| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 1999-04-23 | dont accept packets with the destination address of a down interface; | Niels Provos | |
| proff@netbsd.org. | |||
| 1999-04-22 | Heh, this was definitely not tested. cpp sytax errors. | Niklas Hallqvist | |
| 1999-04-21 | From Tom Henderson <tomh@cs.berkeley.edu>: | Niels Provos | |
| Fixed a sequence wraparound bug in the snd_recover variable discovered in very large (multiple GByte) transfers (in loss free conditions, snd_recover was not sufficiently tracking snd_una). Thanks to Mark Smith for finding this. Fixed a bug in tcp_newreno that was preventing retransmission of data due to partial acks. (Discovered by Jayanth Vijayaraghavan) | |||
| 1999-04-20 | messup, learn to test *all* variants of compile options when | Niklas Hallqvist | |
| altering the logic round such. | |||
| 1999-04-20 | use open() with O_EXCL.. but also move to /var/run to avoid the 2nd-level ↵ | Theo de Raadt | |
| /tmp race which darren obviously does not think important | |||
| 1999-04-20 | Merge MROUTING and IPSEC wrt handling of IP-in-IP tunnelled packets. | Niklas Hallqvist | |
| Fix a panic case in the MROUTING code too. Drop M_TUNNEL support, nothing ever uses it. | |||
| 1999-04-16 | fix ipf return-rst panic bug; beck | Theo de Raadt | |
| 1999-04-12 | move encdebug to a useful place | Theo de Raadt | |
| 1999-04-11 | Introduce net.inet.{ah,esp}.enable sysctl controls that are off by default. | Niklas Hallqvist | |
| If you are going to use either of AH or ESP or both, enable these in /etc/sysctl.conf. Also correct the IPSec debugging sysctl code, it is now named net.inet.ip.encdebug. Some corrected function signatures too. | |||
| 1999-04-09 | The kernel parts of a sysctl that can switch on/off IP-in-IP (protocol 4) | Niklas Hallqvist | |
| support, when IPSEC is compiled in. The default is disabled. Turn on with: sysctl -w net.inet.ip4.allow=1 ***Only*** do this if you are really knowing what you do! This control does not control the tunnel modes of ESP and AH. | |||
| 1999-04-09 | Make the tdbi handling more robust, removes a panic case | Niklas Hallqvist | |
| 1999-04-09 | Check for local address spoofing on encapsulated packets. | Angelos D. Keromytis | |
| 1999-04-04 | fix tunnelling; provos | Theo de Raadt | |
| 1999-03-27 | add SADB_X_BINDSA to pfkey allowing incoming SAs to refer to an outgoing | Niels Provos | |
| SA to be used, use this SA in ip_output if available. allow mobile road warriors for bind SAs with wildcard dst and src addresses. check IPSEC AUTH and ESP level when receiving packets, drop them if protection is insufficient. add stats to show dropped packets because of insufficient IPSEC protection. -- phew. this was all done in canada. dugsong and linh provided the ride and company. | |||
| 1999-03-24 | Implement lifetime expiration notifications. Fix some typos. Remove statics. | Niklas Hallqvist | |
| 1999-03-24 | Reworked udp_output() to minimize the number of if() statements needed to get | cmetz | |
| packets out. Also had the nice side effect of fewer blocks now move around by ifdefs, which makes it more readable. | |||
| 1999-03-24 | Removed inclusion of netinet6/in6.h. This was an artifact of when the core | cmetz | |
| IPv6 symbols were there rather than in netinet/in.h, and now not only is unnecessary but also could create problems (see PR library/781). | |||
| 1999-03-24 | Removed old NRL convention in6a_words virtual-field from struct in6_addr. | cmetz | |
| Let's not encourage the use of an obsolete convention. | |||
