summaryrefslogtreecommitdiff
path: root/sys/netinet/ip_esp.c
AgeCommit message (Expand)Author
2006-09-21ugly trailing ws; from bret dot lambert at gmailOtto Moerbeek
2006-05-28Only preemptively increase the replay counter for outbound TDBs.Ryan Thomas McBride
2006-03-25allow bpf(4) to ignore packets based on their direction (inbound orDamien Miller
2005-12-20use M_READONLY when trying to find out whether we have to copyMarkus Friedl
2005-08-05don't panic for SADB_ADD w/o enc/auth, with and ok hshoexer@Markus Friedl
2005-08-02use arc4random for random packet padding (largely acedemic because it isDamien Miller
2005-07-31Introduce bpf_mtap_af and bpf_mtap_hdr to be used when passing a mbuf chainChristopher Pascoe
2005-05-28Add SA replay counter synchronization to pfsync(4). Required for IPsecHakan Olsson
2005-05-27comment out unused PACKET_TAG_IPSEC_IN_CRYPTO_DONE code; ok hshoexerMarkus Friedl
2005-05-25AESCTR support for ESP (RFC 3686); ok hshoexerMarkus Friedl
2005-05-10support NULL encryption for ESP; ok hshoexer, hoMarkus Friedl
2003-12-10de-register. deraadt okJun-ichiro itojun Hagino
2003-08-14m_copyback()'s 4th arg is const void *, nuke (caddr_t) casts.Jason Wright
2003-07-24conform to RFC2367 on SADB_xx naming (local name must be prefixed withJun-ichiro itojun Hagino
2003-07-24hmac-sha2-{256,384,512} support in AH/ESP auth. markus okJun-ichiro itojun Hagino
2003-07-09fix whitespaceMarkus Friedl
2003-05-03just as a safety measure, set m_flags to 0 for mbufs allocated on stack.Jun-ichiro itojun Hagino
2003-04-02o sanity check mbuf earlier.Todd C. Miller
2003-03-31Avoid using FREEd data when we get a crypto error; Patrick LatifiTodd C. Miller
2003-02-28Based on several comments from tedu:Jason Wright
2003-02-21kill unused variablesTed Unangst
2003-02-12Remove commons; inspired by netbsd.Jason Wright
2003-02-01m_pad() is expected to have free'd the mbuf if it returns NULL, soDaniel Hartmeier
2002-11-07Check for invalid payload lengths also for NULL enc. markus@, angelos@ ok.Hakan Olsson
2002-07-30Be sure to check the integrity verifier for packets that didn't have it doneJason Wright
2002-07-05Free crp_opaque only after we've determined we're not going toAngelos D. Keromytis
2002-06-18KNFAngelos D. Keromytis
2002-06-18Initialize mo to NULL, for good measure -- sam@errno.comAngelos D. Keromytis
2002-06-18Same as with ip_ah.c (fix unreachable reference-after-free)Angelos D. Keromytis
2002-05-31Fix a DoS attack whereby an attacker could cause the replay counter toAngelos D. Keromytis
2001-06-26KNFAngelos D. Keromytis
2001-06-25Copyright.Angelos D. Keromytis
2001-06-23merge crypto/crypto{dev,}.h to crypto/cryptodev.h, to avoid name conflicts in...Theo de Raadt
2001-06-13Use blocksize, not ivmaskAngelos D. Keromytis
2001-06-08Trim include files.Angelos D. Keromytis
2001-06-05Add a few DPRINTF()'sAngelos D. Keromytis
2001-06-01The IPsec-aware NIC cards don't pass the ICV for later verificationAngelos D. Keromytis
2001-05-30Update to match prototypes.Angelos D. Keromytis
2001-05-30Handle TDBF_SKIPCRYPTO on output, and PACKET_TAG_IPSEC_IN_CRYPTO_DONEAngelos D. Keromytis
2001-05-27Pass a NULL packet tag for now to ipsp_common_input_cb().Angelos D. Keromytis
2001-05-17convert mbuf and cluster allocation to pool, mostly from NetBSDNiels Provos
2001-05-13initial cut at /dev/crypto support. takes original mbuf "try, and discardTheo de Raadt
2001-05-12Move bzero() after test for correct allocation (jj@wabbitt.org)Angelos D. Keromytis
2001-04-14Minor changes, preparing for real socket-attached TDBs; also, moreAngelos D. Keromytis
2001-04-06Move offsetof define into sys/param.hConstantine Sapuntzakis
2001-03-28Allow tdbi's to appear in mbufs throughout the stack; this allowsAngelos D. Keromytis
2001-03-23Fix slow mbuf leak.Angelos D. Keromytis
2001-03-15convert SA expirations to the new timeouts.Michael Shalayeff
2000-11-17*HMAC96->*HMACAngelos D. Keromytis
2000-10-09AES support.Angelos D. Keromytis