summaryrefslogtreecommitdiff
path: root/sys/netinet/ip_ip4.c
AgeCommit message (Collapse)Author
1999-10-29Remove unnecessary argument from ipe4_output() and etherip_output()Angelos D. Keromytis
1999-10-29Fix some comments.Angelos D. Keromytis
1999-05-16Don't judge locally generated tunnel packets as spoof attempts. indent.Niklas Hallqvist
1999-05-12Obvious pastoNiklas Hallqvist
1999-04-20Merge MROUTING and IPSEC wrt handling of IP-in-IP tunnelled packets.Niklas Hallqvist
Fix a panic case in the MROUTING code too. Drop M_TUNNEL support, nothing ever uses it.
1999-04-09The kernel parts of a sysctl that can switch on/off IP-in-IP (protocol 4)Niklas Hallqvist
support, when IPSEC is compiled in. The default is disabled. Turn on with: sysctl -w net.inet.ip4.allow=1 ***Only*** do this if you are really knowing what you do! This control does not control the tunnel modes of ESP and AH.
1999-04-09Check for local address spoofing on encapsulated packets.Angelos D. Keromytis
1999-04-04fix tunnelling; provosTheo de Raadt
1999-02-25Clear the DF bit, so packets don't get dropped inside a tunnel.Angelos D. Keromytis
The real solution is probably to keep soft state; however, it's not entirely clear what a tunnel's properties with regards to fragmentation are (it may be considered a infinitely-large MTU pipe).
1999-02-24Update copyright; remove a few annoying debugging printfs.Angelos D. Keromytis
Btw, OpenBSD hit 25000 commits a couple commits ago.
1999-02-24Remove encap.h include; saner debugging printfs; fix buglets; work withAngelos D. Keromytis
pfkeyv2.
1999-01-08dont call ip_randomid() in htons().Niels Provos
1998-12-26make ip_id random but ensure that ids dont repeat for some period.Niels Provos
1998-07-29Proper handling of IP in IP and checksumming.Angelos D. Keromytis
1998-06-10make the packets which were successfully processed by IPSec available toNiels Provos
bpf via the enc0 interface, using linktype DLT_ENC.
1998-05-22Set the outter IP header's ttl, not the inner.Angelos D. Keromytis
1998-05-18first step to the setsockopt/getsockopt interface as described inNiels Provos
draft-mcdonald-simple-ipsec-api, kernel notifies (EMT_REQUESTSA) signal userland key management applications when security services are requested. this is only for outgoing connections at the moment, incoming packets are not yet checked against the selected socket policy.
1998-03-18adapt function arguments to get the expected prototype.Niels Provos
1997-11-04make it easier to add additional transforms. add blowfish and castNiels Provos
encryption. some more info for kernfs/ipsec.
1997-10-02conditional error loggingTheo de Raadt
1997-09-28more \n in log()Theo de Raadt
1997-07-14global byte counters.Niels Provos
1997-07-11put old esp/ah and new esp/ah in different files.Niels Provos
generalised way of handling transforms.
1997-07-01major restructuringNiels Provos
1997-06-25hard and soft limits for SPI's per absolute timer, relative since establish,Niels Provos
relative since first use timers, packet and byte counters. notify key mgmt on soft limits. key mgmt can now specify limits. new encap messages: EMT_RESERVESPI, EMT_ENABLESPI, EMT_DISABLESPI
1997-06-24handle IP options in AH + allow IP options in outgoing encapsulated packetsNiels Provos
+ usage counters for later use with keymanagement processes
1997-06-24Comment reordering.Angelos D. Keromytis
1997-06-20ah-sha1 + esp-3des + indentationNiels Provos
1997-02-26I/O packet counters for IP-in-IP and AH.Angelos D. Keromytis
1997-02-24OpenBSD tags + some prototyping policeNiklas Hallqvist
1997-02-22Resolved a couple of open issues (just changed comments after checkingAngelos D. Keromytis
RFCs).
1997-02-22User-defined TTL for external IP header.Angelos D. Keromytis
1997-02-20IPSEC package by John Ioannidis and Angelos D. Keromytis. Written inTheo de Raadt
Greece. From ftp.funet.fi:/pub/unix/security/net/ip/BSDipsec.tar.gz
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-07 16:09:47 +0000