src - OpenBSD base system

Age	Commit message (Collapse)	Author
2010-07-03	Fix the naming of interfaces and variables for rdomains and rtables	Philip Guenthe
	and make it possible to bind sockets (including listening sockets!) to rtables and not just rdomains. This changes the name of the system calls, socket option, and ioctl. After building with this you should remove the files /usr/share/man/cat2/[gs]etrdomain.0. Since this removes the existing [gs]etrdomain() system calls, the libc major is bumped. Written by claudio@, criticized^Wcritiqued by me
2010-07-01	Allow to specify an alternative enc(4) interface for an SA. All	Reyk Floeter
	traffic for this SA will appear on the specified enc interface instead of enc0 and can be filtered and monitored separately. This will allow to group individual ipsec policies to virtual interfaces and simplifies monitoring and pf filtering with many ipsec policies a lot. This diff includes the following changes: - Store the enc interface unit (default 0) in the TDB of an SA and pass it to the enc_getif() lookup when running the bpf or pf_test() handlers. - Add the pfkey SADB_X_EXT_TAP extension to communicate the encX interface unit for a specified SA between userland and kernel. - Update enc(4) again to use an allocate array instead of the TAILQ to lookup the matching enc interface in enc_getif() quickly. Discussed with many, tested by a few, will need more testing & review. ok deraadt@
2010-07-01	We have to add enc0 to the "enc" interface group manually on boot.	Reyk Floeter
	Adopted from the loop lo0 code.
2010-06-29	Replace enc(4) with a new implementation as a cloner device. We still	Reyk Floeter
	create enc0 by default, but it is possible to add additional enc interfaces. This will be used later to allow alternative encs per policy or to have an enc per rdomain when IPsec becomes rdomain-aware. manpage bits ok jmc@ input from henning@ deraadt@ toby@ naddy@ ok henning@ claudio@
2010-04-09	encif is a global variable and thus pre-zeroed, don't bother bzero()ing	Owain Ainsworth
	it after the fact. ok henning@, claudio@
2007-12-20	return with ENOTTY instead of EINVAL for unknown ioctl requests.	Brad Smith
	ok claudio@ krw@ jason@ dlg@
2007-05-26	one extern seems to be better than 20 for ifqmaxlen; ok krw	Jason Wright

2006-12-12	ansify the enc code	Reyk Floeter
	ok otto@
2006-06-28	Kill unused encrtrequest(). OK markus@	Claudio Jeker

2006-03-04	With the exception of two other small uncommited diffs this moves	Brad Smith
	the remainder of the network stack from splimp to splnet. ok miod@
2005-06-08	no more netns handling for the various tunnel devices and loopback	Henning Brauer

2004-09-15	Kill more netiso ghosts.	Alexander Yurchenko
	ok millert@
2003-05-03	string fixes; tedu ok	Theo de Raadt

2002-06-30	allocate sockaddr_dl for ifnet in if_alloc_sadl(), as we don't always know	Jun-ichiro itojun Hagino
	the size of sockaddr_dl on if_attach() - for instance, see ether_ifattach(). from netbsd. fgs ok
2002-05-29	attach nd_ifinfo structure to if_afdata.	Jun-ichiro itojun Hagino
	split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
2002-03-14	First round of __P removal in sys	Todd C. Miller

2001-06-27	KNF	Niels Provos

2001-06-25	Copyright update.	Angelos D. Keromytis

2001-06-08	One more include cleanup, just to piss off Aaron :-)	Angelos D. Keromytis

2001-04-06	Move offsetof define into sys/param.h	Constantine Sapuntzakis

2000-12-30	For bridged IPsec, use the gif* interfaces.	Angelos D. Keromytis

2000-06-20	initialize mtu/hlim for enc interface at encattach().	Jun-ichiro itojun Hagino
	backgronud: inbound ipsec packet will have enc* as m->m_pkthdr.rcvif. when we try to reflect the packet back in the kernel (like icmp6 echo), we'd generate packet toward enc* interface. icmp6_reflect() will take hoplimit value from nd_ifinfo[enc*], which was not initialized by the old code. XXX the change to m->m_pkthdr.rcvif violates IPv6 scoped routing. we will need to disable it, for at least IPv6.
2000-04-18	Stats for bridge output too.	Angelos D. Keromytis

