summaryrefslogtreecommitdiff
path: root/sys/net/pfkeyv2_convert.c
AgeCommit message (Collapse)Author
2006-11-24add support to tag ipsec traffic belonging to specific IKE-initiatedReyk Floeter
phase 2 traffic. this allows policy-based filtering of encrypted and unencrypted ipsec traffic with pf(4). see ipsec.conf(5) and isakmpd.conf(5) for details and examples. this is work in progress and still needs some testing and feedback, but it is safe to put it in now. ok hshoexer@
2006-06-01observed by Naddy, found by claudio, strange constructs require strange definesTodd T. Fries
.. fixes proto display for the non zero case ok claudio@
2006-05-30with Naddy prodding, claudio's peril sensitive glasses turning black, andTodd T. Fries
msf@'s assistance with hexdumping, this bug was found. do NOT access the wrong union member (sockaddr_in) when using v6 addresses this fixes output errors when displaying v6 encap routes for ipsecctl, route, and recently netstat ok hshoexer@ markus@ claudio@ naddy@
2005-05-27Convert IPSP_IPSEC_x to SADB_X_FLOW_TYPE_x. hshoexer@ ok.Hakan Olsson
2005-05-27Add export_flow()Hans-Joerg Hoexer
ok ho markus
2005-05-25AESCTR support for ESP (RFC 3686); ok hshoexerMarkus Friedl
2005-05-24Better SA state reporting. markus@, hshoexer@ ok.Hakan Olsson
2005-05-10support NULL encryption for ESP; ok hshoexer, hoMarkus Friedl
2004-08-10Add SADB_X_EXT_LIFETIME_LASTUSE for use with isakmpd/DPD, adding thisHakan Olsson
extends the bitmap to 64bits. Also repair SADB_GET. hshoexer@ ok.
2004-06-24This moves access to wall and uptime variables in MI code,Thorsten Lockert
encapsulating all such access into wall-defined functions that makes sure locking is done as needed. It also cleans up some uses of wall time vs. uptime some places, but there is sure to be more of these needed as well, particularily in MD code. Also, many current calls to microtime() should probably be changed to getmicrotime(), or to the {,get}microuptime() versions. ok art@ deraadt@ aaron@ matthieu@ beck@ sturm@ millert@ others "Oh, that is not your problem!" from miod@
2004-06-21make it possble to use IPsec over link-local address (policy table usesJun-ichiro itojun Hagino
sin6_scope_id, IPsec porion uses embedded form). beck ok
2003-12-02UDP encapsulation for ESP in transport mode (draft-ietf-ipsec-udp-encaps-XX.txt)Markus Friedl
ok deraadt@
2003-07-24conform to RFC2367 on SADB_xx naming (local name must be prefixed withJun-ichiro itojun Hagino
SADB_X_xx)
2003-07-24hmac-sha2-{256,384,512} support in AH/ESP auth. markus okJun-ichiro itojun Hagino
2003-02-23typo in export_auth; ok ho@Markus Friedl
2003-02-16KNFTheo de Raadt
2003-02-15skeleton support for LZS compressionJason Wright
2002-06-09Export compression info only if the SA (xform) is initialized.Angelos D. Keromytis
2002-06-07Detect wrap-around of timeout and set it to its maximum value. HackyAngelos D. Keromytis
way of getting the max value attributed to millert@
2002-06-07Add flow type arg to import_flow()Hakan Olsson
2002-06-07While src is rarely NULL, ssrc might be. Fixes PR#2721.Hakan Olsson
2002-05-31Move code out of pfkeyv2.c into import_flow()Angelos D. Keromytis
2001-12-12Remember to add the current time...problem noticed by ho@Angelos D. Keromytis
2001-12-06Use hzto() to handle overflow of (hz * timeout) cases --- when usingAngelos D. Keromytis
extremely long SA expirations.
2001-07-05IPComp. angelos@ ok.Jean-Jacques Bernard-Gundol
2001-06-26KNFAngelos D. Keromytis
2001-06-25Copyright update.Angelos D. Keromytis
2001-06-23merge crypto/crypto{dev,}.h to crypto/cryptodev.h, to avoid name conflicts ↵Theo de Raadt
inside OpenSSL codebase
2001-06-08Fork out some of the code in pfkeyv2.c to pfkeyv2_convert.c, to makeAngelos D. Keromytis
the former more managable/readable (an almost impossible task).