgross
2015-01-16Replace <sys/param.h> with <limits.h> and other less dirty headers whereTheo de Raadt
2014-10-29convert simple cases of select() to poll()Theo de Raadt
2014-10-18Simple malloc() to reallocarray() conversion to potentially avoid integerDoug Hogan
2014-07-09expire IPcomp SAs too; ok mikeb (some time ago)Markus Friedl
2014-05-09get rid of redundant {csa,flow}_{src,dst}id pointers, so we don't needMarkus Friedl
2014-05-09replace iked_transform pointer with xform id, since target of pointerMarkus Friedl
2014-05-07try postponed requests first, so we do in-order processing; ok mikeb@Markus Friedl
2014-05-06initiate ike sa rekeying (ikesalifetime keyword), re-queue pfkeyMarkus Friedl
2014-05-05pfkey is unreliable, so add a select-timeout before MSG_PEEK;Markus Friedl
2014-05-05don't leak on pid mismatch; ok mikebMarkus Friedl
2014-05-05change surprisingly consistent mispelling of length ("lenght")Bret Lambert
2014-04-25don't access a pointer till after the null checkJonathan Gray
2014-02-21support rekeying for IPCOMP; ok mikeb@Markus Friedl
2014-02-14initial support for IPCompMarkus Friedl
2014-01-22implement DPD similar to isakmpd, but only send DPD-messages 'on-demand'Markus Friedl
2013-12-03never cast to sockaddr_storage, always cast to the abstract 'class' sockaddrMarkus Friedl
2013-11-14ignore messages for other daemons, like isakmpd does; ok mikebMarkus Friedl
2013-11-14setup pfkey timer before use; ok mikebMarkus Friedl
2013-03-21remove excessive includesTheo de Raadt
2013-01-08Remove private CVS tag from an obsolete repository and bump copyrightReyk Floeter
2012-11-29Prevent VPN traffic leakages in dual-stack hosts/networks.Reyk Floeter
2012-10-23Change the order of variables just to shrink the diff to the (not yetReyk Floeter
2012-09-18update email addresses to match reality.Reyk Floeter
2012-06-29Add missing ESN bitsMike Belopuhov
2012-03-24fix some leaksJonathan Gray
2011-05-27spacingReyk Floeter
2011-05-05rename iked_proc* to privsep_proc*. no functional change.Reyk Floeter
2011-01-26get rid of acquire flows completely, as they tend to pass trafficMike Belopuhov
2011-01-21split pfkey initialization into a privileged and unprivileged part toReyk Floeter
2011-01-17Add initial acquire mode support and use it whenever Windows peers decideMike Belopuhov
2011-01-12postpone processing of pfkey messages received in pfkey_reply instead ofMike Belopuhov
2010-12-22move and rename util.c:print_id() to ikev2.c:ikev2_print_id() becauseReyk Floeter
2010-12-22child sa rekeying revamp plus numerous bugfixes;Mike Belopuhov
2010-09-23support for aes-gcmMike Belopuhov
2010-07-01Add support for the tap extension (ikev2 ... tap "enc1") that willReyk Floeter
2010-06-26Include the Id type in the generated SA tag that is passed to theReyk Floeter
2010-06-14Initial support for initiator mode which allows to run iked as aReyk Floeter
2010-06-10add new commands: the couple/decouple commands will set loading of theReyk Floeter
2010-06-10simplify the pfkey code by adding a pfkey_write() functionReyk Floeter
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-30 23:19:43 +0000