src - OpenBSD base system

Age	Commit message (Collapse)	Author
2001-03-28	Allow tdbi's to appear in mbufs throughout the stack; this allows	Angelos D. Keromytis
	security properties of the packets to be pushed up to the application (not done yet). Eventually, this will be turned into a packet attributes framework. Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS) does weird things with mbufs.
2001-02-08	witch raw ip6 socket code from NRL to kame.	Jun-ichiro itojun Hagino
	makes upgrades/code sharing much easier.
2000-10-11	nuke inp_flags bits for controlling IPv4 mapped address.	Jun-ichiro itojun Hagino
	we don't support IPv4 mapped address, and there are inconsistent bit manipulation code so it's safer to nuke them.
2000-10-10	verify payload of the icmp need fragment message at the tcp layer. okay itojun@	Niels Provos

2000-10-09	check if we have a tcb connected to the destination quoted in the icmp need	Niels Provos
	fragment message when doing path mtu discovery. okay angelos@
2000-09-20	fix in_pcbrtentry	Niels Provos

2000-09-19	Lots and lots of changes.	Angelos D. Keromytis

2000-09-18	Path MTU discovery based on NetBSD but with the decision to use the DF	Niels Provos
	flag delayed to ip_output(). That halves the code and reduces most of the route lookups. okay deraadt@
2000-04-27	avoid infinite loop in in{6,}_pcbnotify (can occurs on family mismatch)	Jun-ichiro itojun Hagino

2000-04-21	NRL pcb issue; inp_{f,l}addr{,6} is a union so we need to be sure about	Jun-ichiro itojun Hagino
	af match. - do not touch IPv4 pcb entries on in6_pcbnotify. - do not touch IPv6 pcb entries on in_pcbnotify.
2000-01-04	if we call in6_setpeeraddr, don't visit code for ipv4.	Jun-ichiro itojun Hagino
	(the case seems to be never bisited)
1999-12-19	Remove PCB protocol checks rendered unnecessary by the previous commit.	Angelos D. Keromytis

1999-12-19	Be a bit more paranoid when searching for a PCB in the presence of IPv6.	Angelos D. Keromytis

1999-12-17	do not accept IPv4 traffic by AF_INET6 socket. IPv4 mapped address is	Jun-ichiro itojun Hagino
	bad for access controls. (quickhack fix, need sysctl/setsockopt knob to enable this functionality)
1999-12-08	Identation.	Angelos D. Keromytis

1999-12-08	bring in KAME IPv6 code, dated 19991208.	Jun-ichiro itojun Hagino
	replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details. GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
1999-05-16	spltdb introduced, protection for tdb lists and related structures, so	Niklas Hallqvist
	they won't disappear behind our back by an expiration. Cleanup expiration logic too.
1999-04-28	zap the newhashinit hack.	Artur Grabowski
	Add an extra flag to hashinit telling if it should wait in malloc. update all calls to hashinit.
1999-03-27	add SADB_X_BINDSA to pfkey allowing incoming SAs to refer to an outgoing	Niels Provos
	SA to be used, use this SA in ip_output if available. allow mobile road warriors for bind SAs with wildcard dst and src addresses. check IPSEC AUTH and ESP level when receiving packets, drop them if protection is insufficient. add stats to show dropped packets because of insufficient IPSEC protection. -- phew. this was all done in canada. dugsong and linh provided the ride and company.
1999-03-24	Replace 'in6a_words' (old NRL convention) with 's6_addr32' (new BSDI et al.	cmetz
	convention that is more common and more specific as to the access size)
1999-02-24	Remove encap.h include; saner debugging printfs; fix buglets; work with	Angelos D. Keromytis
	pfkeyv2.
1999-01-11	netinet merge of NRL stuff. some indent and shrinkage needed; NRL/cmetz	Theo de Raadt

