d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
eb18708ec8
freebsd-dev/sys/netipsec
History
Robert Wing eb18708ec8 syncache: accept packet with no SA when TCP_MD5SIG is set 
When TCP_MD5SIG is set on a socket, all packets are dropped that don't
contain an MD5 signature. Relax this behavior to accept a non-signed
packet when a security association doesn't exist with the peer.

This is useful when a listen socket set with TCP_MD5SIG wants to handle
connections protected with and without MD5 signatures.

Reviewed by:	bz (previous version)
Sponsored by:   nepustil.net
Sponsored by:   Klara Inc.
Differential Revision:	https://reviews.freebsd.org/D33227
2022-01-08 16:32:14 -09:00
..
ah_var.h
ah.h
esp_var.h
esp.h net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
ipcomp_var.h
ipcomp.h
ipsec6.h ipsec: Add support for PMTUD for IPv6 tunnels 2021-09-24 10:27:21 +02:00
ipsec_input.c ipsec: enter epoch before calling into ipsec_run_hhooks 2021-09-21 17:02:41 +00:00
ipsec_mbuf.c Consistently include opt_ipsec.h for consumers of <netipsec/ipsec.h>. 2020-05-29 19:22:40 +00:00
ipsec_mod.c ipsec: Handle ICMP NEEDFRAG message. 2021-08-09 12:01:46 +02:00
ipsec_output.c netinet: Remove unneeded mb_unmapped_to_ext() calls 2021-11-24 13:31:16 -05:00
ipsec_pcb.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
ipsec_support.h ipsec: Handle ICMP NEEDFRAG message. 2021-08-09 12:01:46 +02:00
ipsec.c ipsec: Check PMTU before sending a frame. 2021-08-13 09:22:24 +02:00
ipsec.h ipsec: Check PMTU before sending a frame. 2021-08-13 09:22:24 +02:00
key_debug.c Implement anti-replay algorithm with ESN support 2020-10-16 11:24:12 +00:00
key_debug.h
key_var.h
key.c netipsec: use SYSINIT(9) instead of dom_init/dom_destroy 2022-01-03 10:15:21 -08:00
key.h netipsec: use SYSINIT(9) instead of dom_init/dom_destroy 2022-01-03 10:15:21 -08:00
keydb.h netipsec/keydb.h: fix typo 2021-08-10 03:45:36 +03:00
keysock.c netipsec: use SYSINIT(9) instead of dom_init/dom_destroy 2022-01-03 10:15:21 -08:00
keysock.h
subr_ipsec.c ipsec: Handle ICMP NEEDFRAG message. 2021-08-09 12:01:46 +02:00
udpencap.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
xform_ah.c opencrypto: Introduce crypto_dispatch_async() 2021-02-08 09:19:19 -05:00
xform_esp.c opencrypto: Introduce crypto_dispatch_async() 2021-02-08 09:19:19 -05:00
xform_ipcomp.c Simplify IPsec transform-specific teardown. 2020-06-25 23:59:16 +00:00
xform_tcp.c syncache: accept packet with no SA when TCP_MD5SIG is set 2022-01-08 16:32:14 -09:00
xform.h Simplify IPsec transform-specific teardown. 2020-06-25 23:59:16 +00:00