summaryrefslogtreecommitdiffstats
path: root/sbin/iked/policy.c (follow)
Commit message (Expand)AuthorAgeFilesLines
* We makes sure that a dh group is required if the local proposaltobhe2021-03-151-3/+13
* Make sure sa_policy is not NULL in sa_configure_iface(). This can happentobhe2021-03-011-2/+2
* Add dynamic address configuration for roadwarrior clients.tobhe2021-02-131-1/+119
* Fix local and peer addresses in policy lookup for dangling SAstobhe2021-02-121-3/+3
* Add optional 'group none' transform for child SAs and fix handling oftobhe2021-02-091-2/+3
* Take flows into consideration for policy lookup as initiator.tobhe2021-02-011-2/+6
* Use policy_test() to reassign existing SAs to updated policies aftertobhe2020-12-211-10/+104
* The skip steps must be set up for each attribute independentlytobhe2020-12-021-5/+5
* Fix proposal error handling. If a proposal contains an unknown transformtobhe2020-11-251-2/+2
* Constify sa in ikev2_pld_eap(). The parser code must not change anytobhe2020-11-181-2/+2
* Delete dead code.tobhe2020-09-091-13/+1
* Add a new configuration option to limit the number of connections fortobhe2020-08-231-1/+113
* Remove dead assignments.tobhe2020-08-151-4/+4
* Delete commented out code.tobhe2020-08-061-2/+1
* Handle TEMPORARY_FAILURE notification on IKESA rekeying.tobhe2020-07-211-2/+5
* Make sure to update policy dependant SA fields after policy_lookup().tobhe2020-07-161-2/+2
* Pass sockaddr instead of sockaddr_storage to sa_address.tobhe2020-06-031-6/+5
* Add AES-GCM mode ciphers (IANA IDs 19 and 20) for IKEv2.tobhe2020-05-261-3/+14
* Remove unnecessary logging messages.tobhe2020-05-131-5/+2
* Fix policy lookup edge case for simultaneous transport and tunnel mode SAs.tobhe2020-05-111-2/+17
* The order of arguments to proposals_negotiate makes a difference.tobhe2020-04-281-3/+3
* Add support for switching rdomain on IPsec encryption/decryption.tobhe2020-04-231-1/+3
* It makes no sense to fall back to original policy if the relookup with thetobhe2020-04-041-7/+5
* Relookup policy based on received cryptographic parameter proposal.tobhe2020-03-101-3/+7
* Use TAILQ_FOREACH_SAFE instead of hand rolled loops.tobhe2020-03-091-5/+3
* When the proposals are first matched the responder doestobhe2020-03-011-1/+204
* Link ESP-SA and IPcomp-SA using GRPSPIS instead of using a self-builttobhe2020-01-071-51/+6
* Refactor child SA cleanup.tobhe2019-12-281-1/+4
* We can receive a delete and free an SA that is referenced in sa_nextr.tobhe2019-12-101-2/+29
* Correctly represent flows as traffic selectors as described in RFC 7296. Thistobhe2019-12-031-1/+47
* Log loaded SPIs and flows.tobhe2019-11-301-4/+6
* Log reason whenever a child SA is freed. This makes it easier totobhe2019-11-131-4/+8
* Prepend SPI to send and recv log messages to see which line belongs totobhe2019-08-121-3/+3
* Implement MOBIKE (RFC 4555) support in iked(8), with us acting aspatrick2017-11-271-2/+43
* Resolve simultaneous IKE SA rekeyingmikeb2017-03-131-4/+8
* When freeing a Child SA make sure it's peer no longer points to itmikeb2017-03-131-1/+5
* flow_cmp() must compare the same flow-attributes as the kernel,patrick2017-03-131-5/+13
* We need to call policy_ref() for policies that have refcountingpatrick2017-03-131-2/+10
* Implement a second address pool specifically for IPv6, so thatpatrick2016-06-011-1/+9
* Fix ocsp by adding a missing TAILQ_INIT().reyk2015-10-201-1/+2
* Fix interoperability with Apple iOS9: If we don't get a (valid)reyk2015-10-011-3/+3
* Switch iked to C99-style fixed-width integer types.reyk2015-08-211-11/+11
* spacing (no binary change, verified with checksums)reyk2015-08-191-2/+2
* repair policy-ikesa-linking by replacing the broken RB_TREE w/TAILQmarkus2015-07-071-37/+15
* Replace <sys/param.h> with <limits.h> and other less dirty headers wherederaadt2015-01-161-2/+1
* Fixup a few problems with EAP state transitionmikeb2014-11-071-3/+2
* initiate ike sa rekeying (ikesalifetime keyword), re-queue pfkeymarkus2014-05-061-6/+12
* cleanup IKE-SA tree handling (fixes repeated-insert & double-remove)markus2014-05-061-18/+23
* make sure the state machine only advances if the AUTH payload hasmarkus2014-04-291-8/+15
* support rekeying for IPCOMP; ok mikeb@markus2014-02-211-5/+13
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.