summaryrefslogtreecommitdiff
path: root/sbin/ipsecctl/ipsecctl.h
AgeCommit message (Expand)Author
2015-11-04Decode Chacha20-Poly1305 when dumping SAs; ok reyk, naddyMike Belopuhov
2012-07-10Rename "life" to "lifetime" to match iked.Lawrence Teo
2012-07-08Disallow manual security associations that use AES-CTR, AES-GCM,Christian Weisgerber
2012-07-05don't output "esn" string in the rule section as we can't use theMike Belopuhov
2012-06-30enable use of AES-{192,256}-CTR, and explicitly of AES-128-CTR, for IPsec ESPChristian Weisgerber
2012-06-29Print esn flag when dumping SAs with ESN enabledMike Belopuhov
2011-11-08allow the path to isakmpd's fifo to be specified (aka changed) on theHenning Brauer
2010-10-06Retire SkipjackMike Belopuhov
2010-09-22Support AES-GCM-16 (as aes-gcm) and ENCR_NULL_AUTH_AES_GMACMike Belopuhov
2009-08-04Specify an ID-type of IPV4_ADDR or IPV6_ADDR if the srcid or dstid isJoel Sing
2009-01-20Add support to isakmpd(8) and ipsecctl(8) to install SA's with aMarco Pfatschbacher
2008-07-01Isakmpd acquire mode did not work with a config generated fromAlexander Bluhm
2008-02-22Support for specifying aes-{128,192,256}. Originial idea by PrabhuHans-Joerg Hoexer
2007-10-13in all these programs using the same pfctl-derived parse.y, re-unify theTheo de Raadt
2007-03-16move autodetection of the ID type to the parser. this way theMarkus Friedl
2007-01-03do not print secret keys by default, -k restores old behaviour; ok hshoexerMarkus Friedl
2006-11-30handle multiple SAs with different same src/dst but different port;Markus Friedl
2006-11-24add support to tag ipsec traffic belonging to specific IKE-initiatedReyk Floeter
2006-11-01Add support for aggressive mode (from the k2k6 IPsec hackathon).Ryan Thomas McBride
2006-06-18add group "none"; when choosen, pfs will be disabled.Hans-Joerg Hoexer
2006-06-02print full information about tcpmd5 and ipcomp SAs, tooMarkus Friedl
2006-06-02allow to specify phase 1 and 2 lifetimes. Right now, these valuesHans-Joerg Hoexer
2006-06-02put src and dst host in dedicated structure. Make the API moreHans-Joerg Hoexer
2006-06-02Generalize parsing of main/quick mode specification. PreparationHans-Joerg Hoexer
2006-06-02Prepare for parsing lifetimes for ike main and quick mode. Not enabled yet.Hans-Joerg Hoexer
2006-06-01Support flows with port modifiers for proto tcp/udp, e.g.Christian Weisgerber
2006-06-01convert pfkey to ipsec_rule and use ipsecctl_print_rule() when dumpingMarkus Friedl
2006-06-01Add members dst2, proto2 and spi2 to struct ipsec_rule and defineHans-Joerg Hoexer
2006-06-01Prepare for SA grouping.Hans-Joerg Hoexer
2006-06-01rename list link for ipsec_rule structures from "entries" to "rule_entry".Hans-Joerg Hoexer
2006-05-31white spacesHans-Joerg Hoexer
2006-05-30implement monitor mode for ipsecctl. worked on with markus@Mathieu Sauve-Frankel
2006-05-29Need protoype for ipsecctl_free_rule(). While around clean upHans-Joerg Hoexer
2006-05-28whoops, undo last commit. Of course, set_ipmask() is needed...Hans-Joerg Hoexer
2006-05-28this one not needed yet.Hans-Joerg Hoexer
2006-05-28fill in AF_INET6 casesTodd T. Fries
2006-05-27allow to specify groups to be used IKEHans-Joerg Hoexer
2006-03-31allow specification of encapsulated protocol for flows; ok hshoexerMarkus Friedl
2006-03-30allow specification of outer local ips in flows (SADB_EXT_ADDRESS_SRC); ok hs...Markus Friedl
2006-03-22add support for macros in ipsec.conf(5). some bits have already beenReyk Floeter
2006-03-07add an ike option for road warrior setups (hosts with dynamic ipReyk Floeter
2006-01-17no , after last element in enumTheo de Raadt
2006-01-16add support for pre-shared keys with "ike esp" using the new keywordReyk Floeter
2005-12-06ipip support: ip-in-ip w/o gif(4); ok hshoexerMarkus Friedl
2005-11-24Remove old-style keyed sha1/md5. We only support hmac-sha1/md5.Hans-Joerg Hoexer
2005-11-12add support for interface names as host specificationsHans-Joerg Hoexer
2005-11-12spacingTheo de Raadt
2005-11-12handle transport/tunnel modeHans-Joerg Hoexer
2005-11-06Improved address and address mask handling, derived from pfctl stuff.Hans-Joerg Hoexer
2005-11-06better handling of ip addresses, prepare for v6. Partially derived from diffHans-Joerg Hoexer