summaryrefslogtreecommitdiff
path: root/sbin/ipsecctl/parse.y
AgeCommit message (Expand)Author
2006-03-22add support for macros in ipsec.conf(5). some bits have already beenReyk Floeter
2006-03-07add support for special "bypass" and "deny" flows.Reyk Floeter
2006-03-07add an ike option for road warrior setups (hosts with dynamic ipReyk Floeter
2006-01-20initialize authtype->string in case of RSA to avoid bad free()Christian Weisgerber
2006-01-17wrap long lines (no binary change)Reyk Floeter
2006-01-16add support for pre-shared keys with "ike esp" using the new keywordReyk Floeter
2005-12-12Correctly copy interface names; fixes breakage noticed by naddy@Hans-Joerg Hoexer
2005-12-06ipip support: ip-in-ip w/o gif(4); ok hshoexerMarkus Friedl
2005-12-01spacingTheo de Raadt
2005-11-27sanity check constraints for transforms.Hans-Joerg Hoexer
2005-11-27truly permit auth/enc/comp expressions to be in any orderTheo de Raadt
2005-11-26allow specficiation of encryption and authentication algorithms to be swapped.Hans-Joerg Hoexer
2005-11-24Remove old-style keyed sha1/md5. We only support hmac-sha1/md5.Hans-Joerg Hoexer
2005-11-12spacingHans-Joerg Hoexer
2005-11-12add support for interface names as host specificationsHans-Joerg Hoexer
2005-11-12permit TO/FROM to be swapped (symmetry is good); ok hshoexermkTheo de Raadt
2005-11-12simplify TAILQ walking code; ok hshoexerTheo de Raadt
2005-11-12spacingTheo de Raadt
2005-11-12do not stat() before open(); instead -- use fstat(); ok hshoexerTheo de Raadt
2005-11-12handle transport/tunnel modeHans-Joerg Hoexer
2005-11-06Improved address and address mask handling, derived from pfctl stuff.Hans-Joerg Hoexer
2005-11-06better handling of ip addresses, prepare for v6. Partially derived from diffHans-Joerg Hoexer
2005-10-30prepare for more flexible hostname resolver. Right now just v4, more to comeHans-Joerg Hoexer
2005-10-30add support for ipcomp.Hans-Joerg Hoexer
2005-10-28more error message cleanupHans-Joerg Hoexer
2005-10-16Prepare for better host specification parser: dns names, interfaces, etc. ButHans-Joerg Hoexer
2005-10-16Unset debug flag.Hans-Joerg Hoexer
2005-10-16Add keyword "any" for addresses, reduces to "0.0.0.0/0".Hans-Joerg Hoexer
2005-10-16cleanup messages generated by err(3)Hans-Joerg Hoexer
2005-08-22Teach ipsecctl to control isakmpd.Hans-Joerg Hoexer
2005-08-19more useful error messageHans-Joerg Hoexer
2005-08-09Rewrite handling of transforms. Now both ah and esp can be specified andHans-Joerg Hoexer
2005-08-09Correct keysize for 3des-cbcHans-Joerg Hoexer
2005-08-08add crypto transforms and static keying rulesHans-Joerg Hoexer
2005-08-08prepare for static keyingHans-Joerg Hoexer
2005-08-05more key handling stuff.Hans-Joerg Hoexer
2005-08-05prepare for authentication and encryption keys, not used yet.Hans-Joerg Hoexer
2005-08-05simplify a bit.Hans-Joerg Hoexer
2005-08-02Make use of struct ipsec_auth dynamic.Hans-Joerg Hoexer
2005-07-24use correct function names in error messagesHans-Joerg Hoexer
2005-07-24prepare for combining SAs and flows in one single rule, no functional changeHans-Joerg Hoexer
2005-07-23add automatic creation of reverse SAs.Hans-Joerg Hoexer
2005-07-23prepare for specifying both in and out key, not used yet.Hans-Joerg Hoexer
2005-07-23prepare for specifying incoming and outgoing SPIs, not used yet.Hans-Joerg Hoexer
2005-07-10allow reading key from a fileHans-Joerg Hoexer
2005-07-09it's ok to not specify the key when deleting a tcpmd5 SAHans-Joerg Hoexer
2005-07-09add support tcpmd5Hans-Joerg Hoexer
2005-07-07set flow type (use, require, etc.) when a rule is created. Up to now this wasHans-Joerg Hoexer
2005-07-07add type for rules; will need this for tcpmd5Hans-Joerg Hoexer
2005-05-25do not swap srcid/dstid for INOUT rules.Hans-Joerg Hoexer