| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2002-01-02 | at least ; required after label or case; openbsd@davidkrause.com | Theo de Raadt | |
| 2001-09-24 | Reset the error return value if the cached TDB matches the | Angelos D. Keromytis | |
| policy. Pointed out by jdmcbride@iol.ie | |||
| 2001-08-21 | When the outgoing socket has BYPASS set, don't bother calling the | Angelos D. Keromytis | |
| PCB-checking routine. | |||
| 2001-08-15 | bcmp done wrong, detected at bakeoff. Hint: always use | Niklas Hallqvist | |
| relational operators when using *cmp APIs in conditional expressions. | |||
| 2001-08-06 | Don't drop packets if we're using an ACQUIRE policy and some error | Angelos D. Keromytis | |
| occurs while notifying key mgmt; also, always check for new TDBs for policies where the destination gateway is left unspecified (end-to-end IPsec case), to avoid asking for new SAs from key mgmt. | |||
| 2001-06-27 | Use TAILQ_FOREACH() instead of hand-crafted for loops. | Angelos D. Keromytis | |
| 2001-06-27 | When determining whether there's a pending acquire wrt a policy, look | Angelos D. Keromytis | |
| at the acquires associated with the policy only. | |||
| 2001-06-27 | Attach IPsec acquire state to policy entries, and relevant cleanups. | Angelos D. Keromytis | |
| 2001-06-27 | Don't cache packets that hit policies -- we'll do that at the PCB for | Angelos D. Keromytis | |
| local packets. | |||
| 2001-06-26 | Use the ACQUIRE sequence number to "wake up" acquire state kept and | Angelos D. Keromytis | |
| cause retransmission of outgoing packets. Also, only store outgoing packets -- just drop incoming packets that cause an SA acquisition. Some comment fixup. | |||
| 2001-06-26 | ifdef out some currently unused code | Angelos D. Keromytis | |
| 2001-06-26 | Rewrite ipsp_clear_acquire() to be more readable, after all the KNF'ing | Angelos D. Keromytis | |
| 2001-06-26 | Use pool(9) for IPsec acquires too. | Angelos D. Keromytis | |
| 2001-06-26 | Use pool(9) for IPsec policy structures. | Angelos D. Keromytis | |
| 2001-06-26 | Keep the PFKEY sequence number at the TDB, plus a little bit of KNF | Angelos D. Keromytis | |
| 2001-06-26 | KNF | Angelos D. Keromytis | |
| 2001-06-25 | Copyright. | Angelos D. Keromytis | |
| 2001-06-24 | use new timeouts for spd expirations; ho@ ok | Michael Shalayeff | |
| 2001-06-08 | Trim include files. | Angelos D. Keromytis | |
| 2001-06-07 | Simplify SPD logic (and correct some input cases). | Angelos D. Keromytis | |
| 2001-05-30 | Match prototype. | Angelos D. Keromytis | |
| 2001-05-30 | Correctly free information attached to the policy. | Angelos D. Keromytis | |
| 2001-05-05 | Check that SAs also match on the credentials and the IDs. This means | Angelos D. Keromytis | |
| that flows with different source/destination ID requirements will cause different SAs to be established by IKE (or whatever other protocol). Also, use the new data types for allocated memory. | |||
| 2001-04-23 | Missing splx in error handling. | Artur Grabowski | |
| 2001-04-14 | Minor changes, preparing for real socket-attached TDBs; also, more | Angelos D. Keromytis | |
| information will be stored in the TDB. ok ho@ provos@ | |||
| 2001-04-10 | allow host-to-host negotiations if no gateway has been specified. | Niels Provos | |
| from angelos@ | |||
| 2001-04-06 | Move offsetof define into sys/param.h | Constantine Sapuntzakis | |
| 2001-03-28 | Allow tdbi's to appear in mbufs throughout the stack; this allows | Angelos D. Keromytis | |
| security properties of the packets to be pushed up to the application (not done yet). Eventually, this will be turned into a packet attributes framework. Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS) does weird things with mbufs. | |||
| 2001-03-15 | include <machine/cpu.h>, since schednetisr needs to do a splsoftnet | Brandon Creighton | |
| 2001-02-28 | Pretty. | Angelos D. Keromytis | |
| 2001-02-28 | Handle failures more gracefully. | Angelos D. Keromytis | |
| 2001-02-28 | Keep the last packet sent or received that matched an SPD entry, and | Angelos D. Keromytis | |
| retransmit if we eventually have an SA setup for that policy. | |||
| 2000-12-14 | Compile in non-INET6 kernels. | Angelos D. Keromytis | |
| 2000-12-14 | Always look for a suitable TDB if the gateway is left unspecified. | Angelos D. Keromytis | |
| 2000-11-17 | All-1s addresses as policy destinations is also reserved for future | Angelos D. Keromytis | |
| use (policy discovery). | |||
| 2000-10-18 | Fix compile error if lacking -DINET6 | Chris Cappuccio | |
| 2000-10-14 | ASKPOLICY message; used by key management to inquire about policy | Angelos D. Keromytis | |
| triggering an ACQUIRE. | |||
| 2000-09-29 | Make sure there's enough data on the mbuf for the TCP/UDP ports (if | Angelos D. Keromytis | |
| applicable) -- bug located thanks to a crashdump from HJungheim@vpnet.com | |||
| 2000-09-27 | Fix checking for incoming packets when the remote gateway has been | Angelos D. Keromytis | |
| fully specified in the flow. | |||
| 2000-09-20 | Add IDENTITY payloads to flow establishment (and cleanup accordingly) | Angelos D. Keromytis | |
| -- this will address one of itojun's question on how are IDs for IKE to be determined (need to add support for this to ipsecadm). | |||
| 2000-09-19 | Lots and lots of changes. | Angelos D. Keromytis | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |