summaryrefslogtreecommitdiff
path: root/sys/net/pfkeyv2.h
AgeCommit message (Expand)Author
2021-07-14Export SA replay counters via pfkey and print with ipsecctl.tobhe
2021-07-08Initialize `ipsec_acquire_pool' pool (9) within pfkey_init() instead ofmvs
2021-07-05Export tdb MTU to userland via SADB_GET. This helps debug path MTUtobhe
2021-05-25The arrays sadb_exts_allowed_out and sadb_exts_required_out areAlexander Bluhm
2020-12-14Make sure that the address families of a flow's source address,tobhe
2020-11-05Enable support for ASN1_DN ipsec identifiers.Peter Hessler
2020-08-07pfkey_get may allocate more memory than is needed to hold the SAtobhe
2020-07-18Add size to free(9) callskn
2020-04-23Add support for autmatically moving traffic between rdomains on ipsec(4)tobhe
2019-03-04Add padding to struct sadb_x_counter to make it comply withStefan Sperling
2018-08-28Add per-TDB counters and a new SADB extension to export them toMartin Pieuchot
2017-11-20Flush flows using the radix-tree instead of a global list.Martin Pieuchot
2017-10-27Dump IPsec flows by iterating over the rafdix-tree.Martin Pieuchot
2017-05-29Kill struct pfkey_version and move struct pfkeyv2_socket & dump_stateClaudio Jeker
2017-05-29PFKEY version 2 is the only pfkey version supported. No need for extraClaudio Jeker
2017-05-26There is only one version of pfkey in OpenBSD and this will not change anyClaudio Jeker
2017-02-28Depending on the addresses, ipsecctl(8) automatically groups saAlexander Bluhm
2017-01-24A space here, a space there. Soon we're talking real whitespaceKenneth R Westerback
2015-12-09Remove plain DES encryption from IPsec.Christian Weisgerber
2015-12-02remove unimplemented PF_KEY algorithms; ok sthen@ mpi@ mikeb@Christian Weisgerber
2015-11-03Plumb Chacha20-Poly1305 into the IPsec/ESP and PF_KEY frameworksMike Belopuhov
2015-05-23introduce ipsec-id bundles and use them for ipsecflowinfo,Markus Friedl
2015-04-17Remove unsupported SADB_X_IDENTTYPE_CONNECTION; OK markus, hshoexerMike Belopuhov
2015-04-16change {import,export}_identity so it can be used for policies; ok mikebMarkus Friedl
2015-04-14Remove support for storing credentials and auth information in the kernel.Mike Belopuhov
2014-12-28remove KPDK. not really used, and a bad choice anyway. ok naddyTed Unangst
2013-10-24Move more stuff under _KERNELTheo de Raadt
2013-03-09normalize structure definitionsTheo de Raadt
2012-09-18remove the SADB_X_SAFLAGS_{HALFIV,RANDOMPADDING,NOREPLAY} pfkey-API (not setMarkus Friedl
2012-06-29Add support for the Extended (64-bit) Sequence Number as definedMike Belopuhov
2010-10-06Retire SkipjackMike Belopuhov
2010-09-22Add AES-GCM Transform Identifiers as specified by IANA inMike Belopuhov
2010-07-09Add support for using IPsec in multiple rdomains.Reyk Floeter
2010-07-01Allow to specify an alternative enc(4) interface for an SA. AllReyk Floeter
2006-11-24add support to tag ipsec traffic belonging to specific IKE-initiatedReyk Floeter
2005-05-27Use export_flow() to wrap policies retrieved via sysctl in pfkey messageHans-Joerg Hoexer
2005-05-25AESCTR support for ESP (RFC 3686); ok hshoexerMarkus Friedl
2005-04-04Add sysctl for dumping the SPDHans-Joerg Hoexer
2004-11-26implement net.key.v2.sadb_dump.{unspec,esp,ah,...} sysctl subtreeMarkus Friedl
2004-08-10Add SADB_X_EXT_LIFETIME_LASTUSE for use with isakmpd/DPD, adding thisHakan Olsson
2004-01-27don't convert tcpmd5 to ip-over-ip in SADB_X_GETSPROTO; from hshoexerMarkus Friedl
2003-12-02UDP encapsulation for ESP in transport mode (draft-ietf-ipsec-udp-encaps-XX.txt)Markus Friedl
2003-07-24conform to RFC2367 on SADB_xx naming (local name must be prefixed withJun-ichiro itojun Hagino
2003-02-24SADB_X_CALG_MAX is supposed to be the highest numbered supported algorithmJason Wright
2003-02-16KNFTheo de Raadt
2003-02-16KNFJason Wright
2003-02-15s/LSZ/LZS (consistent with linux and isakmpd *.cst)Jason Wright
2002-06-07Add flow type arg to import_flow()Hakan Olsson
2002-05-31import_flow() prototypeAngelos D. Keromytis
2001-12-18NRL license cleaningTheo de Raadt