Age | Commit message (Expand) | Author |
2011-01-26 | Don't initiate any connections in passive mode, not even for ACQUIRE messages | Reyk Floeter |
2011-01-26 | get rid of acquire flows completely, as they tend to pass traffic | Mike Belopuhov |
2011-01-26 | enable child sas and do sa and flow transfer after succeeding with | Mike Belopuhov |
2011-01-25 | fixup child sa deletion in drop_sa; ok reyk | Mike Belopuhov |
2011-01-24 | fixup previous for the responder mode | Mike Belopuhov |
2011-01-23 | 'pfctl -x none' did not turn debugging off. Skip the syslog internal | Alexander Bluhm |
2011-01-21 | repair rekeying by sending appropriate traffic selector; ok reyk | Mike Belopuhov |
2011-01-21 | don't use memcmp on comparing two iked_addrs but IKED_ADDR_EQ. | Reyk Floeter |
2011-01-21 | - Fix traffic selector configuration that it is always "from $localnet | Reyk Floeter |
2011-01-21 | Remove misleading error message. | Reyk Floeter |
2011-01-21 | don't create child sas from empty proposals. | Reyk Floeter |
2011-01-21 | handle empty encrypted payloads (might happen with some informationals) | Reyk Floeter |
2011-01-21 | tweak previous; | Jason McIntyre |
2011-01-21 | Reimplement the iked(8) policy evaluation for incoming connections to | Reyk Floeter |
2011-01-21 | split pfkey initialization into a privileged and unprivileged part to | Reyk Floeter |
2011-01-18 | reyk noticed that my rb-tree-fu is not that great. fixup compare function | Mike Belopuhov |
2011-01-17 | silence stupid gcc warning by initializing a variable with NULL. | Reyk Floeter |
2011-01-17 | Add initial acquire mode support and use it whenever Windows peers decide | Mike Belopuhov |
2011-01-17 | move mask2prefixlen functions to the util module; ok reyk | Mike Belopuhov |
2011-01-12 | postpone processing of pfkey messages received in pfkey_reply instead of | Mike Belopuhov |
2011-01-12 | decouple flow deletion from the ikev2_childsa_delete; ok reyk | Mike Belopuhov |
2011-01-12 | fixup bogus check; ok reyk | Mike Belopuhov |
2011-01-12 | don't forget to specify spi sizes; ok reyk | Mike Belopuhov |
2010-12-31 | According to pf_scrub_ip6() pf does not support the scrub options | Alexander Bluhm |
2010-12-29 | Fix swapctl -A with DUIDs in /etc/fstab, and plug a small memory leak. | Stefan Sperling |
2010-12-23 | pick netmask instead of address when we mean it; found by dhill, ok reyk | Mike Belopuhov |
2010-12-23 | always add a none payload, should fix ike sa rekeying for responders; ok reyk | Mike Belopuhov |
2010-12-23 | spelling fixes; from Daniel Dickman | Jason McIntyre |
2010-12-22 | move and rename util.c:print_id() to ikev2.c:ikev2_print_id() because | Reyk Floeter |
2010-12-22 | split util.c into two files: imsg_util.c for ibuf/imsg stuff and util for | Reyk Floeter |
2010-12-22 | ikev2 rfc was recently updated, so list the newer one; ok reyk | Mike Belopuhov |
2010-12-22 | Tweak the grammar a little bit by requiring a "bytes" keyword before the | Reyk Floeter |
2010-12-22 | Fix a little control socket bug, as discussed with mikeb@ | Reyk Floeter |
2010-12-22 | -s carries the same caveat as -p; from Jiri B. | Jason McIntyre |
2010-12-22 | child sa rekeying revamp plus numerous bugfixes; | Mike Belopuhov |
2010-12-21 | Convert netmask from sockaddr to prefixlen correctly as noticed | Mike Belopuhov |
2010-12-21 | fixup log_warn and log_debug arguments; ok reyk | Mike Belopuhov |
2010-12-18 | remove david as author. he is not to blame for the current C implementation. | Ted Unangst |
2010-12-18 | add some off_t and ssize_t love; ok stsp millert | Theo de Raadt |
2010-12-17 | Add missing util.h include for opendev() | Todd C. Miller |
2010-12-15 | make the "invalid probability:" yyerror suck less | Henning Brauer |
2010-12-13 | stray tabs and spaces | Marco Peereboom |
2010-12-13 | stray tab | Marco Peereboom |
2010-12-09 | When looking up an SA based on peer address, also check the port | Martin Hedenfal |
2010-12-03 | disklabel now uses "duid", not "uid"; | Jason McIntyre |
2010-12-01 | Allow add a -s switch to make bioctl read the passphrase from stdin. Handy | Chris Kuethe |
2010-12-01 | Clarify the internal ibuf API: rename ibuf_copy() to ibuf_get() because | Reyk Floeter |
2010-12-01 | remove some unused tokens | Jonathan Gray |
2010-11-29 | make key exchange faster by not checking the predefined groups with DH_check() | Markus Friedl |
2010-11-29 | make "fsck -p" respect fs_passno > 2, as implied by the manual. This can | Chris Kuethe |