| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2003-06-02 | Remove the advertising clause in the UCB license which Berkeley | Todd C. Miller | |
| rescinded 22 July 1999. Proofed by myself and Theo. | |||
| 2002-09-04 | pass struct proc * down to in6_pcbsetport | Jun-ichiro itojun Hagino | |
| 2002-06-09 | whitespace | Jun-ichiro itojun Hagino | |
| 2002-06-08 | sync with latest KAME in6_ifaddr/prefix/default router manipulation. | Jun-ichiro itojun Hagino | |
| behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up. | |||
| 2002-05-31 | Keep an policy attached to each socket (that needs it), and cleanup as | Angelos D. Keromytis | |
| needed on socket tear-down. | |||
| 2002-03-14 | Final __P removal plus some cosmetic fixups | Todd C. Miller | |
| 2002-03-14 | First round of __P removal in sys | Todd C. Miller | |
| 2001-07-05 | IPComp itself (include files). angelos@ ok. | Jean-Jacques Bernard-Gundol | |
| 2001-06-12 | IPsec-related socket options; these can be set/removed/retrieved, but | Angelos D. Keromytis | |
| are not taken into consideration in anything just yet. | |||
| 2001-06-09 | Inclusion protection. | Angelos D. Keromytis | |
| 2001-05-27 | Keep local authentication material on the PCB. | Angelos D. Keromytis | |
| 2001-05-21 | Use a reference-counted structure for IPsec IDs and credentials, so we | Angelos D. Keromytis | |
| can cheaply keep copies of them at the PCB. ok deraadt@ | |||
| 2001-03-28 | Allow tdbi's to appear in mbufs throughout the stack; this allows | Angelos D. Keromytis | |
| security properties of the packets to be pushed up to the application (not done yet). Eventually, this will be turned into a packet attributes framework. Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS) does weird things with mbufs. | |||
| 2001-02-16 | pull in new pcb notification code from kame. better handling of scope address. | Jun-ichiro itojun Hagino | |
| 2001-02-16 | amove in6_{embed,recover}scope prototypes to in6_var.h (kernel only). | Jun-ichiro itojun Hagino | |
| add in6_clearscope. sync better with kame | |||
| 2001-02-08 | witch raw ip6 socket code from NRL to kame. | Jun-ichiro itojun Hagino | |
| makes upgrades/code sharing much easier. | |||
| 2000-10-11 | nuke inp_flags bits for controlling IPv4 mapped address. | Jun-ichiro itojun Hagino | |
| we don't support IPv4 mapped address, and there are inconsistent bit manipulation code so it's safer to nuke them. | |||
| 2000-10-10 | verify payload of the icmp need fragment message at the tcp layer. okay itojun@ | Niels Provos | |
| 2000-10-09 | check if we have a tcb connected to the destination quoted in the icmp need | Niels Provos | |
| fragment message when doing path mtu discovery. okay angelos@ | |||
| 2000-09-18 | Path MTU discovery based on NetBSD but with the decision to use the DF | Niels Provos | |
| flag delayed to ip_output(). That halves the code and reduces most of the route lookups. okay deraadt@ | |||
| 2000-06-18 | sync with KAME udp6_output(). udp output logic is very different between | Jun-ichiro itojun Hagino | |
| IPv4/v6 so the separation should make more sense. TODO: remove IPv6 case from udp_output() TODO: remove/comment out/#if 0 IPv4 mapped address cases | |||
| 2000-06-13 | allow link-local IPv6 addres in in6_pcbbind. | Jun-ichiro itojun Hagino | |
| 2000-04-27 | add TCP port 587 to default list of reserved ports not to allocate ↵ | Todd C. Miller | |
| dynamically in order to reserve it for sendmail. | |||
| 2000-02-07 | fix include file path related to ip6. | Jun-ichiro itojun Hagino | |
| 2000-01-11 | Remove ifdef'ed out definitions. | Angelos D. Keromytis | |
| 1999-12-27 | synchronize inp_flags definition across kame/*bsd. | Jun-ichiro itojun Hagino | |
| this would ease us implement future COMPAT_*BSD. (sync with kame tree) | |||
| 1999-12-12 | make it easier to synchronize INP_xx flags and IN6P_xx flags. | Jun-ichiro itojun Hagino | |
| 1999-12-08 | bring in KAME IPv6 code, dated 19991208. | Jun-ichiro itojun Hagino | |
| replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details. GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon). | |||
| 1999-03-27 | add SADB_X_BINDSA to pfkey allowing incoming SAs to refer to an outgoing | Niels Provos | |
| SA to be used, use this SA in ip_output if available. allow mobile road warriors for bind SAs with wildcard dst and src addresses. check IPSEC AUTH and ESP level when receiving packets, drop them if protection is insufficient. add stats to show dropped packets because of insufficient IPSEC protection. -- phew. this was all done in canada. dugsong and linh provided the ride and company. | |||
| 1999-03-24 | Removed inclusion of netinet6/in6.h. This was an artifact of when the core | cmetz | |
| IPv6 symbols were there rather than in netinet/in.h, and now not only is unnecessary but also could create problems (see PR library/781). | |||
| 1999-01-11 | netinet merge of NRL stuff. some indent and shrinkage needed; NRL/cmetz | Theo de Raadt | |
| 1999-01-08 | more IPV6 merge; cmetz | Theo de Raadt | |
| 1999-01-07 | INET6 support | Theo de Raadt | |
| 1999-01-07 | in_pcblookup() now takes ptr to both ip address arguments | Theo de Raadt | |
| 1999-01-07 | rename baddynamic() to in_baddynamic(), and export it | Theo de Raadt | |
| 1998-05-18 | first step to the setsockopt/getsockopt interface as described in | Niels Provos | |
| draft-mcdonald-simple-ipsec-api, kernel notifies (EMT_REQUESTSA) signal userland key management applications when security services are requested. this is only for outgoing connections at the moment, incoming packets are not yet checked against the selected socket policy. | |||
| 1997-08-26 | indent | Theo de Raadt | |
| 1997-08-19 | Add DP_CLR() macro | Todd C. Miller | |
| 1997-08-19 | Theo doesn't like extra kernel options, so don't allow | Todd C. Miller | |
| DEFBADDYNAMICPORTS_TCP and DEFBADDYNAMICPORTS_UDP to be overridden from the kernel. It's not really too useful since there is a nice sysctl interface for this stuff. | |||
| 1997-08-16 | Allow DEFBADDYNAMICPORTS_TCP and DEFBADDYNAMICPORTS_UDP to be | Todd C. Miller | |
| overridden via kernel config file. | |||
| 1997-08-09 | The list of tcp/udp ports not to allocate dynamically is now | Todd C. Miller | |
| a bitmask configurable via sysctl([38]). The default values have not changed. If one wants to change the list it should be done early on in /etc/rc. | |||
| 1997-02-28 | Moved IPsec socket state to the PCB. | Angelos D. Keromytis | |
| 1996-07-29 | From FreeBSD (with slightly different sysctl names): | Jason Downs | |
| "... Allow the user to nominate one of three ranges of port numbers as candidates for selecting a local address to replace a zero port number. The ranges are selected via a setsockopt(s, IPPROTO_IP, IP_PORTRANGE, &arg) call. The three ranges are: default, high (to bypass firewalls) and low (to get a port below 1024). The default and high port ranges are sysctl settable under sysctl net.inet.ip.portrange.* [net.inet.ip.portfirst, net.inet.ip.portlast, net.inet.ip.porthifirst, and net.inet.ip.porthilast currently in OpenBSD.] This code also fixes a potential deadlock if the system accidently ran out of local port addresses. It'd drop into an infinite while loop. The secure port selection (for root) should reduce overheads and increase reliability of rlogin/rlogind/rsh/rshd if they are modified to take advantage of it." | |||
| 1996-03-03 | From NetBSD: 960217 merge | Niklas Hallqvist | |
| 1995-10-18 | initial import of NetBSD tree | Theo de Raadt | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |