| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2002-05-31 | Socket-specific IPsec policy. | Angelos D. Keromytis | |
| 2002-03-15 | Kill #if __STDC__ used to do K&R vs. ANSI varargs/stdarg; just do things | Todd C. Miller | |
| the ANSI way. | |||
| 2002-03-14 | First round of __P removal in sys | Todd C. Miller | |
| 2001-06-25 | Defer output checksumming until ip_output() or hardware. | Angelos D. Keromytis | |
| 2001-06-25 | Use in_cksum_phdr() rather than in_cksum() -- from NetBSD | Angelos D. Keromytis | |
| 2001-06-24 | Remove printfs, fix comment typos. | Angelos D. Keromytis | |
| 2001-06-24 | Save tdb_remote_auth on the PCB on latching; also save information on | Angelos D. Keromytis | |
| UDP PCB's if the socket is connected. | |||
| 2001-06-23 | Clear the checksum flags after verification. Also, don't count | Angelos D. Keromytis | |
| checksum errors as hardware checksum packets as well. | |||
| 2001-06-23 | Remove unneeded ip_id convertions. | Federico G. Schwindt | |
| Instead of using HTONS macro in some places, use htons directly in the struct member and save us a few bytes. Fix comment. | |||
| 2001-06-23 | Likewise, only use outgoing TCP/UDP hardware checksumming if the | Angelos D. Keromytis | |
| interface is not in bridge mode. | |||
| 2001-06-23 | Keep stats on TCP/UDP hardware checksumming. | Angelos D. Keromytis | |
| 2001-06-23 | TCP/UDP hardware checksumming. Untested, since txp dies when it tries | Angelos D. Keromytis | |
| to compute the checksums. Still, it shouldn't affect anything. | |||
| 2001-06-23 | Initialize only if no hardware checksumming. | Angelos D. Keromytis | |
| 2001-06-23 | TCP, UDP, IPv4 input hardware checksumming processing; also IPv4 | Angelos D. Keromytis | |
| output hardware checksumming. Not tested yet, but should be done tonight. Remain to be solved: interactions with bridge, TCP/UDP output checksumming, interactions of TCP/UDP checksumming with routing changes. | |||
| 2001-06-19 | mop up after angelos | Theo de Raadt | |
| 2001-06-08 | Cut down on include files. | Angelos D. Keromytis | |
| 2001-06-05 | repair copyright notices for NRL & cmetz; cmetz | Theo de Raadt | |
| 2001-05-27 | Remove unnecessary comment. | Angelos D. Keromytis | |
| 2001-05-27 | Use the new IPsec tags. | Angelos D. Keromytis | |
| 2001-05-20 | Use packet tags instead of tdbi. | Angelos D. Keromytis | |
| 2001-05-11 | Check m_pullup() and m_pullup2() return for NULL, not 0; itojun@ ok | Aaron Campbell | |
| 2001-03-28 | Allow tdbi's to appear in mbufs throughout the stack; this allows | Angelos D. Keromytis | |
| security properties of the packets to be pushed up to the application (not done yet). Eventually, this will be turned into a packet attributes framework. Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS) does weird things with mbufs. | |||
| 2001-03-06 | Move the test for bogus packet length in udp_output() closer to the top of | Aaron Campbell | |
| the function. Previously it was possible for us to get stuck in splsoftnet() under certain situations. Bug reported by hunter@dg.net.ua, fix by me ok'd by deraadt@, provos@, angelos@. | |||
| 2001-02-16 | remove IPv6 case from udp_output. now we have separate udp6_output. | Jun-ichiro itojun Hagino | |
| 2001-02-16 | pull in new pcb notification code from kame. better handling of scope address. | Jun-ichiro itojun Hagino | |
| 2000-12-11 | nuke #ifdef TCP6 (no longer supported). | Jun-ichiro itojun Hagino | |
| validate ICMPv6 too big messages (pmtud) based on pcb. we accept certain amount of non-validated ones, as IPv6 mandates ICMPv6 (so even for traffic from unconnected pcb, we need pmtud). sync with kame | |||
| 2000-10-13 | validate mbuf chain length on *_ctlinput. remote node may be able to | Jun-ichiro itojun Hagino | |
| transmit a truncated icmp6 packet and panic the system. sync with kame. | |||
| 2000-10-11 | nuke inp_flags bits for controlling IPv4 mapped address. | Jun-ichiro itojun Hagino | |
| we don't support IPv4 mapped address, and there are inconsistent bit manipulation code so it's safer to nuke them. | |||
| 2000-09-22 | Move the PI_MAGIC define outside the INET6 ifdef block (doh!) | Angelos D. Keromytis | |
| 2000-09-19 | Lots and lots of changes. | Angelos D. Keromytis | |
| 2000-07-27 | raw6/udp6 sockets are okay with :: in src. | Jun-ichiro itojun Hagino | |
| 2000-07-27 | be proactive about unspecified IPv6 source address. pcb layer uses | Jun-ichiro itojun Hagino | |
| unspecified address (::) to mean "unbounded" or "unconnected", and can be confused by packets from outside. use of :: as source is not documented well in IPv6 specification. not sure if it presents a real threat. the worst case scenario is a DoS against TCP listening socket: - outsider transmit TCP SYN with :: as IPv6 source - receiving side creates TCP control block with: local address = my addres remote address = :: (meaning "unconnected") state = SYN_RCVD note that SYN ACK will not be sent due to ip6_output() filter. this stays until it timeouts. - the TCP control block prevents listening TCP control block from being contacted (DoS). | |||
| 2000-06-18 | sync with KAME udp6_output(). udp output logic is very different between | Jun-ichiro itojun Hagino | |
| IPv4/v6 so the separation should make more sense. TODO: remove IPv6 case from udp_output() TODO: remove/comment out/#if 0 IPv4 mapped address cases | |||
| 2000-06-13 | comment out flowinfo manipulation on inbound. the spec is not very clear. | Jun-ichiro itojun Hagino | |
| 2000-06-13 | avoid mbuf leak on non-matching ifp/sockaddr | Jun-ichiro itojun Hagino | |
| 2000-06-13 | on UDPv6 sendto, correctly set oifp. | Jun-ichiro itojun Hagino | |
| 2000-06-13 | allow link-local IPv6 addres in in6_pcbbind. | Jun-ichiro itojun Hagino | |
| 2000-04-09 | Pass ip_off and ip_len in the correct byte order to icmp_error(); this | Angelos D. Keromytis | |
| should fix the crash problems with isic, reported last week. | |||
| 2000-02-18 | fix alignment problem in ancillary data (alpha). | Jun-ichiro itojun Hagino | |
| only ipv6 tools (which touches ancillary data) are affected. From: =?iso-8859-1?Q?G=F6ran_Bengtson?= <goeran@cdg.chalmers.se> | |||
| 2000-02-07 | fix include file path related to ip6. | Jun-ichiro itojun Hagino | |
| 2000-01-07 | Early check for destination port 0 (itojun@) | Angelos D. Keromytis | |
| 2000-01-04 | keep paren match. | Jun-ichiro itojun Hagino | |
| 2000-01-04 | remove support for v4 mapped address completely. | Jun-ichiro itojun Hagino | |
| 1999-12-31 | be sure to cleanup "opts" pointer on multicast udp packet reception. | Jun-ichiro itojun Hagino | |
| 1999-12-21 | be paranoid about malicious use of v4 mapped addr on v6 packet. | Jun-ichiro itojun Hagino | |
| malicious party may try to use v4 mapped addr as source/dest to confuse tcp/udp layer, or to bypass security checks, for example, naive stack can mistakingly think a packet with src = ::ffff:127.0.0.1 is from local node. (sync with kame) | |||
| 1999-12-19 | reject AF mismatch for inbonud multicast traffic. | Jun-ichiro itojun Hagino | |
| 1999-12-17 | do not accept IPv4 traffic by AF_INET6 socket. IPv4 mapped address is | Jun-ichiro itojun Hagino | |
| bad for access controls. (quickhack fix, need sysctl/setsockopt knob to enable this functionality) | |||
| 1999-12-12 | fix IPv6 advanced API (RFC2292) for udp socket. | Jun-ichiro itojun Hagino | |
| TODO: ditto for raw and tcp socket | |||
| 1999-12-08 | bring in KAME IPv6 code, dated 19991208. | Jun-ichiro itojun Hagino | |
| replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details. GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon). | |||
| 1999-11-04 | Add comment about gettdb() and spl level. | Hakan Olsson | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |