![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / sys / net
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.62 / (download) - annotate - [select for diffs], Fri Sep 29 18:45:42 2023 UTC (8 months, 1 week ago) by tobhe
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
HEAD
Changes since 1.61: +3 -11 lines
Diff to previous 1.61 (colored)
Make sure pfkeyv2_parsemessage() only returns 0 if the message was successfully validated. Decline all messages from userland that contain errnos and remove unneeded special handling for type SADB_X_PROMISC. ok bluhm@
Revision 1.61 / (download) - annotate - [select for diffs], Mon Aug 7 03:35:06 2023 UTC (10 months ago) by dlg
Branch: MAIN
Changes since 1.60: +13 -6 lines
Diff to previous 1.60 (colored)
add a struct sadb_x_iface message for interface SAs this allows userland to install (and see) security associations for route-based ipsec vpns. if this message is part of an SA, it causes the TDBF_IFACE flag and associated fields in a tdb to be set. the interface unit field in this message maps to minor number of the sec(4) interface you want to the SA to work with. ie, set the sadb_x_iface_unit field in struct sadb_x_iface to 1 to set up an SA for use with sec1. the sadb_x_iface_direction in the message uses IPSP_DIRECTION_IN and IPSP_DIRECTION_OUT to specify in which direction that SA is supposed to process traffic. support from many including markus@ tobhe@ claudio@ sthen@ patrick@ now is a good time deraadt@
Revision 1.60 / (download) - annotate - [select for diffs], Wed Jul 14 22:39:26 2021 UTC (2 years, 10 months ago) by tobhe
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.59: +3 -2 lines
Diff to previous 1.59 (colored)
Export SA replay counters via pfkey and print with ipsecctl. This is useful for debugging replay window issues with 64 bit sequence numbers in IPsec. ok bluhm@
Revision 1.59 / (download) - annotate - [select for diffs], Thu Jul 8 15:13:14 2021 UTC (2 years, 11 months ago) by bluhm
Branch: MAIN
Changes since 1.58: +162 -197 lines
Diff to previous 1.58 (colored)
Debug printfs in encdebug were inconsistent, some missing newlines produced ugly output. Move the function name and the newline into the DPRINTF macro. This simplifies the debug statements. OK tobhe@
Revision 1.58 / (download) - annotate - [select for diffs], Mon Jul 5 12:01:20 2021 UTC (2 years, 11 months ago) by tobhe
Branch: MAIN
Changes since 1.57: +3 -2 lines
Diff to previous 1.57 (colored)
Export tdb MTU to userland via SADB_GET. This helps debug path MTU discovery issues with ESP in UDP. ok bluhm@ sthen@ mpi@
Revision 1.57 / (download) - annotate - [select for diffs], Tue May 25 09:55:22 2021 UTC (3 years ago) by bluhm
Branch: MAIN
Changes since 1.56: +3 -3 lines
Diff to previous 1.56 (colored)
The arrays sadb_exts_allowed_out and sadb_exts_required_out are constant. Put global variable declarations into header file. OK mvs@ mpi@
Revision 1.56 / (download) - annotate - [select for diffs], Thu May 6 11:29:34 2021 UTC (3 years, 1 month ago) by mvs
Branch: MAIN
Changes since 1.55: +1 -5 lines
Diff to previous 1.55 (colored)
Kill pfkeyv2_parsemessage() declaration which is absolutely useless here since it's declared in net/pfkeyv2.h. Also kill unused RETURN_EINVAL() macro. ok mpi@
Revision 1.55 / (download) - annotate - [select for diffs], Thu Apr 23 19:38:08 2020 UTC (4 years, 1 month ago) by tobhe
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.54: +23 -15 lines
Diff to previous 1.54 (colored)
Add support for autmatically moving traffic between rdomains on ipsec(4) encryption or decryption. This allows us to keep plaintext and encrypted network traffic seperated and reduces the attack surface for network sidechannel attacks. The only way to reach the inner rdomain from outside is by successful decryption and integrity verification through the responsible Security Association (SA). The only way for internal traffic to get out is getting encrypted and moved through the outgoing SA. Multiple plaintext rdomains can share the same encrypted rdomain while the unencrypted packets are still kept seperate. The encrypted and unencrypted rdomains can have different default routes. The rdomains can be configured with the new SADB_X_EXT_RDOMAIN pfkey extension. Each SA (tdb) gets a new attribute 'tdb_rdomain_post'. If this differs from 'tdb_rdomain' then the packet is moved to 'tdb_rdomain_post' afer IPsec processing. Flows and outgoing IPsec SAs are installed in the plaintext rdomain, incoming IPsec SAs are installed in the encrypted rdomain. IPCOMP SAs are always installed in the plaintext rdomain. They can be viewed with 'route -T X exec ipsecctl -sa' where X is the rdomain ID. As the kernel does not create encX devices automatically when creating rdomains they have to be added by hand with ifconfig for IPsec to work in non-default rdomains. discussed with chris@ and kn@ ok markus@, patrick@
Revision 1.54 / (download) - annotate - [select for diffs], Fri Feb 1 13:32:00 2019 UTC (5 years, 4 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.53: +3 -2 lines
Diff to previous 1.53 (colored)
Export per-TDB counters to userland. This time add the counter extention to SADB_GET's whitelist. ok bluhm@, visa@
Revision 1.53 / (download) - annotate - [select for diffs], Fri Jul 14 16:50:41 2017 UTC (6 years, 10 months ago) by tedu
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4,
OPENBSD_6_3_BASE,
OPENBSD_6_3,
OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.52: +1 -2 lines
Diff to previous 1.52 (colored)
kernels don't build without MROUTING because ip_var.h only sometimes introduces a forward decl for socket. turns out the affected file doesn't need ip_var.h, so remove it. then move the decl to the bottom to prevent the problem from recurring. bug report by Nick Briggs ok mpi
Revision 1.52 / (download) - annotate - [select for diffs], Mon Jun 26 09:17:55 2017 UTC (6 years, 11 months ago) by patrick
Branch: MAIN
Changes since 1.51: +5 -3 lines
Diff to previous 1.51 (colored)
Allow updating the destination address of an existing TDB. Since the destination address is used as an index when looking for a TDB, we need to supply the new destination address in a different member. For this, re-use the proxy address, that so far no one else has been using. It would make sense to rename this member in the future. ok claudio@
Revision 1.51 / (download) - annotate - [select for diffs], Tue Feb 28 16:46:27 2017 UTC (7 years, 3 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.50: +9 -7 lines
Diff to previous 1.50 (colored)
Depending on the addresses, ipsecctl(8) automatically groups sa bundles together. Extend the kernel interface to export the bundle information to userland. Then ipsecctl -ss -v can show the internal relations. Unfortunately the header SADB_X_EXT_PROTOCOL was reused by SADB_X_GRPSPIS, so it cannot be used to transfer the second sa type with sysctl. Introduce a new SADB_X_EXT_SATYPE2 and use it consistently. OK hshoexer@ markus@
Revision 1.50 / (download) - annotate - [select for diffs], Tue Jan 24 10:08:30 2017 UTC (7 years, 4 months ago) by krw
Branch: MAIN
Changes since 1.49: +9 -9 lines
Diff to previous 1.49 (colored)
A space here, a space there. Soon we're talking real whitespace rectification.
Revision 1.49 / (download) - annotate - [select for diffs], Tue Apr 14 12:22:15 2015 UTC (9 years, 2 months ago) by mikeb
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9,
OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.48: +8 -72 lines
Diff to previous 1.48 (colored)
Remove support for storing credentials and auth information in the kernel. This code is largely unfinished and is not used for anything. The change leaves identities as only objects referenced by ipsec_ref structure and their handling requires some changes to support more advanced matching of IPsec connections. No objections from reyk and hshoexer, with and OK markus.
Revision 1.48 / (download) - annotate - [select for diffs], Thu Mar 26 12:21:37 2015 UTC (9 years, 2 months ago) by mikeb
Branch: MAIN
Changes since 1.47: +2 -4 lines
Diff to previous 1.47 (colored)
Remove bits of unfinished IPsec proxy support. DNS' KX records, anyone? ok markus, hshoexer
Revision 1.47 / (download) - annotate - [select for diffs], Wed Apr 10 08:50:59 2013 UTC (11 years, 2 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7,
OPENBSD_5_6_BASE,
OPENBSD_5_6,
OPENBSD_5_5_BASE,
OPENBSD_5_5,
OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.46: +2 -3 lines
Diff to previous 1.46 (colored)
Remove various external variable declaration from sources files and move them to the corresponding header with an appropriate comment if necessary. ok guenther@
Revision 1.46 / (download) - annotate - [select for diffs], Fri Jun 29 14:48:04 2012 UTC (11 years, 11 months ago) by mikeb
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3,
OPENBSD_5_2_BASE,
OPENBSD_5_2
Changes since 1.45: +2 -2 lines
Diff to previous 1.45 (colored)
Add support for the Extended (64-bit) Sequence Number as defined in RFC4302 and RFC4303. Right now only software crypto engine is capable of doing it. Replay check was rewritten to implement algorithm described in the Appendix A of RFC4303 and the window size was increased to 64. Tested against OpenBSD, Linux (strongswan) and Windows. No objection from the usual suspects.
