| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2001-08-05 | Actually, move the check inside the switch. | Angelos D. Keromytis | |
| 2001-08-05 | Only flush the policies if the message type is UNSPEC. | Angelos D. Keromytis | |
| 2001-07-06 | Indentation. | Hakan Olsson | |
| 2001-07-05 | IPComp. angelos@ ok. | Jean-Jacques Bernard-Gundol | |
| 2001-06-27 | Don't bzero() after doing a TAILQ_INIT()... | Angelos D. Keromytis | |
| 2001-06-27 | Initialize acquire state list in newly allocated policy. | Angelos D. Keromytis | |
| 2001-06-27 | Don't cache packets that hit policies -- we'll do that at the PCB for | Angelos D. Keromytis | |
| local packets. | |||
| 2001-06-26 | Use pool(9) for IPsec policy structures. | Angelos D. Keromytis | |
| 2001-06-26 | Keep the PFKEY sequence number at the TDB, plus a little bit of KNF | Angelos D. Keromytis | |
| 2001-06-08 | Only delete/modify flows with the IPSP_POLICY_STATIC flag if the appropriate | Angelos D. Keromytis | |
| flag is set in the protocol message. | |||
| 2001-06-08 | Trim some unnecessary includes. | Angelos D. Keromytis | |
| 2001-06-08 | Fork out some of the code in pfkeyv2.c to pfkeyv2_convert.c, to make | Angelos D. Keromytis | |
| the former more managable/readable (an almost impossible task). | |||
| 2001-06-07 | On a pfkeyv2_get(), allocate enough room for the extra stuff we store | Angelos D. Keromytis | |
| in the SA. | |||
| 2001-06-05 | repair copyright notices for NRL & cmetz; cmetz | Theo de Raadt | |
| 2001-06-05 | Make our pfkeyv2.h more RFC2367 compliant. Also fix some backwards | Niklas Hallqvist | |
| compatibility problems in isakmpd, at least 2.8 stable can compile current isakmpd now. angelos@ ok | |||
| 2001-05-30 | MBOX->USERFQDN, noticed by markus@ | Angelos D. Keromytis | |
| 2001-05-30 | Import/export authentication information for SA. | Angelos D. Keromytis | |
| 2001-05-21 | Use a reference-counted structure for IPsec IDs and credentials, so we | Angelos D. Keromytis | |
| can cheaply keep copies of them at the PCB. ok deraadt@ | |||
| 2001-05-05 | Use the new M_* malloc types | Angelos D. Keromytis | |
| 2001-03-28 | Allow tdbi's to appear in mbufs throughout the stack; this allows | Angelos D. Keromytis | |
| security properties of the packets to be pushed up to the application (not done yet). Eventually, this will be turned into a packet attributes framework. Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS) does weird things with mbufs. | |||
| 2001-03-27 | Fix a problem with how TDB timeouts were used in pfkeyv2. | Artur Grabowski | |
| When we allocated a tdb we did a timeout_add before a timeout_set. This was a problem in itself, but it shouldn't hurt too much. What did hurt was that we did a timeout_set after the timeout_add, timeout_set marked the timeout as not being on the timeout list and if we did a timeout_del (or timeout_add) later (before the timeout fired) we ended up with a chunk of freed memory on the timeout queue or maybe even dangling pointers (or a circular list). This should probably cure the timeout queue corruption some people were seeing lately. | |||
| 2001-03-15 | convert SA expirations to the new timeouts. | Michael Shalayeff | |
| simplifies expirations handling a lot. tdb_exp_timeout and tdb_soft_timeout are made consistant throughout the code to be a relative time offsets, just like first_use timeouts. tested on singlehost isakmpd setup. lots of dangling spaces and tabs removed. angelos@ ok | |||
| 2001-03-04 | Import/export credentials from TDB. | Angelos D. Keromytis | |
| 2000-12-24 | Set sequence number to zero for last message in SADB_DUMP, close pr 1583. | Angelos D. Keromytis | |
| 2000-12-15 | send messages to all registered listeners. makes multiple keying daemons | Niels Provos | |
| work. | |||
| 2000-12-14 | sync with pfkey rfc. you need to rebuild ipsecadm and isakmpd after this. | Niels Provos | |
| okay angelos@ | |||
| 2000-11-17 | Missed this, from the previous commit. | Angelos D. Keromytis | |
| 2000-11-17 | *HMAC96->*HMAC | Angelos D. Keromytis | |
| Also, sync with IANA -- closes PR 1508. | |||
| 2000-11-06 | Send the message to registered promiscuous listeners. | Angelos D. Keromytis | |
| 2000-10-14 | ASKPOLICY message; used by key management to inquire about policy | Angelos D. Keromytis | |
| triggering an ACQUIRE. | |||
| 2000-10-09 | AES. | Angelos D. Keromytis | |
| 2000-10-09 | Properly cleanup IDs when resetting policy. | Angelos D. Keromytis | |
| 2000-09-29 | Don't use an SA payload for ADDFLOW/DELFLOW. | Angelos D. Keromytis | |
| 2000-09-21 | Correctly handle srcid/dstid. | Angelos D. Keromytis | |
| 2000-09-20 | Add IDENTITY payloads to flow establishment (and cleanup accordingly) | Angelos D. Keromytis | |
| -- this will address one of itojun's question on how are IDs for IKE to be determined (need to add support for this to ipsecadm). | |||
| 2000-09-19 | SA bundles. | Angelos D. Keromytis | |
| 2000-09-19 | Still more careful with cleaning up. | Angelos D. Keromytis | |
| 2000-09-19 | Better cleanup on invalid ADDFLOW message. | Angelos D. Keromytis | |
| 2000-09-19 | SPD-driven IPsec. | Angelos D. Keromytis | |
| 2000-08-24 | Fix a problem when deleting a flow via -delete. This only affects flows | Federico G. Schwindt | |
| using -transport; found by riq@core-sdi.com, fix by angelos@. | |||
| 2000-08-08 | Big oops -- lucky us BLF and CAST are not used by anyone else (on the | Angelos D. Keromytis | |
| other hand, the problem would have been noticed much earlier) -- noticed by bugfix@163.net | |||
| 2000-03-26 | Add RCS ID. | Angelos D. Keromytis | |
| 2000-03-17 | Cryptographic services framework, and software "device driver". The | Angelos D. Keromytis | |
| idea is to support various cryptographic hardware accelerators (which may be (detachable) cards, secondary/tertiary/etc processors, software crypto, etc). Supports session migration between crypto devices. What it doesn't (yet) support: - multiple instances of the same algorithm used in the same session - use of multiple crypto drivers in the same session - asymmetric crypto No support for a userland device yet. IPsec code path modified to allow for asynchronous cryptography (callbacks used in both input and output processing). Some unrelated code simplification done in the process (especially for AH). Development of this code kindly supported by Network Security Technologies (NSTI). The code was writen mostly in Greece, and is being committed from Montreal. | |||
| 2000-01-27 | Merge "old" and "new" ESP and AH in two files (one for each). | Angelos D. Keromytis | |
| Fix a couple of buglets with ingress flow deletion. tcpdump on enc0 should now show all outgoing packets *before* being processed, and all incoming packets *after* being processed. Good to be in Canada (land of the free commits). | |||
| 2000-01-13 | Ingress flow support. | Angelos D. Keromytis | |
| 2000-01-12 | Major style cleanup for pfkeyv2.c | Angelos D. Keromytis | |
| 2000-01-10 | Remove unnecessary function prototype. | Angelos D. Keromytis | |
| 2000-01-09 | Use rt_maskedcopy() instead of handling netmasks manually. | Angelos D. Keromytis | |
| 2000-01-09 | Proper netmask handling. | Angelos D. Keromytis | |
| 1999-12-04 | IPv6 address support, get rid of the LOCALFLOW flag | Angelos D. Keromytis | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |