src - OpenBSD base system

Age	Commit message (Collapse)	Author
2001-03-18	enable pmtu by default	Niels Provos

2001-03-17	Handle ftp services that don't ask for a password, only a username.	Bob Beck
	This appears to be allowed by RFC and is apparently used by some banks in the netherlands (shudder). Patch courtesy Ramses de Beer <rbdebeer@yahoo.com>.
2001-03-15	include <machine/cpu.h>, since schednetisr needs to do a splsoftnet	Brandon Creighton

2001-03-15	convert SA expirations to the new timeouts.	Michael Shalayeff
	simplifies expirations handling a lot. tdb_exp_timeout and tdb_soft_timeout are made consistant throughout the code to be a relative time offsets, just like first_use timeouts. tested on singlehost isakmpd setup. lots of dangling spaces and tabs removed. angelos@ ok
2001-03-14	provide a random start for tcp timestamps; niels@ ok	Michael Shalayeff

2001-03-13	Force a new search for an SA if the latched one is deleted.	Angelos D. Keromytis

2001-03-07	More careful spl usage for the IPSEC case in ip_output(); from angelos@	Aaron Campbell

2001-03-07	Remove a bogus rtfree(); PR 1706	brian

2001-03-07	Missing SPL_X(); deraadt@ ok	Aaron Campbell

2001-03-06	Move the test for bogus packet length in udp_output() closer to the top of	Aaron Campbell
	the function. Previously it was possible for us to get stuck in splsoftnet() under certain situations. Bug reported by hunter@dg.net.ua, fix by me ok'd by deraadt@, provos@, angelos@.
2001-03-04	Store peer's credentials in TDB.	Angelos D. Keromytis

2001-03-03	on parse error of timestamp option, set parameter error offset correctly.	Jun-ichiro itojun Hagino

2001-03-03	drop packets with 127.0.0.0/8 in header field, if the packet is from outside.	Jun-ichiro itojun Hagino
	under RFC1122 sender rule 127.0.0.8 must not appear on the wire. count incidents by ipstat.ips_badaddr. sync with kame
2001-02-28	Pretty.	Angelos D. Keromytis

2001-02-28	Handle failures more gracefully.	Angelos D. Keromytis

2001-02-28	Keep the last packet sent or received that matched an SPD entry, and	Angelos D. Keromytis
	retransmit if we eventually have an SA setup for that policy.
2001-02-28	If net.inet.ipip.allow is set to 2, don't check for loopback address	Angelos D. Keromytis
	spoofing of encapsulated packets (useful for single-machinet testing of isakmpd)
2001-02-27	Remove superfluous printf in Angelos last commit	Niklas Hallqvist

2001-02-20	tighten IPv4 option header processing (we may want to do more).	Jun-ichiro itojun Hagino
	reviewed by angelos.
2001-02-16	remove IPv6 case from udp_output. now we have separate udp6_output.	Jun-ichiro itojun Hagino

2001-02-16	pull in new pcb notification code from kame. better handling of scope address.	Jun-ichiro itojun Hagino

2001-02-16	amove in6_{embed,recover}scope prototypes to in6_var.h (kernel only).	Jun-ichiro itojun Hagino
	add in6_clearscope. sync better with kame
2001-02-16	sync whitespace/comment with kame. to help merge tasks	Jun-ichiro itojun Hagino

2001-02-12	putting #error into an include file is totally wrong	Theo de Raadt

2001-02-11	If IPSEC is defined but not CRYPTO, spit an error; angelos@ ok	Federico G. Schwindt

2001-02-09	Fix BPF support.	Angelos D. Keromytis

2001-02-08	witch raw ip6 socket code from NRL to kame.	Jun-ichiro itojun Hagino
	makes upgrades/code sharing much easier.
2001-02-07	allow gif-less compile	Michael Shalayeff

2001-02-07	by default, don't bark on inbound ND messages, as outsider may be able to	Jun-ichiro itojun Hagino
	fill up /var with bogus packets. setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid ND packet and other occasions. improve icmp6 stats.
2001-02-06	ipf/ipnat check the securelevel in the original code, so don't do it twice.	Federico G. Schwindt
	Also remove uneeded definition of ICMP_UNREACH_FILTER_PROHIB; this isn't needed. Why keep adding things to make diffs harder?
2001-02-06	- bridge_input() expects to be called at splnet(), not splsoftnet()	Jason Wright
	- add a bit more debugging (controlled by ENCDEBUG and encdebug) - turn off several more m_flags that may have been set by the higher layers (so any sharing of mbuf's in the return direction doesn't confuse the upper layers)
2001-02-06	allow changing number of loopbacks in ukc.	Michael Shalayeff
	change rest of the code to use lo0ifp pointing to the corresponding struct ifnet. itojun@ and niklas@ ok
2001-02-05	with a bunch of encapsulation layers, eg. (IPsec+IP+EtherIP+ether_header),	Jason Wright
	the arp data will not necessarily be in the first mbuf: add m_pullup()'s to make it so.
2001-02-03	- define and use EtherIP version 3 (2 byte padded header instead of the	Jason Wright
	single byte header used in V2), and drop support for V2. - that done, remove some of the buffer copies that were used as alignment shims
2001-02-03	KNF	Jason Wright

2001-02-02	a quick checkpoint:	Jason Wright
	- add a struct etherip_header (will make switching protocol versions a bit easier and give a base for aligning things correctly) - fix the version/reserved field checking for good this time - don't need to m_copydata to grab the first byte of an mbuf that you know has t hat byte - m_adj() instead of homebrew - fix M_MCAST/M_BCAST setting (cut/pasto) - if_imcasts was being updated on the wrong interface
2001-02-01	grr, don't forget to change the reserved field to the upper 4 bits of the ↵	Jason Wright
	header.
2001-02-01	according to the draft-housley-etherip-01, the version is in the low order	Jason Wright
	4 bits of the header
2001-02-01	Ok, more alignment fallout (caused by a single byte header interspersed with	Jason Wright
	nicely aligned headers)... Copy the first MHLEN worth of data into a new buffer and rebuild the mbuf to make sure that the protocol data is nicely aligned.
2001-01-31	it's obviously bed time... really avoid mbuf lossage if MGETHDR fails	Jason Wright

2001-01-31	oops, avoid mbuf lossage if MGETHDR fails	Jason Wright

2001-01-31	Allocate a new mbuf for the header info (struct ip + one, stupid, byte).	Jason Wright
	This works around the fact that M_PREPEND() with a non-word sized length can leave m->m_data pointing to a non-word aligned address.
2001-01-30	re-add local ipf changes that were whacked in the 3.4.16 merge. userland to ↵	Kjell Wooding
	follow
2001-01-30	change ip_compat.h to ip_fil_compat.h for clarity. Impending ipf merge	Kjell Wooding

2001-01-22	fix router renumbering bit decl for little endian. KAME PR 320	Jun-ichiro itojun Hagino

2001-01-21	sync router renumbering flag bit to conform to 2292bis-02 and RR RFC.	Jun-ichiro itojun Hagino
	sync with latest kame rtadvd (again). mostly cosmetic.
2001-01-19	pull post-4.4BSD change to sys/net/route.c from BSD/OS 4.2 (UCB copyrighted).	Jun-ichiro itojun Hagino
	have sys/net/route.c:rtrequest1(), which takes rt_addrinfo * as the argument. pass rt_addrinfo all the way down to rtrequest, and ifa->ifa_rtrequest. 3rd arg of ifa->ifa_rtrequest is now rt_addrinfo * instead of sockaddr * (almost noone is using it anyways). benefit: the follwoing command now works. previously we need two route(8) invocations, "add" then "change". # route add -inet6 default ::1 -ifp gif0 remove unsafe typecast in rtrequest(), from rtentry * to sockaddr *. it was introduced by 4.3BSD-reno and never corrected. XXX is eon_rtrequest() change correct regarding to 3rd arg? eon_rtrequest() and rtrequest() were incorrect since 4.3BSD-reno, so i do not have correct answer in the source code. someone with more clue about netiso-over-ip, please help.
2001-01-17	IPF 3.4.16.	Federico G. Schwindt

2001-01-17	include sys/timeout.h.	Federico G. Schwindt

2001-01-17	IPF 3.4.15. (IPv6 not working yet).	Federico G. Schwindt
	Note: before building the userland part you need to do make includes.