| Commit message (Collapse) | Author | Age | Files | Lines | ||
|---|---|---|---|---|---|---|
| ... | ||||||
| * | Fix debugging printf compilation. |   angelos | 1999-12-08 | 1 | -3/+3 | |
| | | ||||||
| * | bring in KAME IPv6 code, dated 19991208. |   itojun | 1999-12-08 | 1 | -1/+55 | |
| | | | | | | | | | | replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details. GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon). | |||||
| * | New ESP code that's v4 and v6 friendly. | angelos | 1999-12-06 | 1 | -18/+20 | |
| | | ||||||
| * | Address independence, IPv6 support, and the -local flag in ipsecadm is | angelos | 1999-12-04 | 1 | -294/+273 | |
| | | | | | no longer needed. | |||||
| * | pfkeyv2 aquire should not happen when bypassing IPsec. Add missing splx(). |   ho | 1999-11-04 | 1 | -2/+5 | |
| | | ||||||
| * | Get rid of unnecessary third argument in *_output routines of IPsec. | angelos | 1999-10-29 | 1 | -3/+2 | |
| | | ||||||
| * | Remove unused third argument from ipe4_output() | angelos | 1999-10-29 | 1 | -2/+2 | |
| | | ||||||
| * | From angelos@, edits by me, demand keying for PF_KEY |   niklas | 1999-07-15 | 1 | -8/+33 | |
| | | ||||||
| * | handle multicast packets inside ipf too; darren |   deraadt | 1999-06-15 | 1 | -2/+2 | |
| | | ||||||
| * | spltdb introduced, protection for tdb lists and related structures, so | niklas | 1999-05-16 | 1 | -19/+40 | |
| | | | | | | they won't disappear behind our back by an expiration. Cleanup expiration logic too. | |||||
| * | A new scalable IPsec SA expiration model. | niklas | 1999-05-14 | 1 | -28/+4 | |
| | | ||||||
| * | Introduce net.inet.{ah,esp}.enable sysctl controls that are off by default. | niklas | 1999-04-11 | 1 | -7/+20 | |
| | | | | | | | If you are going to use either of AH or ESP or both, enable these in /etc/sysctl.conf. Also correct the IPSec debugging sysctl code, it is now named net.inet.ip.encdebug. Some corrected function signatures too. | |||||
| * | add SADB_X_BINDSA to pfkey allowing incoming SAs to refer to an outgoing |   provos | 1999-03-27 | 1 | -11/+74 | |
| | | | | | | | | | | SA to be used, use this SA in ip_output if available. allow mobile road warriors for bind SAs with wildcard dst and src addresses. check IPSEC AUTH and ESP level when receiving packets, drop them if protection is insufficient. add stats to show dropped packets because of insufficient IPSEC protection. -- phew. this was all done in canada. dugsong and linh provided the ride and company. | |||||
| * | Implement lifetime expiration notifications. Fix some typos. Remove statics. | niklas | 1999-03-24 | 1 | -2/+1 | |
| | | ||||||
| * | Update IP pointer, when doing multiple transforms. | angelos | 1999-03-06 | 1 | -6/+4 | |
| | | ||||||
| * | Update copyright; remove a few annoying debugging printfs. | angelos | 1999-02-24 | 1 | -4/+1 | |
| | | | | | Btw, OpenBSD hit 25000 commits a couple commits ago. | |||||
| * | Remove encap.h include; saner debugging printfs; fix buglets; work with | angelos | 1999-02-24 | 1 | -70/+47 | |
| | | | | | pfkeyv2. | |||||
| * | Remove duplicate code. | angelos | 1999-01-11 | 1 | -65/+24 | |
| | | ||||||
| * | dont call ip_randomid() in htons(). | provos | 1999-01-08 | 1 | -2/+3 | |
| | | ||||||
| * | make ip_id random but ensure that ids dont repeat for some period. | provos | 1998-12-26 | 1 | -2/+2 | |
| | | ||||||
| * | cleanup ipsec error handling | provos | 1998-08-02 | 1 | -5/+11 | |
| | | ||||||
| * | more careful error handling, some simplification and beautification. | provos | 1998-08-01 | 1 | -8/+15 | |
| | | ||||||
| * | Proper handling of IP in IP and checksumming. | angelos | 1998-07-29 | 1 | -2/+19 | |
| | | ||||||
| * | Don't do checksumming unless we're doing IP-in-IP. | angelos | 1998-07-29 | 1 | -4/+6 | |
| | | ||||||
| * | remove unnecessary assignment | provos | 1998-06-30 | 1 | -3/+1 | |
| | | ||||||
| * | request only auth in notify when vpn ipsec route is found with a different | provos | 1998-06-03 | 1 | -3/+5 | |
| | | | | | security protocol than IPPROTO_ESP. | |||||
| * | allow SAs with non-specified source address | provos | 1998-05-24 | 1 | -16/+56 | |
| | | ||||||
| * | add support for Virtual Private Networks (VPN). | provos | 1998-05-24 | 1 | -5/+26 | |
| | | ||||||
| * | Wall for non-IPSEC case | deraadt | 1998-05-19 | 1 | -1/+3 | |
| | | ||||||
| * | first step to the setsockopt/getsockopt interface as described in | provos | 1998-05-18 | 1 | -8/+68 | |
| | | | | | | | | draft-mcdonald-simple-ipsec-api, kernel notifies (EMT_REQUESTSA) signal userland key management applications when security services are requested. this is only for outgoing connections at the moment, incoming packets are not yet checked against the selected socket policy. | |||||
| * | Fix tunnel mode input processing (use ip4_input instead of ipe4_input), | provos | 1998-03-18 | 1 | -2/+3 | |
| | | | | | | | fix some old code leftovers in ah_new_input (adjust to variable hash length), avoid double ip encapsulation in tunnel mode. Problems reportd by Petr Novak <petr@internet.cz>. | |||||
| * | bad types; wileyc@sekiya.twics.co.jp | deraadt | 1998-02-03 | 1 | -2/+2 | |
| | | ||||||
| * | conditional error logging | deraadt | 1997-10-02 | 1 | -5/+5 | |
| | | ||||||
| * | log() needs a \n | deraadt | 1997-09-28 | 1 | -4/+3 | |
| | | ||||||
| * | indent | deraadt | 1997-08-26 | 1 | -128/+119 | |
| | | ||||||
| * | No more crashes because of this bug (double m_freem(), essentially). | angelos | 1997-08-04 | 1 | -7/+15 | |
| | | ||||||
| * | some indentation stuff | deraadt | 1997-07-31 | 1 | -21/+12 | |
| | | ||||||
| * | expiration messages, fixes, updates, all sorts of things | niklas | 1997-07-27 | 1 | -17/+107 | |
| | | ||||||
| * | enablespi/disablespi in encap + print spi's in hostorder | provos | 1997-07-18 | 1 | -2/+9 | |
| | | ||||||
| * | routes with zero spi can be used to avoid ipsec processing | provos | 1997-07-14 | 1 | -1/+11 | |
| | | ||||||
| * | put old esp/ah and new esp/ah in different files. | provos | 1997-07-11 | 1 | -33/+20 | |
| | | | | | generalised way of handling transforms. | |||||
| * | major restructuring | provos | 1997-07-01 | 1 | -59/+34 | |
| | | ||||||
| * | hard and soft limits for SPI's per absolute timer, relative since establish, | provos | 1997-06-25 | 1 | -10/+31 | |
| | | | | | | | relative since first use timers, packet and byte counters. notify key mgmt on soft limits. key mgmt can now specify limits. new encap messages: EMT_RESERVESPI, EMT_ENABLESPI, EMT_DISABLESPI | |||||
| * | handle IP options in AH + allow IP options in outgoing encapsulated packets | provos | 1997-06-24 | 1 | -7/+18 | |
| | | | | | + usage counters for later use with keymanagement processes | |||||
| * | swap labels; adam@math.tau.ac.il | deraadt | 1997-06-16 | 1 | -3/+3 | |
| | | ||||||
| * | Need to get a new pointer for the IP header after doing a pullup on the mbuf |   tholo | 1997-03-02 | 1 | -4/+6 | |
| | | ||||||
| * | Cosmetic changes. | angelos | 1997-03-02 | 1 | -2/+3 | |
| | | ||||||
| * | Moved IPsec socket state to the PCB. | angelos | 1997-02-28 | 1 | -7/+7 | |
| | | ||||||
| * | IPsec socket API hooks are in. | angelos | 1997-02-28 | 1 | -1/+54 | |
| | | ||||||
| * | IPSEC package by John Ioannidis and Angelos D. Keromytis. Written in | deraadt | 1997-02-20 | 1 | -1/+181 | |
| | | | | | Greece. From ftp.funet.fi:/pub/unix/security/net/ip/BSDipsec.tar.gz | |||||
 |
index : wireguard-openbsd | |
| WireGuard implementation for the OpenBSD kernel | Matt Dunwoodie |
| summaryrefslogtreecommitdiffstats |