Age | Commit message (Collapse) | Author | |
---|---|---|---|
2001-08-09 | Don't check the source address on the packet vs. the one on the SA, as | Angelos D. Keromytis | |
this prevents use of ESP in mobility; pointed out on the IETF mailing list by Francis Dupont. | |||
2001-08-08 | Remove IPCOMP option, it's now part of IPSEC option. You still need to | Jean-Jacques Bernard-Gundol | |
enable ipcomp via sysctl to use it. deraadt@ ok. | |||
2001-08-07 | enable ah & esp by default, now that we trust the code more | Theo de Raadt | |
2001-08-06 | Don't drop packets if we're using an ACQUIRE policy and some error | Angelos D. Keromytis | |
occurs while notifying key mgmt; also, always check for new TDBs for policies where the destination gateway is left unspecified (end-to-end IPsec case), to avoid asking for new SAs from key mgmt. | |||
2001-07-27 | variable name "gif" is way too generic - use "gif_softc". sync with kame | Jun-ichiro itojun Hagino | |
2001-07-27 | do not check in_dstaddr in rtinitflags() macro, otherwise | Jun-ichiro itojun Hagino | |
linklocal address manipulation codepath will choke. sync with kame | |||
2001-07-23 | improve IFA_ROUTE handling. do not lose connected route on primary | Jun-ichiro itojun Hagino | |
interface address removals. | |||
2001-07-21 | repair IPv6 TCP. th_sum has to be initialized to 0 on template. | Jun-ichiro itojun Hagino | |
(older code had "th_sum = 0" at the bottom of the function, which was removed during TCP hardware checksumming change) | |||
2001-07-18 | zero tcp checksum field before calculating new value. | Marco S Hyman | |
Fixes problem with bad checksums on keepalives OK provos@ | |||
2001-07-17 | split ip normalization out into a separate file, okay dhartmei@ | Niels Provos | |
2001-07-17 | Use 64 bits integer for ipcomps_ibytes and ipcomps_obytes. 32 bits was | Jean-Jacques Bernard-Gundol | |
used and it gave strange results with netstat -s. Reported by art@ | |||
2001-07-16 | Move altq after pf; suggested by aaron@, kjc@ ok. | Federico G. Schwindt | |
2001-07-08 | Remove static from func decls | Niklas Hallqvist | |
2001-07-07 | fix comment to make life easier for my special friend darren. | Niels Provos | |
2001-07-06 | Don't use enc0 interface for IPComp. angelos@ ok. | Jean-Jacques Bernard-Gundol | |
2001-07-05 | IP6_EXTHDR_GET0 did not check m->m_len (noone was using this macro). | Jun-ichiro itojun Hagino | |
sync with kame | |||
2001-07-05 | IPComp support. angelos@ ok. | Jean-Jacques Bernard-Gundol | |
2001-07-05 | IPComp. Just like for deflate earlier, it won't be compiled until everything | Jean-Jacques Bernard-Gundol | |
is in the tree | |||
2001-07-05 | Style | Angelos D. Keromytis | |
2001-07-05 | Typo. | Angelos D. Keromytis | |
2001-07-05 | Style | Angelos D. Keromytis | |
2001-07-05 | IPComp itself (include files). angelos@ ok. | Jean-Jacques Bernard-Gundol | |
2001-07-04 | Make preprocessor happier, don't give it untasty tokens at end of input. | Marc Espie | |
Ok millert@ | |||
2001-07-04 | handle m->m_pkthdr.rcvif == NULL; temporarily ok deraadt@; pending itojun@ | Daniel Hartmeier | |
2001-07-04 | Explicitly list the new ICMP codes. | Angelos D. Keromytis | |
2001-07-04 | Update with codes, URL, RFCs, from jason@Ackley.NET, closes PR 1919 | Angelos D. Keromytis | |
2001-07-03 | Pointer arithmetic fixes work better when you get the casting right. | Angelos D. Keromytis | |
2001-07-01 | tag packets generated by pf (return-rst, return-icmp) so they are not ↵ | Daniel Hartmeier | |
filtered, use existing icmp_error() and ip_output(). ok dugsong@, frantzen@ | |||
2001-06-29 | move pf_test check to happen after checksum calculation - without | Bob Beck | |
this packets originating from this host (such as with an rdr to localhost for transparent proxying) do not get checksummed correctly, because the pf code does not have a correct checksum to fix up (ok kjell@) | |||
2001-06-29 | saner checking in icmp_error; from NetBSD with work by dug and me. | Niels Provos | |
2001-06-28 | first stab at packet normalization. includes full ip reassembly. | Niels Provos | |
okay dhartmei@, dugsong@ | |||
2001-06-27 | introduce the ALTQ queue macros into sys/net files. | Kenjiro Cho | |
the new model removes direct references to the fields in ifp->if_snd, and defines the following macros to manipulate ifp->if_snd. IFQ_ENQUEUE(ifq, m, pktattr, err) IFQ_DEQUEUE(ifq, m) IFQ_POLL(ifq, m) IFQ_PURGE(ifq) IFQ_IS_EMPTY(ifq) the new model also enforces some rules regarding how to use these macros. details are descrined in http://www.csl.sony.co.jp/~kjc/software/altq-new-design.txt | |||
2001-06-27 | ALTQ base modifications to the kernel. | Kenjiro Cho | |
- ALTQ introduces a set of new queue macros that coexist with the traditional IF_XXX macros. - "struct ifaltq" replaces "struct ifqueue" in "struct ifnet". - assign cdev major 74 for i386 and 54 for alpha as ALTQ control interface. | |||
2001-06-27 | Use TAILQ_FOREACH() instead of hand-crafted for loops. | Angelos D. Keromytis | |
2001-06-27 | When determining whether there's a pending acquire wrt a policy, look | Angelos D. Keromytis | |
at the acquires associated with the policy only. | |||
2001-06-27 | Attach IPsec acquire state to policy entries, and relevant cleanups. | Angelos D. Keromytis | |
2001-06-27 | Also link acquire state to the relevant IPsec policy. | Angelos D. Keromytis | |
2001-06-27 | Get rid of M_COPY_* macros; either use M_MOVE_* or M_DUP_*, depending | Angelos D. Keromytis | |
on how macros should be treated. Code by fgsch@, ok by me and itojun@ | |||
2001-06-27 | Add length to pkthdr.len directly. | Angelos D. Keromytis | |
2001-06-27 | Minor nits. | Angelos D. Keromytis | |
2001-06-27 | Don't cache packets that hit policies -- we'll do that at the PCB for | Angelos D. Keromytis | |
local packets. | |||
2001-06-26 | Use the ACQUIRE sequence number to "wake up" acquire state kept and | Angelos D. Keromytis | |
cause retransmission of outgoing packets. Also, only store outgoing packets -- just drop incoming packets that cause an SA acquisition. Some comment fixup. | |||
2001-06-26 | ifdef out some currently unused code | Angelos D. Keromytis | |
2001-06-26 | Rewrite ipsp_clear_acquire() to be more readable, after all the KNF'ing | Angelos D. Keromytis | |
2001-06-26 | Use pool(9) for IPsec acquires too. | Angelos D. Keromytis | |
2001-06-26 | Use pool(9) for IPsec policy structures. | Angelos D. Keromytis | |
2001-06-26 | Keep the PFKEY sequence number at the TDB, plus a little bit of KNF | Angelos D. Keromytis | |
2001-06-26 | no longer pass around **m | Theo de Raadt | |
2001-06-26 | Appease gcc by not using void pointers in arithmetic operations. | Aaron Campbell | |
2001-06-26 | Restore inclusion of <sys/systm.h>. | Aaron Campbell | |