| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2007-11-12 | Remove space/tab compression function from lgetc() and replace | Marco Pfatschbacher | |
| it with a simple filter in the yylex() loop. The compression in lgetc() didn't happen for quoted strings, thus creating a regression when tabs were used in variables. Some testing by todd@ and pyr@ OK deraadt@ | |||
| 2007-10-22 | sync with daemon parser code. | Pierre-Yves Ritschard | |
| ok deraadt@ | |||
| 2007-10-16 | Allow '=' to end a number in all lexers. | Marco Pfatschbacher | |
| Requested and OK deraadt@ | |||
| 2007-10-16 | in the lex... even inside quotes, a \ followed by space or tab should | Theo de Raadt | |
| expand to space or tab, and a \ followed by newline should be ignored (as a line continuation). compatible with the needs of hoststated (which has the most strict quoted string requirements), and ifstated (where one commonly does line continuations in strings). pointed out by mpf, discussed with pyr | |||
| 2007-10-13 | in all these programs using the same pfctl-derived parse.y, re-unify the | Theo de Raadt | |
| yylex implementation and the code which interacts with yylex. this also brings the future potential for include support to all of the parsers. in the future please do not silly modifications to one of these files without checking if you are de-unifying the code. checked by developers in all these areas. | |||
| 2007-10-11 | next step in the yylex unification: handle quoted strings in a nicer fashion | Theo de Raadt | |
| as found in hoststated, and make all the code diff as clean as possible. a few issues remain mostly surrounding include support, which will likely be added to more of the grammers soon. ok norby pyr, others | |||
| 2007-09-12 | Here too: Add support to the lex for parsing number out of the stream. | Hans-Joerg Hoexer | |
| handle this in the parser. better range checks. with and ok deraadt@ | |||
| 2007-08-10 | duplicate strdup; ok hshoexer | Markus Friedl | |
| 2007-07-03 | allow proto esp/ah in flow specification (especially useful for bypass flows) | Markus Friedl | |
| ok hshoexer, mpf | |||
| 2007-05-10 | Do not crash when lists include the "any" keyword. Reported by | Hans-Joerg Hoexer | |
| <ralf.horstmann at gmx.net>, thanks! Slightly different fix. Also add a regression test. ok mpf@ | |||
| 2007-03-16 | move autodetection of the ID type to the parser. this way the | Markus Friedl | |
| static flows have the correct ID, too. ok hshoexer, reyk | |||
| 2007-02-26 | Really, we don't need two grp18's ;-) | Todd T. Fries | |
| ok hshoexer@ and markus@ | |||
| 2007-02-19 | Bits for ESP+NULL encryption. This is useful, when AH can not be | Hans-Joerg Hoexer | |
| used (when being behind NAT). With Martin Hedenfalk <martin.hedenfalk at gmail.com>, thanks! ok markus@ | |||
| 2007-02-19 | undo previous commit and keep the original behaviour of the parser. | Hans-Joerg Hoexer | |
| asked for by deraadt@ | |||
| 2007-02-16 | Do not accept '\n' in quoted strings. Addresses issues noticed by | Hans-Joerg Hoexer | |
| Prabhu Gurumurthy <pgurumu () gmail ! com> (http://marc.theaimsgroup.com/?l=openbsd-misc&m=116060233106902&w=2), thanks! ok markus@ cloder@ (uhm, quite some time ago) | |||
| 2007-01-10 | allow rule if there is at least _one_ matching address family combination. | Markus Friedl | |
| this allows 'flow from lo0 to 127.0.0.1' if lo0 has an ipv6 address. ok itojun@, hshoexer@ | |||
| 2007-01-04 | don't pass -1 as a netmask; report vicviq at gmail.com | Markus Friedl | |
| 2007-01-02 | better support for IPv6 hostname/numeric representation. | Jun-ichiro itojun Hagino | |
| hostname/prefixlen works only for IPv4-only hostname. markus ok (regress tested) | |||
| 2006-11-24 | add support to tag ipsec traffic belonging to specific IKE-initiated | Reyk Floeter | |
| phase 2 traffic. this allows policy-based filtering of encrypted and unencrypted ipsec traffic with pf(4). see ipsec.conf(5) and isakmpd.conf(5) for details and examples. this is work in progress and still needs some testing and feedback, but it is safe to put it in now. ok hshoexer@ | |||
| 2006-11-13 | Handle rules with addresses from mismatched address families correctly. | Ryan Thomas McBride | |
| ok msf@ | |||
| 2006-11-10 | check both rule sourace and destination when grouping sa's | Mathieu Sauve-Frankel | |
| fixes PR5262 ok hshoexer@ | |||
| 2006-11-10 | Do not count sa, ike and tcpmd5 rules twice. Fixes PR 5263. | Hans-Joerg Hoexer | |
| 2006-11-01 | Add support for aggressive mode (from the k2k6 IPsec hackathon). | Ryan Thomas McBride | |
| ok hshoexer | |||
| 2006-09-22 | typo in err(); from bret.lambert@gmail.com, thanks! | Hans-Joerg Hoexer | |
| 2006-06-18 | add group "none"; when choosen, pfs will be disabled. | Hans-Joerg Hoexer | |
| ok david msf | |||
| 2006-06-16 | report the correct line number on an error. Noticed by david@ | Hans-Joerg Hoexer | |
| 2006-06-11 | As naddy@ pointed out RFC 3686 discourages use of AESCTR for static | Hans-Joerg Hoexer | |
| keying. markus@ seconds this, so use AES CBC as default. ok naddy@ | |||
| 2006-06-10 | Better error message when a key file can not be opened or the provided key is | Hans-Joerg Hoexer | |
| not of correct size. Suggested by david@ | |||
| 2006-06-10 | knf & careful data freeing, regression tested by todd | Theo de Raadt | |
| 2006-06-08 | fix some indentation, noticed by david@ | Hans-Joerg Hoexer | |
| 2006-06-08 | Add a transport mode specifier to ike rules. Tunnel mode remains the default. | Christian Weisgerber | |
| "looks right" hshoexer@ | |||
| 2006-06-08 | turns out this really doesn't break what is in the tree; ok hshoexer@ | Todd T. Fries | |
| 2006-06-07 | make sure, we initialize unspecified keys and spis. Noticed by | Hans-Joerg Hoexer | |
| naddy@, ok naddy@. | |||
| 2006-06-07 | Do not yet expand the "any" keyword to v6 addresses. ok todd@ | Hans-Joerg Hoexer | |
| 2006-06-07 | remove unused prototype, ok todd@ | Hans-Joerg Hoexer | |
| 2006-06-02 | support tcp/udp port modifiers in ike rules | Christian Weisgerber | |
| "put it in if it doesn't break regress" hshoexer@ | |||
| 2006-06-02 | allow to specify phase 1 and 2 lifetimes. Right now, these values | Hans-Joerg Hoexer | |
| can only be set globally (ie. Default-phase-[12]-lifetime). | |||
| 2006-06-02 | simplify handling of peers. | Hans-Joerg Hoexer | |
| 2006-06-02 | some more cleanup and simplification, no functional change. | Hans-Joerg Hoexer | |
| 2006-06-02 | put src and dst host in dedicated structure. Make the API more | Hans-Joerg Hoexer | |
| compact which will soon simplify my life. | |||
| 2006-06-02 | Simplify main/quick mode parsing and generation of the actual ike config. | Hans-Joerg Hoexer | |
| 2006-06-02 | Generalize parsing of main/quick mode specification. Preparation | Hans-Joerg Hoexer | |
| for lifetime support. | |||
| 2006-06-02 | Prepare for parsing lifetimes for ike main and quick mode. Not enabled yet. | Hans-Joerg Hoexer | |
| 2006-06-01 | Final bits for SA grouping. | Hans-Joerg Hoexer | |
| 2006-06-01 | Support flows with port modifiers for proto tcp/udp, e.g. | Christian Weisgerber | |
| flow proto udp from 1.2.3.4 port ntp to 5.6.7.8 ok hshoexer@ msf@ | |||
| 2006-06-01 | print actual key size when warning about the wrong key size; ok hshoexer | Markus Friedl | |
| 2006-06-01 | spacing | Theo de Raadt | |
| 2006-06-01 | knf | Hans-Joerg Hoexer | |
| 2006-06-01 | add more v6 support, this round `any' expands additionally to ::/0 | Todd T. Fries | |
| skip link-locals for now, to be handled separately later ok hshoexer@ | |||
| 2006-06-01 | When no peer is specified, make this rule a "catch-all" rule for any remote | Hans-Joerg Hoexer | |
| peer. Similar to isakmpd(8)s "Default=" tag. | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |