summaryrefslogtreecommitdiff
path: root/sys/netinet/ipsec_input.c
AgeCommit message (Expand)Author
2001-12-06Use hzto() to handle overflow of (hz * timeout) cases --- when usingAngelos D. Keromytis
2001-08-09Don't check the source address on the packet vs. the one on the SA, asAngelos D. Keromytis
2001-08-08Remove IPCOMP option, it's now part of IPSEC option. You still need toJean-Jacques Bernard-Gundol
2001-08-07enable ah & esp by default, now that we trust the code moreTheo de Raadt
2001-07-06Don't use enc0 interface for IPComp. angelos@ ok.Jean-Jacques Bernard-Gundol
2001-07-05IPComp support. angelos@ ok.Jean-Jacques Bernard-Gundol
2001-06-26KNFAngelos D. Keromytis
2001-06-25Copyright.Angelos D. Keromytis
2001-06-24path mtu discovery for ipsec. on receiving a need fragment icmp matchNiels Provos
2001-06-23Remove unneeded ip_id convertions.Federico G. Schwindt
2001-06-19mop up after angelosTheo de Raadt
2001-06-08Trim include files.Angelos D. Keromytis
2001-06-05Add a few DPRINTF()'sAngelos D. Keromytis
2001-05-29Record last use time for SAs.Angelos D. Keromytis
2001-05-27If we are passed a packet tag, it's an IPSEC_IN_CRYPTO_DONE so convertAngelos D. Keromytis
2001-05-27Forgot to convert this tag.Angelos D. Keromytis
2001-05-20Use packet tags to signal input IPsec processing to upper layer protocols.Angelos D. Keromytis
2001-05-11Check m_pullup() and m_pullup2() return for NULL, not 0; itojun@ okAaron Campbell
2001-04-06Move offsetof define into sys/param.hConstantine Sapuntzakis
2001-03-30Protect the IF_XXX macros in the callback routines with splimp(). Doh!Angelos D. Keromytis
2001-03-28Allow tdbi's to appear in mbufs throughout the stack; this allowsAngelos D. Keromytis
2001-03-15convert SA expirations to the new timeouts.Michael Shalayeff
2000-09-19Lots and lots of changes.Angelos D. Keromytis
2000-09-17Drop dubious ESP/AH packets without crashing (thanks to dr@kyx.net andAngelos D. Keromytis
2000-07-11Correctly handle ip_off; angelos@Todd C. Miller
2000-06-20do not play with rcvif, if the traffic is non-IPv4.Jun-ichiro itojun Hagino
2000-06-19correct header chasing code. take care of AH length.Jun-ichiro itojun Hagino
2000-06-18Arguments.Angelos D. Keromytis
2000-06-18Use ip6_sprintf() rather than the home-cooked inet6_ntoa4()Angelos D. Keromytis
2000-06-18IPv6 AH/ESP support, inbound side only. tested with KAME.Jun-ichiro itojun Hagino
2000-06-18Remove outdated comment.Angelos D. Keromytis
2000-03-29Be consistent about packet properties.Angelos D. Keromytis
2000-03-29Fix problem with TCP/UDP and ACLs.Angelos D. Keromytis
2000-03-29Minor cleanup.Angelos D. Keromytis
2000-03-17Cryptographic services framework, and software "device driver". TheAngelos D. Keromytis
2000-02-07fix include file path related to ip6.Jun-ichiro itojun Hagino
2000-01-27Merge "old" and "new" ESP and AH in two files (one for each).Angelos D. Keromytis
2000-01-25Ok, so setsoftnet is md.Marc Espie
2000-01-15Remove unnecessary definition.Angelos D. Keromytis
2000-01-15Add function prototype.Angelos D. Keromytis
2000-01-15Change function type to non-static.Angelos D. Keromytis
2000-01-101) Setup a silent TDB expiration for embryonic SAs.Angelos D. Keromytis
2000-01-10Fix tdbi setup for TCP and UDP packets.Angelos D. Keromytis
2000-01-10Typo.Angelos D. Keromytis
2000-01-10Quick-drop packets (before real processing) if ingress filtering is onAngelos D. Keromytis
2000-01-10Fix error message.Angelos D. Keromytis
2000-01-09Add ingress ACL for IPsec: after being processed, IPsec packets areAngelos D. Keromytis
2000-01-08Fix serious crash-and-burn bug I introduced with last revision.Angelos D. Keromytis
2000-01-03Chase down the IPv6 header chain to find the right place swap the NextAngelos D. Keromytis
2000-01-02Move the requeueing logic from ipsec_input() to ah_input() andAngelos D. Keromytis
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-30 02:34:16 +0000