| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2002-06-09 | whitespace | Jun-ichiro itojun Hagino | |
| 2002-06-07 | avoid is_ipv6 construct. a step towards IPv4-less kernel | Jun-ichiro itojun Hagino | |
| 2002-06-07 | no need for IPv4 mapped addr support | Jun-ichiro itojun Hagino | |
| 2002-06-07 | missing bzero! - now linklocal tcp works correctly | Jun-ichiro itojun Hagino | |
| 2002-05-31 | Socket-specific IPsec policy. | Angelos D. Keromytis | |
| 2002-05-29 | attach nd_ifinfo structure to if_afdata. | Jun-ichiro itojun Hagino | |
| split IPv6 MTU (advertised by RA) from real link MTU. sync with kame | |||
| 2002-05-16 | bring in ECN support from KAME. | Kenjiro Cho | |
| it consists of - ECN support in TCP - tunnel-egress and fragment reassembly rules in layer-3 not to lose congestion info at tunnel-egress and fragment reassembly to enable ECN in TCP, build a kernel with TCP_ECN, and then, turn it on by "sysctl -w net.inet.tcp.ecn=1". ok deraadt@ | |||
| 2002-03-19 | drop TCP connections to broadcast address. | Jun-ichiro itojun Hagino | |
| From: "Crist J. Clark" <cjclark@alum.mit.edu> | |||
| 2002-03-15 | Kill #if __STDC__ used to do K&R vs. ANSI varargs/stdarg; just do things | Todd C. Miller | |
| the ANSI way. | |||
| 2002-03-09 | check tiflags instead of th as th might point to freed memory; pointed out | Niels Provos | |
| by wayne@stallion.oz.au; also whack register. | |||
| 2002-03-08 | use timeout(9) to schedule TCP timers. this avoid traversing all | Niels Provos | |
| tcp connections during tcp_slowtimo. apdapted from thorpej@netbsd.org | |||
| 2002-03-02 | disable immediate ack on TH_PUSH. make behaviour sysctl tuneable. | Niels Provos | |
| from netbsd; also fix a bug where setting TF_ACKNOW didn't actually result in an ack. | |||
| 2002-03-01 | remove tcp_fasttimo and convert delayed acks to the timeout(9) API instead. | Niels Provos | |
| adapated from netbsd. okay angelos@ | |||
| 2002-01-24 | allocate tcp reassembly queue via pool; based on netbsd; okay art@ angelos@ | Niels Provos | |
| 2002-01-15 | allocate sackholes with pool | Niels Provos | |
| 2002-01-14 | knf | Niels Provos | |
| 2002-01-14 | use macros to manage tcp timers; based on netbsd | Niels Provos | |
| 2001-07-07 | fix comment to make life easier for my special friend darren. | Niels Provos | |
| 2001-07-04 | Make preprocessor happier, don't give it untasty tokens at end of input. | Marc Espie | |
| Ok millert@ | |||
| 2001-06-24 | Save tdb_remote_auth on the PCB on latching; also save information on | Angelos D. Keromytis | |
| UDP PCB's if the socket is connected. | |||
| 2001-06-23 | Clear the checksum flags after verification. Also, don't count | Angelos D. Keromytis | |
| checksum errors as hardware checksum packets as well. | |||
| 2001-06-23 | Keep stats on TCP/UDP hardware checksumming. | Angelos D. Keromytis | |
| 2001-06-23 | TCP, UDP, IPv4 input hardware checksumming processing; also IPv4 | Angelos D. Keromytis | |
| output hardware checksumming. Not tested yet, but should be done tonight. Remain to be solved: interactions with bridge, TCP/UDP output checksumming, interactions of TCP/UDP checksumming with routing changes. | |||
| 2001-06-12 | IPsec-related socket options; these can be set/removed/retrieved, but | Angelos D. Keromytis | |
| are not taken into consideration in anything just yet. | |||
| 2001-06-08 | Cut down on include files. | Angelos D. Keromytis | |
| 2001-06-05 | repair copyright notices for NRL & cmetz; cmetz | Theo de Raadt | |
| 2001-05-27 | Also copy the authentication material to the new socket. | Angelos D. Keromytis | |
| 2001-05-27 | Update pointers to IPsec-related PCB information when allocating new | Angelos D. Keromytis | |
| PCB; store information from the TDB to the PCB, if it's not initialized, so processed can eventually retrieve it. | |||
| 2001-05-27 | Use the new IPsec tags. | Angelos D. Keromytis | |
| 2001-05-20 | Use packet tags instead of tdbi. | Angelos D. Keromytis | |
| 2001-05-12 | Less verbose; angelos@ ok | Aaron Campbell | |
| 2001-05-11 | Check m_pullup() and m_pullup2() return for NULL, not 0; itojun@ ok | Aaron Campbell | |
| 2001-05-01 | Typo in comment. | Aaron Campbell | |
| 2001-04-04 | do not check ip_mtudisc on IPv6 TCP. | Jun-ichiro itojun Hagino | |
| with IPv6 TCP PMTUD is mandatory, compute mss size accordingly. sync with kame | |||
| 2001-03-28 | Allow tdbi's to appear in mbufs throughout the stack; this allows | Angelos D. Keromytis | |
| security properties of the packets to be pushed up to the application (not done yet). Eventually, this will be turned into a packet attributes framework. Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS) does weird things with mbufs. | |||
| 2001-02-08 | witch raw ip6 socket code from NRL to kame. | Jun-ichiro itojun Hagino | |
| makes upgrades/code sharing much easier. | |||
| 2000-12-13 | more random tcp sequence numbers. okay deraadt@, angelos@ | Niels Provos | |
| 2000-12-11 | nuke #ifdef TCP6 (no longer supported). | Jun-ichiro itojun Hagino | |
| validate ICMPv6 too big messages (pmtud) based on pcb. we accept certain amount of non-validated ones, as IPv6 mandates ICMPv6 (so even for traffic from unconnected pcb, we need pmtud). sync with kame | |||
| 2000-10-14 | implement net.inet.tcp.rstppslimit. rate-limits outbound TCP RST traffic | Jun-ichiro itojun Hagino | |
| to less than N per 1 second. | |||
| 2000-10-11 | nuke inp_flags bits for controlling IPv4 mapped address. | Jun-ichiro itojun Hagino | |
| we don't support IPv4 mapped address, and there are inconsistent bit manipulation code so it's safer to nuke them. | |||
| 2000-09-25 | on expiry of pmtu route, retry higher mtu. okay angelos@ | Niels Provos | |
| 2000-09-23 | Angelos you forgot this one !! | Chris Cappuccio | |
| 2000-09-21 | calculate maxopd at the right place | Niels Provos | |
| 2000-09-20 | correctly calculate mss | Niels Provos | |
| 2000-09-19 | only free tdbi if IPSEC | Theo de Raadt | |
| 2000-09-19 | Lots and lots of changes. | Angelos D. Keromytis | |
| 2000-09-18 | fix compilation problem on systems w/o inet6. | Federico G. Schwindt | |
| 2000-09-18 | Path MTU discovery based on NetBSD but with the decision to use the DF | Niels Provos | |
| flag delayed to ip_output(). That halves the code and reduces most of the route lookups. okay deraadt@ | |||
| 2000-09-05 | various fixes to SACK and FACK from adesai@cisco.com, tomh@tomh.org and | Niels Provos | |
| osuga@mml.yrp.nttdocomo.co.jp | |||
| 2000-07-27 | be proactive about unspecified IPv6 source address. pcb layer uses | Jun-ichiro itojun Hagino | |
| unspecified address (::) to mean "unbounded" or "unconnected", and can be confused by packets from outside. use of :: as source is not documented well in IPv6 specification. not sure if it presents a real threat. the worst case scenario is a DoS against TCP listening socket: - outsider transmit TCP SYN with :: as IPv6 source - receiving side creates TCP control block with: local address = my addres remote address = :: (meaning "unconnected") state = SYN_RCVD note that SYN ACK will not be sent due to ip6_output() filter. this stays until it timeouts. - the TCP control block prevents listening TCP control block from being contacted (DoS). | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |