summaryrefslogtreecommitdiff
path: root/sys/netinet
AgeCommit message (Collapse)Author
2000-03-28Allow authentication-only ESP (must have broken it in the previousAngelos D. Keromytis
round of commits).
2000-03-28Set the protocol family in the destination address of bypass flows.Angelos D. Keromytis
2000-03-27As I threatened a while ago, ingress IPsec ACL-checking is turned onAngelos D. Keromytis
by default. Read the ipsecadm(8) man page for more details on how to specify ingress filters with manual keying. isakmpd has been doing this for a while now.
2000-03-25Fix typo causing crash if ESP was used with only authentication orAngelos D. Keromytis
encryption (not both). Problem noted by jason@openbsd.org
2000-03-22comment out ifconfig undo code. they are necessary to avoid memoryJun-ichiro itojun Hagino
leakage, however, was too strict that they disallow multiple address from same prefix to be assigned (when rtinit returns EEXIST). we'll need to improve it.
2000-03-21Fix casting so it compiles on alphas (testing by janjaap@stack.nl,Angelos D. Keromytis
closing pr #1150)
2000-03-21Fix function to comply with prototype. Kind of moot, as tcp signaturesAngelos D. Keromytis
don't work yet anyhow, so there's no point compiling them in.
2000-03-17remove multiple function declarations.Artur Grabowski
2000-03-17Cryptographic services framework, and software "device driver". TheAngelos D. Keromytis
idea is to support various cryptographic hardware accelerators (which may be (detachable) cards, secondary/tertiary/etc processors, software crypto, etc). Supports session migration between crypto devices. What it doesn't (yet) support: - multiple instances of the same algorithm used in the same session - use of multiple crypto drivers in the same session - asymmetric crypto No support for a userland device yet. IPsec code path modified to allow for asynchronous cryptography (callbacks used in both input and output processing). Some unrelated code simplification done in the process (especially for AH). Development of this code kindly supported by Network Security Technologies (NSTI). The code was writen mostly in Greece, and is being committed from Montreal.
2000-03-13Import of Darren Reed's IPFilter 3.3.11. See sbin/ipf/HISTORY for detailedKjell Wooding
changelog. Documentation changes are now way behind. Volunteers?
2000-03-12undo interface address addition, if in_ifinit fails.Jun-ichiro itojun Hagino
2000-03-10cleared wrong amount of memory in skipjack zerokey, causes bigtime crashesTheo de Raadt
2000-03-09change struct icmp6_filter member name: s/icmp6_filter/icmp6_filt/,Jun-ichiro itojun Hagino
to be compliant with RFC2292. From: Francis Dupont
2000-03-07add ETHERTYPE_8021QChris Cappuccio
2000-03-03remove WIDE's experimental ip reass code, mistakingly merged in partially.Jun-ichiro itojun Hagino
NetBSD PR: 9412 Fix from: ho@crt.se
2000-02-29ensure tcp window size does not overflow (16bit unsigned after window scale).Jun-ichiro itojun Hagino
FreeBSD PR: 16914
2000-02-28move crypto codeTheo de Raadt
2000-02-28upgrade node information query protocol support from 04 draft toJun-ichiro itojun Hagino
draft-ietf-ipngwg-icmp-name-lookups-05.txt. NOTE: 04 and 05 has no interoperability, in terms of "ping6 -a".
2000-02-28bring in recent KAME changes (only important and stable ones, as usual).Jun-ichiro itojun Hagino
- remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works just like "arp -s". - revise source address selection. be more careful about use of yet-to-be-valid addresses as source. - as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope packet forwarding attempt. - path MTU discovery takes care of routing header properly. - be more strict about mbuf chain parsing. - nuke xxCTL_VARS #define, they are for BSDI. - disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit IPv6 model where multiple address on interface is normal. (kernel side supports them for a while for backward compat, the support will be nuked shortly) - introduce "default outgoing interface" (for spec conformance in very rare case)
2000-02-24hide IP6_EXTHDR_CHECK from the userland.Jun-ichiro itojun Hagino
2000-02-21TCP SACK fixes via Tom Henderson (tomh@cs.berkeley.edu):Niels Provos
- tcp_sack_adjust() was completely rewritten, since it was erroneously referencing receiver side sequence numbers and comparing with sender side sequence numbers (thanks to Arun Desai (adesai@cisco.com) who discovered the problem) - in tcp_output(), moved assignment of sendalot=0 to the piece of code immediately following the search for sack-eligible retransmissions (bug identified by Arun Desai). - tcp_input() was not clearing t_dupacks if fewer than three dupacks arrived between acks of new data. (bug identified by Gaurav Banga (gaurav@netapp.com))
2000-02-18Get rid of printf message from ipf enable, as per theo's request.Kjell Wooding
2000-02-18fix alignment problem in ancillary data (alpha).Jun-ichiro itojun Hagino
only ipv6 tools (which touches ancillary data) are affected. From: =?iso-8859-1?Q?G=F6ran_Bengtson?= <goeran@cdg.chalmers.se>
2000-02-16Import IPFilter 3.3.9. Primarily, bugfixes since 3.3.8. See sbin/ipf/HISTORYKjell Wooding
for details.
2000-02-10add PPPoE Discovery- and Session-Stage ETHERTYPEsJason Wright
2000-02-09improve RFC2553/2292 conformance. netinet6/{ip6,icmp6,in6}.h should notJun-ichiro itojun Hagino
be included. neitnet6/{ip6,icmp6}.h includes #error statements only - i'll remove them couple of days later.
2000-02-09don't need netinet6/in6.hJun-ichiro itojun Hagino
2000-02-07s/DIAGNOSTIC/DEBUG/Jun-ichiro itojun Hagino
2000-02-07fix include file path related to ip6.Jun-ichiro itojun Hagino
2000-02-07for more strict rfc2292 compliance swap netinet{,6}/{ip6,icmp6}.h.Jun-ichiro itojun Hagino
netinet6/{ip6,icmp6}.h will be nuked afterwards.
2000-02-01Update to IPFilter 3.3.8. Man pages still to go. See sbin/ipf/HISTORYKjell Wooding
for details.
2000-01-27Merge "old" and "new" ESP and AH in two files (one for each).Angelos D. Keromytis
Fix a couple of buglets with ingress flow deletion. tcpdump on enc0 should now show all outgoing packets *before* being processed, and all incoming packets *after* being processed. Good to be in Canada (land of the free commits).
2000-01-26new bindresvport() semantics that itojun, shin, jean-luc and i have agreed ↵Theo de Raadt
on, which will be happy for the future. bindresvport_sa() for sockaddr *, too. docs later..
2000-01-25Ok, so setsoftnet is md.Marc Espie
Well, on the amiga, setsoftnet *REQUIRES* machine/cpu.h to work... and no include mentioned in those files pulls machine/cpu.h... Nit-fix: / * INET6 */ -> /* INET6 */
2000-01-21Fix comment.Angelos D. Keromytis
2000-01-21Typo.Angelos D. Keromytis
2000-01-21Forgot to delete this.Angelos D. Keromytis
2000-01-21Rename the ip4_* routines to ipip_*, make it so GIF tunnels are notAngelos D. Keromytis
affected by net.inet.ipip.allow (the sysctl formerly known as net.inet.ip4.allow), rename the VIF ipip_input to ipip_mroute_input.
2000-01-18Bump IPPROTO_MAX to include IPPROTO_MOBILE and IPPROTO_ETHERIP.Angelos D. Keromytis
2000-01-17fix pullup and otos saving code for ip6Jun-ichiro itojun Hagino
(ip4_input will be visited with IPv6 packet! better change the func name...)
2000-01-17fix "traceroute -P 41", outgoing side. incoming side needs fix inJun-ichiro itojun Hagino
ip4_input(). Requested from: Niels Provos <provos@citi.umich.edu>
2000-01-16ETHERTYPE_ATALK -> ETHERTYPE_AT (op21@squish.org)Angelos D. Keromytis
2000-01-15Remove unnecessary definition.Angelos D. Keromytis
2000-01-15Add function prototype.Angelos D. Keromytis
2000-01-15Change function type to non-static.Angelos D. Keromytis
2000-01-13mbuf **, not mbuf * you twit...Angelos D. Keromytis
2000-01-13Print number of ingress flows in /kern/ipsecAngelos D. Keromytis
2000-01-13Add an ip4_input6() for use with IPv6 (just a wrapper forAngelos D. Keromytis
ip4_input()), add prototype, ifdef include files.
2000-01-13put_flow(), find_flow(), and delete_flow() get a third argument (forAngelos D. Keromytis
ingress or egress flow)
2000-01-11The entry for IP4 should always be there.Angelos D. Keromytis