| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2005-06-10 | getsockopt(): allocate a mbuf cluster for large ipsec credentials | Markus Friedl | |
| fixes kernel panic from pr 4252; Stefan Miltchev; ok deraadt@ | |||
| 2005-05-27 | Experimental support for opportunitic use of jumbograms where only some hosts | Ryan Thomas McBride | |
| on the local network support them. This adds a new socket option, SO_JUMBO, and a new route flag, RTF_JUMBO. If _both_ the socket option is set and the route for the host has RTF_JUMBO set, ip_output will fragment the packet to the largest possible size for the link, ignoring the card's MTU. The semantics of this feature will be evolving rapidly; talk to us if you intend to use it. ok deraadt@ marius@ | |||
| 2005-04-25 | csum -> csum_flags | Brad Smith | |
| ok krw@ canacar@ | |||
| 2005-01-04 | restrict forwarding to ipsec processed traffic of ip.forwarding==2 | Markus Friedl | |
| ok deraadt, henning, fgsch, mcbride | |||
| 2004-11-10 | Add some (ifp != NULL) checks to ip_fragment() so it can be used even if there | Ryan Thomas McBride | |
| is no struct ifnet associated with the outgoing interface of the packet. Necessary for upcoming Protocol Independent Multicast support. From Pavlin Radoslavov ok henning@ djm@ markus@ | |||
| 2004-06-22 | Pull the plug on source-based routing until remaining bugs are eradicated. | Cedric Berger | |
| No need to reconfig kernel or rebuild userland stuff. requested deraadt@, help beck@ | |||
| 2004-06-21 | First step towards more sane time handling in the kernel -- this changes | Thorsten Lockert | |
| things such that code that only need a second-resolution uptime or wall time, and used to get that from time.tv_secs or mono_time.tv_secs now get this from separate time_t globals time_second and time_uptime. ok art@ niklas@ nordin@ | |||
| 2004-06-21 | Get rid of pf_test_eh() wrapper. | Ryan Thomas McBride | |
| ok cedric@ henning@ | |||
| 2004-06-21 | don't leak ipsec pmtu routes; with mpf@ | Markus Friedl | |
| 2004-06-06 | extend routing table to be able to match and route packets based on | Cedric Berger | |
| their *source* IP address in addition to their destination address. routing table "destination" now contains a "struct sockaddr_rtin" for IPv4 instead of a "struct sockaddr_in". the routing socket has been extended in a backward-compatible way. todo: PMTU enhancements, IPv6. ok deraadt@ mcbride@ | |||
| 2004-05-18 | fix size argument to ovbcopy() in ip_pcbopts(), found by Andrei Iltchenko | Daniel Hartmeier | |
| (FreeBSD PR 66386), ok markus@, otto@ | |||
| 2004-04-28 | make return-rst work on pure bridges. ok dhartmei@ henning@ mcbride@ | Cedric Berger | |
| 2004-02-10 | plug mbuf leak (ip_fragment() always free mbuf on error). tested by cedric, | Jun-ichiro itojun Hagino | |
| dhartmei ok | |||
| 2003-11-06 | the previous change caused invalid checksums in some cases (rdr), | Daniel Hartmeier | |
| back it out temporarily, ok cedric@ | |||
| 2003-11-03 | There is no point in checking NIC capabilities before calling pf_test(), | Cedric Berger | |
| since pf_test() can drop the packet or route it through another NIC. ok dhartmei@ mcbride@ comment requested by markus@ | |||
| 2003-10-02 | correct endian handling of ip->ip_off. | Jun-ichiro itojun Hagino | |
| do not try to send incomplete fragments on ENOBUFS case (behavior change from 4.4bsd). dhartmei ok | |||
| 2003-08-15 | change arguments to suser. suser now takes the process, and a flags | Ted Unangst | |
| argument. old cred only calls user suser_ucred. this will allow future work to more flexibly implement the idea of a root process. looks like something i saw in freebsd, but a little different. use of suser_ucred vs suser in file system code should be looked at again, for the moment semantics remain unchanged. review and input from art@ testing and further review miod@ | |||
| 2003-08-14 | m_copyback()'s 4th arg is const void *, nuke (caddr_t) casts. | Jason Wright | |
| 2003-07-09 | do not flip ip_len/ip_off in netinet stack. deraadt ok. | Jun-ichiro itojun Hagino | |
| (please test, especially PF portion) | |||
| 2003-06-02 | Remove the advertising clause in the UCB license which Berkeley | Todd C. Miller | |
| rescinded 22 July 1999. Proofed by myself and Theo. | |||
| 2003-03-14 | kill vaxisms | Jason Wright | |
| 2003-01-31 | KNF | Theo de Raadt | |
| 2002-10-10 | Missing m_pullup() and mbuf corruption. This potentially caused | Daniel Hartmeier | |
| panic: m_copym0: m == 0 and not COPYALL and/or panic: m_copydata: null muf on bridges running pf with scrubbing enabled. Bug report, test vector and confirmation by Jon Morby. ok jason@, jasoni@ | |||
| 2002-06-24 | skip routing table lookup if multicasting/broadcasting and the outgoing | Jun-ichiro itojun Hagino | |
| interface is specified by setsockopt. from freebsd4, sync with kame (it makes difference when you run routed with RIPv2 enabled - no need for 224/4 route) | |||
| 2002-06-04 | spaces to tabs, remove trailing whitespace | jasoni | |
| 2002-05-31 | respect rmx_mtu (cached PMTUD result) on outbound. deraadt/angelos ok | Jun-ichiro itojun Hagino | |
| 2002-05-31 | Socket-related IPsec sockoptions --- cleanups etc. | Angelos D. Keromytis | |
| 2002-05-28 | kill register; ok deraadt@ | jasoni | |
| 2002-05-28 | Factor out IP fragmentation code into its own function so it can be | jasoni | |
| reused. - ok jason@, dhartmei@ | |||
| 2002-03-15 | Kill #if __STDC__ used to do K&R vs. ANSI varargs/stdarg; just do things | Todd C. Miller | |
| the ANSI way. | |||
| 2002-03-14 | First round of __P removal in sys | Todd C. Miller | |
| 2002-01-23 | disable pmtu for ipsec when the sysctl says so; bug report cjkim2000@yahoo.com | Niels Provos | |
| 2001-11-26 | add fastroute options similar to what is found in ipf | jasoni | |
| ok dhartmei@, frantzen@ | |||
| 2001-11-24 | KNF | Theo de Raadt | |
| 2001-11-02 | fix multicast loopback checksums; goeran@cdg.chalmers.se, ok angelos | Theo de Raadt | |
| 2001-08-26 | Uninitialized variable. | Niklas Hallqvist | |
| 2001-08-22 | IPCOMP policy stuff missed the last time round | Niklas Hallqvist | |
| 2001-08-21 | Don't check for BYPASS options in PCB on ip_output/ip6_output --- this | Angelos D. Keromytis | |
| is already done in ip_spd_lookup() | |||
| 2001-07-17 | split ip normalization out into a separate file, okay dhartmei@ | Niels Provos | |
| 2001-07-05 | IPComp support. angelos@ ok. | Jean-Jacques Bernard-Gundol | |
| 2001-06-29 | move pf_test check to happen after checksum calculation - without | Bob Beck | |
| this packets originating from this host (such as with an rdr to localhost for transparent proxying) do not get checksummed correctly, because the pf code does not have a correct checksum to fix up (ok kjell@) | |||
| 2001-06-28 | first stab at packet normalization. includes full ip reassembly. | Niels Provos | |
| okay dhartmei@, dugsong@ | |||
| 2001-06-27 | Get rid of M_COPY_* macros; either use M_MOVE_* or M_DUP_*, depending | Angelos D. Keromytis | |
| on how macros should be treated. Code by fgsch@, ok by me and itojun@ | |||
| 2001-06-27 | Add length to pkthdr.len directly. | Angelos D. Keromytis | |
| 2001-06-27 | Don't cache packets that hit policies -- we'll do that at the PCB for | Angelos D. Keromytis | |
| local packets. | |||
| 2001-06-26 | no longer pass around **m | Theo de Raadt | |
| 2001-06-25 | If a PENDING_TDB tag is attached but no TDB is found, drop the packet. | Angelos D. Keromytis | |
| 2001-06-25 | Check the length of the tag (diagnostic) | Angelos D. Keromytis | |
| 2001-06-25 | Apply pending TDBs (as indicated by tags). This will be used to handle | Angelos D. Keromytis | |
| the case of both the socket and system-wide IPsec policy specifying TDBs to be applied to the same packet. | |||
| 2001-06-25 | Don't double-clear M_PKTHDR/tags. | Angelos D. Keromytis | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |