summaryrefslogtreecommitdiff
path: root/sbin/iked
AgeCommit message (Expand)Author
2020-03-24Make our CERTREQ payload handling less strict. If we can not find atobhe
2020-03-24Always clear sa_simult when initiating a new CREATE_CHILD_SA exchange, nottobhe
2020-03-24The certreq payload has no use in PSK authenticated exchanges. Once we aretobhe
2020-03-24Fix user database corruption from 'ikectl reload'. Copy only the new passwordtobhe
2020-03-22Add 'ikectl show sa' command to print information about the state oftobhe
2020-03-20Unset 'sa->sa_simult' when the exchange fails with CHILD_SA_NOT_FOUND.tobhe
2020-03-18Add 'ikectl reset id <ID>' command to reset all SAs from policies withtobhe
2020-03-16Handle allocation failure in reallocarry. Print errors with log_info.tobhe
2020-03-16Correctly calculate IPv6 address leases from small address pools.tobhe
2020-03-10Relookup policy based on received cryptographic parameter proposal.tobhe
2020-03-10Make sure 'pooladdr' is zero initialized.tobhe
2020-03-10Fix memory leak of 'cr' if allocation of 'cr->data' fails.tobhe
2020-03-10Make sure ikev2_next_payload() is only called when there is a previoustobhe
2020-03-10Return when SA lookup fails in ikev2_init_recv().tobhe
2020-03-10Delete dead code in ikev2_msg_valid_ike_sa().tobhe
2020-03-10Make sure 'e' is NULL initialized to prevent nullptr dereference intobhe
2020-03-09Use TAILQ_FOREACH_SAFE instead of hand rolled loops.tobhe
2020-03-01When the proposals are first matched the responder doestobhe
2020-02-21Add transport mode for child SAs. This is useful for GRE over IPsec andtobhe
2020-02-16Quote variables in pf tag stringskn
2020-02-14Switch from EVP_SignInit_ex() to the newer EVP_DigestSignInit()tobhe
2020-02-13Constify "buf" argument in print_hex and print_hexval.tobhe
2020-02-10briefly mention /etc/examples/ in the FILES section of all theIngo Schwarze
2020-01-22delete wasteful ;;Theo de Raadt
2020-01-21use an underscore for -p's argument, rather than hyphen: matches SYNOPSISJason McIntyre
2020-01-16Add '-p' command line option which allows to configuretobhe
2020-01-15Support multiple x509 extensions and extensions with multipletobhe
2020-01-15s/deprecated/ignored/ in the warning message if -6 is used; the optionStuart Henderson
2020-01-15If we don't find a certificate signed by a trusted CAtobhe
2020-01-14Remove IPsec flow blocking unencrypted IPv6 traffic which wastobhe
2020-01-08Unify duplicate NOTIFY payload construction code in ikev2_add_notify andtobhe
2020-01-07Link ESP-SA and IPcomp-SA using GRPSPIS instead of using a self-builttobhe
2019-12-28Refactor child SA cleanup.tobhe
2019-12-10We can receive a delete and free an SA that is referenced in sa_nextr.tobhe
2019-12-03Correctly represent flows as traffic selectors as described in RFC 7296. Thistobhe
2019-12-01Explain how ipcomp can be enabled.tobhe
2019-11-30The message sent in config_setmode starts the handshake in the ikev2 processtobhe
2019-11-30Log loaded SPIs and flows.tobhe
2019-11-29Change the default security level for incoming IPsec flows fromtobhe
2019-11-28Merge host_v{4,6}() into host_ip(), simplify host()kn
2019-11-28Introduce copy_sockaddrtoipa() and set_ipmask() bits from pfctlkn
2019-11-28Move Notify and Certreq payload handlers after the parser. Modify SA statetobhe
2019-11-18Enable ESP UDP-encapsulation with '-t' flag.tobhe
2019-11-15IKEv2 message fragments of the same message have the same msg_id. Whentobhe
2019-11-15Fix error handling in ikev2_msg_send.tobhe
2019-11-13Log reason whenever a child SA is freed. This makes it easier totobhe
2019-11-12fix a formatting warning;Jason McIntyre
2019-11-12Add configuration options to explicitly specify ESN support for child SAs.tobhe
2019-11-11Cleanup message retransmission handling with new helper functions.tobhe
2019-09-26Use SPI_SA() instead of __func__ in all logging calls. Use log_infotobhe
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-01 10:04:49 +0000