summaryrefslogtreecommitdiff
path: root/sbin/ipsecctl/pfkey.c
AgeCommit message (Expand)Author
2015-10-18Use explicit_bzero() when the memory is freed directly afterward.mmcc
2014-11-03simple conversion from select() to poll()Theo de Raadt
2012-06-30enable use of AES-{192,256}-CTR, and explicitly of AES-128-CTR, for IPsec ESPChristian Weisgerber
2012-03-24fix some leaksJonathan Gray
2010-10-06Retire SkipjackMike Belopuhov
2010-09-22Support AES-GCM-16 (as aes-gcm) and ENCR_NULL_AUTH_AES_GMACMike Belopuhov
2008-12-22Only warn about pfkey failures when errno is != EEXIST.Hans-Joerg Hoexer
2007-03-16move autodetection of the ID type to the parser. this way theMarkus Friedl
2006-11-10Fix grouping for SAs. Now all combinations of SAs are possible,Hans-Joerg Hoexer
2006-08-30can get EAGAIN when writing to the pfkey socket; same change as bgpd,Henning Brauer
2006-06-08fix some indentation, noticed by david@Hans-Joerg Hoexer
2006-06-01pfkey bits needed for SA groupingHans-Joerg Hoexer
2006-06-01Support flows with port modifiers for proto tcp/udp, e.g.Christian Weisgerber
2006-06-01read the full reply from PFKEY even if sadb_errno is set; ok hshoexerMarkus Friedl
2006-06-01correct error messages to match calloc where appropriateTodd T. Fries
2006-05-31whitespace cleanupHans-Joerg Hoexer
2006-05-30implement monitor mode for ipsecctl. worked on with markus@Mathieu Sauve-Frankel
2006-05-28kill trainling whitespaceHans-Joerg Hoexer
2006-05-28fill in AF_INET6 casesTodd T. Fries
2006-04-19"type" keyword to specify flow type (require, use, etc.)Hans-Joerg Hoexer
2006-03-31allow specification of encapsulated protocol for flows; ok hshoexerMarkus Friedl
2006-03-30allow specification of outer local ips in flows (SADB_EXT_ADDRESS_SRC); ok hs...Markus Friedl
2006-03-07add support for special "bypass" and "deny" flows.Reyk Floeter
2005-12-06ipip support: ip-in-ip w/o gif(4); ok hshoexerMarkus Friedl
2005-11-24Remove old-style keyed sha1/md5. We only support hmac-sha1/md5.Hans-Joerg Hoexer
2005-11-12spacingTheo de Raadt
2005-11-12handle transport/tunnel modeHans-Joerg Hoexer
2005-11-06Improved address and address mask handling, derived from pfctl stuff.Hans-Joerg Hoexer
2005-11-06better handling of ip addresses, prepare for v6. Partially derived from diffHans-Joerg Hoexer
2005-10-30add support for ipcomp.Hans-Joerg Hoexer
2005-10-17parse correctly flows using ipcomp. Glitch noticed by jared rr spiegel.Hans-Joerg Hoexer
2005-10-16cleanup messages generated by err(3)Hans-Joerg Hoexer
2005-08-22Teach ipsecctl to control isakmpd.Hans-Joerg Hoexer
2005-08-09Rewrite handling of transforms. Now both ah and esp can be specified andHans-Joerg Hoexer
2005-08-08pfkey pieces for static keying, enable static keyingHans-Joerg Hoexer
2005-08-08prepare for static keyingHans-Joerg Hoexer
2005-08-05prepare for authentication and encryption keys, not used yet.Hans-Joerg Hoexer
2005-08-03be more careful when using struct ipsec_auth, might be NULL now.Hans-Joerg Hoexer
2005-08-02Make use of struct ipsec_auth dynamic.Hans-Joerg Hoexer
2005-07-09also bail out when pfkey returns ESRCH (eg. trying to delete a non-existing SA)Hans-Joerg Hoexer
2005-07-09small cleanupsHans-Joerg Hoexer
2005-07-09Provide infrastructure for adding/deleting SAs, will be used by tcpmd5 andHans-Joerg Hoexer
2005-07-07set flow type (use, require, etc.) when a rule is created. Up to now this wasHans-Joerg Hoexer
2005-07-07Do not mix rule types with flow typesHans-Joerg Hoexer
2005-07-07add prototype for pfkey_parse()Hans-Joerg Hoexer
2005-06-30Next step, again no functional change yetHans-Joerg Hoexer
2005-06-30Prepare for flow deletion, no functional change yet.Hans-Joerg Hoexer
2005-05-27show flow type (require, use, etc.)Hans-Joerg Hoexer
2005-05-27Use SADB_SATYPE_* instead of IPPROTO_*Hans-Joerg Hoexer
2005-05-27When looping over pfkey messages, make sure extension length is > 0.Hans-Joerg Hoexer