Age | Commit message (Collapse) | Author | |
---|---|---|---|
2001-03-13 | Force a new search for an SA if the latched one is deleted. | Angelos D. Keromytis | |
2001-03-04 | Store peer's credentials in TDB. | Angelos D. Keromytis | |
2001-02-28 | Keep the last packet sent or received that matched an SPD entry, and | Angelos D. Keromytis | |
retransmit if we eventually have an SA setup for that policy. | |||
2000-12-28 | Remove unused and confusing reporting line. | Angelos D. Keromytis | |
2000-12-24 | Extra argument in the function to tdb_walk(), indicating last TDB. | Angelos D. Keromytis | |
2000-12-18 | Minor sanity check. | Angelos D. Keromytis | |
2000-12-15 | send expire messages also for sa's that do not have been used. | Niels Provos | |
okay angelos@ | |||
2000-09-19 | SA bundles. | Angelos D. Keromytis | |
2000-09-19 | Lots and lots of changes. | Angelos D. Keromytis | |
2000-08-03 | Don't even need to reset ip_sum, if we're not going to compute it here | Angelos D. Keromytis | |
but in ip_output() | |||
2000-08-03 | Avoid unnecessary call to in_cksum(). | Angelos D. Keromytis | |
2000-08-03 | Zeroize ip_sum before computing checksum (just general paranoia). | Angelos D. Keromytis | |
2000-06-19 | IPv6 IPsec, outbound direction. | Jun-ichiro itojun Hagino | |
restriction: if there's any extension header (except fragment) and outbound packet matches tdb, we can't encrypt it. packet will not go out of the node (dropped). | |||
2000-06-18 | Correct function declaration. | Angelos D. Keromytis | |
2000-06-18 | Pull in the right header for ip6_sprintf(), fix argument. | Angelos D. Keromytis | |
2000-06-18 | Use ip6_sprintf() rather than the home-cooked inet6_ntoa4() | Angelos D. Keromytis | |
2000-06-18 | Print++ | Angelos D. Keromytis | |
2000-06-06 | Get rid of tdb_ref, keep indirect pointer to TDB. | Angelos D. Keromytis | |
2000-06-01 | Fix the German's comment typos. | Angelos D. Keromytis | |
2000-06-01 | Should learn how to count... | Angelos D. Keromytis | |
2000-06-01 | Oops, remove bogus comment. | Angelos D. Keromytis | |
2000-06-01 | Beautify a little bit. | Angelos D. Keromytis | |
2000-06-01 | Use ipsp_spd_lookup() in ip_output() | Angelos D. Keromytis | |
2000-06-01 | ipsp_acquire_sa() | Angelos D. Keromytis | |
2000-06-01 | ipsp_spd_lookup() | Angelos D. Keromytis | |
2000-04-19 | tdb_ref should be signed, this avoid a problem with flushing the TDB | Angelos D. Keromytis | |
table causing repeated allocations of bypass TDBs. | |||
2000-03-28 | Allow authentication-only ESP (must have broken it in the previous | Angelos D. Keromytis | |
round of commits). | |||
2000-03-28 | Set the protocol family in the destination address of bypass flows. | Angelos D. Keromytis | |
2000-03-17 | Cryptographic services framework, and software "device driver". The | Angelos D. Keromytis | |
idea is to support various cryptographic hardware accelerators (which may be (detachable) cards, secondary/tertiary/etc processors, software crypto, etc). Supports session migration between crypto devices. What it doesn't (yet) support: - multiple instances of the same algorithm used in the same session - use of multiple crypto drivers in the same session - asymmetric crypto No support for a userland device yet. IPsec code path modified to allow for asynchronous cryptography (callbacks used in both input and output processing). Some unrelated code simplification done in the process (especially for AH). Development of this code kindly supported by Network Security Technologies (NSTI). The code was writen mostly in Greece, and is being committed from Montreal. | |||
2000-02-09 | don't need netinet6/in6.h | Jun-ichiro itojun Hagino | |
2000-02-07 | fix include file path related to ip6. | Jun-ichiro itojun Hagino | |
2000-01-27 | Merge "old" and "new" ESP and AH in two files (one for each). | Angelos D. Keromytis | |
Fix a couple of buglets with ingress flow deletion. tcpdump on enc0 should now show all outgoing packets *before* being processed, and all incoming packets *after* being processed. Good to be in Canada (land of the free commits). | |||
2000-01-21 | Rename the ip4_* routines to ipip_*, make it so GIF tunnels are not | Angelos D. Keromytis | |
affected by net.inet.ipip.allow (the sysctl formerly known as net.inet.ip4.allow), rename the VIF ipip_input to ipip_mroute_input. | |||
2000-01-13 | Print number of ingress flows in /kern/ipsec | Angelos D. Keromytis | |
2000-01-13 | put_flow(), find_flow(), and delete_flow() get a third argument (for | Angelos D. Keromytis | |
ingress or egress flow) | |||
2000-01-11 | Correct sa_require handling. | Angelos D. Keromytis | |
2000-01-11 | Fix check for sen_type. | Angelos D. Keromytis | |
2000-01-11 | Use default values when requesting dynamic VPNs. | Angelos D. Keromytis | |
2000-01-11 | Only use defaults if they have sane values. | Angelos D. Keromytis | |
2000-01-10 | Add 10 new ipsec-related sysctl variables...they are currently under | Angelos D. Keromytis | |
net.inet.ip; perhaps they should be moved under net.inet.ipsec or some such. | |||
2000-01-10 | Some more code for dealing with socket IPsec options. | Angelos D. Keromytis | |
2000-01-10 | Only setup an expiration for embryonic SAs if | Angelos D. Keromytis | |
net.inet.ip.ipsec-invalid-life >=0 | |||
2000-01-10 | Add net.inet.ip.ipsec-invalid-life, default value 60 seconds; the | Angelos D. Keromytis | |
amount of time embryonic SAs will be kept before they have to be initialized by key management (this only affects automated key management). | |||
2000-01-10 | 1) Setup a silent TDB expiration for embryonic SAs. | Angelos D. Keromytis | |
2) Fix check_ipsec_policy() to deal with v6 PCBs. 3) Fix ACL protocol check. | |||
2000-01-10 | Free ACL when deleting TDB. | Angelos D. Keromytis | |
2000-01-09 | Ports in network order... | Angelos D. Keromytis | |
1999-12-27 | Print associated interface, if present. | Angelos D. Keromytis | |
1999-12-25 | Change some function prototypes, dont unnecessarily initialize some | Angelos D. Keromytis | |
variables. | |||
1999-12-25 | Move the IPsec packet-processing loop to a separate routine, so we can | Angelos D. Keromytis | |
reuse it in ip6_output and the bridge. The policy-lookup code will probably follow suit in a separate routine sometime soon. | |||
1999-12-08 | comment out call to inet_ntoa6() as we don't have the code yet. | Jun-ichiro itojun Hagino | |