![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / sbin / ipsecctl
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.88 / (download) - annotate - [select for diffs], Tue Feb 6 05:39:28 2024 UTC (3 months, 3 weeks ago) by yasuoka
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
HEAD
Changes since 1.87: +5 -10 lines
Diff to previous 1.87 (colored)
Tweak previous. Passing "dns" to pledge(2) is suitable for the purpose. input deraadt, ok tobhe
Revision 1.87 / (download) - annotate - [select for diffs], Mon Jan 29 00:59:54 2024 UTC (4 months ago) by yasuoka
Branch: MAIN
Changes since 1.86: +9 -1 lines
Diff to previous 1.86 (colored)
Open /etc/{services,protocols} before pledge(2).
ok tobhe
Revision 1.86 / (download) - annotate - [select for diffs], Mon Oct 9 15:32:14 2023 UTC (7 months, 3 weeks ago) by tobhe
Branch: MAIN
Changes since 1.85: +126 -108 lines
Diff to previous 1.85 (colored)
Add pledge("stdio") before parsing pfkey messages. This applies to
ipsecctl -m and ipsecctl -s. Refactor ipsecctl_show_*() to setup all
sysctls first before dropping privileges and finally parsing and
printing IPsec SAs and flows.
feedback and ok mbuhl@
ok deraadt@
Revision 1.85 / (download) - annotate - [select for diffs], Tue Mar 7 17:43:59 2023 UTC (14 months, 3 weeks ago) by guenther
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.84: +1 -2 lines
Diff to previous 1.84 (colored)
Delete obsolete /* ARGSUSED1 */ lint comments. ok claudio@ cheloha@ krw@ deraadt@ miod@ millert@
Revision 1.84 / (download) - annotate - [select for diffs], Fri Sep 7 12:43:30 2018 UTC (5 years, 8 months ago) by kn
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.83: +4 -5 lines
Diff to previous 1.83 (colored)
Remove unnused af argument from unmask(), sync with pfctl Noted by jca, thanks. OK jca claudio
Revision 1.83 / (download) - annotate - [select for diffs], Mon Nov 20 10:51:24 2017 UTC (6 years, 6 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.82: +196 -8 lines
Diff to previous 1.82 (colored)
Support collapsing flow outputs. Makes it easier to check live status of complex setups. ok hshoexer@
Revision 1.82 / (download) - annotate - [select for diffs], Wed Apr 19 15:59:38 2017 UTC (7 years, 1 month ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.81: +8 -8 lines
Diff to previous 1.81 (colored)
Rename all SA groups to bundles consistently. The first kernel commit in 2000 that introduced the features already called them SA bundles. The word group is taken by Diffie-Hellman, reusing it causes confusion. OK hshoexer@
Revision 1.81 / (download) - annotate - [select for diffs], Thu Mar 2 17:44:32 2017 UTC (7 years, 3 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.80: +1 -4 lines
Diff to previous 1.80 (colored)
Now that the kernel provides information about IPsec SA bundles, print them by default. OK hshoexer@
Revision 1.80 / (download) - annotate - [select for diffs], Thu Dec 10 17:27:00 2015 UTC (8 years, 5 months ago) by mmcc
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.79: +16 -31 lines
Diff to previous 1.79 (colored)
Remove NULL-checks before free(). ok tb@
Revision 1.79 / (download) - annotate - [select for diffs], Fri Jan 16 06:39:58 2015 UTC (9 years, 4 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8,
OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.78: +1 -2 lines
Diff to previous 1.78 (colored)
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
Revision 1.78 / (download) - annotate - [select for diffs], Thu Nov 20 14:51:42 2014 UTC (9 years, 6 months ago) by krw
Branch: MAIN
Changes since 1.77: +1 -2 lines
Diff to previous 1.77 (colored)
Yet more #include de-duplication. ok deraadt@ tedu@
Revision 1.77 / (download) - annotate - [select for diffs], Thu Jul 5 09:02:20 2012 UTC (11 years, 10 months ago) by mikeb
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6,
OPENBSD_5_5_BASE,
OPENBSD_5_5,
OPENBSD_5_4_BASE,
OPENBSD_5_4,
OPENBSD_5_3_BASE,
OPENBSD_5_3,
OPENBSD_5_2_BASE,
OPENBSD_5_2
