summaryrefslogtreecommitdiff
path: root/sbin/iked
AgeCommit message (Expand)Author
2013-06-29do not use Sx for sections outwith the page;Jason McIntyre
2013-06-13Add support for protected-subnet config types.Reyk Floeter
2013-05-22Move the gmac/null ciphers to a different table block, clearly labelled asStuart Henderson
2013-03-30Sync with latest IKEv2 Parameters from IANA. No functional change.Reyk Floeter
2013-03-21remove excessive includesTheo de Raadt
2013-03-11handle ECONNABORTED errors from accept(). In many code blocks they can beTheo de Raadt
2013-03-05cross referencing the manual page is better.Igor Sobrado
2013-03-05fix program name used in AUTHORS section.Igor Sobrado
2013-01-08Remove private CVS tag from an obsolete repository and bump copyrightReyk Floeter
2012-12-15Remove unused variables.Reyk Floeter
2012-12-15Don't print an error if the process exited normally.Reyk Floeter
2012-12-15Plug two memory leaks when cleaning up the dh/dsa crypto structures.Reyk Floeter
2012-12-15Fix a very hidden but harmless overflow in the MSCHAPv2 code.Reyk Floeter
2012-12-15Don't pass an uninitialized arg to ibuf_release(); initialize it to NULL.Reyk Floeter
2012-12-15Don't dereference NULL pointers (and some cleanup here).Reyk Floeter
2012-12-04remove some unnecessary sys/param.h inclusionsTheo de Raadt
2012-11-29use Nm instead of Xr to self;Jason McIntyre
2012-11-29Prevent VPN traffic leakages in dual-stack hosts/networks.Reyk Floeter
2012-11-16promote some debug messages to warnings; ok reykMike Belopuhov
2012-10-25Include the license and copyright notice in the generated files.Reyk Floeter
2012-10-25Move the arrays of default IKE and ESP transforms into parse.y insteadReyk Floeter
2012-10-23Change the order of variables just to shrink the diff to the (not yetReyk Floeter
2012-10-23Allow to overwrite a few more definitions like file paths from theReyk Floeter
2012-10-23Add a cast for input to inet_pton() to silence a possible but harmlessReyk Floeter
2012-10-22tweak previous;Jason McIntyre
2012-10-22Fix NAT-T support in iked, both on the initiator and the responderReyk Floeter
2012-10-11The RSA public keys will be found in a subdirectory of /etc/iked/Reyk Floeter
2012-10-09"If srcid is omitted, the default is to use the hostname of the localReyk Floeter
2012-09-25Correct DPADD to not list libssl which is not used by iked.Brad Smith
2012-09-22last stage of rfc changes, using consistent Rs/Re blocks, and moving theJason McIntyre
2012-09-18update email addresses to match reality.Reyk Floeter
2012-07-08if you use nitems() in userland, you must define it yourselfTheo de Raadt
2012-07-05when rekeying ike sa copy more info from the old one;Mike Belopuhov
2012-07-03Improve the key derivation function to produce correct keying materialMike Belopuhov
2012-07-02checking state flags make sense only when processing a responseMike Belopuhov
2012-07-02augment every sa_free call with a debugging log messageMike Belopuhov
2012-07-02Don't close IKE SA immediately after creating a new one when rekeying.Mike Belopuhov
2012-07-02a state machine is not worth the trouble when you've got a flag. doh!Mike Belopuhov
2012-06-30enable use of AES-{192,256}-CTR, and explicitly of AES-128-CTR, for IPsec ESPChristian Weisgerber
2012-06-29Add missing ESN bitsMike Belopuhov
2012-06-27leftover code re-enqueued the same item on the list multiple timesMike Belopuhov
2012-06-27prevent an endless loopMike Belopuhov
2012-06-26improve ikev2_msg_retransmit_timeoutMike Belopuhov
2012-06-26close SA when IKE_SA_INIT or IKE_AUTH exchanges fail;Mike Belopuhov
2012-06-26compare exchange types as well when looking up a message;Mike Belopuhov
2012-06-22Add initial support for retransmition timeouts and response retries.Mike Belopuhov
2012-06-22decouple timer initialization from timer_registerMike Belopuhov
2012-06-04Rounding up a number of bytes in a bignum returned by the BN_num_bytes()Mike Belopuhov
2012-05-30more timer changesMike Belopuhov
2012-05-30when changing peer's address in the SA, remove the old entry from theMike Belopuhov