summaryrefslogtreecommitdiff
path: root/sys/netinet/ip_ah.c
AgeCommit message (Collapse)Author
2000-04-25when fixing up the header, copy from the right sized datatype (fixes IPsecJason Wright
on big-endian machines)
2000-03-21Fix casting so it compiles on alphas (testing by janjaap@stack.nl,Angelos D. Keromytis
closing pr #1150)
2000-03-17Cryptographic services framework, and software "device driver". TheAngelos D. Keromytis
idea is to support various cryptographic hardware accelerators (which may be (detachable) cards, secondary/tertiary/etc processors, software crypto, etc). Supports session migration between crypto devices. What it doesn't (yet) support: - multiple instances of the same algorithm used in the same session - use of multiple crypto drivers in the same session - asymmetric crypto No support for a userland device yet. IPsec code path modified to allow for asynchronous cryptography (callbacks used in both input and output processing). Some unrelated code simplification done in the process (especially for AH). Development of this code kindly supported by Network Security Technologies (NSTI). The code was writen mostly in Greece, and is being committed from Montreal.
2000-02-07fix include file path related to ip6.Jun-ichiro itojun Hagino
2000-01-27Merge "old" and "new" ESP and AH in two files (one for each).Angelos D. Keromytis
Fix a couple of buglets with ingress flow deletion. tcpdump on enc0 should now show all outgoing packets *before* being processed, and all incoming packets *after* being processed. Good to be in Canada (land of the free commits).
1999-12-09Ok, no more IPsec for OpenBSD...I've had enough with it.Angelos D. Keromytis
1999-12-07Forgot a printf...Angelos D. Keromytis
1999-12-07New ah_new_input(), protocol-independent processing (still lackingAngelos D. Keromytis
IPv6-specific protocol header processing).
1999-12-06Oops, typo.Angelos D. Keromytis
1999-12-06Some preliminiries to AH revamping (similar to ESP)...Angelos D. Keromytis
1999-12-06New ESP code that's v4 and v6 friendly.Angelos D. Keromytis
1999-11-04gettdb() should be at spltdb().Hakan Olsson
1999-10-29Support multiple enc interfaces.Angelos D. Keromytis
1999-07-05remove bogus entry from if_enc address list; and rename enc_softc to encifTheo de Raadt
1999-05-16spltdb introduced, protection for tdb lists and related structures, soNiklas Hallqvist
they won't disappear behind our back by an expiration. Cleanup expiration logic too.
1999-05-14A new scalable IPsec SA expiration model.Niklas Hallqvist
1999-04-11Introduce net.inet.{ah,esp}.enable sysctl controls that are off by default.Niklas Hallqvist
If you are going to use either of AH or ESP or both, enable these in /etc/sysctl.conf. Also correct the IPSec debugging sysctl code, it is now named net.inet.ip.encdebug. Some corrected function signatures too.
1999-04-09Make the tdbi handling more robust, removes a panic caseNiklas Hallqvist
1999-03-27add SADB_X_BINDSA to pfkey allowing incoming SAs to refer to an outgoingNiels Provos
SA to be used, use this SA in ip_output if available. allow mobile road warriors for bind SAs with wildcard dst and src addresses. check IPSEC AUTH and ESP level when receiving packets, drop them if protection is insufficient. add stats to show dropped packets because of insufficient IPSEC protection. -- phew. this was all done in canada. dugsong and linh provided the ride and company.
1999-02-24Update copyright; remove a few annoying debugging printfs.Angelos D. Keromytis
Btw, OpenBSD hit 25000 commits a couple commits ago.
1999-02-24Remove encap.h include; saner debugging printfs; fix buglets; work withAngelos D. Keromytis
pfkeyv2.
1998-06-10make the packets which were successfully processed by IPSec available toNiels Provos
bpf via the enc0 interface, using linktype DLT_ENC.
1998-05-24avoid source address spoofing for mutual hostile hosts which have SAs toNiels Provos
us, reported by Craig Metz <cmetz@inner.net>.
1998-05-18first step to the setsockopt/getsockopt interface as described inNiels Provos
draft-mcdonald-simple-ipsec-api, kernel notifies (EMT_REQUESTSA) signal userland key management applications when security services are requested. this is only for outgoing connections at the moment, incoming packets are not yet checked against the selected socket policy.
1997-11-04make it easier to add additional transforms. add blowfish and castNiels Provos
encryption. some more info for kernfs/ipsec.
1997-10-02conditional error loggingTheo de Raadt
1997-09-28log() needs a \nTheo de Raadt
1997-07-27expiration messages, fixes, updates, all sorts of thingsNiklas Hallqvist
1997-07-18enablespi/disablespi in encap + print spi's in hostorderNiels Provos
1997-07-11put old esp/ah and new esp/ah in different files.Niels Provos
generalised way of handling transforms.
1997-07-01major restructuringNiels Provos
1997-06-25hard and soft limits for SPI's per absolute timer, relative since establish,Niels Provos
relative since first use timers, packet and byte counters. notify key mgmt on soft limits. key mgmt can now specify limits. new encap messages: EMT_RESERVESPI, EMT_ENABLESPI, EMT_DISABLESPI
1997-06-24handle IP options in AH + allow IP options in outgoing encapsulated packetsNiels Provos
+ usage counters for later use with keymanagement processes
1997-06-20ah-sha1 + esp-3des + indentationNiels Provos
1997-02-26I/O packet counters for IP-in-IP and AH.Angelos D. Keromytis
1997-02-24OpenBSD tags + some prototyping policeNiklas Hallqvist
1997-02-20IPSEC package by John Ioannidis and Angelos D. Keromytis. Written inTheo de Raadt
Greece. From ftp.funet.fi:/pub/unix/security/net/ip/BSDipsec.tar.gz
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-18 09:27:11 +0000