summaryrefslogtreecommitdiff
path: root/sbin/ipsecctl
AgeCommit message (Expand)Author
2006-05-29enable lists.Hans-Joerg Hoexer
2006-05-29Need protoype for ipsecctl_free_rule(). While around clean upHans-Joerg Hoexer
2006-05-29Provide functions for copying members of rules. Implement copyrule()Hans-Joerg Hoexer
2006-05-29add ipsecctl_free_rule() for cleaning up rules.Hans-Joerg Hoexer
2006-05-29unify code a little bit (consistent variable names).Hans-Joerg Hoexer
2006-05-29Also return proper list of addresses for interface groups.Hans-Joerg Hoexer
2006-05-29As the rule expansion is now aware of host lists, host_if() has toHans-Joerg Hoexer
2006-05-29teach expand_rule() to iterate over host lists, not used yet.Hans-Joerg Hoexer
2006-05-29fix rule numbering (for -vv)Hans-Joerg Hoexer
2006-05-29merge expand_sa() and expand_rule().Hans-Joerg Hoexer
2006-05-29move generation of reverse flow rules to seperat function.Hans-Joerg Hoexer
2006-05-29unify expansion of SA rules. Needed for general rule expansion.Hans-Joerg Hoexer
2006-05-28when parsing host specifications, initialize host address queue pointers, notHans-Joerg Hoexer
2006-05-28prepare for rule expansion. Get rid of addr_node, link structHans-Joerg Hoexer
2006-05-28kill trainling whitespaceHans-Joerg Hoexer
2006-05-28whoops, undo last commit. Of course, set_ipmask() is needed...Hans-Joerg Hoexer
2006-05-28this one not needed yet.Hans-Joerg Hoexer
2006-05-28fill in AF_INET6 casesTodd T. Fries
2006-05-28matching brackets are usefulTodd T. Fries
2006-05-28missing `Ar';Jason McIntyre
2006-05-28add ERANGE error detection, found when looking at bgpd's parse.yTodd T. Fries
2006-05-27Adresses can be specified in CIDR notation, as symbolic host names, interfaceHans-Joerg Hoexer
2006-05-27allow to specify groups to be used IKEHans-Joerg Hoexer
2006-05-26vpn.8 removal;Jason McIntyre
2006-05-26\<char> is <char> except for \<newline> -- no exceptions. much like howTheo de Raadt
2006-05-18paramter -> parameterMiod Vallat
2006-05-15permit proto 0; ok hshoexerTheo de Raadt
2006-05-15delete weird CTheo de Raadt
2006-05-11fix some spelling; noticed by david@Hans-Joerg Hoexer
2006-04-20constify char *infile here, too. noticed by lint.Hans-Joerg Hoexer
2006-04-19add support for interface groups.Hans-Joerg Hoexer
2006-04-19small cleanup: no need to strdup here.Hans-Joerg Hoexer
2006-04-19"type" keyword to specify flow type (require, use, etc.)Hans-Joerg Hoexer
2006-04-19add hostname resolver.Hans-Joerg Hoexer
2006-04-13Add support for "local" to ike rules. Allows to specify the local IP to beHans-Joerg Hoexer
2006-04-12document that tunnel and transport mode can be specified for SAs.Hans-Joerg Hoexer
2006-03-31tweaks;Jason McIntyre
2006-03-31wenn dumping rules always show type, srcid and dstid (if set).Hans-Joerg Hoexer
2006-03-31allow do delete dynamic rulesHans-Joerg Hoexer
2006-03-31allow specification of encapsulated protocol for ike; ok hshoexerMarkus Friedl
2006-03-31allow specification of encapsulated protocol for flows; ok hshoexerMarkus Friedl
2006-03-31uppercase `ip';Jason McIntyre
2006-03-30when resolving interface names to ip adresses, set netmask to all bits 1Hans-Joerg Hoexer
2006-03-30allow specification of outer local ips in flows (SADB_EXT_ADDRESS_SRC); ok hs...Markus Friedl
2006-03-22add support for macros in ipsec.conf(5). some bits have already beenReyk Floeter
2006-03-20When being verbose while deleting ike rules (-dv), print deletions instead ofHans-Joerg Hoexer
2006-03-20When adding a connection, do not explicitly start that connectionHans-Joerg Hoexer
2006-03-07add support for special "bypass" and "deny" flows.Reyk Floeter
2006-03-07add an ike option for road warrior setups (hosts with dynamic ipReyk Floeter
2006-02-21The new default encryption algorithm for main mode is AES instead of 3DES.Hans-Joerg Hoexer
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-20 13:54:16 +0000