| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2001-05-30 | Free remote authentication material on TDB free. | Angelos D. Keromytis | |
| 2001-05-30 | Free local auth on TDB free. | Angelos D. Keromytis | |
| 2001-05-29 | Keep track of when a TDB was last marked/unmared as SKIPCRYPTO, and | Angelos D. Keromytis | |
| print the relevant information on KERNFS. | |||
| 2001-05-29 | Add ipsp_skipcrypto_{mark,unmark}() | Angelos D. Keromytis | |
| 2001-05-27 | ipsp_copy_ident() no longer needed. | Angelos D. Keromytis | |
| 2001-05-22 | Simplify option printing. ok deraadt@ | Angelos D. Keromytis | |
| 2001-05-21 | Use a reference-counted structure for IPsec IDs and credentials, so we | Angelos D. Keromytis | |
| can cheaply keep copies of them at the PCB. ok deraadt@ | |||
| 2001-05-05 | Check that SAs also match on the credentials and the IDs. This means | Angelos D. Keromytis | |
| that flows with different source/destination ID requirements will cause different SAs to be established by IKE (or whatever other protocol). Also, use the new data types for allocated memory. | |||
| 2001-04-06 | Move offsetof define into sys/param.h | Constantine Sapuntzakis | |
| 2001-03-28 | tdb_inp -> (tdb_inp_in, tdb_inp_out) | Angelos D. Keromytis | |
| 2001-03-28 | Allow tdbi's to appear in mbufs throughout the stack; this allows | Angelos D. Keromytis | |
| security properties of the packets to be pushed up to the application (not done yet). Eventually, this will be turned into a packet attributes framework. Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS) does weird things with mbufs. | |||
| 2001-03-27 | Fix a problem with how TDB timeouts were used in pfkeyv2. | Artur Grabowski | |
| When we allocated a tdb we did a timeout_add before a timeout_set. This was a problem in itself, but it shouldn't hurt too much. What did hurt was that we did a timeout_set after the timeout_add, timeout_set marked the timeout as not being on the timeout list and if we did a timeout_del (or timeout_add) later (before the timeout fired) we ended up with a chunk of freed memory on the timeout queue or maybe even dangling pointers (or a circular list). This should probably cure the timeout queue corruption some people were seeing lately. | |||
| 2001-03-15 | convert SA expirations to the new timeouts. | Michael Shalayeff | |
| simplifies expirations handling a lot. tdb_exp_timeout and tdb_soft_timeout are made consistant throughout the code to be a relative time offsets, just like first_use timeouts. tested on singlehost isakmpd setup. lots of dangling spaces and tabs removed. angelos@ ok | |||
| 2001-03-13 | Force a new search for an SA if the latched one is deleted. | Angelos D. Keromytis | |
| 2001-03-04 | Store peer's credentials in TDB. | Angelos D. Keromytis | |
| 2001-02-28 | Keep the last packet sent or received that matched an SPD entry, and | Angelos D. Keromytis | |
| retransmit if we eventually have an SA setup for that policy. | |||
| 2000-12-28 | Remove unused and confusing reporting line. | Angelos D. Keromytis | |
| 2000-12-24 | Extra argument in the function to tdb_walk(), indicating last TDB. | Angelos D. Keromytis | |
| 2000-12-18 | Minor sanity check. | Angelos D. Keromytis | |
| 2000-12-15 | send expire messages also for sa's that do not have been used. | Niels Provos | |
| okay angelos@ | |||
| 2000-09-19 | SA bundles. | Angelos D. Keromytis | |
| 2000-09-19 | Lots and lots of changes. | Angelos D. Keromytis | |
| 2000-08-03 | Don't even need to reset ip_sum, if we're not going to compute it here | Angelos D. Keromytis | |
| but in ip_output() | |||
| 2000-08-03 | Avoid unnecessary call to in_cksum(). | Angelos D. Keromytis | |
| 2000-08-03 | Zeroize ip_sum before computing checksum (just general paranoia). | Angelos D. Keromytis | |
| 2000-06-19 | IPv6 IPsec, outbound direction. | Jun-ichiro itojun Hagino | |
| restriction: if there's any extension header (except fragment) and outbound packet matches tdb, we can't encrypt it. packet will not go out of the node (dropped). | |||
| 2000-06-18 | Correct function declaration. | Angelos D. Keromytis | |
| 2000-06-18 | Pull in the right header for ip6_sprintf(), fix argument. | Angelos D. Keromytis | |
| 2000-06-18 | Use ip6_sprintf() rather than the home-cooked inet6_ntoa4() | Angelos D. Keromytis | |
| 2000-06-18 | Print++ | Angelos D. Keromytis | |
| 2000-06-06 | Get rid of tdb_ref, keep indirect pointer to TDB. | Angelos D. Keromytis | |
| 2000-06-01 | Fix the German's comment typos. | Angelos D. Keromytis | |
| 2000-06-01 | Should learn how to count... | Angelos D. Keromytis | |
| 2000-06-01 | Oops, remove bogus comment. | Angelos D. Keromytis | |
| 2000-06-01 | Beautify a little bit. | Angelos D. Keromytis | |
| 2000-06-01 | Use ipsp_spd_lookup() in ip_output() | Angelos D. Keromytis | |
| 2000-06-01 | ipsp_acquire_sa() | Angelos D. Keromytis | |
| 2000-06-01 | ipsp_spd_lookup() | Angelos D. Keromytis | |
| 2000-04-19 | tdb_ref should be signed, this avoid a problem with flushing the TDB | Angelos D. Keromytis | |
| table causing repeated allocations of bypass TDBs. | |||
| 2000-03-28 | Allow authentication-only ESP (must have broken it in the previous | Angelos D. Keromytis | |
| round of commits). | |||
| 2000-03-28 | Set the protocol family in the destination address of bypass flows. | Angelos D. Keromytis | |
| 2000-03-17 | Cryptographic services framework, and software "device driver". The | Angelos D. Keromytis | |
| idea is to support various cryptographic hardware accelerators (which may be (detachable) cards, secondary/tertiary/etc processors, software crypto, etc). Supports session migration between crypto devices. What it doesn't (yet) support: - multiple instances of the same algorithm used in the same session - use of multiple crypto drivers in the same session - asymmetric crypto No support for a userland device yet. IPsec code path modified to allow for asynchronous cryptography (callbacks used in both input and output processing). Some unrelated code simplification done in the process (especially for AH). Development of this code kindly supported by Network Security Technologies (NSTI). The code was writen mostly in Greece, and is being committed from Montreal. | |||
| 2000-02-09 | don't need netinet6/in6.h | Jun-ichiro itojun Hagino | |
| 2000-02-07 | fix include file path related to ip6. | Jun-ichiro itojun Hagino | |
| 2000-01-27 | Merge "old" and "new" ESP and AH in two files (one for each). | Angelos D. Keromytis | |
| Fix a couple of buglets with ingress flow deletion. tcpdump on enc0 should now show all outgoing packets *before* being processed, and all incoming packets *after* being processed. Good to be in Canada (land of the free commits). | |||
| 2000-01-21 | Rename the ip4_* routines to ipip_*, make it so GIF tunnels are not | Angelos D. Keromytis | |
| affected by net.inet.ipip.allow (the sysctl formerly known as net.inet.ip4.allow), rename the VIF ipip_input to ipip_mroute_input. | |||
| 2000-01-13 | Print number of ingress flows in /kern/ipsec | Angelos D. Keromytis | |
| 2000-01-13 | put_flow(), find_flow(), and delete_flow() get a third argument (for | Angelos D. Keromytis | |
| ingress or egress flow) | |||
| 2000-01-11 | Correct sa_require handling. | Angelos D. Keromytis | |
| 2000-01-11 | Fix check for sen_type. | Angelos D. Keromytis | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |