summaryrefslogtreecommitdiff
path: root/sys/netinet/ip_ipip.c
AgeCommit message (Collapse)Author
2005-07-31Introduce bpf_mtap_af and bpf_mtap_hdr to be used when passing a mbuf chainChristopher Pascoe
to bpf with either an address family or other header added. These helpers only allocate a much smaller struct m_hdr on the stack when needed, rather than leaving 256 byte struct mbufs on the stack in deep call paths. Also removes a fair bit of duplicated code. commit now, tune after deraadt@
2004-11-17ip6_plen does not include the size of the ipv6 header; ok itojunMarkus Friedl
2004-06-21make it possble to use IPsec over link-local address (policy table usesJun-ichiro itojun Hagino
sin6_scope_id, IPsec porion uses embedded form). beck ok
2003-12-10de-register. deraadt okJun-ichiro itojun Hagino
2003-05-03just as a safety measure, set m_flags to 0 for mbufs allocated on stack.Jun-ichiro itojun Hagino
dhartmei ok
2003-01-31KNFTheo de Raadt
2002-07-05Also, return EAFNOSUPPORT instead of ENOBUFS. Both this and theAngelos D. Keromytis
previous commit where noted by sam@errno.com
2002-07-05Bump ipips_family in ipipstat in all cases where EAFNOSUPPORT is returned.Angelos D. Keromytis
2002-06-10correct tcpdump on gif interface (inbound). reported by friesJun-ichiro itojun Hagino
2002-06-09whitespaceJun-ichiro itojun Hagino
2002-05-16bring in ECN support from KAME.Kenjiro Cho
it consists of - ECN support in TCP - tunnel-egress and fragment reassembly rules in layer-3 not to lose congestion info at tunnel-egress and fragment reassembly to enable ECN in TCP, build a kernel with TCP_ECN, and then, turn it on by "sysctl -w net.inet.tcp.ecn=1". ok deraadt@
2001-12-06Sanity check on inner IP header in IP-in-IP encapsulation; could beAngelos D. Keromytis
exploited to crash systems that allowed IP-in-IP protocol (sysctl -w net.inet.ipip.allow=1)
2001-08-19Pass the interface (if any) to ipip_input(), so it can be used inAngelos D. Keromytis
BPF. Closes PR 2000.
2001-07-04Make preprocessor happier, don't give it untasty tokens at end of input.Marc Espie
Ok millert@
2001-06-26More KNFAngelos D. Keromytis
2001-06-25Copyright.Angelos D. Keromytis
2001-06-19mop up after angelosTheo de Raadt
2001-06-08Cut down on include files.Angelos D. Keromytis
2001-05-30Match prototype.Angelos D. Keromytis
2001-05-11Check m_pullup() and m_pullup2() return for NULL, not 0; itojun@ okAaron Campbell
2001-04-14Minor changes, preparing for real socket-attached TDBs; also, moreAngelos D. Keromytis
information will be stored in the TDB. ok ho@ provos@
2001-04-06Move offsetof define into sys/param.hConstantine Sapuntzakis
2001-03-28Allow tdbi's to appear in mbufs throughout the stack; this allowsAngelos D. Keromytis
security properties of the packets to be pushed up to the application (not done yet). Eventually, this will be turned into a packet attributes framework. Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS) does weird things with mbufs.
2001-02-28If net.inet.ipip.allow is set to 2, don't check for loopback addressAngelos D. Keromytis
spoofing of encapsulated packets (useful for single-machinet testing of isakmpd)
2000-09-19Lots and lots of changes.Angelos D. Keromytis
2000-08-04One parenthesis too many.Angelos D. Keromytis
2000-08-04Worked out the logic (thanks to pt98asp@student.hk-r.se andAngelos D. Keromytis
pt98kfr@student.hk-r.se -- I still don't know why rev1.5 didn't work).
2000-08-03Back to the submitted patch -- this needs more investigation.Angelos D. Keromytis
2000-08-03In fact, this is the correct behaviour (or I'm going crazy).Angelos D. Keromytis
2000-08-03Correct handling of ip_off (askk@rsn.hk-r.se)Angelos D. Keromytis
2000-06-20try to cope with AH6 with scoped address case better.Jun-ichiro itojun Hagino
2000-01-21Typo.Angelos D. Keromytis
2000-01-21Rename the ip4_* routines to ipip_*, make it so GIF tunnels are notAngelos D. Keromytis
affected by net.inet.ipip.allow (the sysctl formerly known as net.inet.ip4.allow), rename the VIF ipip_input to ipip_mroute_input.