| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2008-07-01 | Isakmpd acquire mode did not work with a config generated from | Alexander Bluhm | |
| ipsec.conf. The config created by isakmpd dynamically was different from the config that ipsecctl generated out of ipsec.conf. Both config formats are changed so that they match. One needs a passive ike line and a require flow line with the same parameters in the ipsec.conf. Then the acquire message generated by the kernel will trigger isakmpd to generate a config that matches the one that ipsecctl generated from the ike line. ok hshoexer, 'sounds good' todd | |||
| 2008-07-01 | If multiple to addresses but no peer are given in an ike or flow | Alexander Bluhm | |
| rule, the current to address is taken as peer during expansion. This makes the broken regress test ikefail7 obsolete as address family mismatch cannot happen anymore. ok hshoexer | |||
| 2008-06-16 | fix regress after scrub TOS and tagging additions; "commit it" henning@ | David Krause | |
| 2008-05-09 | convert port byte order in the production; add port keyword; ok deraadt@ | Markus Friedl | |
| 2008-05-09 | divert packets to local socket without modifying the ip header; | Markus Friedl | |
| makes transparent proxies much easier; ok beck@, feedback claudio@ | |||
| 2008-05-08 | Add/Fix regression tests for sequences of numbers and stacked | Marco Pfatschbacher | |
| assignments of variables. OK deraadt@ | |||
| 2008-05-07 | scrub packets based on tags; ok henning | Markus Friedl | |
| 2008-05-07 | allow setting TOS with scrub; ok mcbride, claudio | Markus Friedl | |
| 2008-04-21 | Test for blank lines and comments between and inline anchor and its rules. | Ryan Thomas McBride | |
| 2008-02-01 | Add regress test for anchors matching on filter_opts. | Ryan Thomas McBride | |
| 2008-01-04 | Add a regression test for handling addresses with trailing '/32' and address | Hans-Joerg Hoexer | |
| type IPV4_ADDR. | |||
| 2007-11-25 | more existant -> existent, from Martynas Venckus; | Jason McIntyre | |
| pfctl changes: ok henning ssh changes: ok deraadt | |||
| 2007-10-15 | Add new "reached end of file while parsing quoted string" as expected | Hans-Joerg Hoexer | |
| error message. | |||
| 2007-10-14 | regression test for include directive (if anyone has a better way to do | Theo de Raadt | |
| this messy include file copy, let me know) | |||
| 2007-10-13 | we decided numbers used as strings is wrong | Theo de Raadt | |
| 2007-09-23 | Allow numbers to be used as unquoted strings again. | Marco Pfatschbacher | |
| While there, also restrict the use of concatenated, unquoted strings for variable assignments only. Eyeballed by markus@, OK henning@ | |||
| 2007-09-19 | Fix and re-enable tests for interface->address translation. | Marco Pfatschbacher | |
| OK henning | |||
| 2007-09-19 | Add a few "flags any" and "no state" to have the rulesets | Marco Pfatschbacher | |
| match against the old checksums again. | |||
| 2007-09-19 | pfctl seems to report errors when accessing empty tables, | Marco Pfatschbacher | |
| in a different manner now. Use "-T show" now. OK henning | |||
| 2007-09-19 | "flags S/SA keep state" is the default now | Marco Pfatschbacher | |
| OK henning | |||
| 2007-09-19 | Adopt 14 altq tests to the change of the queue output format. | Marco Pfatschbacher | |
| OK henning | |||
| 2007-09-19 | This got broken when a second pool (pfrkentry2) was added | Marco Pfatschbacher | |
| for source-tracking support about 3 years ago. OK henning | |||
| 2007-09-19 | Remove "localhost" from the table test, since the result is dependent | Marco Pfatschbacher | |
| on the resolver. In some enviroments you'll get an AAAA for it, in others you won't. Testing the resolver isn't really the intention of this test anyway. OK henning | |||
| 2007-08-30 | regress test address ranges | Daniel Hartmeier | |
| 2007-07-03 | both 'proto 50' and 'proto esp' must work in flow specifications | Markus Friedl | |
| 2007-06-20 | Allow "log" for nat rules without "pass". | Marco Pfatschbacher | |
| OK henning@, ``passt scho'' markus@ | |||
| 2007-05-19 | detect if newfs fails and add an extra test (amd64 floppy) | Otto Moerbeek | |
| 2007-05-10 | Do not crash when lists include the "any" keyword. Reported by | Hans-Joerg Hoexer | |
| <ralf.horstmann at gmx.net>, thanks! Slightly different fix. Also add a regression test. ok mpf@ | |||
| 2007-05-02 | now that optimization is on by default, fix the regress tests by | David Krause | |
| disabling optimization for the non-optimized tests, ok henning@ | |||
| 2007-04-18 | some newfs checks, not hooked in, because it needs certain disktab | Otto Moerbeek | |
| entries which are not available on all platforms | |||
| 2007-03-16 | move autodetection of the ID type to the parser. this way the | Markus Friedl | |
| static flows have the correct ID, too. ok hshoexer, reyk | |||
| 2007-03-14 | We switched to aes cbc quite some time ago, so also use the correct | Hans-Joerg Hoexer | |
| key sizes here, too. We now have to use 128 bit key instead of 160. Noticed by david@ | |||
| 2007-02-19 | add a test for null encryption | Hans-Joerg Hoexer | |
| 2007-02-19 | we have to use '-k' now to show keys. | Hans-Joerg Hoexer | |
| 2007-02-19 | previous commit to parse.y was undone. adopt these two regression tests. | Hans-Joerg Hoexer | |
| 2007-02-16 | Adopt to recent change in parse.y (do not accept '\n' in quoted | Hans-Joerg Hoexer | |
| strings). The syntax error is now reported at the correct line. | |||
| 2007-01-10 | allow rule if there is at least _one_ matching address family combination. | Markus Friedl | |
| this allows 'flow from lo0 to 127.0.0.1' if lo0 has an ipv6 address. ok itojun@, hshoexer@ | |||
| 2007-01-04 | don't pass -1 as a netmask; report vicviq at gmail.com | Markus Friedl | |
| 2006-11-30 | wrong rid for protocol | Markus Friedl | |
| 2006-11-30 | sync: rmv to unregister ipsec connections | Markus Friedl | |
| 2006-11-30 | sync: proto/port in lid/rid/connection | Markus Friedl | |
| 2006-11-28 | very basic regress test for rtable select code | Henning Brauer | |
| 2006-11-24 | fix typo for remote port; from Brian Candler | Markus Friedl | |
| 2006-11-21 | sync | Markus Friedl | |
| 2006-11-16 | add comment on how to update the *.ok files; ok hshoexer@ | Markus Friedl | |
| 2006-11-13 | Update to match improved address family check. | Ryan Thomas McBride | |
| 2006-11-07 | Use anchor recursion when printing loaded ruleset (make certain that recursion | Ryan Thomas McBride | |
| works and catch some other potential anchor weirdnesses). Non recursive printing still tested in pfopt6. | |||
| 2006-11-07 | Add test for -a with nested anchors. | Ryan Thomas McBride | |
| 2006-11-07 | Add regress tests for inline anchors. | Ryan Thomas McBride | |
| 2006-11-01 | Adjust existing ikedel tests for aggressive mode support (we now | Ryan Thomas McBride | |
| delete both mainmode and aggressive mode phase 1 transforms) | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |