| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2007-02-14 | Consistently spell FALLTHROUGH to appease lint. | Jonathan Gray | |
| ok kettenis@ cloder@ tom@ henning@ | |||
| 2006-06-16 | adjust functions dealing with the routing table to take a table ID as | Henning Brauer | |
| parameter so they can work on alternate tables. table 0 hardcoded for many callers yet, that will be adapted step by step. input + ok claudio norby hshoexer | |||
| 2005-02-17 | miscellaneous typo fixes: | Jean-Francois Brousseau | |
| - sturct -> struct (spotted by pedro) - elimination of consecutive 'the' words ok jmc@, henning@, krw@, robert@, some whining by jolan@ | |||
| 2004-06-21 | First step towards more sane time handling in the kernel -- this changes | Thorsten Lockert | |
| things such that code that only need a second-resolution uptime or wall time, and used to get that from time.tv_secs or mono_time.tv_secs now get this from separate time_t globals time_second and time_uptime. ok art@ niklas@ nordin@ | |||
| 2004-06-21 | make it possble to use IPsec over link-local address (policy table uses | Jun-ichiro itojun Hagino | |
| sin6_scope_id, IPsec porion uses embedded form). beck ok | |||
| 2004-04-14 | simpler ipsp_aux_match() API; ok henning, hshoexer | Markus Friedl | |
| 2002-11-12 | Check for undersized IP header, found by jbm@, ok angelos@ | Daniel Hartmeier | |
| 2002-06-09 | whitespace | Jun-ichiro itojun Hagino | |
| 2002-05-31 | Per-socket policies and authentication. Finally. | Angelos D. Keromytis | |
| 2002-02-18 | Search the correct ACQUIRE list --- shifflett@nps.navy.mil | Angelos D. Keromytis | |
| 2002-01-23 | It looks like there has been one crack smoking and a few cut and pastes. | Artur Grabowski | |
| PR_FREEHEADER should not be set in pool_init by the caller. It shouldn't be set in pool_init at all. Besides, it's going away soon anyway. | |||
| 2002-01-23 | Pool deals fairly well with physical memory shortage, but it doesn't deal | Artur Grabowski | |
| well (not at all) with shortages of the vm_map where the pages are mapped (usually kmem_map). Try to deal with it: - group all information the backend allocator for a pool in a separate struct. The pool will only have a pointer to that struct. - change the pool_init API to reflect that. - link all pools allocating from the same allocator on a linked list. - Since an allocator is responsible to wait for physical memory it will only fail (waitok) when it runs out of its backing vm_map, carefully drain pools using the same allocator so that va space is freed. (see comments in code for caveats and details). - change pool_reclaim to return if it actually succeeded to free some memory, use that information to make draining easier and more efficient. - get rid of PR_URGENT, noone uses it. | |||
| 2002-01-02 | at least ; required after label or case; openbsd@davidkrause.com | Theo de Raadt | |
| 2001-09-24 | Reset the error return value if the cached TDB matches the | Angelos D. Keromytis | |
| policy. Pointed out by jdmcbride@iol.ie | |||
| 2001-08-21 | When the outgoing socket has BYPASS set, don't bother calling the | Angelos D. Keromytis | |
| PCB-checking routine. | |||
| 2001-08-15 | bcmp done wrong, detected at bakeoff. Hint: always use | Niklas Hallqvist | |
| relational operators when using *cmp APIs in conditional expressions. | |||
| 2001-08-06 | Don't drop packets if we're using an ACQUIRE policy and some error | Angelos D. Keromytis | |
| occurs while notifying key mgmt; also, always check for new TDBs for policies where the destination gateway is left unspecified (end-to-end IPsec case), to avoid asking for new SAs from key mgmt. | |||
| 2001-06-27 | Use TAILQ_FOREACH() instead of hand-crafted for loops. | Angelos D. Keromytis | |
| 2001-06-27 | When determining whether there's a pending acquire wrt a policy, look | Angelos D. Keromytis | |
