Age | Commit message (Expand) | Author |
2009-01-30 | If the "peer" address is not specified or derived from "to" for | Alexander Bluhm |
2009-01-29 | After checking that peer == NULL do not assign peer = NULL a few | Alexander Bluhm |
2009-01-28 | Allow to specify ike and flow explicitly without peer. The any | Alexander Bluhm |
2009-01-20 | Add support to isakmpd(8) and ipsecctl(8) to install SA's with a | Marco Pfatschbacher |
2008-11-14 | When parsing v4 addresses mark them as network addresses | Hans-Joerg Hoexer |
2008-10-17 | findeol() fix from pfctl | Henning Brauer |
2008-07-01 | If a rules contains a hostname instead of an address, use the list | Alexander Bluhm |
2008-07-01 | If multiple to addresses but no peer are given in an ike or flow | Alexander Bluhm |
2008-06-14 | Move ike and flow peer selection to common function. | Alexander Bluhm |
2008-06-11 | trivial code simplification | Alexander Bluhm |
2008-04-11 | add support for the "include" directive using code from pfctl/parse.y. | Reyk Floeter |
2008-02-22 | Support for specifying aes-{128,192,256}. Originial idea by Prabhu | Hans-Joerg Hoexer |
2007-11-12 | Remove space/tab compression function from lgetc() and replace | Marco Pfatschbacher |
2007-10-22 | sync with daemon parser code. | Pierre-Yves Ritschard |
2007-10-16 | Allow '=' to end a number in all lexers. | Marco Pfatschbacher |
2007-10-16 | in the lex... even inside quotes, a \ followed by space or tab should | Theo de Raadt |
2007-10-13 | in all these programs using the same pfctl-derived parse.y, re-unify the | Theo de Raadt |
2007-10-11 | next step in the yylex unification: handle quoted strings in a nicer fashion | Theo de Raadt |
2007-09-12 | Here too: Add support to the lex for parsing number out of the stream. | Hans-Joerg Hoexer |
2007-08-10 | duplicate strdup; ok hshoexer | Markus Friedl |
2007-07-03 | allow proto esp/ah in flow specification (especially useful for bypass flows) | Markus Friedl |
2007-05-10 | Do not crash when lists include the "any" keyword. Reported by | Hans-Joerg Hoexer |
2007-03-16 | move autodetection of the ID type to the parser. this way the | Markus Friedl |
2007-02-26 | Really, we don't need two grp18's ;-) | Todd T. Fries |
2007-02-19 | Bits for ESP+NULL encryption. This is useful, when AH can not be | Hans-Joerg Hoexer |
2007-02-19 | undo previous commit and keep the original behaviour of the parser. | Hans-Joerg Hoexer |
2007-02-16 | Do not accept '\n' in quoted strings. Addresses issues noticed by | Hans-Joerg Hoexer |
2007-01-10 | allow rule if there is at least _one_ matching address family combination. | Markus Friedl |
2007-01-04 | don't pass -1 as a netmask; report vicviq at gmail.com | Markus Friedl |
2007-01-02 | better support for IPv6 hostname/numeric representation. | Jun-ichiro itojun Hagino |
2006-11-24 | add support to tag ipsec traffic belonging to specific IKE-initiated | Reyk Floeter |
2006-11-13 | Handle rules with addresses from mismatched address families correctly. | Ryan Thomas McBride |
2006-11-10 | check both rule sourace and destination when grouping sa's | Mathieu Sauve-Frankel |
2006-11-10 | Do not count sa, ike and tcpmd5 rules twice. Fixes PR 5263. | Hans-Joerg Hoexer |
2006-11-01 | Add support for aggressive mode (from the k2k6 IPsec hackathon). | Ryan Thomas McBride |
2006-09-22 | typo in err(); from bret.lambert@gmail.com, thanks! | Hans-Joerg Hoexer |
2006-06-18 | add group "none"; when choosen, pfs will be disabled. | Hans-Joerg Hoexer |
2006-06-16 | report the correct line number on an error. Noticed by david@ | Hans-Joerg Hoexer |
2006-06-11 | As naddy@ pointed out RFC 3686 discourages use of AESCTR for static | Hans-Joerg Hoexer |
2006-06-10 | Better error message when a key file can not be opened or the provided key is | Hans-Joerg Hoexer |
2006-06-10 | knf & careful data freeing, regression tested by todd | Theo de Raadt |
2006-06-08 | fix some indentation, noticed by david@ | Hans-Joerg Hoexer |
2006-06-08 | Add a transport mode specifier to ike rules. Tunnel mode remains the default. | Christian Weisgerber |
2006-06-08 | turns out this really doesn't break what is in the tree; ok hshoexer@ | Todd T. Fries |
2006-06-07 | make sure, we initialize unspecified keys and spis. Noticed by | Hans-Joerg Hoexer |
2006-06-07 | Do not yet expand the "any" keyword to v6 addresses. ok todd@ | Hans-Joerg Hoexer |
2006-06-07 | remove unused prototype, ok todd@ | Hans-Joerg Hoexer |
2006-06-02 | support tcp/udp port modifiers in ike rules | Christian Weisgerber |
2006-06-02 | allow to specify phase 1 and 2 lifetimes. Right now, these values | Hans-Joerg Hoexer |
2006-06-02 | simplify handling of peers. | Hans-Joerg Hoexer |