Age | Commit message (Expand) | Author |
2010-12-09 | The PF_KEY socket is like the routing socket. It must be polled all the | Claudio Jeker |
2009-12-14 | addr2sa() will return NULL for AID_UNSPEC and pfkey_send() may end up with | Claudio Jeker |
2009-12-06 | Doh, switch src and dst in memcpy calls or the wrong thing gets copied. | Claudio Jeker |
2009-12-01 | Use an artificial address family id in struct bgpd_addr and almost everywhere | Claudio Jeker |
2009-04-21 | instead of calling getpid() all over the place do it once, claudio ok | Henning Brauer |
2009-04-21 | ignore pfkey replies not for us and discard them | Henning Brauer |
2009-02-25 | add a stupid workaround for a race somewhere in the crypto code in the | Henning Brauer |
2006-10-26 | * make sure we keep copies of everything we need to | Henning Brauer |
2006-10-26 | storing the dynamically acquired SPIs for tcpmd5 inside the conf struct | Henning Brauer |
2006-08-30 | writing to the pfkey socket can give EAGAIN and we must retry. | Henning Brauer |
2004-11-10 | "not reached" does not help LINT use NOTREACHED instead and use it only in | Claudio Jeker |
2004-05-28 | detect absence of PF_KEY interface and/or the TCP_MD5SIG setsockopts | Henning Brauer |
2004-05-06 | actually reset p->auth_established to 0 in pfkey_[md5sig|ipsec]_remove | Henning Brauer |
2004-05-06 | we need a seperate field for the md5 key len, can't use strlen, noticed | Henning Brauer |
2004-04-28 | support for AH flows and SAs | Markus Friedl |
2004-04-28 | do not give up on ESRCH, someone might have mucked with ipsecadm behind | Henning Brauer |
2004-04-28 | make this at least compile | Henning Brauer |
2004-04-28 | make sure send and reply are in sync; ok henning | Markus Friedl |
2004-04-28 | keep track of which ipsec/md5 SAs we inserted - ESRCH on blind removal | Henning Brauer |
2004-04-28 | don't load SAs into the kernel if IKE is used. | Markus Friedl |
2004-04-28 | prefix the auth related defines by AUTH_, we had a name clash, markus ok | Henning Brauer |
2004-04-27 | rename the ipsec struct to auth, move all tcpmd5 related fields in there, and | Henning Brauer |
2004-04-27 | two missing breaks, repairs tcpmd5, with markus | Henning Brauer |
2004-04-27 | restrict the ipsec flows to BGP only; ok henning | Markus Friedl |
2004-04-27 | crud stripping; henning ok | Theo de Raadt |
2004-04-26 | load ipsec SAs into the kernel and enable them. | Markus Friedl |
2004-03-31 | allow empty (wildcard) sockaddr for src or dst | Henning Brauer |
2004-03-15 | use switch instead of if { } else if { } else { } | Henning Brauer |
2004-01-30 | missing free() in an error path that should be unreachable | Henning Brauer |
2004-01-28 | implement | Henning Brauer |
2004-01-28 | -rename pfkey_setkey to pfkey_sa_add | Henning Brauer |
2004-01-28 | fix pfkey_reply() logic: | Henning Brauer |
2004-01-28 | missing free and fix memset misuse; From: Patrick Latifi <pat@eyeo.org> | Henning Brauer |
2004-01-28 | we need a pfkey_init the gets us a PF_KEY socket before we drop privs | Henning Brauer |
2004-01-28 | -struct peer_auth to store the SPIs, linked into struct peer | Henning Brauer |
2004-01-28 | initial support for SADB_DELETE; ok hshoexer | Markus Friedl |
2004-01-28 | pfkey_setkey: sockaddr -> bgpd_addr; ok claudio | Markus Friedl |
2004-01-27 | missing return() | Henning Brauer |
2004-01-27 | use SADB_GETSPI/UPDATE for setting tcpmd5 keys; ok henning | Markus Friedl |
2004-01-26 | when we error out in send_sa_msg() close the file descriptor. | Henning Brauer |
2004-01-26 | first cut at tcpmd5 setup seupport from within bgpd. works so far. | Henning Brauer |