Age | Commit message (Collapse) | Author | |
---|---|---|---|
2004-06-21 | First step towards more sane time handling in the kernel -- this changes | Thorsten Lockert | |
things such that code that only need a second-resolution uptime or wall time, and used to get that from time.tv_secs or mono_time.tv_secs now get this from separate time_t globals time_second and time_uptime. ok art@ niklas@ nordin@ | |||
2004-06-21 | make it possble to use IPsec over link-local address (policy table uses | Jun-ichiro itojun Hagino | |
sin6_scope_id, IPsec porion uses embedded form). beck ok | |||
2004-04-18 | pass esp/ah/ipcmp to rawip if processing is disabled with sysctl; | Markus Friedl | |
allows userland ipsec; tested by sturm@; ok deraadt@, ho@, hshoexer@ | |||
2004-02-17 | switch to sysctl_int_arr(); ok henning, deraadt | Markus Friedl | |
2003-12-02 | UDP encapsulation for ESP in transport mode (draft-ietf-ipsec-udp-encaps-XX.txt) | Markus Friedl | |
ok deraadt@ | |||
2003-07-28 | allow gif(4) over ipsec: mark mbuf for transport mode SA, | Markus Friedl | |
so in_gif_input can detect whether a proto 4 header is due to ipsec tunnel mode or gif(4) encapsulation; fixes pr 3023 ok itojun@. provos@ and angelos@ agree; tested by sturm@ | |||
2003-07-24 | update ip_len to reflect tunnel header removal (lost duing ip_len | Markus Friedl | |
flip changes); ok itojun; noticed by jrrs@ice-nine.org | |||
2003-07-09 | do not flip ip_len/ip_off in netinet stack. deraadt ok. | Jun-ichiro itojun Hagino | |
(please test, especially PF portion) | |||
2003-07-08 | make sure the packets contains a complete inner header | Markus Friedl | |
for ip{4,6}-in-ip{4,6} encapsulation; fixes panic for truncated ip-in-ip over ipsec; ok angelos@ | |||
2003-07-04 | knf typo | Markus Friedl | |
2003-05-03 | just as a safety measure, set m_flags to 0 for mbufs allocated on stack. | Jun-ichiro itojun Hagino | |
dhartmei ok | |||
2003-02-20 | knf | Theo de Raadt | |
2003-02-20 | If there's no tag to be reset, don't reset it (avoids a NULL deref in the ↵ | Jason Wright | |
IPCOMP case) | |||
2002-06-28 | Fix usage counter for IPCOMP --- sam@errno.com | Angelos D. Keromytis | |
2002-06-25 | Forgot variable. | Angelos D. Keromytis | |
2002-06-25 | Handle correctly return values from xf_input methods --- since the | Angelos D. Keromytis | |
return value was ignored anyway, this wasn't a problem so far. From sam@errno.com | |||
2002-06-13 | Remove whitespace from the end of the file. | Angelos D. Keromytis | |
2002-06-09 | whitespace | Jun-ichiro itojun Hagino | |
2002-06-09 | Set/clear M_AUTH_AH. | Angelos D. Keromytis | |
2002-01-23 | disable pmtu for ipsec when the sysctl says so; bug report cjkim2000@yahoo.com | Niels Provos | |
2001-12-06 | Use hzto() to handle overflow of (hz * timeout) cases --- when using | Angelos D. Keromytis | |
extremely long SA expirations. | |||
2001-08-09 | Don't check the source address on the packet vs. the one on the SA, as | Angelos D. Keromytis | |
this prevents use of ESP in mobility; pointed out on the IETF mailing list by Francis Dupont. | |||
2001-08-08 | Remove IPCOMP option, it's now part of IPSEC option. You still need to | Jean-Jacques Bernard-Gundol | |
enable ipcomp via sysctl to use it. deraadt@ ok. | |||
2001-08-07 | enable ah & esp by default, now that we trust the code more | Theo de Raadt | |
2001-07-06 | Don't use enc0 interface for IPComp. angelos@ ok. | Jean-Jacques Bernard-Gundol | |
2001-07-05 | IPComp support. angelos@ ok. | Jean-Jacques Bernard-Gundol | |
2001-06-26 | KNF | Angelos D. Keromytis | |
2001-06-25 | Copyright. | Angelos D. Keromytis | |
2001-06-24 | path mtu discovery for ipsec. on receiving a need fragment icmp match | Niels Provos | |
against active tdb and store the ipsec header size corrected mtu | |||
2001-06-23 | Remove unneeded ip_id convertions. | Federico G. Schwindt | |
Instead of using HTONS macro in some places, use htons directly in the struct member and save us a few bytes. Fix comment. | |||
2001-06-19 | mop up after angelos | Theo de Raadt | |
2001-06-08 | Trim include files. | Angelos D. Keromytis | |
2001-06-05 | Add a few DPRINTF()'s | Angelos D. Keromytis | |
2001-05-29 | Record last use time for SAs. | Angelos D. Keromytis | |
2001-05-27 | If we are passed a packet tag, it's an IPSEC_IN_CRYPTO_DONE so convert | Angelos D. Keromytis | |
it to IPSEC_IN_DONE, rather than adding a new one. | |||
2001-05-27 | Forgot to convert this tag. | Angelos D. Keromytis | |
2001-05-20 | Use packet tags to signal input IPsec processing to upper layer protocols. | Angelos D. Keromytis | |
2001-05-11 | Check m_pullup() and m_pullup2() return for NULL, not 0; itojun@ ok | Aaron Campbell | |
2001-04-06 | Move offsetof define into sys/param.h | Constantine Sapuntzakis | |
2001-03-30 | Protect the IF_XXX macros in the callback routines with splimp(). Doh! | Angelos D. Keromytis | |
Thanks to erik@ipunplugged.com | |||
2001-03-28 | Allow tdbi's to appear in mbufs throughout the stack; this allows | Angelos D. Keromytis | |
security properties of the packets to be pushed up to the application (not done yet). Eventually, this will be turned into a packet attributes framework. Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS) does weird things with mbufs. | |||
2001-03-15 | convert SA expirations to the new timeouts. | Michael Shalayeff | |
simplifies expirations handling a lot. tdb_exp_timeout and tdb_soft_timeout are made consistant throughout the code to be a relative time offsets, just like first_use timeouts. tested on singlehost isakmpd setup. lots of dangling spaces and tabs removed. angelos@ ok | |||
2000-09-19 | Lots and lots of changes. | Angelos D. Keromytis | |
2000-09-17 | Drop dubious ESP/AH packets without crashing (thanks to dr@kyx.net and | Angelos D. Keromytis | |
mfranz@cisco.com for finding the problem). | |||
2000-07-11 | Correctly handle ip_off; angelos@ | Todd C. Miller | |
2000-06-20 | do not play with rcvif, if the traffic is non-IPv4. | Jun-ichiro itojun Hagino | |
by setting rcvif to enc*, we break IPv6 scope considerations. | |||
2000-06-19 | correct header chasing code. take care of AH length. | Jun-ichiro itojun Hagino | |
2000-06-18 | Arguments. | Angelos D. Keromytis | |
2000-06-18 | Use ip6_sprintf() rather than the home-cooked inet6_ntoa4() | Angelos D. Keromytis | |
2000-06-18 | IPv6 AH/ESP support, inbound side only. tested with KAME. | Jun-ichiro itojun Hagino | |