summaryrefslogtreecommitdiff
path: root/sbin/iked
AgeCommit message (Expand)Author
2021-02-08Clean up kernel IPsec flows and security associations on shutdown.tobhe
2021-02-07Free X509_STOREs in ca_shutdown().tobhe
2021-02-07Fix address leaks in expand_flows().tobhe
2021-02-04Rename 'struct group' to 'struct dh_group' for more clarity andtobhe
2021-02-04EC_POINT_get_affine_coordinates_GFp() and EC_POINT_get_affine_coordinates_GF2m()tobhe
2021-02-04Upgrade to OpenSSL 1.1 compatible crypto API. Add additionaltobhe
2021-02-01Take flows into consideration for policy lookup as initiator.tobhe
2021-02-01Whitespacetobhe
2021-01-31Ignore addresses that are not 0/32 (dynamic) in ikev2_cp_fixaddr()tobhe
2021-01-31Don't leak flows if ikev2_cp_fixflow() fails.tobhe
2021-01-29Add proper padding for pfkey messages. Use ROUNDUP() for auth andtobhe
2021-01-28Extern privsep_process. Fixes compilation with -fno-common.mortimer
2021-01-26Add support for RSA-PSS PKCS1 signatures. Don't enable them bytobhe
2021-01-24hmac-sha2-384 and hmac-sha2-512 are enabled by default.tobhe
2021-01-23Fix typos.tobhe
2021-01-21Handle NO_PROPOSAL_CHOSEN for CREATE_CHILD_SA.tobhe
2021-01-21Add support for INVALID_KE_PAYLOAD in CREATE_CHILD_SAtobhe
2021-01-20Make sure to enforce matching dstid as initiator. Use policy lookuptobhe
2021-01-18Sync SA configuration payload to new SA after IKE SA rekeying.tobhe
2020-12-29getifaddrs() can return entries where ifa_addr is NULL. Check for thisSebastian Benoit
2020-12-28Add back keyword "any" to match any IP address, which actually workstobhe
2020-12-27Fix "any" and "dynamic" keywords for flows and add proper IPv6 support.tobhe
2020-12-22Log SPI with SPI_SH() wherever possible.tobhe
2020-12-21Use policy_test() to reassign existing SAs to updated policies aftertobhe
2020-12-20Don't leak ipsec_hosts when building hosts_list.tobhe
2020-12-17Use strtonum() instead of atoi() to parse port option.tobhe
2020-12-17Sort command line options.tobhe
2020-12-15Fix leak of REQUEST string.tobhe
2020-12-13Make sure flow src and dst addresses have the same address family.tobhe
2020-12-11The keyword "any" does not actually work properly for traffic selectors.tobhe
2020-12-10Print valid ikesa/childsa configuration at startup. Comma seperatedtobhe
2020-12-06Add support for RSASSA-PSS signature verification (RFC 7427).tobhe
2020-12-05Make len unsigned.tobhe
2020-12-04Log pfkey type and message length on write failure.tobhe
2020-12-03Fix type mismatch. auth_method should be uint8_t.tobhe
2020-12-02The skip steps must be set up for each attribute independentlytobhe
2020-12-01Don't log ESRCH as warning.tobhe
2020-11-30We need to rekey every child SA (even if acquired): Otherwise we cantobhe
2020-11-29Add 'set stickyaddress' option. If this option is enabled, iked will trytobhe
2020-11-28Add support for multiple address pools. The parser already allowstobhe
2020-11-27Remove redundant state change. ikev2_ikesa_delete() sets the correct state.tobhe
2020-11-26Use a counter instead of random IV for AES-GCM. Security depends ontobhe
2020-11-25Fix proposal error handling. If a proposal contains an unknown transformtobhe
2020-11-24Fix duplicate sa->sa_cp assignment.tobhe
2020-11-23Ignore duplicate sigsha2 notify, don't fail the exchange.tobhe
2020-11-22Fix comment typo.tobhe
2020-11-21Clean up NATT hack. Pass 'frompeer' as parameter instead of manipulatingtobhe
2020-11-20add -s to synopsis and usage; -S before -s in options list;Jason McIntyre
2020-11-20Add -s socket option to specify control socket. This can be useful iftobhe
2020-11-19More sa cleanup + constify.tobhe
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-27 03:40:05 +0000