src - OpenBSD base system

Age	Commit message (Collapse)	Author
2001-06-25	Use in_cksum_phdr() rather than in_cksum() -- from NetBSD	Angelos D. Keromytis

2001-06-24	Import in_cksum_phdr() and in_cksum_addword() from NetBSD.	Angelos D. Keromytis

2001-06-24	Import in_delayed_cksum() and convert to using it; also, don't do	Angelos D. Keromytis
	TCP/UDP HW checksumming if doing IP fragmentation. From NetBSD
2001-06-23	Typo.	Angelos D. Keromytis

2001-06-23	Prototype for in4_cksum()	Angelos D. Keromytis

2001-06-12	IPsec setsockopts.	Angelos D. Keromytis

2001-06-09	Inclusion protection.	Angelos D. Keromytis

2001-05-27	Add some IPsec-related IP-level socket options.	Angelos D. Keromytis

2001-05-17	convert mbuf and cluster allocation to pool, mostly from NetBSD	Niels Provos
	okay art@ miod@
2000-12-09	remove duplicated def of INET_ADDRSTRLEN.	Jun-ichiro itojun Hagino

2000-09-19	Lots and lots of changes.	Angelos D. Keromytis

2000-09-18	Path MTU discovery based on NetBSD but with the decision to use the DF	Niels Provos
	flag delayed to ip_output(). That halves the code and reduces most of the route lookups. okay deraadt@
2000-06-18	for mcdonald-simple-ipsec-api get/setsockopt, variable size was mixed up.	Jun-ichiro itojun Hagino
	in some place sizeof(u_char), and in some place sizeof(int) were used. previous code can cause problem in big endian machines. now it always uses "int" (isakmpd uses int, so it should be okay) set m_len properly on mcdonald-simple-ipsec-api getsockopt.
2000-05-25	net.inet.ip.gif_ttl (and IPv6 counterpart) is never used.	Jun-ichiro itojun Hagino
	enforce type checking on IN6_ARE_ADDR_EQUAL.
2000-02-09	improve RFC2553/2292 conformance. netinet6/{ip6,icmp6,in6}.h should not	Jun-ichiro itojun Hagino
	be included. neitnet6/{ip6,icmp6}.h includes #error statements only - i'll remove them couple of days later.
2000-01-26	new bindresvport() semantics that itojun, shin, jean-luc and i have agreed ↵	Theo de Raadt
	on, which will be happy for the future. bindresvport_sa() for sockaddr *, too. docs later..
2000-01-21	Rename the ip4_* routines to ipip_*, make it so GIF tunnels are not	Angelos D. Keromytis
	affected by net.inet.ipip.allow (the sysctl formerly known as net.inet.ip4.allow), rename the VIF ipip_input to ipip_mroute_input.
2000-01-18	Bump IPPROTO_MAX to include IPPROTO_MOBILE and IPPROTO_ETHERIP.	Angelos D. Keromytis

2000-01-11	Remove ifdef'ed out definitions.	Angelos D. Keromytis

2000-01-10	Add 10 new ipsec-related sysctl variables...they are currently under	Angelos D. Keromytis
	net.inet.ip; perhaps they should be moved under net.inet.ipsec or some such.
2000-01-10	Add net.inet.ip.ipsec-invalid-life, default value 60 seconds; the	Angelos D. Keromytis
	amount of time embryonic SAs will be kept before they have to be initialized by key management (this only affects automated key management).
2000-01-09	Add a sysctl for IPsec ingress access control (better explanation on a	Angelos D. Keromytis
	follow-up commit).
2000-01-07	Forgot the names here...	Angelos D. Keromytis

2000-01-07	IPPROTO_GRE and IPPROTO_MOBILE definitions (from NetBSD)	Angelos D. Keromytis

1999-12-18	too much software forgets to include sys/socket.h, SIGH	Theo de Raadt

1999-12-16	rresvport_af() and bindresvport_af()	Theo de Raadt

1999-12-08	bring in KAME IPv6 code, dated 19991208.	Jun-ichiro itojun Hagino
	replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details. GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
1999-10-28	Add etherip.allow sysctl node entry.	Angelos D. Keromytis

