wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

	Commit message (Collapse)	Author	Age	Files	Lines
*	Add support for Unix domain socket forwarding. A remote TCP port	millert	2014-07-15	1	-1/+24
\| \| \| \| \| \| \| \|	may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. This is a reimplementation of the streamlocal patches by William Ahern from: http://www.25thandclement.com/~william/projects/streamlocal.html OK djm@ markus@
*	revert __bounded change; it causes way more problems for portable than	djm	2014-05-02	1	-9/+9
\| \| \| \|	it solves; pointed out by dtucker@
*	use get/put_u32 to load values rather than ((UINT32 )p) that breaks on	djm	2014-04-20	1	-1/+7
\| \| \| \|	strict-alignment architectures; reported by and ok stsp@
*	use __bounded(...) attribute recently added to sys/cdefs.h instead of	djm	2014-03-26	1	-7/+7
\| \| \| \| \| \|	longform __attribute__(__bounded(...)); for brevity and a warning free compilation with llvm/clan
*	refactor client config code a little:	djm	2013-10-14	1	-1/+2
\| \| \| \| \| \| \| \| \| \| \| \|	add multistate option partsing to readconf.c, similar to servconf.c's existing code. move checking of options that accept "none" as an argument to readconf.c add a lowercase() function and use it instead of explicit tolower() in loops part of a larger diff that was ok markus@
*	Use clock_gettime(CLOCK_MONOTONIC ...) for ssh timers so that things like	dtucker	2013-06-01	1	-1/+2
\| \| \| \| \|	keepalives and rekeying will work properly over clock steps. Suggested by markus@, "looks good" djm@.
*	print ipqos friendly string for sshd -T; ok markus	stevesk	2011-03-29	1	-1/+2
\| \| \| \| \|	# sshd -Tf sshd_config\|grep ipqos ipqos lowdelay throughput
*	honour $TMPDIR for client xauth and ssh-agent temporary directories;	djm	2010-11-21	1	-1/+2
\| \| \| \|	feedback and ok markus@
*	allow ssh and sshd to set arbitrary TOS/DSCP/QoS values instead of	djm	2010-11-13	1	-1/+2
\| \| \| \| \| \|	hardcoding lowdelay/throughput. bz#1733 patch from philipp AT redfish-solutions.com; ok markus@ deraadt@
*	Add timingsafe_bcmp(3) to libc, mention that it's already in the	matthew	2010-09-24	1	-2/+1
\| \| \| \| \| \|	kernel in kern(9), and remove it from OpenSSH. ok deraadt@, djm@
*	add an option per-read/write callback to atomicio	djm	2010-09-22	1	-1/+10
\| \| \| \| \| \| \| \| \|	factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism add a bandwidth limit option to sftp(1) using the above "very nice" markus@
*	s/timing_safe_cmp/timingsafe_bcmp/g	djm	2010-07-13	1	-2/+2
\|
*	implement a timing_safe_cmp() function to compare memory without leaking	djm	2010-07-13	1	-1/+2
\| \| \| \| \| \|	timing information by short-circuiting like memcmp() and use it for some of the more sensitive comparisons (though nothing high-value was readily attackable anyway); "looks ok" markus@
*	Remove RoutingDomain from ssh since it's now not needed. It can be replaced	dtucker	2010-01-09	1	-4/+1
\| \| \| \| \| \| \| \| \| \| \| \| \|	with "route exec" or "nc -V" as a proxycommand. "route exec" also ensures that trafic such as DNS lookups stays withing the specified routingdomain. For example (from reyk): # route -T 2 exec /usr/sbin/sshd or inherited from the parent process $ route -T 2 exec sh $ ssh 10.1.2.3 ok deraadt@ markus@ stevesk@ reyk@
*	validate routing domain is in range 0-RT_TABLEID_MAX.	stevesk	2009-12-25	1	-1/+2
\| \| \| \|	'Looks right' deraadt@
*	Allow to set the rdomain in ssh/sftp/scp/sshd and ssh-keyscan.	reyk	2009-10-28	1	-1/+3
\| \| \| \|	ok markus@
*	Make keepalive timeouts apply while waiting for a packet, particularly during	dtucker	2008-06-12	1	-1/+3
\| \| \| \|	key renegotiation (bz #1363). With djm and Matt Day, ok djm@
*	Add a small helper function to consistently handle the EAI_SYSTEM error	dtucker	2007-12-27	1	-1/+2
\| \| \| \| \|	code of getaddrinfo. Prompted by vgiffin at apple com via bz #1417. ok markus@ stevesk@
*	reorder so prototypes are sorted by the files they refer to; no	djm	2006-08-18	1	-13/+13
\| \| \| \|	binary change
*	almost entirely get rid of the culture of ".h files that include .h files"	deraadt	2006-08-03	1	-6/+1
\| \| \| \| \|	ok djm, sort of ok stevesk makes the pain stop in one easy step
*	move #include <stdio.h> out of includes.h	stevesk	2006-08-01	1	-1/+2
\|
*	Add port identifier to known_hosts for non-default ports, based originally	dtucker	2006-07-10	1	-1/+2
\| \| \| \| \| \| \| \| \| \|	on a patch from Devin Nate in bz#910. For any connection using the default port or using a HostKeyAlias the format is unchanged, otherwise the host name or address is enclosed within square brackets in the same format as sshd's ListenAddress. Tested by many, ok markus@.
*	move #include <pwd.h> out of includes.h; ok markus@	stevesk	2006-07-06	1	-1/+5
\|
*	replace {GET,PUT}_XXBIT macros with functionally similar functions,	djm	2006-03-30	1	-2/+22
\| \| \| \| \| \|	silencing a heap of lint warnings. also allows them to use __bounded__ checking which can't be applied to macros; requested by and feedback from deraadt@
*	standardise spacing in $OpenBSD$ tags; requested by deraadt@	djm	2006-03-25	1	-1/+1
\|
*	fix local arbitrary command execution vulnerability on local/local and	djm	2006-01-31	1	-2/+6
\| \| \| \| \|	remote/remote copies (CVE-2006-0225, bz #1094), patch by t8m AT centrum.cz, polished by dtucker@ and myself; ok markus@
*	two changes to the new ssh tunnel support. this breaks compatibility	reyk	2005-12-08	1	-2/+14
\| \| \| \| \| \| \| \| \| \| \| \|	with the initial commit but is required for a portable approach. - make the tunnel id u_int and platform friendly, use predefined types. - support configuration of layer 2 (ethernet) or layer 3 (point-to-point, default) modes. configuration is done using the Tunnel (yes\|point-to-point\|ethernet\|no) option is ssh_config(5) and restricted by the PermitTunnel (yes\|point-to-point\|ethernet\|no) option in sshd_config(5). ok djm@, man page bits by jmc@
*	Add support for tun(4) forwarding over OpenSSH, based on an idea and	reyk	2005-12-06	1	-1/+3
\| \| \| \| \| \| \| \| \| \| \| \|	initial channel code bits by markus@. This is a simple and easy way to use OpenSSH for ad hoc virtual private network connections, e.g. administrative tunnels or secure wireless access. It's based on a new ssh channel and works similar to the existing TCP forwarding support, except that it depends on the tun(4) network interface on both ends of the connection for layer 2 or layer 3 tunneling. This diff also adds support for LocalCommand in the ssh(1) client. ok djm@, markus@, jmc@ (manpages), tested and discussed with others
*	ensure that stdio fds are attached; ok deraadt@	djm	2005-09-13	1	-1/+2
\|
*	use __sentinel__ attribute; ok deraadt@ djm@ markus@	dtucker	2005-07-14	1	-2/+2
\|
*	implement support for X11 and agent forwarding over multiplex slave	djm	2005-07-04	1	-1/+2
\| \| \| \| \| \| \| \|	connections. Because of protocol limitations, the slave connections inherit the master's DISPLAY and SSH_AUTH_SOCK rather than distinctly forwarding their own. ok dtucker@ "put it in" deraadt@
*	introduce a generic %foo expansion function. replace existing % expansion and	djm	2005-06-06	1	-1/+2
\| \| \| \|	add expansion to ControlPath; ok markus@
*	replace tilde_expand_filename with a simpler implementation, ahead of more	djm	2005-04-09	1	-5/+2
\| \| \| \|	whacking; ok deraadt@
*	bz#413: allow optional specification of bind address for port forwardings.	djm	2005-03-01	1	-1/+2
\| \| \| \| \| \| \| \|	Patch originally by Dan Astorian, but worked on by several people Adds GatewayPorts=clientspecified option on server to allow remote forwards to bind to client-specified ports. ok markus@
*	Fix debug call in error path of authorized_keys processing and fix related	dtucker	2004-12-11	1	-2/+2
\| \| \| \|	warnings; ok djm@
*	Discard over-length authorized_keys entries rather than complaining when	dtucker	2004-12-06	1	-1/+2
\| \| \| \|	they don't decode. bz #884, with & ok djm@
*	factor out common permission-asking code to separate function; ok markus@	djm	2004-10-29	1	-1/+2
\|
*	some signed/unsigned int comparison cleanups; markus@ ok	avsm	2004-08-11	1	-3/+3
\|
*	Add option for confirmation (ControlMaster=ask) via ssh-askpass before opening	djm	2004-06-17	1	-1/+2
\| \| \| \|	shared connections; ok markus@
*	set_nonblock() instead of fnctl(...,O_NONBLOCK); "looks sane" deraadt@	djm	2004-06-14	1	-3/+3
\|
*	kill a tiny header; ok deraadt@	djm	2004-05-08	1	-1/+13
\|
*	make two tiny header files go away; djm ok	deraadt	2004-05-08	1	-1/+3
\|
*	KNF whitespace	markus	2002-03-19	1	-4/+4
\|
*	add set_nodelay() to set TCP_NODELAY on a socket (prep for nagle tuning).	stevesk	2002-01-24	1	-1/+2
\| \| \| \|	no nagle changes just yet; ok djm@ markus@
*	remove comments from .h, since they are cut&paste from the .c files	markus	2001-06-26	1	-47/+10
\| \| \| \|	and out of sync
*	prototype pedant. not very creative...	itojun	2001-06-26	1	-11/+11
\| \| \| \| \|	- () -> (void) - no variable names
*	sshd command-line arguments and configuration file options that	stevesk	2001-05-19	1	-1/+25
\| \| \| \| \| \| \| \| \| \| \| \|	specify time may be expressed using a sequence of the form: time[qualifier], where time is a positive integer value and qualifier is one of the following: <none>,s,m,h,d,w Examples: 600 600 seconds (10 minutes) 10m 10 minutes 1h30m 1 hour 30 minutes (90 minutes) ok markus@
*	add unset_nonblock for stdout/err flushing in client_loop().	markus	2001-05-11	1	-2/+3
\|
*	Use addargs() in sftp plus some clean up of addargs(). OK Markus	mouring	2001-05-08	1	-1/+11
\|
*	Move colon() and cleanhost() to misc.c where I should I have put it in	mouring	2001-05-03	1	-1/+5
\| \| \| \|	the first place