| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2006-11-24 | add support to tag ipsec traffic belonging to specific IKE-initiated | Reyk Floeter | |
| phase 2 traffic. this allows policy-based filtering of encrypted and unencrypted ipsec traffic with pf(4). see ipsec.conf(5) and isakmpd.conf(5) for details and examples. this is work in progress and still needs some testing and feedback, but it is safe to put it in now. ok hshoexer@ | |||
| 2006-06-30 | htonq() is not used, at all | Theo de Raadt | |
| 2006-04-27 | use underscore variants of _BYTE_ORDER macros which are always defined | Ted Unangst | |
| ok deraadt millert | |||
| 2006-01-13 | Path MTU discovery for NAT-T. | Marco Pfatschbacher | |
| OK markus@, "looks good" hshoexer@ | |||
| 2005-11-24 | Remove kernfs, okay deraadt@. | Pedro Martelletto | |
| 2005-05-28 | Add SA replay counter synchronization to pfsync(4). Required for IPsec | Hakan Olsson | |
| failover gateways. ok mcbride@, "looks good" hshoexer@ | |||
| 2005-05-27 | wrap some comments | Hans-Joerg Hoexer | |
| 2004-11-19 | Plug memory leak. Found by pat@. Thanks! | Hans-Joerg Hoexer | |
| ok myself markus@ | |||
| 2004-04-14 | simpler ipsp_aux_match() API; ok henning, hshoexer | Markus Friedl | |
| 2004-01-22 | add gettdbbysrcdst(), just like gettdb(), but compares tdb_src as well; ok ↵ | Markus Friedl | |
| mcbride@ | |||
| 2003-12-10 | de-register. deraadt ok | Jun-ichiro itojun Hagino | |
| 2003-12-02 | UDP encapsulation for ESP in transport mode (draft-ietf-ipsec-udp-encaps-XX.txt) | Markus Friedl | |
| ok deraadt@ | |||
| 2003-07-24 | hmac-sha2-{256,384,512} support in AH/ESP auth. markus ok | Jun-ichiro itojun Hagino | |
| 2003-05-06 | string cleaning; tedu ok | Theo de Raadt | |
| 2002-06-09 | whitespace | Jun-ichiro itojun Hagino | |
| 2002-05-31 | New fields in policy and TDB. | Angelos D. Keromytis | |
| 2002-03-14 | First round of __P removal in sys | Todd C. Miller | |
| 2001-08-19 | Pass the interface (if any) to ipip_input(), so it can be used in | Angelos D. Keromytis | |
| BPF. Closes PR 2000. | |||
| 2001-07-05 | Style | Angelos D. Keromytis | |
| 2001-07-05 | IPComp itself (include files). angelos@ ok. | Jean-Jacques Bernard-Gundol | |
| 2001-06-27 | When determining whether there's a pending acquire wrt a policy, look | Angelos D. Keromytis | |
| at the acquires associated with the policy only. | |||
| 2001-06-27 | Also link acquire state to the relevant IPsec policy. | Angelos D. Keromytis | |
| 2001-06-27 | Don't cache packets that hit policies -- we'll do that at the PCB for | Angelos D. Keromytis | |
| local packets. | |||
| 2001-06-26 | Use pool(9) for IPsec policy structures. | Angelos D. Keromytis | |
| 2001-06-26 | Keep the PFKEY sequence number at the TDB, plus a little bit of KNF | Angelos D. Keromytis | |
| 2001-06-26 | KNF | Angelos D. Keromytis | |
| 2001-06-25 | damn greeks desperate for commits... | Bob Beck | |
| 2001-06-25 | KNF | Angelos D. Keromytis | |
| 2001-06-25 | Copyright. | Angelos D. Keromytis | |
| 2001-06-24 | use new timeouts for spd expirations (hmm cvs did not pick up the file); ho@ ok | Michael Shalayeff | |
| 2001-06-24 | path mtu discovery for ipsec. on receiving a need fragment icmp match | Niels Provos | |
| against active tdb and store the ipsec header size corrected mtu | |||
| 2001-06-24 | remove whitespace | Niels Provos | |
| 2001-06-08 | IPSP_POLICY_STATIC flag. | Angelos D. Keromytis | |
| 2001-06-07 | Simplify SPD logic (and correct some input cases). | Angelos D. Keromytis | |
| 2001-06-01 | ipsp_parse_headers() goes down a list of IPv4/IPv6/AH/ESP headers and | Angelos D. Keromytis | |
| creates a tag for each of the ESP/AH headers. This will be used by IPsec-aware NIC device drivers that need to notify IPsec that crypto processing has already been done. There is an excessive amount of m_copydata() calls used by this routine, but there's no way around it that I can think of. | |||
| 2001-06-01 | The IPsec-aware NIC cards don't pass the ICV for later verification | Angelos D. Keromytis | |
| by the stack; that means, if we have a tag it means the ICV was successfully verified and we don't need to do anything else. As well, we don't need any other status information from the NIC. | |||
| 2001-05-31 | Structure for NIC IPsec processing status reports. | Angelos D. Keromytis | |
| 2001-05-30 | IPSP_IDENTITY_MBOX -> IPSP_IDENTITY_FQDN, and print type of creds/auth | Angelos D. Keromytis | |
| in kernfs | |||
| 2001-05-30 | Forgot to update ipsec_output_done() | Angelos D. Keromytis | |
| 2001-05-30 | With the tags, we don't need to abuse the IPsec API to do socket keying. | Angelos D. Keromytis | |
| 2001-05-30 | Keep track of remote authentication material (like public key) as well. | Angelos D. Keromytis | |
| 2001-05-30 | Fields to store local auth information in policy and TDB. | Angelos D. Keromytis | |
| 2001-05-29 | Fields on TDB for last used and last SKIPCRYPTO status change. | Angelos D. Keromytis | |
| 2001-05-29 | Add ipsp_skipcrypto_{mark,unmark}() | Angelos D. Keromytis | |
| 2001-05-27 | Remove ipsp_copy_ident() prototype. | Angelos D. Keromytis | |
| 2001-05-27 | Change prototype of ipsp_common_input_cb() to also accept a packet tag | Angelos D. Keromytis | |
| as the last argument. | |||
| 2001-05-21 | SKIPCRYPTO flag | Angelos D. Keromytis | |
| 2001-05-21 | Cosmetic. | Angelos D. Keromytis | |
| 2001-05-21 | Use int16_t for the type and length of ipsec_ref objects. | Angelos D. Keromytis | |
| 2001-05-21 | Use a reference-counted structure for IPsec IDs and credentials, so we | Angelos D. Keromytis | |
| can cheaply keep copies of them at the PCB. ok deraadt@ | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |