summaryrefslogtreecommitdiff
path: root/sbin
AgeCommit message (Expand)Author
2017-12-05Use clock_gettime(CLOCK_MONOTONIC) to schedule timersJeremie Courreges-Anglas
2017-12-05When removing duplicate dynamic leases from the cache, compare theKenneth R Westerback
2017-12-05When sending out a proposal we create an SA/SPI for the Child SAs if wePatrick Wildt
2017-12-04Remove duplicate check that never could execute because the exact samePatrick Wildt
2017-12-04Consistently log "malformed payload" instead of "payload malformed", andPatrick Wildt
2017-12-04Remove check that is now a duplicate due to recent refactoring.Patrick Wildt
2017-12-04The payloads are layered like onions, so you can validate one layer andPatrick Wildt
2017-12-04change "if (lp &&" to "if lp != NULL &&".Theo Buehler
2017-12-04Avoid a NULL-deref in get_recorded_lease() leading to a segfault seenTheo Buehler
2017-12-04Initialize variable, otherwise the pointer might contain stack garbage.Patrick Wildt
2017-12-03If we wanted to send out more proposals than just one, we need to set aPatrick Wildt
2017-12-03The RFC specifies that to accept a proposal, we must select a transformPatrick Wildt
2017-12-03Move timer fields 'expiry" and "rebind" out of struct client_leaseKenneth R Westerback
2017-12-03Abandon nagging about "_" violating RFC 952. This removes the needKenneth R Westerback
2017-12-01The RFC specifies that in an SA payload the proposals must be numberedPatrick Wildt
2017-12-01Turns out that, as specified in the RFC, the initial Child SA does notPatrick Wildt
2017-11-30Add support for rejecting IKE SA messages. This means that we can replyPatrick Wildt
2017-11-30use the same macro consistently for the various carp balancing modes;Jason McIntyre
2017-11-30no more arp mode for carp; from martin rettbergJason McIntyre
2017-11-29Print_host is used mainly in printf style functions. So do not return NULLClaudio Jeker
2017-11-28The divert structure was using the port number to indicate thatAlexander Bluhm
2017-11-28in auto-allocation, increase size of /usr/src to 1.3G.Sebastian Benoit
2017-11-27The divert structure was using the port number to indicate thatAlexander Bluhm
2017-11-27Implement MOBIKE (RFC 4555) support in iked(8), with us acting asPatrick Wildt
2017-11-27Simplify lease_as_string() logic to use a single time_t variableKenneth R Westerback
2017-11-27Fix pasto so lease_rebind() returns rebind value and notKenneth R Westerback
2017-11-26Move rebind time calculation to a function lease_rebind(), just likeKenneth R Westerback
2017-11-25- pfctl fails to handle nested 'load anchor' properlyAlexandr Nedvedicky
2017-11-25- patching use-after-free and innocent memory leak in pfctl_optimzie.cAlexandr Nedvedicky
2017-11-25- pfctl rule optimizer: anchor name vs. anchor path mix upAlexandr Nedvedicky
2017-11-24Remove 'renewal' field from struct client_lease. Add lease_renewal() toKenneth R Westerback
2017-11-23in isakmpd(8), provide a hint: from scott chelohaJason McIntyre
2017-11-23Fix use of lease_expiry() in set_lease_times(). lease_expiry() returnsKenneth R Westerback
2017-11-20Wnen purging dhclient.leases and when looking for unexpired offers toKenneth R Westerback
2017-11-20Support collapsing flow outputs.Martin Pieuchot
2017-11-18Generate correct time comments (renewal/rebind/expiry) inKenneth R Westerback
2017-11-17replace the deletetunnel option with -tunnelSebastian Benoit
2017-11-16Range check default values so that a range likeKenneth R Westerback
2017-11-15Reset the OCSP URL on config reload. Otherwise we end up not beingPatrick Wildt
2017-11-14- nested anchors vs. pfctl/parse.yAlexandr Nedvedicky
2017-11-14Treat invalid server name as empty instead of declining the lease offeredMartin Pieuchot
2017-11-13Constrain MBR partition offsets to 0 .. disk.size - 1.Kenneth R Westerback
2017-11-13add a generic packet rate matching filter. allows things likeHenning Brauer
2017-11-12Clone epoch value in clone_lease(), not manually.Kenneth R Westerback
2017-11-09tweak previous;Jason McIntyre
2017-11-09Use lease 'epoch' (time lease was acquired) to calculate timers forKenneth R Westerback
2017-11-08Add a type cast to force signed comparison. This fixes a loopVisa Hankala
2017-11-08Do not accept superfluous arguments.Patrick Wildt
2017-11-08In the final RFC 5903 the computation for the DH shared secret changed.Patrick Wildt
2017-11-08For IPcomp we need to load explicit ESP-flows for the IPIP or IPCOMPPatrick Wildt