summaryrefslogtreecommitdiff
path: root/sys/netinet
AgeCommit message (Collapse)Author
1998-10-28- fix three bugs pointed out in Stevens, i.a. updating timestamps correctlyNiels Provos
- fix a 4.4bsd-lite2 bug, when tcp options are present the maximum segment size is not updated correctly, so that fast recovery forces out a segment which is split in two segments by tcp_output(), the fix is adpated from FreeBSD, the effective mss is recorded after option negotiation in 3way handshake. [I was able to fix this on time spent at Center for Information Technology Integration (citi.umich.edu)]
1998-10-13Remove NULL deref conditionNiklas Hallqvist
1998-10-11bad ioctls return EINVAL; garath@code.ridgefield.orgTheo de Raadt
1998-09-15Updated to v3.2.9 of Darren's codebase. His code reimplements variablepattonme
locking, replaces u_long's with u_32_t to properly handle 64bit archs. Wrapped OpenBSD specific preprocessor logic.
1998-09-09Make RMD160Update a little less overzealous when fed small crumbs.janjaap
1998-08-02cleanup ipsec error handlingNiels Provos
1998-08-01more careful error handling, some simplification and beautification.Niels Provos
1998-07-30fixing a stupid bug I introduced when trying to improve the encryptionNiels Provos
performance by avoiding unnecessary copies. There was a problem when two subsequent mbufs were != 0 mod blocksize and the next < blocksize, so we lost the rest of the last mbuf as IV.
1998-07-30Forgot this one with the previous batch of commits; use ip4_input()Angelos D. Keromytis
instead of ipip_input() whenever possible, it seems more stable.
1998-07-29Proper handling of IP in IP and checksumming.Angelos D. Keromytis
1998-07-29Don't do checksumming unless we're doing IP-in-IP.Angelos D. Keromytis
1998-07-03wrong endian conversion caused vif stats to be wrong; jonny@jonny.eng.brTheo de Raadt
1998-06-30remove unnecessary assignmentNiels Provos
1998-06-27delete extra KFREE(); d@openbsd.orgTheo de Raadt
1998-06-27indentTheo de Raadt
1998-06-27indentTheo de Raadt
1998-06-27Disallow TCP connect() to multicast addresses; cmetz@inner.netAngelos D. Keromytis
1998-06-26indentTheo de Raadt
1998-06-11indentTheo de Raadt
1998-06-11fix a mbuf chain corruption which happened when m_pullup was called on anNiels Provos
mbuf in the middle of the chain and had to MGET a new one.
1998-06-10make the packets which were successfully processed by IPSec available toNiels Provos
bpf via the enc0 interface, using linktype DLT_ENC.
1998-06-10wasteland quality control cleanupTheo de Raadt
1998-06-10New TCPCTL_IDENT sysctl for identd without kmem insanity.Bob Beck
1998-06-03request only auth in notify when vpn ipsec route is found with a differentNiels Provos
security protocol than IPPROTO_ESP.
1998-06-03cleanup debug printfsNiels Provos
1998-06-02nbytes - ofs should never be less than 0 (Oops on me)janjaap
1998-05-27for icmpbmcastecho, block all of themTheo de Raadt
1998-05-24allow SAs with non-specified source addressNiels Provos
1998-05-24allow the use of blowfish and cast encryption with implicit ivNiels Provos
1998-05-24avoid source address spoofing for mutual hostile hosts which have SAs toNiels Provos
us, reported by Craig Metz <cmetz@inner.net>.
1998-05-24add support for Virtual Private Networks (VPN).Niels Provos
1998-05-22Set the outter IP header's ttl, not the inner.Angelos D. Keromytis
1998-05-19Wall for non-IPSEC caseTheo de Raadt
1998-05-18first step to the setsockopt/getsockopt interface as described inNiels Provos
draft-mcdonald-simple-ipsec-api, kernel notifies (EMT_REQUESTSA) signal userland key management applications when security services are requested. this is only for outgoing connections at the moment, incoming packets are not yet checked against the selected socket policy.
1998-05-17fix tdb_delete() when using SPI chains.Niels Provos
1998-05-05check for invalid padding length, reported by Dan McDonald (Sun Microsystems)Niels Provos
<danmcd@eng.sun.com>
1998-04-25close PR 459David Leonard
1998-03-27Fix bug (I introduced) with aliases and in_broadcast().Angelos D. Keromytis
1998-03-23Also digest the leftovers.janjaap
1998-03-20for SIOCGIF{NETMASK,DSTADDR,BRDADDR} calls match address to if aliases entriesTheo de Raadt
so that correct information is returned (previously information about the primary address was returned). If the address cannot be found on the interface, return information about the primary (for OSIOC* compatibility). work by angelos and myself.
1998-03-19This should fix some problems with the aliases.Angelos D. Keromytis
1998-03-18adapt function arguments to get the expected prototype.Niels Provos
1998-03-18Fix tunnel mode input processing (use ip4_input instead of ipe4_input),Niels Provos
fix some old code leftovers in ah_new_input (adjust to variable hash length), avoid double ip encapsulation in tunnel mode. Problems reportd by Petr Novak <petr@internet.cz>.
1998-03-18Add FreeBSD patch (check for SYN packets arriving at a socket inAngelos D. Keromytis
LISTEN state with source address/port == destination address/port).
1998-03-07improve performance by avoiding unnecessary copies.Niels Provos
1998-03-04don't print "IP Filter: initialized"dgregor
1998-03-02improve blowfish performance.Niels Provos
1998-02-28Another shot at disallowing TCP connections to 255.255.255.255,Angelos D. Keromytis
0.0.0.0 and any local broadcast addresses. Tested.
1998-02-25patch could not have been tested. panics machine on bootTheo de Raadt
1998-02-25please indent as the file is currently indentedTheo de Raadt