Revision 1.45 / (download) - annotate - [select for diffs], Wed Mar 28 19:43:21 2012 UTC (12 years, 2 months ago) by claudio
Branch: MAIN
Changes since 1.44: +2 -2 lines
Diff to previous 1.44 (colored)
pfkey needs some p_p->ps_pid too. OK deraadt@ guenther@
Revision 1.44 / (download) - annotate - [select for diffs], Thu Jul 1 02:09:45 2010 UTC (13 years, 11 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0,
OPENBSD_4_9_BASE,
OPENBSD_4_9,
OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.43: +18 -5 lines
Diff to previous 1.43 (colored)
Allow to specify an alternative enc(4) interface for an SA. All traffic for this SA will appear on the specified enc interface instead of enc0 and can be filtered and monitored separately. This will allow to group individual ipsec policies to virtual interfaces and simplifies monitoring and pf filtering with many ipsec policies a lot. This diff includes the following changes: - Store the enc interface unit (default 0) in the TDB of an SA and pass it to the enc_getif() lookup when running the bpf or pf_test() handlers. - Add the pfkey SADB_X_EXT_TAP extension to communicate the encX interface unit for a specified SA between userland and kernel. - Update enc(4) again to use an allocate array instead of the TAILQ to lookup the matching enc interface in enc_getif() quickly. Discussed with many, tested by a few, will need more testing & review. ok deraadt@
Revision 1.43 / (download) - annotate - [select for diffs], Wed Oct 22 23:04:45 2008 UTC (15 years, 7 months ago) by mpf
Branch: MAIN
CVS Tags: OPENBSD_4_7_BASE,
OPENBSD_4_7,
OPENBSD_4_6_BASE,
OPENBSD_4_6,
OPENBSD_4_5_BASE,
OPENBSD_4_5
Changes since 1.42: +2 -2 lines
Diff to previous 1.42 (colored)
#if INET => #ifdef INET #if INET6 => #ifdef INET6
Revision 1.42 / (download) - annotate - [select for diffs], Mon Jul 30 11:43:59 2007 UTC (16 years, 10 months ago) by hshoexer
Branch: MAIN
CVS Tags: OPENBSD_4_4_BASE,
OPENBSD_4_4,
OPENBSD_4_3_BASE,
OPENBSD_4_3,
OPENBSD_4_2_BASE,
OPENBSD_4_2
Changes since 1.41: +2 -2 lines
Diff to previous 1.41 (colored)
With adding ipsec tags and exporting flow filters via sysctl SADB_GET needs to be allowed to export that information too. Thus, adjust sadb_exts_allowed_out[] accordingly. This fixes isakmpd not being able to get the in-kernel last-used-counters of SAs, which are needed for DPD. ok ho@
Revision 1.41 / (download) - annotate - [select for diffs], Fri Nov 24 13:52:14 2006 UTC (17 years, 6 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_4_1_BASE,
OPENBSD_4_1
Changes since 1.40: +28 -5 lines
Diff to previous 1.40 (colored)
add support to tag ipsec traffic belonging to specific IKE-initiated phase 2 traffic. this allows policy-based filtering of encrypted and unencrypted ipsec traffic with pf(4). see ipsec.conf(5) and isakmpd.conf(5) for details and examples. this is work in progress and still needs some testing and feedback, but it is safe to put it in now. ok hshoexer@
Revision 1.40 / (download) - annotate - [select for diffs], Sat May 28 15:10:07 2005 UTC (19 years ago) by ho
Branch: MAIN
CVS Tags: OPENBSD_4_0_BASE,
OPENBSD_4_0,
OPENBSD_3_9_BASE,
OPENBSD_3_9,
OPENBSD_3_8_BASE,
OPENBSD_3_8
Changes since 1.39: +2 -2 lines
Diff to previous 1.39 (colored)
Add SA replay counter synchronization to pfsync(4). Required for IPsec failover gateways. ok mcbride@, "looks good" hshoexer@
Revision 1.39 / (download) - annotate - [select for diffs], Tue Aug 10 16:17:05 2004 UTC (19 years, 10 months ago) by ho
Branch: MAIN
CVS Tags: OPENBSD_3_7_BASE,
OPENBSD_3_7,
OPENBSD_3_6_BASE,
OPENBSD_3_6
Changes since 1.38: +44 -42 lines
Diff to previous 1.38 (colored)
Add SADB_X_EXT_LIFETIME_LASTUSE for use with isakmpd/DPD, adding this extends the bitmap to 64bits. Also repair SADB_GET. hshoexer@ ok.
