| Age | Commit message (Expand) | Author |
|---|
| 2012-09-26 | add M_ZEROIZE as an mbuf flag, so copied PFKEY messages (with embedded keys) | Markus Friedl |
| 2012-09-20 | spltdb() was really just #define'd to be splsoftnet(); replace the former | Bret Lambert |
| 2012-09-18 | remove the SADB_X_SAFLAGS_{HALFIV,RANDOMPADDING,NOREPLAY} pfkey-API (not set | Markus Friedl |
| 2012-06-29 | Add support for the Extended (64-bit) Sequence Number as defined | Mike Belopuhov |
| 2011-01-11 | for key material that is being being discarded, convert bzero() to | Theo de Raadt |
| 2010-07-20 | Switch some obvious network stack MAC comparisons from bcmp() to | Matthew Dempsky |
| 2010-07-09 | Add support for using IPsec in multiple rdomains. | Reyk Floeter |
| 2010-07-02 | m_copyback can fail to allocate memory, but is a void fucntion so gymnastics | Bret Lambert |
| 2010-07-01 | Allow to specify an alternative enc(4) interface for an SA. All | Reyk Floeter |
| 2010-06-29 | Replace enc(4) with a new implementation as a cloner device. We still | Reyk Floeter |
| 2010-01-10 | Fix two bugs in IPsec/HMAC-SHA2: | Markus Friedl |
| 2008-09-15 | remove dead stores and newly created unused variables. | Charles Longeau |
| 2007-10-17 | Convert MALLOC/FREE to malloc/free. | Hans-Joerg Hoexer |
| 2007-10-09 | MALLOC+bzero -> malloc+M_ZERO. Don't forget FREE->free this time. | Kenneth R Westerback |
| 2007-02-14 | Consistently spell FALLTHROUGH to appease lint. | Jonathan Gray |
| 2007-02-08 | - AH: when computing crypto checksum for output, massage source-routing | Jun-ichiro itojun Hagino |
| 2006-12-15 | make enc(4) count; ok markus@ henning@ deraadt@ | Otto Moerbeek |
| 2006-12-13 | use IN6_IS_SCOPE_EMBED to check kernel-internal form addresses | Jun-ichiro itojun Hagino |
| 2006-05-28 | Only preemptively increase the replay counter for outbound TDBs. | Ryan Thomas McBride |
| 2006-03-25 | allow bpf(4) to ignore packets based on their direction (inbound or | Damien Miller |
| 2005-12-20 | use M_READONLY when trying to find out whether we have to copy | Markus Friedl |
| 2005-07-31 | Introduce bpf_mtap_af and bpf_mtap_hdr to be used when passing a mbuf chain | Christopher Pascoe |
| 2005-05-28 | Add SA replay counter synchronization to pfsync(4). Required for IPsec | Hakan Olsson |
| 2005-05-27 | comment out unused PACKET_TAG_IPSEC_IN_CRYPTO_DONE code; ok hshoexer | Markus Friedl |
| 2003-08-14 | m_copyback()'s 4th arg is const void *, nuke (caddr_t) casts. | Jason Wright |
| 2003-07-24 | conform to RFC2367 on SADB_xx naming (local name must be prefixed with | Jun-ichiro itojun Hagino |
| 2003-07-24 | hmac-sha2-{256,384,512} support in AH/ESP auth. markus ok | Jun-ichiro itojun Hagino |
| 2003-07-09 | do not flip ip_len/ip_off in netinet stack. deraadt ok. | Jun-ichiro itojun Hagino |
| 2003-05-03 | just as a safety measure, set m_flags to 0 for mbufs allocated on stack. | Jun-ichiro itojun Hagino |
| 2003-04-02 | o sanity check mbuf earlier. | Todd C. Miller |
| 2003-03-31 | Avoid using FREEd data when we get a crypto error; Patrick Latifi | Todd C. Miller |
| 2003-02-28 | Based on several comments from tedu: | Jason Wright |
| 2003-02-12 | Remove commons; inspired by netbsd. | Jason Wright |
| 2002-07-05 | Free crp_opaque only after we've determined we're not going to | Angelos D. Keromytis |
| 2002-06-26 | Update correct statistic if m_inject() fails --- from sam@errno.com | Angelos D. Keromytis |
| 2002-06-18 | KNF | Angelos D. Keromytis |
| 2002-06-18 | Initialize mo to NULL, for good measure -- sam@errno.com | Angelos D. Keromytis |
| 2002-06-18 | Fix reference to free'ed location (unreachable condition because of | Angelos D. Keromytis |
| 2002-06-09 | Set/clear M_AUTH_AH. | Angelos D. Keromytis |
| 2002-05-31 | Fix a DoS attack whereby an attacker could cause the replay counter to | Angelos D. Keromytis |
| 2001-06-26 | KNF | Angelos D. Keromytis |
| 2001-06-25 | Copyright. | Angelos D. Keromytis |
| 2001-06-23 | merge crypto/crypto{dev,}.h to crypto/cryptodev.h, to avoid name conflicts in... | Theo de Raadt |
| 2001-06-23 | Remove unneeded ip_id convertions. | Federico G. Schwindt |
| 2001-06-08 | Trim include files. | Angelos D. Keromytis |
| 2001-06-01 | The IPsec-aware NIC cards don't pass the ICV for later verification | Angelos D. Keromytis |
| 2001-05-30 | Update to match prototypes. | Angelos D. Keromytis |
| 2001-05-30 | Handle TDBF_SKIPCRYPTO on output, and PACKET_TAG_IPSEC_IN_CRYPTO_DONE | Angelos D. Keromytis |
| 2001-05-27 | Probably a good idea to pass the NULL to the correct function... | Angelos D. Keromytis |
| 2001-05-27 | Pass a NULL packet tag for now to ipsp_common_input_cb(). | Angelos D. Keromytis |