| 1999-03-24 | Replace 'in6a_words' (old NRL convention) with 's6_addr32' (new BSDI et al. | cmetz | |
| convention that is more common and more specific as to the access size) | |||
| 1999-03-13 | indent | Theo de Raadt | |
| 1999-03-06 | Update IP pointer, when doing multiple transforms. | Angelos D. Keromytis | |
| 1999-03-04 | be more careful with freeing TDBs | Theo de Raadt | |
| 1999-03-04 | more paranoid maintenance | Theo de Raadt | |
| 1999-02-25 | Prettier reporting, report number of flows in use per SA. | Angelos D. Keromytis | |
| 1999-02-25 | Skipjack key bzero'ing case. | Angelos D. Keromytis | |
| 1999-02-25 | Print more information in /kern/ipsec | Angelos D. Keromytis | |
| 1999-02-25 | Bzero key information before free'ing it, just for paranoia's sake. | Angelos D. Keromytis | |
| 1999-02-25 | Use M_XDATA for the key schedule, instead of M_TEMP. | Angelos D. Keromytis | |
| 1999-02-25 | Clear the DF bit, so packets don't get dropped inside a tunnel. | Angelos D. Keromytis | |
| The real solution is probably to keep soft state; however, it's not entirely clear what a tunnel's properties with regards to fragmentation are (it may be considered a infinitely-large MTU pipe). | |||
| 1999-02-25 | Be a bit more paranoid before free'ing memory. | Angelos D. Keromytis | |
| 1999-02-25 | Move union sockaddr_union to ip_ipsp.h | Angelos D. Keromytis | |
| 1999-02-24 | Update copyright; remove a few annoying debugging printfs. | Angelos D. Keromytis | |
| Btw, OpenBSD hit 25000 commits a couple commits ago. | |||
| 1999-02-24 | add skipjack support back | Theo de Raadt | |
| 1999-02-24 | Remove encap.h include; saner debugging printfs; fix buglets; work with | Angelos D. Keromytis | |
| pfkeyv2. | |||
| 1999-02-24 | Added in.h definitions required by IPv6 Basic API and Advanced API specs, and | cmetz | |
| a few extras that are just plain useful. Note that I used u_intxx_t instead of the POSIX p1003.1g uintxx_t that those specs mandate, so as to not increase the number of outside symbol definitions that in.h depends on. | |||
| 1999-02-23 | Forgot this. | Angelos D. Keromytis | |
| 1999-02-23 | This one seems to work, at least in the direction Sparc->i386. | Angelos D. Keromytis | |
| Btw, for all the curious souls, I am in Canada at the moment (land of free commits). | |||
| 1999-02-23 | Turns out the patch didn't fix the problem. Reverting to old code. | Angelos D. Keromytis | |
| 1999-02-23 | Fix an endianness problem (not an issue in libc). | Angelos D. Keromytis | |
| 1999-02-21 | split ipintr() to create new ipv4_input() for tunnels; NRL | Theo de Raadt | |
| 1999-02-19 | fix definition of plen for ICMP (ping -s73 problem) | Kjell Wooding | |
| 1999-02-19 | ipq locking | Theo de Raadt | |
| 1999-02-19 | when checking for weak keys compare sizeof(des_cblock) bytes insetad of ↵ | Artur Grabowski | |
| sizeof(key) bytes | |||
| 1999-02-17 | add fragment flood protection; configureable using sysctl ip.maxqueue | Theo de Raadt | |
| 1999-02-17 | ipsec skipjack, based on free .fi code (some .gov type will test this for me) | Theo de Raadt | |
| 1999-02-17 | indent | Theo de Raadt | |
| 1999-02-17 | indent; remove local types | Theo de Raadt | |
| 1999-02-17 | inet6 indent | Theo de Raadt | |
| 1999-02-16 | Fix a padding check bug in the experimental-padding. iliya@ericom.com | Angelos D. Keromytis | |
| 1999-02-15 | when allocating sack blocks check for failing malloc(), if it fails | Niels Provos | |
| just ignore the sack block + fix misleading comment. tomh@CS.Berkeley.EDU | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |