summaryrefslogtreecommitdiff
path: root/sbin/ipsecctl
AgeCommit message (Expand)Author
2019-11-10Consistently use _rcctl enable foo_ in examples, it's simpler and lessLandry Breuil
2019-08-26Fix file descriptor leak due to popfile() never closing the main config file.tobhe
2019-07-03snprintf/vsnprintf return < 0 on error, rather than -1.Theo de Raadt
2019-06-28When system calls indicate an error they return -1, not some arbitraryTheo de Raadt
2019-02-13(unsigned) means (unsigned int) which on ptrdiff_t or size_t or otherTheo de Raadt
2018-11-07sync cmdline_symset() changes with src/usr.sbin; OK sashan@ claudio@miko
2018-11-01- odd condition/test in PF lexerAlexandr Nedvedicky
2018-09-07Remove unnused af argument from unmask(), sync with pfctlkn
2018-08-28Display per-TDB counters in verbose mode.Martin Pieuchot
2018-07-11Do for most running out of memory err() what was done for most runningKenneth R Westerback
2018-07-10Include <sys/queue.h> instead of relying on kernel headers to includeMartin Pieuchot
2018-07-09No need to mention which memory allocation entry point failed (malloc,Kenneth R Westerback
2018-07-08Be consistent in warn() and log_warn() usage whenKenneth R Westerback
2018-04-26Plug leak in error case of the common 'varset' implementations.Kenneth R Westerback
2018-04-17Document how to avoid isakmpd(8) source IP address pitfalls by usingStefan Sperling
2017-11-23in isakmpd(8), provide a hint: from scott chelohaJason McIntyre
2017-11-20Support collapsing flow outputs.Martin Pieuchot
2017-10-27Support DH groups 19 to 21 and 25 to 30, just like iked(8) does.Martin Pieuchot
2017-04-19Rename all SA groups to bundles consistently. The first kernelAlexander Bluhm
2017-04-18use freezero()Theo de Raadt
2017-04-14Up to now ipsecctl(8) grouped SAs with identical src and dst to theAlexander Bluhm
2017-04-10Found another len += snprintf...Theo de Raadt
2017-03-02Now that the kernel provides information about IPsec SA bundles,Alexander Bluhm
2017-02-28Depending on the addresses, ipsecctl(8) automatically groups saAlexander Bluhm
2017-01-05Replace symset()'s hand-rolled for(;;) traversal of 'symhead' TAILQKenneth R Westerback
2016-06-21do not allow whitespace in macro names, i.e. "this is" = "a variable".Sebastian Benoit
2015-12-10Remove NULL-checks before free(). ok tb@mmcc
2015-12-09Remove plain DES encryption from IPsec.Christian Weisgerber
2015-12-02remove unimplemented PF_KEY algorithms; ok sthen@ mpi@ mikeb@Christian Weisgerber
2015-11-04Decode Chacha20-Poly1305 when dumping SAs; ok reyk, naddyMike Belopuhov
2015-11-01replace "can not" with "cannot";Jason McIntyre
2015-10-18Use explicit_bzero() when the memory is freed directly afterward.mmcc
2015-06-03Do not assume that asprintf() clears the pointer on failure, whichTodd C. Miller
2015-05-25bump up the default Diffie-Hellman group to modp3072; ok mikeb@ djm@Christian Weisgerber
2015-04-17Remove unsupported SADB_X_IDENTTYPE_CONNECTION; OK markus, hshoexerMike Belopuhov
2015-04-14Remove support for storing credentials and auth information in the kernel.Mike Belopuhov
2015-02-28Reduce usage of predefined strings in manpages.Anthony J. Bentley
2015-01-16Replace <sys/param.h> with <limits.h> and other less dirty headers whereTheo de Raadt
2015-01-10tell the truth about DES.Igor Sobrado
2015-01-02PFS stands for Perfect Forward Secrecy.Igor Sobrado
2014-12-28Unbreak the tree. Looks like tedu did not tedu enough when killing KPDKClaudio Jeker
2014-11-20Yet more #include de-duplication.Kenneth R Westerback
2014-11-20Don't allow embedded nul characters in strings.Jonathan Gray
2014-11-04Add gcc format attributes to ipsecctl's parse.y. Also, fix a few formatDoug Hogan
2014-11-03simple conversion from select() to poll()Theo de Raadt
2014-03-19Unify ipsec.conf(5)'s copy of the text dealing with multiline comments,Stuart Henderson
2014-01-22fix printing of IPcomp SAs; ok mikeb@ & todd@Markus Friedl
2014-01-22relax the cfg file secrecy check slightly to allow group readabilityHenning Brauer
2013-11-25use u_char for buffers in yylex, for ctype callsSebastian Benoit
2013-11-22Whole bunch of (unsigned char) casts carefully added for ctype calls.Theo de Raadt