Changes since 1.76: +1 -3 lines
Diff to previous 1.76 (colored)
don't output "esn" string in the rule section as we can't use the keyword in the grammar to create a esn-enabled rule (no reason to do so for manual sa configuration). instead decode sa flags so that we can also watch changes happening in the realtime with the monitor mode. prompted and ok by naddy
Revision 1.76 / (download) - annotate - [select for diffs], Fri Jun 29 15:01:07 2012 UTC (11 years, 11 months ago) by mikeb
Branch: MAIN
Changes since 1.75: +4 -2 lines
Diff to previous 1.75 (colored)
Print esn flag when dumping SAs with ESN enabled
Revision 1.75 / (download) - annotate - [select for diffs], Tue Nov 8 16:49:32 2011 UTC (12 years, 6 months ago) by jmc
Branch: MAIN
CVS Tags: OPENBSD_5_1_BASE,
OPENBSD_5_1
Changes since 1.74: +2 -2 lines
Diff to previous 1.74 (colored)
- put -i in the right place - prevent an erroneous space in the formatting of -D
Revision 1.74 / (download) - annotate - [select for diffs], Tue Nov 8 13:26:06 2011 UTC (12 years, 6 months ago) by henning
Branch: MAIN
Changes since 1.73: +10 -4 lines
Diff to previous 1.73 (colored)
allow the path to isakmpd's fifo to be specified (aka changed) on the command line, ok mikeb sthen
Revision 1.73 / (download) - annotate - [select for diffs], Tue Jan 27 15:32:08 2009 UTC (15 years, 4 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_5_0_BASE,
OPENBSD_5_0,
OPENBSD_4_9_BASE,
OPENBSD_4_9,
OPENBSD_4_8_BASE,
OPENBSD_4_8,
OPENBSD_4_7_BASE,
OPENBSD_4_7,
OPENBSD_4_6_BASE,
OPENBSD_4_6,
OPENBSD_4_5_BASE,
OPENBSD_4_5
Changes since 1.72: +2 -2 lines
Diff to previous 1.72 (colored)
A warning text in ipsecctl was used twice. Make the messages unique for easier debugging. ok grunk@, hshoexer@, todd@
Revision 1.72 / (download) - annotate - [select for diffs], Tue Jan 20 14:36:19 2009 UTC (15 years, 4 months ago) by mpf
Branch: MAIN
Changes since 1.71: +3 -1 lines
Diff to previous 1.71 (colored)
Add support to isakmpd(8) and ipsecctl(8) to install SA's with a different source network than we have negotiated with a peer. This enables us to do nat/binat on the enc(4) interface. Very useful to work around rfc 1918 collisions. Manpage and testing by Mitja Muzenic. Thanks! OK hshoexer@, markus@. "I like it" todd@
Revision 1.71 / (download) - annotate - [select for diffs], Mon Jul 21 14:37:53 2008 UTC (15 years, 10 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_4_4_BASE,
OPENBSD_4_4
Changes since 1.70: +13 -7 lines
Diff to previous 1.70 (colored)
Free the rules in the rule_queue also if ipsecctl is called with the -n switch. This triggers malloc related bugs during the regress tests. ok hshoexer
Revision 1.70 / (download) - annotate - [select for diffs], Tue Jul 1 15:00:53 2008 UTC (15 years, 11 months ago) by bluhm
Branch: MAIN
Changes since 1.69: +3 -1 lines
Diff to previous 1.69 (colored)
Isakmpd acquire mode did not work with a config generated from ipsec.conf. The config created by isakmpd dynamically was different from the config that ipsecctl generated out of ipsec.conf. Both config formats are changed so that they match. One needs a passive ike line and a require flow line with the same parameters in the ipsec.conf. Then the acquire message generated by the kernel will trigger isakmpd to generate a config that matches the one that ipsecctl generated from the ike line. ok hshoexer, 'sounds good' todd
Revision 1.69 / (download) - annotate - [select for diffs], Sat Oct 13 16:35:18 2007 UTC (16 years, 7 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_4_3_BASE,
OPENBSD_4_3
Changes since 1.68: +2 -20 lines
Diff to previous 1.68 (colored)
in all these programs using the same pfctl-derived parse.y, re-unify the yylex implementation and the code which interacts with yylex. this also brings the future potential for include support to all of the parsers. in the future please do not silly modifications to one of these files without checking if you are de-unifying the code. checked by developers in all these areas.
