summaryrefslogtreecommitdiff
path: root/sbin/ipsecctl/parse.y
AgeCommit message (Expand)Author
2011-07-06For non-crypted flows (such as ipcomp and ipip), default theirTheo de Raadt
2010-10-06Retire SkipjackMike Belopuhov
2010-09-22Support AES-GCM-16 (as aes-gcm) and ENCR_NULL_AUTH_AES_GMACMike Belopuhov
2010-08-03fix linecount bug with comments spanning multiple linesHenning Brauer
2010-05-10Various comment typos. 'wether' -> 'whether' (most popular), 'possiblity' ->Kenneth R Westerback
2009-08-04Specify an ID-type of IPV4_ADDR or IPV6_ADDR if the srcid or dstid isJoel Sing
2009-03-31Fixed memory leaks which would occur if the second of two memoryTobias Stoeckmann
2009-01-30If the "peer" address is not specified or derived from "to" forAlexander Bluhm
2009-01-29After checking that peer == NULL do not assign peer = NULL a fewAlexander Bluhm
2009-01-28Allow to specify ike and flow explicitly without peer. The anyAlexander Bluhm
2009-01-20Add support to isakmpd(8) and ipsecctl(8) to install SA's with aMarco Pfatschbacher
2008-11-14When parsing v4 addresses mark them as network addressesHans-Joerg Hoexer
2008-10-17findeol() fix from pfctlHenning Brauer
2008-07-01If a rules contains a hostname instead of an address, use the listAlexander Bluhm
2008-07-01If multiple to addresses but no peer are given in an ike or flowAlexander Bluhm
2008-06-14Move ike and flow peer selection to common function.Alexander Bluhm
2008-06-11trivial code simplificationAlexander Bluhm
2008-04-11add support for the "include" directive using code from pfctl/parse.y.Reyk Floeter
2008-02-22Support for specifying aes-{128,192,256}. Originial idea by PrabhuHans-Joerg Hoexer
2007-11-12Remove space/tab compression function from lgetc() and replaceMarco Pfatschbacher
2007-10-22sync with daemon parser code.Pierre-Yves Ritschard
2007-10-16Allow '=' to end a number in all lexers.Marco Pfatschbacher
2007-10-16in the lex... even inside quotes, a \ followed by space or tab shouldTheo de Raadt
2007-10-13in all these programs using the same pfctl-derived parse.y, re-unify theTheo de Raadt
2007-10-11next step in the yylex unification: handle quoted strings in a nicer fashionTheo de Raadt
2007-09-12Here too: Add support to the lex for parsing number out of the stream.Hans-Joerg Hoexer
2007-08-10duplicate strdup; ok hshoexerMarkus Friedl
2007-07-03allow proto esp/ah in flow specification (especially useful for bypass flows)Markus Friedl
2007-05-10Do not crash when lists include the "any" keyword. Reported byHans-Joerg Hoexer
2007-03-16move autodetection of the ID type to the parser. this way theMarkus Friedl
2007-02-26Really, we don't need two grp18's ;-)Todd T. Fries
2007-02-19Bits for ESP+NULL encryption. This is useful, when AH can not beHans-Joerg Hoexer
2007-02-19undo previous commit and keep the original behaviour of the parser.Hans-Joerg Hoexer
2007-02-16Do not accept '\n' in quoted strings. Addresses issues noticed byHans-Joerg Hoexer
2007-01-10allow rule if there is at least _one_ matching address family combination.Markus Friedl
2007-01-04don't pass -1 as a netmask; report vicviq at gmail.comMarkus Friedl
2007-01-02better support for IPv6 hostname/numeric representation.Jun-ichiro itojun Hagino
2006-11-24add support to tag ipsec traffic belonging to specific IKE-initiatedReyk Floeter
2006-11-13Handle rules with addresses from mismatched address families correctly.Ryan Thomas McBride
2006-11-10check both rule sourace and destination when grouping sa'sMathieu Sauve-Frankel
2006-11-10Do not count sa, ike and tcpmd5 rules twice. Fixes PR 5263.Hans-Joerg Hoexer
2006-11-01Add support for aggressive mode (from the k2k6 IPsec hackathon).Ryan Thomas McBride
2006-09-22typo in err(); from bret.lambert@gmail.com, thanks!Hans-Joerg Hoexer
2006-06-18add group "none"; when choosen, pfs will be disabled.Hans-Joerg Hoexer
2006-06-16report the correct line number on an error. Noticed by david@Hans-Joerg Hoexer
2006-06-11As naddy@ pointed out RFC 3686 discourages use of AESCTR for staticHans-Joerg Hoexer
2006-06-10Better error message when a key file can not be opened or the provided key isHans-Joerg Hoexer
2006-06-10knf & careful data freeing, regression tested by toddTheo de Raadt
2006-06-08fix some indentation, noticed by david@Hans-Joerg Hoexer
2006-06-08Add a transport mode specifier to ike rules. Tunnel mode remains the default.Christian Weisgerber