summaryrefslogtreecommitdiff
path: root/sys/netinet/ipsec_input.c
AgeCommit message (Expand)Author
2009-08-09once again ipsec tries to be clever and plays fast, this time byHenning Brauer
2008-10-22#if INET => #ifdef INETMarco Pfatschbacher
2008-10-22filter ipv6 ipsec packets on enc0 (in and out), similar to ipv4;Markus Friedl
2008-08-26call pf_pkt_addr_changed instead of manually clearing the pf state key ptrHenning Brauer
2008-07-24ipsec is glued into the stack in a very weird way, violating all kindsHenning Brauer
2008-06-14make easier to read, found during a bug hunt earlierTodd T. Fries
2008-06-11fix an old typo that prevented outer ipv6 headers from being corrected,Can Erkin Acar
2007-12-14add sysctl entry points into various network layers, in particular toTheo de Raadt
2007-05-28double pf performance.Henning Brauer
2007-02-08- AH: when computing crypto checksum for output, massage source-routingJun-ichiro itojun Hagino
2006-12-15make enc(4) count; ok markus@ henning@ deraadt@Otto Moerbeek
2006-12-05do not install pmtu routes for transport mode SAs, as they do notMarkus Friedl
2006-11-24add support to tag ipsec traffic belonging to specific IKE-initiatedReyk Floeter
2006-03-25allow bpf(4) to ignore packets based on their direction (inbound orDamien Miller
2006-03-04With the exception of two other small uncommited diffs this movesBrad Smith
2006-01-13Path MTU discovery for NAT-T.Marco Pfatschbacher
2005-07-31Introduce bpf_mtap_af and bpf_mtap_hdr to be used when passing a mbuf chainChristopher Pascoe
2004-11-25resolve conflict between M_TUNNEL and M_ANYCAST6, remove M_COMP (it'sMarkus Friedl
2004-06-21First step towards more sane time handling in the kernel -- this changesThorsten Lockert
2004-06-21make it possble to use IPsec over link-local address (policy table usesJun-ichiro itojun Hagino
2004-04-18pass esp/ah/ipcmp to rawip if processing is disabled with sysctl;Markus Friedl
2004-02-17switch to sysctl_int_arr(); ok henning, deraadtMarkus Friedl
2003-12-02UDP encapsulation for ESP in transport mode (draft-ietf-ipsec-udp-encaps-XX.txt)Markus Friedl
2003-07-28allow gif(4) over ipsec: mark mbuf for transport mode SA,Markus Friedl
2003-07-24update ip_len to reflect tunnel header removal (lost duing ip_lenMarkus Friedl
2003-07-09do not flip ip_len/ip_off in netinet stack. deraadt ok.Jun-ichiro itojun Hagino
2003-07-08make sure the packets contains a complete inner headerMarkus Friedl
2003-07-04knf typoMarkus Friedl
2003-05-03just as a safety measure, set m_flags to 0 for mbufs allocated on stack.Jun-ichiro itojun Hagino
2003-02-20knfTheo de Raadt
2003-02-20If there's no tag to be reset, don't reset it (avoids a NULL deref in the IPC...Jason Wright
2002-06-28Fix usage counter for IPCOMP --- sam@errno.comAngelos D. Keromytis
2002-06-25Forgot variable.Angelos D. Keromytis
2002-06-25Handle correctly return values from xf_input methods --- since theAngelos D. Keromytis
2002-06-13Remove whitespace from the end of the file.Angelos D. Keromytis
2002-06-09whitespaceJun-ichiro itojun Hagino
2002-06-09Set/clear M_AUTH_AH.Angelos D. Keromytis
2002-01-23disable pmtu for ipsec when the sysctl says so; bug report cjkim2000@yahoo.comNiels Provos
2001-12-06Use hzto() to handle overflow of (hz * timeout) cases --- when usingAngelos D. Keromytis
2001-08-09Don't check the source address on the packet vs. the one on the SA, asAngelos D. Keromytis
2001-08-08Remove IPCOMP option, it's now part of IPSEC option. You still need toJean-Jacques Bernard-Gundol
2001-08-07enable ah & esp by default, now that we trust the code moreTheo de Raadt
2001-07-06Don't use enc0 interface for IPComp. angelos@ ok.Jean-Jacques Bernard-Gundol
2001-07-05IPComp support. angelos@ ok.Jean-Jacques Bernard-Gundol
2001-06-26KNFAngelos D. Keromytis
2001-06-25Copyright.Angelos D. Keromytis
2001-06-24path mtu discovery for ipsec. on receiving a need fragment icmp matchNiels Provos
2001-06-23Remove unneeded ip_id convertions.Federico G. Schwindt
2001-06-19mop up after angelosTheo de Raadt
2001-06-08Trim include files.Angelos D. Keromytis