| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2003-05-03 | just as a safety measure, set m_flags to 0 for mbufs allocated on stack. | Jun-ichiro itojun Hagino | |
| dhartmei ok | |||
| 2003-02-20 | knf | Theo de Raadt | |
| 2003-02-20 | If there's no tag to be reset, don't reset it (avoids a NULL deref in the ↵ | Jason Wright | |
| IPCOMP case) | |||
| 2002-06-28 | Fix usage counter for IPCOMP --- sam@errno.com | Angelos D. Keromytis | |
| 2002-06-25 | Forgot variable. | Angelos D. Keromytis | |
| 2002-06-25 | Handle correctly return values from xf_input methods --- since the | Angelos D. Keromytis | |
| return value was ignored anyway, this wasn't a problem so far. From sam@errno.com | |||
| 2002-06-13 | Remove whitespace from the end of the file. | Angelos D. Keromytis | |
| 2002-06-09 | whitespace | Jun-ichiro itojun Hagino | |
| 2002-06-09 | Set/clear M_AUTH_AH. | Angelos D. Keromytis | |
| 2002-01-23 | disable pmtu for ipsec when the sysctl says so; bug report cjkim2000@yahoo.com | Niels Provos | |
| 2001-12-06 | Use hzto() to handle overflow of (hz * timeout) cases --- when using | Angelos D. Keromytis | |
| extremely long SA expirations. | |||
| 2001-08-09 | Don't check the source address on the packet vs. the one on the SA, as | Angelos D. Keromytis | |
| this prevents use of ESP in mobility; pointed out on the IETF mailing list by Francis Dupont. | |||
| 2001-08-08 | Remove IPCOMP option, it's now part of IPSEC option. You still need to | Jean-Jacques Bernard-Gundol | |
| enable ipcomp via sysctl to use it. deraadt@ ok. | |||
| 2001-08-07 | enable ah & esp by default, now that we trust the code more | Theo de Raadt | |
| 2001-07-06 | Don't use enc0 interface for IPComp. angelos@ ok. | Jean-Jacques Bernard-Gundol | |
| 2001-07-05 | IPComp support. angelos@ ok. | Jean-Jacques Bernard-Gundol | |
| 2001-06-26 | KNF | Angelos D. Keromytis | |
| 2001-06-25 | Copyright. | Angelos D. Keromytis | |
| 2001-06-24 | path mtu discovery for ipsec. on receiving a need fragment icmp match | Niels Provos | |
| against active tdb and store the ipsec header size corrected mtu | |||
| 2001-06-23 | Remove unneeded ip_id convertions. | Federico G. Schwindt | |
| Instead of using HTONS macro in some places, use htons directly in the struct member and save us a few bytes. Fix comment. | |||
| 2001-06-19 | mop up after angelos | Theo de Raadt | |
| 2001-06-08 | Trim include files. | Angelos D. Keromytis | |
| 2001-06-05 | Add a few DPRINTF()'s | Angelos D. Keromytis | |
| 2001-05-29 | Record last use time for SAs. | Angelos D. Keromytis | |
| 2001-05-27 | If we are passed a packet tag, it's an IPSEC_IN_CRYPTO_DONE so convert | Angelos D. Keromytis | |
| it to IPSEC_IN_DONE, rather than adding a new one. | |||
| 2001-05-27 | Forgot to convert this tag. | Angelos D. Keromytis | |
| 2001-05-20 | Use packet tags to signal input IPsec processing to upper layer protocols. | Angelos D. Keromytis | |
| 2001-05-11 | Check m_pullup() and m_pullup2() return for NULL, not 0; itojun@ ok | Aaron Campbell | |
| 2001-04-06 | Move offsetof define into sys/param.h | Constantine Sapuntzakis | |
| 2001-03-30 | Protect the IF_XXX macros in the callback routines with splimp(). Doh! | Angelos D. Keromytis | |
| Thanks to erik@ipunplugged.com | |||
| 2001-03-28 | Allow tdbi's to appear in mbufs throughout the stack; this allows | Angelos D. Keromytis | |
| security properties of the packets to be pushed up to the application (not done yet). Eventually, this will be turned into a packet attributes framework. Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS) does weird things with mbufs. | |||
| 2001-03-15 | convert SA expirations to the new timeouts. | Michael Shalayeff | |
| simplifies expirations handling a lot. tdb_exp_timeout and tdb_soft_timeout are made consistant throughout the code to be a relative time offsets, just like first_use timeouts. tested on singlehost isakmpd setup. lots of dangling spaces and tabs removed. angelos@ ok | |||
| 2000-09-19 | Lots and lots of changes. | Angelos D. Keromytis | |
| 2000-09-17 | Drop dubious ESP/AH packets without crashing (thanks to dr@kyx.net and | Angelos D. Keromytis | |
| mfranz@cisco.com for finding the problem). | |||
| 2000-07-11 | Correctly handle ip_off; angelos@ | Todd C. Miller | |
| 2000-06-20 | do not play with rcvif, if the traffic is non-IPv4. | Jun-ichiro itojun Hagino | |
| by setting rcvif to enc*, we break IPv6 scope considerations. | |||
| 2000-06-19 | correct header chasing code. take care of AH length. | Jun-ichiro itojun Hagino | |
| 2000-06-18 | Arguments. | Angelos D. Keromytis | |
| 2000-06-18 | Use ip6_sprintf() rather than the home-cooked inet6_ntoa4() | Angelos D. Keromytis | |
| 2000-06-18 | IPv6 AH/ESP support, inbound side only. tested with KAME. | Jun-ichiro itojun Hagino | |
| 2000-06-18 | Remove outdated comment. | Angelos D. Keromytis | |
| 2000-03-29 | Be consistent about packet properties. | Angelos D. Keromytis | |
| 2000-03-29 | Fix problem with TCP/UDP and ACLs. | Angelos D. Keromytis | |
| 2000-03-29 | Minor cleanup. | Angelos D. Keromytis | |
| 2000-03-17 | Cryptographic services framework, and software "device driver". The | Angelos D. Keromytis | |
| idea is to support various cryptographic hardware accelerators (which may be (detachable) cards, secondary/tertiary/etc processors, software crypto, etc). Supports session migration between crypto devices. What it doesn't (yet) support: - multiple instances of the same algorithm used in the same session - use of multiple crypto drivers in the same session - asymmetric crypto No support for a userland device yet. IPsec code path modified to allow for asynchronous cryptography (callbacks used in both input and output processing). Some unrelated code simplification done in the process (especially for AH). Development of this code kindly supported by Network Security Technologies (NSTI). The code was writen mostly in Greece, and is being committed from Montreal. | |||
| 2000-02-07 | fix include file path related to ip6. | Jun-ichiro itojun Hagino | |
| 2000-01-27 | Merge "old" and "new" ESP and AH in two files (one for each). | Angelos D. Keromytis | |
| Fix a couple of buglets with ingress flow deletion. tcpdump on enc0 should now show all outgoing packets *before* being processed, and all incoming packets *after* being processed. Good to be in Canada (land of the free commits). | |||
| 2000-01-25 | Ok, so setsoftnet is md. | Marc Espie | |
| Well, on the amiga, setsoftnet *REQUIRES* machine/cpu.h to work... and no include mentioned in those files pulls machine/cpu.h... Nit-fix: / * INET6 */ -> /* INET6 */ | |||
| 2000-01-15 | Remove unnecessary definition. | Angelos D. Keromytis | |
| 2000-01-15 | Add function prototype. | Angelos D. Keromytis | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |