| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2000-06-21 | Fix gateway function; ok angelos@ | Oleg Safiullin | |
| angelos, be more careful :) | |||
| 2000-06-20 | Remove static from arptimer so that "show callout" in ddb shows the right | Artur Grabowski | |
| function. | |||
| 2000-06-20 | do not play with rcvif, if the traffic is non-IPv4. | Jun-ichiro itojun Hagino | |
| by setting rcvif to enc*, we break IPv6 scope considerations. | |||
| 2000-06-20 | try to cope with AH6 with scoped address case better. | Jun-ichiro itojun Hagino | |
| 2000-06-20 | Big oops on my previous commit, broke gateway function; patch from | Angelos D. Keromytis | |
| form@openbsd.ru | |||
| 2000-06-19 | correct header chasing code. take care of AH length. | Jun-ichiro itojun Hagino | |
| 2000-06-19 | IPv6 IPsec, outbound direction. | Jun-ichiro itojun Hagino | |
| restriction: if there's any extension header (except fragment) and outbound packet matches tdb, we can't encrypt it. packet will not go out of the node (dropped). | |||
| 2000-06-18 | Oops on checking inp_tdb etc. (itojun@) | Angelos D. Keromytis | |
| 2000-06-18 | Correct function declaration. | Angelos D. Keromytis | |
| 2000-06-18 | Arguments. | Angelos D. Keromytis | |
| 2000-06-18 | Pull in the right header for ip6_sprintf(), fix argument. | Angelos D. Keromytis | |
| 2000-06-18 | Use ip6_sprintf() rather than the home-cooked inet6_ntoa4() | Angelos D. Keromytis | |
| 2000-06-18 | sync with KAME udp6_output(). udp output logic is very different between | Jun-ichiro itojun Hagino | |
| IPv4/v6 so the separation should make more sense. TODO: remove IPv6 case from udp_output() TODO: remove/comment out/#if 0 IPv4 mapped address cases | |||
| 2000-06-18 | permit compilation of non-V6 kernels | Theo de Raadt | |
| 2000-06-18 | Use M_NOWAIT instead of M_DONTWAIT in MALLOC() (even though they're | Angelos D. Keromytis | |
| defined to be the same in mbuf.h) | |||
| 2000-06-18 | sanity check: panic if AF_INET6 inpcb is passed to ip_output | Jun-ichiro itojun Hagino | |
| 2000-06-18 | remove obsolete IP_DF handling from KAME tree (#if 0'ed all the time) | Jun-ichiro itojun Hagino | |
| 2000-06-18 | for mcdonald-simple-ipsec-api get/setsockopt, variable size was mixed up. | Jun-ichiro itojun Hagino | |
| in some place sizeof(u_char), and in some place sizeof(int) were used. previous code can cause problem in big endian machines. now it always uses "int" (isakmpd uses int, so it should be okay) set m_len properly on mcdonald-simple-ipsec-api getsockopt. | |||
| 2000-06-18 | IPv6 AH/ESP support, inbound side only. tested with KAME. | Jun-ichiro itojun Hagino | |
| 2000-06-18 | Print++ | Angelos D. Keromytis | |
| 2000-06-18 | support ipv6 for tcp_ident | Bob Beck | |
| 2000-06-18 | The callbacks need to set the appropriate spl level now. | Angelos D. Keromytis | |
| 2000-06-18 | for setsockopt/getsockopt, don't assume non-PF_INET6 address family as | Jun-ichiro itojun Hagino | |
| PF_INET. we may see other family in the future... (pedant) | |||
| 2000-06-18 | Remove outdated comment. | Angelos D. Keromytis | |
| 2000-06-17 | Change processing sequence: | Angelos D. Keromytis | |
| - if the source IP address if unset (INADDR_ANY) - if higher level protocol has cached the SA to use, and the SA specifies the source address, use that - otherwise, do a routing lookup to determine our outgoing interface and fix the source address - do an SPD lookup (which is why we needed the source address) - if no IPsec is needed, proceed to multicast processing (if necessary), IPF, etc. -- transmit the packet as usual; use the routing information from before (if routing lookup was performed), or do a routing lookup at this point. - if IPsec is needed, do multicast processing (if needed), then do IPsec processing, then call ip_output() recursively. Currently, the second invocation does not do another SPD lookup (it will be changed to do so in the near future, to support independent nested tunnels without infinite loops). Note that if the inner packet (the one that will have IPsec applied to) is multicast or broadcast, the interface flags are not checked (since it's not clear what their meaning is in this case). If the IPsec destination address is multicast/broadcast, the interface flags are checked of course. It is no longer necessary to have routing entries for private networks on IPsec gateways (or default routing entries if they're not needed, for that matter). Finally, this patch solves a problem with ever-increasing reference counts on routing entries when doing IPsec processing. | |||
| 2000-06-16 | take MIN/MAX from param.h, okay theo@ | Niels Provos | |
| 2000-06-15 | What was the offending payload length? | Angelos D. Keromytis | |
| 2000-06-14 | Initialize tc_ptr to zero if authentication is not used. | Angelos D. Keromytis | |
| 2000-06-13 | comment out flowinfo manipulation on inbound. the spec is not very clear. | Jun-ichiro itojun Hagino | |
| 2000-06-13 | avoid mbuf leak on non-matching ifp/sockaddr | Jun-ichiro itojun Hagino | |
| 2000-06-13 | on UDPv6 sendto, correctly set oifp. | Jun-ichiro itojun Hagino | |
| 2000-06-13 | allow link-local IPv6 addres in in6_pcbbind. | Jun-ichiro itojun Hagino | |
| 2000-06-13 | declare IP6_EXTHDR_GET{,0}. sorry i forgot to commit this one. | Jun-ichiro itojun Hagino | |
| 2000-06-12 | update icmp6 name lookup code to conform to 05 draft. previous code | Jun-ichiro itojun Hagino | |
| was 03/05 chimera. ping6: -n by default due to too many false error report due to too long reverse query delay. | |||
| 2000-06-06 | Get rid of tdb_ref, keep indirect pointer to TDB. | Angelos D. Keromytis | |
| 2000-06-03 | correctly handle ctlinput messages for IPv6. | Jun-ichiro itojun Hagino | |
| 2000-06-01 | Fix the German's comment typos. | Angelos D. Keromytis | |
| 2000-06-01 | Should learn how to count... | Angelos D. Keromytis | |
| 2000-06-01 | Check for invalid TDBs right away in the callbacks. | Angelos D. Keromytis | |
| 2000-06-01 | Oops, remove bogus comment. | Angelos D. Keromytis | |
| 2000-06-01 | Beautify a little bit. | Angelos D. Keromytis | |
| 2000-06-01 | Use the cached entry for security requirements from the inp. | Angelos D. Keromytis | |
| 2000-06-01 | Use ipsp_spd_lookup() in ip_output() | Angelos D. Keromytis | |
| 2000-06-01 | ipsp_acquire_sa() | Angelos D. Keromytis | |
| 2000-06-01 | ipsp_spd_lookup() | Angelos D. Keromytis | |
| 2000-06-01 | Prototype for ipsp_spd_lookup() | Angelos D. Keromytis | |
| 2000-05-25 | net.inet.ip.gif_ttl (and IPv6 counterpart) is never used. | Jun-ichiro itojun Hagino | |
| enforce type checking on IN6_ARE_ADDR_EQUAL. | |||
| 2000-05-24 | Update to ipf 3.3.16. among other things, this addresses a security issue | Kjell Wooding | |
| with certain rule configurations: * don't add TCP state if it is an RST packet and (attempt) to send out RST/ICMP packets in a manner that bypasses IP Filter. | |||
| 2000-05-15 | parse IPv4 options more carefully. make boundary checks against every | Jun-ichiro itojun Hagino | |
| steps (including option type/length field - there were no checks, seems to me 4.4BSD bug) | |||
| 2000-05-15 | Add comment on input MSS calculation based on previous PMTUD results, | Angelos D. Keromytis | |
| as per TCP-imply IETF WG draft(s). The correct approach is to just use the relevant interface's MTU. | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |