Age | Commit message (Collapse) | Author | |
---|---|---|---|
2006-11-24 | add support to tag ipsec traffic belonging to specific IKE-initiated | Reyk Floeter | |
phase 2 traffic. this allows policy-based filtering of encrypted and unencrypted ipsec traffic with pf(4). see ipsec.conf(5) and isakmpd.conf(5) for details and examples. this is work in progress and still needs some testing and feedback, but it is safe to put it in now. ok hshoexer@ | |||
2005-05-27 | Use export_flow() to wrap policies retrieved via sysctl in pfkey message | Hans-Joerg Hoexer | |
ok ho markus | |||
2005-05-25 | AESCTR support for ESP (RFC 3686); ok hshoexer | Markus Friedl | |
2005-04-04 | Add sysctl for dumping the SPD | Hans-Joerg Hoexer | |
ok deraadt, ok markus some time ago | |||
2004-11-26 | implement net.key.v2.sadb_dump.{unspec,esp,ah,...} sysctl subtree | Markus Friedl | |
and use sysctl for 'ipsecadm show'; ok deraadt | |||
2004-08-10 | Add SADB_X_EXT_LIFETIME_LASTUSE for use with isakmpd/DPD, adding this | Hakan Olsson | |
extends the bitmap to 64bits. Also repair SADB_GET. hshoexer@ ok. | |||
2004-01-27 | don't convert tcpmd5 to ip-over-ip in SADB_X_GETSPROTO; from hshoexer | Markus Friedl | |
2003-12-02 | UDP encapsulation for ESP in transport mode (draft-ietf-ipsec-udp-encaps-XX.txt) | Markus Friedl | |
ok deraadt@ | |||
2003-07-24 | conform to RFC2367 on SADB_xx naming (local name must be prefixed with | Jun-ichiro itojun Hagino | |
SADB_X_xx) | |||
2003-02-24 | SADB_X_CALG_MAX is supposed to be the highest numbered supported algorithm | Jason Wright | |
(prevents a crash in the debugging code in pfkeyv2_parsemessage.c) | |||
2003-02-16 | KNF | Theo de Raadt | |
2003-02-16 | KNF | Jason Wright | |
2003-02-15 | s/LSZ/LZS (consistent with linux and isakmpd *.cst) | Jason Wright | |
2002-06-07 | Add flow type arg to import_flow() | Hakan Olsson | |
2002-05-31 | import_flow() prototype | Angelos D. Keromytis | |
2001-12-18 | NRL license cleaning | Theo de Raadt | |
2001-07-05 | $OpenBSD$ tag | Angelos D. Keromytis | |
2001-07-05 | Include files for IPComp support. angelos@ ok. | Jean-Jacques Bernard-Gundol | |
2001-06-09 | By popular demand, protect from multiple inclusion, and fix to use the | Angelos D. Keromytis | |
same naming style. | |||
2001-06-08 | Flag field for flows. | Angelos D. Keromytis | |
2001-06-08 | Fork out some of the code in pfkeyv2.c to pfkeyv2_convert.c, to make | Angelos D. Keromytis | |
the former more managable/readable (an almost impossible task). | |||
2001-06-05 | Make our pfkeyv2.h more RFC2367 compliant. Also fix some backwards | Niklas Hallqvist | |
compatibility problems in isakmpd, at least 2.8 stable can compile current isakmpd now. angelos@ ok | |||
2001-05-30 | Add comments on what the credential types are. | Angelos D. Keromytis | |
2001-05-30 | MBOX->USERFQDN, noticed by markus@ | Angelos D. Keromytis | |
2001-05-30 | Import/export authentication information for SA. | Angelos D. Keromytis | |
2001-05-30 | Add AUTH payload. | Angelos D. Keromytis | |
2001-05-05 | Use the new M_* malloc types | Angelos D. Keromytis | |
2001-03-28 | Allow tdbi's to appear in mbufs throughout the stack; this allows | Angelos D. Keromytis | |
security properties of the packets to be pushed up to the application (not done yet). Eventually, this will be turned into a packet attributes framework. Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS) does weird things with mbufs. | |||
2001-03-04 | Import/export credentials from TDB. | Angelos D. Keromytis | |
2000-12-14 | sync with pfkey rfc. you need to rebuild ipsecadm and isakmpd after this. | Niels Provos | |
okay angelos@ | |||
2000-11-18 | Update list of algorithms (hshoexer@rommelwood.de) | Angelos D. Keromytis | |
2000-11-17 | *HMAC96->*HMAC | Angelos D. Keromytis | |
Also, sync with IANA -- closes PR 1508. | |||
2000-11-11 | CAST128 should be 6 (again itojun@openbsd.org) | Angelos D. Keromytis | |
2000-11-11 | AES should be 12 (from IANA) -- itojun@openbsd.org | Angelos D. Keromytis | |
Note that you have to recompile ipsecadm and isakmpd if you use a new kernel. | |||
2000-11-09 | Conform to RFC 2367 numbering (hshoexer@rommelwood.de) | Angelos D. Keromytis | |
2000-10-14 | ASKPOLICY message; used by key management to inquire about policy | Angelos D. Keromytis | |
triggering an ACQUIRE. | |||
2000-10-09 | AES number. | Angelos D. Keromytis | |
2000-09-19 | SA bundles. | Angelos D. Keromytis | |
2000-09-19 | SPD-driven IPsec. | Angelos D. Keromytis | |
2000-01-27 | Merge "old" and "new" ESP and AH in two files (one for each). | Angelos D. Keromytis | |
Fix a couple of buglets with ingress flow deletion. tcpdump on enc0 should now show all outgoing packets *before* being processed, and all incoming packets *after* being processed. Good to be in Canada (land of the free commits). | |||
2000-01-13 | Ingress flow support. | Angelos D. Keromytis | |
2000-01-12 | Major style cleanup for pfkeyv2.c | Angelos D. Keromytis | |
2000-01-10 | externalize pfkeyv2_acquire() | Angelos D. Keromytis | |
1999-12-04 | IPv6 address support, get rid of the LOCALFLOW flag | Angelos D. Keromytis | |
1999-11-04 | New SADB_SATYPE, IPsec bypass tdb. | Hakan Olsson | |
1999-07-06 | Added support for TCP MD5 option (RFC 2385). | cmetz | |
1999-07-02 | rename SADB_foo_X_bar to SADB_X_foo_bar | Theo de Raadt | |
1999-03-31 | Implement SADB_SAFLAGS_X_REPLACEFLOW | Niklas Hallqvist | |
1999-03-27 | add SADB_X_BINDSA to pfkey allowing incoming SAs to refer to an outgoing | Niels Provos | |
SA to be used, use this SA in ip_output if available. allow mobile road warriors for bind SAs with wildcard dst and src addresses. check IPSEC AUTH and ESP level when receiving packets, drop them if protection is insufficient. add stats to show dropped packets because of insufficient IPSEC protection. -- phew. this was all done in canada. dugsong and linh provided the ride and company. | |||
1999-03-24 | Implement lifetime expiration notifications. Fix some typos. Remove statics. | Niklas Hallqvist | |