summaryrefslogtreecommitdiff
path: root/sbin/ipsecctl/ipsecctl.c
AgeCommit message (Expand)Author
2024-02-06Tweak previous. Passing "dns" to pledge(2) is suitable for the purpose.YASUOKA Masahiko
2024-01-29Open /etc/{services,protocols} before pledge(2).YASUOKA Masahiko
2023-10-09Add pledge("stdio") before parsing pfkey messages. This applies toTobias Heider
2023-03-07Delete obsolete /* ARGSUSED1 */ lint comments.Philip Guenther
2018-09-07Remove unnused af argument from unmask(), sync with pfctlkn
2017-11-20Support collapsing flow outputs.Martin Pieuchot
2017-04-19Rename all SA groups to bundles consistently. The first kernelAlexander Bluhm
2017-03-02Now that the kernel provides information about IPsec SA bundles,Alexander Bluhm
2015-12-10Remove NULL-checks before free(). ok tb@mmcc
2015-01-16Replace <sys/param.h> with <limits.h> and other less dirty headers whereTheo de Raadt
2014-11-20Yet more #include de-duplication.Kenneth R Westerback
2012-07-05don't output "esn" string in the rule section as we can't use theMike Belopuhov
2012-06-29Print esn flag when dumping SAs with ESN enabledMike Belopuhov
2011-11-08- put -i in the right placeJason McIntyre
2011-11-08allow the path to isakmpd's fifo to be specified (aka changed) on theHenning Brauer
2009-01-27A warning text in ipsecctl was used twice. Make the messages uniqueAlexander Bluhm
2009-01-20Add support to isakmpd(8) and ipsecctl(8) to install SA's with aMarco Pfatschbacher
2008-07-21Free the rules in the rule_queue also if ipsecctl is called withAlexander Bluhm
2008-07-01Isakmpd acquire mode did not work with a config generated fromAlexander Bluhm
2007-10-13in all these programs using the same pfctl-derived parse.y, re-unify theTheo de Raadt
2007-08-21no need to include both sys/types.h and params.hHans-Joerg Hoexer
2007-02-19do not display empty authkey/enckey line when -k option is notHans-Joerg Hoexer
2007-01-10add -k to usage();Jason McIntyre
2007-01-03do not print secret keys by default, -k restores old behaviour; ok hshoexerMarkus Friedl
2006-11-30handle multiple SAs with different same src/dst but different port;Markus Friedl
2006-11-10When using -vv, also show grouped SAs.Hans-Joerg Hoexer
2006-11-01KNF unrelated to previous commit.Ryan Thomas McBride
2006-11-01Add support for aggressive mode (from the k2k6 IPsec hackathon).Ryan Thomas McBride
2006-09-19sort SAs by spi; ok hshoexerMarkus Friedl
2006-08-31Security Association Database is abbreviated 'SAD' (RFC 2401 et al), not 'SAD...Hakan Olsson
2006-06-08fix usage, make synopsis more pretty. noticed by david@Hans-Joerg Hoexer
2006-06-02exit(2) when loading of rules did work partially. ok markus@Hans-Joerg Hoexer
2006-06-02add trailing \ when printing multiple lines for an SA, this wayMarkus Friedl
2006-06-02allow to specify phase 1 and 2 lifetimes. Right now, these valuesHans-Joerg Hoexer
2006-06-01Support flows with port modifiers for proto tcp/udp, e.g.Christian Weisgerber
2006-06-01more to free, needed for SA grouping.Hans-Joerg Hoexer
2006-06-01convert pfkey to ipsec_rule and use ipsecctl_print_rule() when dumpingMarkus Friedl
2006-06-01Prepare for SA grouping.Hans-Joerg Hoexer
2006-06-01correct error messages to match calloc where appropriateTodd T. Fries
2006-06-01rename list link for ipsec_rule structures from "entries" to "rule_entry".Hans-Joerg Hoexer
2006-05-30implement monitor mode for ipsecctl. worked on with markus@Mathieu Sauve-Frankel
2006-05-29add ipsecctl_free_rule() for cleaning up rules.Hans-Joerg Hoexer
2006-03-31wenn dumping rules always show type, srcid and dstid (if set).Hans-Joerg Hoexer
2006-03-31allow specification of encapsulated protocol for flows; ok hshoexerMarkus Friedl
2006-03-30allow specification of outer local ips in flows (SADB_EXT_ADDRESS_SRC); ok hs...Markus Friedl
2006-03-22add support for macros in ipsec.conf(5). some bits have already beenReyk Floeter
2006-02-01noted by lint: include <string.h> instead of <strings.h>, add tow ARGSUSED1Hans-Joerg Hoexer
2006-01-17wrap long lines (no binary change)Reyk Floeter
2006-01-16add support for pre-shared keys with "ike esp" using the new keywordReyk Floeter
2005-12-06more appropriate error messages; ok hshoexerMarkus Friedl