summaryrefslogtreecommitdiff
path: root/sys/netinet/in_pcb.h
AgeCommit message (Collapse)Author
1999-03-27add SADB_X_BINDSA to pfkey allowing incoming SAs to refer to an outgoingNiels Provos
SA to be used, use this SA in ip_output if available. allow mobile road warriors for bind SAs with wildcard dst and src addresses. check IPSEC AUTH and ESP level when receiving packets, drop them if protection is insufficient. add stats to show dropped packets because of insufficient IPSEC protection. -- phew. this was all done in canada. dugsong and linh provided the ride and company.
1999-03-24Removed inclusion of netinet6/in6.h. This was an artifact of when the corecmetz
IPv6 symbols were there rather than in netinet/in.h, and now not only is unnecessary but also could create problems (see PR library/781).
1999-01-11netinet merge of NRL stuff. some indent and shrinkage needed; NRL/cmetzTheo de Raadt
1999-01-08more IPV6 merge; cmetzTheo de Raadt
1999-01-07INET6 supportTheo de Raadt
1999-01-07in_pcblookup() now takes ptr to both ip address argumentsTheo de Raadt
1999-01-07rename baddynamic() to in_baddynamic(), and export itTheo de Raadt
1998-05-18first step to the setsockopt/getsockopt interface as described inNiels Provos
draft-mcdonald-simple-ipsec-api, kernel notifies (EMT_REQUESTSA) signal userland key management applications when security services are requested. this is only for outgoing connections at the moment, incoming packets are not yet checked against the selected socket policy.
1997-08-26indentTheo de Raadt
1997-08-19Add DP_CLR() macroTodd C. Miller
1997-08-19Theo doesn't like extra kernel options, so don't allowTodd C. Miller
DEFBADDYNAMICPORTS_TCP and DEFBADDYNAMICPORTS_UDP to be overridden from the kernel. It's not really too useful since there is a nice sysctl interface for this stuff.
1997-08-16Allow DEFBADDYNAMICPORTS_TCP and DEFBADDYNAMICPORTS_UDP to beTodd C. Miller
overridden via kernel config file.
1997-08-09The list of tcp/udp ports not to allocate dynamically is nowTodd C. Miller
a bitmask configurable via sysctl([38]). The default values have not changed. If one wants to change the list it should be done early on in /etc/rc.
1997-02-28Moved IPsec socket state to the PCB.Angelos D. Keromytis
1996-07-29From FreeBSD (with slightly different sysctl names):Jason Downs
"... Allow the user to nominate one of three ranges of port numbers as candidates for selecting a local address to replace a zero port number. The ranges are selected via a setsockopt(s, IPPROTO_IP, IP_PORTRANGE, &arg) call. The three ranges are: default, high (to bypass firewalls) and low (to get a port below 1024). The default and high port ranges are sysctl settable under sysctl net.inet.ip.portrange.* [net.inet.ip.portfirst, net.inet.ip.portlast, net.inet.ip.porthifirst, and net.inet.ip.porthilast currently in OpenBSD.] This code also fixes a potential deadlock if the system accidently ran out of local port addresses. It'd drop into an infinite while loop. The secure port selection (for root) should reduce overheads and increase reliability of rlogin/rlogind/rsh/rshd if they are modified to take advantage of it."
1996-03-03From NetBSD: 960217 mergeNiklas Hallqvist
1995-10-18initial import of NetBSD treeTheo de Raadt