summaryrefslogtreecommitdiff
path: root/sbin/ipsecctl
AgeCommit message (Expand)Author
2011-06-24wrap previous onto a second lineStuart Henderson
2011-06-24nat-to rules require a directionStuart Henderson
2011-04-13print flags in hex; from hshoexer@; ok mikeb@ mpf@Markus Friedl
2010-10-15fixup generation of suites string for isakmpd wrt "group none"Mike Belopuhov
2010-10-06Retire SkipjackMike Belopuhov
2010-09-23change description for AES-GMAC a bit.Mike Belopuhov
2010-09-22Support AES-GCM-16 (as aes-gcm) and ENCR_NULL_AUTH_AES_GMACMike Belopuhov
2010-09-19more wacky macro fixing;Jason McIntyre
2010-08-03fix linecount bug with comments spanning multiple linesHenning Brauer
2010-07-01support dumping the new SADB_X_EXT_TAP extension.Reyk Floeter
2010-06-07fix a quoting wobble for the srcnat keyword; verified by reykJason McIntyre
2010-06-03update the manpages for isakmpd(8) and ipsec.conf(5) to point to iked(8)Reyk Floeter
2010-05-10Various comment typos. 'wether' -> 'whether' (most popular), 'possiblity' ->Kenneth R Westerback
2010-01-02Various syntax errors in list headers, found by mandoc(1),Ingo Schwarze
2009-11-13Don't use [] in function arguments when dealing with arraysJonathan Gray
2009-10-21nat -> match...nat-to in example PF rule. ok mpf@Stuart Henderson
2009-10-04When IKE is operating in dynamic mode and no srcid is given, the hostnameJoel Sing
2009-08-04Specify an ID-type of IPV4_ADDR or IPV6_ADDR if the srcid or dstid isJoel Sing
2009-03-31Fixed memory leaks which would occur if the second of two memoryTobias Stoeckmann
2009-01-30If the "peer" address is not specified or derived from "to" forAlexander Bluhm
2009-01-29After checking that peer == NULL do not assign peer = NULL a fewAlexander Bluhm
2009-01-29tweak previous;Jason McIntyre
2009-01-28Allow to specify ike and flow explicitly without peer. The anyAlexander Bluhm
2009-01-27A warning text in ipsecctl was used twice. Make the messages uniqueAlexander Bluhm
2009-01-20Add support to isakmpd(8) and ipsecctl(8) to install SA's with aMarco Pfatschbacher
2008-12-22Only warn about pfkey failures when errno is != EEXIST.Hans-Joerg Hoexer
2008-11-29Explain how /32 changes the address type to IPV4_ADDR_SUBNET. From MitjaHans-Joerg Hoexer
2008-11-14When parsing v4 addresses mark them as network addressesHans-Joerg Hoexer
2008-10-17findeol() fix from pfctlHenning Brauer
2008-08-19use the actual keysize from the SA to figure out which AES variantMarkus Friedl
2008-07-21Free the rules in the rule_queue also if ipsecctl is called withAlexander Bluhm
2008-07-01Isakmpd acquire mode did not work with a config generated fromAlexander Bluhm
2008-07-01If a rules contains a hostname instead of an address, use the listAlexander Bluhm
2008-07-01If multiple to addresses but no peer are given in an ike or flowAlexander Bluhm
2008-06-14Move ike and flow peer selection to common function.Alexander Bluhm
2008-06-11trivial code simplificationAlexander Bluhm
2008-04-11add support for the "include" directive using code from pfctl/parse.y.Reyk Floeter
2008-02-22Support for specifying aes-{128,192,256}. Originial idea by PrabhuHans-Joerg Hoexer
2008-02-12document modifier types; requested by AurelienJason McIntyre
2008-01-04Strip off trailing '/32' when address type is IPV4_ADDR as isakmpd doesHans-Joerg Hoexer
2007-11-12Remove space/tab compression function from lgetc() and replaceMarco Pfatschbacher
2007-10-22sync with daemon parser code.Pierre-Yves Ritschard
2007-10-16Allow '=' to end a number in all lexers.Marco Pfatschbacher
2007-10-16in the lex... even inside quotes, a \ followed by space or tab shouldTheo de Raadt
2007-10-13in all these programs using the same pfctl-derived parse.y, re-unify theTheo de Raadt
2007-10-11next step in the yylex unification: handle quoted strings in a nicer fashionTheo de Raadt
2007-09-17Document the syntax used with manual SAs for automatic creationStuart Henderson
2007-09-12Here too: Add support to the lex for parsing number out of the stream.Hans-Joerg Hoexer
2007-08-21no need to include both sys/types.h and params.hHans-Joerg Hoexer
2007-08-10duplicate strdup; ok hshoexerMarkus Friedl