Revision 1.68 / (download) - annotate - [select for diffs], Tue Aug 21 18:44:52 2007 UTC (16 years, 9 months ago) by hshoexer
Branch: MAIN
Changes since 1.67: +1 -2 lines
Diff to previous 1.67 (colored)
no need to include both sys/types.h and params.h
Revision 1.67 / (download) - annotate - [select for diffs], Mon Feb 19 08:50:43 2007 UTC (17 years, 3 months ago) by hshoexer
Branch: MAIN
CVS Tags: OPENBSD_4_2_BASE,
OPENBSD_4_2,
OPENBSD_4_1_BASE,
OPENBSD_4_1
Changes since 1.66: +3 -3 lines
Diff to previous 1.66 (colored)
do not display empty authkey/enckey line when -k option is not specified. ok markus@
Revision 1.66 / (download) - annotate - [select for diffs], Wed Jan 10 13:45:01 2007 UTC (17 years, 4 months ago) by jmc
Branch: MAIN
Changes since 1.65: +2 -2 lines
Diff to previous 1.65 (colored)
add -k to usage();
Revision 1.65 / (download) - annotate - [select for diffs], Wed Jan 3 12:17:43 2007 UTC (17 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.64: +8 -2 lines
Diff to previous 1.64 (colored)
do not print secret keys by default, -k restores old behaviour; ok hshoexer
Revision 1.64 / (download) - annotate - [select for diffs], Thu Nov 30 15:51:28 2006 UTC (17 years, 6 months ago) by markus
Branch: MAIN
Changes since 1.63: +7 -1 lines
Diff to previous 1.63 (colored)
handle multiple SAs with different same src/dst but different port; store IKE connection string and phase2 IDs in the ipsec rule; cleanup internal API: pass rules around instead of rule members; report Brian Candler; fix with hshoexer, msf; ok hshoexer
Revision 1.63 / (download) - annotate - [select for diffs], Fri Nov 10 14:49:49 2006 UTC (17 years, 6 months ago) by hshoexer
Branch: MAIN
Changes since 1.62: +19 -1 lines
Diff to previous 1.62 (colored)
When using -vv, also show grouped SAs.
Revision 1.62 / (download) - annotate - [select for diffs], Wed Nov 1 03:12:14 2006 UTC (17 years, 7 months ago) by mcbride
Branch: MAIN
Changes since 1.61: +2 -2 lines
Diff to previous 1.61 (colored)
KNF unrelated to previous commit.
