summaryrefslogtreecommitdiff
path: root/sbin
AgeCommit message (Expand)Author
2011-01-26Don't initiate any connections in passive mode, not even for ACQUIRE messagesReyk Floeter
2011-01-26get rid of acquire flows completely, as they tend to pass trafficMike Belopuhov
2011-01-26enable child sas and do sa and flow transfer after succeeding withMike Belopuhov
2011-01-25fixup child sa deletion in drop_sa; ok reykMike Belopuhov
2011-01-24fixup previous for the responder modeMike Belopuhov
2011-01-23'pfctl -x none' did not turn debugging off. Skip the syslog internalAlexander Bluhm
2011-01-21repair rekeying by sending appropriate traffic selector; ok reykMike Belopuhov
2011-01-21don't use memcmp on comparing two iked_addrs but IKED_ADDR_EQ.Reyk Floeter
2011-01-21- Fix traffic selector configuration that it is always "from $localnetReyk Floeter
2011-01-21Remove misleading error message.Reyk Floeter
2011-01-21don't create child sas from empty proposals.Reyk Floeter
2011-01-21handle empty encrypted payloads (might happen with some informationals)Reyk Floeter
2011-01-21tweak previous;Jason McIntyre
2011-01-21Reimplement the iked(8) policy evaluation for incoming connections toReyk Floeter
2011-01-21split pfkey initialization into a privileged and unprivileged part toReyk Floeter
2011-01-18reyk noticed that my rb-tree-fu is not that great. fixup compare functionMike Belopuhov
2011-01-17silence stupid gcc warning by initializing a variable with NULL.Reyk Floeter
2011-01-17Add initial acquire mode support and use it whenever Windows peers decideMike Belopuhov
2011-01-17move mask2prefixlen functions to the util module; ok reykMike Belopuhov
2011-01-12postpone processing of pfkey messages received in pfkey_reply instead ofMike Belopuhov
2011-01-12decouple flow deletion from the ikev2_childsa_delete; ok reykMike Belopuhov
2011-01-12fixup bogus check; ok reykMike Belopuhov
2011-01-12don't forget to specify spi sizes; ok reykMike Belopuhov
2010-12-31According to pf_scrub_ip6() pf does not support the scrub optionsAlexander Bluhm
2010-12-29Fix swapctl -A with DUIDs in /etc/fstab, and plug a small memory leak.Stefan Sperling
2010-12-23pick netmask instead of address when we mean it; found by dhill, ok reykMike Belopuhov
2010-12-23always add a none payload, should fix ike sa rekeying for responders; ok reykMike Belopuhov
2010-12-23spelling fixes; from Daniel DickmanJason McIntyre
2010-12-22move and rename util.c:print_id() to ikev2.c:ikev2_print_id() becauseReyk Floeter
2010-12-22split util.c into two files: imsg_util.c for ibuf/imsg stuff and util forReyk Floeter
2010-12-22ikev2 rfc was recently updated, so list the newer one; ok reykMike Belopuhov
2010-12-22Tweak the grammar a little bit by requiring a "bytes" keyword before theReyk Floeter
2010-12-22Fix a little control socket bug, as discussed with mikeb@Reyk Floeter
2010-12-22-s carries the same caveat as -p; from Jiri B.Jason McIntyre
2010-12-22child sa rekeying revamp plus numerous bugfixes;Mike Belopuhov
2010-12-21Convert netmask from sockaddr to prefixlen correctly as noticedMike Belopuhov
2010-12-21fixup log_warn and log_debug arguments; ok reykMike Belopuhov
2010-12-18remove david as author. he is not to blame for the current C implementation.Ted Unangst
2010-12-18add some off_t and ssize_t love; ok stsp millertTheo de Raadt
2010-12-17Add missing util.h include for opendev()Todd C. Miller
2010-12-15make the "invalid probability:" yyerror suck lessHenning Brauer
2010-12-13stray tabs and spacesMarco Peereboom
2010-12-13stray tabMarco Peereboom
2010-12-09When looking up an SA based on peer address, also check the portMartin Hedenfal
2010-12-03disklabel now uses "duid", not "uid";Jason McIntyre
2010-12-01Allow add a -s switch to make bioctl read the passphrase from stdin. HandyChris Kuethe
2010-12-01Clarify the internal ibuf API: rename ibuf_copy() to ibuf_get() becauseReyk Floeter
2010-12-01remove some unused tokensJonathan Gray
2010-11-29make key exchange faster by not checking the predefined groups with DH_check()Markus Friedl
2010-11-29make "fsck -p" respect fs_passno > 2, as implied by the manual. This canChris Kuethe