summaryrefslogtreecommitdiff
path: root/sbin/iked
AgeCommit message (Expand)Author
2020-12-29getifaddrs() can return entries where ifa_addr is NULL. Check for thisSebastian Benoit
2020-12-28Add back keyword "any" to match any IP address, which actually workstobhe
2020-12-27Fix "any" and "dynamic" keywords for flows and add proper IPv6 support.tobhe
2020-12-22Log SPI with SPI_SH() wherever possible.tobhe
2020-12-21Use policy_test() to reassign existing SAs to updated policies aftertobhe
2020-12-20Don't leak ipsec_hosts when building hosts_list.tobhe
2020-12-17Use strtonum() instead of atoi() to parse port option.tobhe
2020-12-17Sort command line options.tobhe
2020-12-15Fix leak of REQUEST string.tobhe
2020-12-13Make sure flow src and dst addresses have the same address family.tobhe
2020-12-11The keyword "any" does not actually work properly for traffic selectors.tobhe
2020-12-10Print valid ikesa/childsa configuration at startup. Comma seperatedtobhe
2020-12-06Add support for RSASSA-PSS signature verification (RFC 7427).tobhe
2020-12-05Make len unsigned.tobhe
2020-12-04Log pfkey type and message length on write failure.tobhe
2020-12-03Fix type mismatch. auth_method should be uint8_t.tobhe
2020-12-02The skip steps must be set up for each attribute independentlytobhe
2020-12-01Don't log ESRCH as warning.tobhe
2020-11-30We need to rekey every child SA (even if acquired): Otherwise we cantobhe
2020-11-29Add 'set stickyaddress' option. If this option is enabled, iked will trytobhe
2020-11-28Add support for multiple address pools. The parser already allowstobhe
2020-11-27Remove redundant state change. ikev2_ikesa_delete() sets the correct state.tobhe
2020-11-26Use a counter instead of random IV for AES-GCM. Security depends ontobhe
2020-11-25Fix proposal error handling. If a proposal contains an unknown transformtobhe
2020-11-24Fix duplicate sa->sa_cp assignment.tobhe
2020-11-23Ignore duplicate sigsha2 notify, don't fail the exchange.tobhe
2020-11-22Fix comment typo.tobhe
2020-11-21Clean up NATT hack. Pass 'frompeer' as parameter instead of manipulatingtobhe
2020-11-20add -s to synopsis and usage; -S before -s in options list;Jason McIntyre
2020-11-20Add -s socket option to specify control socket. This can be useful iftobhe
2020-11-19More sa cleanup + constify.tobhe
2020-11-18Constify sa in ikev2_pld_eap(). The parser code must not change anytobhe
2020-11-17Remove redundant indirection via msg_parent. This is only needed intobhe
2020-11-16Reenable ikev2_init_auth() return value check. Make sure sa_stateok()tobhe
2020-11-16Backout ikev2_init_auth() return check to fix regression withtobhe
2020-11-15Document new 'dynamic' keyword to create flows from or to a dynamicallytobhe
2020-11-14Make sure not to replace 0.0.0.0 with dynamic address if it is a a networktobhe
2020-11-13addr_net is already checked in ikev2_cp_setaddr() before sessingtobhe
2020-11-12Close SA if ikev2_init_auth() fails.tobhe
2020-11-12Fail if ikev2_init_ike_auth() is entered with invalid state.tobhe
2020-11-11Cleanup after proc_init() in proc_close().tobhe
2020-11-07Implement 'from dynamic', which installs flows where 'dynamic' is replacedtobhe
2020-11-06Set correct netmask on patched addresses for debug printing.tobhe
2020-11-05Enable support for ASN1_DN ipsec identifiers.Peter Hessler
2020-11-04Add check for static id size.tobhe
2020-11-03Add 'any' keyword for request to allow 'request address any'.tobhe
2020-11-01Add 'dynamic' keyword to configure flows to dynamically assigned addresses.tobhe
2020-10-30Add missing bits to make 'request addr 0.0.0.0' accept ANY dynamic address.tobhe
2020-10-30style(9)tobhe
2020-10-30Whitespace fixes.tobhe