Age | Commit message (Collapse) | Author | |
---|---|---|---|
2004-06-21 | don't accept SADB_X_EXT_UDPENCAP if encapsulation is disabled; ok ho@ | Markus Friedl | |
2003-12-02 | UDP encapsulation for ESP in transport mode (draft-ietf-ipsec-udp-encaps-XX.txt) | Markus Friedl | |
ok deraadt@ | |||
2003-07-24 | conform to RFC2367 on SADB_xx naming (local name must be prefixed with | Jun-ichiro itojun Hagino | |
SADB_X_xx) | |||
2003-07-24 | hmac-sha2-{256,384,512} support in AH/ESP auth. markus ok | Jun-ichiro itojun Hagino | |
2003-02-16 | KNF | Theo de Raadt | |
2003-02-16 | KNF | Jason Wright | |
2003-02-15 | skeleton support for LZS compression | Jason Wright | |
2002-07-31 | fix potential NULL pointer deref. From: tedu <grendel@zeitbombe.org> | Jun-ichiro itojun Hagino | |
2002-06-07 | Add flow type arg to import_flow() | Hakan Olsson | |
2002-05-31 | Pass authentication information (if available) in ACQUIRE message. | Angelos D. Keromytis | |
2002-03-03 | Fix crashes associated with SADB_GET/SADB_DUMP --- memory was not | Angelos D. Keromytis | |
allocated on outgoing message for encryption/authentication keys --- from umaraghunath@hotmail.com | |||
2002-02-21 | Correctly initialize the compression case. | Angelos D. Keromytis | |
2002-01-23 | It looks like there has been one crack smoking and a few cut and pastes. | Artur Grabowski | |
PR_FREEHEADER should not be set in pool_init by the caller. It shouldn't be set in pool_init at all. Besides, it's going away soon anyway. | |||
2002-01-23 | Pool deals fairly well with physical memory shortage, but it doesn't deal | Artur Grabowski | |
well (not at all) with shortages of the vm_map where the pages are mapped (usually kmem_map). Try to deal with it: - group all information the backend allocator for a pool in a separate struct. The pool will only have a pointer to that struct. - change the pool_init API to reflect that. - link all pools allocating from the same allocator on a linked list. - Since an allocator is responsible to wait for physical memory it will only fail (waitok) when it runs out of its backing vm_map, carefully drain pools using the same allocator so that va space is freed. (see comments in code for caveats and details). - change pool_reclaim to return if it actually succeeded to free some memory, use that information to make draining easier and more efficient. - get rid of PR_URGENT, noone uses it. | |||
2001-08-05 | Actually, move the check inside the switch. | Angelos D. Keromytis | |
2001-08-05 | Only flush the policies if the message type is UNSPEC. | Angelos D. Keromytis | |
2001-07-06 | Indentation. | Hakan Olsson | |
2001-07-05 | IPComp. angelos@ ok. | Jean-Jacques Bernard-Gundol | |
2001-06-27 | Don't bzero() after doing a TAILQ_INIT()... | Angelos D. Keromytis | |
2001-06-27 | Initialize acquire state list in newly allocated policy. | Angelos D. Keromytis | |
2001-06-27 | Don't cache packets that hit policies -- we'll do that at the PCB for | Angelos D. Keromytis | |
local packets. | |||
2001-06-26 | Use pool(9) for IPsec policy structures. | Angelos D. Keromytis | |
2001-06-26 | Keep the PFKEY sequence number at the TDB, plus a little bit of KNF | Angelos D. Keromytis | |
2001-06-08 | Only delete/modify flows with the IPSP_POLICY_STATIC flag if the appropriate | Angelos D. Keromytis | |
flag is set in the protocol message. | |||
2001-06-08 | Trim some unnecessary includes. | Angelos D. Keromytis | |
2001-06-08 | Fork out some of the code in pfkeyv2.c to pfkeyv2_convert.c, to make | Angelos D. Keromytis | |
the former more managable/readable (an almost impossible task). | |||
2001-06-07 | On a pfkeyv2_get(), allocate enough room for the extra stuff we store | Angelos D. Keromytis | |
in the SA. | |||
2001-06-05 | repair copyright notices for NRL & cmetz; cmetz | Theo de Raadt | |
2001-06-05 | Make our pfkeyv2.h more RFC2367 compliant. Also fix some backwards | Niklas Hallqvist | |
compatibility problems in isakmpd, at least 2.8 stable can compile current isakmpd now. angelos@ ok | |||
2001-05-30 | MBOX->USERFQDN, noticed by markus@ | Angelos D. Keromytis | |
2001-05-30 | Import/export authentication information for SA. | Angelos D. Keromytis | |
2001-05-21 | Use a reference-counted structure for IPsec IDs and credentials, so we | Angelos D. Keromytis | |
can cheaply keep copies of them at the PCB. ok deraadt@ | |||
2001-05-05 | Use the new M_* malloc types | Angelos D. Keromytis | |
2001-03-28 | Allow tdbi's to appear in mbufs throughout the stack; this allows | Angelos D. Keromytis | |
security properties of the packets to be pushed up to the application (not done yet). Eventually, this will be turned into a packet attributes framework. Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS) does weird things with mbufs. | |||
2001-03-27 | Fix a problem with how TDB timeouts were used in pfkeyv2. | Artur Grabowski | |
When we allocated a tdb we did a timeout_add before a timeout_set. This was a problem in itself, but it shouldn't hurt too much. What did hurt was that we did a timeout_set after the timeout_add, timeout_set marked the timeout as not being on the timeout list and if we did a timeout_del (or timeout_add) later (before the timeout fired) we ended up with a chunk of freed memory on the timeout queue or maybe even dangling pointers (or a circular list). This should probably cure the timeout queue corruption some people were seeing lately. | |||
2001-03-15 | convert SA expirations to the new timeouts. | Michael Shalayeff | |
simplifies expirations handling a lot. tdb_exp_timeout and tdb_soft_timeout are made consistant throughout the code to be a relative time offsets, just like first_use timeouts. tested on singlehost isakmpd setup. lots of dangling spaces and tabs removed. angelos@ ok | |||
2001-03-04 | Import/export credentials from TDB. | Angelos D. Keromytis | |
2000-12-24 | Set sequence number to zero for last message in SADB_DUMP, close pr 1583. | Angelos D. Keromytis | |
2000-12-15 | send messages to all registered listeners. makes multiple keying daemons | Niels Provos | |
work. | |||
2000-12-14 | sync with pfkey rfc. you need to rebuild ipsecadm and isakmpd after this. | Niels Provos | |
okay angelos@ | |||
2000-11-17 | Missed this, from the previous commit. | Angelos D. Keromytis | |
2000-11-17 | *HMAC96->*HMAC | Angelos D. Keromytis | |
Also, sync with IANA -- closes PR 1508. | |||
2000-11-06 | Send the message to registered promiscuous listeners. | Angelos D. Keromytis | |
2000-10-14 | ASKPOLICY message; used by key management to inquire about policy | Angelos D. Keromytis | |
triggering an ACQUIRE. | |||
2000-10-09 | AES. | Angelos D. Keromytis | |
2000-10-09 | Properly cleanup IDs when resetting policy. | Angelos D. Keromytis | |
2000-09-29 | Don't use an SA payload for ADDFLOW/DELFLOW. | Angelos D. Keromytis | |
2000-09-21 | Correctly handle srcid/dstid. | Angelos D. Keromytis | |
2000-09-20 | Add IDENTITY payloads to flow establishment (and cleanup accordingly) | Angelos D. Keromytis | |
-- this will address one of itojun's question on how are IDs for IKE to be determined (need to add support for this to ipsecadm). | |||
2000-09-19 | SA bundles. | Angelos D. Keromytis | |