freebsd-src

mirror of https://github.com/freebsd/freebsd-src synced 2024-10-16 21:34:10 +00:00

History

Robert Wing eb18708ec8 syncache: accept packet with no SA when TCP_MD5SIG is set When TCP_MD5SIG is set on a socket, all packets are dropped that don't contain an MD5 signature. Relax this behavior to accept a non-signed packet when a security association doesn't exist with the peer. This is useful when a listen socket set with TCP_MD5SIG wants to handle connections protected with and without MD5 signatures. Reviewed by: bz (previous version) Sponsored by: nepustil.net Sponsored by: Klara Inc. Differential Revision: https://reviews.freebsd.org/D33227		2022-01-08 16:32:14 -09:00
..
ah.h
ah_var.h
esp.h
esp_var.h
ipcomp.h
ipcomp_var.h
ipsec.c	ipsec: Check PMTU before sending a frame.	2021-08-13 09:22:24 +02:00
ipsec.h	ipsec: Check PMTU before sending a frame.	2021-08-13 09:22:24 +02:00
ipsec6.h	ipsec: Add support for PMTUD for IPv6 tunnels	2021-09-24 10:27:21 +02:00
ipsec_input.c	ipsec: enter epoch before calling into ipsec_run_hhooks	2021-09-21 17:02:41 +00:00
ipsec_mbuf.c
ipsec_mod.c	ipsec: Handle ICMP NEEDFRAG message.	2021-08-09 12:01:46 +02:00
ipsec_output.c	netinet: Remove unneeded mb_unmapped_to_ext() calls	2021-11-24 13:31:16 -05:00
ipsec_pcb.c
ipsec_support.h	ipsec: Handle ICMP NEEDFRAG message.	2021-08-09 12:01:46 +02:00
key.c	netipsec: use SYSINIT(9) instead of dom_init/dom_destroy	2022-01-03 10:15:21 -08:00
key.h	netipsec: use SYSINIT(9) instead of dom_init/dom_destroy	2022-01-03 10:15:21 -08:00
key_debug.c
key_debug.h
key_var.h
keydb.h	netipsec/keydb.h: fix typo	2021-08-10 03:45:36 +03:00
keysock.c	netipsec: use SYSINIT(9) instead of dom_init/dom_destroy	2022-01-03 10:15:21 -08:00
keysock.h
subr_ipsec.c	ipsec: Handle ICMP NEEDFRAG message.	2021-08-09 12:01:46 +02:00
udpencap.c
xform.h
xform_ah.c
xform_esp.c
xform_ipcomp.c
xform_tcp.c	syncache: accept packet with no SA when TCP_MD5SIG is set	2022-01-08 16:32:14 -09:00