summaryrefslogtreecommitdiff
path: root/sys/netinet/ip_ipsp.h
AgeCommit message (Collapse)Author
1999-05-14A new scalable IPsec SA expiration model.Niklas Hallqvist
1999-05-11Remove cruft that wasted space en masse in the IPsec subsystemNiklas Hallqvist
1999-04-11Introduce net.inet.{ah,esp}.enable sysctl controls that are off by default.Niklas Hallqvist
If you are going to use either of AH or ESP or both, enable these in /etc/sysctl.conf. Also correct the IPSec debugging sysctl code, it is now named net.inet.ip.encdebug. Some corrected function signatures too.
1999-03-27add SADB_X_BINDSA to pfkey allowing incoming SAs to refer to an outgoingNiels Provos
SA to be used, use this SA in ip_output if available. allow mobile road warriors for bind SAs with wildcard dst and src addresses. check IPSEC AUTH and ESP level when receiving packets, drop them if protection is insufficient. add stats to show dropped packets because of insufficient IPSEC protection. -- phew. this was all done in canada. dugsong and linh provided the ride and company.
1999-02-25Move union sockaddr_union to ip_ipsp.hAngelos D. Keromytis
1999-02-24Update copyright; remove a few annoying debugging printfs.Angelos D. Keromytis
Btw, OpenBSD hit 25000 commits a couple commits ago.
1999-02-24add skipjack support backTheo de Raadt
1999-02-24Remove encap.h include; saner debugging printfs; fix buglets; work withAngelos D. Keromytis
pfkeyv2.
1999-02-17ipsec skipjack, based on free .fi code (some .gov type will test this for me)Theo de Raadt
1999-02-17indentTheo de Raadt
1999-01-08do not use random bits when not necessary, remove 8-byte block dependenceTheo de Raadt
1998-11-25typo in commentNiklas Hallqvist
1998-05-18first step to the setsockopt/getsockopt interface as described inNiels Provos
draft-mcdonald-simple-ipsec-api, kernel notifies (EMT_REQUESTSA) signal userland key management applications when security services are requested. this is only for outgoing connections at the moment, incoming packets are not yet checked against the selected socket policy.
1998-03-18adapt function arguments to get the expected prototype.Niels Provos
1998-03-18Fix tunnel mode input processing (use ip4_input instead of ipe4_input),Niels Provos
fix some old code leftovers in ah_new_input (adjust to variable hash length), avoid double ip encapsulation in tunnel mode. Problems reportd by Petr Novak <petr@internet.cz>.
1997-11-24add ripemd-160 as authentication function.Niels Provos
1997-11-04make it easier to add additional transforms. add blowfish and castNiels Provos
encryption. some more info for kernfs/ipsec.
1997-07-27expiration messages, fixes, updates, all sorts of thingsNiklas Hallqvist
1997-07-15flags for tunnels and replacing existing routes, sysctl! + tiny bug fixNiels Provos
1997-07-14sysctl...Niels Provos
1997-07-11put old esp/ah and new esp/ah in different files.Niels Provos
generalised way of handling transforms.
1997-07-02fix neglected _FLEN's + reserve_spi + output reserved spi's without alg.Niels Provos
correctly.
1997-07-01major restructuringNiels Provos
1997-06-25hard and soft limits for SPI's per absolute timer, relative since establish,Niels Provos
relative since first use timers, packet and byte counters. notify key mgmt on soft limits. key mgmt can now specify limits. new encap messages: EMT_RESERVESPI, EMT_ENABLESPI, EMT_DISABLESPI
1997-06-24handle IP options in AH + allow IP options in outgoing encapsulated packetsNiels Provos
+ usage counters for later use with keymanagement processes
1997-06-21u_int32_t changes, need testingTheo de Raadt
1997-06-20ah-sha1 + esp-3des + indentationNiels Provos
1997-02-28Added flags field in the TDB structure.Angelos D. Keromytis
1997-02-24OpenBSD tags + some prototyping policeNiklas Hallqvist
1997-02-21-nostdinc and big endian cleanupNiklas Hallqvist
1997-02-20IPSEC package by John Ioannidis and Angelos D. Keromytis. Written inTheo de Raadt
Greece. From ftp.funet.fi:/pub/unix/security/net/ip/BSDipsec.tar.gz