src - OpenBSD base system

Age	Commit message (Collapse)	Author
2001-10-03	If the TDB doesn't have an attached src/dst ID, it can be used for any	Angelos D. Keromytis
	type of traffic.
2001-09-05	use %ll instead of %q	Theo de Raadt

2001-08-08	Remove IPCOMP option, it's now part of IPSEC option. You still need to	Jean-Jacques Bernard-Gundol
	enable ipcomp via sysctl to use it. deraadt@ ok.
2001-07-05	IPComp support. angelos@ ok.	Jean-Jacques Bernard-Gundol

2001-06-27	Minor nits.	Angelos D. Keromytis

2001-06-27	Don't cache packets that hit policies -- we'll do that at the PCB for	Angelos D. Keromytis
	local packets.
2001-06-26	Keep the PFKEY sequence number at the TDB, plus a little bit of KNF	Angelos D. Keromytis

2001-06-26	KNF	Angelos D. Keromytis

2001-06-25	Copyright.	Angelos D. Keromytis

2001-06-24	print mtu of tdb if discovered	Niels Provos

2001-06-24	Print TDBF_USEDTUNNEL in ipsp_kern()	Angelos D. Keromytis

2001-06-23	Having to update queue(3) for DLIST_* is a major PITA; thus, just use	Angelos D. Keromytis
	SLIST and be done with it.
2001-06-23	Use DLIST for tags.	Angelos D. Keromytis

2001-06-08	Trim include files.	Angelos D. Keromytis

2001-06-07	Simplify SPD logic (and correct some input cases).	Angelos D. Keromytis

2001-06-05	That DPRINTF() is not needed.	Angelos D. Keromytis

2001-06-05	Clear acquires only if TDB was established correctly.	Angelos D. Keromytis

2001-06-05	Correct credential matching logic.	Angelos D. Keromytis

2001-06-04	use a faster arc4random() for random spi generation; angelos@ ok	Michael Shalayeff

2001-06-01	Merge two m_copydata() calls into one, and (hopefully) correct the	Angelos D. Keromytis
	self-describing padding verification.
2001-06-01	ipsp_parse_headers() goes down a list of IPv4/IPv6/AH/ESP headers and	Angelos D. Keromytis
	creates a tag for each of the ESP/AH headers. This will be used by IPsec-aware NIC device drivers that need to notify IPsec that crypto processing has already been done. There is an excessive amount of m_copydata() calls used by this routine, but there's no way around it that I can think of.
2001-05-30	IPSP_IDENTITY_MBOX -> IPSP_IDENTITY_FQDN, and print type of creds/auth	Angelos D. Keromytis
	in kernfs
2001-05-30	Free remote authentication material on TDB free.	Angelos D. Keromytis

2001-05-30	Free local auth on TDB free.	Angelos D. Keromytis

2001-05-29	Keep track of when a TDB was last marked/unmared as SKIPCRYPTO, and	Angelos D. Keromytis
	print the relevant information on KERNFS.
2001-05-29	Add ipsp_skipcrypto_{mark,unmark}()	Angelos D. Keromytis

2001-05-27	ipsp_copy_ident() no longer needed.	Angelos D. Keromytis

2001-05-22	Simplify option printing. ok deraadt@	Angelos D. Keromytis

2001-05-21	Use a reference-counted structure for IPsec IDs and credentials, so we	Angelos D. Keromytis
	can cheaply keep copies of them at the PCB. ok deraadt@
2001-05-05	Check that SAs also match on the credentials and the IDs. This means	Angelos D. Keromytis
	that flows with different source/destination ID requirements will cause different SAs to be established by IKE (or whatever other protocol). Also, use the new data types for allocated memory.
2001-04-06	Move offsetof define into sys/param.h	Constantine Sapuntzakis

2001-03-28	tdb_inp -> (tdb_inp_in, tdb_inp_out)	Angelos D. Keromytis

2001-03-28	Allow tdbi's to appear in mbufs throughout the stack; this allows	Angelos D. Keromytis
	security properties of the packets to be pushed up to the application (not done yet). Eventually, this will be turned into a packet attributes framework. Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS) does weird things with mbufs.
2001-03-27	Fix a problem with how TDB timeouts were used in pfkeyv2.	Artur Grabowski
	When we allocated a tdb we did a timeout_add before a timeout_set. This was a problem in itself, but it shouldn't hurt too much. What did hurt was that we did a timeout_set after the timeout_add, timeout_set marked the timeout as not being on the timeout list and if we did a timeout_del (or timeout_add) later (before the timeout fired) we ended up with a chunk of freed memory on the timeout queue or maybe even dangling pointers (or a circular list). This should probably cure the timeout queue corruption some people were seeing lately.
2001-03-15	convert SA expirations to the new timeouts.	Michael Shalayeff
	simplifies expirations handling a lot. tdb_exp_timeout and tdb_soft_timeout are made consistant throughout the code to be a relative time offsets, just like first_use timeouts. tested on singlehost isakmpd setup. lots of dangling spaces and tabs removed. angelos@ ok
2001-03-13	Force a new search for an SA if the latched one is deleted.	Angelos D. Keromytis

2001-03-04	Store peer's credentials in TDB.	Angelos D. Keromytis

2001-02-28	Keep the last packet sent or received that matched an SPD entry, and	Angelos D. Keromytis
	retransmit if we eventually have an SA setup for that policy.
2000-12-28	Remove unused and confusing reporting line.	Angelos D. Keromytis

2000-12-24	Extra argument in the function to tdb_walk(), indicating last TDB.	Angelos D. Keromytis

2000-12-18	Minor sanity check.	Angelos D. Keromytis

2000-12-15	send expire messages also for sa's that do not have been used.	Niels Provos
	okay angelos@
2000-09-19	SA bundles.	Angelos D. Keromytis

2000-09-19	Lots and lots of changes.	Angelos D. Keromytis

2000-08-03	Don't even need to reset ip_sum, if we're not going to compute it here	Angelos D. Keromytis
	but in ip_output()
2000-08-03	Avoid unnecessary call to in_cksum().	Angelos D. Keromytis

2000-08-03	Zeroize ip_sum before computing checksum (just general paranoia).	Angelos D. Keromytis

2000-06-19	IPv6 IPsec, outbound direction.	Jun-ichiro itojun Hagino
	restriction: if there's any extension header (except fragment) and outbound packet matches tdb, we can't encrypt it. packet will not go out of the node (dropped).
2000-06-18	Correct function declaration.	Angelos D. Keromytis

2000-06-18	Pull in the right header for ip6_sprintf(), fix argument.	Angelos D. Keromytis