summaryrefslogtreecommitdiff
path: root/sys/netinet/in_pcb.c
AgeCommit message (Collapse)Author
2001-07-05IPComp support. angelos@ ok.Jean-Jacques Bernard-Gundol
2001-06-12IPsec-related socket options; these can be set/removed/retrieved, butAngelos D. Keromytis
are not taken into consideration in anything just yet.
2001-06-08Cut down on include files.Angelos D. Keromytis
2001-06-05repair copyright notices for NRL & cmetz; cmetzTheo de Raadt
2001-05-27Free IPsec authentication material on PCB tear down.Angelos D. Keromytis
2001-05-21Use a reference-counted structure for IPsec IDs and credentials, so weAngelos D. Keromytis
can cheaply keep copies of them at the PCB. ok deraadt@
2001-03-28Allow tdbi's to appear in mbufs throughout the stack; this allowsAngelos D. Keromytis
security properties of the packets to be pushed up to the application (not done yet). Eventually, this will be turned into a packet attributes framework. Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS) does weird things with mbufs.
2001-02-08witch raw ip6 socket code from NRL to kame.Jun-ichiro itojun Hagino
makes upgrades/code sharing much easier.
2000-10-11nuke inp_flags bits for controlling IPv4 mapped address.Jun-ichiro itojun Hagino
we don't support IPv4 mapped address, and there are inconsistent bit manipulation code so it's safer to nuke them.
2000-10-10verify payload of the icmp need fragment message at the tcp layer. okay itojun@Niels Provos
2000-10-09check if we have a tcb connected to the destination quoted in the icmp needNiels Provos
fragment message when doing path mtu discovery. okay angelos@
2000-09-20fix in_pcbrtentryNiels Provos
2000-09-19Lots and lots of changes.Angelos D. Keromytis
2000-09-18Path MTU discovery based on NetBSD but with the decision to use the DFNiels Provos
flag delayed to ip_output(). That halves the code and reduces most of the route lookups. okay deraadt@
2000-04-27avoid infinite loop in in{6,}_pcbnotify (can occurs on family mismatch)Jun-ichiro itojun Hagino
2000-04-21NRL pcb issue; inp_{f,l}addr{,6} is a union so we need to be sure aboutJun-ichiro itojun Hagino
af match. - do not touch IPv4 pcb entries on in6_pcbnotify. - do not touch IPv6 pcb entries on in_pcbnotify.
2000-01-04if we call in6_setpeeraddr, don't visit code for ipv4.Jun-ichiro itojun Hagino
(the case seems to be never bisited)
1999-12-19Remove PCB protocol checks rendered unnecessary by the previous commit.Angelos D. Keromytis
1999-12-19Be a bit more paranoid when searching for a PCB in the presence of IPv6.Angelos D. Keromytis
1999-12-17do not accept IPv4 traffic by AF_INET6 socket. IPv4 mapped address isJun-ichiro itojun Hagino
bad for access controls. (quickhack fix, need sysctl/setsockopt knob to enable this functionality)
1999-12-08Identation.Angelos D. Keromytis
1999-12-08bring in KAME IPv6 code, dated 19991208.Jun-ichiro itojun Hagino
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details. GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
1999-05-16spltdb introduced, protection for tdb lists and related structures, soNiklas Hallqvist
they won't disappear behind our back by an expiration. Cleanup expiration logic too.
1999-04-28zap the newhashinit hack.Artur Grabowski
Add an extra flag to hashinit telling if it should wait in malloc. update all calls to hashinit.
1999-03-27add SADB_X_BINDSA to pfkey allowing incoming SAs to refer to an outgoingNiels Provos
SA to be used, use this SA in ip_output if available. allow mobile road warriors for bind SAs with wildcard dst and src addresses. check IPSEC AUTH and ESP level when receiving packets, drop them if protection is insufficient. add stats to show dropped packets because of insufficient IPSEC protection. -- phew. this was all done in canada. dugsong and linh provided the ride and company.
1999-03-24Replace 'in6a_words' (old NRL convention) with 's6_addr32' (new BSDI et al.cmetz
convention that is more common and more specific as to the access size)
1999-02-24Remove encap.h include; saner debugging printfs; fix buglets; work withAngelos D. Keromytis
pfkeyv2.
1999-01-11netinet merge of NRL stuff. some indent and shrinkage needed; NRL/cmetzTheo de Raadt
1999-01-08remove NRL debugging goop; cmetzTheo de Raadt
1999-01-07INET6 supportTheo de Raadt
1999-01-07in_pcblookup() now takes ptr to both ip address argumentsTheo de Raadt
1999-01-07rename baddynamic() to in_baddynamic(), and export itTheo de Raadt
1998-05-18first step to the setsockopt/getsockopt interface as described inNiels Provos
draft-mcdonald-simple-ipsec-api, kernel notifies (EMT_REQUESTSA) signal userland key management applications when security services are requested. this is only for outgoing connections at the moment, incoming packets are not yet checked against the selected socket policy.
1998-02-14wildcard ifaces; finally, after HE said it's okMichael Shalayeff
1998-02-14add seperate so_euid & so_ruid to struct socket, so that identd is still ↵Theo de Raadt
fast.. Sigh. I will change this again later
1998-02-01undo wildcard loopback stuff; it was not checked by other developersTheo de Raadt
1998-02-01support wildcard loopbacks. that is, setting up lo1 like:Michael Shalayeff
ifconfig lo1 inet 192.168.1.1 netmask 255.255.255.0 link1 would force it to act like all the addresses from net 192.168.1 were added to the interface. todo: man lo
1997-11-30hmm. If out of ports, return EADDRNOTAVAILTheo de Raadt
1997-08-09The list of tcp/udp ports not to allocate dynamically is nowTodd C. Miller
a bitmask configurable via sysctl([38]). The default values have not changed. If one wants to change the list it should be done early on in /etc/rc.
1997-07-27hardcode list of ports to not randomly allocate; will add configuration laterTheo de Raadt
1997-04-17make unconnected sockets get a random port #, tooTheo de Raadt
1997-02-28Moved IPsec socket state to the PCB.Angelos D. Keromytis
1997-02-05use arc4random()Theo de Raadt
1997-01-15prevent warning:kstailey
in_pcb.c:182: warning: `old' might be used uninitialized in this function
1996-08-24change to so_uid, also fix a missing credential found by dmTheo de Raadt
1996-08-05stupid typo, going to bed in penanceTheo de Raadt
1996-08-05only check for takeover permission if non-rootTheo de Raadt
1996-08-05struct socket gets so_ucred; permit only same uid or root to do port takeover.Theo de Raadt
1996-07-29Fix stupid logic error in bind().Jason Downs
1996-07-29Make 600, instead of 512, the lower limit for reserved ports.Jason Downs