Age | Commit message (Collapse) | Author | |
---|---|---|---|
2001-06-27 | KNF | Niels Provos | |
2001-06-25 | Copyright update. | Angelos D. Keromytis | |
2001-06-08 | One more include cleanup, just to piss off Aaron :-) | Angelos D. Keromytis | |
2001-04-06 | Move offsetof define into sys/param.h | Constantine Sapuntzakis | |
2000-12-30 | For bridged IPsec, use the gif* interfaces. | Angelos D. Keromytis | |
2000-06-20 | initialize mtu/hlim for enc interface at encattach(). | Jun-ichiro itojun Hagino | |
backgronud: inbound ipsec packet will have enc* as m->m_pkthdr.rcvif. when we try to reflect the packet back in the kernel (like icmp6 echo), we'd generate packet toward enc* interface. icmp6_reflect() will take hoplimit value from nd_ifinfo[enc*], which was not initialized by the old code. XXX the change to m->m_pkthdr.rcvif violates IPv6 scoped routing. we will need to disable it, for at least IPv6. | |||
2000-04-18 | Stats for bridge output too. | Angelos D. Keromytis | |
2000-04-18 | Sanity check on dequeued mbufs, also keep track of correct interface | Angelos D. Keromytis | |
for statistics purposes. | |||
2000-04-12 | Fix checksum for outgoing etherip/ipip packets from enc interfaces. | Angelos D. Keromytis | |
2000-04-10 | Minor oops in sanity logic, IFF_RUNNING is set/unset with IFF_UP, | Angelos D. Keromytis | |
be paranoid with uninitialized variable. | |||
2000-04-10 | output routine enqueues and calls start, rather than requeueing for input. | Angelos D. Keromytis | |
2000-04-10 | Typo. | Angelos D. Keromytis | |
2000-04-10 | SIOCAIFADDR. | Angelos D. Keromytis | |
2000-04-10 | Allow setting address. | Angelos D. Keromytis | |
2000-04-08 | If IFF_LINK0 is set, do IP-in-IP instead of Ethernet-in-IP. This will | Angelos D. Keromytis | |
be used to implement overlay networks and more flexible road-warrior support. | |||
2000-03-17 | Cryptographic services framework, and software "device driver". The | Angelos D. Keromytis | |
idea is to support various cryptographic hardware accelerators (which may be (detachable) cards, secondary/tertiary/etc processors, software crypto, etc). Supports session migration between crypto devices. What it doesn't (yet) support: - multiple instances of the same algorithm used in the same session - use of multiple crypto drivers in the same session - asymmetric crypto No support for a userland device yet. IPsec code path modified to allow for asynchronous cryptography (callbacks used in both input and output processing). Some unrelated code simplification done in the process (especially for AH). Development of this code kindly supported by Network Security Technologies (NSTI). The code was writen mostly in Greece, and is being committed from Montreal. | |||
2000-02-07 | fix include file path related to ip6. | Jun-ichiro itojun Hagino | |
2000-01-25 | Ok, so setsoftnet is md. | Marc Espie | |
Well, on the amiga, setsoftnet *REQUIRES* machine/cpu.h to work... and no include mentioned in those files pulls machine/cpu.h... Nit-fix: / * INET6 */ -> /* INET6 */ | |||
2000-01-15 | Can't bind SAs to enc0 | Angelos D. Keromytis | |
2000-01-07 | Add missing IF_DROPs | Angelos D. Keromytis | |
2000-01-02 | Properly handle non-IPSEC case. | Angelos D. Keromytis | |
1999-12-27 | Add SRCSA and CLEARSA ioctls. | Angelos D. Keromytis | |
1999-12-27 | Implement ioctls for binding SAs to enc interfaces (to be used with | Angelos D. Keromytis | |
the bridge). | |||
1999-11-02 | Fix *stupid* typo/error that was causing the panics in post 2.6, found | Angelos D. Keromytis | |
by art@ | |||
1999-10-29 | Use enc_softc instead of ifnet for encif. | Angelos D. Keromytis | |
1999-07-05 | remove bogus entry from if_enc address list; and rename enc_softc to encif | Theo de Raadt | |
1999-05-16 | The enc interface should not be IFF_LOOPBACK, as AH and ESP uses that | Niklas Hallqvist | |
as receiving interface for filtering | |||
1998-06-28 | indent | Theo de Raadt | |
1998-06-10 | make the packets which were successfully processed by IPSec available to | Niels Provos | |
bpf via the enc0 interface, using linktype DLT_ENC. | |||
1998-05-18 | first step to the setsockopt/getsockopt interface as described in | Niels Provos | |
draft-mcdonald-simple-ipsec-api, kernel notifies (EMT_REQUESTSA) signal userland key management applications when security services are requested. this is only for outgoing connections at the moment, incoming packets are not yet checked against the selected socket policy. | |||
1997-11-04 | make it easier to add additional transforms. add blowfish and cast | Niels Provos | |
encryption. some more info for kernfs/ipsec. | |||
1997-07-11 | put old esp/ah and new esp/ah in different files. | Niels Provos | |
generalised way of handling transforms. | |||
1997-07-01 | major restructuring | Niels Provos | |
1997-02-27 | BPF support ifdefed. | Angelos D. Keromytis | |
1997-02-24 | OpenBSD tags + some prototyping police | Niklas Hallqvist | |
1997-02-20 | IPSEC package by John Ioannidis and Angelos D. Keromytis. Written in | Theo de Raadt | |
Greece. From ftp.funet.fi:/pub/unix/security/net/ip/BSDipsec.tar.gz |