summaryrefslogtreecommitdiff
path: root/sbin/iked
AgeCommit message (Expand)Author
2017-02-28Depending on the addresses, ipsecctl(8) automatically groups saAlexander Bluhm
2017-02-24In a scenario where a config reload happens during an IKE_AUTH exchange,Patrick Wildt
2017-02-03Stop assuming that in_{addr,port}_t are typedefed in <sys/types.h> andPhilip Guenther
2017-01-20Add a warning when the address pool is exhaustedMike Belopuhov
2017-01-20Constify the data argument for ibuf_newMike Belopuhov
2017-01-20Reset various pointers in ikev2_msg_cleanupMike Belopuhov
2017-01-20Make sure to free reference to the public key after decodingMike Belopuhov
2017-01-20Closed SAs should never be treated as validMike Belopuhov
2017-01-20Check bounds of the flows array when configuring traffic selectorsMike Belopuhov
2017-01-20Verify the certificate imsg payload sizeMike Belopuhov
2017-01-20Include only found SPIs into the PAYLOAD_DELETE messageMike Belopuhov
2017-01-20Minor formatting fixMike Belopuhov
2017-01-20New RFC7383 defineMike Belopuhov
2017-01-17Nuke some whitespace that keeps poking me in the eye as I try toKenneth R Westerback
2017-01-09Stop accessing verbose and debug variables from log.c directly.Reyk Floeter
2017-01-09Replace hand-rolled for(;;) traversal of ctl_conns TAILQ withKenneth R Westerback
2017-01-08Sync log.c with the latest version from vmd/log.c that preserves errnoReyk Floeter
2017-01-05Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQKenneth R Westerback
2017-01-04Remove modular exponential groups specified in RFC5114Mike Belopuhov
2017-01-03Fix pledge of the ca process by calling the right function on startup.Reyk Floeter
2016-11-28ikelifetime time spec is the same the one for lifetimeMike Belopuhov
2016-10-12copy updated log.c from vmd: for correctness, save errno when doingReyk Floeter
2016-09-26Pass the flags argument of recvfromto down to the underlying recvmsgJeremie Courreges-Anglas
2016-09-13Disable the timer event before attempting to change itMike Belopuhov
2016-09-04Forward IMSG_CTL_VERBOSE via the parent; this fixes a crash when doingReyk Floeter
2016-09-04Now that we have IP_SENDSRCADDR, add sendtofrom().Vincent Gross
2016-09-03Add the missing bits to have NAT on enc(4) support in iked.Vincent Gross
2016-08-06Unbreak PSK authentication, broken by previous.Pascal Stumpf
2016-07-20When parsing the configuration. initialize the auth structureReyk Floeter
2016-06-21do not allow whitespace in macro names, i.e. "this is" = "a variable".Sebastian Benoit
2016-06-02Use the last 32-bits of the IPv6 address to dynamically assignPatrick Wildt
2016-06-01Implement a second address pool specifically for IPv6, so thatPatrick Wildt
2016-06-01ikev2_cp_fixaddr() is called to replace unspecified (e.g. 0.0.0.0)Patrick Wildt
2016-03-07http -> https for IETF/IANA URLs in commentsmmcc
2016-01-27fyx typo. s,dynanic,dynamic,Gleydson Soares
2015-12-10comment typommcc
2015-12-09Remove plain DES encryption from IPsec.Christian Weisgerber
2015-12-07Add imsg "peerid" to debug messages (only within -DDEBUG).Reyk Floeter
2015-12-07Sync proc.c, use shorter proc_compose[v]()Reyk Floeter
2015-12-07sync with vmdReyk Floeter
2015-12-05EAGAIN handling for imsg_read. OK henning@ benno@Claudio Jeker
2015-12-02remove unimplemented PF_KEY algorithms; ok sthen@ mpi@ mikeb@Christian Weisgerber
2015-11-23Replace socket_set_blockmode() and fcntl(fd, F_SETFL, O_NONBLOCK) callsReyk Floeter
2015-11-22Update log.c: change fatal() and fatalx() into variadic functions,Reyk Floeter
2015-11-21Once again, fix the license text. After many years, we just cannotReyk Floeter
2015-11-21Move local logging functions to util.c (which is shared with ikectl),Reyk Floeter
2015-11-19Simplify all instances of get_string() and get_data() using malloc() andmmcc
2015-11-18pledge exposed a simple bug: the unprivileged child tried to print theReyk Floeter
2015-11-04Support Chacha20-Poly1305 for Child SAs; ok reykMike Belopuhov
2015-11-01replace "can not" with "cannot";Jason McIntyre