| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2001-05-27 | Reset pkthdr on old mbuf head. | Angelos D. Keromytis | |
| 2001-05-27 | And clear the M_PKTHDR flag. | Angelos D. Keromytis | |
| 2001-05-27 | Copy tags to first mbuf. | Angelos D. Keromytis | |
| 2001-05-27 | Placeholders for the new socket options. | Angelos D. Keromytis | |
| 2001-05-27 | Add some IPsec-related IP-level socket options. | Angelos D. Keromytis | |
| 2001-05-27 | Remove ipsp_copy_ident() prototype. | Angelos D. Keromytis | |
| 2001-05-27 | ipsp_copy_ident() no longer needed. | Angelos D. Keromytis | |
| 2001-05-27 | Also copy the authentication material to the new socket. | Angelos D. Keromytis | |
| 2001-05-27 | Free IPsec authentication material on PCB tear down. | Angelos D. Keromytis | |
| 2001-05-27 | Keep local authentication material on the PCB. | Angelos D. Keromytis | |
| 2001-05-27 | Probably a good idea to pass the NULL to the correct function... | Angelos D. Keromytis | |
| 2001-05-27 | If we are passed a packet tag, it's an IPSEC_IN_CRYPTO_DONE so convert | Angelos D. Keromytis | |
| it to IPSEC_IN_DONE, rather than adding a new one. | |||
| 2001-05-27 | Pass a NULL packet tag for now to ipsp_common_input_cb(). | Angelos D. Keromytis | |
| 2001-05-27 | Change prototype of ipsp_common_input_cb() to also accept a packet tag | Angelos D. Keromytis | |
| as the last argument. | |||
| 2001-05-27 | Forgot to convert this tag. | Angelos D. Keromytis | |
| 2001-05-27 | Update pointers to IPsec-related PCB information when allocating new | Angelos D. Keromytis | |
| PCB; store information from the TDB to the PCB, if it's not initialized, so processed can eventually retrieve it. | |||
| 2001-05-27 | Remove unnecessary XXX comment. | Angelos D. Keromytis | |
| 2001-05-27 | Remove unnecessary comment. | Angelos D. Keromytis | |
| 2001-05-27 | New tags. | Angelos D. Keromytis | |
| 2001-05-27 | Use the new IPsec tags. | Angelos D. Keromytis | |
| 2001-05-25 | recover old acecept(2) behavior (no ECONNABORTED) for unix domain socket. | Jun-ichiro itojun Hagino | |
| it is to be friendly with postfix daemon-to-daemon communication (not 100% sure if which behavior is correct, specwise). patch similar to netbsd. | |||
| 2001-05-24 | Check return values (tedu@heorot.stanford.edu) | Angelos D. Keromytis | |
| 2001-05-22 | Add an IPSEC_NEEDED tag if SKIPCRYPTO is set in the TDB | Angelos D. Keromytis | |
| 2001-05-22 | Simplify option printing. ok deraadt@ | Angelos D. Keromytis | |
| 2001-05-21 | SKIPCRYPTO flag | Angelos D. Keromytis | |
| 2001-05-21 | Cosmetic. | Angelos D. Keromytis | |
| 2001-05-21 | Use int16_t for the type and length of ipsec_ref objects. | Angelos D. Keromytis | |
| 2001-05-21 | Use a reference-counted structure for IPsec IDs and credentials, so we | Angelos D. Keromytis | |
| can cheaply keep copies of them at the PCB. ok deraadt@ | |||
| 2001-05-20 | Remove varargs from ipv4_input; cmetz@ deraadt@ ok. | Federico G. Schwindt | |
| 2001-05-20 | Use packet tags instead of tdbi. | Angelos D. Keromytis | |
| 2001-05-20 | Record outgoing SA processing, do loop detection. | Angelos D. Keromytis | |
| 2001-05-20 | Use packet tags to signal input IPsec processing to upper layer protocols. | Angelos D. Keromytis | |
| 2001-05-17 | convert mbuf and cluster allocation to pool, mostly from NetBSD | Niels Provos | |
| okay art@ miod@ | |||
| 2001-05-16 | No need to check M_WAIT/M_WAITOK malloc return values. (art@ ok) | Hakan Olsson | |
| 2001-05-16 | Don't clobber ip_sum; ip_output always sets this to 0 before calling | Federico G. Schwindt | |
| in_cksum so it's not needed here; itojun@ ok. This makes the ip_sum available in ipfilter. | |||
| 2001-05-15 | Accept ARP packet coming from bridge interface without IP address | Grigoriy Orlov | |
| configured. But deny such a packet if it coming on "wrong" bridge. Reported and tested by form@ ho@, jason@ Ok. | |||
| 2001-05-13 | initial cut at /dev/crypto support. takes original mbuf "try, and discard | Theo de Raadt | |
| if we fail" semantics and extends to two varients of data movement: mbuf, or an iovec style block. | |||
| 2001-05-12 | Less verbose; angelos@ ok | Aaron Campbell | |
| 2001-05-12 | Move bzero() after test for correct allocation (jj@wabbitt.org) | Angelos D. Keromytis | |
| 2001-05-11 | Check m_pullup() and m_pullup2() return for NULL, not 0; itojun@ ok | Aaron Campbell | |
| 2001-05-08 | Fix realloc possible leak; this is userland, not kernel; reported by | Federico G. Schwindt | |
| Ted U <grendel@heorot.stanford.edu>. | |||
| 2001-05-08 | When `dup-to if:addr' clause is used, be sure to rewrite the dest addr | Federico G. Schwindt | |
| with the one supplied; fix by ericj@, darrenr notified. | |||
| 2001-05-08 | IPfilter 3.4.17; kjell@ deraadt@ ok. | Federico G. Schwindt | |
| 2001-05-05 | Check that SAs also match on the credentials and the IDs. This means | Angelos D. Keromytis | |
| that flows with different source/destination ID requirements will cause different SAs to be established by IKE (or whatever other protocol). Also, use the new data types for allocated memory. | |||
| 2001-05-01 | Fix tcp_signature_tdb_input decl; kernel compiles again if TCP_SIGNATURE | Federico G. Schwindt | |
| option is used. Note that this does not work. | |||
| 2001-05-01 | get rid of dtom(), okay itojun@ angelos@ mickey@ millert@ | Niels Provos | |
| 2001-05-01 | Typo in comment. | Aaron Campbell | |
| 2001-04-23 | Missing splx in error handling. | Artur Grabowski | |
| 2001-04-22 | Fix spl handling in ipfilter ioctl interface. Work by aaron@ and me. | Grigoriy Orlov | |
| Problem was reported by DK <obsd@snti.com> as kernel panic loading ipa - "WARNING: SPL NOT LOWERED ON SYSCALL EXIT". deraadt@ ok. | |||
| 2001-04-14 | Minor changes, preparing for real socket-attached TDBs; also, more | Angelos D. Keromytis | |
| information will be stored in the TDB. ok ho@ provos@ | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |