| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2001-06-14 | limited broadcast 255.255.255.255 was not recognized correctly, reported | Niels Provos | |
| by crh@ubiqx.mn.org, fix from NetBSD; okay angelos@ | |||
| 2001-06-13 | Use blocksize, not ivmask | Angelos D. Keromytis | |
| 2001-06-12 | IPsec-related socket options; these can be set/removed/retrieved, but | Angelos D. Keromytis | |
| are not taken into consideration in anything just yet. | |||
| 2001-06-12 | IPsec setsockopts. | Angelos D. Keromytis | |
| 2001-06-09 | Inclusion protection. | Angelos D. Keromytis | |
| 2001-06-09 | Protect from multiple inclusion. | Angelos D. Keromytis | |
| 2001-06-09 | Less aggressive include cleanup, so it won't piss of Theo again (one hopes) | Angelos D. Keromytis | |
| 2001-06-08 | it is nice if the kernel compiles | Theo de Raadt | |
| 2001-06-08 | IPSP_POLICY_STATIC flag. | Angelos D. Keromytis | |
| 2001-06-08 | Update packet counters correctly. | Artur Grabowski | |
| From Robert J. Wozny <speedy@atman.pl> | |||
| 2001-06-08 | Cut down on include files. | Angelos D. Keromytis | |
| 2001-06-08 | Trim include files. | Angelos D. Keromytis | |
| 2001-06-07 | Simplify SPD logic (and correct some input cases). | Angelos D. Keromytis | |
| 2001-06-05 | Allow boot -c to change number of gre devices. -moj ok angelos@ | Mats O Jansson | |
| 2001-06-05 | That DPRINTF() is not needed. | Angelos D. Keromytis | |
| 2001-06-05 | Add a few DPRINTF()'s | Angelos D. Keromytis | |
| 2001-06-05 | That debug message was just too chatty, even as a debug message :-) | Angelos D. Keromytis | |
| 2001-06-05 | Clear acquires only if TDB was established correctly. | Angelos D. Keromytis | |
| 2001-06-05 | Correct credential matching logic. | Angelos D. Keromytis | |
| 2001-06-05 | repair copyright notices for NRL & cmetz; cmetz | Theo de Raadt | |
| 2001-06-04 | use faster arc4random() for small amounts fo data, some spaces; niels ok | Michael Shalayeff | |
| 2001-06-04 | use a faster arc4random() for random spi generation; angelos@ ok | Michael Shalayeff | |
| 2001-06-04 | use faster arc4random() in tcp_rndiss_next; niels ok | Michael Shalayeff | |
| 2001-06-01 | use pool allocation for ip fragement queue, from netbsd, | Niels Provos | |
| okay angelos@, itojun@ | |||
| 2001-06-01 | Merge two m_copydata() calls into one, and (hopefully) correct the | Angelos D. Keromytis | |
| self-describing padding verification. | |||
| 2001-06-01 | ipsp_parse_headers() goes down a list of IPv4/IPv6/AH/ESP headers and | Angelos D. Keromytis | |
| creates a tag for each of the ESP/AH headers. This will be used by IPsec-aware NIC device drivers that need to notify IPsec that crypto processing has already been done. There is an excessive amount of m_copydata() calls used by this routine, but there's no way around it that I can think of. | |||
| 2001-06-01 | The IPsec-aware NIC cards don't pass the ICV for later verification | Angelos D. Keromytis | |
| by the stack; that means, if we have a tag it means the ICV was successfully verified and we don't need to do anything else. As well, we don't need any other status information from the NIC. | |||
| 2001-05-31 | Structure for NIC IPsec processing status reports. | Angelos D. Keromytis | |
| 2001-05-31 | Match IPSEC output prototypes. | Angelos D. Keromytis | |
| 2001-05-31 | Two fixes from Stevens via davidg@freebsd, bug report by | Niels Provos | |
| armin@wolfermann.org - set the persist timer so that connections in CLOSING state timeout - honor keep-alive timer in CLOSING state. Fixes the problem in simulaneous close situation where connections would never leave the CLOSING state and stay arround indefinitly. | |||
| 2001-05-30 | IPSP_IDENTITY_MBOX -> IPSP_IDENTITY_FQDN, and print type of creds/auth | Angelos D. Keromytis | |
| in kernfs | |||
| 2001-05-30 | No need for last argument in ipip_output() | Angelos D. Keromytis | |
| 2001-05-30 | Update to match prototypes. | Angelos D. Keromytis | |
| 2001-05-30 | Forgot to update ipsec_output_done() | Angelos D. Keromytis | |
| 2001-05-30 | Match prototype. | Angelos D. Keromytis | |
| 2001-05-30 | Update to match prototype. | Angelos D. Keromytis | |
| 2001-05-30 | With the tags, we don't need to abuse the IPsec API to do socket keying. | Angelos D. Keromytis | |
| 2001-05-30 | Handle TDBF_SKIPCRYPTO on output, and PACKET_TAG_IPSEC_IN_CRYPTO_DONE | Angelos D. Keromytis | |
| on input. | |||
| 2001-05-30 | Free remote authentication material on TDB free. | Angelos D. Keromytis | |
| 2001-05-30 | Keep track of remote authentication material (like public key) as well. | Angelos D. Keromytis | |
| 2001-05-30 | Correctly free information attached to the policy. | Angelos D. Keromytis | |
| 2001-05-30 | Free local auth on TDB free. | Angelos D. Keromytis | |
| 2001-05-30 | Fields to store local auth information in policy and TDB. | Angelos D. Keromytis | |
| 2001-05-30 | Remove ipf. Darren Reed has interpreted his (old, new, whichever) | Theo de Raadt | |
| licence in a way that makes ipf not free according to the rules we established over 5 years ago, at www.openbsd.org/goals.html (and those same basic rules govern the other *BSD projects too). Specifically, Darren says that modified versions are not permitted. But software which OpenBSD uses and redistributes must be free to all (be they people or companies), for any purpose they wish to use it, including modification, use, peeing on, or even integration into baby mulching machines or atomic bombs to be dropped on Australia. Furthermore, we know of a number of companies using ipf with modification like us, who are now in the same situation, and we hope that some of them will work with us to fill this gap that now exists in OpenBSD (temporarily, we hope). | |||
| 2001-05-30 | Remove ipf. Darren Reed has interpreted his (old, new, whichever) | Theo de Raadt | |
| licence in a way that makes ipf not free according to the rules we established over 5 years ago, at www.openbsd.org/goals.html (and those same basic rules govern the other *BSD projects too). Specifically, Darren says that modified versions are not permitted. But software which OpenBSD uses and redistributes must be free to all (be they people or companies), for any purpose they wish to use it, including modification, use, peeing on, or even integration into baby mulching machines or atomic bombs to be dropped on Australia. Furthermore, we know of a number of companies using ipf with modification like us, who are now in the same situation, and we hope that some of them will work with us to fill this gap that now exists in OpenBSD (temporarily, we hope). | |||
| 2001-05-29 | Record last use time for SAs. | Angelos D. Keromytis | |
| 2001-05-29 | Keep track of when a TDB was last marked/unmared as SKIPCRYPTO, and | Angelos D. Keromytis | |
| print the relevant information on KERNFS. | |||
| 2001-05-29 | Fields on TDB for last used and last SKIPCRYPTO status change. | Angelos D. Keromytis | |
| 2001-05-29 | Make sure packets that need crypto processing on the NIC don't escape | Angelos D. Keromytis | |
| (because of routing changes etc.) | |||
| 2001-05-29 | Add ipsp_skipcrypto_{mark,unmark}() | Angelos D. Keromytis | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |