summaryrefslogtreecommitdiff
path: root/sbin/iked
AgeCommit message (Expand)Author
2014-01-22implement DPD similar to isakmpd, but only send DPD-messages 'on-demand'Markus Friedl
2014-01-22relax the cfg file secrecy check slightly to allow group readabilityHenning Brauer
2014-01-18Remove -Wbounded: it is now the compiler default.Martynas Venckus
2013-12-09distingush between sa_msgid not set and 0; otherwise we startMarkus Friedl
2013-12-04Use EVP_sha1 directly instead of doing the EVP_get_digestbyname lookup.Mike Belopuhov
2013-12-03never cast to sockaddr_storage, always cast to the abstract 'class' sockaddrMarkus Friedl
2013-11-28mark replaced flows as 'not loaded'; this can happen if bothMarkus Friedl
2013-11-28don't leak duplicate flows; ok mikeb@Markus Friedl
2013-11-28drop duplicate requestsMarkus Friedl
2013-11-28document sa_msgid & sa_reqid; ok mikeb@Markus Friedl
2013-11-28sa_lookup: don't compare with sh_rspi if rspi is not setMarkus Friedl
2013-11-28sa_new(): discard & free duplicate IKESAs; ok mibek@Markus Friedl
2013-11-28include hexdump in debug output only for -vvv; ok mikeb@Markus Friedl
2013-11-28support raw pubkey authentication w/o x509 certificates;Markus Friedl
2013-11-25use u_char for buffers in yylex, for ctype callsSebastian Benoit
2013-11-22Whole bunch of (unsigned char) casts carefully added for ctype calls.Theo de Raadt
2013-11-21Make the bit string u_char * in print_bits(). In practice weTodd C. Miller
2013-11-15Cope with the EAGAIN API change for msgbuf_write()Mike Belopuhov
2013-11-14ignore messages for other daemons, like isakmpd does; ok mikebMarkus Friedl
2013-11-14setup pfkey timer before use; ok mikebMarkus Friedl
2013-11-14pass caller to ca_sslerror for better error messages; ok mikebMarkus Friedl
2013-11-14verify EC points; from hshoexer; ok mikebMarkus Friedl
2013-11-14not need to specify OBJDIR; ok mikebMarkus Friedl
2013-11-01altq -> new queue in examplesHenning Brauer
2013-10-24no need for netinet/ip_var.h (and friends)Theo de Raadt
2013-09-26After some manipulations with the buffer, ike message header (hdr)Mike Belopuhov
2013-07-16Add missing .Mt macros for AUTHORS email addresses.Ingo Schwarze
2013-06-29do not use Sx for sections outwith the page;Jason McIntyre
2013-06-13Add support for protected-subnet config types.Reyk Floeter
2013-05-22Move the gmac/null ciphers to a different table block, clearly labelled asStuart Henderson
2013-03-30Sync with latest IKEv2 Parameters from IANA. No functional change.Reyk Floeter
2013-03-21remove excessive includesTheo de Raadt
2013-03-11handle ECONNABORTED errors from accept(). In many code blocks they can beTheo de Raadt
2013-03-05cross referencing the manual page is better.Igor Sobrado
2013-03-05fix program name used in AUTHORS section.Igor Sobrado
2013-01-08Remove private CVS tag from an obsolete repository and bump copyrightReyk Floeter
2012-12-15Remove unused variables.Reyk Floeter
2012-12-15Don't print an error if the process exited normally.Reyk Floeter
2012-12-15Plug two memory leaks when cleaning up the dh/dsa crypto structures.Reyk Floeter
2012-12-15Fix a very hidden but harmless overflow in the MSCHAPv2 code.Reyk Floeter
2012-12-15Don't pass an uninitialized arg to ibuf_release(); initialize it to NULL.Reyk Floeter
2012-12-15Don't dereference NULL pointers (and some cleanup here).Reyk Floeter
2012-12-04remove some unnecessary sys/param.h inclusionsTheo de Raadt
2012-11-29use Nm instead of Xr to self;Jason McIntyre
2012-11-29Prevent VPN traffic leakages in dual-stack hosts/networks.Reyk Floeter
2012-11-16promote some debug messages to warnings; ok reykMike Belopuhov
2012-10-25Include the license and copyright notice in the generated files.Reyk Floeter
2012-10-25Move the arrays of default IKE and ESP transforms into parse.y insteadReyk Floeter
2012-10-23Change the order of variables just to shrink the diff to the (not yetReyk Floeter
2012-10-23Allow to overwrite a few more definitions like file paths from theReyk Floeter