2000-04-18	Sanity check on dequeued mbufs, also keep track of correct interface	Angelos D. Keromytis
	for statistics purposes.
2000-04-12	Fix checksum for outgoing etherip/ipip packets from enc interfaces.	Angelos D. Keromytis

2000-04-10	Minor oops in sanity logic, IFF_RUNNING is set/unset with IFF_UP,	Angelos D. Keromytis
	be paranoid with uninitialized variable.
2000-04-10	output routine enqueues and calls start, rather than requeueing for input.	Angelos D. Keromytis

2000-04-10	Typo.	Angelos D. Keromytis

2000-04-10	SIOCAIFADDR.	Angelos D. Keromytis

2000-04-10	Allow setting address.	Angelos D. Keromytis

2000-04-08	If IFF_LINK0 is set, do IP-in-IP instead of Ethernet-in-IP. This will	Angelos D. Keromytis
	be used to implement overlay networks and more flexible road-warrior support.
2000-03-17	Cryptographic services framework, and software "device driver". The	Angelos D. Keromytis
	idea is to support various cryptographic hardware accelerators (which may be (detachable) cards, secondary/tertiary/etc processors, software crypto, etc). Supports session migration between crypto devices. What it doesn't (yet) support: - multiple instances of the same algorithm used in the same session - use of multiple crypto drivers in the same session - asymmetric crypto No support for a userland device yet. IPsec code path modified to allow for asynchronous cryptography (callbacks used in both input and output processing). Some unrelated code simplification done in the process (especially for AH). Development of this code kindly supported by Network Security Technologies (NSTI). The code was writen mostly in Greece, and is being committed from Montreal.
2000-02-07	fix include file path related to ip6.	Jun-ichiro itojun Hagino

2000-01-25	Ok, so setsoftnet is md.	Marc Espie
	Well, on the amiga, setsoftnet REQUIRES machine/cpu.h to work... and no include mentioned in those files pulls machine/cpu.h... Nit-fix: / * INET6 / -> / INET6 */
2000-01-15	Can't bind SAs to enc0	Angelos D. Keromytis

2000-01-07	Add missing IF_DROPs	Angelos D. Keromytis

2000-01-02	Properly handle non-IPSEC case.	Angelos D. Keromytis

1999-12-27	Add SRCSA and CLEARSA ioctls.	Angelos D. Keromytis

1999-12-27	Implement ioctls for binding SAs to enc interfaces (to be used with	Angelos D. Keromytis
	the bridge).
1999-11-02	Fix stupid typo/error that was causing the panics in post 2.6, found	Angelos D. Keromytis
	by art@
1999-10-29	Use enc_softc instead of ifnet for encif.	Angelos D. Keromytis

1999-07-05	remove bogus entry from if_enc address list; and rename enc_softc to encif	Theo de Raadt

1999-05-16	The enc interface should not be IFF_LOOPBACK, as AH and ESP uses that	Niklas Hallqvist
	as receiving interface for filtering
1998-06-28	indent	Theo de Raadt

1998-06-10	make the packets which were successfully processed by IPSec available to	Niels Provos
	bpf via the enc0 interface, using linktype DLT_ENC.
1998-05-18	first step to the setsockopt/getsockopt interface as described in	Niels Provos
	draft-mcdonald-simple-ipsec-api, kernel notifies (EMT_REQUESTSA) signal userland key management applications when security services are requested. this is only for outgoing connections at the moment, incoming packets are not yet checked against the selected socket policy.
1997-11-04	make it easier to add additional transforms. add blowfish and cast	Niels Provos
	encryption. some more info for kernfs/ipsec.
1997-07-11	put old esp/ah and new esp/ah in different files.	Niels Provos
	generalised way of handling transforms.
1997-07-01	major restructuring	Niels Provos

1997-02-27	BPF support ifdefed.	Angelos D. Keromytis