| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2001-12-06 | remove #if 0'ed portion (for KAME IPSEC - not needed) | Jun-ichiro itojun Hagino | |
| 2001-11-26 | add fastroute options similar to what is found in ipf | jasoni | |
| ok dhartmei@, frantzen@ | |||
| 2001-09-18 | Avoid memory leak when disabling PMTU, rt_timer_queue_destroy() expects the | Aaron Campbell | |
| caller to free the structure. | |||
| 2001-07-17 | split ip normalization out into a separate file, okay dhartmei@ | Niels Provos | |
| 2001-07-16 | Move altq after pf; suggested by aaron@, kjc@ ok. | Federico G. Schwindt | |
| 2001-07-05 | IPComp support. angelos@ ok. | Jean-Jacques Bernard-Gundol | |
| 2001-06-28 | first stab at packet normalization. includes full ip reassembly. | Niels Provos | |
| okay dhartmei@, dugsong@ | |||
| 2001-06-27 | ALTQ base modifications to the kernel. | Kenjiro Cho | |
| - ALTQ introduces a set of new queue macros that coexist with the traditional IF_XXX macros. - "struct ifaltq" replaces "struct ifqueue" in "struct ifnet". - assign cdev major 74 for i386 and 54 for alpha as ALTQ control interface. | |||
| 2001-06-26 | no longer pass around **m | Theo de Raadt | |
| 2001-06-25 | Build without IPSEC. | Artur Grabowski | |
| 2001-06-24 | make it compile w/o pf | Michael Shalayeff | |
| 2001-06-24 | Initial import of pf, an all-new ipf-compatable packet filter. | Kjell Wooding | |
| Insane amounts of work done my dhartmei. Great work! | |||
| 2001-06-24 | take mtu from routing table | Niels Provos | |
| 2001-06-23 | Clear the checksum flags after verification. Also, don't count | Angelos D. Keromytis | |
| checksum errors as hardware checksum packets as well. | |||
| 2001-06-23 | Count input packets hardware-checksummed. | Angelos D. Keromytis | |
| 2001-06-23 | Remove unneeded ip_id convertions. | Federico G. Schwindt | |
| Instead of using HTONS macro in some places, use htons directly in the struct member and save us a few bytes. Fix comment. | |||
| 2001-06-23 | Count input/output hardware-checksummed IP packets. | Angelos D. Keromytis | |
| 2001-06-23 | Clear IPv4 input checksum OK flag after verification. | Angelos D. Keromytis | |
| 2001-06-23 | TCP, UDP, IPv4 input hardware checksumming processing; also IPv4 | Angelos D. Keromytis | |
| output hardware checksumming. Not tested yet, but should be done tonight. Remain to be solved: interactions with bridge, TCP/UDP output checksumming, interactions of TCP/UDP checksumming with routing changes. | |||
| 2001-06-19 | mop up after angelos | Theo de Raadt | |
| 2001-06-08 | Cut down on include files. | Angelos D. Keromytis | |
| 2001-06-01 | use pool allocation for ip fragement queue, from netbsd, | Niels Provos | |
| okay angelos@, itojun@ | |||
| 2001-05-30 | Remove ipf. Darren Reed has interpreted his (old, new, whichever) | Theo de Raadt | |
| licence in a way that makes ipf not free according to the rules we established over 5 years ago, at www.openbsd.org/goals.html (and those same basic rules govern the other *BSD projects too). Specifically, Darren says that modified versions are not permitted. But software which OpenBSD uses and redistributes must be free to all (be they people or companies), for any purpose they wish to use it, including modification, use, peeing on, or even integration into baby mulching machines or atomic bombs to be dropped on Australia. Furthermore, we know of a number of companies using ipf with modification like us, who are now in the same situation, and we hope that some of them will work with us to fill this gap that now exists in OpenBSD (temporarily, we hope). | |||
| 2001-05-27 | Use the new IPsec tags. | Angelos D. Keromytis | |
| 2001-05-20 | Remove varargs from ipv4_input; cmetz@ deraadt@ ok. | Federico G. Schwindt | |
| 2001-05-20 | Use packet tags instead of tdbi. | Angelos D. Keromytis | |
| 2001-05-16 | Don't clobber ip_sum; ip_output always sets this to 0 before calling | Federico G. Schwindt | |
