summaryrefslogtreecommitdiff
path: root/sbin/iked/policy.c
AgeCommit message (Expand)Author
2020-08-15Remove dead assignments.tobhe
2020-08-06Delete commented out code.tobhe
2020-07-21Handle TEMPORARY_FAILURE notification on IKESA rekeying.tobhe
2020-07-16Make sure to update policy dependant SA fields after policy_lookup().tobhe
2020-06-03Pass sockaddr instead of sockaddr_storage to sa_address.tobhe
2020-05-26Add AES-GCM mode ciphers (IANA IDs 19 and 20) for IKEv2.tobhe
2020-05-13Remove unnecessary logging messages.tobhe
2020-05-11Fix policy lookup edge case for simultaneous transport and tunnel mode SAs.tobhe
2020-04-28The order of arguments to proposals_negotiate makes a difference.tobhe
2020-04-23Add support for switching rdomain on IPsec encryption/decryption.tobhe
2020-04-04It makes no sense to fall back to original policy if the relookup with thetobhe
2020-03-10Relookup policy based on received cryptographic parameter proposal.tobhe
2020-03-09Use TAILQ_FOREACH_SAFE instead of hand rolled loops.tobhe
2020-03-01When the proposals are first matched the responder doestobhe
2020-01-07Link ESP-SA and IPcomp-SA using GRPSPIS instead of using a self-builttobhe
2019-12-28Refactor child SA cleanup.tobhe
2019-12-10We can receive a delete and free an SA that is referenced in sa_nextr.tobhe
2019-12-03Correctly represent flows as traffic selectors as described in RFC 7296. Thistobhe
2019-11-30Log loaded SPIs and flows.tobhe
2019-11-13Log reason whenever a child SA is freed. This makes it easier totobhe
2019-08-12Prepend SPI to send and recv log messages to see which line belongs totobhe
2017-11-27Implement MOBIKE (RFC 4555) support in iked(8), with us acting asPatrick Wildt
2017-03-13Resolve simultaneous IKE SA rekeyingMike Belopuhov
2017-03-13When freeing a Child SA make sure it's peer no longer points to itMike Belopuhov
2017-03-13flow_cmp() must compare the same flow-attributes as the kernel,Patrick Wildt
2017-03-13We need to call policy_ref() for policies that have refcountingPatrick Wildt
2016-06-01Implement a second address pool specifically for IPv6, so thatPatrick Wildt
2015-10-20Fix ocsp by adding a missing TAILQ_INIT().Reyk Floeter
2015-10-01Fix interoperability with Apple iOS9: If we don't get a (valid)Reyk Floeter
2015-08-21Switch iked to C99-style fixed-width integer types.Reyk Floeter
2015-08-19spacing (no binary change, verified with checksums)Reyk Floeter
2015-07-07repair policy-ikesa-linking by replacing the broken RB_TREE w/TAILQMarkus Friedl
2015-01-16Replace <sys/param.h> with <limits.h> and other less dirty headers whereTheo de Raadt
2014-11-07Fixup a few problems with EAP state transitionMike Belopuhov
2014-05-06initiate ike sa rekeying (ikesalifetime keyword), re-queue pfkeyMarkus Friedl
2014-05-06cleanup IKE-SA tree handling (fixes repeated-insert & double-remove)Markus Friedl
2014-04-29make sure the state machine only advances if the AUTH payload hasMarkus Friedl
2014-02-21support rekeying for IPCOMP; ok mikeb@Markus Friedl
2014-02-17interpret 'config address net/prefix' as a pool of addresses andMarkus Friedl
2014-01-24re-lookup the policy as soon as we have the ID of the peer (destid)Markus Friedl
2014-01-24make sure sa_lookup() can actually find SAs; ok mikebMarkus Friedl
2013-12-03never cast to sockaddr_storage, always cast to the abstract 'class' sockaddrMarkus Friedl
2013-11-28sa_lookup: don't compare with sh_rspi if rspi is not setMarkus Friedl
2013-11-28sa_new(): discard & free duplicate IKESAs; ok mibek@Markus Friedl
2013-10-24no need for netinet/ip_var.h (and friends)Theo de Raadt
2013-01-08Remove private CVS tag from an obsolete repository and bump copyrightReyk Floeter
2012-12-15Don't dereference NULL pointers (and some cleanup here).Reyk Floeter
2012-09-18update email addresses to match reality.Reyk Floeter
2012-05-30when changing peer's address in the SA, remove the old entry from theMike Belopuhov
2011-05-02store the peer address as it was specified in the policy in theMike Belopuhov
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-11 08:16:32 +0000