Age | Commit message (Collapse) | Author | |
---|---|---|---|
2006-06-01 | rename list link for ipsec_rule structures from "entries" to "rule_entry". | Hans-Joerg Hoexer | |
2006-06-01 | When no peer is specified, make this rule a "catch-all" rule for any remote | Hans-Joerg Hoexer | |
peer. Similar to isakmpd(8)s "Default=" tag. | |||
2006-06-01 | Generate correct configuration for default peers. | Hans-Joerg Hoexer | |
2006-06-01 | Fix a comment | Hans-Joerg Hoexer | |
2006-05-31 | Replace atoi with strtonum. | David Hill | |
Use __progname in usage() ok otto jaredy | |||
2006-05-31 | white spaces | Hans-Joerg Hoexer | |
2006-05-31 | clarify link-timeout default as seconds; ok jmc@ | Kevin Steves | |
2006-05-31 | add basic | Todd T. Fries | |
- IPv6 parsing for only v6 host addresses - checks for dst <-> src address family sanity ok hshoexer@ | |||
2006-05-31 | add a little markup; | Jason McIntyre | |
2006-05-31 | whitespace cleanup | Hans-Joerg Hoexer | |
2006-05-31 | shuffle some newlines to make all the formatting work again | Mathieu Sauve-Frankel | |
ok hshoexer@ | |||
2006-05-31 | tiny KNF | Hans-Joerg Hoexer | |
2006-05-31 | Make sure, that phase 1 SAs of active connections stay alive. Fixes a DPD | Hans-Joerg Hoexer | |
breakage noticed and reported by Mitja Muzenic. ok markus@ ho@, testing by Mitja and cloder@, discussed with Nathanael. | |||
2006-05-31 | Small function header knf. | Hans-Joerg Hoexer | |
2006-05-31 | Prepare for handling unnamed remote peers. | Hans-Joerg Hoexer | |
2006-05-31 | Fix 'special value 0 requests that dhclient not wait for a link state | Kevin Steves | |
change before timing out' behaviour of the man page for link-timeout; ok deraadt@ henning@ | |||
2006-05-30 | implement monitor mode for ipsecctl. worked on with markus@ | Mathieu Sauve-Frankel | |
ok hshoexer@ | |||
2006-05-30 | Don't double-eject tapes. Once is enough. Closes PR#1282. | Kenneth R Westerback | |
ok miod@ beck@, functionally equivalent diff ok deraadt@ a while ago | |||
2006-05-30 | fix SA grouping. Now, esp+ah and ah+esp works again. | Hans-Joerg Hoexer | |
ok markus@ | |||
2006-05-30 | this fixes a crash observed by Naddy on amd64, and permits the src/dst ip's to | Todd T. Fries | |
be visible .. when IPv6 sa flows are present ok claudio@ | |||
2006-05-29 | enable lists. | Hans-Joerg Hoexer | |
This allows rules like: ike from em0 to { 192.168.7.0/24, 192.168.9.0/24 } peer 1.2.3.4 This will setup two tunnels to the networks 192.168.7.0/24 and 192.168.9.0/24. | |||
2006-05-29 | Need protoype for ipsecctl_free_rule(). While around clean up | Hans-Joerg Hoexer | |
prototype for ipsecctl_add_rule. | |||
2006-05-29 | Provide functions for copying members of rules. Implement copyrule() | Hans-Joerg Hoexer | |
function to copy a single rule. Use that for rule expansion. | |||
2006-05-29 | add ipsecctl_free_rule() for cleaning up rules. | Hans-Joerg Hoexer | |
2006-05-29 | revert vfs.nfs.privport sysctl, broke a few architectures | Anil Madhavapeddy | |
requested by deraadt@ | |||
2006-05-29 | unify code a little bit (consistent variable names). | Hans-Joerg Hoexer | |
2006-05-29 | Also return proper list of addresses for interface groups. | Hans-Joerg Hoexer | |
As usual, this and the previous commit reused suitable code from the tree (pfctl). | |||
2006-05-29 | As the rule expansion is now aware of host lists, host_if() has to | Hans-Joerg Hoexer | |
return a proper list of addresses bound to an interface. | |||
2006-05-29 | teach expand_rule() to iterate over host lists, not used yet. | Hans-Joerg Hoexer | |
2006-05-29 | fix rule numbering (for -vv) | Hans-Joerg Hoexer | |
late ikerule also use expand_rule | |||
2006-05-29 | Do not use C++ comments. Noticed by markus. | Hans-Joerg Hoexer | |
2006-05-29 | export pf_key_v2_disable_sa() (unbreaks build) | Markus Friedl | |
2006-05-29 | Oops, return after calling sa_release() | Ryan Thomas McBride | |
2006-05-29 | Fix broken merge of patch. Pointed out by nathanael at polymorpheus dot com. | Ryan Thomas McBride | |
2006-05-29 | Change MBR_read() and MBR_write() to return -1 on error and set | Ray Lai | |
errno = EIO for short reads. This makes it easier to check for read and write errors. Much patient tutoring by weingart@, deraadt@, and cloder@. Correctly use ssize_t to store read(2) and write(2) return values. No functional change, since MBR_read() and MBR_write() return values aren't currently checked. OK deraadt@ | |||
2006-05-29 | merge expand_sa() and expand_rule(). | Hans-Joerg Hoexer | |
2006-05-29 | move generation of reverse flow rules to seperat function. | Hans-Joerg Hoexer | |
2006-05-29 | unify expansion of SA rules. Needed for general rule expansion. | Hans-Joerg Hoexer | |
2006-05-28 | Add support for NFS mounts to be from non-reserved ports: | Anil Madhavapeddy | |
- new sysctl vfs.nfs.privport to require NFS mount requests to be on reserved ports when set to 1 (the default). - mountd now automatically sets the sysctl depending on the -n flag. - add mountd_flags to rc.conf to enable the -n flag at boot. deraadt@ ok | |||
2006-05-28 | use <machine/endian.h> to figure what we are running on instead of defining | Martin Reindl | |
our own macros | |||
2006-05-28 | when parsing host specifications, initialize host address queue pointers, not | Hans-Joerg Hoexer | |
used yet. | |||
2006-05-28 | prepare for rule expansion. Get rid of addr_node, link struct | Hans-Joerg Hoexer | |
ipsec_addr_wrap directly. | |||
2006-05-28 | kill trainling whitespace | Hans-Joerg Hoexer | |
2006-05-28 | whoops, undo last commit. Of course, set_ipmask() is needed... | Hans-Joerg Hoexer | |
2006-05-28 | this one not needed yet. | Hans-Joerg Hoexer | |
2006-05-28 | fill in AF_INET6 cases | Todd T. Fries | |
this does not complete v6 support for ipsecctl, but makes progress ok hshoexer@ | |||
2006-05-28 | Assign a finalization event to the exchange initiated on soft expiry. | Ryan Thomas McBride | |
If the exchange fails, the existing phase 1 SA is invalidated and the exchange is retried at the Exchange-Max-Time interval until the SA hard timeout expires. Another sasyncd-related fix from nathanael at polymorpheous dot com ok ho@ hshoexer@ | |||
2006-05-28 | also report SA flags. | Hans-Joerg Hoexer | |
2006-05-28 | revert a part of last commit causes newline | Thordur I. Bjornsson | |
proplems during boot. pointed out by sturm@ | |||
2006-05-28 | matching brackets are useful | Todd T. Fries | |
ok dlg@ |