summaryrefslogtreecommitdiff
path: root/sbin
AgeCommit message (Collapse)Author
2006-06-01rename list link for ipsec_rule structures from "entries" to "rule_entry".Hans-Joerg Hoexer
2006-06-01When no peer is specified, make this rule a "catch-all" rule for any remoteHans-Joerg Hoexer
peer. Similar to isakmpd(8)s "Default=" tag.
2006-06-01Generate correct configuration for default peers.Hans-Joerg Hoexer
2006-06-01Fix a commentHans-Joerg Hoexer
2006-05-31Replace atoi with strtonum.David Hill
Use __progname in usage() ok otto jaredy
2006-05-31white spacesHans-Joerg Hoexer
2006-05-31clarify link-timeout default as seconds; ok jmc@Kevin Steves
2006-05-31add basicTodd T. Fries
- IPv6 parsing for only v6 host addresses - checks for dst <-> src address family sanity ok hshoexer@
2006-05-31add a little markup;Jason McIntyre
2006-05-31whitespace cleanupHans-Joerg Hoexer
2006-05-31shuffle some newlines to make all the formatting work againMathieu Sauve-Frankel
ok hshoexer@
2006-05-31tiny KNFHans-Joerg Hoexer
2006-05-31Make sure, that phase 1 SAs of active connections stay alive. Fixes a DPDHans-Joerg Hoexer
breakage noticed and reported by Mitja Muzenic. ok markus@ ho@, testing by Mitja and cloder@, discussed with Nathanael.
2006-05-31Small function header knf.Hans-Joerg Hoexer
2006-05-31Prepare for handling unnamed remote peers.Hans-Joerg Hoexer
2006-05-31Fix 'special value 0 requests that dhclient not wait for a link stateKevin Steves
change before timing out' behaviour of the man page for link-timeout; ok deraadt@ henning@
2006-05-30implement monitor mode for ipsecctl. worked on with markus@Mathieu Sauve-Frankel
ok hshoexer@
2006-05-30Don't double-eject tapes. Once is enough. Closes PR#1282.Kenneth R Westerback
ok miod@ beck@, functionally equivalent diff ok deraadt@ a while ago
2006-05-30fix SA grouping. Now, esp+ah and ah+esp works again.Hans-Joerg Hoexer
ok markus@
2006-05-30this fixes a crash observed by Naddy on amd64, and permits the src/dst ip's toTodd T. Fries
be visible .. when IPv6 sa flows are present ok claudio@
2006-05-29enable lists.Hans-Joerg Hoexer
This allows rules like: ike from em0 to { 192.168.7.0/24, 192.168.9.0/24 } peer 1.2.3.4 This will setup two tunnels to the networks 192.168.7.0/24 and 192.168.9.0/24.
2006-05-29Need protoype for ipsecctl_free_rule(). While around clean upHans-Joerg Hoexer
prototype for ipsecctl_add_rule.
2006-05-29Provide functions for copying members of rules. Implement copyrule()Hans-Joerg Hoexer
function to copy a single rule. Use that for rule expansion.
2006-05-29add ipsecctl_free_rule() for cleaning up rules.Hans-Joerg Hoexer
2006-05-29revert vfs.nfs.privport sysctl, broke a few architecturesAnil Madhavapeddy
requested by deraadt@
2006-05-29unify code a little bit (consistent variable names).Hans-Joerg Hoexer
2006-05-29Also return proper list of addresses for interface groups.Hans-Joerg Hoexer
As usual, this and the previous commit reused suitable code from the tree (pfctl).
2006-05-29As the rule expansion is now aware of host lists, host_if() has toHans-Joerg Hoexer
return a proper list of addresses bound to an interface.
2006-05-29teach expand_rule() to iterate over host lists, not used yet.Hans-Joerg Hoexer
2006-05-29fix rule numbering (for -vv)Hans-Joerg Hoexer
late ikerule also use expand_rule
2006-05-29Do not use C++ comments. Noticed by markus.Hans-Joerg Hoexer
2006-05-29export pf_key_v2_disable_sa() (unbreaks build)Markus Friedl
2006-05-29Oops, return after calling sa_release()Ryan Thomas McBride
2006-05-29Fix broken merge of patch. Pointed out by nathanael at polymorpheus dot com.Ryan Thomas McBride
2006-05-29Change MBR_read() and MBR_write() to return -1 on error and setRay Lai
errno = EIO for short reads. This makes it easier to check for read and write errors. Much patient tutoring by weingart@, deraadt@, and cloder@. Correctly use ssize_t to store read(2) and write(2) return values. No functional change, since MBR_read() and MBR_write() return values aren't currently checked. OK deraadt@
2006-05-29merge expand_sa() and expand_rule().Hans-Joerg Hoexer
2006-05-29move generation of reverse flow rules to seperat function.Hans-Joerg Hoexer
2006-05-29unify expansion of SA rules. Needed for general rule expansion.Hans-Joerg Hoexer
2006-05-28Add support for NFS mounts to be from non-reserved ports:Anil Madhavapeddy
- new sysctl vfs.nfs.privport to require NFS mount requests to be on reserved ports when set to 1 (the default). - mountd now automatically sets the sysctl depending on the -n flag. - add mountd_flags to rc.conf to enable the -n flag at boot. deraadt@ ok
2006-05-28use <machine/endian.h> to figure what we are running on instead of definingMartin Reindl
our own macros
2006-05-28when parsing host specifications, initialize host address queue pointers, notHans-Joerg Hoexer
used yet.
2006-05-28prepare for rule expansion. Get rid of addr_node, link structHans-Joerg Hoexer
ipsec_addr_wrap directly.
2006-05-28kill trainling whitespaceHans-Joerg Hoexer
2006-05-28whoops, undo last commit. Of course, set_ipmask() is needed...Hans-Joerg Hoexer
2006-05-28this one not needed yet.Hans-Joerg Hoexer
2006-05-28fill in AF_INET6 casesTodd T. Fries
this does not complete v6 support for ipsecctl, but makes progress ok hshoexer@
2006-05-28Assign a finalization event to the exchange initiated on soft expiry.Ryan Thomas McBride
If the exchange fails, the existing phase 1 SA is invalidated and the exchange is retried at the Exchange-Max-Time interval until the SA hard timeout expires. Another sasyncd-related fix from nathanael at polymorpheous dot com ok ho@ hshoexer@
2006-05-28also report SA flags.Hans-Joerg Hoexer
2006-05-28revert a part of last commit causes newlineThordur I. Bjornsson
proplems during boot. pointed out by sturm@
2006-05-28matching brackets are usefulTodd T. Fries
ok dlg@