Revision 1.61 / (download) - annotate - [select for diffs], Wed Nov 1 03:10:02 2006 UTC (17 years, 7 months ago) by mcbride
Branch: MAIN
Changes since 1.60: +9 -9 lines
Diff to previous 1.60 (colored)
Add support for aggressive mode (from the k2k6 IPsec hackathon). ok hshoexer
Revision 1.60 / (download) - annotate - [select for diffs], Tue Sep 19 21:29:47 2006 UTC (17 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.59: +39 -4 lines
Diff to previous 1.59 (colored)
sort SAs by spi; ok hshoexer
Revision 1.59 / (download) - annotate - [select for diffs], Thu Aug 31 19:01:16 2006 UTC (17 years, 9 months ago) by ho
Branch: MAIN
CVS Tags: OPENBSD_4_0_BASE,
OPENBSD_4_0
Changes since 1.58: +3 -3 lines
Diff to previous 1.58 (colored)
Security Association Database is abbreviated 'SAD' (RFC 2401 et al), not 'SADB'. jmc@, hshoexer@ ok.
Revision 1.58 / (download) - annotate - [select for diffs], Thu Jun 8 23:05:14 2006 UTC (17 years, 11 months ago) by hshoexer
Branch: MAIN
Changes since 1.57: +2 -2 lines
Diff to previous 1.57 (colored)
fix usage, make synopsis more pretty. noticed by david@
Revision 1.57 / (download) - annotate - [select for diffs], Fri Jun 2 18:04:17 2006 UTC (18 years ago) by hshoexer
Branch: MAIN
Changes since 1.56: +11 -7 lines
Diff to previous 1.56 (colored)
exit(2) when loading of rules did work partially. ok markus@
Revision 1.56 / (download) - annotate - [select for diffs], Fri Jun 2 09:37:34 2006 UTC (18 years ago) by markus
Branch: MAIN
Changes since 1.55: +3 -3 lines
Diff to previous 1.55 (colored)
add trailing \ when printing multiple lines for an SA, this way the output of ispecctl matches its input
Revision 1.55 / (download) - annotate - [select for diffs], Fri Jun 2 05:59:31 2006 UTC (18 years ago) by hshoexer
Branch: MAIN
Changes since 1.54: +9 -1 lines
Diff to previous 1.54 (colored)
allow to specify phase 1 and 2 lifetimes. Right now, these values can only be set globally (ie. Default-phase-[12]-lifetime).
Revision 1.54 / (download) - annotate - [select for diffs], Thu Jun 1 17:32:20 2006 UTC (18 years ago) by naddy
Branch: MAIN
Changes since 1.53: +23 -1 lines
Diff to previous 1.53 (colored)
Support flows with port modifiers for proto tcp/udp, e.g. flow proto udp from 1.2.3.4 port ntp to 5.6.7.8 ok hshoexer@ msf@
Revision 1.53 / (download) - annotate - [select for diffs], Thu Jun 1 16:41:38 2006 UTC (18 years ago) by hshoexer
Branch: MAIN
Changes since 1.52: +13 -7 lines
Diff to previous 1.52 (colored)
more to free, needed for SA grouping.
Revision 1.52 / (download) - annotate - [select for diffs], Thu Jun 1 16:13:01 2006 UTC (18 years ago) by markus
Branch: MAIN
Changes since 1.51: +1 -2 lines
Diff to previous 1.51 (colored)
convert pfkey to ipsec_rule and use ipsecctl_print_rule() when dumping the in-kernel SAs. this way we produce the same output as rule loading ok hshoexer
Revision 1.51 / (download) - annotate - [select for diffs], Thu Jun 1 15:47:26 2006 UTC (18 years ago) by hshoexer
Branch: MAIN
Changes since 1.50: +2 -1 lines
Diff to previous 1.50 (colored)
Prepare for SA grouping.
Revision 1.50 / (download) - annotate - [select for diffs], Thu Jun 1 06:20:30 2006 UTC (18 years ago) by todd
Branch: MAIN
Changes since 1.49: +2 -2 lines
Diff to previous 1.49 (colored)
correct error messages to match calloc where appropriate ok hshoexer@
Revision 1.49 / (download) - annotate - [select for diffs], Thu Jun 1 04:12:34 2006 UTC (18 years ago) by hshoexer
Branch: MAIN
Changes since 1.48: +4 -4 lines
Diff to previous 1.48 (colored)
rename list link for ipsec_rule structures from "entries" to "rule_entry".