| at the acquires associated with the policy only. | |||
| 2001-06-27 | Attach IPsec acquire state to policy entries, and relevant cleanups. | Angelos D. Keromytis | |
| 2001-06-27 | Don't cache packets that hit policies -- we'll do that at the PCB for | Angelos D. Keromytis | |
| local packets. | |||
| 2001-06-26 | Use the ACQUIRE sequence number to "wake up" acquire state kept and | Angelos D. Keromytis | |
| cause retransmission of outgoing packets. Also, only store outgoing packets -- just drop incoming packets that cause an SA acquisition. Some comment fixup. | |||
| 2001-06-26 | ifdef out some currently unused code | Angelos D. Keromytis | |
| 2001-06-26 | Rewrite ipsp_clear_acquire() to be more readable, after all the KNF'ing | Angelos D. Keromytis | |
| 2001-06-26 | Use pool(9) for IPsec acquires too. | Angelos D. Keromytis | |
| 2001-06-26 | Use pool(9) for IPsec policy structures. | Angelos D. Keromytis | |
| 2001-06-26 | Keep the PFKEY sequence number at the TDB, plus a little bit of KNF | Angelos D. Keromytis | |
| 2001-06-26 | KNF | Angelos D. Keromytis | |
| 2001-06-25 | Copyright. | Angelos D. Keromytis | |
| 2001-06-24 | use new timeouts for spd expirations; ho@ ok | Michael Shalayeff | |
| 2001-06-08 | Trim include files. | Angelos D. Keromytis | |
| 2001-06-07 | Simplify SPD logic (and correct some input cases). | Angelos D. Keromytis | |
| 2001-05-30 | Match prototype. | Angelos D. Keromytis | |
| 2001-05-30 | Correctly free information attached to the policy. | Angelos D. Keromytis | |
| 2001-05-05 | Check that SAs also match on the credentials and the IDs. This means | Angelos D. Keromytis | |
| that flows with different source/destination ID requirements will cause different SAs to be established by IKE (or whatever other protocol). Also, use the new data types for allocated memory. | |||
| 2001-04-23 | Missing splx in error handling. | Artur Grabowski | |
| 2001-04-14 | Minor changes, preparing for real socket-attached TDBs; also, more | Angelos D. Keromytis | |
| information will be stored in the TDB. ok ho@ provos@ | |||
| 2001-04-10 | allow host-to-host negotiations if no gateway has been specified. | Niels Provos | |
| from angelos@ | |||
| 2001-04-06 | Move offsetof define into sys/param.h | Constantine Sapuntzakis | |
| 2001-03-28 | Allow tdbi's to appear in mbufs throughout the stack; this allows | Angelos D. Keromytis | |
| security properties of the packets to be pushed up to the application (not done yet). Eventually, this will be turned into a packet attributes framework. Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS) does weird things with mbufs. | |||
| 2001-03-15 | include <machine/cpu.h>, since schednetisr needs to do a splsoftnet | Brandon Creighton | |
| 2001-02-28 | Pretty. | Angelos D. Keromytis | |
| 2001-02-28 | Handle failures more gracefully. | Angelos D. Keromytis | |
| 2001-02-28 | Keep the last packet sent or received that matched an SPD entry, and | Angelos D. Keromytis | |
| retransmit if we eventually have an SA setup for that policy. | |||
| 2000-12-14 | Compile in non-INET6 kernels. | Angelos D. Keromytis | |
| 2000-12-14 | Always look for a suitable TDB if the gateway is left unspecified. | Angelos D. Keromytis | |
| 2000-11-17 | All-1s addresses as policy destinations is also reserved for future | Angelos D. Keromytis | |
| use (policy discovery). | |||
| 2000-10-18 | Fix compile error if lacking -DINET6 | Chris Cappuccio | |
| 2000-10-14 | ASKPOLICY message; used by key management to inquire about policy | Angelos D. Keromytis | |
| triggering an ACQUIRE. | |||
| 2000-09-29 | Make sure there's enough data on the mbuf for the TCP/UDP ports (if | Angelos D. Keromytis | |
| applicable) -- bug located thanks to a crashdump from HJungheim@vpnet.com | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |