summaryrefslogtreecommitdiff
path: root/sys/net
AgeCommit message (Collapse)Author
2001-06-11sync w/ netbsdMichael Shalayeff
2001-06-09Not needed anymore.Angelos D. Keromytis
2001-06-09Include cleanup.Angelos D. Keromytis
2001-06-09Include cleanupAngelos D. Keromytis
2001-06-09These don't need net_osdep.hAngelos D. Keromytis
2001-06-09Whitespace cleanup.Angelos D. Keromytis
2001-06-09By popular demand, protect from multiple inclusion, and fix to use theAngelos D. Keromytis
same naming style.
2001-06-08Only delete/modify flows with the IPSP_POLICY_STATIC flag if the appropriateAngelos D. Keromytis
flag is set in the protocol message.
2001-06-08Flag field for flows.Angelos D. Keromytis
2001-06-08Unneeded, ok itojun@Angelos D. Keromytis
2001-06-08Move ifpromisc() from bpf.c to if.c, include cleanup.Angelos D. Keromytis
2001-06-08Cut down on include files, although I think this file should just goAngelos D. Keromytis
-- it serves no purpose at all.
2001-06-08One more include cleanup, just to piss off Aaron :-)Angelos D. Keromytis
2001-06-08Yet more include file cleanup.Angelos D. Keromytis
2001-06-08Trim some unnecessary includes.Angelos D. Keromytis
2001-06-08Fork out some of the code in pfkeyv2.c to pfkeyv2_convert.c, to makeAngelos D. Keromytis
the former more managable/readable (an almost impossible task).
2001-06-07On a pfkeyv2_get(), allocate enough room for the extra stuff we storeAngelos D. Keromytis
in the SA.
2001-06-07use faster arc4random() instead of get_random_bytes(); jason@ okMichael Shalayeff
2001-06-06in bridge_filter(), pullup hlen, not sizeof(struct ip); ok jason@jasoni
2001-06-05Allow boot -c to change number of gre devices. -moj ok angelos@Mats O Jansson
2001-06-05repair copyright notices for NRL & cmetz; cmetzTheo de Raadt
2001-06-05Make our pfkeyv2.h more RFC2367 compliant. Also fix some backwardsNiklas Hallqvist
compatibility problems in isakmpd, at least 2.8 stable can compile current isakmpd now. angelos@ ok
2001-06-04if_up() requires splnet(). sync with kameJun-ichiro itojun Hagino
2001-06-04adjust routing socket message (kernel -> user) to the right size.Jun-ichiro itojun Hagino
with old code we may see junk at the end. sync with kame, 4.4BSD bug.
2001-06-01Don't let packets that need IPsec crypto processing at the NIC beAngelos D. Keromytis
bridge-broadcast; rather, turn off offloading for now. The IPsec stack will do its own crypto for subsequent packets, which will be broadcast. Once the bridge knows which interface to send packets for that MAC to, if that interface supports IPsec offloading it'll turn it back on.
2001-05-30Add comments on what the credential types are.Angelos D. Keromytis
2001-05-30MBOX->USERFQDN, noticed by markus@Angelos D. Keromytis
2001-05-30Import/export authentication information for SA.Angelos D. Keromytis
2001-05-30Check the LOCAL_AUTH payload.Angelos D. Keromytis
2001-05-30Add AUTH payload.Angelos D. Keromytis
2001-05-30Remove ipf. Darren Reed has interpreted his (old, new, whichever)Theo de Raadt
licence in a way that makes ipf not free according to the rules we established over 5 years ago, at www.openbsd.org/goals.html (and those same basic rules govern the other *BSD projects too). Specifically, Darren says that modified versions are not permitted. But software which OpenBSD uses and redistributes must be free to all (be they people or companies), for any purpose they wish to use it, including modification, use, peeing on, or even integration into baby mulching machines or atomic bombs to be dropped on Australia. Furthermore, we know of a number of companies using ipf with modification like us, who are now in the same situation, and we hope that some of them will work with us to fill this gap that now exists in OpenBSD (temporarily, we hope).
2001-05-28add BIOC[GS]HDRCMPLT ioctl for BPF, to disable overwriting of link level ↵Dug Song
source address in forged frames. from NetBSD. art@ok
2001-05-28IPSECv4 -> IPSECAngelos D. Keromytis
2001-05-28Copy the packet header only if the original mbuf had a packet headerAngelos D. Keromytis
(just general paranoia).
2001-05-28No need for separate ESP/AH interface capabilities.Angelos D. Keromytis
2001-05-28Interface capabilities (based on NetBSD, but merge ethercom and ifnetAngelos D. Keromytis
capabilities into one, in the ifp).
2001-05-27Initialize old mbuf chain head tags.Angelos D. Keromytis
2001-05-27Fixup tags on old mbuf chain head.Angelos D. Keromytis
2001-05-27Fixup old mbuf chain head.Angelos D. Keromytis
2001-05-21Use a reference-counted structure for IPsec IDs and credentials, so weAngelos D. Keromytis
can cheaply keep copies of them at the PCB. ok deraadt@
2001-05-17convert mbuf and cluster allocation to pool, mostly from NetBSDNiels Provos
okay art@ miod@
2001-05-16No need to check M_WAIT/M_WAITOK malloc return values. (art@ ok)Hakan Olsson
2001-05-11Check m_pullup() and m_pullup2() return for NULL, not 0; itojun@ okAaron Campbell
2001-05-11check for 'fastroute' condition (like ip_input) in bridge_filter() andJason Wright
deal with it.
2001-05-05Use the new M_* malloc typesAngelos D. Keromytis
2001-04-23s = splimp(); ... s = splimp(); ... splx(x); ... splx(s); is a bad idea.Artur Grabowski
2001-04-19Include NUL-termination in identity extension length computationNiklas Hallqvist
2001-04-14Minor changes, preparing for real socket-attached TDBs; also, moreAngelos D. Keromytis
information will be stored in the TDB. ok ho@ provos@
2001-04-06Move offsetof define into sys/param.hConstantine Sapuntzakis
2001-04-04check for return value of ENODEV from ifpromisc(). This will happenJason Wright
at detach time when if_detach_ioctl() has been installed for an outgoing interface and does not represent an error.