Age | Commit message (Expand) | Author |
2019-11-29 | Change the default security level for incoming IPsec flows from | tobhe |
2018-12-07 | Make sure the TAP extension is only added to the vector when needed. | Martin Pieuchot |
2017-11-27 | Implement MOBIKE (RFC 4555) support in iked(8), with us acting as | Patrick Wildt |
2017-04-18 | use freezero() | Theo de Raadt |
2017-03-27 | spacing | Reyk Floeter |
2017-03-27 | Fix another iked leak of SAs in pfkey_sa(), copy tags correctly. | Reyk Floeter |
2017-03-13 | NAT-T improvements | Reyk Floeter |
2017-03-13 | When setting up IPcomp flows for the networks 'A' and 'B' between | Patrick Wildt |
2017-02-28 | Depending on the addresses, ipsecctl(8) automatically groups sa | Alexander Bluhm |
2016-09-03 | Add the missing bits to have NAT on enc(4) support in iked. | Vincent Gross |
2016-03-07 | http -> https for IETF/IANA URLs in comments | mmcc |
2015-12-10 | comment typo | mmcc |
2015-12-09 | Remove plain DES encryption from IPsec. | Christian Weisgerber |
2015-12-02 | remove unimplemented PF_KEY algorithms; ok sthen@ mpi@ mikeb@ | Christian Weisgerber |
2015-11-04 | Support Chacha20-Poly1305 for Child SAs; ok reyk | Mike Belopuhov |
2015-10-15 | Remove some unnecessary NULL-checks before free(). Change two bzero() | mmcc |
2015-08-26 | use 0xffff not 0xfffff for a 16 bit port constant | Jonathan Gray |
2015-08-21 | Switch iked to C99-style fixed-width integer types. | Reyk Floeter |
2015-07-17 | Assign correct destination port value for the destination netmask. | Mike Belopuhov |
2015-06-05 | Fix coupling and decoupling operations. | vgross |
2015-01-16 | Replace <sys/param.h> with <limits.h> and other less dirty headers where | Theo de Raadt |
2014-10-29 | convert simple cases of select() to poll() | Theo de Raadt |
2014-10-18 | Simple malloc() to reallocarray() conversion to potentially avoid integer | Doug Hogan |
2014-07-09 | expire IPcomp SAs too; ok mikeb (some time ago) | Markus Friedl |
2014-05-09 | get rid of redundant {csa,flow}_{src,dst}id pointers, so we don't need | Markus Friedl |
2014-05-09 | replace iked_transform pointer with xform id, since target of pointer | Markus Friedl |
2014-05-07 | try postponed requests first, so we do in-order processing; ok mikeb@ | Markus Friedl |
2014-05-06 | initiate ike sa rekeying (ikesalifetime keyword), re-queue pfkey | Markus Friedl |
2014-05-05 | pfkey is unreliable, so add a select-timeout before MSG_PEEK; | Markus Friedl |
2014-05-05 | don't leak on pid mismatch; ok mikeb | Markus Friedl |
2014-05-05 | change surprisingly consistent mispelling of length ("lenght") | Bret Lambert |
2014-04-25 | don't access a pointer till after the null check | Jonathan Gray |
2014-02-21 | support rekeying for IPCOMP; ok mikeb@ | Markus Friedl |
2014-02-14 | initial support for IPComp | Markus Friedl |
2014-01-22 | implement DPD similar to isakmpd, but only send DPD-messages 'on-demand' | Markus Friedl |
2013-12-03 | never cast to sockaddr_storage, always cast to the abstract 'class' sockaddr | Markus Friedl |
2013-11-14 | ignore messages for other daemons, like isakmpd does; ok mikeb | Markus Friedl |
2013-11-14 | setup pfkey timer before use; ok mikeb | Markus Friedl |
2013-03-21 | remove excessive includes | Theo de Raadt |
2013-01-08 | Remove private CVS tag from an obsolete repository and bump copyright | Reyk Floeter |
2012-11-29 | Prevent VPN traffic leakages in dual-stack hosts/networks. | Reyk Floeter |
2012-10-23 | Change the order of variables just to shrink the diff to the (not yet | Reyk Floeter |
2012-09-18 | update email addresses to match reality. | Reyk Floeter |
2012-06-29 | Add missing ESN bits | Mike Belopuhov |
2012-03-24 | fix some leaks | Jonathan Gray |
2011-05-27 | spacing | Reyk Floeter |
2011-05-05 | rename iked_proc* to privsep_proc*. no functional change. | Reyk Floeter |
2011-01-26 | get rid of acquire flows completely, as they tend to pass traffic | Mike Belopuhov |
2011-01-21 | split pfkey initialization into a privileged and unprivileged part to | Reyk Floeter |
2011-01-17 | Add initial acquire mode support and use it whenever Windows peers decide | Mike Belopuhov |