summaryrefslogtreecommitdiff
path: root/sbin/iked
AgeCommit message (Expand)Author
2021-02-26Set RTF_GATEWAY for flow routes, not for host route.tobhe
2021-02-26Fix and improve handling of address families in vroute_getcloneroute().tobhe
2021-02-25Constify cipher API.tobhe
2021-02-24Use ASN1_STRING_get0_data() instead of the deprecated ASN1_STRING_data().tobhe
2021-02-22Don't pass 'id' as argument to make function signature match similartobhe
2021-02-21Don't explicitly send address family in IMSG_VROUTE_ADD. The receivingtobhe
2021-02-20Fail on invalid address family.tobhe
2021-02-19Fail on duplicate nonce payload.tobhe
2021-02-18Save one allocation by passing msg_nonce ownership instead of usingtobhe
2021-02-18Remove redundant ibuf_release. msg_ke is always NULL because of thetobhe
2021-02-18Pass ownership instead of duplicating ibuf msg_ke.tobhe
2021-02-16Fail on duplicate KE payload.tobhe
2021-02-13Add dynamic address configuration for roadwarrior clients.tobhe
2021-02-12Fix local and peer addresses in policy lookup for dangling SAstobhe
2021-02-11Explicitly unset IKED_REQ_CERTVALID before sending cert to ca process.tobhe
2021-02-10Delay deletion of IKE SAs on rekey when stickyaddress is enabled to maketobhe
2021-02-09Add optional 'group none' transform for child SAs and fix handling oftobhe
2021-02-08Clean up kernel IPsec flows and security associations on shutdown.tobhe
2021-02-07Free X509_STOREs in ca_shutdown().tobhe
2021-02-07Fix address leaks in expand_flows().tobhe
2021-02-04Rename 'struct group' to 'struct dh_group' for more clarity andtobhe
2021-02-04EC_POINT_get_affine_coordinates_GFp() and EC_POINT_get_affine_coordinates_GF2m()tobhe
2021-02-04Upgrade to OpenSSL 1.1 compatible crypto API. Add additionaltobhe
2021-02-01Take flows into consideration for policy lookup as initiator.tobhe
2021-02-01Whitespacetobhe
2021-01-31Ignore addresses that are not 0/32 (dynamic) in ikev2_cp_fixaddr()tobhe
2021-01-31Don't leak flows if ikev2_cp_fixflow() fails.tobhe
2021-01-29Add proper padding for pfkey messages. Use ROUNDUP() for auth andtobhe
2021-01-28Extern privsep_process. Fixes compilation with -fno-common.mortimer
2021-01-26Add support for RSA-PSS PKCS1 signatures. Don't enable them bytobhe
2021-01-24hmac-sha2-384 and hmac-sha2-512 are enabled by default.tobhe
2021-01-23Fix typos.tobhe
2021-01-21Handle NO_PROPOSAL_CHOSEN for CREATE_CHILD_SA.tobhe
2021-01-21Add support for INVALID_KE_PAYLOAD in CREATE_CHILD_SAtobhe
2021-01-20Make sure to enforce matching dstid as initiator. Use policy lookuptobhe
2021-01-18Sync SA configuration payload to new SA after IKE SA rekeying.tobhe
2020-12-29getifaddrs() can return entries where ifa_addr is NULL. Check for thisSebastian Benoit
2020-12-28Add back keyword "any" to match any IP address, which actually workstobhe
2020-12-27Fix "any" and "dynamic" keywords for flows and add proper IPv6 support.tobhe
2020-12-22Log SPI with SPI_SH() wherever possible.tobhe
2020-12-21Use policy_test() to reassign existing SAs to updated policies aftertobhe
2020-12-20Don't leak ipsec_hosts when building hosts_list.tobhe
2020-12-17Use strtonum() instead of atoi() to parse port option.tobhe
2020-12-17Sort command line options.tobhe
2020-12-15Fix leak of REQUEST string.tobhe
2020-12-13Make sure flow src and dst addresses have the same address family.tobhe
2020-12-11The keyword "any" does not actually work properly for traffic selectors.tobhe
2020-12-10Print valid ikesa/childsa configuration at startup. Comma seperatedtobhe
2020-12-06Add support for RSASSA-PSS signature verification (RFC 7427).tobhe
2020-12-05Make len unsigned.tobhe
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-20 23:34:14 +0000