summaryrefslogtreecommitdiff
path: root/sys/netinet/ip_esp.c
AgeCommit message (Expand)Author
2001-06-05Add a few DPRINTF()'sAngelos D. Keromytis
2001-06-01The IPsec-aware NIC cards don't pass the ICV for later verificationAngelos D. Keromytis
2001-05-30Update to match prototypes.Angelos D. Keromytis
2001-05-30Handle TDBF_SKIPCRYPTO on output, and PACKET_TAG_IPSEC_IN_CRYPTO_DONEAngelos D. Keromytis
2001-05-27Pass a NULL packet tag for now to ipsp_common_input_cb().Angelos D. Keromytis
2001-05-17convert mbuf and cluster allocation to pool, mostly from NetBSDNiels Provos
2001-05-13initial cut at /dev/crypto support. takes original mbuf "try, and discardTheo de Raadt
2001-05-12Move bzero() after test for correct allocation (jj@wabbitt.org)Angelos D. Keromytis
2001-04-14Minor changes, preparing for real socket-attached TDBs; also, moreAngelos D. Keromytis
2001-04-06Move offsetof define into sys/param.hConstantine Sapuntzakis
2001-03-28Allow tdbi's to appear in mbufs throughout the stack; this allowsAngelos D. Keromytis
2001-03-23Fix slow mbuf leak.Angelos D. Keromytis
2001-03-15convert SA expirations to the new timeouts.Michael Shalayeff
2000-11-17*HMAC96->*HMACAngelos D. Keromytis
2000-10-09AES support.Angelos D. Keromytis
2000-09-19Lots and lots of changes.Angelos D. Keromytis
2000-06-18Use M_NOWAIT instead of M_DONTWAIT in MALLOC() (even though they'reAngelos D. Keromytis
2000-06-18The callbacks need to set the appropriate spl level now.Angelos D. Keromytis
2000-06-15What was the offending payload length?Angelos D. Keromytis
2000-06-14Initialize tc_ptr to zero if authentication is not used.Angelos D. Keromytis
2000-06-06Get rid of tdb_ref, keep indirect pointer to TDB.Angelos D. Keromytis
2000-06-01Check for invalid TDBs right away in the callbacks.Angelos D. Keromytis
2000-05-15Fix sanity check that caused really short packets (ICMPs with lessAngelos D. Keromytis
2000-04-25when fixing up the header, copy from the right sized datatype (fixes IPsecJason Wright
2000-04-06only call get_random_bytes() once in m_pad()Theo de Raadt
2000-03-30Only allocate space for a copy of the authenticator if authenticationAngelos D. Keromytis
2000-03-29Note to self: test before committing.Angelos D. Keromytis
2000-03-29Conform to crypto framework changes for IVs.Angelos D. Keromytis
2000-03-28Allow authentication-only ESP (must have broken it in the previousAngelos D. Keromytis
2000-03-25Fix typo causing crash if ESP was used with only authentication orAngelos D. Keromytis
2000-03-21Fix casting so it compiles on alphas (testing by janjaap@stack.nl,Angelos D. Keromytis
2000-03-17Cryptographic services framework, and software "device driver". TheAngelos D. Keromytis
2000-02-07fix include file path related to ip6.Jun-ichiro itojun Hagino
2000-01-27Merge "old" and "new" ESP and AH in two files (one for each).Angelos D. Keromytis
1999-12-09Ok, no more IPsec for OpenBSD...I've had enough with it.Angelos D. Keromytis
1999-12-09IPv6 support should now be complete (well, we need the right hooks inAngelos D. Keromytis
1999-12-07New ah_new_input(), protocol-independent processing (still lackingAngelos D. Keromytis
1999-12-06New ESP code that's v4 and v6 friendly.Angelos D. Keromytis
1999-11-04gettdb() should be at spltdb().Hakan Olsson
1999-10-29Support multiple enc interfaces.Angelos D. Keromytis
1999-07-05remove bogus entry from if_enc address list; and rename enc_softc to encifTheo de Raadt
1999-05-16spltdb introduced, protection for tdb lists and related structures, soNiklas Hallqvist
1999-05-14A new scalable IPsec SA expiration model.Niklas Hallqvist
1999-04-11Introduce net.inet.{ah,esp}.enable sysctl controls that are off by default.Niklas Hallqvist
1999-04-09Make the tdbi handling more robust, removes a panic caseNiklas Hallqvist
1999-03-27add SADB_X_BINDSA to pfkey allowing incoming SAs to refer to an outgoingNiels Provos
1999-02-24Update copyright; remove a few annoying debugging printfs.Angelos D. Keromytis
1999-02-24Remove encap.h include; saner debugging printfs; fix buglets; work withAngelos D. Keromytis
1998-06-10make the packets which were successfully processed by IPSec available toNiels Provos
1998-05-24avoid source address spoofing for mutual hostile hosts which have SAs toNiels Provos