Revision 1.48 / (download) - annotate - [select for diffs], Tue May 30 21:56:05 2006 UTC (18 years ago) by msf
Branch: MAIN
Changes since 1.47: +17 -2 lines
Diff to previous 1.47 (colored)
implement monitor mode for ipsecctl. worked on with markus@ ok hshoexer@
Revision 1.47 / (download) - annotate - [select for diffs], Mon May 29 18:43:36 2006 UTC (18 years ago) by hshoexer
Branch: MAIN
Changes since 1.46: +45 -39 lines
Diff to previous 1.46 (colored)
add ipsecctl_free_rule() for cleaning up rules.
Revision 1.46 / (download) - annotate - [select for diffs], Fri Mar 31 14:24:15 2006 UTC (18 years, 2 months ago) by hshoexer
Branch: MAIN
Changes since 1.45: +9 -12 lines
Diff to previous 1.45 (colored)
wenn dumping rules always show type, srcid and dstid (if set). ok reyk@
Revision 1.45 / (download) - annotate - [select for diffs], Fri Mar 31 13:13:51 2006 UTC (18 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.44: +25 -8 lines
Diff to previous 1.44 (colored)
allow specification of encapsulated protocol for flows; ok hshoexer
Revision 1.44 / (download) - annotate - [select for diffs], Thu Mar 30 12:44:20 2006 UTC (18 years, 2 months ago) by markus
Branch: MAIN
Changes since 1.43: +13 -1 lines
Diff to previous 1.43 (colored)
allow specification of outer local ips in flows (SADB_EXT_ADDRESS_SRC); ok hshoexer, reyk
Revision 1.43 / (download) - annotate - [select for diffs], Wed Mar 22 16:01:23 2006 UTC (18 years, 2 months ago) by reyk
Branch: MAIN
Changes since 1.42: +9 -4 lines
Diff to previous 1.42 (colored)
add support for macros in ipsec.conf(5). some bits have already been there. requested by david@ ok hshoexer@, msf@
Revision 1.42 / (download) - annotate - [select for diffs], Wed Feb 1 12:38:47 2006 UTC (18 years, 4 months ago) by hshoexer
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE,
OPENBSD_3_9
Changes since 1.41: +4 -2 lines
Diff to previous 1.41 (colored)
noted by lint: include <string.h> instead of <strings.h>, add tow ARGSUSED1
Revision 1.41 / (download) - annotate - [select for diffs], Tue Jan 17 05:39:23 2006 UTC (18 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.40: +3 -2 lines
Diff to previous 1.40 (colored)
wrap long lines (no binary change)
Revision 1.40 / (download) - annotate - [select for diffs], Mon Jan 16 23:57:20 2006 UTC (18 years, 4 months ago) by reyk
Branch: MAIN
Changes since 1.39: +6 -1 lines
Diff to previous 1.39 (colored)
add support for pre-shared keys with "ike esp" using the new keyword "psk". rsa-sig is recommended and will still be used by default. ok hshoexer@, manpage ok jmc@
Revision 1.39 / (download) - annotate - [select for diffs], Tue Dec 6 16:55:28 2005 UTC (18 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.38: +7 -3 lines
Diff to previous 1.38 (colored)
more appropriate error messages; ok hshoexer
Revision 1.38 / (download) - annotate - [select for diffs], Tue Dec 6 14:27:57 2005 UTC (18 years, 5 months ago) by markus
Branch: MAIN
Changes since 1.37: +3 -3 lines
Diff to previous 1.37 (colored)
ipip support: ip-in-ip w/o gif(4); ok hshoexer
Revision 1.37 / (download) - annotate - [select for diffs], Thu Dec 1 10:36:42 2005 UTC (18 years, 6 months ago) by hshoexer
Branch: MAIN
Changes since 1.36: +9 -5 lines
Diff to previous 1.36 (colored)
do not choke and dump core when printing bypass flows. noticed by jacob schlyter. Thanks!
