src - OpenBSD base system

Age	Commit message (Collapse)	Author
2001-04-10	allow host-to-host negotiations if no gateway has been specified.	Niels Provos
	from angelos@
2001-04-08	Typo. __IP_FIL_H__ -> __IP_FRAG_H__	smart

2001-04-07	Partial update to IPF 3.4.17; this fixes the VERY serious fragment	Federico G. Schwindt
	caching bug recently discussed in the ipfilter list. People using IPF is urged to sync with these changes.
2001-04-06	Move offsetof define into sys/param.h	Constantine Sapuntzakis

2001-04-04	do not check ip_mtudisc on IPv6 TCP.	Jun-ichiro itojun Hagino
	with IPv6 TCP PMTUD is mandatory, compute mss size accordingly. sync with kame
2001-03-30	Protect the IF_XXX macros in the callback routines with splimp(). Doh!	Angelos D. Keromytis
	Thanks to erik@ipunplugged.com
2001-03-28	tdb_inp -> (tdb_inp_in, tdb_inp_out)	Angelos D. Keromytis

2001-03-28	Allow tdbi's to appear in mbufs throughout the stack; this allows	Angelos D. Keromytis
	security properties of the packets to be pushed up to the application (not done yet). Eventually, this will be turned into a packet attributes framework. Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS) does weird things with mbufs.
2001-03-27	Fix a problem with how TDB timeouts were used in pfkeyv2.	Artur Grabowski
	When we allocated a tdb we did a timeout_add before a timeout_set. This was a problem in itself, but it shouldn't hurt too much. What did hurt was that we did a timeout_set after the timeout_add, timeout_set marked the timeout as not being on the timeout list and if we did a timeout_del (or timeout_add) later (before the timeout fired) we ended up with a chunk of freed memory on the timeout queue or maybe even dangling pointers (or a circular list). This should probably cure the timeout queue corruption some people were seeing lately.
2001-03-25	Protect KFREES by splnet and rearrange pointers. This fix interrupt	Grigoriy Orlov
	race between ipllog() and ipflog_read() which caused a memory leak and "Data modified on freelist" error. fgsch@ ok.
2001-03-25	A couple minor fixes to prevent use after free. Thanks to dawson and team ↵	Constantine Sapuntzakis
	for finding these. Ok angelos@
2001-03-23	Fix slow mbuf leak.	Angelos D. Keromytis

2001-03-18	enable pmtu by default	Niels Provos

2001-03-17	Handle ftp services that don't ask for a password, only a username.	Bob Beck
	This appears to be allowed by RFC and is apparently used by some banks in the netherlands (shudder). Patch courtesy Ramses de Beer <rbdebeer@yahoo.com>.
2001-03-15	include <machine/cpu.h>, since schednetisr needs to do a splsoftnet	Brandon Creighton

2001-03-15	convert SA expirations to the new timeouts.	Michael Shalayeff
	simplifies expirations handling a lot. tdb_exp_timeout and tdb_soft_timeout are made consistant throughout the code to be a relative time offsets, just like first_use timeouts. tested on singlehost isakmpd setup. lots of dangling spaces and tabs removed. angelos@ ok
2001-03-14	provide a random start for tcp timestamps; niels@ ok	Michael Shalayeff

2001-03-13	Force a new search for an SA if the latched one is deleted.	Angelos D. Keromytis

2001-03-07	More careful spl usage for the IPSEC case in ip_output(); from angelos@	Aaron Campbell

2001-03-07	Remove a bogus rtfree(); PR 1706	brian

2001-03-07	Missing SPL_X(); deraadt@ ok	Aaron Campbell

2001-03-06	Move the test for bogus packet length in udp_output() closer to the top of	Aaron Campbell
	the function. Previously it was possible for us to get stuck in splsoftnet() under certain situations. Bug reported by hunter@dg.net.ua, fix by me ok'd by deraadt@, provos@, angelos@.
2001-03-04	Store peer's credentials in TDB.	Angelos D. Keromytis

2001-03-03	on parse error of timestamp option, set parameter error offset correctly.	Jun-ichiro itojun Hagino

