| Age | Commit message (Expand) | Author |
|---|
| 2020-04-23 | Store local-address by address family. This allows to configure both | Claudio Jeker |
| 2019-10-01 | Add some TCP MD5SUM specific calls needed by protable. On Linux systems | Claudio Jeker |
| 2019-09-30 | Pass a struct listen_addr pointer to tcp_md5_listen and not just the fd, | Claudio Jeker |
| 2019-06-25 | cleanup return code checks for the pfkey_*() functions. | Sebastian Benoit |
| 2019-06-17 | Cleanup, remove some unneded spaces add some other where needed. | Claudio Jeker |
| 2019-05-29 | Rework pfkey handling a bit. The old remove then add way of inserting md5sig | Claudio Jeker |
| 2019-05-08 | Rework the TCP md5sig and IKE handling. Move the pfkey socket to the parent | Claudio Jeker |
| 2019-02-20 | Forgot to set the sockaddr length field which is mandatory on the pfkey socket. | Claudio Jeker |
| 2019-02-18 | Do not depend on the length field of struct sockaddr instead pass the | Claudio Jeker |
| 2018-09-20 | whitespace cleanup, ok claudio@ | Sebastian Benoit |
| 2017-08-21 | undo unintentional commits | Peter Hessler |
| 2017-08-21 | When 'enforce neighbor-as no' is set, don't do a config-time check for the ne... | Peter Hessler |
| 2017-04-18 | use freezero() | Theo de Raadt |
| 2017-03-02 | Fix breakage of md5 authentication. | Renato Westphal |
| 2017-02-22 | Add missing htonl for IPsec SPI. | Renato Westphal |
| 2017-01-24 | sync log.c from relayd et al to bgpd. | Sebastian Benoit |
| 2015-09-13 | explicit_bzero() from Michael McConville, thanks! | Florian Obser |
| 2015-02-10 | Make also the special sockets SOCK_NONBLOCK. For the routing socket add | Claudio Jeker |
| 2015-02-09 | Kill session_socket_blockmode() and replace it with SOCK_CLOEXEC or | Claudio Jeker |
| 2014-10-08 | Use reallocarray() throughout to spot multiplicative int overflow. | Theo de Raadt |
| 2010-12-09 | The PF_KEY socket is like the routing socket. It must be polled all the | Claudio Jeker |
| 2009-12-14 | addr2sa() will return NULL for AID_UNSPEC and pfkey_send() may end up with | Claudio Jeker |
| 2009-12-06 | Doh, switch src and dst in memcpy calls or the wrong thing gets copied. | Claudio Jeker |
| 2009-12-01 | Use an artificial address family id in struct bgpd_addr and almost everywhere | Claudio Jeker |
| 2009-04-21 | instead of calling getpid() all over the place do it once, claudio ok | Henning Brauer |
| 2009-04-21 | ignore pfkey replies not for us and discard them | Henning Brauer |
| 2009-02-25 | add a stupid workaround for a race somewhere in the crypto code in the | Henning Brauer |
| 2006-10-26 | * make sure we keep copies of everything we need to | Henning Brauer |
| 2006-10-26 | storing the dynamically acquired SPIs for tcpmd5 inside the conf struct | Henning Brauer |
| 2006-08-30 | writing to the pfkey socket can give EAGAIN and we must retry. | Henning Brauer |
| 2004-11-10 | "not reached" does not help LINT use NOTREACHED instead and use it only in | Claudio Jeker |
| 2004-05-28 | detect absence of PF_KEY interface and/or the TCP_MD5SIG setsockopts | Henning Brauer |
| 2004-05-06 | actually reset p->auth_established to 0 in pfkey_[md5sig|ipsec]_remove | Henning Brauer |
| 2004-05-06 | we need a seperate field for the md5 key len, can't use strlen, noticed | Henning Brauer |
| 2004-04-28 | support for AH flows and SAs | Markus Friedl |
| 2004-04-28 | do not give up on ESRCH, someone might have mucked with ipsecadm behind | Henning Brauer |
| 2004-04-28 | make this at least compile | Henning Brauer |
| 2004-04-28 | make sure send and reply are in sync; ok henning | Markus Friedl |
| 2004-04-28 | keep track of which ipsec/md5 SAs we inserted - ESRCH on blind removal | Henning Brauer |
| 2004-04-28 | don't load SAs into the kernel if IKE is used. | Markus Friedl |
| 2004-04-28 | prefix the auth related defines by AUTH_, we had a name clash, markus ok | Henning Brauer |
| 2004-04-27 | rename the ipsec struct to auth, move all tcpmd5 related fields in there, and | Henning Brauer |
| 2004-04-27 | two missing breaks, repairs tcpmd5, with markus | Henning Brauer |
| 2004-04-27 | restrict the ipsec flows to BGP only; ok henning | Markus Friedl |
| 2004-04-27 | crud stripping; henning ok | Theo de Raadt |
| 2004-04-26 | load ipsec SAs into the kernel and enable them. | Markus Friedl |
| 2004-03-31 | allow empty (wildcard) sockaddr for src or dst | Henning Brauer |
| 2004-03-15 | use switch instead of if { } else if { } else { } | Henning Brauer |
| 2004-01-30 | missing free() in an error path that should be unreachable | Henning Brauer |
| 2004-01-28 | implement | Henning Brauer |
