| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2002-01-23 | disable pmtu for ipsec when the sysctl says so; bug report cjkim2000@yahoo.com | Niels Provos | |
| 2001-11-26 | add fastroute options similar to what is found in ipf | jasoni | |
| ok dhartmei@, frantzen@ | |||
| 2001-11-24 | KNF | Theo de Raadt | |
| 2001-11-02 | fix multicast loopback checksums; goeran@cdg.chalmers.se, ok angelos | Theo de Raadt | |
| 2001-08-26 | Uninitialized variable. | Niklas Hallqvist | |
| 2001-08-22 | IPCOMP policy stuff missed the last time round | Niklas Hallqvist | |
| 2001-08-21 | Don't check for BYPASS options in PCB on ip_output/ip6_output --- this | Angelos D. Keromytis | |
| is already done in ip_spd_lookup() | |||
| 2001-07-17 | split ip normalization out into a separate file, okay dhartmei@ | Niels Provos | |
| 2001-07-05 | IPComp support. angelos@ ok. | Jean-Jacques Bernard-Gundol | |
| 2001-06-29 | move pf_test check to happen after checksum calculation - without | Bob Beck | |
| this packets originating from this host (such as with an rdr to localhost for transparent proxying) do not get checksummed correctly, because the pf code does not have a correct checksum to fix up (ok kjell@) | |||
| 2001-06-28 | first stab at packet normalization. includes full ip reassembly. | Niels Provos | |
| okay dhartmei@, dugsong@ | |||
| 2001-06-27 | Get rid of M_COPY_* macros; either use M_MOVE_* or M_DUP_*, depending | Angelos D. Keromytis | |
| on how macros should be treated. Code by fgsch@, ok by me and itojun@ | |||
| 2001-06-27 | Add length to pkthdr.len directly. | Angelos D. Keromytis | |
| 2001-06-27 | Don't cache packets that hit policies -- we'll do that at the PCB for | Angelos D. Keromytis | |
| local packets. | |||
| 2001-06-26 | no longer pass around **m | Theo de Raadt | |
| 2001-06-25 | If a PENDING_TDB tag is attached but no TDB is found, drop the packet. | Angelos D. Keromytis | |
| 2001-06-25 | Check the length of the tag (diagnostic) | Angelos D. Keromytis | |
| 2001-06-25 | Apply pending TDBs (as indicated by tags). This will be used to handle | Angelos D. Keromytis | |
| the case of both the socket and system-wide IPsec policy specifying TDBs to be applied to the same packet. | |||
| 2001-06-25 | Don't double-clear M_PKTHDR/tags. | Angelos D. Keromytis | |
| 2001-06-25 | Remove unnecessary temporary variable. | Angelos D. Keromytis | |
| 2001-06-25 | Always defer output TCP checksumming until ip_output() (or hardware, | Angelos D. Keromytis | |
| if it exists). Cuts down on code a bit, and we don't need to look at the routing entry at TCP. Based on NetBSD. UDP case to follow. | |||
| 2001-06-25 | put pf before ipsec processing. return error code and free mbuf chain | Niels Provos | |
| 2001-06-24 | make it compile w/o pf | Michael Shalayeff | |
| 2001-06-24 | Sync in4_cksum() with NetBSD, and change its use in in_delayed_cksum. | Angelos D. Keromytis | |
| 2001-06-24 | Import in_delayed_cksum() and convert to using it; also, don't do | Angelos D. Keromytis | |
| TCP/UDP HW checksumming if doing IP fragmentation. From NetBSD | |||
| 2001-06-24 | Also reset input cached TDB. | Angelos D. Keromytis | |
| 2001-06-24 | Reset | Angelos D. Keromytis | |
| 2001-06-24 | Initial import of pf, an all-new ipf-compatable packet filter. | Kjell Wooding | |
| Insane amounts of work done my dhartmei. Great work! | |||
| 2001-06-24 | check if ipsec processing increases packet size above allowable mtu. | Niels Provos | |
| store correct mtu in routing table. | |||
| 2001-06-23 | Remove unneeded ip_id convertions. | Federico G. Schwindt | |
| Instead of using HTONS macro in some places, use htons directly in the struct member and save us a few bytes. Fix comment. | |||
| 2001-06-23 | Only use IP checksumming if the output interface is not in bridge | Angelos D. Keromytis | |
| mode. We can't deal with that well. | |||
| 2001-06-23 | m_copyback(), not m_copydata() | Angelos D. Keromytis | |
| 2001-06-23 | Software-compute TCP/UDP checksum if we are going to do IPsec or if the | Angelos D. Keromytis | |
| output interface does not support hardware checksumming. | |||
| 2001-06-23 | Placeholder, reminder to fix TCP/UDP checksumming right before doing IPsec. | Angelos D. Keromytis | |
| 2001-06-23 | Count input/output hardware-checksummed IP packets. | Angelos D. Keromytis | |
| 2001-06-23 | fix up mtu for routes and ongoing tcp connection when if mtu changes | Niels Provos | |
| from FreeBSD; fixes pr/1878 | |||
| 2001-06-23 | TCP, UDP, IPv4 input hardware checksumming processing; also IPv4 | Angelos D. Keromytis | |
| output hardware checksumming. Not tested yet, but should be done tonight. Remain to be solved: interactions with bridge, TCP/UDP output checksumming, interactions of TCP/UDP checksumming with routing changes. | |||
| 2001-06-19 | revert parts that were meant to be committed (June 12th commit) | jasoni | |
| - ok angelos@ | |||
| 2001-06-14 | limited broadcast 255.255.255.255 was not recognized correctly, reported | Niels Provos | |
| by crh@ubiqx.mn.org, fix from NetBSD; okay angelos@ | |||
| 2001-06-12 | IPsec-related socket options; these can be set/removed/retrieved, but | Angelos D. Keromytis | |
| are not taken into consideration in anything just yet. | |||
| 2001-06-08 | Cut down on include files. | Angelos D. Keromytis | |
| 2001-06-05 | That debug message was just too chatty, even as a debug message :-) | Angelos D. Keromytis | |
| 2001-05-30 | Update to match prototype. | Angelos D. Keromytis | |
| 2001-05-30 | Remove ipf. Darren Reed has interpreted his (old, new, whichever) | Theo de Raadt | |
| licence in a way that makes ipf not free according to the rules we established over 5 years ago, at www.openbsd.org/goals.html (and those same basic rules govern the other *BSD projects too). Specifically, Darren says that modified versions are not permitted. But software which OpenBSD uses and redistributes must be free to all (be they people or companies), for any purpose they wish to use it, including modification, use, peeing on, or even integration into baby mulching machines or atomic bombs to be dropped on Australia. Furthermore, we know of a number of companies using ipf with modification like us, who are now in the same situation, and we hope that some of them will work with us to fill this gap that now exists in OpenBSD (temporarily, we hope). | |||
| 2001-05-29 | Make sure packets that need crypto processing on the NIC don't escape | Angelos D. Keromytis | |
| (because of routing changes etc.) | |||
| 2001-05-28 | Don't check IP_ENCAPSULATED. | Angelos D. Keromytis | |
| 2001-05-27 | And clear the M_PKTHDR flag. | Angelos D. Keromytis | |
| 2001-05-27 | Copy tags to first mbuf. | Angelos D. Keromytis | |
| 2001-05-27 | Placeholders for the new socket options. | Angelos D. Keromytis | |
| 2001-05-27 | Use the new IPsec tags. | Angelos D. Keromytis | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |