summaryrefslogtreecommitdiff
path: root/sys/netinet/ip_ah.h
AgeCommit message (Collapse)Author
2001-06-25Copyright.Angelos D. Keromytis
2001-06-09Inclusion protection.Angelos D. Keromytis
2000-09-19Lots and lots of changes.Angelos D. Keromytis
2000-03-17Cryptographic services framework, and software "device driver". TheAngelos D. Keromytis
idea is to support various cryptographic hardware accelerators (which may be (detachable) cards, secondary/tertiary/etc processors, software crypto, etc). Supports session migration between crypto devices. What it doesn't (yet) support: - multiple instances of the same algorithm used in the same session - use of multiple crypto drivers in the same session - asymmetric crypto No support for a userland device yet. IPsec code path modified to allow for asynchronous cryptography (callbacks used in both input and output processing). Some unrelated code simplification done in the process (especially for AH). Development of this code kindly supported by Network Security Technologies (NSTI). The code was writen mostly in Greece, and is being committed from Montreal.
2000-01-27Merge "old" and "new" ESP and AH in two files (one for each).Angelos D. Keromytis
Fix a couple of buglets with ingress flow deletion. tcpdump on enc0 should now show all outgoing packets *before* being processed, and all incoming packets *after* being processed. Good to be in Canada (land of the free commits).
2000-01-13Add an ip4_input6() for use with IPv6 (just a wrapper forAngelos D. Keromytis
ip4_input()), add prototype, ifdef include files.
2000-01-09Add ingress ACL for IPsec: after being processed, IPsec packets areAngelos D. Keromytis
matched against a list of acceptable packet classes, if sysctl variable net.inet.ip.ipsec-acl is set to 1.
1999-12-31fix IPv6 ipsec template lossage.Jun-ichiro itojun Hagino
- previous code grabbed new nexthdr mistakingly - parameter passing must follow ip6protows (actually the code will never get called until in6_proto.c is updated) the current code assumes that {AH,ESP} is right next to IPv6 header. the assumption must be removed, but it means that we need to chase header chain...
1999-12-25Change some function prototypes, dont unnecessarily initialize someAngelos D. Keromytis
variables.
1999-12-09Add v4/v6 wrapper routine definitions.Angelos D. Keromytis
1999-12-07New ah_new_input(), protocol-independent processing (still lackingAngelos D. Keromytis
IPv6-specific protocol header processing).
1999-10-29Get rid of unnecessary third argument in *_output routines of IPsec.Angelos D. Keromytis
1999-04-11Introduce net.inet.{ah,esp}.enable sysctl controls that are off by default.Niklas Hallqvist
If you are going to use either of AH or ESP or both, enable these in /etc/sysctl.conf. Also correct the IPSec debugging sysctl code, it is now named net.inet.ip.encdebug. Some corrected function signatures too.
1999-02-24Update copyright; remove a few annoying debugging printfs.Angelos D. Keromytis
Btw, OpenBSD hit 25000 commits a couple commits ago.
1999-02-24Remove encap.h include; saner debugging printfs; fix buglets; work withAngelos D. Keromytis
pfkeyv2.
1998-11-25Add checks of packets getting to big after transforms.Niklas Hallqvist
Also make sure some more error conditions get told to the caller.
1998-05-18first step to the setsockopt/getsockopt interface as described inNiels Provos
draft-mcdonald-simple-ipsec-api, kernel notifies (EMT_REQUESTSA) signal userland key management applications when security services are requested. this is only for outgoing connections at the moment, incoming packets are not yet checked against the selected socket policy.
1997-11-24add ripemd-160 as authentication function.Niels Provos
1997-11-04make it easier to add additional transforms. add blowfish and castNiels Provos
encryption. some more info for kernfs/ipsec.
1997-07-14global byte counters.Niels Provos
1997-07-11put old esp/ah and new esp/ah in different files.Niels Provos
generalised way of handling transforms.
1997-06-25hard and soft limits for SPI's per absolute timer, relative since establish,Niels Provos
relative since first use timers, packet and byte counters. notify key mgmt on soft limits. key mgmt can now specify limits. new encap messages: EMT_RESERVESPI, EMT_ENABLESPI, EMT_DISABLESPI
1997-06-20ah-sha1 + esp-3des + indentationNiels Provos
1997-03-30no more 2(two) md5 libs in kernel!Michael Shalayeff
tested for rnd(4).... should work for ip too, since it's the copy of ip_md*. use sys/md5k.h for protos.... std iface forever! hurray!
1997-02-26I/O packet counters added.Angelos D. Keromytis
1997-02-24Beautification.Angelos D. Keromytis
1997-02-24OpenBSD tags + some prototyping policeNiklas Hallqvist
1997-02-20IPSEC package by John Ioannidis and Angelos D. Keromytis. Written inTheo de Raadt
Greece. From ftp.funet.fi:/pub/unix/security/net/ip/BSDipsec.tar.gz