| in_cksum so it's not needed here; itojun@ ok. This makes the ip_sum available in ipfilter. | |||
| 2001-05-11 | Check m_pullup() and m_pullup2() return for NULL, not 0; itojun@ ok | Aaron Campbell | |
| 2001-05-01 | get rid of dtom(), okay itojun@ angelos@ mickey@ millert@ | Niels Provos | |
| 2001-03-28 | Allow tdbi's to appear in mbufs throughout the stack; this allows | Angelos D. Keromytis | |
| security properties of the packets to be pushed up to the application (not done yet). Eventually, this will be turned into a packet attributes framework. Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS) does weird things with mbufs. | |||
| 2001-03-25 | A couple minor fixes to prevent use after free. Thanks to dawson and team ↵ | Constantine Sapuntzakis | |
| for finding these. Ok angelos@ | |||
| 2001-03-18 | enable pmtu by default | Niels Provos | |
| 2001-03-03 | on parse error of timestamp option, set parameter error offset correctly. | Jun-ichiro itojun Hagino | |
| 2001-03-03 | drop packets with 127.0.0.0/8 in header field, if the packet is from outside. | Jun-ichiro itojun Hagino | |
| under RFC1122 sender rule 127.0.0.8 must not appear on the wire. count incidents by ipstat.ips_badaddr. sync with kame | |||
| 2000-12-03 | Fix fastroute-related panic, fixes PR 1541 (cas@trans-nt.com) | Angelos D. Keromytis | |
| 2000-10-13 | make sure we don't share external mbuf between m and mcopy, in ip_forward(). | Jun-ichiro itojun Hagino | |
| NetBSD PR 11201. | |||
| 2000-09-22 | fix my bug dating back to february the 14th of 1998, | Michael Shalayeff | |
| when those wildcard interfaces came up, which were usefull at the times. on the other hand here it is, one cannot bind to the broadcast address, and angelos says ok. | |||
| 2000-09-19 | Lots and lots of changes. | Angelos D. Keromytis | |
| 2000-09-18 | Path MTU discovery based on NetBSD but with the decision to use the DF | Niels Provos | |
| flag delayed to ip_output(). That halves the code and reduces most of the route lookups. okay deraadt@ | |||
| 2000-05-15 | parse IPv4 options more carefully. make boundary checks against every | Jun-ichiro itojun Hagino | |
| steps (including option type/length field - there were no checks, seems to me 4.4BSD bug) | |||
| 2000-05-10 | make sure ip_timestamp is aligned correctly | Jason Wright | |
| 2000-05-06 | avoid underflow on unsigned value arithmetic (when optlen < 4). | Jun-ichiro itojun Hagino | |
| 2nd half of NetBSD Security Advisory 2000-002. | |||
| 2000-05-06 | avoid unaligned access in timestamp; ↵ | Theo de Raadt | |
| http://www.newhackcity.net/advisories/20000504a_0.txt; checked by provos and itojun | |||
| 2000-04-09 | Pass ip_off and ip_len in the correct byte order to icmp_error(); this | Angelos D. Keromytis | |
| should fix the crash problems with isic, reported last week. | |||
| 2000-04-04 | Verbiage fix. | Angelos D. Keromytis | |
| 2000-03-27 | As I threatened a while ago, ingress IPsec ACL-checking is turned on | Angelos D. Keromytis | |
| by default. Read the ipsecadm(8) man page for more details on how to specify ingress filters with manual keying. isakmpd has been doing this for a while now. | |||
| 2000-03-03 | remove WIDE's experimental ip reass code, mistakingly merged in partially. | Jun-ichiro itojun Hagino | |
| NetBSD PR: 9412 Fix from: ho@crt.se | |||
| 2000-01-10 | Add 10 new ipsec-related sysctl variables...they are currently under | Angelos D. Keromytis | |
| net.inet.ip; perhaps they should be moved under net.inet.ipsec or some such. | |||
| 2000-01-10 | Add net.inet.ip.ipsec-invalid-life, default value 60 seconds; the | Angelos D. Keromytis | |
| amount of time embryonic SAs will be kept before they have to be initialized by key management (this only affects automated key management). | |||
| 2000-01-09 | Rename newly-introduced variable to better reflect use. | Angelos D. Keromytis | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |