| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2001-03-15 | convert SA expirations to the new timeouts. | Michael Shalayeff | |
| simplifies expirations handling a lot. tdb_exp_timeout and tdb_soft_timeout are made consistant throughout the code to be a relative time offsets, just like first_use timeouts. tested on singlehost isakmpd setup. lots of dangling spaces and tabs removed. angelos@ ok | |||
| 2000-11-17 | *HMAC96->*HMAC | Angelos D. Keromytis | |
| 2000-10-09 | AES support. | Angelos D. Keromytis | |
| 2000-09-19 | Lots and lots of changes. | Angelos D. Keromytis | |
| 2000-06-18 | Use M_NOWAIT instead of M_DONTWAIT in MALLOC() (even though they're | Angelos D. Keromytis | |
| defined to be the same in mbuf.h) | |||
| 2000-06-18 | The callbacks need to set the appropriate spl level now. | Angelos D. Keromytis | |
| 2000-06-15 | What was the offending payload length? | Angelos D. Keromytis | |
| 2000-06-14 | Initialize tc_ptr to zero if authentication is not used. | Angelos D. Keromytis | |
| 2000-06-06 | Get rid of tdb_ref, keep indirect pointer to TDB. | Angelos D. Keromytis | |
| 2000-06-01 | Check for invalid TDBs right away in the callbacks. | Angelos D. Keromytis | |
| 2000-05-15 | Fix sanity check that caused really short packets (ICMPs with less | Angelos D. Keromytis | |
| than 8 bytes of payload) to be dropped. Did not affect TCP/UDP packets and most ICMP packets. | |||
| 2000-04-25 | when fixing up the header, copy from the right sized datatype (fixes IPsec | Jason Wright | |
| on big-endian machines) | |||
| 2000-04-06 | only call get_random_bytes() once in m_pad() | Theo de Raadt | |
| 2000-03-30 | Only allocate space for a copy of the authenticator if authentication | Angelos D. Keromytis | |
| is in use. | |||
| 2000-03-29 | Note to self: test before committing. | Angelos D. Keromytis | |
| 2000-03-29 | Conform to crypto framework changes for IVs. | Angelos D. Keromytis | |
| 2000-03-28 | Allow authentication-only ESP (must have broken it in the previous | Angelos D. Keromytis | |
| round of commits). | |||
| 2000-03-25 | Fix typo causing crash if ESP was used with only authentication or | Angelos D. Keromytis | |
| encryption (not both). Problem noted by jason@openbsd.org | |||
| 2000-03-21 | Fix casting so it compiles on alphas (testing by janjaap@stack.nl, | Angelos D. Keromytis | |
| closing pr #1150) | |||
| 2000-03-17 | Cryptographic services framework, and software "device driver". The | Angelos D. Keromytis | |
| idea is to support various cryptographic hardware accelerators (which may be (detachable) cards, secondary/tertiary/etc processors, software crypto, etc). Supports session migration between crypto devices. What it doesn't (yet) support: - multiple instances of the same algorithm used in the same session - use of multiple crypto drivers in the same session - asymmetric crypto No support for a userland device yet. IPsec code path modified to allow for asynchronous cryptography (callbacks used in both input and output processing). Some unrelated code simplification done in the process (especially for AH). Development of this code kindly supported by Network Security Technologies (NSTI). The code was writen mostly in Greece, and is being committed from Montreal. | |||
| 2000-02-07 | fix include file path related to ip6. | Jun-ichiro itojun Hagino | |
| 2000-01-27 | Merge "old" and "new" ESP and AH in two files (one for each). | Angelos D. Keromytis | |
| Fix a couple of buglets with ingress flow deletion. tcpdump on enc0 should now show all outgoing packets *before* being processed, and all incoming packets *after* being processed. Good to be in Canada (land of the free commits). | |||
| 1999-12-09 | Ok, no more IPsec for OpenBSD...I've had enough with it. | Angelos D. Keromytis | |
| 1999-12-09 | IPv6 support should now be complete (well, we need the right hooks in | Angelos D. Keromytis | |
| ip6_input()) | |||
| 1999-12-07 | New ah_new_input(), protocol-independent processing (still lacking | Angelos D. Keromytis | |
| IPv6-specific protocol header processing). | |||
| 1999-12-06 | New ESP code that's v4 and v6 friendly. | Angelos D. Keromytis | |
| 1999-11-04 | gettdb() should be at spltdb(). | Hakan Olsson | |
| 1999-10-29 | Support multiple enc interfaces. | Angelos D. Keromytis | |
| 1999-07-05 | remove bogus entry from if_enc address list; and rename enc_softc to encif | Theo de Raadt | |
| 1999-05-16 | spltdb introduced, protection for tdb lists and related structures, so | Niklas Hallqvist | |
| they won't disappear behind our back by an expiration. Cleanup expiration logic too. | |||
| 1999-05-14 | A new scalable IPsec SA expiration model. | Niklas Hallqvist | |
| 1999-04-11 | Introduce net.inet.{ah,esp}.enable sysctl controls that are off by default. | Niklas Hallqvist | |
| If you are going to use either of AH or ESP or both, enable these in /etc/sysctl.conf. Also correct the IPSec debugging sysctl code, it is now named net.inet.ip.encdebug. Some corrected function signatures too. | |||
| 1999-04-09 | Make the tdbi handling more robust, removes a panic case | Niklas Hallqvist | |
| 1999-03-27 | add SADB_X_BINDSA to pfkey allowing incoming SAs to refer to an outgoing | Niels Provos | |
| SA to be used, use this SA in ip_output if available. allow mobile road warriors for bind SAs with wildcard dst and src addresses. check IPSEC AUTH and ESP level when receiving packets, drop them if protection is insufficient. add stats to show dropped packets because of insufficient IPSEC protection. -- phew. this was all done in canada. dugsong and linh provided the ride and company. | |||
| 1999-02-24 | Update copyright; remove a few annoying debugging printfs. | Angelos D. Keromytis | |
| Btw, OpenBSD hit 25000 commits a couple commits ago. | |||
| 1999-02-24 | Remove encap.h include; saner debugging printfs; fix buglets; work with | Angelos D. Keromytis | |
| pfkeyv2. | |||
| 1998-06-10 | make the packets which were successfully processed by IPSec available to | Niels Provos | |
| bpf via the enc0 interface, using linktype DLT_ENC. | |||
| 1998-05-24 | avoid source address spoofing for mutual hostile hosts which have SAs to | Niels Provos | |
| us, reported by Craig Metz <cmetz@inner.net>. | |||
| 1998-05-18 | first step to the setsockopt/getsockopt interface as described in | Niels Provos | |
| draft-mcdonald-simple-ipsec-api, kernel notifies (EMT_REQUESTSA) signal userland key management applications when security services are requested. this is only for outgoing connections at the moment, incoming packets are not yet checked against the selected socket policy. | |||
| 1997-11-04 | make it easier to add additional transforms. add blowfish and cast | Niels Provos | |
| encryption. some more info for kernfs/ipsec. | |||
| 1997-10-02 | conditional error logging | Theo de Raadt | |
| 1997-09-28 | log() needs a \n | Theo de Raadt | |
| 1997-07-27 | expiration messages, fixes, updates, all sorts of things | Niklas Hallqvist | |
| 1997-07-18 | enablespi/disablespi in encap + print spi's in hostorder | Niels Provos | |
| 1997-07-11 | put old esp/ah and new esp/ah in different files. | Niels Provos | |
| generalised way of handling transforms. | |||
| 1997-07-01 | major restructuring | Niels Provos | |
| 1997-06-25 | hard and soft limits for SPI's per absolute timer, relative since establish, | Niels Provos | |
| relative since first use timers, packet and byte counters. notify key mgmt on soft limits. key mgmt can now specify limits. new encap messages: EMT_RESERVESPI, EMT_ENABLESPI, EMT_DISABLESPI | |||
| 1997-06-21 | u_int32_t changes, need testing | Theo de Raadt | |
| 1997-06-20 | ah-sha1 + esp-3des + indentation | Niels Provos | |
| 1997-02-26 | count input/output packets for esp | Theo de Raadt | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |