summaryrefslogtreecommitdiffstats
path: root/sbin/iked
AgeCommit message (Expand)AuthorFilesLines
2021-03-25Sync correct ROUNDUP() from net/route.ctobhe1-3/+2
2021-03-23Don't send DELETE notify if IKE SA is replaced because oftobhe1-2/+2
2021-03-21The tag comes after iface in iked.conf(5).tobhe1-4/+4
2021-03-16Add 'grp31' alias for curve25519 as documented in iked.conf(5).tobhe1-1/+2
2021-03-15We makes sure that a dh group is required if the local proposaltobhe1-3/+13
2021-03-15Ignore msg_ke in CREATE_CHILD_SA if DH negotiation results in grouptobhe1-3/+7
2021-03-14Log errors with log level info and SPI.tobhe1-12/+17
2021-03-09Also log transforms on IKE SA rekey.tobhe1-3/+10
2021-03-07Log ESN for child SAs if enabled.tobhe1-3/+6
2021-03-06whitespacetobhe1-2/+2
2021-03-05Print PFS group for rekeyed Child SAs.tobhe2-6/+14
2021-03-05Log transforms of established IKE and Child SAs.tobhe1-7/+36
2021-03-05Move policy printing code from parse.y to new print.ctobhe4-247/+291
2021-03-04Remove -g from CFLAGS. This was accidentally added with the last commit.tobhe1-2/+2
2021-03-04Derive config netmask from address pool if not explicitly configured.tobhe2-4/+26
2021-03-03Free sc_vroute on shutdown.tobhe1-1/+2
2021-03-02Increase the size of iov in pfkey_sa() to be large enough for alljsg1-2/+2
2021-03-01Make sure sa_policy is not NULL in sa_configure_iface(). This can happentobhe1-2/+2
2021-02-28Rename addr to gateway.tobhe1-8/+8
2021-02-27Set RTF_GATEWAY for host route based on RTM_GET response.tobhe1-11/+15
2021-02-26Set RTF_GATEWAY for flow routes, not for host route.tobhe1-3/+3
2021-02-26Fix and improve handling of address families in vroute_getcloneroute().tobhe1-27/+9
2021-02-25Constify cipher API.tobhe2-10/+10
2021-02-24Use ASN1_STRING_get0_data() instead of the deprecated ASN1_STRING_data().tobhe1-3/+3
2021-02-22Don't pass 'id' as argument to make function signature match similartobhe3-7/+7
2021-02-21Don't explicitly send address family in IMSG_VROUTE_ADD. The receivingtobhe1-12/+2
2021-02-20Fail on invalid address family.tobhe1-1/+3
2021-02-19Fail on duplicate nonce payload.tobhe1-2/+5
2021-02-18Save one allocation by passing msg_nonce ownership instead of usingtobhe1-10/+10
2021-02-18Remove redundant ibuf_release. msg_ke is always NULL because of thetobhe1-2/+1
2021-02-18Pass ownership instead of duplicating ibuf msg_ke.tobhe1-12/+5
2021-02-16Fail on duplicate KE payload.tobhe1-1/+5
2021-02-13Add dynamic address configuration for roadwarrior clients.tobhe10-18/+751
2021-02-12Fix local and peer addresses in policy lookup for dangling SAstobhe1-3/+3
2021-02-11Explicitly unset IKED_REQ_CERTVALID before sending cert to ca process.tobhe1-1/+2
2021-02-10Delay deletion of IKE SAs on rekey when stickyaddress is enabled to maketobhe1-2/+10
2021-02-09Add optional 'group none' transform for child SAs and fix handling oftobhe3-8/+39
2021-02-08Clean up kernel IPsec flows and security associations on shutdown.tobhe3-10/+33
2021-02-07Free X509_STOREs in ca_shutdown().tobhe1-1/+3
2021-02-07Fix address leaks in expand_flows().tobhe1-3/+5
2021-02-04Rename 'struct group' to 'struct dh_group' for more clarity andtobhe4-63/+63
2021-02-04EC_POINT_get_affine_coordinates_GFp() and EC_POINT_get_affine_coordinates_GF2m()tobhe1-21/+7
2021-02-04Upgrade to OpenSSL 1.1 compatible crypto API. Add additionaltobhe5-144/+231
2021-02-01Take flows into consideration for policy lookup as initiator.tobhe3-11/+15
2021-02-01Whitespacetobhe1-2/+2
2021-01-31Ignore addresses that are not 0/32 (dynamic) in ikev2_cp_fixaddr()tobhe1-3/+3
2021-01-31Don't leak flows if ikev2_cp_fixflow() fails.tobhe1-3/+8
2021-01-29Add proper padding for pfkey messages. Use ROUNDUP() for auth andtobhe1-22/+95
2021-01-28Extern privsep_process. Fixes compilation with -fno-common.mortimer2-3/+5
2021-01-26Add support for RSA-PSS PKCS1 signatures. Don't enable them bytobhe2-19/+23
Copyright © 1996 – 2026 Jason A. Donenfeld. All Rights Reverse Engineered.