| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2010-07-03 | add several new tests for pfctl, and fix the output of some existing | Peter Hessler | |
| tests for the updated pfctl. OK henning@, mcbride@ | |||
| 2010-07-01 | if we cannot copy the setup file (because objdir doesn't exist), then | Peter Hessler | |
| continue anyways. | |||
| 2010-06-30 | Add a test for route labels, re PR6416. ok phessler@ | Stuart Henderson | |
| 2010-06-29 | Replace the hand-crafted Diffie-Hellman implementation in isakmpd with | Reyk Floeter | |
| the smaller implementation from iked that is using libcrypto instead. This allows to remove a lot of code (which is always good), get rid of some custom crypto code by using libcrypto, theoretically adds support for many new MODP and EC2N/ECP modes (but it is not configurable yet), and allows to share the dh.c/dh.h code in different codebases (it is identical in isakmpd and iked, but could also be used elsewhere). ok deraadt@ | |||
| 2010-06-20 | The -R option was removed from pfctl in March, so we no longer need this | Peter Hessler | |
| test. The remaining pieces are all tested in other regress tests. OK sthen@ | |||
| 2010-05-10 | Various comment typos. 'wether' -> 'whether' (most popular), 'possiblity' -> | Kenneth R Westerback | |
| 'possibility', 'optins' -> 'options', 'resposne' -> 'response', 'unecessary' -> 'unnecessary', 'desination' -> 'destination'. Collected from various misc@ and tech@ postings, many by Brad Tilley. | |||
| 2010-03-23 | adjust after -A / -O / -R / -T load removal | Henning Brauer | |
| 2010-01-13 | Update regress output files to -current behaviour | Ryan Thomas McBride | |
| - non-pool translation/routing specification - leftover bits from nat-to/rdr-to/binat-to | |||
| 2010-01-13 | Remove random component of auto-generated table names in loaded rules. | Ryan Thomas McBride | |
| 2010-01-12 | no nat is no longer legal | Ryan Thomas McBride | |
| convert nat/rdr/binat rules to nat-to/rdr-to/binat-to | |||
| 2010-01-12 | { if0, if1 } is ambiguous in a route spec, and this should have been | Ryan Thomas McBride | |
| rejected before (I'm surprised this worked) | |||
| 2010-01-12 | nat-anchor, rdr-anchor, binat-anchor are no longer legal in the grammar. | Ryan Thomas McBride | |
| 2010-01-04 | add a script that I use before ever release to check that our | Theo de Raadt | |
| edge conditions for disklabel -A are going to be acceptable ok krw | |||
| 2009-10-06 | more updates for new pf with source-hash manually added to | Jonathan Gray | |
| loaded output as it doesn't currently appear as it should. ok henning@ | |||
| 2009-09-24 | Update some more tests for new pf. | Jonathan Gray | |
| ok henning@ | |||
| 2009-09-24 | Remove some tests that are no longer relevant with the new pf. | Jonathan Gray | |
| ok henning@ | |||
| 2009-09-23 | sync with pfopt5.in correct comments regarding -N/-R | Jonathan Gray | |
| 2009-09-23 | More tweaks to try to catchup to recent pf changes. | Jonathan Gray | |
| pfopt5 part from sthen@ ok henning@ sthen@ | |||
| 2009-09-07 | implement binat-to as a macro-like rule: a rule using the new binat-to | Reyk Floeter | |
| syntax will be expanded by the parser to a nat-to+rdr-to combination to be loaded into the kernel. this simplifies the migration from old binat rules and is less error-prone. feedback from many, manpage bits from jmc@ ok henning@ | |||
| 2009-09-03 | Adapt to new pfctl, remove use of -Fn and -sn | Jonathan Gray | |
| Thanks to phessler for pointing out that the show command was buried in '-gvvsn' ok henning | |||
| 2009-09-03 | adapt to new pf | Jonathan Gray | |
| ok henning | |||
| 2009-09-03 | adapt to nat changes | Jonathan Gray | |
| ok henning | |||
| 2009-09-02 | convert a bunch of rdr/nat rules to the new syntax | Jonathan Gray | |
| Things still need to be changed for route-to/binat/command line options among other things. ok henning | |||
| 2009-08-04 | Add regress tests with IPv4 and IPv6 addresses for the srcid and/or dstid. | Joel Sing | |
| ok hshoexer@ | |||
| 2009-06-30 | add "-o none" to pfctl call to prevent automatic table creation of | David Krause | |
| multiple addresses which causes the test to fail; ok sthen@ | |||
| 2009-06-30 | update after the "reassemble tcp" fix (kernel/6178); ok sthen@ | David Krause | |
| 2009-06-24 | fix this regression test; "reassemble tcp" should be in this location | Stuart Henderson | |
| in the output. this test currently fails; see kernel/6178 | |||
| 2009-05-14 | handle the new require-order default of "no" in existing tests, and add | Stuart Henderson | |
| a new test to check it's working correctly. ok deraadt@ | |||
| 2009-04-26 | - check equality with '==', from skreuzer@exit2shell.com | Okan Demirmen | |
| - unbreak, since -r was removed from disklabel(8) ok otto@ | |||
| 2009-04-06 | more scrub scrubbing | Henning Brauer | |
| 2009-04-06 | scrub gone | Henning Brauer | |
| 2009-01-30 | If the "peer" address is not specified or derived from "to" for | Alexander Bluhm | |
| "ike" rules in ipsec.conf, the default peer is used. In theory ipsecctl -f ipsec.conf can configure the default peer for each "ike" entry. As isakmpd only supports one default peer, the last "ike" rule that uses a default peer wins. This configuration is then significant for all "ike" rules that use the default peer. Now a warning is printed if a later rule in ipsec.conf changes the configuration of the original default peer. This should be an error but that would break existing user configs. So only a warning is printed. ok hshoexer@, todd@ | |||
| 2009-01-29 | Remove ikefail10 ipsecctl regression test as it always fails. It | Alexander Bluhm | |
| was expecting a certain parser error message. Accepting the ikefail10 config file is not considered to be a bug anymore. ok hshoexer@ | |||
| 2009-01-28 | Allow to specify ike and flow explicitly without peer. The any | Alexander Bluhm | |
| keyword as argument for the peer parameter will do that. An ike without peer creates the peer-default config. A flow without peer acquires a host-to-host SA. tested by grunk@, todd@, ok grunk@, hshoexer@, todd@ | |||
| 2009-01-20 | Regression tests for source flow NAT support. | Marco Pfatschbacher | |
| OK hshoexer@, markus@. | |||
| 2009-01-19 | Do not use "egress" keyword as it expands to an actual interface, | Hans-Joerg Hoexer | |
| which might be different on different machines. Use some fixed addresses instead. pointed out and ok david@ | |||
| 2008-12-22 | add regression test for aes-{128,192,256} being used with main and quick | Hans-Joerg Hoexer | |
| mode. | |||
| 2008-12-22 | Adopt to recent change: /32 now is treated as a network address. | Hans-Joerg Hoexer | |
| prodded by david@ | |||
| 2008-10-19 | The optional table counters added a field to the verbose | Marco Pfatschbacher | |
| table output. Adopt. | |||
| 2008-10-19 | vmstat(8) now reports "InUse" instead of "Releases". | Marco Pfatschbacher | |
| Adopt for ktable/kentry usage/leakage tests. Also run vmstat verbose, to avoid matching failures if the pools haven't been used yet. | |||
| 2008-07-01 | Isakmpd acquire mode did not work with a config generated from | Alexander Bluhm | |
| ipsec.conf. The config created by isakmpd dynamically was different from the config that ipsecctl generated out of ipsec.conf. Both config formats are changed so that they match. One needs a passive ike line and a require flow line with the same parameters in the ipsec.conf. Then the acquire message generated by the kernel will trigger isakmpd to generate a config that matches the one that ipsecctl generated from the ike line. ok hshoexer, 'sounds good' todd | |||
| 2008-07-01 | If multiple to addresses but no peer are given in an ike or flow | Alexander Bluhm | |
| rule, the current to address is taken as peer during expansion. This makes the broken regress test ikefail7 obsolete as address family mismatch cannot happen anymore. ok hshoexer | |||
| 2008-06-16 | fix regress after scrub TOS and tagging additions; "commit it" henning@ | David Krause | |
| 2008-05-09 | convert port byte order in the production; add port keyword; ok deraadt@ | Markus Friedl | |
| 2008-05-09 | divert packets to local socket without modifying the ip header; | Markus Friedl | |
| makes transparent proxies much easier; ok beck@, feedback claudio@ | |||
| 2008-05-08 | Add/Fix regression tests for sequences of numbers and stacked | Marco Pfatschbacher | |
| assignments of variables. OK deraadt@ | |||
| 2008-05-07 | scrub packets based on tags; ok henning | Markus Friedl | |
| 2008-05-07 | allow setting TOS with scrub; ok mcbride, claudio | Markus Friedl | |
| 2008-04-21 | Test for blank lines and comments between and inline anchor and its rules. | Ryan Thomas McBride | |
| 2008-02-01 | Add regress test for anchors matching on filter_opts. | Ryan Thomas McBride | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |