src - OpenBSD base system

Age	Commit message (Collapse)	Author
2006-06-01	Final bits for SA grouping.	Hans-Joerg Hoexer

2006-06-01	pfkey bits needed for SA grouping	Hans-Joerg Hoexer

2006-06-01	address has two `d', and i had to use a dictionary to check ;)	Jason McIntyre

2006-06-01	Revert last commit. Modifing a interface does a remove and then an add.	Claudio Jeker
	We need to figure out a better way to fix this. Brought up by markus@ OK beck@
2006-06-01	document port matching in flows; ok hshoexer@	Christian Weisgerber

2006-06-01	'-alias' is deprecated. Use 'delete' in ifconfig statements.	Kenneth R Westerback
	ok beck@
2006-06-01	ifconfig should be either deleting an interface address, or adding one in one	Bob Beck
	invocation, not both. This change ensures that a delete does not also do an add. Fixes stupid problem where deleting the last address with ifconfig delete addr worked differently than ifconfig addr delete where the first way would re-add an address of 0.0.0.0/0 after deleting the address. ok claudio@, krw@
2006-06-01	change the local-ID section name to always be unique as we may want to use ↵	Mathieu Sauve-Frankel
	more than one ISAKMP ID on the local peer. ok hshoexer@
2006-06-01	Support flows with port modifiers for proto tcp/udp, e.g.	Christian Weisgerber
	flow proto udp from 1.2.3.4 port ntp to 5.6.7.8 ok hshoexer@ msf@
2006-06-01	delint	David Hill
	ok moritz
2006-06-01	more to free, needed for SA grouping.	Hans-Joerg Hoexer

2006-06-01	Don't treat the addition of a dhclient.conf 'alias{}' address as an	Kenneth R Westerback
	external modification when the RTM_NEWADDR message arrives from the routing socket. Now dhclient will not exit if 'alias{}' is specified in dhclient.conf. Mentioned many times, most recently by Matthias Bertschy on misc@. ok henning@ beck@
2006-06-01	convert pfkey to ipsec_rule and use ipsecctl_print_rule() when dumping	Markus Friedl
	the in-kernel SAs. this way we produce the same output as rule loading ok hshoexer
2006-06-01	Add members dst2, proto2 and spi2 to struct ipsec_rule and define	Hans-Joerg Hoexer
	rule type "group". Needed for grouping.
2006-06-01	Prepare for SA grouping.	Hans-Joerg Hoexer

2006-06-01	print actual key size when warning about the wrong key size; ok hshoexer	Markus Friedl

2006-06-01	read the full reply from PFKEY even if sadb_errno is set; ok hshoexer	Markus Friedl

2006-06-01	spacing	Theo de Raadt

2006-06-01	knf	Hans-Joerg Hoexer

2006-06-01	correct error messages to match calloc where appropriate	Todd T. Fries
	ok hshoexer@
2006-06-01	permit feeding isakmpd.fifo IPv6 addresses	Todd T. Fries
	ok hshoexer@
2006-06-01	knf	Hans-Joerg Hoexer

2006-06-01	add more v6 support, this round `any' expands additionally to ::/0	Todd T. Fries
	skip link-locals for now, to be handled separately later ok hshoexer@
2006-06-01	rename list link for ipsec_rule structures from "entries" to "rule_entry".	Hans-Joerg Hoexer

2006-06-01	When no peer is specified, make this rule a "catch-all" rule for any remote	Hans-Joerg Hoexer
	peer. Similar to isakmpd(8)s "Default=" tag.
2006-06-01	Generate correct configuration for default peers.	Hans-Joerg Hoexer

2006-06-01	Fix a comment	Hans-Joerg Hoexer

2006-05-31	Replace atoi with strtonum.	David Hill
	Use __progname in usage() ok otto jaredy
2006-05-31	white spaces	Hans-Joerg Hoexer

2006-05-31	clarify link-timeout default as seconds; ok jmc@	Kevin Steves

2006-05-31	add basic	Todd T. Fries
	- IPv6 parsing for only v6 host addresses - checks for dst <-> src address family sanity ok hshoexer@
2006-05-31	add a little markup;	Jason McIntyre

2006-05-31	whitespace cleanup	Hans-Joerg Hoexer

2006-05-31	shuffle some newlines to make all the formatting work again	Mathieu Sauve-Frankel
	ok hshoexer@
2006-05-31	tiny KNF	Hans-Joerg Hoexer

2006-05-31	Make sure, that phase 1 SAs of active connections stay alive. Fixes a DPD	Hans-Joerg Hoexer
	breakage noticed and reported by Mitja Muzenic. ok markus@ ho@, testing by Mitja and cloder@, discussed with Nathanael.
2006-05-31	Small function header knf.	Hans-Joerg Hoexer

2006-05-31	Prepare for handling unnamed remote peers.	Hans-Joerg Hoexer

2006-05-31	Fix 'special value 0 requests that dhclient not wait for a link state	Kevin Steves
	change before timing out' behaviour of the man page for link-timeout; ok deraadt@ henning@
2006-05-30	implement monitor mode for ipsecctl. worked on with markus@	Mathieu Sauve-Frankel
	ok hshoexer@
2006-05-30	Don't double-eject tapes. Once is enough. Closes PR#1282.	Kenneth R Westerback
	ok miod@ beck@, functionally equivalent diff ok deraadt@ a while ago
2006-05-30	fix SA grouping. Now, esp+ah and ah+esp works again.	Hans-Joerg Hoexer
	ok markus@
2006-05-30	this fixes a crash observed by Naddy on amd64, and permits the src/dst ip's to	Todd T. Fries
	be visible .. when IPv6 sa flows are present ok claudio@
2006-05-29	enable lists.	Hans-Joerg Hoexer
	This allows rules like: ike from em0 to { 192.168.7.0/24, 192.168.9.0/24 } peer 1.2.3.4 This will setup two tunnels to the networks 192.168.7.0/24 and 192.168.9.0/24.
2006-05-29	Need protoype for ipsecctl_free_rule(). While around clean up	Hans-Joerg Hoexer
	prototype for ipsecctl_add_rule.
2006-05-29	Provide functions for copying members of rules. Implement copyrule()	Hans-Joerg Hoexer
	function to copy a single rule. Use that for rule expansion.
2006-05-29	add ipsecctl_free_rule() for cleaning up rules.	Hans-Joerg Hoexer

2006-05-29	revert vfs.nfs.privport sysctl, broke a few architectures	Anil Madhavapeddy
	requested by deraadt@
2006-05-29	unify code a little bit (consistent variable names).	Hans-Joerg Hoexer

2006-05-29	Also return proper list of addresses for interface groups.	Hans-Joerg Hoexer
	As usual, this and the previous commit reused suitable code from the tree (pfctl).