| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2015-01-16 | Replace <sys/param.h> with <limits.h> and other less dirty headers where | Theo de Raadt | |
| possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol) | |||
| 2014-11-20 | Yet more #include de-duplication. | Kenneth R Westerback | |
| ok deraadt@ tedu@ | |||
| 2012-07-05 | don't output "esn" string in the rule section as we can't use the | Mike Belopuhov | |
| keyword in the grammar to create a esn-enabled rule (no reason to do so for manual sa configuration). instead decode sa flags so that we can also watch changes happening in the realtime with the monitor mode. prompted and ok by naddy | |||
| 2012-06-29 | Print esn flag when dumping SAs with ESN enabled | Mike Belopuhov | |
| 2011-11-08 | - put -i in the right place | Jason McIntyre | |
| - prevent an erroneous space in the formatting of -D | |||
| 2011-11-08 | allow the path to isakmpd's fifo to be specified (aka changed) on the | Henning Brauer | |
| command line, ok mikeb sthen | |||
| 2009-01-27 | A warning text in ipsecctl was used twice. Make the messages unique | Alexander Bluhm | |
| for easier debugging. ok grunk@, hshoexer@, todd@ | |||
| 2009-01-20 | Add support to isakmpd(8) and ipsecctl(8) to install SA's with a | Marco Pfatschbacher | |
| different source network than we have negotiated with a peer. This enables us to do nat/binat on the enc(4) interface. Very useful to work around rfc 1918 collisions. Manpage and testing by Mitja Muzenic. Thanks! OK hshoexer@, markus@. "I like it" todd@ | |||
| 2008-07-21 | Free the rules in the rule_queue also if ipsecctl is called with | Alexander Bluhm | |
| the -n switch. This triggers malloc related bugs during the regress tests. ok hshoexer | |||
| 2008-07-01 | Isakmpd acquire mode did not work with a config generated from | Alexander Bluhm | |
| ipsec.conf. The config created by isakmpd dynamically was different from the config that ipsecctl generated out of ipsec.conf. Both config formats are changed so that they match. One needs a passive ike line and a require flow line with the same parameters in the ipsec.conf. Then the acquire message generated by the kernel will trigger isakmpd to generate a config that matches the one that ipsecctl generated from the ike line. ok hshoexer, 'sounds good' todd | |||
| 2007-10-13 | in all these programs using the same pfctl-derived parse.y, re-unify the | Theo de Raadt | |
| yylex implementation and the code which interacts with yylex. this also brings the future potential for include support to all of the parsers. in the future please do not silly modifications to one of these files without checking if you are de-unifying the code. checked by developers in all these areas. | |||
| 2007-08-21 | no need to include both sys/types.h and params.h | Hans-Joerg Hoexer | |
| 2007-02-19 | do not display empty authkey/enckey line when -k option is not | Hans-Joerg Hoexer | |
| specified. ok markus@ | |||
| 2007-01-10 | add -k to usage(); | Jason McIntyre | |
| 2007-01-03 | do not print secret keys by default, -k restores old behaviour; ok hshoexer | Markus Friedl | |
| 2006-11-30 | handle multiple SAs with different same src/dst but different port; | Markus Friedl | |
| store IKE connection string and phase2 IDs in the ipsec rule; cleanup internal API: pass rules around instead of rule members; report Brian Candler; fix with hshoexer, msf; ok hshoexer | |||
| 2006-11-10 | When using -vv, also show grouped SAs. | Hans-Joerg Hoexer | |
| 2006-11-01 | KNF unrelated to previous commit. | Ryan Thomas McBride | |
| 2006-11-01 | Add support for aggressive mode (from the k2k6 IPsec hackathon). | Ryan Thomas McBride | |
| ok hshoexer | |||
| 2006-09-19 | sort SAs by spi; ok hshoexer | Markus Friedl | |
| 2006-08-31 | Security Association Database is abbreviated 'SAD' (RFC 2401 et al), not ↵ | Hakan Olsson | |
| 'SADB'. jmc@, hshoexer@ ok. | |||
| 2006-06-08 | fix usage, make synopsis more pretty. noticed by david@ | Hans-Joerg Hoexer | |
| 2006-06-02 | exit(2) when loading of rules did work partially. ok markus@ | Hans-Joerg Hoexer | |
| 2006-06-02 | add trailing \ when printing multiple lines for an SA, this way | Markus Friedl | |
| the output of ispecctl matches its input | |||
| 2006-06-02 | allow to specify phase 1 and 2 lifetimes. Right now, these values | Hans-Joerg Hoexer | |
| can only be set globally (ie. Default-phase-[12]-lifetime). | |||
| 2006-06-01 | Support flows with port modifiers for proto tcp/udp, e.g. | Christian Weisgerber | |
| flow proto udp from 1.2.3.4 port ntp to 5.6.7.8 ok hshoexer@ msf@ | |||
| 2006-06-01 | more to free, needed for SA grouping. | Hans-Joerg Hoexer | |
| 2006-06-01 | convert pfkey to ipsec_rule and use ipsecctl_print_rule() when dumping | Markus Friedl | |
| the in-kernel SAs. this way we produce the same output as rule loading ok hshoexer | |||
| 2006-06-01 | Prepare for SA grouping. | Hans-Joerg Hoexer | |
| 2006-06-01 | correct error messages to match calloc where appropriate | Todd T. Fries | |
| ok hshoexer@ | |||
| 2006-06-01 | rename list link for ipsec_rule structures from "entries" to "rule_entry". | Hans-Joerg Hoexer | |
| 2006-05-30 | implement monitor mode for ipsecctl. worked on with markus@ | Mathieu Sauve-Frankel | |
| ok hshoexer@ | |||
| 2006-05-29 | add ipsecctl_free_rule() for cleaning up rules. | Hans-Joerg Hoexer | |
| 2006-03-31 | wenn dumping rules always show type, srcid and dstid (if set). | Hans-Joerg Hoexer | |
| ok reyk@ | |||
| 2006-03-31 | allow specification of encapsulated protocol for flows; ok hshoexer | Markus Friedl | |
| 2006-03-30 | allow specification of outer local ips in flows (SADB_EXT_ADDRESS_SRC); ok ↵ | Markus Friedl | |
| hshoexer, reyk | |||
| 2006-03-22 | add support for macros in ipsec.conf(5). some bits have already been | Reyk Floeter | |
| there. requested by david@ ok hshoexer@, msf@ | |||
| 2006-02-01 | noted by lint: include <string.h> instead of <strings.h>, add tow ARGSUSED1 | Hans-Joerg Hoexer | |
| 2006-01-17 | wrap long lines (no binary change) | Reyk Floeter | |
| 2006-01-16 | add support for pre-shared keys with "ike esp" using the new keyword | Reyk Floeter | |
| "psk". rsa-sig is recommended and will still be used by default. ok hshoexer@, manpage ok jmc@ | |||
| 2005-12-06 | more appropriate error messages; ok hshoexer | Markus Friedl | |
| 2005-12-06 | ipip support: ip-in-ip w/o gif(4); ok hshoexer | Markus Friedl | |
| 2005-12-01 | do not choke and dump core when printing bypass flows. noticed by jacob | Hans-Joerg Hoexer | |
| schlyter. Thanks! | |||
| 2005-11-30 | handle that pfkey_ipsec_flush() can fail. | Hans-Joerg Hoexer | |
| 2005-11-21 | Fix memory leaks. From Andrey Matveev <evol at online dot ptt dot ru>, | Hans-Joerg Hoexer | |
| thanks! | |||
| 2005-11-13 | fclose() file descriptor of the rule file when we are done with it. | Hans-Joerg Hoexer | |
| From David Hill <dhill at mindcry dot org>, thanks! | |||
| 2005-11-12 | spacing | Theo de Raadt | |
| 2005-11-12 | handle transport/tunnel mode | Hans-Joerg Hoexer | |
| 2005-11-06 | Improved address and address mask handling, derived from pfctl stuff. | Hans-Joerg Hoexer | |
| 2005-11-06 | better handling of ip addresses, prepare for v6. Partially derived from diff | Hans-Joerg Hoexer | |
| by todd@. Work in progress. | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |