Age | Commit message (Collapse) | Author | |
---|---|---|---|
1999-05-14 | A new scalable IPsec SA expiration model. | Niklas Hallqvist | |
1999-05-11 | Remove cruft that wasted space en masse in the IPsec subsystem | Niklas Hallqvist | |
1999-04-11 | Introduce net.inet.{ah,esp}.enable sysctl controls that are off by default. | Niklas Hallqvist | |
If you are going to use either of AH or ESP or both, enable these in /etc/sysctl.conf. Also correct the IPSec debugging sysctl code, it is now named net.inet.ip.encdebug. Some corrected function signatures too. | |||
1999-03-27 | add SADB_X_BINDSA to pfkey allowing incoming SAs to refer to an outgoing | Niels Provos | |
SA to be used, use this SA in ip_output if available. allow mobile road warriors for bind SAs with wildcard dst and src addresses. check IPSEC AUTH and ESP level when receiving packets, drop them if protection is insufficient. add stats to show dropped packets because of insufficient IPSEC protection. -- phew. this was all done in canada. dugsong and linh provided the ride and company. | |||
1999-02-25 | Move union sockaddr_union to ip_ipsp.h | Angelos D. Keromytis | |
1999-02-24 | Update copyright; remove a few annoying debugging printfs. | Angelos D. Keromytis | |
Btw, OpenBSD hit 25000 commits a couple commits ago. | |||
1999-02-24 | add skipjack support back | Theo de Raadt | |
1999-02-24 | Remove encap.h include; saner debugging printfs; fix buglets; work with | Angelos D. Keromytis | |
pfkeyv2. | |||
1999-02-17 | ipsec skipjack, based on free .fi code (some .gov type will test this for me) | Theo de Raadt | |
1999-02-17 | indent | Theo de Raadt | |
1999-01-08 | do not use random bits when not necessary, remove 8-byte block dependence | Theo de Raadt | |
1998-11-25 | typo in comment | Niklas Hallqvist | |
1998-05-18 | first step to the setsockopt/getsockopt interface as described in | Niels Provos | |
draft-mcdonald-simple-ipsec-api, kernel notifies (EMT_REQUESTSA) signal userland key management applications when security services are requested. this is only for outgoing connections at the moment, incoming packets are not yet checked against the selected socket policy. | |||
1998-03-18 | adapt function arguments to get the expected prototype. | Niels Provos | |
1998-03-18 | Fix tunnel mode input processing (use ip4_input instead of ipe4_input), | Niels Provos | |
fix some old code leftovers in ah_new_input (adjust to variable hash length), avoid double ip encapsulation in tunnel mode. Problems reportd by Petr Novak <petr@internet.cz>. | |||
1997-11-24 | add ripemd-160 as authentication function. | Niels Provos | |
1997-11-04 | make it easier to add additional transforms. add blowfish and cast | Niels Provos | |
encryption. some more info for kernfs/ipsec. | |||
1997-07-27 | expiration messages, fixes, updates, all sorts of things | Niklas Hallqvist | |
1997-07-15 | flags for tunnels and replacing existing routes, sysctl! + tiny bug fix | Niels Provos | |
1997-07-14 | sysctl... | Niels Provos | |
1997-07-11 | put old esp/ah and new esp/ah in different files. | Niels Provos | |
generalised way of handling transforms. | |||
1997-07-02 | fix neglected _FLEN's + reserve_spi + output reserved spi's without alg. | Niels Provos | |
correctly. | |||
1997-07-01 | major restructuring | Niels Provos | |
1997-06-25 | hard and soft limits for SPI's per absolute timer, relative since establish, | Niels Provos | |
relative since first use timers, packet and byte counters. notify key mgmt on soft limits. key mgmt can now specify limits. new encap messages: EMT_RESERVESPI, EMT_ENABLESPI, EMT_DISABLESPI | |||
1997-06-24 | handle IP options in AH + allow IP options in outgoing encapsulated packets | Niels Provos | |
+ usage counters for later use with keymanagement processes | |||
1997-06-21 | u_int32_t changes, need testing | Theo de Raadt | |
1997-06-20 | ah-sha1 + esp-3des + indentation | Niels Provos | |
1997-02-28 | Added flags field in the TDB structure. | Angelos D. Keromytis | |
1997-02-24 | OpenBSD tags + some prototyping police | Niklas Hallqvist | |
1997-02-21 | -nostdinc and big endian cleanup | Niklas Hallqvist | |
1997-02-20 | IPSEC package by John Ioannidis and Angelos D. Keromytis. Written in | Theo de Raadt | |
Greece. From ftp.funet.fi:/pub/unix/security/net/ip/BSDipsec.tar.gz |