summaryrefslogtreecommitdiff
path: root/sys/netinet
AgeCommit message (Collapse)Author
2000-12-24Extra argument in the function to tdb_walk(), indicating last TDB.Angelos D. Keromytis
2000-12-21correct ipv6 path mtu discovery.Jun-ichiro itojun Hagino
2000-12-18Minor sanity check.Angelos D. Keromytis
2000-12-15send expire messages also for sa's that do not have been used.Niels Provos
okay angelos@
2000-12-14Compile in non-INET6 kernels.Angelos D. Keromytis
2000-12-14Always look for a suitable TDB if the gateway is left unspecified.Angelos D. Keromytis
2000-12-13more random tcp sequence numbers. okay deraadt@, angelos@Niels Provos
2000-12-12a few more icmp types/codes; itojun@ ok (awhile ago ;)Michael Shalayeff
2000-12-12only disable path mtu for established connections that have data to send.Niels Provos
2000-12-11turn off path mtu when icmp needfrag messages get blocked, okay itojun@Niels Provos
2000-12-11nuke #ifdef TCP6 (no longer supported).Jun-ichiro itojun Hagino
validate ICMPv6 too big messages (pmtud) based on pcb. we accept certain amount of non-validated ones, as IPv6 mandates ICMPv6 (so even for traffic from unconnected pcb, we need pmtud). sync with kame
2000-12-09remove duplicated def of INET_ADDRSTRLEN.Jun-ichiro itojun Hagino
2000-12-03Fix fastroute-related panic, fixes PR 1541 (cas@trans-nt.com)Angelos D. Keromytis
2000-11-27Style. Parts of xcast handling needs more thought. (provos@ ok)Hakan Olsson
2000-11-27Be more careful with ARP. Fix PR#1490. From gluk@ptci.ruHakan Olsson
2000-11-17All-1s addresses as policy destinations is also reserved for futureAngelos D. Keromytis
use (policy discovery).
2000-11-17*HMAC96->*HMACAngelos D. Keromytis
2000-11-10seperate -> separate, okay aaron@Niels Provos
2000-11-07initialize tdb pointer correctly, from Jean-Jacques.Bernard@hsc.frNiels Provos
2000-10-25Do not null deref in the IPSEC+PMTU case; provos@ ok. Thanks toAaron Campbell
andrews@crt.se for testing.
2000-10-18Fix compile error if lacking -DINET6Chris Cappuccio
2000-10-17icmp rate limiting defaults to 100ppsNiels Provos
2000-10-14ASKPOLICY message; used by key management to inquire about policyAngelos D. Keromytis
triggering an ACQUIRE.
2000-10-14implement net.inet.tcp.rstppslimit. rate-limits outbound TCP RST trafficJun-ichiro itojun Hagino
to less than N per 1 second.
2000-10-13validate mbuf chain length on *_ctlinput. remote node may be able toJun-ichiro itojun Hagino
transmit a truncated icmp6 packet and panic the system. sync with kame.
2000-10-13make sure we don't share external mbuf between m and mcopy, in ip_forward().Jun-ichiro itojun Hagino
NetBSD PR 11201.
2000-10-11nuke inp_flags bits for controlling IPv4 mapped address.Jun-ichiro itojun Hagino
we don't support IPv4 mapped address, and there are inconsistent bit manipulation code so it's safer to nuke them.
2000-10-10little bit of sync with kame ($KAME, s/u_char/u_int8_t/)Jun-ichiro itojun Hagino
2000-10-10verify payload of the icmp need fragment message at the tcp layer. okay itojun@Niels Provos
2000-10-10bring in icmp rate limitation code.Jun-ichiro itojun Hagino
make icmp6 rate limitation to latest (uses ppsratecheck only). (sync with netbsd) TODO: tcp SYN rate limit?
2000-10-09AES support.Angelos D. Keromytis
2000-10-09check if we have a tcb connected to the destination quoted in the icmp needNiels Provos
fragment message when doing path mtu discovery. okay angelos@
2000-10-06remove now-obsolete SIOCSIFPHY* handling in in{6,}_control.Jun-ichiro itojun Hagino
sync with kame.
2000-09-29Make sure there's enough data on the mbuf for the TCP/UDP ports (ifAngelos D. Keromytis
applicable) -- bug located thanks to a crashdump from HJungheim@vpnet.com
2000-09-29Outgoing packets that hit IPsec will be IPF/IPNAT processed as well onAngelos D. Keromytis
the enc* interface, usually enc0; cedric@wireless-networks.com
2000-09-27Fix checking for incoming packets when the remote gateway has beenAngelos D. Keromytis
fully specified in the flow.
2000-09-26Update to previous fix on ICMP messages coming on unnumberedAngelos D. Keromytis
interfaces: rather than picking *some* non-loopback IP address, do a routing lookup and use as source IP address the address of the outgoing interface. A nice side effect of this is that ICMPs generated as a result of packets received over IPsec will, in the common case, end up going back over IPsec (depends on what the SPD looks like of course). Thanks to fcusack@fcusack.com for testing and commenting on this.
2000-09-25on expiry of pmtu route, retry higher mtu. okay angelos@Niels Provos
2000-09-23Angelos you forgot this one !!Chris Cappuccio
2000-09-22Move the PI_MAGIC define outside the INET6 ifdef block (doh!)Angelos D. Keromytis
2000-09-22fix my bug dating back to february the 14th of 1998,Michael Shalayeff
when those wildcard interfaces came up, which were usefull at the times. on the other hand here it is, one cannot bind to the broadcast address, and angelos says ok.
2000-09-21calculate maxopd at the right placeNiels Provos
2000-09-20Add IDENTITY payloads to flow establishment (and cleanup accordingly)Angelos D. Keromytis
-- this will address one of itojun's question on how are IDs for IKE to be determined (need to add support for this to ipsecadm).
2000-09-20Don't use LOOPBACK addresses when trying to determine source addressAngelos D. Keromytis
to use in locally-generated ICMP messages (thanks to fcusack@fcusack.com)
2000-09-20remove unused codeNiels Provos
2000-09-20correctly calculate mssNiels Provos
2000-09-20fix in_pcbrtentryNiels Provos
2000-09-19only free tdbi if IPSECTheo de Raadt
2000-09-19SA bundles.Angelos D. Keromytis
2000-09-19Lots and lots of changes.Angelos D. Keromytis
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-15 20:08:04 +0000