summaryrefslogtreecommitdiff
path: root/sys/net/pfkeyv2.h
AgeCommit message (Collapse)Author
2006-11-24add support to tag ipsec traffic belonging to specific IKE-initiatedReyk Floeter
phase 2 traffic. this allows policy-based filtering of encrypted and unencrypted ipsec traffic with pf(4). see ipsec.conf(5) and isakmpd.conf(5) for details and examples. this is work in progress and still needs some testing and feedback, but it is safe to put it in now. ok hshoexer@
2005-05-27Use export_flow() to wrap policies retrieved via sysctl in pfkey messageHans-Joerg Hoexer
ok ho markus
2005-05-25AESCTR support for ESP (RFC 3686); ok hshoexerMarkus Friedl
2005-04-04Add sysctl for dumping the SPDHans-Joerg Hoexer
ok deraadt, ok markus some time ago
2004-11-26implement net.key.v2.sadb_dump.{unspec,esp,ah,...} sysctl subtreeMarkus Friedl
and use sysctl for 'ipsecadm show'; ok deraadt
2004-08-10Add SADB_X_EXT_LIFETIME_LASTUSE for use with isakmpd/DPD, adding thisHakan Olsson
extends the bitmap to 64bits. Also repair SADB_GET. hshoexer@ ok.
2004-01-27don't convert tcpmd5 to ip-over-ip in SADB_X_GETSPROTO; from hshoexerMarkus Friedl
2003-12-02UDP encapsulation for ESP in transport mode (draft-ietf-ipsec-udp-encaps-XX.txt)Markus Friedl
ok deraadt@
2003-07-24conform to RFC2367 on SADB_xx naming (local name must be prefixed withJun-ichiro itojun Hagino
SADB_X_xx)
2003-02-24SADB_X_CALG_MAX is supposed to be the highest numbered supported algorithmJason Wright
(prevents a crash in the debugging code in pfkeyv2_parsemessage.c)
2003-02-16KNFTheo de Raadt
2003-02-16KNFJason Wright
2003-02-15s/LSZ/LZS (consistent with linux and isakmpd *.cst)Jason Wright
2002-06-07Add flow type arg to import_flow()Hakan Olsson
2002-05-31import_flow() prototypeAngelos D. Keromytis
2001-12-18NRL license cleaningTheo de Raadt
2001-07-05$OpenBSD$ tagAngelos D. Keromytis
2001-07-05Include files for IPComp support. angelos@ ok.Jean-Jacques Bernard-Gundol
2001-06-09By popular demand, protect from multiple inclusion, and fix to use theAngelos D. Keromytis
same naming style.
2001-06-08Flag field for flows.Angelos D. Keromytis
2001-06-08Fork out some of the code in pfkeyv2.c to pfkeyv2_convert.c, to makeAngelos D. Keromytis
the former more managable/readable (an almost impossible task).
2001-06-05Make our pfkeyv2.h more RFC2367 compliant. Also fix some backwardsNiklas Hallqvist
compatibility problems in isakmpd, at least 2.8 stable can compile current isakmpd now. angelos@ ok
2001-05-30Add comments on what the credential types are.Angelos D. Keromytis
2001-05-30MBOX->USERFQDN, noticed by markus@Angelos D. Keromytis
2001-05-30Import/export authentication information for SA.Angelos D. Keromytis
2001-05-30Add AUTH payload.Angelos D. Keromytis
2001-05-05Use the new M_* malloc typesAngelos D. Keromytis
2001-03-28Allow tdbi's to appear in mbufs throughout the stack; this allowsAngelos D. Keromytis
security properties of the packets to be pushed up to the application (not done yet). Eventually, this will be turned into a packet attributes framework. Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS) does weird things with mbufs.
2001-03-04Import/export credentials from TDB.Angelos D. Keromytis
2000-12-14sync with pfkey rfc. you need to rebuild ipsecadm and isakmpd after this.Niels Provos
okay angelos@
2000-11-18Update list of algorithms (hshoexer@rommelwood.de)Angelos D. Keromytis
2000-11-17*HMAC96->*HMACAngelos D. Keromytis
Also, sync with IANA -- closes PR 1508.
2000-11-11CAST128 should be 6 (again itojun@openbsd.org)Angelos D. Keromytis
2000-11-11AES should be 12 (from IANA) -- itojun@openbsd.orgAngelos D. Keromytis
Note that you have to recompile ipsecadm and isakmpd if you use a new kernel.
2000-11-09Conform to RFC 2367 numbering (hshoexer@rommelwood.de)Angelos D. Keromytis
2000-10-14ASKPOLICY message; used by key management to inquire about policyAngelos D. Keromytis
triggering an ACQUIRE.
2000-10-09AES number.Angelos D. Keromytis
2000-09-19SA bundles.Angelos D. Keromytis
2000-09-19SPD-driven IPsec.Angelos D. Keromytis
2000-01-27Merge "old" and "new" ESP and AH in two files (one for each).Angelos D. Keromytis
Fix a couple of buglets with ingress flow deletion. tcpdump on enc0 should now show all outgoing packets *before* being processed, and all incoming packets *after* being processed. Good to be in Canada (land of the free commits).
2000-01-13Ingress flow support.Angelos D. Keromytis
2000-01-12Major style cleanup for pfkeyv2.cAngelos D. Keromytis
2000-01-10externalize pfkeyv2_acquire()Angelos D. Keromytis
1999-12-04IPv6 address support, get rid of the LOCALFLOW flagAngelos D. Keromytis
1999-11-04New SADB_SATYPE, IPsec bypass tdb.Hakan Olsson
1999-07-06Added support for TCP MD5 option (RFC 2385).cmetz
1999-07-02rename SADB_foo_X_bar to SADB_X_foo_barTheo de Raadt
1999-03-31Implement SADB_SAFLAGS_X_REPLACEFLOWNiklas Hallqvist
1999-03-27add SADB_X_BINDSA to pfkey allowing incoming SAs to refer to an outgoingNiels Provos
SA to be used, use this SA in ip_output if available. allow mobile road warriors for bind SAs with wildcard dst and src addresses. check IPSEC AUTH and ESP level when receiving packets, drop them if protection is insufficient. add stats to show dropped packets because of insufficient IPSEC protection. -- phew. this was all done in canada. dugsong and linh provided the ride and company.
1999-03-24Implement lifetime expiration notifications. Fix some typos. Remove statics.Niklas Hallqvist