Revision 1.36 / (download) - annotate - [select for diffs], Wed Nov 30 12:42:05 2005 UTC (18 years, 6 months ago) by hshoexer
Branch: MAIN
Changes since 1.35: +3 -2 lines
Diff to previous 1.35 (colored)
handle that pfkey_ipsec_flush() can fail.
Revision 1.35 / (download) - annotate - [select for diffs], Mon Nov 21 09:52:22 2005 UTC (18 years, 6 months ago) by hshoexer
Branch: MAIN
Changes since 1.34: +5 -1 lines
Diff to previous 1.34 (colored)
Fix memory leaks. From Andrey Matveev <evol at online dot ptt dot ru>, thanks!
Revision 1.34 / (download) - annotate - [select for diffs], Sun Nov 13 18:28:03 2005 UTC (18 years, 6 months ago) by hshoexer
Branch: MAIN
Changes since 1.33: +6 -1 lines
Diff to previous 1.33 (colored)
fclose() file descriptor of the rule file when we are done with it. From David Hill <dhill at mindcry dot org>, thanks!
Revision 1.33 / (download) - annotate - [select for diffs], Sat Nov 12 16:41:39 2005 UTC (18 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.32: +2 -4 lines
Diff to previous 1.32 (colored)
spacing
Revision 1.32 / (download) - annotate - [select for diffs], Sat Nov 12 12:00:53 2005 UTC (18 years, 6 months ago) by hshoexer
Branch: MAIN
Changes since 1.31: +5 -1 lines
Diff to previous 1.31 (colored)
handle transport/tunnel mode
Revision 1.31 / (download) - annotate - [select for diffs], Sun Nov 6 22:51:51 2005 UTC (18 years, 6 months ago) by hshoexer
Branch: MAIN
Changes since 1.30: +26 -9 lines
Diff to previous 1.30 (colored)
Improved address and address mask handling, derived from pfctl stuff.
Revision 1.30 / (download) - annotate - [select for diffs], Sun Nov 6 10:52:27 2005 UTC (18 years, 6 months ago) by hshoexer
Branch: MAIN
Changes since 1.29: +9 -10 lines
Diff to previous 1.29 (colored)
better handling of ip addresses, prepare for v6. Partially derived from diff by todd@. Work in progress.
Revision 1.29 / (download) - annotate - [select for diffs], Sun Oct 30 19:50:23 2005 UTC (18 years, 7 months ago) by hshoexer
Branch: MAIN
Changes since 1.28: +3 -1 lines
Diff to previous 1.28 (colored)
add support for ipcomp.
Revision 1.28 / (download) - annotate - [select for diffs], Fri Oct 28 07:18:47 2005 UTC (18 years, 7 months ago) by hshoexer
Branch: MAIN
Changes since 1.27: +4 -4 lines
Diff to previous 1.27 (colored)
more error message cleanup
Revision 1.27 / (download) - annotate - [select for diffs], Sun Oct 16 19:52:19 2005 UTC (18 years, 7 months ago) by hshoexer
Branch: MAIN
Changes since 1.26: +8 -8 lines
Diff to previous 1.26 (colored)
cleanup messages generated by err(3)
Revision 1.26 / (download) - annotate - [select for diffs], Mon Aug 22 17:26:46 2005 UTC (18 years, 9 months ago) by hshoexer
Branch: MAIN
CVS Tags: OPENBSD_3_8_BASE,
OPENBSD_3_8
Changes since 1.25: +23 -8 lines
Diff to previous 1.25 (colored)
Teach ipsecctl to control isakmpd. ok deraadt
Revision 1.25 / (download) - annotate - [select for diffs], Tue Aug 9 12:37:45 2005 UTC (18 years, 9 months ago) by hshoexer
Branch: MAIN
Changes since 1.24: +11 -5 lines
Diff to previous 1.24 (colored)
Rewrite handling of transforms. Now both ah and esp can be specified and validated correctly. Unbreaks ah.
