Age | Commit message (Collapse) | Author | |
---|---|---|---|
2008-02-22 | Support for specifying aes-{128,192,256}. Originial idea by Prabhu | Hans-Joerg Hoexer | |
Gurumurthy, tweaks and commit-ready diff by Mitja Muzenic! Thanks guys! ok todd@ | |||
2008-02-12 | document modifier types; requested by Aurelien | Jason McIntyre | |
text from ipsecadm(8), hshoexer, and myself | |||
2008-01-04 | Strip off trailing '/32' when address type is IPV4_ADDR as isakmpd does | Hans-Joerg Hoexer | |
not accept the trailing '/32'. Diff from Mitja Muzenic <mitja@muzenic.net>, thanks! | |||
2007-11-12 | Remove space/tab compression function from lgetc() and replace | Marco Pfatschbacher | |
it with a simple filter in the yylex() loop. The compression in lgetc() didn't happen for quoted strings, thus creating a regression when tabs were used in variables. Some testing by todd@ and pyr@ OK deraadt@ | |||
2007-10-22 | sync with daemon parser code. | Pierre-Yves Ritschard | |
ok deraadt@ | |||
2007-10-16 | Allow '=' to end a number in all lexers. | Marco Pfatschbacher | |
Requested and OK deraadt@ | |||
2007-10-16 | in the lex... even inside quotes, a \ followed by space or tab should | Theo de Raadt | |
expand to space or tab, and a \ followed by newline should be ignored (as a line continuation). compatible with the needs of hoststated (which has the most strict quoted string requirements), and ifstated (where one commonly does line continuations in strings). pointed out by mpf, discussed with pyr | |||
2007-10-13 | in all these programs using the same pfctl-derived parse.y, re-unify the | Theo de Raadt | |
yylex implementation and the code which interacts with yylex. this also brings the future potential for include support to all of the parsers. in the future please do not silly modifications to one of these files without checking if you are de-unifying the code. checked by developers in all these areas. | |||
2007-10-11 | next step in the yylex unification: handle quoted strings in a nicer fashion | Theo de Raadt | |
as found in hoststated, and make all the code diff as clean as possible. a few issues remain mostly surrounding include support, which will likely be added to more of the grammers soon. ok norby pyr, others | |||
2007-09-17 | Document the syntax used with manual SAs for automatic creation | Stuart Henderson | |
of the SA matching return traffic; it was already there for spi but not authkey/enckey (all 3 are required). assistance and ok from jmc@ | |||
2007-09-12 | Here too: Add support to the lex for parsing number out of the stream. | Hans-Joerg Hoexer | |
handle this in the parser. better range checks. with and ok deraadt@ | |||
2007-08-21 | no need to include both sys/types.h and params.h | Hans-Joerg Hoexer | |
2007-08-10 | duplicate strdup; ok hshoexer | Markus Friedl | |
2007-07-03 | allow proto esp/ah in flow specification (especially useful for bypass flows) | Markus Friedl | |
ok hshoexer, mpf | |||
2007-05-31 | convert to new .Dd format; | Jason McIntyre | |
2007-05-10 | Do not crash when lists include the "any" keyword. Reported by | Hans-Joerg Hoexer | |
<ralf.horstmann at gmx.net>, thanks! Slightly different fix. Also add a regression test. ok mpf@ | |||
2007-03-16 | move autodetection of the ID type to the parser. this way the | Markus Friedl | |
static flows have the correct ID, too. ok hshoexer, reyk | |||
2007-03-06 | Explain, why aesctr has 160 bit keys (128 bit aes key + 32 bit nonce). | Hans-Joerg Hoexer | |
ok jmc@ | |||
2007-02-26 | Really, we don't need two grp18's ;-) | Todd T. Fries | |
ok hshoexer@ and markus@ | |||
2007-02-19 | tweak; | Jason McIntyre | |
2007-02-19 | Document NULL encryption. | Hans-Joerg Hoexer | |
2007-02-19 | Bits for ESP+NULL encryption. This is useful, when AH can not be | Hans-Joerg Hoexer | |
used (when being behind NAT). With Martin Hedenfalk <martin.hedenfalk at gmail.com>, thanks! ok markus@ | |||
