summaryrefslogtreecommitdiff
path: root/sbin/iked/pfkey.c
AgeCommit message (Expand)Author
2019-11-29Change the default security level for incoming IPsec flows fromtobhe
2018-12-07Make sure the TAP extension is only added to the vector when needed.Martin Pieuchot
2017-11-27Implement MOBIKE (RFC 4555) support in iked(8), with us acting asPatrick Wildt
2017-04-18use freezero()Theo de Raadt
2017-03-27spacingReyk Floeter
2017-03-27Fix another iked leak of SAs in pfkey_sa(), copy tags correctly.Reyk Floeter
2017-03-13NAT-T improvementsReyk Floeter
2017-03-13When setting up IPcomp flows for the networks 'A' and 'B' betweenPatrick Wildt
2017-02-28Depending on the addresses, ipsecctl(8) automatically groups saAlexander Bluhm
2016-09-03Add the missing bits to have NAT on enc(4) support in iked.Vincent Gross
2016-03-07http -> https for IETF/IANA URLs in commentsmmcc
2015-12-10comment typommcc
2015-12-09Remove plain DES encryption from IPsec.Christian Weisgerber
2015-12-02remove unimplemented PF_KEY algorithms; ok sthen@ mpi@ mikeb@Christian Weisgerber
2015-11-04Support Chacha20-Poly1305 for Child SAs; ok reykMike Belopuhov
2015-10-15Remove some unnecessary NULL-checks before free(). Change two bzero()mmcc
2015-08-26use 0xffff not 0xfffff for a 16 bit port constantJonathan Gray
2015-08-21Switch iked to C99-style fixed-width integer types.Reyk Floeter
2015-07-17Assign correct destination port value for the destination netmask.Mike Belopuhov
2015-06-05Fix coupling and decoupling operations.vgross
2015-01-16Replace <sys/param.h> with <limits.h> and other less dirty headers whereTheo de Raadt
2014-10-29convert simple cases of select() to poll()Theo de Raadt
2014-10-18Simple malloc() to reallocarray() conversion to potentially avoid integerDoug Hogan
2014-07-09expire IPcomp SAs too; ok mikeb (some time ago)Markus Friedl
2014-05-09get rid of redundant {csa,flow}_{src,dst}id pointers, so we don't needMarkus Friedl
2014-05-09replace iked_transform pointer with xform id, since target of pointerMarkus Friedl
2014-05-07try postponed requests first, so we do in-order processing; ok mikeb@Markus Friedl
2014-05-06initiate ike sa rekeying (ikesalifetime keyword), re-queue pfkeyMarkus Friedl
2014-05-05pfkey is unreliable, so add a select-timeout before MSG_PEEK;Markus Friedl
2014-05-05don't leak on pid mismatch; ok mikebMarkus Friedl
2014-05-05change surprisingly consistent mispelling of length ("lenght")Bret Lambert
2014-04-25don't access a pointer till after the null checkJonathan Gray
2014-02-21support rekeying for IPCOMP; ok mikeb@Markus Friedl
2014-02-14initial support for IPCompMarkus Friedl
2014-01-22implement DPD similar to isakmpd, but only send DPD-messages 'on-demand'Markus Friedl
2013-12-03never cast to sockaddr_storage, always cast to the abstract 'class' sockaddrMarkus Friedl
2013-11-14ignore messages for other daemons, like isakmpd does; ok mikebMarkus Friedl
2013-11-14setup pfkey timer before use; ok mikebMarkus Friedl
2013-03-21remove excessive includesTheo de Raadt
2013-01-08Remove private CVS tag from an obsolete repository and bump copyrightReyk Floeter
2012-11-29Prevent VPN traffic leakages in dual-stack hosts/networks.Reyk Floeter
2012-10-23Change the order of variables just to shrink the diff to the (not yetReyk Floeter
2012-09-18update email addresses to match reality.Reyk Floeter
2012-06-29Add missing ESN bitsMike Belopuhov
2012-03-24fix some leaksJonathan Gray
2011-05-27spacingReyk Floeter
2011-05-05rename iked_proc* to privsep_proc*. no functional change.Reyk Floeter
2011-01-26get rid of acquire flows completely, as they tend to pass trafficMike Belopuhov
2011-01-21split pfkey initialization into a privileged and unprivileged part toReyk Floeter
2011-01-17Add initial acquire mode support and use it whenever Windows peers decideMike Belopuhov