Age | Commit message (Expand) | Author |
2019-09-26 | Use SPI_SA() instead of __func__ in all logging calls. Use log_info | tobhe |
2019-09-26 | Fix leaks by cleaning up after configuration parser. | tobhe |
2019-08-29 | Remove redundant ikev2_msg_valid_ike_sa() call. | tobhe |
2019-08-26 | Fix file descriptor leak in config parser. Inspired by bgpd parse.y. | tobhe |
2019-08-24 | Clarify "protected-subnet" option. | tobhe |
2019-08-24 | Fix conflict when IKE SA and Child SA rekeying happen at the same time. | tobhe |
2019-08-16 | Add explanation for the [IKE/ESP only] column of the transform table. | tobhe |
2019-08-16 | Fix segfault in parser when specifying an invalid transform. | tobhe |
2019-08-14 | Fix NAT traversal detection bug when "local" option is not explicitly | tobhe |
2019-08-12 | Prepend SPI to send and recv log messages to see which line belongs to | tobhe |
2019-07-03 | snprintf/vsnprintf return < 0 on error, rather than -1. | Theo de Raadt |
2019-06-28 | When system calls indicate an error they return -1, not some arbitrary | Theo de Raadt |
2019-05-11 | Add support for IKEv2 Message Fragmentation as defined in RFC 7383. | Patrick Wildt |
2019-05-10 | Set the IKED_REQ_INFORMATIONAL flag when sending a delete request | Patrick Wildt |
2019-05-10 | Enforce messages after IKE_SA_INIT exchange to contain only | Patrick Wildt |
2019-04-02 | When curve25519 was added to iked, it was based on the internet-draft and | Stuart Henderson |
2019-02-27 | update RFC references, from tobias_heider at genua.de, ok claudio@ | Stuart Henderson |
2019-02-26 | Fix sending IKEV2_CFG_INTERNAL_IP6_DNS, IKEV2_CFG_INTERNAL_IP6_NBNS, | Patrick Wildt |
2019-02-13 | (unsigned) means (unsigned int) which on ptrdiff_t or size_t or other | Theo de Raadt |
2018-12-07 | Make sure the TAP extension is only added to the vector when needed. | Martin Pieuchot |
2018-12-07 | Make sure that the prefixlen returned by mask2prefixlen6 is never bigger | Claudio Jeker |
2018-11-07 | sync cmdline_symset() changes with src/usr.sbin; OK sashan@ claudio@ | miko |
2018-11-01 | - odd condition/test in PF lexer | Alexandr Nedvedicky |
2018-08-06 | Remove cpath pledge(2) promise. We decided that not deleting the unix control | Ricardo Mestre |
2018-07-11 | Do for most running out of memory err() what was done for most running | Kenneth R Westerback |
2018-07-09 | No need to mention which memory allocation entry point failed (malloc, | Kenneth R Westerback |
2018-07-08 | Be consistent in warn() and log_warn() usage when | Kenneth R Westerback |
2018-07-03 | Rephrase a misleading sentence in iked(8), and add a missing | Stefan Sperling |
2018-06-22 | Use __func__ in log_debug calls. | rob |
2018-06-11 | Fix an off-by-one line count when using include statements. | denis |
2018-04-26 | Plug leak in error case of the common 'varset' implementations. | Kenneth R Westerback |
2018-03-22 | The iked(8) fuzzer did not fuzz encrypted payloads. With that changed | Patrick Wildt |
2018-03-16 | Consistently spell "IPsec" in comments and debug outputs. | Martin Pieuchot |
2018-03-05 | Outsource enabling/disabling the DPD and keepalive timers for SAs into | Patrick Wildt |
2018-01-31 | Add support for specifying multiple transforms within a single proposal. | Patrick Wildt |
2018-01-24 | Implement support for specifying multiple proposals. This means we can | Patrick Wildt |
2017-12-23 | Since ikev2_init_recv() is supposed to only handle responses to an | Patrick Wildt |
2017-12-13 | getsockname(2) needs to be passed the length of the input struct. | Patrick Wildt |
2017-12-07 | Change the SA payload parser to parse more than the first proposal. This | Patrick Wildt |
2017-12-05 | When sending out a proposal we create an SA/SPI for the Child SAs if we | Patrick Wildt |
2017-12-04 | Remove duplicate check that never could execute because the exact same | Patrick Wildt |
2017-12-04 | Consistently log "malformed payload" instead of "payload malformed", and | Patrick Wildt |
2017-12-04 | Remove check that is now a duplicate due to recent refactoring. | Patrick Wildt |
2017-12-04 | The payloads are layered like onions, so you can validate one layer and | Patrick Wildt |
2017-12-04 | Initialize variable, otherwise the pointer might contain stack garbage. | Patrick Wildt |
2017-12-03 | If we wanted to send out more proposals than just one, we need to set a | Patrick Wildt |
2017-12-03 | The RFC specifies that to accept a proposal, we must select a transform | Patrick Wildt |
2017-12-01 | The RFC specifies that in an SA payload the proposals must be numbered | Patrick Wildt |
2017-12-01 | Turns out that, as specified in the RFC, the initial Child SA does not | Patrick Wildt |
2017-11-30 | Add support for rejecting IKE SA messages. This means that we can reply | Patrick Wildt |