Age | Commit message (Collapse) | Author | |
---|---|---|---|
2000-09-19 | Lots and lots of changes. | Angelos D. Keromytis | |
2000-09-17 | Drop dubious ESP/AH packets without crashing (thanks to dr@kyx.net and | Angelos D. Keromytis | |
mfranz@cisco.com for finding the problem). | |||
2000-07-11 | Correctly handle ip_off; angelos@ | Todd C. Miller | |
2000-06-20 | do not play with rcvif, if the traffic is non-IPv4. | Jun-ichiro itojun Hagino | |
by setting rcvif to enc*, we break IPv6 scope considerations. | |||
2000-06-19 | correct header chasing code. take care of AH length. | Jun-ichiro itojun Hagino | |
2000-06-18 | Arguments. | Angelos D. Keromytis | |
2000-06-18 | Use ip6_sprintf() rather than the home-cooked inet6_ntoa4() | Angelos D. Keromytis | |
2000-06-18 | IPv6 AH/ESP support, inbound side only. tested with KAME. | Jun-ichiro itojun Hagino | |
2000-06-18 | Remove outdated comment. | Angelos D. Keromytis | |
2000-03-29 | Be consistent about packet properties. | Angelos D. Keromytis | |
2000-03-29 | Fix problem with TCP/UDP and ACLs. | Angelos D. Keromytis | |
2000-03-29 | Minor cleanup. | Angelos D. Keromytis | |
2000-03-17 | Cryptographic services framework, and software "device driver". The | Angelos D. Keromytis | |
idea is to support various cryptographic hardware accelerators (which may be (detachable) cards, secondary/tertiary/etc processors, software crypto, etc). Supports session migration between crypto devices. What it doesn't (yet) support: - multiple instances of the same algorithm used in the same session - use of multiple crypto drivers in the same session - asymmetric crypto No support for a userland device yet. IPsec code path modified to allow for asynchronous cryptography (callbacks used in both input and output processing). Some unrelated code simplification done in the process (especially for AH). Development of this code kindly supported by Network Security Technologies (NSTI). The code was writen mostly in Greece, and is being committed from Montreal. | |||
2000-02-07 | fix include file path related to ip6. | Jun-ichiro itojun Hagino | |
2000-01-27 | Merge "old" and "new" ESP and AH in two files (one for each). | Angelos D. Keromytis | |
Fix a couple of buglets with ingress flow deletion. tcpdump on enc0 should now show all outgoing packets *before* being processed, and all incoming packets *after* being processed. Good to be in Canada (land of the free commits). | |||
2000-01-25 | Ok, so setsoftnet is md. | Marc Espie | |
Well, on the amiga, setsoftnet *REQUIRES* machine/cpu.h to work... and no include mentioned in those files pulls machine/cpu.h... Nit-fix: / * INET6 */ -> /* INET6 */ | |||
2000-01-15 | Remove unnecessary definition. | Angelos D. Keromytis | |
2000-01-15 | Add function prototype. | Angelos D. Keromytis | |
2000-01-15 | Change function type to non-static. | Angelos D. Keromytis | |
2000-01-10 | 1) Setup a silent TDB expiration for embryonic SAs. | Angelos D. Keromytis | |
2) Fix check_ipsec_policy() to deal with v6 PCBs. 3) Fix ACL protocol check. | |||
2000-01-10 | Fix tdbi setup for TCP and UDP packets. | Angelos D. Keromytis | |
2000-01-10 | Typo. | Angelos D. Keromytis | |
2000-01-10 | Quick-drop packets (before real processing) if ingress filtering is on | Angelos D. Keromytis | |
and the SA ACL is empty. | |||
2000-01-10 | Fix error message. | Angelos D. Keromytis | |
2000-01-09 | Add ingress ACL for IPsec: after being processed, IPsec packets are | Angelos D. Keromytis | |
matched against a list of acceptable packet classes, if sysctl variable net.inet.ip.ipsec-acl is set to 1. | |||
2000-01-08 | Fix serious crash-and-burn bug I introduced with last revision. | Angelos D. Keromytis | |
2000-01-03 | Chase down the IPv6 header chain to find the right place swap the Next | Angelos D. Keromytis | |
Payload value. Note to self: it would be nice if we had a very of m_copydata() with memory (so it wouldn't need to start the search from the begining of the mbuf). | |||
2000-01-02 | Move the requeueing logic from ipsec_input() to ah_input() and | Angelos D. Keromytis | |
esp_input(), since this is only needed for IPv4; IPv6 header processing follows a different approach. | |||
2000-01-02 | Change ipsec_input() to return error. | Angelos D. Keromytis | |
1999-12-31 | fix IPv6 ipsec template lossage. | Jun-ichiro itojun Hagino | |
- previous code grabbed new nexthdr mistakingly - parameter passing must follow ip6protows (actually the code will never get called until in6_proto.c is updated) the current code assumes that {AH,ESP} is right next to IPv6 header. the assumption must be removed, but it means that we need to chase header chain... | |||
1999-12-25 | Change some function prototypes, dont unnecessarily initialize some | Angelos D. Keromytis | |
variables. | |||
1999-12-09 | So I was lying...unify ESP and AH wrapper-input processing. The new | Angelos D. Keromytis | |
file contains a common routine for massaging the packet, doing peripheral checks, update statistics, etc. common for both AH/ESP, both IPv4/IPv6. Also wrapper routines for AH/ESP-v4/v6, and the sysctl routines from ip_ah.c/ip_esp.c |