| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2007-09-02 | use calloc() to avoid malloc(n * m) overflows; checked by djm canacar jsg | Theo de Raadt | |
| 2007-05-27 | Don't include sys/mbuf.h it is not needed. OK mcbride@ msf@ | Claudio Jeker | |
| 2007-04-16 | There's no point in checking ptr for NULL before doing free(ptr) | Moritz Jodeit | |
| since free(NULL) is just fine. ok hshoexer@ | |||
| 2007-04-08 | Fix lint comments. s/Fall through/FALLTHROUGH/. | Moritz Jodeit | |
| ok hshoexer@ | |||
| 2007-02-19 | isakmpd bits for ESP+NULL encryption. This is useful, when AH can | Hans-Joerg Hoexer | |
| not be used (when being behind NAT). With Martin Hedenfalk <martin.hedenfalk at gmail.com>, thanks! | |||
| 2006-11-24 | add support to tag ipsec traffic belonging to specific IKE-initiated | Reyk Floeter | |
| phase 2 traffic. this allows policy-based filtering of encrypted and unencrypted ipsec traffic with pf(4). see ipsec.conf(5) and isakmpd.conf(5) for details and examples. this is work in progress and still needs some testing and feedback, but it is safe to put it in now. ok hshoexer@ | |||
| 2006-09-01 | Add a new UI command to force isakmpd into passive only mode. | Marco Pfatschbacher | |
| Will be used by sasyncd to prevent two talking isakmpd's in an HA setup. Based on a diff by ho@. OK ho@, hshoexer@, deraadt@ | |||
| 2006-08-30 | fix isakmpd -Ka, as used by bgpd, or acquire flows set up via ipsecctl. | Henning Brauer | |
| acquire flows need to be recorded on the fly via connection_record_passive(), otherwise later lookups fail and the policy check fails. ok hshoexer ho markus msf deraadt | |||
| 2006-08-30 | need to retry writing to pfkey socket on EAGAIN, ok theo hshoexer | Henning Brauer | |
| 2006-08-30 | do not call pf_key_v2_disable_sa twice; ok hshoexer, ho | Markus Friedl | |
| 2006-06-10 | support sha2 for main mode hmacs and aesctr for quick mode encryption. | Hans-Joerg Hoexer | |
| ok markus@ ho@ | |||
| 2006-05-31 | tiny KNF | Hans-Joerg Hoexer | |
| 2006-05-31 | Make sure, that phase 1 SAs of active connections stay alive. Fixes a DPD | Hans-Joerg Hoexer | |
| breakage noticed and reported by Mitja Muzenic. ok markus@ ho@, testing by Mitja and cloder@, discussed with Nathanael. | |||
| 2006-05-29 | export pf_key_v2_disable_sa() (unbreaks build) | Markus Friedl | |
| 2005-11-14 | use snprintf; ok cloder. also looked at by a few other people | Theo de Raadt | |
| 2005-06-14 | add ENCAP_UDP_{TUNNEL,TRANSPORT} types according to rfc 3947 | Hans-Joerg Hoexer | |
| ok markus | |||
| 2005-06-01 | Fix memory leak. OK hshoexer | Chad Loder | |
| 2005-05-22 | No more ifdef KAME. From hshoexer | Chad Loder | |
| 2005-04-08 | get rid of sysdep_sa_len | Hans-Joerg Hoexer | |
| ok cloder@ | |||
| 2005-04-08 | USE_DEBUG is bye bye | Theo de Raadt | |
| 2005-04-08 | keynote and policy always compiled in | Theo de Raadt | |
| 2005-04-08 | nat-traversal always | Theo de Raadt | |
| 2005-04-08 | kill USE_OLD_SOCKADDR | Theo de Raadt | |
| 2005-04-08 | Remove references to LINUX_IPSEC | Chad Loder | |
| 2005-04-06 | knf, ok cloder | Theo de Raadt | |
| 2005-04-05 | Always compile X509 support. Almost everyone uses it. Makes the code | Chad Loder | |
| much easier to read and to maintain. OK and testing by hshoexer@, more testing by me | |||
| 2005-04-04 | spacing; ok cloder | Theo de Raadt | |
| 2005-03-02 | knf, linewrapping, whitespaces, no binary change | Hans-Joerg Hoexer | |
| 2005-02-27 | cleanup correctly in some error paths. | Patrick Latifi | |
| ok hshoexer | |||
| 2005-02-27 | where possible, use bzero instead of memset | Hans-Joerg Hoexer | |
| ok cloder henning | |||
| 2005-02-25 | Fix an obviously incorrect call to memset. '0' and 0 are not the same | Chad Loder | |
| thing. Input and OK from markus@, ho@, niklas@, deraadt@, hshoexer@ | |||
| 2004-12-27 | Fix broken pointer arithmetic when receiving a RSA key from the kernel. Found | Hans-Joerg Hoexer | |
| and fix provided by Stefan Miltchev. Thanks! ok otto@ | |||
| 2004-09-17 | Missing #ifdefs. | Hakan Olsson | |
| 2004-08-12 | Avoid memleak on error (Linux/KAME). Found by Benjamin Pineau. | Hakan Olsson | |
| 2004-08-10 | Better implementation of the Dead Peer Detection protocol, RFC 3706. | Hakan Olsson | |
| hshoexer@ ok. | |||
| 2004-08-08 | spacing | Theo de Raadt | |
| 2004-06-26 | Narrow down privsep interface. Move pf_key_v2_open() to monitor. | Hans-Joerg Hoexer | |
| Work in progress. ok ho@ | |||
| 2004-06-23 | Print corrent prefix. Found and tested by alex at vbone.net. | Hakan Olsson | |
| 2004-06-21 | udpencap_port should be taken from dst transport | Hakan Olsson | |
| 2004-06-21 | Tell the kernel to enable ESP-in-UDP encapsulation when we have | Hakan Olsson | |
| SAs negotiated with NAT-T. | |||
| 2004-06-14 | KNF, style, 80c, etc. hshoexer@ ok | Hakan Olsson | |
| 2004-06-09 | Style nits. hshoexer@ ok | Hakan Olsson | |
| 2004-04-15 | partial move to KNF. More to come. This has happened because there | Theo de Raadt | |
| are a raft of source code auditors who are willing to help improve this code only if this is done, and hey, isakmpd does need our standard auditing process. ok ho hshoexer | |||
| 2004-04-07 | -Wsign-compare nits. hshoexer@ ok. | Hakan Olsson | |
| 2004-03-10 | Fix for PR2429, from Clemens Wittinger. | Hakan Olsson | |
| 2003-11-06 | Style nits. | Hakan Olsson | |
| 2003-08-08 | Fine grained selectors for Linux native IPsec. From Jean-Francois Dive. | Hakan Olsson | |
| 2003-07-25 | add sha2 support; ok ho@ | Markus Friedl | |
| 2003-07-24 | conform to RFC2367 on SADB_xx naming (local name must be prefixed with | Jun-ichiro itojun Hagino | |
| SADB_X_xx) | |||
| 2003-06-10 | boring cleanups | Theo de Raadt | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |