tteras/strongswan/src/libcharon/plugins/kernel_pfkey, branch master

kernel-pfkey: Support anti-replay windows > 2k

2017-11-08T15:35:38+00:00

FreeBSD 11.1 supports a new extension to configure larger anti-replay
windows, now configured as number of packets.

Fixes #2461.

kernel-pfkey: Don't include keys in SADB_UPDATE message to update IPs on FreeBSD

2017-11-08T15:34:12+00:00

The FreeBSD kernel explicitly rejects messages containing keys for mature SAs.

Fixes #2457.

linked-list: Change return value of find_first() and signature of its callback

2017-05-26T11:56:44+00:00

This avoids the unportable five pointer hack.

linked-list: Change interface of callback for invoke_function()

2017-05-26T11:56:44+00:00

This avoids the unportable five pointer hack.

kernel-pfkey: Update SA addresses if supported by the kernel

2017-05-23T15:58:50+00:00

Upcoming FreeBSD kernels will support updating the addresses of existing
SAs with new SADB_X_EXT_NEW_ADDRESS_SRC|DST extensions for the SADB_UPDATE
message.

kernel-pfkey: Use new encap flag on Mac OS X when updating SAs

2017-05-23T15:58:50+00:00

kernel: Make range of SPIs for IPsec SAs configurable

2017-03-02T07:52:56+00:00

kernel-pfkey: Use the same priority range for trap and regular policies

2017-02-08T09:36:38+00:00

Same as the change in the kernel-netlink plugin.

kernel-pfkey: Set state to SADB_SASTATE_MATURE when adding/updating SAs

2017-01-25T16:30:57+00:00

Picky kernels might otherwise reject our messages as RFC 2367 explicitly
mandates this.

Fixes #2212.

kernel-pfkey: Only set the replay window for inbound SAs

2016-06-17T16:46:33+00:00

It is not necessary for outbound SAs and might waste memory when large
window sizes are used.