2007-02-19 | do not display empty authkey/enckey line when -k option is not | Hans-Joerg Hoexer | |
specified. ok markus@ | |||
2007-02-19 | undo previous commit and keep the original behaviour of the parser. | Hans-Joerg Hoexer | |
asked for by deraadt@ | |||
2007-02-16 | Address PR 5380: refer to DH MODP well-known group numbers. | Chad Loder | |
Thanks to sthen <at> symphytum DOT spacehopper DOT org | |||
2007-02-16 | Do not accept '\n' in quoted strings. Addresses issues noticed by | Hans-Joerg Hoexer | |
Prabhu Gurumurthy <pgurumu () gmail ! com> (http://marc.theaimsgroup.com/?l=openbsd-misc&m=116060233106902&w=2), thanks! ok markus@ cloder@ (uhm, quite some time ago) | |||
2007-01-10 | allow rule if there is at least _one_ matching address family combination. | Markus Friedl | |
this allows 'flow from lo0 to 127.0.0.1' if lo0 has an ipv6 address. ok itojun@, hshoexer@ | |||
2007-01-10 | add -k to usage(); | Jason McIntyre | |
2007-01-04 | don't pass -1 as a netmask; report vicviq at gmail.com | Markus Friedl | |
2007-01-03 | do not print secret keys by default, -k restores old behaviour; ok hshoexer | Markus Friedl | |
2007-01-02 | better support for IPv6 hostname/numeric representation. | Jun-ichiro itojun Hagino | |
hostname/prefixlen works only for IPv4-only hostname. markus ok (regress tested) | |||
2006-12-18 | call ike_setup_ids from a more appropriate location. | Mathieu Sauve-Frankel | |
ok hshoexer@ | |||
2006-12-12 | a rewrite of enc.4, hopefully a little more useful than what we previously | Jason McIntyre | |
had; more can go in here, so feel free... many thanks to ho for feedback, and angelos and cedric who i harangued endlessly to explain nat/ipsec to me; the ipsec.conf.5 change just moves some stuff more appropriate to enc.4; ok hshoexer | |||
2006-12-06 | SAD -> SADB; ok hshoexer | Jason McIntyre | |
2006-11-30 | typo: wrong rid for protocol | Markus Friedl | |
2006-11-30 | use rmv to unregister ipsec connections; ok hshoexer, ho | Markus Friedl | |
2006-11-30 | handle multiple SAs with different same src/dst but different port; | Markus Friedl | |
store IKE connection string and phase2 IDs in the ipsec rule; cleanup internal API: pass rules around instead of rule members; report Brian Candler; fix with hshoexer, msf; ok hshoexer | |||
2006-11-24 | add support to tag ipsec traffic belonging to specific IKE-initiated | Reyk Floeter | |
phase 2 traffic. this allows policy-based filtering of encrypted and unencrypted ipsec traffic with pf(4). see ipsec.conf(5) and isakmpd.conf(5) for details and examples. this is work in progress and still needs some testing and feedback, but it is safe to put it in now. ok hshoexer@ | |||
2006-11-24 | fix typo for remote port; from Brian Candler | Markus Friedl | |
2006-11-21 | do not delete sections that might be shared with other connections | Markus Friedl | |
however, this workaround might leak config entries in isakmpd; ok (for now) hshoexer | |||
2006-11-13 | briefly describe phases 1 and 2, and use these terms more | Jason McIntyre | |
consistently in the rest of the page; help/ok hshoexer | |||
2006-11-13 | previous was not quite right; | Jason McIntyre | |
2006-11-13 | fix a macro mistake; | Jason McIntyre | |
2006-11-13 | Handle rules with addresses from mismatched address families correctly. | Ryan Thomas McBride | |
ok msf@ | |||
2006-11-10 | check both rule sourace and destination when grouping sa's | Mathieu Sauve-Frankel | |
fixes PR5262 ok hshoexer@ | |||
2006-11-10 | When using -vv, also show grouped SAs. | Hans-Joerg Hoexer | |
2006-11-10 | Fix grouping for SAs. Now all combinations of SAs are possible, | Hans-Joerg Hoexer | |
not only ESP+AH (ie. ESP inside AH). | |||
2006-11-10 | Do not count sa, ike and tcpmd5 rules twice. Fixes PR 5263. | Hans-Joerg Hoexer | |
2006-11-01 | KNF unrelated to previous commit. | Ryan Thomas McBride | |
2006-11-01 | Add support for aggressive mode (from the k2k6 IPsec hackathon). | Ryan Thomas McBride | |
ok hshoexer |