1999-10-28	Define IPPROTO_ETHERIP.	Angelos D. Keromytis

1999-04-11	Introduce net.inet.{ah,esp}.enable sysctl controls that are off by default.	Niklas Hallqvist
	If you are going to use either of AH or ESP or both, enable these in /etc/sysctl.conf. Also correct the IPSec debugging sysctl code, it is now named net.inet.ip.encdebug. Some corrected function signatures too.
1999-04-09	The kernel parts of a sysctl that can switch on/off IP-in-IP (protocol 4)	Niklas Hallqvist
	support, when IPSEC is compiled in. The default is disabled. Turn on with: sysctl -w net.inet.ip4.allow=1 *Only* do this if you are really knowing what you do! This control does not control the tunnel modes of ESP and AH.
1999-03-27	add SADB_X_BINDSA to pfkey allowing incoming SAs to refer to an outgoing	Niels Provos
	SA to be used, use this SA in ip_output if available. allow mobile road warriors for bind SAs with wildcard dst and src addresses. check IPSEC AUTH and ESP level when receiving packets, drop them if protection is insufficient. add stats to show dropped packets because of insufficient IPSEC protection. -- phew. this was all done in canada. dugsong and linh provided the ride and company.
1999-03-24	Removed old NRL convention in6a_words virtual-field from struct in6_addr.	cmetz
	Let's not encourage the use of an obsolete convention.
1999-02-24	Added in.h definitions required by IPv6 Basic API and Advanced API specs, and	cmetz
	a few extras that are just plain useful. Note that I used u_intxx_t instead of the POSIX p1003.1g uintxx_t that those specs mandate, so as to not increase the number of outside symbol definitions that in.h depends on.
1999-02-17	add fragment flood protection; configureable using sysctl ip.maxqueue	Theo de Raadt

1999-01-10	merge INPROTO_* tables	Theo de Raadt

1999-01-07	update for ipv6	Theo de Raadt

1999-01-03	use int8_t, not char in c++ case for consistency and fix indentation	Todd C. Miller

1999-01-01	mirror OSF1 solution for ip_opts[] within struct called ip_opts; dm@, pr#681	Theo de Raadt

1998-05-18	first step to the setsockopt/getsockopt interface as described in	Niels Provos
	draft-mcdonald-simple-ipsec-api, kernel notifies (EMT_REQUESTSA) signal userland key management applications when security services are requested. this is only for outgoing connections at the moment, incoming packets are not yet checked against the selected socket policy.
1998-02-11	make IPPORT_USERRESERVED a nice fat number -> random ports look really funky.	Theo de Raadt

1997-11-30	Move in_addr_t and in_port_t to <sys/types.h> and add sa_family_t	Todd C. Miller
	and suseconds_t types for XPG4.2.
1997-07-28	Make struct in_addr contain an in_addr_t since that's what	Todd C. Miller
	in_addr_t is for (same basic type so we don't break anything).
1997-07-02	Move prototype for bindresvport(3) to <netiniet/in.h> as it is	Todd C. Miller
	not rpc-specific and other stuff uses it now.
1997-02-28	IPsec socket API hooks are in.	Angelos D. Keromytis

1997-02-20	IPSEC package by John Ioannidis and Angelos D. Keromytis. Written in	Theo de Raadt
	Greece. From ftp.funet.fi:/pub/unix/security/net/ip/BSDipsec.tar.gz
1996-07-29	From FreeBSD (with slightly different sysctl names):	Jason Downs
	"... Allow the user to nominate one of three ranges of port numbers as candidates for selecting a local address to replace a zero port number. The ranges are selected via a setsockopt(s, IPPROTO_IP, IP_PORTRANGE, &arg) call. The three ranges are: default, high (to bypass firewalls) and low (to get a port below 1024). The default and high port ranges are sysctl settable under sysctl net.inet.ip.portrange.* [net.inet.ip.portfirst, net.inet.ip.portlast, net.inet.ip.porthifirst, and net.inet.ip.porthilast currently in OpenBSD.] This code also fixes a potential deadlock if the system accidently ran out of local port addresses. It'd drop into an infinite while loop. The secure port selection (for root) should reduce overheads and increase reliability of rlogin/rlogind/rsh/rshd if they are modified to take advantage of it."
1996-03-03	From NetBSD: 960217 merge	Niklas Hallqvist

1996-02-21	Added INADDR_MAX_LOCAL_GROUP, since it was present in 4.4-Lite	Michael Shalayeff
	and gated wants it to there ;)
1995-11-28	add inet_ntoa() to the kernel. use it to log nicer messages. idea from freebsd	Theo de Raadt