wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

	Commit message (Collapse)	Author	Age	Files	Lines
...
*	add sysctl entry points into various network layers, in particular to	deraadt	2007-12-14	1	-13/+49
\| \| \| \|	provide netstat(1) with data it needs; ok claudio reyk
*	double pf performance.	henning	2007-05-28	1	-2/+2
\| \| \| \| \| \| \| \| \| \| \| \| \|	boring details: pf used to use an mbuf tag to keep track of route-to etc, altq, tags, routing table IDs, packets redirected to localhost etc. so each and every packet going through pf got an mbuf tag. mbuf tags use malloc'd memory, and that is knda slow. instead, stuff the information into the mbuf header directly. bridging soekris with just "pass" as ruleset went from 29 MBit/s to 58 MBit/s with that (before ryan's randomness fix, now it is even betterer) thanks to chris for the test setup! ok ryan ryan ckuethe reyk
*	- AH: when computing crypto checksum for output, massage source-routing	itojun	2007-02-08	1	-7/+16
\| \| \| \| \| \| \| \| \| \|	header. - ipsec_input: fix mistake in IPv6 next-header chasing. - ipsec_output: look for the position to insert AH more carefully. - ip6_output: enable use of AH with extension headers. avoid tunnellinng when source-routing header is present. ok by deraad, naddy, hshoexer
*	make enc(4) count; ok markus@ henning@ deraadt@	otto	2006-12-15	1	-1/+4
\|
*	do not install pmtu routes for transport mode SAs, as they do not	markus	2006-12-05	1	-1/+9
\| \| \| \|	the dest IP; PMTU debugging support; ok hshoexer
*	add support to tag ipsec traffic belonging to specific IKE-initiated	reyk	2006-11-24	1	-1/+13
\| \| \| \| \| \| \| \| \| \| \|	phase 2 traffic. this allows policy-based filtering of encrypted and unencrypted ipsec traffic with pf(4). see ipsec.conf(5) and isakmpd.conf(5) for details and examples. this is work in progress and still needs some testing and feedback, but it is safe to put it in now. ok hshoexer@
*	allow bpf(4) to ignore packets based on their direction (inbound or	djm	2006-03-25	1	-2/+3
\| \| \| \| \|	outbound), using a new BIOCSDIRFILT ioctl; guidance, feedback and ok canacar@
*	With the exception of two other small uncommited diffs this moves	brad	2006-03-04	1	-4/+4
\| \| \| \| \| \|	the remainder of the network stack from splimp to splnet. ok miod@
*	Path MTU discovery for NAT-T.	mpf	2006-01-13	1	-1/+55
\| \| \| \|	OK markus@, "looks good" hshoexer@
*	Introduce bpf_mtap_af and bpf_mtap_hdr to be used when passing a mbuf chain	pascoe	2005-07-31	1	-15/+2
\| \| \| \| \| \| \| \| \| \|	to bpf with either an address family or other header added. These helpers only allocate a much smaller struct m_hdr on the stack when needed, rather than leaving 256 byte struct mbufs on the stack in deep call paths. Also removes a fair bit of duplicated code. commit now, tune after deraadt@
*	resolve conflict between M_TUNNEL and M_ANYCAST6, remove M_COMP (it's	markus	2004-11-25	1	-4/+2
\| \| \| \|	only set and never read), update documentation; ok fgsch, deraadt, millert
*	First step towards more sane time handling in the kernel -- this changes	tholo	2004-06-21	1	-8/+4
\| \| \| \| \| \| \| \|	things such that code that only need a second-resolution uptime or wall time, and used to get that from time.tv_secs or mono_time.tv_secs now get this from separate time_t globals time_second and time_uptime. ok art@ niklas@ nordin@
*	make it possble to use IPsec over link-local address (policy table uses	itojun	2004-06-21	1	-1/+3
\| \| \| \|	sin6_scope_id, IPsec porion uses embedded form). beck ok
*	pass esp/ah/ipcmp to rawip if processing is disabled with sysctl;	markus	2004-04-18	1	-5/+3
\| \| \| \|	allows userland ipsec; tested by sturm@; ok deraadt@, ho@, hshoexer@
*	switch to sysctl_int_arr(); ok henning, deraadt	markus	2004-02-17	1	-41/+20
\|
*	UDP encapsulation for ESP in transport mode (draft-ietf-ipsec-udp-encaps-XX.txt)	markus	2003-12-02	1	-10/+22
\| \| \| \|	ok deraadt@
*	allow gif(4) over ipsec: mark mbuf for transport mode SA,	markus	2003-07-28	1	-1/+4
\| \| \| \| \| \|	so in_gif_input can detect whether a proto 4 header is due to ipsec tunnel mode or gif(4) encapsulation; fixes pr 3023 ok itojun@. provos@ and angelos@ agree; tested by sturm@
*	update ip_len to reflect tunnel header removal (lost duing ip_len	markus	2003-07-24	1	-1/+2
\| \| \| \|	flip changes); ok itojun; noticed by jrrs@ice-nine.org
*	do not flip ip_len/ip_off in netinet stack. deraadt ok.	itojun	2003-07-09	1	-3/+1
\| \| \| \|	(please test, especially PF portion)
*	make sure the packets contains a complete inner header	markus	2003-07-08	1	-3/+31
\| \| \| \| \|	for ip{4,6}-in-ip{4,6} encapsulation; fixes panic for truncated ip-in-ip over ipsec; ok angelos@
*	knf typo	markus	2003-07-04	1	-5/+5
\|
*	just as a safety measure, set m_flags to 0 for mbufs allocated on stack.	itojun	2003-05-03	1	-1/+2
\| \| \| \|	dhartmei ok
*	knf	deraadt	2003-02-20	1	-3/+2
\|
*	If there's no tag to be reset, don't reset it (avoids a NULL deref in the IPCOMP case)	jason	2003-02-20	1	-3/+4
\|
*	Fix usage counter for IPCOMP --- sam@errno.com	angelos	2002-06-28	1	-2/+2
\|
*	Forgot variable.	angelos	2002-06-25	1	-2/+2
\|
*	Handle correctly return values from xf_input methods --- since the	angelos	2002-06-25	1	-11/+7
\| \| \| \| \|	return value was ignored anyway, this wasn't a problem so far. From sam@errno.com
*	Remove whitespace from the end of the file.	angelos	2002-06-13	1	-4/+1
\|
*	whitespace	itojun	2002-06-09	1	-8/+8
\|
*	Set/clear M_AUTH_AH.	angelos	2002-06-09	1	-3/+3
\|
*	disable pmtu for ipsec when the sysctl says so; bug report cjkim2000@yahoo.com	provos	2002-01-23	1	-2/+2
\|
*	Use hzto() to handle overflow of (hz * timeout) cases --- when using	angelos	2001-12-06	1	-5/+14
\| \| \| \|	extremely long SA expirations.
*	Don't check the source address on the packet vs. the one on the SA, as	angelos	2001-08-09	1	-51/+1
\| \| \| \| \|	this prevents use of ESP in mobility; pointed out on the IETF mailing list by Francis Dupont.
*	Remove IPCOMP option, it's now part of IPSEC option. You still need to	jjbg	2001-08-08	1	-9/+1
\| \| \| \|	enable ipcomp via sysctl to use it. deraadt@ ok.
*	enable ah & esp by default, now that we trust the code more	deraadt	2001-08-07	1	-3/+3
\|
*	Don't use enc0 interface for IPComp. angelos@ ok.	jjbg	2001-07-06	1	-2/+3
\|
*	IPComp support. angelos@ ok.	jjbg	2001-07-05	1	-25/+186
\|
*	KNF	angelos	2001-06-26	1	-581/+604
\|
*	Copyright.	angelos	2001-06-25	1	-3/+3
\|
*	path mtu discovery for ipsec. on receiving a need fragment icmp match	provos	2001-06-24	1	-1/+89
\| \| \| \|	against active tdb and store the ipsec header size corrected mtu
*	Remove unneeded ip_id convertions.	fgsch	2001-06-23	1	-2/+1
\| \| \| \| \| \|	Instead of using HTONS macro in some places, use htons directly in the struct member and save us a few bytes. Fix comment.
*	mop up after angelos	deraadt	2001-06-19	1	-1/+2
\|
*	Trim include files.	angelos	2001-06-08	1	-9/+1
\|
*	Add a few DPRINTF()'s	angelos	2001-06-05	1	-2/+4
\|
*	Record last use time for SAs.	angelos	2001-05-29	1	-1/+3
\|
*	If we are passed a packet tag, it's an IPSEC_IN_CRYPTO_DONE so convert	angelos	2001-05-27	1	-15/+25
\| \| \| \|	it to IPSEC_IN_DONE, rather than adding a new one.
*	Forgot to convert this tag.	angelos	2001-05-27	1	-2/+2
\|
*	Use packet tags to signal input IPsec processing to upper layer protocols.	angelos	2001-05-20	1	-12/+12
\|
*	Check m_pullup() and m_pullup2() return for NULL, not 0; itojun@ ok	aaron	2001-05-11	1	-3/+3
\|
*	Move offsetof define into sys/param.h	csapuntz	2001-04-06	1	-5/+1
\|