Revision 1.8.2.7 / (download) - annotate - [select for diffs], Sat Jun 5 23:11:25 2004 UTC (20 years ago) by niklas
Branch: SMP
Changes since 1.8.2.6: +4 -0 lines
Diff to previous 1.8.2.6 (colored) to branchpoint 1.8 (colored) next main 1.9 (colored)
Merge with the trunk
Revision 1.38 / (download) - annotate - [select for diffs], Wed Mar 31 10:24:00 2004 UTC (20 years, 2 months ago) by henning
Branch: MAIN
CVS Tags: SMP_SYNC_B,
SMP_SYNC_A
Changes since 1.37: +5 -1 lines
Diff to previous 1.37 (colored)
in the tcp md5sig case allow empty (wildcard) src or dst ok markus@
Revision 1.8.2.6 / (download) - annotate - [select for diffs], Thu Feb 19 10:57:22 2004 UTC (20 years, 3 months ago) by niklas
Branch: SMP
Changes since 1.8.2.5: +12 -4 lines
Diff to previous 1.8.2.5 (colored) to branchpoint 1.8 (colored)
Merge of current from two weeks agointo the SMP branch
Revision 1.37 / (download) - annotate - [select for diffs], Tue Dec 2 23:16:29 2003 UTC (20 years, 6 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_5_BASE,
OPENBSD_3_5
Changes since 1.36: +13 -5 lines
Diff to previous 1.36 (colored)
UDP encapsulation for ESP in transport mode (draft-ietf-ipsec-udp-encaps-XX.txt) ok deraadt@
Revision 1.31.4.2 / (download) - annotate - [select for diffs], Mon May 19 22:29:54 2003 UTC (21 years ago) by tedu
Branch: UBC
Changes since 1.31.4.1: +215 -211 lines
Diff to previous 1.31.4.1 (colored) to branchpoint 1.31 (colored) next main 1.32 (colored)
sync
Revision 1.8.2.5 / (download) - annotate - [select for diffs], Fri Mar 28 00:41:29 2003 UTC (21 years, 2 months ago) by niklas
Branch: SMP
Changes since 1.8.2.4: +215 -211 lines
Diff to previous 1.8.2.4 (colored) to branchpoint 1.8 (colored)
Sync the SMP branch with 3.3
Revision 1.36 / (download) - annotate - [select for diffs], Sun Feb 16 21:30:13 2003 UTC (21 years, 3 months ago) by deraadt
Branch: MAIN
CVS Tags: UBC_SYNC_A,
OPENBSD_3_4_BASE,
OPENBSD_3_4,
OPENBSD_3_3_BASE,
OPENBSD_3_3
Changes since 1.35: +16 -12 lines
Diff to previous 1.35 (colored)
KNF
Revision 1.35 / (download) - annotate - [select for diffs], Sun Feb 16 19:54:20 2003 UTC (21 years, 3 months ago) by jason
Branch: MAIN
Changes since 1.34: +200 -200 lines
Diff to previous 1.34 (colored)
KNF
Revision 1.31.4.1 / (download) - annotate - [select for diffs], Tue Jun 11 03:30:46 2002 UTC (22 years ago) by art
Branch: UBC
Changes since 1.31: +11 -11 lines
Diff to previous 1.31 (colored)
Sync UBC branch to -current
Revision 1.34 / (download) - annotate - [select for diffs], Fri Jun 7 06:16:39 2002 UTC (22 years ago) by angelos
Branch: MAIN
CVS Tags: UBC_SYNC_B,
OPENBSD_3_2_BASE,
OPENBSD_3_2
Changes since 1.33: +4 -4 lines
Diff to previous 1.33 (colored)
FLOW_TYPE in ADD/UPDATE.
