summaryrefslogtreecommitdiff
path: root/sbin/ipsecctl/parse.y
AgeCommit message (Expand)Author
2007-09-12Here too: Add support to the lex for parsing number out of the stream.Hans-Joerg Hoexer
2007-08-10duplicate strdup; ok hshoexerMarkus Friedl
2007-07-03allow proto esp/ah in flow specification (especially useful for bypass flows)Markus Friedl
2007-05-10Do not crash when lists include the "any" keyword. Reported byHans-Joerg Hoexer
2007-03-16move autodetection of the ID type to the parser. this way theMarkus Friedl
2007-02-26Really, we don't need two grp18's ;-)Todd T. Fries
2007-02-19Bits for ESP+NULL encryption. This is useful, when AH can not beHans-Joerg Hoexer
2007-02-19undo previous commit and keep the original behaviour of the parser.Hans-Joerg Hoexer
2007-02-16Do not accept '\n' in quoted strings. Addresses issues noticed byHans-Joerg Hoexer
2007-01-10allow rule if there is at least _one_ matching address family combination.Markus Friedl
2007-01-04don't pass -1 as a netmask; report vicviq at gmail.comMarkus Friedl
2007-01-02better support for IPv6 hostname/numeric representation.Jun-ichiro itojun Hagino
2006-11-24add support to tag ipsec traffic belonging to specific IKE-initiatedReyk Floeter
2006-11-13Handle rules with addresses from mismatched address families correctly.Ryan Thomas McBride
2006-11-10check both rule sourace and destination when grouping sa'sMathieu Sauve-Frankel
2006-11-10Do not count sa, ike and tcpmd5 rules twice. Fixes PR 5263.Hans-Joerg Hoexer
2006-11-01Add support for aggressive mode (from the k2k6 IPsec hackathon).Ryan Thomas McBride
2006-09-22typo in err(); from bret.lambert@gmail.com, thanks!Hans-Joerg Hoexer
2006-06-18add group "none"; when choosen, pfs will be disabled.Hans-Joerg Hoexer
2006-06-16report the correct line number on an error. Noticed by david@Hans-Joerg Hoexer
2006-06-11As naddy@ pointed out RFC 3686 discourages use of AESCTR for staticHans-Joerg Hoexer
2006-06-10Better error message when a key file can not be opened or the provided key isHans-Joerg Hoexer
2006-06-10knf & careful data freeing, regression tested by toddTheo de Raadt
2006-06-08fix some indentation, noticed by david@Hans-Joerg Hoexer
2006-06-08Add a transport mode specifier to ike rules. Tunnel mode remains the default.Christian Weisgerber
2006-06-08turns out this really doesn't break what is in the tree; ok hshoexer@Todd T. Fries
2006-06-07make sure, we initialize unspecified keys and spis. Noticed byHans-Joerg Hoexer
2006-06-07Do not yet expand the "any" keyword to v6 addresses. ok todd@Hans-Joerg Hoexer
2006-06-07remove unused prototype, ok todd@Hans-Joerg Hoexer
2006-06-02support tcp/udp port modifiers in ike rulesChristian Weisgerber
2006-06-02allow to specify phase 1 and 2 lifetimes. Right now, these valuesHans-Joerg Hoexer
2006-06-02simplify handling of peers.Hans-Joerg Hoexer
2006-06-02some more cleanup and simplification, no functional change.Hans-Joerg Hoexer
2006-06-02put src and dst host in dedicated structure. Make the API moreHans-Joerg Hoexer
2006-06-02Simplify main/quick mode parsing and generation of the actual ike config.Hans-Joerg Hoexer
2006-06-02Generalize parsing of main/quick mode specification. PreparationHans-Joerg Hoexer
2006-06-02Prepare for parsing lifetimes for ike main and quick mode. Not enabled yet.Hans-Joerg Hoexer
2006-06-01Final bits for SA grouping.Hans-Joerg Hoexer
2006-06-01Support flows with port modifiers for proto tcp/udp, e.g.Christian Weisgerber
2006-06-01print actual key size when warning about the wrong key size; ok hshoexerMarkus Friedl
2006-06-01spacingTheo de Raadt
2006-06-01knfHans-Joerg Hoexer
2006-06-01add more v6 support, this round `any' expands additionally to ::/0Todd T. Fries
2006-06-01When no peer is specified, make this rule a "catch-all" rule for any remoteHans-Joerg Hoexer
2006-05-31white spacesHans-Joerg Hoexer
2006-05-31add basicTodd T. Fries
2006-05-29enable lists.Hans-Joerg Hoexer
2006-05-29Provide functions for copying members of rules. Implement copyrule()Hans-Joerg Hoexer
2006-05-29unify code a little bit (consistent variable names).Hans-Joerg Hoexer
2006-05-29Also return proper list of addresses for interface groups.Hans-Joerg Hoexer