| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2006-06-01 | pfkey bits needed for SA grouping | Hans-Joerg Hoexer | |
| 2006-06-01 | address has two `d', and i had to use a dictionary to check ;) | Jason McIntyre | |
| 2006-06-01 | document port matching in flows; ok hshoexer@ | Christian Weisgerber | |
| 2006-06-01 | change the local-ID section name to always be unique as we may want to use ↵ | Mathieu Sauve-Frankel | |
| more than one ISAKMP ID on the local peer. ok hshoexer@ | |||
| 2006-06-01 | Support flows with port modifiers for proto tcp/udp, e.g. | Christian Weisgerber | |
| flow proto udp from 1.2.3.4 port ntp to 5.6.7.8 ok hshoexer@ msf@ | |||
| 2006-06-01 | more to free, needed for SA grouping. | Hans-Joerg Hoexer | |
| 2006-06-01 | convert pfkey to ipsec_rule and use ipsecctl_print_rule() when dumping | Markus Friedl | |
| the in-kernel SAs. this way we produce the same output as rule loading ok hshoexer | |||
| 2006-06-01 | Add members dst2, proto2 and spi2 to struct ipsec_rule and define | Hans-Joerg Hoexer | |
| rule type "group". Needed for grouping. | |||
| 2006-06-01 | Prepare for SA grouping. | Hans-Joerg Hoexer | |
| 2006-06-01 | print actual key size when warning about the wrong key size; ok hshoexer | Markus Friedl | |
| 2006-06-01 | read the full reply from PFKEY even if sadb_errno is set; ok hshoexer | Markus Friedl | |
| 2006-06-01 | spacing | Theo de Raadt | |
| 2006-06-01 | knf | Hans-Joerg Hoexer | |
| 2006-06-01 | correct error messages to match calloc where appropriate | Todd T. Fries | |
| ok hshoexer@ | |||
| 2006-06-01 | permit feeding isakmpd.fifo IPv6 addresses | Todd T. Fries | |
| ok hshoexer@ | |||
| 2006-06-01 | knf | Hans-Joerg Hoexer | |
| 2006-06-01 | add more v6 support, this round `any' expands additionally to ::/0 | Todd T. Fries | |
| skip link-locals for now, to be handled separately later ok hshoexer@ | |||
| 2006-06-01 | rename list link for ipsec_rule structures from "entries" to "rule_entry". | Hans-Joerg Hoexer | |
| 2006-06-01 | When no peer is specified, make this rule a "catch-all" rule for any remote | Hans-Joerg Hoexer | |
| peer. Similar to isakmpd(8)s "Default=" tag. | |||
| 2006-06-01 | Generate correct configuration for default peers. | Hans-Joerg Hoexer | |
| 2006-05-31 | white spaces | Hans-Joerg Hoexer | |
| 2006-05-31 | add basic | Todd T. Fries | |
| - IPv6 parsing for only v6 host addresses - checks for dst <-> src address family sanity ok hshoexer@ | |||
| 2006-05-31 | add a little markup; | Jason McIntyre | |
| 2006-05-31 | whitespace cleanup | Hans-Joerg Hoexer | |
| 2006-05-31 | shuffle some newlines to make all the formatting work again | Mathieu Sauve-Frankel | |
| ok hshoexer@ | |||
| 2006-05-31 | Small function header knf. | Hans-Joerg Hoexer | |
| 2006-05-31 | Prepare for handling unnamed remote peers. | Hans-Joerg Hoexer | |
| 2006-05-30 | implement monitor mode for ipsecctl. worked on with markus@ | Mathieu Sauve-Frankel | |
| ok hshoexer@ | |||
| 2006-05-29 | enable lists. | Hans-Joerg Hoexer | |
| This allows rules like: ike from em0 to { 192.168.7.0/24, 192.168.9.0/24 } peer 1.2.3.4 This will setup two tunnels to the networks 192.168.7.0/24 and 192.168.9.0/24. | |||
| 2006-05-29 | Need protoype for ipsecctl_free_rule(). While around clean up | Hans-Joerg Hoexer | |
| prototype for ipsecctl_add_rule. | |||
| 2006-05-29 | Provide functions for copying members of rules. Implement copyrule() | Hans-Joerg Hoexer | |
| function to copy a single rule. Use that for rule expansion. | |||
| 2006-05-29 | add ipsecctl_free_rule() for cleaning up rules. | Hans-Joerg Hoexer | |
| 2006-05-29 | unify code a little bit (consistent variable names). | Hans-Joerg Hoexer | |
| 2006-05-29 | Also return proper list of addresses for interface groups. | Hans-Joerg Hoexer | |
| As usual, this and the previous commit reused suitable code from the tree (pfctl). | |||
| 2006-05-29 | As the rule expansion is now aware of host lists, host_if() has to | Hans-Joerg Hoexer | |
| return a proper list of addresses bound to an interface. | |||
| 2006-05-29 | teach expand_rule() to iterate over host lists, not used yet. | Hans-Joerg Hoexer | |
| 2006-05-29 | fix rule numbering (for -vv) | Hans-Joerg Hoexer | |
| late ikerule also use expand_rule | |||
| 2006-05-29 | merge expand_sa() and expand_rule(). | Hans-Joerg Hoexer | |
| 2006-05-29 | move generation of reverse flow rules to seperat function. | Hans-Joerg Hoexer | |
| 2006-05-29 | unify expansion of SA rules. Needed for general rule expansion. | Hans-Joerg Hoexer | |
| 2006-05-28 | when parsing host specifications, initialize host address queue pointers, not | Hans-Joerg Hoexer | |
| used yet. | |||
| 2006-05-28 | prepare for rule expansion. Get rid of addr_node, link struct | Hans-Joerg Hoexer | |
| ipsec_addr_wrap directly. | |||
| 2006-05-28 | kill trainling whitespace | Hans-Joerg Hoexer | |
| 2006-05-28 | whoops, undo last commit. Of course, set_ipmask() is needed... | Hans-Joerg Hoexer | |
| 2006-05-28 | this one not needed yet. | Hans-Joerg Hoexer | |
| 2006-05-28 | fill in AF_INET6 cases | Todd T. Fries | |
| this does not complete v6 support for ipsecctl, but makes progress ok hshoexer@ | |||
| 2006-05-28 | matching brackets are useful | Todd T. Fries | |
| ok dlg@ | |||
| 2006-05-28 | missing `Ar'; | Jason McIntyre | |
| 2006-05-28 | add ERANGE error detection, found when looking at bgpd's parse.y | Todd T. Fries | |
| ok hshoexer@ | |||
| 2006-05-27 | Adresses can be specified in CIDR notation, as symbolic host names, interface | Hans-Joerg Hoexer | |
| names or interface group names. So it's time to document this... | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |