aboutsummaryrefslogtreecommitdiff
path: root/sys/netkey
Commit message (Collapse)AuthorAgeFilesLines
* MFC:Bjoern A. Zeeb2006-01-272-15/+3
| | | | | | | | | | | | | | | | | | | | | | | | rev. 1.39 sys/net/if_gre.c rev. 1.21 sys/netinet/ip_gre.c rev. 1.4 sys/netinet/ip_gre.h rev. 1.12 sys/netipsec/keysock.c rev. 1.3 sys/netipsec/keysock.h rev. 1.32 sys/netkey/keysock.c rev. 1.9 sys/netkey/keysock.h Fix stack corruptions on amd64. Vararg functions have a different calling convention than regular functions on amd64. Casting a varag function to a regular one to match the function pointer declaration will hide the varargs from the caller and we will end up with an incorrectly setup stack. Entirely remove the varargs from these functions and change the functions to match the declaration of the function pointers. Remove the now unnecessary casts. Lots of explanations and help from: peter PR: amd64/89261 Notes: svn path=/stable/6/; revision=154932
* MFC: Use sparse initializers for "struct domain" and "struct protosw".Ruslan Ermilov2005-11-161-8/+16
| | | | Notes: svn path=/stable/6/; revision=152516
* MFC: scope cleanup. with this changeHajimu UMEMOTO2005-11-041-28/+43
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - most of the kernel code will not care about the actual encoding of scope zone IDs and won't touch "s6_addr16[1]" directly. - similarly, most of the kernel code will not care about link-local scoped addresses as a special case. - scope boundary check will be stricter. For example, the current *BSD code allows a packet with src=::1 and dst=(some global IPv6 address) to be sent outside of the node, if the application do: s = socket(AF_INET6); bind(s, "::1"); sendto(s, some_global_IPv6_addr); This is clearly wrong, since ::1 is only meaningful within a single node, but the current implementation of the *BSD kernel cannot reject this attempt. sys/net/if_gif.c: 1.53 sys/net/if_spppsubr.c: 1.120 sys/netinet/icmp6.h: 1.19 sys/netinet/ip_carp.c: 1.28,1.29 sys/netinet/ip_fw2.c: 1.107 sys/netinet/tcp_subr.c: 1.230,1.231,1.235 sys/netinet/tcp_usrreq.c: 1.125 sys/netinet6/ah_core.c: 1.26 sys/netinet6/icmp6.c: 1.63,1.64 sys/netinet6/in6.c: 1.52 sys/netinet6/in6.h: 1.38 sys/netinet6/in6_cksum.c: 1.11 sys/netinet6/in6_ifattach.c: 1.27 sys/netinet6/in6_pcb.c: 1.63 sys/netinet6/in6_proto.c: 1.33 sys/netinet6/in6_src.c: 1.31,1.32 sys/netinet6/in6_var.h: 1.22 sys/netinet6/ip6_forward.c: 1.29 sys/netinet6/ip6_input.c: 1.83 sys/netinet6/ip6_mroute.c: 1.30 sys/netinet6/ip6_output.c: 1.95 sys/netinet6/ip6_var.h: 1.33 sys/netinet6/ipsec.c: 1.43 sys/netinet6/mld6.c: 1.21 sys/netinet6/nd6.c: 1.50 sys/netinet6/nd6_nbr.c: 1.30 sys/netinet6/nd6_rtr.c: 1.27 sys/netinet6/raw_ip6.c: 1.54 sys/netinet6/route6.c: 1.12 sys/netinet6/scope6.c: 1.13,1.14,1.15 sys/netinet6/scope6_var.h: 1.5 sys/netinet6/udp6_output.c: 1.23 sys/netinet6/udp6_usrreq.c: 1.55 sys/netkey/key.c: 1.72,1.73 Notes: svn path=/stable/6/; revision=152060
* MFC 1.74: SADB_UPDATE did not return an error when key length is invalid.Hajimu UMEMOTO2005-09-031-2/+2
| | | | | | | Approved by: re (scottl) Notes: svn path=/stable/6/; revision=149764
* fixed an unexpected addr/port matching failure in IPv6 SA managementSUZUKI Shinsuke2005-01-101-0/+1
| | | | | | | | PR: kern/72393 MFC after: 3 days Notes: svn path=/head/; revision=139983
* /* -> /*- for license, minor formatting changesWarner Losh2005-01-079-9/+9
| | | | Notes: svn path=/head/; revision=139823
* support TCP-MD5(IPv4) in KAME-IPSEC, too.SUZUKI Shinsuke2004-11-083-2/+48
| | | | | | | MFC after: 3 week Notes: svn path=/head/; revision=137396
* Initialize struct pr_userreqs in new/sparse style and fill in commonPoul-Henning Kamp2004-11-081-10/+10
| | | | | | | | | default elements in net_init_domain(). This makes it possible to grep these structures and see any bogosities. Notes: svn path=/head/; revision=137386
* Merge netipsec/key.c:1.17 into KAME pfkey implementation:Robert Watson2004-09-301-5/+0
| | | | | | | | | | | | | | | | | | date: 2004/09/26 02:01:27; author: sam; state: Exp; lines: +0 -5 Correct handling of SADB_UPDATE and SADB_ADD requests. key_align may split the mbuf due to use of m_pulldown. Discarding the result because of this does not make sense as no subsequent code depends on the entire msg being linearized (only the individual pieces). It's likely something else is wrong here but for now this appears to get things back to a working state. Submitted by: Roselyn Lee This change was also made in the KAME CVS repository as key.c:1.337 by itojun. Notes: svn path=/head/; revision=135946
* The KAME IPSEC implementation at one point used its own pseudo-randomRobert Watson2004-09-021-22/+0
| | | | | | | | | | | number generator, which was re-seeded via a timeout. Now centralized randomness/entropy is used, we can garbage collect the timeout and re-seeding code (which was largely a no-op). Discussed with: itojun, suz, JINMEI Tatuya < jinmei at isl dot rdc dot toshiba dot co dot jp > Notes: svn path=/head/; revision=134654
* Semi-gratuitous white space synchronization with KAME tree: to reduceRobert Watson2004-08-271-10/+12
| | | | | | | | | diffs against #ifdef'd version of IPSEC, use "struct thread *p" rather than "struct proc *p", fix some white space, and make some already inconsistent white space inconsiste differently. Notes: svn path=/head/; revision=134392
* Diff reduce against KAME: minor white space synchronization to KAMERobert Watson2004-08-271-4/+4
| | | | | | | tree. Notes: svn path=/head/; revision=134390
* Merge next step in socket buffer locking:Robert Watson2004-06-211-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - sowakeup() now asserts the socket buffer lock on entry. Move the call to KNOTE higher in sowakeup() so that it is made with the socket buffer lock held for consistency with other calls. Release the socket buffer lock prior to calling into pgsigio(), so_upcall(), or aio_swake(). Locking for this event management will need revisiting in the future, but this model avoids lock order reversals when upcalls into other subsystems result in socket/socket buffer operations. Assert that the socket buffer lock is not held at the end of the function. - Wrapper macros for sowakeup(), sorwakeup() and sowwakeup(), now have _locked versions which assert the socket buffer lock on entry. If a wakeup is required by sb_notify(), invoke sowakeup(); otherwise, unconditionally release the socket buffer lock. This results in the socket buffer lock being released whether a wakeup is required or not. - Break out socantsendmore() into socantsendmore_locked() that asserts the socket buffer lock. socantsendmore() unconditionally locks the socket buffer before calling socantsendmore_locked(). Note that both functions return with the socket buffer unlocked as socantsendmore_locked() calls sowwakeup_locked() which has the same properties. Assert that the socket buffer is unlocked on return. - Break out socantrcvmore() into socantrcvmore_locked() that asserts the socket buffer lock. socantrcvmore() unconditionally locks the socket buffer before calling socantrcvmore_locked(). Note that both functions return with the socket