wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

	Commit message (Collapse)	Author	Age	Files	Lines
*	SA group has been renamed to bundle. Adapt test.	bluhm	2017-04-19	3	-12/+12
\|
*	Add tests with the ipsec.conf SA bundle keyword.	bluhm	2017-04-14	5	-10/+44
\|
*	Add tests for SA grouped in bundles.	bluhm	2017-03-23	5	-2/+60
\|
*	Allow to override location of ipsecctl tool with IPSECCTL environment.	bluhm	2017-03-23	1	-10/+11
\| \| \| \|	Useful for development testing without make install.
*	Adjust for the new default MODP group	mikeb	2016-09-02	60	-1440/+1440
\|
*	Remove obsolete DES-CBC tests	mikeb	2016-09-02	12	-64/+0
\|
*	transform names cannot have commas	mikeb	2013-08-25	1	-56/+56
\|
*	transform names cannot have commas	mikeb	2013-08-25	1	-7/+7
\|
*	sync with transform-name-fix	markus	2012-09-17	61	-1401/+1401
\|
*	sync with recent ipsecctl changes/fixes	markus	2012-09-15	63	-222/+1845
\|
*	Rename "life" to "lifetime" to match iked.	lteo	2012-07-10	6	-6/+6
\| \| \| \|	ok mikeb naddy sthen; procedures ok henning
*	AES-CTR, AES-GCM, AES-GMAC are disallowed with manual SAs	naddy	2012-07-08	18	-66/+50
\|
*	update regress for non-crypto flow 'type use' case	deraadt	2011-07-06	2	-2/+2
\|
*	Retire Skipjack	mikeb	2010-10-06	12	-64/+0
\| \| \| \| \| \| \| \| \| \| \|	There's not much use for the declassified cipher from the 80's with a questionable license these days. According to the FIPS drafts, Skipjack reaches its EOL in December 2010. The libc portion will be removed after the ports hackathon. djm and thib agree, no objections from deraadt Thanks to jsg for digging up FIPS drafts.
*	Various comment typos. 'wether' -> 'whether' (most popular), 'possiblity' ->	krw	2010-05-10	1	-2/+2
\| \| \| \| \|	'possibility', 'optins' -> 'options', 'resposne' -> 'response', 'unecessary' -> 'unnecessary', 'desination' -> 'destination'. Collected from various misc@ and tech@ postings, many by Brad Tilley.
*	Add regress tests with IPv4 and IPv6 addresses for the srcid and/or dstid.	jsing	2009-08-04	13	-1/+158
\| \| \| \|	ok hshoexer@
*	If the "peer" address is not specified or derived from "to" for	bluhm	2009-01-30	3	-2/+122
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	"ike" rules in ipsec.conf, the default peer is used. In theory ipsecctl -f ipsec.conf can configure the default peer for each "ike" entry. As isakmpd only supports one default peer, the last "ike" rule that uses a default peer wins. This configuration is then significant for all "ike" rules that use the default peer. Now a warning is printed if a later rule in ipsec.conf changes the configuration of the original default peer. This should be an error but that would break existing user configs. So only a warning is printed. ok hshoexer@, todd@
*	Remove ikefail10 ipsecctl regression test as it always fails. It	bluhm	2009-01-29	3	-12/+2
\| \| \| \| \| \| \|	was expecting a certain parser error message. Accepting the ikefail10 config file is not considered to be a bug anymore. ok hshoexer@
*	Allow to specify ike and flow explicitly without peer. The any	bluhm	2009-01-28	5	-3/+68
\| \| \| \| \| \| \| \|	keyword as argument for the peer parameter will do that. An ike without peer creates the peer-default config. A flow without peer acquires a host-to-host SA. tested by grunk@, todd@, ok grunk@, hshoexer@, todd@
*	Regression tests for source flow NAT support.	mpf	2009-01-20	5	-3/+241
\| \| \| \|	OK hshoexer@, markus@.
*	Do not use "egress" keyword as it expands to an actual interface,	hshoexer	2009-01-19	2	-87/+33
\| \| \| \| \| \| \|	which might be different on different machines. Use some fixed addresses instead. pointed out and ok david@
*	add regression test for aes-{128,192,256} being used with main and quick	hshoexer	2008-12-22	3	-2/+113
\| \| \| \|	mode.
*	Adopt to recent change: /32 now is treated as a network address.	hshoexer	2008-12-22	1	-4/+6
\| \| \| \|	prodded by david@
*	Isakmpd acquire mode did not work with a config generated from	bluhm	2008-07-01	93	-1716/+1716
\| \| \| \| \| \| \| \| \| \| \| \| \|	ipsec.conf. The config created by isakmpd dynamically was different from the config that ipsecctl generated out of ipsec.conf. Both config formats are changed so that they match. One needs a passive ike line and a require flow line with the same parameters in the ipsec.conf. Then the acquire message generated by the kernel will trigger isakmpd to generate a config that matches the one that ipsecctl generated from the ike line. ok hshoexer, 'sounds good' todd
*	If multiple to addresses but no peer are given in an ike or flow	bluhm	2008-07-01	15	-24/+44
\| \| \| \| \| \| \|	rule, the current to address is taken as peer during expansion. This makes the broken regress test ikefail7 obsolete as address family mismatch cannot happen anymore. ok hshoexer
*	Add a regression test for handling addresses with trailing '/32' and address	hshoexer	2008-01-04	3	-2/+21
\| \| \| \|	type IPV4_ADDR.
*	Add new "reached end of file while parsing quoted string" as expected	hshoexer	2007-10-15	2	-0/+2
\| \| \| \|	error message.
*	both 'proto 50' and 'proto esp' must work in flow specifications	markus	2007-07-03	2	-0/+6
\|
*	Do not crash when lists include the "any" keyword. Reported by	hshoexer	2007-05-10	3	-2/+60
\| \| \| \| \| \| \| \|	<ralf.horstmann at gmx.net>, thanks! Slightly different fix. Also add a regression test. ok mpf@
*	move autodetection of the ID type to the parser. this way the	markus	2007-03-16	3	-2/+83
\| \| \| \|	static flows have the correct ID, too. ok hshoexer, reyk
*	We switched to aes cbc quite some time ago, so also use the correct	hshoexer	2007-03-14	12	-20/+20
\| \| \| \| \| \| \|	key sizes here, too. We now have to use 128 bit key instead of 160. Noticed by david@
*	add a test for null encryption	hshoexer	2007-02-19	2	-0/+8
\|
*	we have to use '-k' now to show keys.	hshoexer	2007-02-19	1	-3/+3
\|
*	previous commit to parse.y was undone. adopt these two regression tests.	hshoexer	2007-02-19	2	-2/+2
\|
*	Adopt to recent change in parse.y (do not accept '\n' in quoted	hshoexer	2007-02-16	3	-3/+3
\| \| \| \|	strings). The syntax error is now reported at the correct line.
*	allow rule if there is at least _one_ matching address family combination.	markus	2007-01-10	3	-2/+8
\| \| \| \| \|	this allows 'flow from lo0 to 127.0.0.1' if lo0 has an ipv6 address. ok itojun@, hshoexer@
*	don't pass -1 as a netmask; report vicviq at gmail.com	markus	2007-01-04	3	-2/+21
\|
*	wrong rid for protocol	markus	2006-11-30	5	-5/+5
\|
*	sync: rmv to unregister ipsec connections	markus	2006-11-30	40	-0/+65
\|
*	sync: proto/port in lid/rid/connection	markus	2006-11-30	9	-87/+87
\|
*	fix typo for remote port; from Brian Candler	markus	2006-11-24	1	-1/+1
\|
*	sync	markus	2006-11-21	40	-349/+0
\|
*	add comment on how to update the *.ok files; ok hshoexer@	markus	2006-11-16	1	-1/+2
\|
*	Update to match improved address family check.	mcbride	2006-11-13	6	-7/+7
\|
*	Adjust existing ikedel tests for aggressive mode support (we now	mcbride	2006-11-01	39	-0/+63
\| \| \| \|	delete both mainmode and aggressive mode phase 1 transforms)
*	Remove bogus input line.	hshoexer	2006-10-31	2	-3/+1
\|
*	Add some regression tests for odd ipsecctl behaviour noticed by	hshoexer	2006-10-31	11	-2/+52
\| \| \| \| \|	Prabhu Gurumurt. Test ikefail10 should fail, but does not and needs to be fixed.
*	Test for an as yet unresolved problem:	naddy	2006-08-29	3	-2/+6
\| \| \| \| \| \| \|	If list expansion produces peer pairings between different address families, this should be an error. Suggested by and ok hshoexer@
*	Add support for IKE AH rules to ipsecctl. Man page input by jmc@.	naddy	2006-08-29	9	-3/+78
\| \| \| \|	ok hshoexer@
*	tests similar to ike49 and ike50, but with ipv6 addresses.	hshoexer	2006-07-21	5	-2/+44
\|