summaryrefslogtreecommitdiff
path: root/sys/net/if_enc.c
AgeCommit message (Collapse)Author
2001-06-27KNFNiels Provos
2001-06-25Copyright update.Angelos D. Keromytis
2001-06-08One more include cleanup, just to piss off Aaron :-)Angelos D. Keromytis
2001-04-06Move offsetof define into sys/param.hConstantine Sapuntzakis
2000-12-30For bridged IPsec, use the gif* interfaces.Angelos D. Keromytis
2000-06-20initialize mtu/hlim for enc interface at encattach().Jun-ichiro itojun Hagino
backgronud: inbound ipsec packet will have enc* as m->m_pkthdr.rcvif. when we try to reflect the packet back in the kernel (like icmp6 echo), we'd generate packet toward enc* interface. icmp6_reflect() will take hoplimit value from nd_ifinfo[enc*], which was not initialized by the old code. XXX the change to m->m_pkthdr.rcvif violates IPv6 scoped routing. we will need to disable it, for at least IPv6.
2000-04-18Stats for bridge output too.Angelos D. Keromytis
2000-04-18Sanity check on dequeued mbufs, also keep track of correct interfaceAngelos D. Keromytis
for statistics purposes.
2000-04-12Fix checksum for outgoing etherip/ipip packets from enc interfaces.Angelos D. Keromytis
2000-04-10Minor oops in sanity logic, IFF_RUNNING is set/unset with IFF_UP,Angelos D. Keromytis
be paranoid with uninitialized variable.
2000-04-10output routine enqueues and calls start, rather than requeueing for input.Angelos D. Keromytis
2000-04-10Typo.Angelos D. Keromytis
2000-04-10SIOCAIFADDR.Angelos D. Keromytis
2000-04-10Allow setting address.Angelos D. Keromytis
2000-04-08If IFF_LINK0 is set, do IP-in-IP instead of Ethernet-in-IP. This willAngelos D. Keromytis
be used to implement overlay networks and more flexible road-warrior support.
2000-03-17Cryptographic services framework, and software "device driver". TheAngelos D. Keromytis
idea is to support various cryptographic hardware accelerators (which may be (detachable) cards, secondary/tertiary/etc processors, software crypto, etc). Supports session migration between crypto devices. What it doesn't (yet) support: - multiple instances of the same algorithm used in the same session - use of multiple crypto drivers in the same session - asymmetric crypto No support for a userland device yet. IPsec code path modified to allow for asynchronous cryptography (callbacks used in both input and output processing). Some unrelated code simplification done in the process (especially for AH). Development of this code kindly supported by Network Security Technologies (NSTI). The code was writen mostly in Greece, and is being committed from Montreal.
2000-02-07fix include file path related to ip6.Jun-ichiro itojun Hagino
2000-01-25Ok, so setsoftnet is md.Marc Espie
Well, on the amiga, setsoftnet *REQUIRES* machine/cpu.h to work... and no include mentioned in those files pulls machine/cpu.h... Nit-fix: / * INET6 */ -> /* INET6 */
2000-01-15Can't bind SAs to enc0Angelos D. Keromytis
2000-01-07Add missing IF_DROPsAngelos D. Keromytis
2000-01-02Properly handle non-IPSEC case.Angelos D. Keromytis
1999-12-27Add SRCSA and CLEARSA ioctls.Angelos D. Keromytis
1999-12-27Implement ioctls for binding SAs to enc interfaces (to be used withAngelos D. Keromytis
the bridge).
1999-11-02Fix *stupid* typo/error that was causing the panics in post 2.6, foundAngelos D. Keromytis
by art@
1999-10-29Use enc_softc instead of ifnet for encif.Angelos D. Keromytis
1999-07-05remove bogus entry from if_enc address list; and rename enc_softc to encifTheo de Raadt
1999-05-16The enc interface should not be IFF_LOOPBACK, as AH and ESP uses thatNiklas Hallqvist
as receiving interface for filtering
1998-06-28indentTheo de Raadt
1998-06-10make the packets which were successfully processed by IPSec available toNiels Provos
bpf via the enc0 interface, using linktype DLT_ENC.
1998-05-18first step to the setsockopt/getsockopt interface as described inNiels Provos
draft-mcdonald-simple-ipsec-api, kernel notifies (EMT_REQUESTSA) signal userland key management applications when security services are requested. this is only for outgoing connections at the moment, incoming packets are not yet checked against the selected socket policy.
1997-11-04make it easier to add additional transforms. add blowfish and castNiels Provos
encryption. some more info for kernfs/ipsec.
1997-07-11put old esp/ah and new esp/ah in different files.Niels Provos
generalised way of handling transforms.
1997-07-01major restructuringNiels Provos
1997-02-27BPF support ifdefed.Angelos D. Keromytis
1997-02-24OpenBSD tags + some prototyping policeNiklas Hallqvist
1997-02-20IPSEC package by John Ioannidis and Angelos D. Keromytis. Written inTheo de Raadt
Greece. From ftp.funet.fi:/pub/unix/security/net/ip/BSDipsec.tar.gz