Revision 1.33 / (download) - annotate - [select for diffs], Fri May 31 01:36:33 2002 UTC (22 years ago) by angelos
Branch: MAIN
Changes since 1.32: +3 -3 lines
Diff to previous 1.32 (colored)
Allow auth payloads in ACQUIRE messages. Part of a larger commit to come.
Revision 1.8.2.4 / (download) - annotate - [select for diffs], Wed Mar 6 02:15:07 2002 UTC (22 years, 3 months ago) by niklas
Branch: SMP
Changes since 1.8.2.3: +6 -6 lines
Diff to previous 1.8.2.3 (colored) to branchpoint 1.8 (colored)
Merge in trunk
Revision 1.32 / (download) - annotate - [select for diffs], Sat Feb 23 22:30:53 2002 UTC (22 years, 3 months ago) by angelos
Branch: MAIN
CVS Tags: OPENBSD_3_1_BASE,
OPENBSD_3_1
Changes since 1.31: +6 -6 lines
Diff to previous 1.31 (colored)
SRC prefix is not required for some operations.
Revision 1.8.2.3 / (download) - annotate - [select for diffs], Wed Oct 31 03:29:03 2001 UTC (22 years, 7 months ago) by nate
Branch: SMP
Changes since 1.8.2.2: +8 -6 lines
Diff to previous 1.8.2.2 (colored) to branchpoint 1.8 (colored)
Sync the SMP branch to something just after 3.0
Revision 1.31 / (download) - annotate - [select for diffs], Thu Jul 5 16:48:04 2001 UTC (22 years, 11 months ago) by jjbg
Branch: MAIN
CVS Tags: UBC_BASE,
OPENBSD_3_0_BASE,
OPENBSD_3_0
Branch point for: UBC
Changes since 1.30: +7 -4 lines
Diff to previous 1.30 (colored)
IPComp. angelos@ ok.
Revision 1.8.2.2 / (download) - annotate - [select for diffs], Wed Jul 4 10:54:16 2001 UTC (22 years, 11 months ago) by niklas
Branch: SMP
Changes since 1.8.2.1: +734 -358 lines
Diff to previous 1.8.2.1 (colored) to branchpoint 1.8 (colored)
Merge in -current from two days ago in the SMP branch. As usual with merges, they do not indicate progress, so do not hold your breath for working SMP, and do not mail me and ask about the state of it. It has not changed. There is work ongoing, but very, very slowly. The commit is done in parts as to not lock up the tree in too big chunks at a time.
Revision 1.30 / (download) - annotate - [select for diffs], Tue Jul 3 05:16:09 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.29: +2 -3 lines
Diff to previous 1.29 (colored)
Use PADUP() instead of hand-crafted weirdness; also, it's supposed to be "strlen(c) + 1", not just "strlen(c)".
Revision 1.29 / (download) - annotate - [select for diffs], Sun Jul 1 08:21:15 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.28: +2 -2 lines
Diff to previous 1.28 (colored)
Add missing space in debug message.
Revision 1.28 / (download) - annotate - [select for diffs], Sun Jul 1 08:15:51 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.27: +26 -4 lines
Diff to previous 1.27 (colored)
Fix length check, add some more sanity checks on INET6.
Revision 1.27 / (download) - annotate - [select for diffs], Sun Jul 1 07:32:37 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.26: +639 -348 lines
Diff to previous 1.26 (colored)
KNF, and add DPRINTFs all over the place.
Revision 1.26 / (download) - annotate - [select for diffs], Fri Jun 8 03:58:48 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.25: +2 -8 lines
Diff to previous 1.25 (colored)
Yet more include file cleanup.
