| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2001-05-22 | Simplify option printing. ok deraadt@ | Angelos D. Keromytis | |
| 2001-05-21 | SKIPCRYPTO flag | Angelos D. Keromytis | |
| 2001-05-21 | Cosmetic. | Angelos D. Keromytis | |
| 2001-05-21 | Use int16_t for the type and length of ipsec_ref objects. | Angelos D. Keromytis | |
| 2001-05-21 | Use a reference-counted structure for IPsec IDs and credentials, so we | Angelos D. Keromytis | |
| can cheaply keep copies of them at the PCB. ok deraadt@ | |||
| 2001-05-20 | Remove varargs from ipv4_input; cmetz@ deraadt@ ok. | Federico G. Schwindt | |
| 2001-05-20 | Use packet tags instead of tdbi. | Angelos D. Keromytis | |
| 2001-05-20 | Record outgoing SA processing, do loop detection. | Angelos D. Keromytis | |
| 2001-05-20 | Use packet tags to signal input IPsec processing to upper layer protocols. | Angelos D. Keromytis | |
| 2001-05-17 | convert mbuf and cluster allocation to pool, mostly from NetBSD | Niels Provos | |
| okay art@ miod@ | |||
| 2001-05-16 | No need to check M_WAIT/M_WAITOK malloc return values. (art@ ok) | Hakan Olsson | |
| 2001-05-16 | Don't clobber ip_sum; ip_output always sets this to 0 before calling | Federico G. Schwindt | |
| in_cksum so it's not needed here; itojun@ ok. This makes the ip_sum available in ipfilter. | |||
| 2001-05-15 | Accept ARP packet coming from bridge interface without IP address | Grigoriy Orlov | |
| configured. But deny such a packet if it coming on "wrong" bridge. Reported and tested by form@ ho@, jason@ Ok. | |||
| 2001-05-13 | initial cut at /dev/crypto support. takes original mbuf "try, and discard | Theo de Raadt | |
| if we fail" semantics and extends to two varients of data movement: mbuf, or an iovec style block. | |||
| 2001-05-12 | Less verbose; angelos@ ok | Aaron Campbell | |
| 2001-05-12 | Move bzero() after test for correct allocation (jj@wabbitt.org) | Angelos D. Keromytis | |
| 2001-05-11 | Check m_pullup() and m_pullup2() return for NULL, not 0; itojun@ ok | Aaron Campbell | |
| 2001-05-08 | Fix realloc possible leak; this is userland, not kernel; reported by | Federico G. Schwindt | |
| Ted U <grendel@heorot.stanford.edu>. | |||
| 2001-05-08 | When `dup-to if:addr' clause is used, be sure to rewrite the dest addr | Federico G. Schwindt | |
| with the one supplied; fix by ericj@, darrenr notified. | |||
| 2001-05-08 | IPfilter 3.4.17; kjell@ deraadt@ ok. | Federico G. Schwindt | |
| 2001-05-05 | Check that SAs also match on the credentials and the IDs. This means | Angelos D. Keromytis | |
| that flows with different source/destination ID requirements will cause different SAs to be established by IKE (or whatever other protocol). Also, use the new data types for allocated memory. | |||
| 2001-05-01 | Fix tcp_signature_tdb_input decl; kernel compiles again if TCP_SIGNATURE | Federico G. Schwindt | |
| option is used. Note that this does not work. | |||
| 2001-05-01 | get rid of dtom(), okay itojun@ angelos@ mickey@ millert@ | Niels Provos | |
| 2001-05-01 | Typo in comment. | Aaron Campbell | |
| 2001-04-23 | Missing splx in error handling. | Artur Grabowski | |
| 2001-04-22 | Fix spl handling in ipfilter ioctl interface. Work by aaron@ and me. | Grigoriy Orlov | |
| Problem was reported by DK <obsd@snti.com> as kernel panic loading ipa - "WARNING: SPL NOT LOWERED ON SYSCALL EXIT". deraadt@ ok. | |||
| 2001-04-14 | Minor changes, preparing for real socket-attached TDBs; also, more | Angelos D. Keromytis | |
| information will be stored in the TDB. ok ho@ provos@ | |||
| 2001-04-10 | allow host-to-host negotiations if no gateway has been specified. | Niels Provos | |
| from angelos@ | |||
| 2001-04-08 | Typo. __IP_FIL_H__ -> __IP_FRAG_H__ | smart | |
| 2001-04-07 | Partial update to IPF 3.4.17; this fixes the *VERY* serious fragment | Federico G. Schwindt | |
| caching bug recently discussed in the ipfilter list. People using IPF is urged to sync with these changes. | |||
| 2001-04-06 | Move offsetof define into sys/param.h | Constantine Sapuntzakis | |
| 2001-04-04 | do not check ip_mtudisc on IPv6 TCP. | Jun-ichiro itojun Hagino | |
| with IPv6 TCP PMTUD is mandatory, compute mss size accordingly. sync with kame | |||
| 2001-03-30 | Protect the IF_XXX macros in the callback routines with splimp(). Doh! | Angelos D. Keromytis | |
| Thanks to erik@ipunplugged.com | |||
| 2001-03-28 | tdb_inp -> (tdb_inp_in, tdb_inp_out) | Angelos D. Keromytis | |
| 2001-03-28 | Allow tdbi's to appear in mbufs throughout the stack; this allows | Angelos D. Keromytis | |
| security properties of the packets to be pushed up to the application (not done yet). Eventually, this will be turned into a packet attributes framework. Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS) does weird things with mbufs. | |||
| 2001-03-27 | Fix a problem with how TDB timeouts were used in pfkeyv2. | Artur Grabowski | |
| When we allocated a tdb we did a timeout_add before a timeout_set. This was a problem in itself, but it shouldn't hurt too much. What did hurt was that we did a timeout_set after the timeout_add, timeout_set marked the timeout as not being on the timeout list and if we did a timeout_del (or timeout_add) later (before the timeout fired) we ended up with a chunk of freed memory on the timeout queue or maybe even dangling pointers (or a circular list). This should probably cure the timeout queue corruption some people were seeing lately. | |||
| 2001-03-25 | Protect KFREES by splnet and rearrange pointers. This fix interrupt | Grigoriy Orlov | |
| race between ipllog() and ipflog_read() which caused a memory leak and "Data modified on freelist" error. fgsch@ ok. | |||
| 2001-03-25 | A couple minor fixes to prevent use after free. Thanks to dawson and team ↵ | Constantine Sapuntzakis | |
| for finding these. Ok angelos@ | |||
| 2001-03-23 | Fix slow mbuf leak. | Angelos D. Keromytis | |
| 2001-03-18 | enable pmtu by default | Niels Provos | |
| 2001-03-17 | Handle ftp services that don't ask for a password, only a username. | Bob Beck | |
| This appears to be allowed by RFC and is apparently used by some banks in the netherlands (shudder). Patch courtesy Ramses de Beer <rbdebeer@yahoo.com>. | |||
| 2001-03-15 | include <machine/cpu.h>, since schednetisr needs to do a splsoftnet | Brandon Creighton | |
| 2001-03-15 | convert SA expirations to the new timeouts. | Michael Shalayeff | |
| simplifies expirations handling a lot. tdb_exp_timeout and tdb_soft_timeout are made consistant throughout the code to be a relative time offsets, just like first_use timeouts. tested on singlehost isakmpd setup. lots of dangling spaces and tabs removed. angelos@ ok | |||
| 2001-03-14 | provide a random start for tcp timestamps; niels@ ok | Michael Shalayeff | |
| 2001-03-13 | Force a new search for an SA if the latched one is deleted. | Angelos D. Keromytis | |
| 2001-03-07 | More careful spl usage for the IPSEC case in ip_output(); from angelos@ | Aaron Campbell | |
| 2001-03-07 | Remove a bogus rtfree(); PR 1706 | brian | |
| 2001-03-07 | Missing SPL_X(); deraadt@ ok | Aaron Campbell | |
| 2001-03-06 | Move the test for bogus packet length in udp_output() closer to the top of | Aaron Campbell | |
| the function. Previously it was possible for us to get stuck in splsoftnet() under certain situations. Bug reported by hunter@dg.net.ua, fix by me ok'd by deraadt@, provos@, angelos@. | |||
| 2001-03-04 | Store peer's credentials in TDB. | Angelos D. Keromytis | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |