| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2006-06-18 | add group "none"; when choosen, pfs will be disabled. | Hans-Joerg Hoexer | |
| ok david msf | |||
| 2006-06-16 | report the correct line number on an error. Noticed by david@ | Hans-Joerg Hoexer | |
| 2006-06-11 | As naddy@ pointed out RFC 3686 discourages use of AESCTR for static | Hans-Joerg Hoexer | |
| keying. markus@ seconds this, so use AES CBC as default. ok naddy@ | |||
| 2006-06-10 | Better error message when a key file can not be opened or the provided key is | Hans-Joerg Hoexer | |
| not of correct size. Suggested by david@ | |||
| 2006-06-10 | knf & careful data freeing, regression tested by todd | Theo de Raadt | |
| 2006-06-08 | fix some indentation, noticed by david@ | Hans-Joerg Hoexer | |
| 2006-06-08 | Add a transport mode specifier to ike rules. Tunnel mode remains the default. | Christian Weisgerber | |
| "looks right" hshoexer@ | |||
| 2006-06-08 | turns out this really doesn't break what is in the tree; ok hshoexer@ | Todd T. Fries | |
| 2006-06-07 | make sure, we initialize unspecified keys and spis. Noticed by | Hans-Joerg Hoexer | |
| naddy@, ok naddy@. | |||
| 2006-06-07 | Do not yet expand the "any" keyword to v6 addresses. ok todd@ | Hans-Joerg Hoexer | |
| 2006-06-07 | remove unused prototype, ok todd@ | Hans-Joerg Hoexer | |
| 2006-06-02 | support tcp/udp port modifiers in ike rules | Christian Weisgerber | |
| "put it in if it doesn't break regress" hshoexer@ | |||
| 2006-06-02 | allow to specify phase 1 and 2 lifetimes. Right now, these values | Hans-Joerg Hoexer | |
| can only be set globally (ie. Default-phase-[12]-lifetime). | |||
| 2006-06-02 | simplify handling of peers. | Hans-Joerg Hoexer | |
| 2006-06-02 | some more cleanup and simplification, no functional change. | Hans-Joerg Hoexer | |
| 2006-06-02 | put src and dst host in dedicated structure. Make the API more | Hans-Joerg Hoexer | |
| compact which will soon simplify my life. | |||
| 2006-06-02 | Simplify main/quick mode parsing and generation of the actual ike config. | Hans-Joerg Hoexer | |
| 2006-06-02 | Generalize parsing of main/quick mode specification. Preparation | Hans-Joerg Hoexer | |
| for lifetime support. | |||
| 2006-06-02 | Prepare for parsing lifetimes for ike main and quick mode. Not enabled yet. | Hans-Joerg Hoexer | |
| 2006-06-01 | Final bits for SA grouping. | Hans-Joerg Hoexer | |
| 2006-06-01 | Support flows with port modifiers for proto tcp/udp, e.g. | Christian Weisgerber | |
| flow proto udp from 1.2.3.4 port ntp to 5.6.7.8 ok hshoexer@ msf@ | |||
| 2006-06-01 | print actual key size when warning about the wrong key size; ok hshoexer | Markus Friedl | |
| 2006-06-01 | spacing | Theo de Raadt | |
| 2006-06-01 | knf | Hans-Joerg Hoexer | |
| 2006-06-01 | add more v6 support, this round `any' expands additionally to ::/0 | Todd T. Fries | |
| skip link-locals for now, to be handled separately later ok hshoexer@ | |||
| 2006-06-01 | When no peer is specified, make this rule a "catch-all" rule for any remote | Hans-Joerg Hoexer | |
| peer. Similar to isakmpd(8)s "Default=" tag. | |||
| 2006-05-31 | white spaces | Hans-Joerg Hoexer | |
| 2006-05-31 | add basic | Todd T. Fries | |
| - IPv6 parsing for only v6 host addresses - checks for dst <-> src address family sanity ok hshoexer@ | |||
| 2006-05-29 | enable lists. | Hans-Joerg Hoexer | |
| This allows rules like: ike from em0 to { 192.168.7.0/24, 192.168.9.0/24 } peer 1.2.3.4 This will setup two tunnels to the networks 192.168.7.0/24 and 192.168.9.0/24. | |||
| 2006-05-29 | Provide functions for copying members of rules. Implement copyrule() | Hans-Joerg Hoexer | |
| function to copy a single rule. Use that for rule expansion. | |||
| 2006-05-29 | unify code a little bit (consistent variable names). | Hans-Joerg Hoexer | |
| 2006-05-29 | Also return proper list of addresses for interface groups. | Hans-Joerg Hoexer | |
| As usual, this and the previous commit reused suitable code from the tree (pfctl). | |||
| 2006-05-29 | As the rule expansion is now aware of host lists, host_if() has to | Hans-Joerg Hoexer | |
| return a proper list of addresses bound to an interface. | |||
| 2006-05-29 | teach expand_rule() to iterate over host lists, not used yet. | Hans-Joerg Hoexer | |
| 2006-05-29 | fix rule numbering (for -vv) | Hans-Joerg Hoexer | |
| late ikerule also use expand_rule | |||
| 2006-05-29 | merge expand_sa() and expand_rule(). | Hans-Joerg Hoexer | |
| 2006-05-29 | move generation of reverse flow rules to seperat function. | Hans-Joerg Hoexer | |
| 2006-05-29 | unify expansion of SA rules. Needed for general rule expansion. | Hans-Joerg Hoexer | |
| 2006-05-28 | when parsing host specifications, initialize host address queue pointers, not | Hans-Joerg Hoexer | |
| used yet. | |||
| 2006-05-28 | prepare for rule expansion. Get rid of addr_node, link struct | Hans-Joerg Hoexer | |
| ipsec_addr_wrap directly. | |||
| 2006-05-28 | add ERANGE error detection, found when looking at bgpd's parse.y | Todd T. Fries | |
| ok hshoexer@ | |||
| 2006-05-27 | allow to specify groups to be used IKE | Hans-Joerg Hoexer | |
| 2006-05-26 | \<char> is <char> except for \<newline> -- no exceptions. much like how | Theo de Raadt | |
| other things work. ok henning | |||
| 2006-05-15 | permit proto 0; ok hshoexer | Theo de Raadt | |
| 2006-05-11 | fix some spelling; noticed by david@ | Hans-Joerg Hoexer | |
| 2006-04-20 | constify char *infile here, too. noticed by lint. | Hans-Joerg Hoexer | |
| 2006-04-19 | add support for interface groups. | Hans-Joerg Hoexer | |
| 2006-04-19 | small cleanup: no need to strdup here. | Hans-Joerg Hoexer | |
| 2006-04-19 | "type" keyword to specify flow type (require, use, etc.) | Hans-Joerg Hoexer | |
| 2006-04-19 | add hostname resolver. | Hans-Joerg Hoexer | |
| at least some eyeballing by cloder@ tested by jean raby, requested/suggested by rod withworth | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |