upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-16 11:09:35 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
opnsense-src/sys/netipsec
History
Robert Wing 7205809809 syncache: accept packet with no SA when TCP_MD5SIG is set 
When TCP_MD5SIG is set on a socket, all packets are dropped that don't
contain an MD5 signature. Relax this behavior to accept a non-signed
packet when a security association doesn't exist with the peer.

This is useful when a listen socket set with TCP_MD5SIG wants to handle
connections protected with and without MD5 signatures.

Reviewed by:	bz (previous version)
Sponsored by:   nepustil.net
Sponsored by:   Klara Inc.
Differential Revision:	https://reviews.freebsd.org/D33227

(cherry picked from commit eb18708ec8)
2022-02-10 10:31:33 -09:00
..
ah.h
ah_var.h
esp.h net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
esp_var.h
ipcomp.h
ipcomp_var.h
ipsec.c Implement anti-replay algorithm with ESN support 2020-10-16 11:24:12 +00:00
ipsec.h Implement anti-replay algorithm with ESN support 2020-10-16 11:24:12 +00:00
ipsec6.h
ipsec_input.c ipsec: enter epoch before calling into ipsec_run_hhooks 2021-10-11 09:10:31 +00:00
ipsec_mbuf.c Consistently include opt_ipsec.h for consumers of <netipsec/ipsec.h>. 2020-05-29 19:22:40 +00:00
ipsec_mod.c
ipsec_output.c netinet: Remove unneeded mb_unmapped_to_ext() calls 2021-12-01 07:43:18 -05:00
ipsec_pcb.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
ipsec_support.h
key.c ipsec: fix a logic error in key_do_getnewspi 2021-12-19 14:44:52 +00:00
key.h
key_debug.c Implement anti-replay algorithm with ESN support 2020-10-16 11:24:12 +00:00
key_debug.h
key_var.h
keydb.h netipsec/keydb.h: fix typo 2021-08-13 12:34:42 +03:00
keysock.c socket: Implement SO_RERROR 2021-08-10 18:54:00 -07:00
keysock.h
subr_ipsec.c
udpencap.c net: clean up empty lines in .c and .h files 2020-09-01 21:19:14 +00:00
xform.h Simplify IPsec transform-specific teardown. 2020-06-25 23:59:16 +00:00
xform_ah.c Add support for IPsec ESN and pass relevant information to crypto layer 2020-10-16 11:25:45 +00:00
xform_esp.c Add support for IPsec ESN and pass relevant information to crypto layer 2020-10-16 11:25:45 +00:00
xform_ipcomp.c Simplify IPsec transform-specific teardown. 2020-06-25 23:59:16 +00:00
xform_tcp.c syncache: accept packet with no SA when TCP_MD5SIG is set 2022-02-10 10:31:33 -09:00