Revision 1.25 / (download) - annotate - [select for diffs], Tue Jun 5 02:31:34 2001 UTC (23 years ago) by deraadt
Branch: MAIN
Changes since 1.24: +67 -15 lines
Diff to previous 1.24 (colored)
repair copyright notices for NRL & cmetz; cmetz
Revision 1.24 / (download) - annotate - [select for diffs], Tue Jun 5 00:17:49 2001 UTC (23 years ago) by niklas
Branch: MAIN
Changes since 1.23: +9 -9 lines
Diff to previous 1.23 (colored)
Make our pfkeyv2.h more RFC2367 compliant. Also fix some backwards compatibility problems in isakmpd, at least 2.8 stable can compile current isakmpd now. angelos@ ok
Revision 1.23 / (download) - annotate - [select for diffs], Wed May 30 11:27:34 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.22: +3 -1 lines
Diff to previous 1.22 (colored)
Import/export authentication information for SA.
Revision 1.22 / (download) - annotate - [select for diffs], Wed May 30 10:49:49 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.21: +18 -3 lines
Diff to previous 1.21 (colored)
Check the LOCAL_AUTH payload.
Revision 1.8.2.1 / (download) - annotate - [select for diffs], Mon May 14 22:40:03 2001 UTC (23 years, 1 month ago) by niklas
Branch: SMP
Changes since 1.8: +61 -44 lines
Diff to previous 1.8 (colored)
merge in approximately 2.9 into SMP branch
Revision 1.21 / (download) - annotate - [select for diffs], Sat May 5 00:33:46 2001 UTC (23 years, 1 month ago) by angelos
Branch: MAIN
Changes since 1.20: +5 -5 lines
Diff to previous 1.20 (colored)
Use the new M_* malloc types
Revision 1.20 / (download) - annotate - [select for diffs], Thu Apr 19 20:10:15 2001 UTC (23 years, 1 month ago) by niklas
Branch: MAIN
CVS Tags: OPENBSD_2_9_BASE,
OPENBSD_2_9
Changes since 1.19: +1 -1 lines
Diff to previous 1.19 (colored)
Include NUL-termination in identity extension length computation
Revision 1.19 / (download) - annotate - [select for diffs], Sat Apr 14 00:30:58 2001 UTC (23 years, 2 months ago) by angelos
Branch: MAIN
Changes since 1.18: +5 -4 lines
Diff to previous 1.18 (colored)
Minor changes, preparing for real socket-attached TDBs; also, more information will be stored in the TDB. ok ho@ provos@
Revision 1.18 / (download) - annotate - [select for diffs], Wed Mar 28 20:03:01 2001 UTC (23 years, 2 months ago) by angelos
Branch: MAIN
Changes since 1.17: +5 -2 lines
Diff to previous 1.17 (colored)
Allow tdbi's to appear in mbufs throughout the stack; this allows security properties of the packets to be pushed up to the application (not done yet). Eventually, this will be turned into a packet attributes framework. Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS) does weird things with mbufs.
Revision 1.17 / (download) - annotate - [select for diffs], Wed Mar 21 19:46:10 2001 UTC (23 years, 2 months ago) by angelos
Branch: MAIN
Changes since 1.16: +0 -3 lines
Diff to previous 1.16 (colored)
Don't force sin6_port to be zero.
Revision 1.16 / (download) - annotate - [select for diffs], Sun Mar 4 20:50:41 2001 UTC (23 years, 3 months ago) by angelos
Branch: MAIN
Changes since 1.15: +19 -4 lines
Diff to previous 1.15 (colored)
Import/export credentials from TDB.
Revision 1.15 / (download) - annotate - [select for diffs], Thu Dec 14 18:07:29 2000 UTC (23 years, 6 months ago) by provos
Branch: MAIN
Changes since 1.14: +11 -18 lines
Diff to previous 1.14 (colored)
sync with pfkey rfc. you need to rebuild ipsecadm and isakmpd after this. okay angelos@
Revision 1.14 / (download) - annotate - [select for diffs], Sat Oct 14 06:23:51 2000 UTC (23 years, 8 months ago) by angelos
Branch: MAIN
CVS Tags: OPENBSD_2_8_BASE,
OPENBSD_2_8
Changes since 1.13: +15 -2 lines
Diff to previous 1.13 (colored)
ASKPOLICY message; used by key management to inquire about policy triggering an ACQUIRE.
Revision 1.13 / (download) - annotate - [select for diffs], Fri Sep 29 19:00:14 2000 UTC (23 years, 8 months ago) by angelos
Branch: MAIN
Changes since 1.12: +4 -4 lines
Diff to previous 1.12 (colored)
Don't use an SA payload for ADDFLOW/DELFLOW.
Revision 1.12 / (download) - annotate - [select for diffs], Thu Sep 21 02:38:33 2000 UTC (23 years, 8 months ago) by angelos
Branch: MAIN
Changes since 1.11: +2 -2 lines
Diff to previous 1.11 (colored)
Correctly handle srcid/dstid.
Revision 1.11 / (download) - annotate - [select for diffs], Wed Sep 20 04:22:45 2000 UTC (23 years, 8 months ago) by angelos
Branch: MAIN
Changes since 1.10: +2 -2 lines
Diff to previous 1.10 (colored)
Allow IDENTITY payloads in ADDFLOW messages.
Revision 1.10 / (download) - annotate - [select for diffs], Tue Sep 19 08:38:58 2000 UTC (23 years, 8 months ago) by angelos
Branch: MAIN
Changes since 1.9: +12 -0 lines
Diff to previous 1.9 (colored)
SA bundles.
Revision 1.9 / (download) - annotate - [select for diffs], Tue Sep 19 03:19:39 2000 UTC (23 years, 8 months ago) by angelos
Branch: MAIN
Changes since 1.8: +13 -30 lines
Diff to previous 1.8 (colored)
SPD-driven IPsec.
Revision 1.8 / (download) - annotate - [select for diffs], Sun Jan 23 22:42:51 2000 UTC (24 years, 4 months ago) by angelos
Branch: MAIN
CVS Tags: SMP_BASE,
OPENBSD_2_7_BASE,
OPENBSD_2_7
Branch point for: SMP
Changes since 1.7: +2 -2 lines
Diff to previous 1.7 (colored)
Allow BITMAP_ADDRESS_DST in ADDFLOW messages.
Revision 1.7 / (download) - annotate - [select for diffs], Mon Dec 20 05:37:47 1999 UTC (24 years, 5 months ago) by angelos
Branch: MAIN
Changes since 1.6: +1 -1 lines
Diff to previous 1.6 (colored)
sockaddr_in6 is padded to 32 bytes.
Revision 1.6 / (download) - annotate - [select for diffs], Fri Jul 2 23:37:33 1999 UTC (24 years, 11 months ago) by deraadt
Branch: MAIN
CVS Tags: kame_19991208,
OPENBSD_2_6_BASE,
OPENBSD_2_6
Changes since 1.5: +18 -18 lines
Diff to previous 1.5 (colored)
rename SADB_foo_X_bar to SADB_X_foo_bar
Revision 1.5 / (download) - annotate - [select for diffs], Sat Mar 27 21:04:18 1999 UTC (25 years, 2 months ago) by provos
Branch: MAIN
CVS Tags: OPENBSD_2_5_BASE,
OPENBSD_2_5
Changes since 1.4: +8 -0 lines
Diff to previous 1.4 (colored)
add SADB_X_BINDSA to pfkey allowing incoming SAs to refer to an outgoing SA to be used, use this SA in ip_output if available. allow mobile road warriors for bind SAs with wildcard dst and src addresses. check IPSEC AUTH and ESP level when receiving packets, drop them if protection is insufficient. add stats to show dropped packets because of insufficient IPSEC protection. -- phew. this was all done in canada. dugsong and linh provided the ride and company.
Revision 1.4 / (download) - annotate - [select for diffs], Fri Mar 5 00:58:35 1999 UTC (25 years, 3 months ago) by deraadt
Branch: MAIN
Changes since 1.3: +3 -0 lines
Diff to previous 1.3 (colored)
restrict replay window size to 32
Revision 1.3 / (download) - annotate - [select for diffs], Thu Feb 25 22:17:45 1999 UTC (25 years, 3 months ago) by angelos
Branch: MAIN
Changes since 1.2: +6 -6 lines
Diff to previous 1.2 (colored)
Allow PF_KEY kernel message replies for X_ADDFLOW, X_DELFLOW, and X_GRPSPIS
Revision 1.2 / (download) - annotate - [select for diffs], Thu Feb 25 02:48:29 1999 UTC (25 years, 3 months ago) by angelos
Branch: MAIN
Changes since 1.1: +13 -2 lines
Diff to previous 1.1 (colored)
Removed osdep.h dependencies.
Revision 1.1 / (download) - annotate - [select for diffs], Wed Feb 24 22:36:04 1999 UTC (25 years, 3 months ago) by angelos
Branch: MAIN
PF_KEY_V2, with local extensions for SPD management.