1999-01-08	remove NRL debugging goop; cmetz	Theo de Raadt

1999-01-07	INET6 support	Theo de Raadt

1999-01-07	in_pcblookup() now takes ptr to both ip address arguments	Theo de Raadt

1999-01-07	rename baddynamic() to in_baddynamic(), and export it	Theo de Raadt

1998-05-18	first step to the setsockopt/getsockopt interface as described in	Niels Provos
	draft-mcdonald-simple-ipsec-api, kernel notifies (EMT_REQUESTSA) signal userland key management applications when security services are requested. this is only for outgoing connections at the moment, incoming packets are not yet checked against the selected socket policy.
1998-02-14	wildcard ifaces; finally, after HE said it's ok	Michael Shalayeff

1998-02-14	add seperate so_euid & so_ruid to struct socket, so that identd is still ↵	Theo de Raadt
	fast.. Sigh. I will change this again later
1998-02-01	undo wildcard loopback stuff; it was not checked by other developers	Theo de Raadt

1998-02-01	support wildcard loopbacks. that is, setting up lo1 like:	Michael Shalayeff
	ifconfig lo1 inet 192.168.1.1 netmask 255.255.255.0 link1 would force it to act like all the addresses from net 192.168.1 were added to the interface. todo: man lo
1997-11-30	hmm. If out of ports, return EADDRNOTAVAIL	Theo de Raadt

1997-08-09	The list of tcp/udp ports not to allocate dynamically is now	Todd C. Miller
	a bitmask configurable via sysctl([38]). The default values have not changed. If one wants to change the list it should be done early on in /etc/rc.
1997-07-27	hardcode list of ports to not randomly allocate; will add configuration later	Theo de Raadt

1997-04-17	make unconnected sockets get a random port #, too	Theo de Raadt

1997-02-28	Moved IPsec socket state to the PCB.	Angelos D. Keromytis

1997-02-05	use arc4random()	Theo de Raadt

1997-01-15	prevent warning:	kstailey
	in_pcb.c:182: warning: `old' might be used uninitialized in this function
1996-08-24	change to so_uid, also fix a missing credential found by dm	Theo de Raadt

1996-08-05	stupid typo, going to bed in penance	Theo de Raadt

1996-08-05	only check for takeover permission if non-root	Theo de Raadt

1996-08-05	struct socket gets so_ucred; permit only same uid or root to do port takeover.	Theo de Raadt

1996-07-29	Fix stupid logic error in bind().	Jason Downs

1996-07-29	Make 600, instead of 512, the lower limit for reserved ports.	Jason Downs

1996-07-29	Fix a small bug and change the logic of the bind() port choosing:	Jason Downs
	Use a random starting point the first time through the loop.
1996-07-29	From FreeBSD (with slightly different sysctl names):	Jason Downs
	"... Allow the user to nominate one of three ranges of port numbers as candidates for selecting a local address to replace a zero port number. The ranges are selected via a setsockopt(s, IPPROTO_IP, IP_PORTRANGE, &arg) call. The three ranges are: default, high (to bypass firewalls) and low (to get a port below 1024). The default and high port ranges are sysctl settable under sysctl net.inet.ip.portrange.* [net.inet.ip.portfirst, net.inet.ip.portlast, net.inet.ip.porthifirst, and net.inet.ip.porthilast currently in OpenBSD.] This code also fixes a potential deadlock if the system accidently ran out of local port addresses. It'd drop into an infinite while loop. The secure port selection (for root) should reduce overheads and increase reliability of rlogin/rlogind/rsh/rshd if they are modified to take advantage of it."
1996-05-14	non-root bind() to 2049 gets EADDRINUSE	Theo de Raadt

1996-03-14	From Lite2; we should fail a malloc, not block waiting for memory to become	Thorsten Lockert
	available in in_pcballoc()
1996-03-03	From NetBSD: 960217 merge	Niklas Hallqvist

1995-10-18	initial import of NetBSD tree	Theo de Raadt