Age | Commit message (Expand) | Author |
2015-10-18 | Use explicit_bzero() when the memory is freed directly afterward. | mmcc |
2014-11-03 | simple conversion from select() to poll() | Theo de Raadt |
2012-06-30 | enable use of AES-{192,256}-CTR, and explicitly of AES-128-CTR, for IPsec ESP | Christian Weisgerber |
2012-03-24 | fix some leaks | Jonathan Gray |
2010-10-06 | Retire Skipjack | Mike Belopuhov |
2010-09-22 | Support AES-GCM-16 (as aes-gcm) and ENCR_NULL_AUTH_AES_GMAC | Mike Belopuhov |
2008-12-22 | Only warn about pfkey failures when errno is != EEXIST. | Hans-Joerg Hoexer |
2007-03-16 | move autodetection of the ID type to the parser. this way the | Markus Friedl |
2006-11-10 | Fix grouping for SAs. Now all combinations of SAs are possible, | Hans-Joerg Hoexer |
2006-08-30 | can get EAGAIN when writing to the pfkey socket; same change as bgpd, | Henning Brauer |
2006-06-08 | fix some indentation, noticed by david@ | Hans-Joerg Hoexer |
2006-06-01 | pfkey bits needed for SA grouping | Hans-Joerg Hoexer |
2006-06-01 | Support flows with port modifiers for proto tcp/udp, e.g. | Christian Weisgerber |
2006-06-01 | read the full reply from PFKEY even if sadb_errno is set; ok hshoexer | Markus Friedl |
2006-06-01 | correct error messages to match calloc where appropriate | Todd T. Fries |
2006-05-31 | whitespace cleanup | Hans-Joerg Hoexer |
2006-05-30 | implement monitor mode for ipsecctl. worked on with markus@ | Mathieu Sauve-Frankel |
2006-05-28 | kill trainling whitespace | Hans-Joerg Hoexer |
2006-05-28 | fill in AF_INET6 cases | Todd T. Fries |
2006-04-19 | "type" keyword to specify flow type (require, use, etc.) | Hans-Joerg Hoexer |
2006-03-31 | allow specification of encapsulated protocol for flows; ok hshoexer | Markus Friedl |
2006-03-30 | allow specification of outer local ips in flows (SADB_EXT_ADDRESS_SRC); ok hs... | Markus Friedl |
2006-03-07 | add support for special "bypass" and "deny" flows. | Reyk Floeter |
2005-12-06 | ipip support: ip-in-ip w/o gif(4); ok hshoexer | Markus Friedl |
2005-11-24 | Remove old-style keyed sha1/md5. We only support hmac-sha1/md5. | Hans-Joerg Hoexer |
2005-11-12 | spacing | Theo de Raadt |
2005-11-12 | handle transport/tunnel mode | Hans-Joerg Hoexer |
2005-11-06 | Improved address and address mask handling, derived from pfctl stuff. | Hans-Joerg Hoexer |
2005-11-06 | better handling of ip addresses, prepare for v6. Partially derived from diff | Hans-Joerg Hoexer |
2005-10-30 | add support for ipcomp. | Hans-Joerg Hoexer |
2005-10-17 | parse correctly flows using ipcomp. Glitch noticed by jared rr spiegel. | Hans-Joerg Hoexer |
2005-10-16 | cleanup messages generated by err(3) | Hans-Joerg Hoexer |
2005-08-22 | Teach ipsecctl to control isakmpd. | Hans-Joerg Hoexer |
2005-08-09 | Rewrite handling of transforms. Now both ah and esp can be specified and | Hans-Joerg Hoexer |
2005-08-08 | pfkey pieces for static keying, enable static keying | Hans-Joerg Hoexer |
2005-08-08 | prepare for static keying | Hans-Joerg Hoexer |
2005-08-05 | prepare for authentication and encryption keys, not used yet. | Hans-Joerg Hoexer |
2005-08-03 | be more careful when using struct ipsec_auth, might be NULL now. | Hans-Joerg Hoexer |
2005-08-02 | Make use of struct ipsec_auth dynamic. | Hans-Joerg Hoexer |
2005-07-09 | also bail out when pfkey returns ESRCH (eg. trying to delete a non-existing SA) | Hans-Joerg Hoexer |
2005-07-09 | small cleanups | Hans-Joerg Hoexer |
2005-07-09 | Provide infrastructure for adding/deleting SAs, will be used by tcpmd5 and | Hans-Joerg Hoexer |
2005-07-07 | set flow type (use, require, etc.) when a rule is created. Up to now this was | Hans-Joerg Hoexer |
2005-07-07 | Do not mix rule types with flow types | Hans-Joerg Hoexer |
2005-07-07 | add prototype for pfkey_parse() | Hans-Joerg Hoexer |
2005-06-30 | Next step, again no functional change yet | Hans-Joerg Hoexer |
2005-06-30 | Prepare for flow deletion, no functional change yet. | Hans-Joerg Hoexer |
2005-05-27 | show flow type (require, use, etc.) | Hans-Joerg Hoexer |
2005-05-27 | Use SADB_SATYPE_* instead of IPPROTO_* | Hans-Joerg Hoexer |
2005-05-27 | When looping over pfkey messages, make sure extension length is > 0. | Hans-Joerg Hoexer |