Age | Commit message (Expand) | Author |
2006-05-29 | enable lists. | Hans-Joerg Hoexer |
2006-05-29 | Provide functions for copying members of rules. Implement copyrule() | Hans-Joerg Hoexer |
2006-05-29 | unify code a little bit (consistent variable names). | Hans-Joerg Hoexer |
2006-05-29 | Also return proper list of addresses for interface groups. | Hans-Joerg Hoexer |
2006-05-29 | As the rule expansion is now aware of host lists, host_if() has to | Hans-Joerg Hoexer |
2006-05-29 | teach expand_rule() to iterate over host lists, not used yet. | Hans-Joerg Hoexer |
2006-05-29 | fix rule numbering (for -vv) | Hans-Joerg Hoexer |
2006-05-29 | merge expand_sa() and expand_rule(). | Hans-Joerg Hoexer |
2006-05-29 | move generation of reverse flow rules to seperat function. | Hans-Joerg Hoexer |
2006-05-29 | unify expansion of SA rules. Needed for general rule expansion. | Hans-Joerg Hoexer |
2006-05-28 | when parsing host specifications, initialize host address queue pointers, not | Hans-Joerg Hoexer |
2006-05-28 | prepare for rule expansion. Get rid of addr_node, link struct | Hans-Joerg Hoexer |
2006-05-28 | add ERANGE error detection, found when looking at bgpd's parse.y | Todd T. Fries |
2006-05-27 | allow to specify groups to be used IKE | Hans-Joerg Hoexer |
2006-05-26 | \<char> is <char> except for \<newline> -- no exceptions. much like how | Theo de Raadt |
2006-05-15 | permit proto 0; ok hshoexer | Theo de Raadt |
2006-05-11 | fix some spelling; noticed by david@ | Hans-Joerg Hoexer |
2006-04-20 | constify char *infile here, too. noticed by lint. | Hans-Joerg Hoexer |
2006-04-19 | add support for interface groups. | Hans-Joerg Hoexer |
2006-04-19 | small cleanup: no need to strdup here. | Hans-Joerg Hoexer |
2006-04-19 | "type" keyword to specify flow type (require, use, etc.) | Hans-Joerg Hoexer |
2006-04-19 | add hostname resolver. | Hans-Joerg Hoexer |
2006-04-13 | Add support for "local" to ike rules. Allows to specify the local IP to be | Hans-Joerg Hoexer |
2006-03-31 | allow specification of encapsulated protocol for ike; ok hshoexer | Markus Friedl |
2006-03-31 | allow specification of encapsulated protocol for flows; ok hshoexer | Markus Friedl |
2006-03-30 | when resolving interface names to ip adresses, set netmask to all bits 1 | Hans-Joerg Hoexer |
2006-03-30 | allow specification of outer local ips in flows (SADB_EXT_ADDRESS_SRC); ok hs... | Markus Friedl |
2006-03-22 | add support for macros in ipsec.conf(5). some bits have already been | Reyk Floeter |
2006-03-07 | add support for special "bypass" and "deny" flows. | Reyk Floeter |
2006-03-07 | add an ike option for road warrior setups (hosts with dynamic ip | Reyk Floeter |
2006-01-20 | initialize authtype->string in case of RSA to avoid bad free() | Christian Weisgerber |
2006-01-17 | wrap long lines (no binary change) | Reyk Floeter |
2006-01-16 | add support for pre-shared keys with "ike esp" using the new keyword | Reyk Floeter |
2005-12-12 | Correctly copy interface names; fixes breakage noticed by naddy@ | Hans-Joerg Hoexer |
2005-12-06 | ipip support: ip-in-ip w/o gif(4); ok hshoexer | Markus Friedl |
2005-12-01 | spacing | Theo de Raadt |
2005-11-27 | sanity check constraints for transforms. | Hans-Joerg Hoexer |
2005-11-27 | truly permit auth/enc/comp expressions to be in any order | Theo de Raadt |
2005-11-26 | allow specficiation of encryption and authentication algorithms to be swapped. | Hans-Joerg Hoexer |
2005-11-24 | Remove old-style keyed sha1/md5. We only support hmac-sha1/md5. | Hans-Joerg Hoexer |
2005-11-12 | spacing | Hans-Joerg Hoexer |
2005-11-12 | add support for interface names as host specifications | Hans-Joerg Hoexer |
2005-11-12 | permit TO/FROM to be swapped (symmetry is good); ok hshoexermk | Theo de Raadt |
2005-11-12 | simplify TAILQ walking code; ok hshoexer | Theo de Raadt |
2005-11-12 | spacing | Theo de Raadt |
2005-11-12 | do not stat() before open(); instead -- use fstat(); ok hshoexer | Theo de Raadt |
2005-11-12 | handle transport/tunnel mode | Hans-Joerg Hoexer |
2005-11-06 | Improved address and address mask handling, derived from pfctl stuff. | Hans-Joerg Hoexer |
2005-11-06 | better handling of ip addresses, prepare for v6. Partially derived from diff | Hans-Joerg Hoexer |
2005-10-30 | prepare for more flexible hostname resolver. Right now just v4, more to come | Hans-Joerg Hoexer |