summaryrefslogtreecommitdiff
path: root/sbin/iked/policy.c
AgeCommit message (Expand)Author
2016-06-01Implement a second address pool specifically for IPv6, so thatPatrick Wildt
2015-10-20Fix ocsp by adding a missing TAILQ_INIT().Reyk Floeter
2015-10-01Fix interoperability with Apple iOS9: If we don't get a (valid)Reyk Floeter
2015-08-21Switch iked to C99-style fixed-width integer types.Reyk Floeter
2015-08-19spacing (no binary change, verified with checksums)Reyk Floeter
2015-07-07repair policy-ikesa-linking by replacing the broken RB_TREE w/TAILQMarkus Friedl
2015-01-16Replace <sys/param.h> with <limits.h> and other less dirty headers whereTheo de Raadt
2014-11-07Fixup a few problems with EAP state transitionMike Belopuhov
2014-05-06initiate ike sa rekeying (ikesalifetime keyword), re-queue pfkeyMarkus Friedl
2014-05-06cleanup IKE-SA tree handling (fixes repeated-insert & double-remove)Markus Friedl
2014-04-29make sure the state machine only advances if the AUTH payload hasMarkus Friedl
2014-02-21support rekeying for IPCOMP; ok mikeb@Markus Friedl
2014-02-17interpret 'config address net/prefix' as a pool of addresses andMarkus Friedl
2014-01-24re-lookup the policy as soon as we have the ID of the peer (destid)Markus Friedl
2014-01-24make sure sa_lookup() can actually find SAs; ok mikebMarkus Friedl
2013-12-03never cast to sockaddr_storage, always cast to the abstract 'class' sockaddrMarkus Friedl
2013-11-28sa_lookup: don't compare with sh_rspi if rspi is not setMarkus Friedl
2013-11-28sa_new(): discard & free duplicate IKESAs; ok mibek@Markus Friedl
2013-10-24no need for netinet/ip_var.h (and friends)Theo de Raadt
2013-01-08Remove private CVS tag from an obsolete repository and bump copyrightReyk Floeter
2012-12-15Don't dereference NULL pointers (and some cleanup here).Reyk Floeter
2012-09-18update email addresses to match reality.Reyk Floeter
2012-05-30when changing peer's address in the SA, remove the old entry from theMike Belopuhov
2011-05-02store the peer address as it was specified in the policy in theMike Belopuhov
2011-04-18Improve the iked acquire mode peer <-> policy matching. This changeReyk Floeter
2011-04-18When the kernel wants to acquire an SA for an unknown flow, lookup aReyk Floeter
2011-01-26get rid of acquire flows completely, as they tend to pass trafficMike Belopuhov
2011-01-21Reimplement the iked(8) policy evaluation for incoming connections toReyk Floeter
2011-01-18reyk noticed that my rb-tree-fu is not that great. fixup compare functionMike Belopuhov
2011-01-17Add initial acquire mode support and use it whenever Windows peers decideMike Belopuhov
2010-12-22child sa rekeying revamp plus numerous bugfixes;Mike Belopuhov
2010-07-03Better non-debug logging messages when a session is established/closed.Reyk Floeter
2010-06-27print the required bits as a stringReyk Floeter
2010-06-15only compare the SPIi in the SA treeReyk Floeter
2010-06-14Initiator mode with certificates; needs more work but works.Reyk Floeter
2010-06-14Initial support for initiator mode which allows to run iked as aReyk Floeter
2010-06-14remove policy lookup debug messageReyk Floeter
2010-06-14restructure code a bit to move closer to initiator mode:Reyk Floeter
2010-06-14More code for initiator mode (not finished yet)Reyk Floeter
2010-06-10Add another tree to lookup policy SAs by peer address.Reyk Floeter
2010-06-10only call RB_REMOVE once when removing an SA.Reyk Floeter
2010-06-03Import iked, a new implementation of the IKEv2 protocol.Reyk Floeter
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-25 07:51:15 +0000