2001-03-03	drop packets with 127.0.0.0/8 in header field, if the packet is from outside.	Jun-ichiro itojun Hagino
	under RFC1122 sender rule 127.0.0.8 must not appear on the wire. count incidents by ipstat.ips_badaddr. sync with kame
2001-02-28	Pretty.	Angelos D. Keromytis

2001-02-28	Handle failures more gracefully.	Angelos D. Keromytis

2001-02-28	Keep the last packet sent or received that matched an SPD entry, and	Angelos D. Keromytis
	retransmit if we eventually have an SA setup for that policy.
2001-02-28	If net.inet.ipip.allow is set to 2, don't check for loopback address	Angelos D. Keromytis
	spoofing of encapsulated packets (useful for single-machinet testing of isakmpd)
2001-02-27	Remove superfluous printf in Angelos last commit	Niklas Hallqvist

2001-02-20	tighten IPv4 option header processing (we may want to do more).	Jun-ichiro itojun Hagino
	reviewed by angelos.
2001-02-16	remove IPv6 case from udp_output. now we have separate udp6_output.	Jun-ichiro itojun Hagino

2001-02-16	pull in new pcb notification code from kame. better handling of scope address.	Jun-ichiro itojun Hagino

2001-02-16	amove in6_{embed,recover}scope prototypes to in6_var.h (kernel only).	Jun-ichiro itojun Hagino
	add in6_clearscope. sync better with kame
2001-02-16	sync whitespace/comment with kame. to help merge tasks	Jun-ichiro itojun Hagino

2001-02-12	putting #error into an include file is totally wrong	Theo de Raadt

2001-02-11	If IPSEC is defined but not CRYPTO, spit an error; angelos@ ok	Federico G. Schwindt

2001-02-09	Fix BPF support.	Angelos D. Keromytis

2001-02-08	witch raw ip6 socket code from NRL to kame.	Jun-ichiro itojun Hagino
	makes upgrades/code sharing much easier.
2001-02-07	allow gif-less compile	Michael Shalayeff

2001-02-07	by default, don't bark on inbound ND messages, as outsider may be able to	Jun-ichiro itojun Hagino
	fill up /var with bogus packets. setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid ND packet and other occasions. improve icmp6 stats.
2001-02-06	ipf/ipnat check the securelevel in the original code, so don't do it twice.	Federico G. Schwindt
	Also remove uneeded definition of ICMP_UNREACH_FILTER_PROHIB; this isn't needed. Why keep adding things to make diffs harder?
2001-02-06	- bridge_input() expects to be called at splnet(), not splsoftnet()	Jason Wright
	- add a bit more debugging (controlled by ENCDEBUG and encdebug) - turn off several more m_flags that may have been set by the higher layers (so any sharing of mbuf's in the return direction doesn't confuse the upper layers)
2001-02-06	allow changing number of loopbacks in ukc.	Michael Shalayeff
	change rest of the code to use lo0ifp pointing to the corresponding struct ifnet. itojun@ and niklas@ ok
2001-02-05	with a bunch of encapsulation layers, eg. (IPsec+IP+EtherIP+ether_header),	Jason Wright
	the arp data will not necessarily be in the first mbuf: add m_pullup()'s to make it so.
2001-02-03	- define and use EtherIP version 3 (2 byte padded header instead of the	Jason Wright
	single byte header used in V2), and drop support for V2. - that done, remove some of the buffer copies that were used as alignment shims
2001-02-03	KNF	Jason Wright

2001-02-02	a quick checkpoint:	Jason Wright
	- add a struct etherip_header (will make switching protocol versions a bit easier and give a base for aligning things correctly) - fix the version/reserved field checking for good this time - don't need to m_copydata to grab the first byte of an mbuf that you know has t hat byte - m_adj() instead of homebrew - fix M_MCAST/M_BCAST setting (cut/pasto) - if_imcasts was being updated on the wrong interface
2001-02-01	grr, don't forget to change the reserved field to the upper 4 bits of the ↵	Jason Wright
	header.
2001-02-01	according to the draft-housley-etherip-01, the version is in the low order	Jason Wright
	4 bits of the header