summaryrefslogtreecommitdiff
path: root/sys/netinet6/ipsec.c
Commit message (Collapse)AuthorAgeFilesLines
* return(code) -> return (code)Hajimu UMEMOTO2003-10-061-2/+2
| | | | | | | (reduce diffs against KAME) Notes: svn path=/head/; revision=120856
* - include opt_random_ip_id.hHajimu UMEMOTO2003-10-011-0/+1
| | | | | | | - we don't need to obtain microtime when using ip6_randomid. Notes: svn path=/head/; revision=120645
* panic() doesn't need \nSUZUKI Shinsuke2003-04-291-39/+39
| | | | | | | | Obtained from: KAME MFC after: 2 days Notes: svn path=/head/; revision=114205
* Fix another case for timewait.Jonathan Lemon2003-02-241-0/+3
| | | | Notes: svn path=/head/; revision=111397
* Add a TCP TIMEWAIT state which uses less space than a fullblown TCPJonathan Lemon2003-02-191-59/+66
| | | | | | | | | | | control block. Allow the socket and tcpcb structures to be freed earlier than inpcb. Update code to understand an inp w/o a socket. Reviewed by: hsu, silby, jayanth Sponsored by: DARPA, NAI Labs Notes: svn path=/head/; revision=111145
* Back out M_* changes, per decision of the TRB.Warner Losh2003-02-191-9/+9
| | | | | | | Approved by: trb Notes: svn path=/head/; revision=111119
* Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0.Alfred Perlstein2003-01-211-9/+9
| | | | | | | Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT. Notes: svn path=/head/; revision=109623
* purge extraneous clears of M_PKTHDR since M_MOVE_PKTHDR does this alreadySam Leffler2003-01-061-2/+0
| | | | Notes: svn path=/head/; revision=108824
* Correct typos, mostly s/ a / an / where appropriate. Some whitespace cleanup,Jens Schweikhardt2003-01-011-2/+2
| | | | | | | especially in troff files. Notes: svn path=/head/; revision=108533
* Correct mbuf packet header propagation. Previously, packet headersSam Leffler2002-12-301-11/+5
| | | | | | | | | | | | | | | | | | | | | | | | | were sometimes propagated using M_COPY_PKTHDR which actually did something between a "move" and a "copy" operation. This is replaced by M_MOVE_PKTHDR (which copies the pkthdr contents and "removes" it from the source mbuf) and m_dup_pkthdr which copies the packet header contents including any m_tag chain. This corrects numerous problems whereby mbuf tags could be lost during packet manipulations. These changes also introduce arguments to m_tag_copy and m_tag_copy_chain to specify if the tag copy work should potentially block. This introduces an incompatibility with openbsd which we may want to revisit. Note that move/dup of packet headers does not handle target mbufs that have a cluster bound to them. We may want to support this; for now we watch for it with an assert. Finally, M_COPYFLAGS was updated to include M_FIRSTFRAG|M_LASTFRAG. Supported by: Vernier Networks Reviewed by: Robert Watson <rwatson@FreeBSD.org> Notes: svn path=/head/; revision=108466
* Replace aux mbufs with packet tags:Sam Leffler2002-10-161-115/+15
| | | | | | | | | | | | | | | | | | | | | | o instead of a list of mbufs use a list of m_tag structures a la openbsd o for netgraph et. al. extend the stock openbsd m_tag to include a 32-bit ABI/module number cookie o for openbsd compatibility define a well-known cookie MTAG_ABI_COMPAT and use this in defining openbsd-compatible m_tag_find and m_tag_get routines o rewrite KAME use of aux mbufs in terms of packet tags o eliminate the most heavily used aux mbufs by adding an additional struct inpcb parameter to ip_output and ip6_output to allow the IPsec code to locate the security policy to apply to outbound packets o bump __FreeBSD_version so code can be conditionalized o fixup ipfilter's call to ip_output based on __FreeBSD_version Reviewed by: julian, luigi (silent), -arch, -net, darren Approved by: julian, silence from everyone else Obtained from: openbsd (mostly) MFC after: 1 month Notes: svn path=/head/; revision=105194
* just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD.SUZUKI Shinsuke2002-04-191-24/+24
| | | | | | | | | | (based on freebsd4-snap-20020128) Reviewed by: ume MFC after: 1 week Notes: svn path=/head/; revision=95023
* Fixed the behavior when there is no inbound policy for the ipsecHajimu UMEMOTO2001-11-061-0/+8
| | | | | | | | | | | | | | | | tunneled packet. When there is no suitable inbound policy for the packet of the ipsec tunnel mode, the kernel never decapsulate the tunneled packet as the ipsec tunnel mode even when the system wide policy is "none". Then the kernel leaves the generic tunnel module to process this packet. If there is no rule of the generic tunnel, the packet is rejected and the statistics will be counted up. Obtained from: KAME MFC after: 1 week Notes: svn path=/head/; revision=86159
* Fixed to process a IPv6 packet when ah transport after esp tunnelHajimu UMEMOTO2001-10-171-3/+42
| | | | | | | | | | | should be applied. the SA of AH transport could not be selected from the SAD because of this bug. Obtained from: KAME MFC after: 1 week Notes: svn path=/head/; revision=85055
* Sync with recent KAME.Hajimu UMEMOTO2001-06-111-387/+617
| | | | | | | | | | | | | | | | | | | | | This work was based on kame-20010528-freebsd43-snap.tgz and some critical problem after the snap was out were fixed. There are many many changes since last KAME merge. TODO: - The definitions of SADB_* in sys/net/pfkeyv2.h are still different from RFC2407/IANA assignment because of binary compatibility issue. It should be fixed under 5-CURRENT. - ip6po_m member of struct ip6_pktopts is no longer used. But, it is still there because of binary compatibility issue. It should be removed under 5-CURRENT. Reviewed by: itojun Obtained from: KAME MFC after: 3 weeks Notes: svn path=/head/; revision=78064
* Add ``options RANDOM_IP_ID'' which randomizes the ID field of IP packets.Kris Kennaway2001-06-011-0/+4
| | | | | | | | | | | | This closes a minor information leak which allows a remote observer to determine the rate at which the machine is generating packets, since the default behaviour is to increment a counter for each packet sent. Reviewed by: -net Obtained from: OpenBSD Notes: svn path=/head/; revision=77574
* nuke IPSEC_SRCSEL which does not do the right thing.Hajimu UMEMOTO2001-03-161-33/+3
| | | | | | | | | | adjust state->ro if the tunnel endpoint is offlink. KAME PR 233. PR: kern/21079 Notes: svn path=/head/; revision=74356
* Change check from mbuf->m_ext.ext_free to use the new ext_type in orderBosko Milekic2000-11-111-6/+3
| | | | | | | | | | | | | to determine whether the given mbuf has a cluster (or some other type of external storage) attached to it. Note: This code should eventually be made to use M_WRITABLE() to determine whether or not a copy should be made. Reviewed by: jlemon Notes: svn path=/head/; revision=68620
* backout my previous commit (KAME PR 296). foo != TUNNEL willHajimu UMEMOTO2000-11-091-4/+0
| | | | | | | | | forbid "ANY" SA from being used for tnunel mode. Reported by: Chris Cason <casonc@netplex.aussie.org> Notes: svn path=/head/; revision=68532
* check whether the packet is tunnel mode. reported from <larse@ISI.EDU>Hajimu UMEMOTO2000-11-031-0/+4
| | | | | | | Obtained from: KAME Notes: svn path=/head/; revision=68277
* Replace the mbuf external reference counting code with somethingDavid Malone2000-08-191-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | that should be better. The old code counted references to mbuf clusters by using the offset of the cluster from the start of memory allocated for mbufs and clusters as an index into an array of chars, which did the reference counting. If the external storage was not a cluster then reference counting had to be done by the code using that external storage. NetBSD's system of linked lists of mbufs was cosidered, but Alfred felt it would have locking issues when the kernel was made more SMP friendly. The system implimented uses a pool of unions to track external storage. The union contains an int for counting the references and a pointer for forming a free list. The reference counts are incremented and decremented atomically and so should be SMP friendly. This system can track reference counts for any sort of external storage. Access to the reference counting stuff is now through macros defined in mbuf.h, so it should be easier to make changes to the system in the future. The possibility of storing the reference count in one of the referencing mbufs was considered, but was rejected 'cos it would often leave extra mbufs allocated. Storing the reference count in the cluster was also considered, but because the external storage may not be a cluster this isn't an option. The size of the pool of reference counters is available in the stats provided by "netstat -m". PR: 19866 Submitted by: Bosko Milekic <bmilekic@dsuper.net> Reviewed by: alfred (glanced at by others on -net) Notes: svn path=/head/; revision=64837
* sync with kame tree as of july00. tons of bug fixes/improvements.Jun-ichiro itojun Hagino2000-07-041-324/+617
| | | | | | | | | | API changes: - additional IPv6 ioctls - IPsec PF_KEY API was changed, it is mandatory to upgrade setkey(8). (also syntax change) Notes: svn path=/head/; revision=62587
* Add missing include machine/in_cksum.h.Paul Saab2000-05-091-0/+2
| | | | | | | Submitted by: n_hibma Notes: svn path=/head/; revision=60265
* Fixed the problem that IPsec connection hangs when bigger data is sent.Yoshinobu Inoue2000-01-151-7/+5
| | | | | | | | | | -opt_ipsec.h was missing on some tcp files (sorry for basic mistake) -made buildable as above fix -also added some missing IPv4 mapped IPv6 addr consideration into ipsec4_getpolicybysock Notes: svn path=/head/; revision=56041
* Change struct sockaddr_storage member name, because following changeYoshinobu Inoue2000-01-131-26/+26
| | | | | | | | | | | | | | | is very likely to become consensus as recent ietf/ipng mailing list discussion. Also recent KAME repository and other KAME patched BSDs also applied it. s/__ss_family/ss_family/ s/__ss_len/ss_len/ Makeworld is confirmed, and no application should be affected by this change yet. Notes: svn path=/head/; revision=55917
* IPSEC support in the kernel.Yoshinobu Inoue1999-12-221-0/+3061
pr_input() routines prototype is also changed to support IPSEC and IPV6 chained protocol headers. Reviewed by: freebsd-arch, cvs-committers Obtained from: KAME project Notes: svn path=/head/; revision=55009
generated by cgit v1.2.3 (git 2.25.1) at 2025-12-09 23:04:01 +0000