summaryrefslogtreecommitdiff
path: root/sys/netinet
AgeCommit message (Collapse)Author
1999-09-03inet_ntoa4 should manage 4-calls, not just 2Hakan Olsson
1999-09-01increase tcp_iss incrementNiels Provos
1999-08-31correctly update window informationNiels Provos
1999-08-27more SACK hole validity testing; fix a tcp seq arithmetic bug. cmetz and me.Niels Provos
1999-08-27Disable SACK for now, it has problems, deraadt@Todd C. Miller
1999-08-26add an inner xor to make prediction attacks against the ids harder, dueNiels Provos
to an attack pointed out by David Wagner.
1999-08-10Add tdb_satype (PF_KEY SADB_SATYPE_<XXX>) to struct tdbHakan Olsson
1999-08-08undeclared variableNiklas Hallqvist
1999-08-08Fix cases when wanting to communicate with the bridge'Niklas Hallqvist
s remote interfaces, both ARP and local delivery had bugs
1999-08-08Support detaching of network interfaces. Still work to do in ipf, andNiklas Hallqvist
other families than inet.
1999-08-06back out all recent changes, which continue to be a source for nasty bugsTheo de Raadt
1999-08-05Add tdb_walk. tdb_delete() should clean up routes when deleting flows.Hakan Olsson
1999-08-02Ethernet, not 10 Mb/s EthernetTheo de Raadt
1999-07-28Moved the m_data/m_len shave of IP and TCP headers back to its originalcmetz
location, as attempts to do it differently have caused too many problems.
1999-07-22Revert to 1.21Niklas Hallqvist
1999-07-22Reintroduce rev 1.41 which brings us TCP signatures again, but this timeNiklas Hallqvist
hopefully without random kernel data corruption.
1999-07-18Prevent host on one interface from overwriting ARP route entry for aHakan Olsson
host on a different interface. Also add interface name to other overwrite diagnostic messages.
1999-07-18use proper CTheo de Raadt
1999-07-17revert tcp_input.c to before 07/01/1999 - this seems to solve the mysteriousNiels Provos
data corruptions and panics that people have experienced. by reverting we loose tcp signatures and ipv6 cleanups, the code looked correct to me.
1999-07-17A good hashing function for IPsec SAs that should remove the risksNiklas Hallqvist
of running out of memory when adding SPIs.
1999-07-15Protect better against rehashing make the kernel run out of resourcesNiklas Hallqvist
1999-07-15From angelos@, edits by me, demand keying for PF_KEYNiklas Hallqvist
1999-07-13correct non-STDC caseTheo de Raadt
1999-07-06ipsec_in_use could get out of sync. (Also niklas@. angelos@ ok)Hakan Olsson
1999-07-06Added support for TCP MD5 option (RFC 2385).cmetz
1999-07-06Fixed compilation problems when INET6 is enabled.cmetz
1999-07-06Removed bogus ifdef/define lines that resulted from an over-aggressive M-x.cmetz
1999-07-05remove bogus entry from if_enc address list; and rename enc_softc to encifTheo de Raadt
1999-07-03indentTheo de Raadt
1999-07-02rename SADB_foo_X_bar to SADB_X_foo_barTheo de Raadt
1999-07-02Fixed a #ifdef defined()... typo that turned into a compilation failure.cmetz
1999-07-02Significant cleanups in the way TCP is made to handle multiple networkcmetz
protocols. "struct tcpiphdr" is now gone from much of the code, as are separate pointers for ti and ti6. The result is fewer variables, which is generally a good thing. Simple if(is_ipv6) ... else ... tests are gone in favor of a switch(protocol family), which allows future new protocols to be added easily. This also makes it possible for someone so inclined to re-implement TUBA (TCP over CLNP?) and do it right instead of the kluged way it was done in 4.4. The TCP header template is now referenced through a mbuf rather than done through a data pointer and dtom()ed as needed. This is partly because dtom() is evil and partly because max_linkhdr + IPv6 + TCP + MSS/TS/SACK opts won't fit inside a packet header mbuf, so we need to grab a cluster for that (which the code now does, if needed).
1999-06-30remove final low-level crypto knowledge from base ipsec codeTheo de Raadt
1999-06-18split out transforms; some debugging done but there may still be bugs inTheo de Raadt
the new key init/zero functions
1999-06-15handle multicast packets inside ipf too; darrenTheo de Raadt
1999-06-11removed TCPCOOKIE support.pattonme
1999-06-07I do not believe thisTheo de Raadt
1999-06-07return a ICMP_UNREACH_PROTOCOL for protocols we do not support; discussion ↵Theo de Raadt
with cmetz
1999-06-07Fix use of uninitialized TDB hash table in tdb_delete(), introducedAngelos D. Keromytis
along with the dynamically-resized TDB table (report and fix suggestion by henric@ncal.verio.com)
1999-06-06Ident.Angelos D. Keromytis
1999-06-06avoid a future problem inside an #ifdef notyetTheo de Raadt
1999-06-04forgot to zero sunionNiels Provos
1999-05-24instead of dropping out of window SYNs, send an ACK and drop afterwards.Niels Provos
fixes a problem with NFS over TCP reported by Jason Thorpe, fix from klm@netbsd.org
1999-05-23SA hash table resizingNiklas Hallqvist
1999-05-20Fix a bug where the ordered expiration list could get out of order. AddNiklas Hallqvist
invariant checking of the lists when DIAGNOSTIC compiled. Extend the critical region to cover all of tdb_expiration so the tdb won't disappear behind our back.
1999-05-16Don't judge locally generated tunnel packets as spoof attempts. indent.Niklas Hallqvist
1999-05-16spltdb introduced, protection for tdb lists and related structures, soNiklas Hallqvist
they won't disappear behind our back by an expiration. Cleanup expiration logic too.
1999-05-16Add support for static ARP entries that cannot be overwritten.Hakan Olsson
Ordinary static ARPs that are overwritten will no longer still be static.
1999-05-14A new scalable IPsec SA expiration model.Niklas Hallqvist
1999-05-12Obvious pastoNiklas Hallqvist