| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 1999-11-04 | Add tdb for IPsec bypass flows. gettdb() should be called at spltdb(). | Hakan Olsson | |
| 1999-09-03 | inet_ntoa4 should manage 4-calls, not just 2 | Hakan Olsson | |
| 1999-08-10 | Add tdb_satype (PF_KEY SADB_SATYPE_<XXX>) to struct tdb | Hakan Olsson | |
| 1999-08-05 | Add tdb_walk. tdb_delete() should clean up routes when deleting flows. | Hakan Olsson | |
| 1999-07-17 | A good hashing function for IPsec SAs that should remove the risks | Niklas Hallqvist | |
| of running out of memory when adding SPIs. | |||
| 1999-07-15 | Protect better against rehashing make the kernel run out of resources | Niklas Hallqvist | |
| 1999-07-15 | From angelos@, edits by me, demand keying for PF_KEY | Niklas Hallqvist | |
| 1999-07-06 | ipsec_in_use could get out of sync. (Also niklas@. angelos@ ok) | Hakan Olsson | |
| 1999-07-06 | Added support for TCP MD5 option (RFC 2385). | cmetz | |
| 1999-06-07 | Fix use of uninitialized TDB hash table in tdb_delete(), introduced | Angelos D. Keromytis | |
| along with the dynamically-resized TDB table (report and fix suggestion by henric@ncal.verio.com) | |||
| 1999-06-04 | forgot to zero sunion | Niels Provos | |
| 1999-05-23 | SA hash table resizing | Niklas Hallqvist | |
| 1999-05-20 | Fix a bug where the ordered expiration list could get out of order. Add | Niklas Hallqvist | |
| invariant checking of the lists when DIAGNOSTIC compiled. Extend the critical region to cover all of tdb_expiration so the tdb won't disappear behind our back. | |||
| 1999-05-16 | spltdb introduced, protection for tdb lists and related structures, so | Niklas Hallqvist | |
| they won't disappear behind our back by an expiration. Cleanup expiration logic too. | |||
| 1999-05-14 | A new scalable IPsec SA expiration model. | Niklas Hallqvist | |
| 1999-04-12 | move encdebug to a useful place | Theo de Raadt | |
| 1999-03-27 | add SADB_X_BINDSA to pfkey allowing incoming SAs to refer to an outgoing | Niels Provos | |
| SA to be used, use this SA in ip_output if available. allow mobile road warriors for bind SAs with wildcard dst and src addresses. check IPSEC AUTH and ESP level when receiving packets, drop them if protection is insufficient. add stats to show dropped packets because of insufficient IPSEC protection. -- phew. this was all done in canada. dugsong and linh provided the ride and company. | |||
| 1999-03-24 | Implement lifetime expiration notifications. Fix some typos. Remove statics. | Niklas Hallqvist | |
| 1999-03-04 | be more careful with freeing TDBs | Theo de Raadt | |
| 1999-03-04 | more paranoid maintenance | Theo de Raadt | |
| 1999-02-25 | Prettier reporting, report number of flows in use per SA. | Angelos D. Keromytis | |
| 1999-02-25 | Print more information in /kern/ipsec | Angelos D. Keromytis | |
| 1999-02-24 | Update copyright; remove a few annoying debugging printfs. | Angelos D. Keromytis | |
| Btw, OpenBSD hit 25000 commits a couple commits ago. | |||
| 1999-02-24 | Remove encap.h include; saner debugging printfs; fix buglets; work with | Angelos D. Keromytis | |
| pfkeyv2. | |||
| 1999-01-11 | remove panic() calls, consistent error reporting | Theo de Raadt | |
| 1998-11-16 | Please GCC | Niklas Hallqvist | |
| 1998-11-16 | Break long lines. Use correct format for expiry times | Niklas Hallqvist | |
| Present "first use" expirations correctly. | |||
| 1998-11-16 | SPIs are kept in network byte order | Theo de Raadt | |
| 1998-10-13 | Remove NULL deref condition | Niklas Hallqvist | |
| 1998-05-18 | first step to the setsockopt/getsockopt interface as described in | Niels Provos | |
| draft-mcdonald-simple-ipsec-api, kernel notifies (EMT_REQUESTSA) signal userland key management applications when security services are requested. this is only for outgoing connections at the moment, incoming packets are not yet checked against the selected socket policy. | |||
| 1998-05-17 | fix tdb_delete() when using SPI chains. | Niels Provos | |
| 1998-02-22 | Changes made for GCC 2.8 -Wall pleasures | Niklas Hallqvist | |
| 1997-11-04 | make it easier to add additional transforms. add blowfish and cast | Niels Provos | |
| encryption. some more info for kernfs/ipsec. | |||
| 1997-10-02 | conditional error logging | Theo de Raadt | |
| 1997-10-01 | should report unsigned quantities | Theo de Raadt | |
| 1997-09-28 | log() needs a \n | Theo de Raadt | |
| 1997-09-23 | AH changes, after interoperating at the ANX bakeoff. | Angelos D. Keromytis | |
| 1997-07-28 | make it compile | Niels Provos | |
| 1997-07-27 | expiration messages, fixes, updates, all sorts of things | Niklas Hallqvist | |
| 1997-07-24 | bail properly if malloc fails | Theo de Raadt | |
| 1997-07-18 | enablespi/disablespi in encap + print spi's in hostorder | Niels Provos | |
| 1997-07-15 | flags for tunnels and replacing existing routes, sysctl! + tiny bug fix | Niels Provos | |
| 1997-07-11 | put old esp/ah and new esp/ah in different files. | Niels Provos | |
| generalised way of handling transforms. | |||
| 1997-07-02 | fix neglected _FLEN's + reserve_spi + output reserved spi's without alg. | Niels Provos | |
| correctly. | |||
| 1997-07-01 | major restructuring | Niels Provos | |
| 1997-06-25 | hard and soft limits for SPI's per absolute timer, relative since establish, | Niels Provos | |
| relative since first use timers, packet and byte counters. notify key mgmt on soft limits. key mgmt can now specify limits. new encap messages: EMT_RESERVESPI, EMT_ENABLESPI, EMT_DISABLESPI | |||
| 1997-06-24 | handle IP options in AH + allow IP options in outgoing encapsulated packets | Niels Provos | |
| + usage counters for later use with keymanagement processes | |||
| 1997-06-21 | u_int32_t changes, need testing | Theo de Raadt | |
| 1997-06-20 | ah-sha1 + esp-3des + indentation | Niels Provos | |
| 1997-02-24 | OpenBSD tags + some prototyping police | Niklas Hallqvist | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |