summaryrefslogtreecommitdiff
path: root/sbin
AgeCommit message (Collapse)Author
2006-06-11tweaks;Jason McIntyre
2006-06-10Document -S and the "Delete-SAs" tag. Those will enable SA deletionHans-Joerg Hoexer
on shutdown.
2006-06-10Make deletion of SAs on shutdown optional. The default behaviourHans-Joerg Hoexer
now is to not delete SAs. Needed for reliable ipsec failover. Suggested by mtu@. Moreover, this ensures that packets do not leak when isakmpd is shutdown. ok mcbride@, testing mtu@
2006-06-10Allow isakmpd to use a different private rsa key per isakmp ID. Hans wrote ↵Mathieu Sauve-Frankel
this a long time ago, I synced it to -current and tested. ok hshoexer@
2006-06-10This shouldn't have been commited yet.Hans-Joerg Hoexer
2006-06-10support sha2 for main mode hmacs and aesctr for quick mode encryption.Hans-Joerg Hoexer
ok markus@ ho@
2006-06-10Better error message when a key file can not be opened or the provided key isHans-Joerg Hoexer
not of correct size. Suggested by david@
2006-06-10switch back to original defaults regarding DH groups. modp3072 is toHans-Joerg Hoexer
heavyweight. Testing by Jason George, thanks!
2006-06-10knf & careful data freeing, regression tested by toddTheo de Raadt
2006-06-09Allow for AH the use of the authentication algorithms added a while ago.Christian Weisgerber
Fix the indentation while we're here. ok hshoexer@
2006-06-09EFI partition types; didickman@yahoo.comTheo de Raadt
2006-06-09Xo/Xc not needed here; from davidJason McIntyre
2006-06-09simplify previous;Jason McIntyre
2006-06-08fix usage, make synopsis more pretty. noticed by david@Hans-Joerg Hoexer
2006-06-08fix some indentation, noticed by david@Hans-Joerg Hoexer
2006-06-08Add a transport mode specifier to ike rules. Tunnel mode remains the default.Christian Weisgerber
"looks right" hshoexer@
2006-06-08allocate enough storage via sockaddr_storage for sockaddr_in6,Todd T. Fries
fixes ike29.in in regress looks right hshoexer@, ok naddy@
2006-06-08Fix a typo: When testing for quick mode lifetimes, make sure toHans-Joerg Hoexer
reference quick mode lifetimes, too, not main mode lifetimes. Otherwise we might dereference a NULL pointer...
2006-06-08turns out this really doesn't break what is in the tree; ok hshoexer@Todd T. Fries
2006-06-07make sure, we initialize unspecified keys and spis. Noticed byHans-Joerg Hoexer
naddy@, ok naddy@.
2006-06-07Do not yet expand the "any" keyword to v6 addresses. ok todd@Hans-Joerg Hoexer
2006-06-07remove unused prototype, ok todd@Hans-Joerg Hoexer
2006-06-06oopsTheo de Raadt
2006-06-06System build pieces for armish arch.Dale Rahn
2006-06-05Simpler code for printing time sensors: no leak and no floatingOtto Moerbeek
point. ok deraadt@
2006-06-04print time offsets much nicerTheo de Raadt
2006-06-03Use ifconfig delete/alias conforming with the man page.Marco Pfatschbacher
OK krw@
2006-06-03better synopsis for -g; ok mpfJason McIntyre
2006-06-03groups are specified using -g, not -m; ok mpfJason McIntyre
2006-06-03Do not set newaddr to 1 if "delete" was specified beforhands. In this caseClaudio Jeker
doalias is < 0. This fixes the problem where ifconfig em0 delete 10.0.0.1 created a 0.0.0.0/0 route entry and created a total mess because of that. Diff from markus@ OK beck@ markus@
2006-06-03kill trailing whitespace;Jason McIntyre
2006-06-02Introduce attributes to interface groups.Marco Pfatschbacher
As a first user, move the global carp(4) demotion counter into the interface group. Thus we have the possibility to define which carp interfaces are demoted together. Put the demotion counter into the reserved field of the carp header. With this, we can have carp act smarter if multiple errors occur. It now always takes over other carp peers, that are advertising with a higher demote count. As a side effect, we can also have group failovers without the need of running in preempt mode. The protocol change does not break compability with older implementations. Collaborative work with mcbride@ OK mcbride@, henning@
2006-06-02Big spelling cleanup, no binary change. From david@Hans-Joerg Hoexer
2006-06-02correct spelling of specifiedDavid Krause
2006-06-02Big whitespace cleanup.Hans-Joerg Hoexer
2006-06-02exit(2) when loading of rules did work partially. ok markus@Hans-Joerg Hoexer
2006-06-02document port modifiers in ike rulesChristian Weisgerber
2006-06-02support tcp/udp port modifiers in ike rulesChristian Weisgerber
"put it in if it doesn't break regress" hshoexer@
2006-06-02backoff-cutoff defaults to 15 seconds; ok henning@Kevin Steves
2006-06-02print full information about tcpmd5 and ipcomp SAs, tooMarkus Friedl
2006-06-02add trailing \ when printing multiple lines for an SA, this wayMarkus Friedl
the output of ispecctl matches its input
2006-06-02- sort optionsJason McIntyre
- sync usage() - clean up
2006-06-02mark up keywords using .Ic; ok hshoexerJason McIntyre
2006-06-02allow to specify phase 1 and 2 lifetimes. Right now, these valuesHans-Joerg Hoexer
can only be set globally (ie. Default-phase-[12]-lifetime).
2006-06-02simplify handling of peers.Hans-Joerg Hoexer
2006-06-02Fix comment to reflect updated st(4) verbiage.Kenneth R Westerback
2006-06-02some more cleanup and simplification, no functional change.Hans-Joerg Hoexer
2006-06-02put src and dst host in dedicated structure. Make the API moreHans-Joerg Hoexer
compact which will soon simplify my life.
2006-06-02Change LMCCTL to LMCCONTROL. It is lmccontrol(8), after all.Ray Lai
``yeah!'' jmc@
2006-06-02tiny style cleanup and white spacesHans-Joerg Hoexer
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-15 14:00:56 +0000