Age | Commit message (Collapse) | Author | |
---|---|---|---|
2001-07-05 | IPComp support. angelos@ ok. | Jean-Jacques Bernard-Gundol | |
2001-06-12 | IPsec-related socket options; these can be set/removed/retrieved, but | Angelos D. Keromytis | |
are not taken into consideration in anything just yet. | |||
2001-06-08 | Cut down on include files. | Angelos D. Keromytis | |
2001-06-05 | repair copyright notices for NRL & cmetz; cmetz | Theo de Raadt | |
2001-05-27 | Free IPsec authentication material on PCB tear down. | Angelos D. Keromytis | |
2001-05-21 | Use a reference-counted structure for IPsec IDs and credentials, so we | Angelos D. Keromytis | |
can cheaply keep copies of them at the PCB. ok deraadt@ | |||
2001-03-28 | Allow tdbi's to appear in mbufs throughout the stack; this allows | Angelos D. Keromytis | |
security properties of the packets to be pushed up to the application (not done yet). Eventually, this will be turned into a packet attributes framework. Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS) does weird things with mbufs. | |||
2001-02-08 | witch raw ip6 socket code from NRL to kame. | Jun-ichiro itojun Hagino | |
makes upgrades/code sharing much easier. | |||
2000-10-11 | nuke inp_flags bits for controlling IPv4 mapped address. | Jun-ichiro itojun Hagino | |
we don't support IPv4 mapped address, and there are inconsistent bit manipulation code so it's safer to nuke them. | |||
2000-10-10 | verify payload of the icmp need fragment message at the tcp layer. okay itojun@ | Niels Provos | |
2000-10-09 | check if we have a tcb connected to the destination quoted in the icmp need | Niels Provos | |
fragment message when doing path mtu discovery. okay angelos@ | |||
2000-09-20 | fix in_pcbrtentry | Niels Provos | |
2000-09-19 | Lots and lots of changes. | Angelos D. Keromytis | |
2000-09-18 | Path MTU discovery based on NetBSD but with the decision to use the DF | Niels Provos | |
flag delayed to ip_output(). That halves the code and reduces most of the route lookups. okay deraadt@ | |||
2000-04-27 | avoid infinite loop in in{6,}_pcbnotify (can occurs on family mismatch) | Jun-ichiro itojun Hagino | |
2000-04-21 | NRL pcb issue; inp_{f,l}addr{,6} is a union so we need to be sure about | Jun-ichiro itojun Hagino | |
af match. - do not touch IPv4 pcb entries on in6_pcbnotify. - do not touch IPv6 pcb entries on in_pcbnotify. | |||
2000-01-04 | if we call in6_setpeeraddr, don't visit code for ipv4. | Jun-ichiro itojun Hagino | |
(the case seems to be never bisited) | |||
1999-12-19 | Remove PCB protocol checks rendered unnecessary by the previous commit. | Angelos D. Keromytis | |
1999-12-19 | Be a bit more paranoid when searching for a PCB in the presence of IPv6. | Angelos D. Keromytis | |
1999-12-17 | do not accept IPv4 traffic by AF_INET6 socket. IPv4 mapped address is | Jun-ichiro itojun Hagino | |
bad for access controls. (quickhack fix, need sysctl/setsockopt knob to enable this functionality) | |||
1999-12-08 | Identation. | Angelos D. Keromytis | |
1999-12-08 | bring in KAME IPv6 code, dated 19991208. | Jun-ichiro itojun Hagino | |
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details. GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon). | |||
1999-05-16 | spltdb introduced, protection for tdb lists and related structures, so | Niklas Hallqvist | |
they won't disappear behind our back by an expiration. Cleanup expiration logic too. | |||
1999-04-28 | zap the newhashinit hack. | Artur Grabowski | |
Add an extra flag to hashinit telling if it should wait in malloc. update all calls to hashinit. | |||
1999-03-27 | add SADB_X_BINDSA to pfkey allowing incoming SAs to refer to an outgoing | Niels Provos | |
SA to be used, use this SA in ip_output if available. allow mobile road warriors for bind SAs with wildcard dst and src addresses. check IPSEC AUTH and ESP level when receiving packets, drop them if protection is insufficient. add stats to show dropped packets because of insufficient IPSEC protection. -- phew. this was all done in canada. dugsong and linh provided the ride and company. | |||
1999-03-24 | Replace 'in6a_words' (old NRL convention) with 's6_addr32' (new BSDI et al. | cmetz | |
convention that is more common and more specific as to the access size) | |||
1999-02-24 | Remove encap.h include; saner debugging printfs; fix buglets; work with | Angelos D. Keromytis | |
pfkeyv2. | |||
1999-01-11 | netinet merge of NRL stuff. some indent and shrinkage needed; NRL/cmetz | Theo de Raadt | |
1999-01-08 | remove NRL debugging goop; cmetz | Theo de Raadt | |
1999-01-07 | INET6 support | Theo de Raadt | |
1999-01-07 | in_pcblookup() now takes ptr to both ip address arguments | Theo de Raadt | |
1999-01-07 | rename baddynamic() to in_baddynamic(), and export it | Theo de Raadt | |
1998-05-18 | first step to the setsockopt/getsockopt interface as described in | Niels Provos | |
draft-mcdonald-simple-ipsec-api, kernel notifies (EMT_REQUESTSA) signal userland key management applications when security services are requested. this is only for outgoing connections at the moment, incoming packets are not yet checked against the selected socket policy. | |||
1998-02-14 | wildcard ifaces; finally, after HE said it's ok | Michael Shalayeff | |
1998-02-14 | add seperate so_euid & so_ruid to struct socket, so that identd is still ↵ | Theo de Raadt | |
fast.. Sigh. I will change this again later | |||
1998-02-01 | undo wildcard loopback stuff; it was not checked by other developers | Theo de Raadt | |
1998-02-01 | support wildcard loopbacks. that is, setting up lo1 like: | Michael Shalayeff | |
ifconfig lo1 inet 192.168.1.1 netmask 255.255.255.0 link1 would force it to act like all the addresses from net 192.168.1 were added to the interface. todo: man lo | |||
1997-11-30 | hmm. If out of ports, return EADDRNOTAVAIL | Theo de Raadt | |
1997-08-09 | The list of tcp/udp ports not to allocate dynamically is now | Todd C. Miller | |
a bitmask configurable via sysctl([38]). The default values have not changed. If one wants to change the list it should be done early on in /etc/rc. | |||
1997-07-27 | hardcode list of ports to not randomly allocate; will add configuration later | Theo de Raadt | |
1997-04-17 | make unconnected sockets get a random port #, too | Theo de Raadt | |
1997-02-28 | Moved IPsec socket state to the PCB. | Angelos D. Keromytis | |
1997-02-05 | use arc4random() | Theo de Raadt | |
1997-01-15 | prevent warning: | kstailey | |
in_pcb.c:182: warning: `old' might be used uninitialized in this function | |||
1996-08-24 | change to so_uid, also fix a missing credential found by dm | Theo de Raadt | |
1996-08-05 | stupid typo, going to bed in penance | Theo de Raadt | |
1996-08-05 | only check for takeover permission if non-root | Theo de Raadt | |
1996-08-05 | struct socket gets so_ucred; permit only same uid or root to do port takeover. | Theo de Raadt | |
1996-07-29 | Fix stupid logic error in bind(). | Jason Downs | |
1996-07-29 | Make 600, instead of 512, the lower limit for reserved ports. | Jason Downs | |