summaryrefslogtreecommitdiff
path: root/sbin/ipsecctl
AgeCommit message (Expand)Author
2015-06-03Do not assume that asprintf() clears the pointer on failure, whichTodd C. Miller
2015-05-25bump up the default Diffie-Hellman group to modp3072; ok mikeb@ djm@Christian Weisgerber
2015-04-17Remove unsupported SADB_X_IDENTTYPE_CONNECTION; OK markus, hshoexerMike Belopuhov
2015-04-14Remove support for storing credentials and auth information in the kernel.Mike Belopuhov
2015-02-28Reduce usage of predefined strings in manpages.Anthony J. Bentley
2015-01-16Replace <sys/param.h> with <limits.h> and other less dirty headers whereTheo de Raadt
2015-01-10tell the truth about DES.Igor Sobrado
2015-01-02PFS stands for Perfect Forward Secrecy.Igor Sobrado
2014-12-28Unbreak the tree. Looks like tedu did not tedu enough when killing KPDKClaudio Jeker
2014-11-20Yet more #include de-duplication.Kenneth R Westerback
2014-11-20Don't allow embedded nul characters in strings.Jonathan Gray
2014-11-04Add gcc format attributes to ipsecctl's parse.y. Also, fix a few formatDoug Hogan
2014-11-03simple conversion from select() to poll()Theo de Raadt
2014-03-19Unify ipsec.conf(5)'s copy of the text dealing with multiline comments,Stuart Henderson
2014-01-22fix printing of IPcomp SAs; ok mikeb@ & todd@Markus Friedl
2014-01-22relax the cfg file secrecy check slightly to allow group readabilityHenning Brauer
2013-11-25use u_char for buffers in yylex, for ctype callsSebastian Benoit
2013-11-22Whole bunch of (unsigned char) casts carefully added for ctype calls.Theo de Raadt
2013-11-01altq -> new queue in examplesHenning Brauer
2013-08-25the comment that comma characters cannot be used in transformMike Belopuhov
2013-06-29do not use Sx for sections outwith the page;Jason McIntyre
2012-09-18remove the SADB_X_SAFLAGS_{HALFIV,RANDOMPADDING,NOREPLAY} pfkey-API (not setMarkus Friedl
2012-09-17unbreak the last commit by making sure that the transform nameMarkus Friedl
2012-09-15Encode the transform parameters in the transform name, too.Markus Friedl
2012-08-30Do not issue a spurious "force" when "group none" is specified.Christian Weisgerber
2012-08-12Explicitly state that only two unit specifiers are recognized instead ofLawrence Teo
2012-07-13small tweak;Jason McIntyre
2012-07-13Change the configuration format fed to the isakmpd FIFO to be ableMike Belopuhov
2012-07-10Rename "life" to "lifetime" to match iked.Lawrence Teo
2012-07-09Fix typo in warning message.Lawrence Teo
2012-07-08Disallow manual security associations that use AES-CTR, AES-GCM,Christian Weisgerber
2012-07-07copy&paste mistake in error messageChristian Weisgerber
2012-07-05don't output "esn" string in the rule section as we can't use theMike Belopuhov
2012-06-30enable use of AES-{192,256}-CTR, and explicitly of AES-128-CTR, for IPsec ESPChristian Weisgerber
2012-06-29Print esn flag when dumping SAs with ESN enabledMike Belopuhov
2012-04-24take a stab at documenting when arguments need quoted, and valid macroJason McIntyre
2012-03-24fix some leaksJonathan Gray
2011-12-20unsigned long should use "%lu" format; from eric lax, thanksMike Belopuhov
2011-11-13provide a specific section reference; from Lawrence TeoJason McIntyre
2011-11-08- put -i in the right placeJason McIntyre
2011-11-08mention default fifo path, sthen. previous manpage changes were ok jmc, plusHenning Brauer
2011-11-08allow the path to isakmpd's fifo to be specified (aka changed) on theHenning Brauer
2011-09-03make -column lists pretty again;Jason McIntyre
2011-08-19as with other list types, column lists generally do not need a Pp/-compactJason McIntyre
2011-07-07We can mention ipcomp, since it worksTheo de Raadt
2011-07-06For non-crypted flows (such as ipcomp and ipip), default theirTheo de Raadt
2011-06-24wrap previous onto a second lineStuart Henderson
2011-06-24nat-to rules require a directionStuart Henderson
2011-04-13print flags in hex; from hshoexer@; ok mikeb@ mpf@Markus Friedl
2010-10-15fixup generation of suites string for isakmpd wrt "group none"Mike Belopuhov