Revision 1.24 / (download) - annotate - [select for diffs], Mon Aug 8 13:29:00 2005 UTC (18 years, 9 months ago) by hshoexer
Branch: MAIN
Changes since 1.23: +18 -3 lines
Diff to previous 1.23 (colored)
add crypto transforms and static keying rules
Revision 1.23 / (download) - annotate - [select for diffs], Mon Aug 8 09:15:09 2005 UTC (18 years, 9 months ago) by hshoexer
Branch: MAIN
Changes since 1.22: +9 -7 lines
Diff to previous 1.22 (colored)
prepare for static keying
Revision 1.22 / (download) - annotate - [select for diffs], Fri Aug 5 14:39:02 2005 UTC (18 years, 10 months ago) by hshoexer
Branch: MAIN
Changes since 1.21: +7 -7 lines
Diff to previous 1.21 (colored)
prepare for authentication and encryption keys, not used yet.
Revision 1.21 / (download) - annotate - [select for diffs], Wed Aug 3 15:27:01 2005 UTC (18 years, 10 months ago) by hshoexer
Branch: MAIN
Changes since 1.20: +9 -7 lines
Diff to previous 1.20 (colored)
be more careful when using struct ipsec_auth, might be NULL now.
Revision 1.20 / (download) - annotate - [select for diffs], Tue Aug 2 15:47:25 2005 UTC (18 years, 10 months ago) by hshoexer
Branch: MAIN
Changes since 1.19: +21 -15 lines
Diff to previous 1.19 (colored)
Make use of struct ipsec_auth dynamic. Do not pass IDs to kernel when deleting flows.
Revision 1.19 / (download) - annotate - [select for diffs], Sun Jul 24 10:06:38 2005 UTC (18 years, 10 months ago) by hshoexer
Branch: MAIN
Changes since 1.18: +4 -9 lines
Diff to previous 1.18 (colored)
prepare for combining SAs and flows in one single rule, no functional change yet.
Revision 1.18 / (download) - annotate - [select for diffs], Sat Jul 9 21:41:08 2005 UTC (18 years, 10 months ago) by hshoexer
Branch: MAIN
Changes since 1.17: +5 -3 lines
Diff to previous 1.17 (colored)
it's ok to not specify the key when deleting a tcpmd5 SA
Revision 1.17 / (download) - annotate - [select for diffs], Sat Jul 9 21:12:07 2005 UTC (18 years, 10 months ago) by hshoexer
Branch: MAIN
Changes since 1.16: +61 -14 lines
Diff to previous 1.16 (colored)
add support tcpmd5
Revision 1.16 / (download) - annotate - [select for diffs], Thu Jul 7 22:00:36 2005 UTC (18 years, 10 months ago) by hshoexer
Branch: MAIN
Changes since 1.15: +2 -2 lines
Diff to previous 1.15 (colored)
set flow type (use, require, etc.) when a rule is created. Up to now this was done while crafting the corresponding pfkey message.
Revision 1.15 / (download) - annotate - [select for diffs], Thu Jul 7 21:13:00 2005 UTC (18 years, 10 months ago) by hshoexer
Branch: MAIN
Changes since 1.14: +2 -1 lines
Diff to previous 1.14 (colored)
Do not mix rule types with flow types
Revision 1.14 / (download) - annotate - [select for diffs], Thu Jul 7 21:00:07 2005 UTC (18 years, 10 months ago) by hshoexer
Branch: MAIN
Changes since 1.13: +4 -2 lines
Diff to previous 1.13 (colored)
add type for rules; will need this for tcpmd5
Revision 1.13 / (download) - annotate - [select for diffs], Thu Jun 30 19:13:57 2005 UTC (18 years, 11 months ago) by hshoexer
Branch: MAIN
Changes since 1.12: +2 -2 lines
Diff to previous 1.12 (colored)
grmpf, forgot to add -d to usage()...
Revision 1.12 / (download) - annotate - [select for diffs], Thu Jun 30 19:05:27 2005 UTC (18 years, 11 months ago) by hshoexer
Branch: MAIN
Changes since 1.11: +15 -7 lines
Diff to previous 1.11 (colored)
add -d flag for flow deletion. Enable flow deletion.
Revision 1.11 / (download) - annotate - [select for diffs], Thu Jun 30 18:27:14 2005 UTC (18 years, 11 months ago) by hshoexer
Branch: MAIN
Changes since 1.10: +2 -2 lines
Diff to previous 1.10 (colored)
Prepare for flow deletion, no functional change yet.
Revision 1.10 / (download) - annotate - [select for diffs], Fri May 27 19:55:21 2005 UTC (19 years ago) by hshoexer
Branch: MAIN
Changes since 1.9: +5 -2 lines
Diff to previous 1.9 (colored)
show flow type (require, use, etc.)
Revision 1.9 / (download) - annotate - [select for diffs], Fri May 27 15:33:49 2005 UTC (19 years ago) by hshoexer
Branch: MAIN
Changes since 1.8: +9 -72 lines
Diff to previous 1.8 (colored)
use new sysctl to retrieve flow informations including IDs
Revision 1.8 / (download) - annotate - [select for diffs], Fri May 27 05:19:55 2005 UTC (19 years ago) by hshoexer
Branch: MAIN
Changes since 1.7: +115 -19 lines
Diff to previous 1.7 (colored)
Support for dumping the SADB.
Revision 1.7 / (download) - annotate - [select for diffs], Wed May 25 17:10:26 2005 UTC (19 years ago) by hshoexer
Branch: MAIN
Changes since 1.6: +2 -1 lines
Diff to previous 1.6 (colored)
prepare for new sysctl interface, not used yet
Revision 1.6 / (download) - annotate - [select for diffs], Mon May 23 22:48:17 2005 UTC (19 years ago) by kjell
Branch: MAIN
Changes since 1.5: +11 -7 lines
Diff to previous 1.5 (colored)
minor memset->bzero, clarify an error condition, and plug a leak. ok cloder@, unpronounceable@
Revision 1.5 / (download) - annotate - [select for diffs], Mon May 23 20:25:54 2005 UTC (19 years ago) by kjell
Branch: MAIN
Changes since 1.4: +12 -12 lines
Diff to previous 1.4 (colored)
tap. tap. is this thing on? KNF, Fix a typo in an ENUM, Xr to ipsec.conf no binary change ok hshoexer@
Revision 1.4 / (download) - annotate - [select for diffs], Tue Apr 12 06:57:36 2005 UTC (19 years, 1 month ago) by deraadt
Branch: MAIN
Changes since 1.3: +3 -5 lines
Diff to previous 1.3 (colored)
help option useless; any unused option does that
Revision 1.3 / (download) - annotate - [select for diffs], Tue Apr 5 07:14:00 2005 UTC (19 years, 2 months ago) by jmc
Branch: MAIN
Changes since 1.2: +2 -2 lines
Diff to previous 1.2 (colored)
cleanup; ok hshoexer@
Revision 1.2 / (download) - annotate - [select for diffs], Mon Apr 4 22:22:55 2005 UTC (19 years, 2 months ago) by hshoexer
Branch: MAIN
Changes since 1.1: +1 -1 lines
Diff to previous 1.1 (colored)
fix cvs id tags
Revision 1.1 / (download) - annotate - [select for diffs], Mon Apr 4 22:19:50 2005 UTC (19 years, 2 months ago) by hshoexer
Branch: MAIN
Add ipsecctl utility, work in progress ok deraadt