| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2000-09-22 | Move the PI_MAGIC define outside the INET6 ifdef block (doh!) | Angelos D. Keromytis | |
| 2000-09-22 | fix my bug dating back to february the 14th of 1998, | Michael Shalayeff | |
| when those wildcard interfaces came up, which were usefull at the times. on the other hand here it is, one cannot bind to the broadcast address, and angelos says ok. | |||
| 2000-09-21 | calculate maxopd at the right place | Niels Provos | |
| 2000-09-20 | Add IDENTITY payloads to flow establishment (and cleanup accordingly) | Angelos D. Keromytis | |
| -- this will address one of itojun's question on how are IDs for IKE to be determined (need to add support for this to ipsecadm). | |||
| 2000-09-20 | Don't use LOOPBACK addresses when trying to determine source address | Angelos D. Keromytis | |
| to use in locally-generated ICMP messages (thanks to fcusack@fcusack.com) | |||
| 2000-09-20 | remove unused code | Niels Provos | |
| 2000-09-20 | correctly calculate mss | Niels Provos | |
| 2000-09-20 | fix in_pcbrtentry | Niels Provos | |
| 2000-09-19 | only free tdbi if IPSEC | Theo de Raadt | |
| 2000-09-19 | SA bundles. | Angelos D. Keromytis | |
| 2000-09-19 | Lots and lots of changes. | Angelos D. Keromytis | |
| 2000-09-18 | fix compilation problem on systems w/o inet6. | Federico G. Schwindt | |
| 2000-09-18 | Path MTU discovery based on NetBSD but with the decision to use the DF | Niels Provos | |
| flag delayed to ip_output(). That halves the code and reduces most of the route lookups. okay deraadt@ | |||
| 2000-09-17 | Drop dubious ESP/AH packets without crashing (thanks to dr@kyx.net and | Angelos D. Keromytis | |
| mfranz@cisco.com for finding the problem). | |||
| 2000-09-07 | New timeouts. | Artur Grabowski | |
| 2000-09-05 | various fixes to SACK and FACK from adesai@cisco.com, tomh@tomh.org and | Niels Provos | |
| osuga@mml.yrp.nttdocomo.co.jp | |||
| 2000-08-19 | - upgrade icmp6 node information query support to 06 draft. | Jun-ichiro itojun Hagino | |
| - pedant: possible alignment issue in ALIGN > 8 arch (should be okay for now) (sync with kame) | |||
| 2000-08-10 | Whoops. Reapply Aaron's detach code fix. inadvertantly whacked in the | Kjell Wooding | |
| 3.3.18 import. | |||
| 2000-08-10 | Import ipf 3.3.18. Fixes more problems with the in-kernel FTP proxy, | Kjell Wooding | |
| some nat state bugs, and ups the default state table size. See sbin/ipf/HISTORY for details. | |||
| 2000-08-04 | One parenthesis too many. | Angelos D. Keromytis | |
| 2000-08-04 | Worked out the logic (thanks to pt98asp@student.hk-r.se and | Angelos D. Keromytis | |
| pt98kfr@student.hk-r.se -- I still don't know why rev1.5 didn't work). | |||
| 2000-08-03 | Back to the submitted patch -- this needs more investigation. | Angelos D. Keromytis | |
| 2000-08-03 | typo in #define. ICMP6_NI_SUCESS -> SUCCESS. | Jun-ichiro itojun Hagino | |
| 2000-08-03 | Don't even need to reset ip_sum, if we're not going to compute it here | Angelos D. Keromytis | |
| but in ip_output() | |||
| 2000-08-03 | Avoid unnecessary call to in_cksum(). | Angelos D. Keromytis | |
| 2000-08-03 | In fact, this is the correct behaviour (or I'm going crazy). | Angelos D. Keromytis | |
| 2000-08-03 | Careful with ip_off | Angelos D. Keromytis | |
| 2000-08-03 | Zeroize ip_sum before computing checksum (just general paranoia). | Angelos D. Keromytis | |
| 2000-08-03 | Correct handling of ip_off (askk@rsn.hk-r.se) | Angelos D. Keromytis | |
| 2000-07-29 | Don't set the source IP address if doing multicast; this is a quick | Angelos D. Keromytis | |
| fix -- the logic has to be reworked to allow for multicast-over-IPsec. Patch from gene@lucky.net. | |||
| 2000-07-27 | raw6/udp6 sockets are okay with :: in src. | Jun-ichiro itojun Hagino | |
| 2000-07-27 | be proactive about unspecified IPv6 source address. pcb layer uses | Jun-ichiro itojun Hagino | |
| unspecified address (::) to mean "unbounded" or "unconnected", and can be confused by packets from outside. use of :: as source is not documented well in IPv6 specification. not sure if it presents a real threat. the worst case scenario is a DoS against TCP listening socket: - outsider transmit TCP SYN with :: as IPv6 source - receiving side creates TCP control block with: local address = my addres remote address = :: (meaning "unconnected") state = SYN_RCVD note that SYN ACK will not be sent due to ip6_output() filter. this stays until it timeouts. - the TCP control block prevents listening TCP control block from being contacted (DoS). | |||
| 2000-07-12 | remove m_pulldown statistics, which is highly experimental | Jun-ichiro itojun Hagino | |
| 2000-07-11 | Correctly handle ip_off; angelos@ | Todd C. Miller | |
| 2000-07-11 | forgot to reset rscale | Niels Provos | |
| 2000-07-11 | compute correct window scale when recvpipe option is set in route; based | Niels Provos | |
| on diff from "Pete Kazmier" <pete@kazmier.com> | |||
| 2000-07-09 | be more cautious about tcp option length field. drop bogus ones earlier. | Jun-ichiro itojun Hagino | |
| not sure if there is a real threat or not, but it seems that there's possibility for overrun/underrun (like non-NOP option with optlen > cnt). | |||
| 2000-07-06 | Move domain.h above so this compiles again. | Federico G. Schwindt | |
| Remove netinet.h within ifdef INET6; this is already included. | |||
| 2000-07-06 | - more icmp6/ip6 stats. | Jun-ichiro itojun Hagino | |
| - protect IPv6 ND from being hosed (due to neighbor unreachability detection hint) by wrong tcp traffic. still not sure if there's real attack, but it is good to be cautious. - avoid bitfield for router renumbering header decl. - implement packet-per-sec limitation for icmp6 errors, turn interval limit off (it is not very useful due to unix timer resolution). | |||
| 2000-07-06 | completely remove ipv4 mapped cases from tcp_input(). | Jun-ichiro itojun Hagino | |
| cleanup (indentation, v4-or-v6 conditions) | |||
| 2000-07-05 | more cleanup for IPv4 mapped address support. there seem to be some | Jun-ichiro itojun Hagino | |
| inconsistency in corner cases (from NRL I believe). todd (fries) and I have seen panic, with the following call chain: ip6_input -> tcp_input -> tcp_respond -> ip_input -> bang! more cleanups should be done, to decrease complexity. for example, INP_IPV6_MAPPED should be nuked. | |||
| 2000-07-03 | Make nat_ifdetach() actually work; beck@ ok | Aaron Campbell | |
| 2000-06-26 | Make the definition of tcpstat in tcp_var.h extern. | Artur Grabowski | |
| 2000-06-22 | Convert arptimer to new timeouts. | Artur Grabowski | |
| 2000-06-21 | Fix gateway function; ok angelos@ | Oleg Safiullin | |
| angelos, be more careful :) | |||
| 2000-06-20 | Remove static from arptimer so that "show callout" in ddb shows the right | Artur Grabowski | |
| function. | |||
| 2000-06-20 | do not play with rcvif, if the traffic is non-IPv4. | Jun-ichiro itojun Hagino | |
| by setting rcvif to enc*, we break IPv6 scope considerations. | |||
| 2000-06-20 | try to cope with AH6 with scoped address case better. | Jun-ichiro itojun Hagino | |
| 2000-06-20 | Big oops on my previous commit, broke gateway function; patch from | Angelos D. Keromytis | |
| form@openbsd.ru | |||
| 2000-06-19 | correct header chasing code. take care of AH length. | Jun-ichiro itojun Hagino | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |