| Age | Commit message (Expand) | Author |
|---|
| 2017-10-27 | Support DH groups 19 to 21 and 25 to 30, just like iked(8) does. | Martin Pieuchot |
| 2017-04-19 | Rename all SA groups to bundles consistently. The first kernel | Alexander Bluhm |
| 2017-04-18 | use freezero() | Theo de Raadt |
| 2017-04-14 | Up to now ipsecctl(8) grouped SAs with identical src and dst to the | Alexander Bluhm |
| 2017-04-10 | Found another len += snprintf... | Theo de Raadt |
| 2017-03-02 | Now that the kernel provides information about IPsec SA bundles, | Alexander Bluhm |
| 2017-02-28 | Depending on the addresses, ipsecctl(8) automatically groups sa | Alexander Bluhm |
| 2017-01-05 | Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQ | Kenneth R Westerback |
| 2016-06-21 | do not allow whitespace in macro names, i.e. "this is" = "a variable". | Sebastian Benoit |
| 2015-12-10 | Remove NULL-checks before free(). ok tb@ | mmcc |
| 2015-12-09 | Remove plain DES encryption from IPsec. | Christian Weisgerber |
| 2015-12-02 | remove unimplemented PF_KEY algorithms; ok sthen@ mpi@ mikeb@ | Christian Weisgerber |
| 2015-11-04 | Decode Chacha20-Poly1305 when dumping SAs; ok reyk, naddy | Mike Belopuhov |
| 2015-11-01 | replace "can not" with "cannot"; | Jason McIntyre |
| 2015-10-18 | Use explicit_bzero() when the memory is freed directly afterward. | mmcc |
| 2015-06-03 | Do not assume that asprintf() clears the pointer on failure, which | Todd C. Miller |
| 2015-05-25 | bump up the default Diffie-Hellman group to modp3072; ok mikeb@ djm@ | Christian Weisgerber |
| 2015-04-17 | Remove unsupported SADB_X_IDENTTYPE_CONNECTION; OK markus, hshoexer | Mike Belopuhov |
| 2015-04-14 | Remove support for storing credentials and auth information in the kernel. | Mike Belopuhov |
| 2015-02-28 | Reduce usage of predefined strings in manpages. | Anthony J. Bentley |
| 2015-01-16 | Replace <sys/param.h> with <limits.h> and other less dirty headers where | Theo de Raadt |
| 2015-01-10 | tell the truth about DES. | Igor Sobrado |
| 2015-01-02 | PFS stands for Perfect Forward Secrecy. | Igor Sobrado |
| 2014-12-28 | Unbreak the tree. Looks like tedu did not tedu enough when killing KPDK | Claudio Jeker |
| 2014-11-20 | Yet more #include de-duplication. | Kenneth R Westerback |
| 2014-11-20 | Don't allow embedded nul characters in strings. | Jonathan Gray |
| 2014-11-04 | Add gcc format attributes to ipsecctl's parse.y. Also, fix a few format | Doug Hogan |
| 2014-11-03 | simple conversion from select() to poll() | Theo de Raadt |
| 2014-03-19 | Unify ipsec.conf(5)'s copy of the text dealing with multiline comments, | Stuart Henderson |
| 2014-01-22 | fix printing of IPcomp SAs; ok mikeb@ & todd@ | Markus Friedl |
| 2014-01-22 | relax the cfg file secrecy check slightly to allow group readability | Henning Brauer |
| 2013-11-25 | use u_char for buffers in yylex, for ctype calls | Sebastian Benoit |
| 2013-11-22 | Whole bunch of (unsigned char) casts carefully added for ctype calls. | Theo de Raadt |
| 2013-11-01 | altq -> new queue in examples | Henning Brauer |
| 2013-08-25 | the comment that comma characters cannot be used in transform | Mike Belopuhov |
| 2013-06-29 | do not use Sx for sections outwith the page; | Jason McIntyre |
| 2012-09-18 | remove the SADB_X_SAFLAGS_{HALFIV,RANDOMPADDING,NOREPLAY} pfkey-API (not set | Markus Friedl |
| 2012-09-17 | unbreak the last commit by making sure that the transform name | Markus Friedl |
| 2012-09-15 | Encode the transform parameters in the transform name, too. | Markus Friedl |
| 2012-08-30 | Do not issue a spurious "force" when "group none" is specified. | Christian Weisgerber |
| 2012-08-12 | Explicitly state that only two unit specifiers are recognized instead of | Lawrence Teo |
| 2012-07-13 | small tweak; | Jason McIntyre |
| 2012-07-13 | Change the configuration format fed to the isakmpd FIFO to be able | Mike Belopuhov |
| 2012-07-10 | Rename "life" to "lifetime" to match iked. | Lawrence Teo |
| 2012-07-09 | Fix typo in warning message. | Lawrence Teo |
| 2012-07-08 | Disallow manual security associations that use AES-CTR, AES-GCM, | Christian Weisgerber |
| 2012-07-07 | copy&paste mistake in error message | Christian Weisgerber |
| 2012-07-05 | don't output "esn" string in the rule section as we can't use the | Mike Belopuhov |
| 2012-06-30 | enable use of AES-{192,256}-CTR, and explicitly of AES-128-CTR, for IPsec ESP | Christian Weisgerber |
| 2012-06-29 | Print esn flag when dumping SAs with ESN enabled | Mike Belopuhov |
