| Commit message (Expand) | Author | Age | Files | Lines |
* | Add sysctls to if_enc(4) to control whether the firewalls or | bz | 2007-11-28 | 5 | -7/+72 |
* | Adjust a comment that suggest that we might consider a panic. | bz | 2007-11-28 | 1 | -1/+3 |
* | Move the priv check before the malloc call for so_pcb. | bz | 2007-11-16 | 1 | -6/+6 |
* | Add a missing priv check in key_attach to prevent non-su users | bz | 2007-11-12 | 1 | -0/+7 |
* | Fix for an infinite loop in processing ESP, IPv6 packets. | gnn | 2007-09-12 | 1 | -4/+17 |
* | Remove the now-unused NET_{LOCK,UNLOCK,ASSERT}_GIANT() macros, which | rwatson | 2007-08-06 | 3 | -30/+0 |
* | Replace hard coded options by their defined PFIL_{IN,OUT} names. | bz | 2007-07-19 | 3 | -3/+6 |
* | Commit the change from FAST_IPSEC to IPSEC. The FAST_IPSEC | gnn | 2007-07-03 | 1 | -2/+2 |
* | Commit IPv6 support for FAST_IPSEC to the tree. | gnn | 2007-07-01 | 9 | -114/+64 |
* | 'spi' and the return value of ntohl are unsigned. Remove the extra >=0 | bz | 2007-06-16 | 1 | -1/+6 |
* | In case of failure we can directly return ENOBUFS because | bz | 2007-06-16 | 1 | -10/+3 |
* | Add a missing return so that we drop out in case of an error and | bz | 2007-06-15 | 1 | -3/+2 |
* | With the current code 'src' is never NULL. Nevertheless move the check for | bz | 2007-06-15 | 1 | -1/+3 |
* | Looking at {ah,esp}_input_cb it seems we might be able to end up | bz | 2007-06-15 | 1 | -1/+1 |
* | s,#,*, in a multi-line comment. This is C. | bz | 2007-06-15 | 1 | -1/+1 |
* | Though we are only called for the three security protocols we can | bz | 2007-06-15 | 1 | -0/+4 |
* | Eliminate now-unused SUSER_ALLOWJAIL arguments to priv_check_cred(); in | rwatson | 2007-06-12 | 1 | -3/+1 |
* | In ipsec6_output_tunnel() make sure that the SA contents do not change. | bz | 2007-05-29 | 1 | -1/+8 |
* | fix typo: s,applyed,applied,g | bz | 2007-05-29 | 1 | -2/+2 |
* | Implement ICMPv6 support in ipsec6_get_ulp(). | bz | 2007-05-29 | 1 | -0/+10 |
* | Add missing | bz | 2007-05-29 | 1 | -0/+1 |
* | Integrate the Camellia Block Cipher. For more information see RFC 4132 | gnn | 2007-05-09 | 1 | -0/+3 |
* | Update comment regarding how we check privilege on FreeBSD: we now use | rwatson | 2007-04-10 | 1 | -1/+2 |
* | add include now required for crypto flags | sam | 2007-03-22 | 1 | -0/+2 |
* | Overhaul driver/subsystem api's: | sam | 2007-03-21 | 1 | -1/+1 |
* | s,#if INET6,#ifdef INET6, | bz | 2006-12-14 | 2 | -2/+2 |
* | MFp4: 92972, 98913 + one more change | bz | 2006-12-12 | 2 | -3/+15 |
* | Add priv.h include required to build FAST_IPSEC, which is not present in | rwatson | 2006-11-07 | 1 | -0/+1 |
* | Sweep kernel replacing suser(9) calls with priv(9) calls, assigning | rwatson | 2006-11-06 | 1 | -1/+3 |
* | Fix build breakage from previous commit which confused key_abort and key_close. | gnn | 2006-07-22 | 1 | -1/+1 |
* | Change semantics of socket close and detach. Add a new protocol switch | rwatson | 2006-07-21 | 1 | -0/+12 |
* | - Use suser_cred(9) instead of directly comparing cr_uid. | pjd | 2006-06-27 | 1 | -2/+3 |
* | Add a pseudo interface for packet filtering IPSec connections before or after | thompsa | 2006-06-26 | 4 | -0/+35 |
* | Change '#if INET' and '#if INET6' to '#ifdef INET' and '#ifdef INET6'. | pjd | 2006-06-04 | 2 | -3/+3 |
* | Extend the notdef #ifdef to cover the packet copy as there is no point in doi... | gnn | 2006-06-04 | 1 | -8/+4 |
* | Prevent disappearing SAD entries by implementing MPsafe refcounting. | pjd | 2006-05-20 | 1 | -20/+33 |
* | - The authsize field from auth_hash structure was removed. | pjd | 2006-05-17 | 2 | -10/+11 |
* | Hide net.inet.ipsec.test_{replay,integrity} sysctls under #ifdef REGRESSION. | pjd | 2006-04-10 | 4 | -0/+12 |
* | Introduce two new sysctls: | pjd | 2006-04-09 | 4 | -2/+54 |
* | Be consistent with the rest of the code. | pjd | 2006-04-09 | 1 | -1/+1 |
* | Remove unused variables s and error in key_detach. The previous | dd | 2006-04-04 | 1 | -1/+0 |
* | Remove unintended DEBUG flag setting. | gnn | 2006-04-04 | 1 | -1/+0 |
* | Chance protocol switch method pru_detach() so that it returns void | rwatson | 2006-04-01 | 1 | -12/+8 |
* | Change protocol switch pru_abort() API so that it returns void rather | rwatson | 2006-04-01 | 1 | -6/+3 |
* | Fix more stack corruptions on amd64. | bz | 2006-03-30 | 2 | -19/+11 |
* | First steps towards IPSec cleanup. | gnn | 2006-03-25 | 7 | -105/+257 |
* | Allow to use fast_ipsec(4) on debug.mpsafenet=0 and INVARIANTS-enabled | pjd | 2006-03-23 | 3 | -11/+44 |
* | Add missing code needed for the detection of IPSec packet replays. [1] | cperciva | 2006-03-22 | 1 | -0/+17 |
* | promote fast ipsec's m_clone routine for public use; it is renamed | sam | 2006-03-15 | 5 | -153/+3 |
* | Fix stack corruptions on amd64. | bz | 2006-01-21 | 2 | -15/+3 |