buffer unlocked as socantrcvmore_locked() calls sorwakeup_locked() which has similar properties. Assert that the socket buffer is unlocked on return. - Break out sbrelease() into a sbrelease_locked() that asserts the socket buffer lock. sbrelease() unconditionally locks the socket buffer before calling sbrelease_locked(). sbrelease_locked() now invokes sbflush_locked() instead of sbflush(). - Assert the socket buffer lock in socket buffer sanity check functions sblastrecordchk(), sblastmbufchk(). - Assert the socket buffer lock in SBLINKRECORD(). - Break out various sbappend() functions into sbappend_locked() (and variations on that name) that assert the socket buffer lock. The !_locked() variations unconditionally lock the socket buffer before calling their _locked counterparts. Internally, make sure to call _locked() support routines, etc, if already holding the socket buffer lock. - Break out sbinsertoob() into sbinsertoob_locked() that asserts the socket buffer lock. sbinsertoob() unconditionally locks the socket buffer before calling sbinsertoob_locked(). - Break out sbflush() into sbflush_locked() that asserts the socket buffer lock. sbflush() unconditionally locks the socket buffer before calling sbflush_locked(). Update panic strings for new function names. - Break out sbdrop() into sbdrop_locked() that asserts the socket buffer lock. sbdrop() unconditionally locks the socket buffer before calling sbdrop_locked(). - Break out sbdroprecord() into sbdroprecord_locked() that asserts the socket buffer lock. sbdroprecord() unconditionally locks the socket buffer before calling sbdroprecord_locked(). - sofree() now calls socantsendmore_locked() and re-acquires the socket buffer lock on return. It also now calls sbrelease_locked(). - sorflush() now calls socantrcvmore_locked() and re-acquires the socket buffer lock on return. Clean up/mess up other behavior in sorflush() relating to the temporary stack copy of the socket buffer used with dom_dispose by more properly initializing the temporary copy, and selectively bzeroing/copying more carefully to prevent WITNESS from getting confused by improperly initialized mutexes. Annotate why that's necessary, or at least, needed. - soisconnected() now calls sbdrop_locked() before unlocking the socket buffer to avoid locking overhead. Some parts of this change were: Submitted by: sam Sponsored by: FreeBSD Foundation Obtained from: BSD/OS Notes: svn path=/head/; revision=130831
* avoid duplicate free.Hajimu UMEMOTO2004-01-251-3/+3
| | | | | | | | | | (though KAME doesn't decide how to fix it yet, I once commit it to be in time for 5.2.1-RELEASE.) Submitted by: itojun Notes: svn path=/head/; revision=124976
* invalidate secpolicy pcb cache on key_timehandler. part ofHajimu UMEMOTO2004-01-141-0/+3
| | | | | | | | | | http://sources.zabbadoz.net/freebsd/patchset/110-ipsec-netkey-key.diff Submitted by: "Bjoern A. Zeeb" <bzeeb+freebsd@zabbadoz.net> Reviewed by: itojun Notes: svn path=/head/; revision=124511
* add missing key_freesp()s. part ofHajimu UMEMOTO2004-01-141-1/+4
| | | | | | | | | | | | http://sources.zabbadoz.net/freebsd/patchset/110-ipsec-netkey-key.diff with some modification. Submitted by: "Bjoern A. Zeeb" <bzeeb+freebsd@zabbadoz.net> Reviewed by: itojun Obtained from: KAME Notes: svn path=/head/; revision=124510
* don't touch after free.Hajimu UMEMOTO2003-12-101-2/+3
| | | | Notes: svn path=/head/; revision=123369
* use callout_*() rather than timeout().Hajimu UMEMOTO2003-12-071-2/+5
| | | | Notes: svn path=/head/; revision=123235
* missing splx.Hajimu UMEMOTO2003-11-281-0/+1
| | | | | | | | | | this is a NOOP change, and primarily merged for consistency with -STABLE. Approved by: re (rwatson) Notes: svn path=/head/; revision=123023
* Introduce a MAC label reference in 'struct inpcb', which cachesRobert Watson2003-11-181-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | the MAC label referenced from 'struct socket' in the IPv4 and IPv6-based protocols. This permits MAC labels to be checked during network delivery operations without dereferencing inp->inp_socket to get to so->so_label, which will eventually avoid our having to grab the socket lock during delivery at the network layer. This change introduces 'struct inpcb' as a labeled object to the MAC Framework, along with the normal circus of entry points: initialization, creation from socket, destruction, as well as a delivery access control check. For most policies, the inpcb label will simply be a cache of the socket label, so a new protocol switch method is introduced, pr_sosetlabel() to notify protocols that the socket layer label has been updated so that the cache can be updated while holding appropriate locks. Most protocols implement this using pru_sosetlabel_null(), but IPv4/IPv6 protocols using inpcbs use the the worker function in_pcbsosetlabel(), which calls into the MAC Framework to perform a cache update. Biba, LOMAC, and MLS implement these entry points, as do the stub policy, and test policy. Reviewed by: sam, bms Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories Notes: svn path=/head/; revision=122875
* add sysctl MIB net.key.esp_auth which was wrongly droppedHajimu UMEMOTO2003-11-131-0/+6
| | | | | | | during recent KAME merge. Notes: svn path=/head/; revision=122613
* ipsec_esp_auth is unused when IPSEC_ESP is not defined.Hajimu UMEMOTO2003-11-111-0/+2
| | | | | | | Reported by: Andre Oppermann <oppermann@pipeline.ch> Notes: svn path=/head/; revision=122493
* - cleanup SP refcnt issue.Hajimu UMEMOTO2003-11-045-544/+771
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - share policy-on-socket for listening socket. - don't copy policy-on-socket at all. secpolicy no longer contain spidx, which saves a lot of memory. - deep-copy pcb policy if it is an ipsec policy. assign ID field to all SPD entries. make it possible for racoon to grab SPD entry on pcb. - fixed the order of searching SA table for packets. - fixed to get a security association header. a mode is always needed to compare them. - fixed that the incorrect time was set to sadb_comb_{hard|soft}_usetime. - disallow port spec for tunnel mode policy (as we don't reassemble). - an user can define a policy-id. - clear enc/auth key before freeing. - fixed that the kernel crashed when key_spdacquire() was called because key_spdacquire() had been implemented imcopletely. - preparation for 64bit sequence number. - maintain ordered list of SA, based on SA id. - cleanup secasvar management; refcnt is key.c responsibility; alloc/free is keydb.c responsibility. - cleanup, avoid double-loop. - use hash for spi-based lookup. - mark persistent SP "persistent". XXX in theory refcnt should do the right thing, however, we have "spdflush" which would touch all SPs. another solution would be to de-register persistent SPs from sptree. - u_short -> u_int16_t - reduce kernel stack usage by auto variable secasindex. - clarify function name confusion. ipsec_*_policy -> ipsec_*_pcbpolicy. - avoid variable name confusion. (struct inpcbpolicy *)pcb_sp, spp (struct secpolicy **), sp (struct secpolicy *) - count number of ipsec encapsulations on ipsec4_output, so that we can tell ip_output() how to handle the packet further. - When the value of the ul_proto is ICMP or ICMPV6, the port field in "src" of the spidx specifies ICMP type, and the port field in "dst" of the spidx specifies ICMP code. - avoid from applying IPsec transport mode to the packets when the kernel forwards the packets. Tested by: nork Obtained from: KAME Notes: svn path=/head/; revision=122062
* correct %d/%u mismatch.Hajimu UMEMOTO2003-11-022-11/+11
| | | | | | | Obtained from: KAME Notes: svn path=/head/; revision=121899
* exit(3) with negative value does not make sense'Hajimu UMEMOTO2003-11-021-1/+1
| | | | | | | Obtained from: KAME Notes: svn path=/head/; revision=121898
* make debugging with "setkey -x" a lot easier.Hajimu UMEMOTO2003-11-021-4/+97
| | | | | | | Obtained from: KAME Notes: svn path=/head/; revision=121897
* cleanup secasvar management; refcnt is key.c responsibility;Hajimu UMEMOTO2003-11-023-99/+66
| | | | | | | | | alloc/free is keydb.c responsibility. Obtained from: KAME Notes: svn path=/head/; revision=121894
* - do not quit from key_sendup() even if writes to non-targetHajimu UMEMOTO2003-11-022-95/+10
| | | | | | | | | | | | socket fails. - remove an unneeded function. - fix pfkey stat. - fix comment. Obtained from: KAME Notes: svn path=/head/; revision=121891
* mib name was changed by fixing a spelling.Hajimu UMEMOTO2003-10-281-1/+1
| | | | | | | | | net.key.prefered_oldsa -> net.key.preferred_oldsa Obtained from: KAME Notes: svn path=/head/; revision=121629
* drop the code of HAVE_NRL_INPCB part. our system doesn'tHajimu UMEMOTO2003-10-221-10/+0
| | | | | | | use NRL style INPCB. Notes: svn path=/head/; revision=121353
* nuke unused ICMPV6CTL_NAMES and KEYCTL_NAMES macros.Hajimu UMEMOTO2003-10-071-17/+1
| | | | Notes: svn path=/head/; revision=120887
* Reduce diffs against KAME. No functional change.Hajimu UMEMOTO2003-09-301-15/+7
| | | | | | | Obtained from: KAME Notes: svn path=/head/; revision=120604
* Reduce diffs against KAME. No functional change.Hajimu UMEMOTO2003-09-302-9/+4
| | | | | | | Obtained from: KAME Notes: svn path=/head/; revision=120603
* Sync style and comments with latest KAME to reduce diffs.Hajimu UMEMOTO2003-09-301-71/+64
| | | | | | | | | No functional change. Obtained from: KAME Notes: svn path=/head/; revision=120600
* add /*CONSTCOND*/ to reduce diffs against latest KAME.Hajimu UMEMOTO2003-09-252-8/+8
| | | | | | | Obtained from: KAME Notes: svn path=/head/; revision=120435
* panic() doesn't need `\n'.Hajimu UMEMOTO2003-09-253-72/+72
| | | | | | | Obtained from: KAME Notes: svn path=/head/; revision=120434
* Use __FBSDID().David E. O'Brien2003-06-114-4/+12
| | | | Notes: svn path=/head/; revision=116189
* Introduce an M_ASSERTPKTHDR() macro which performs the very common taskDag-Erling Smørgrav2003-04-081-2/+1
| | | | | | | | | | of asserting that an mbuf has a packet header. Use it instead of hand- rolled versions wherever applicable. Submitted by: Hiten Pandya <hiten@unixdaemons.com> Notes: svn path=/head/; revision=113255
* Back out M_* changes, per decision of the TRB.Warner Losh2003-02-192-27/+27
| | | | | | | Approved by: trb Notes: svn path=/head/; revision=111119
* Comment out srandom():Andrey A. Chernov2003-02-051-1/+2
| | | | | | | | 1) Already called in init_main.c:proc0_post() 2) Seed is bad Notes: svn path=/head/; revision=110403
* Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0.Alfred Perlstein2003-01-212-27/+27
| | | | | | | Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT. Notes: svn path=/head/; revision=109623
* "struct route" is not sufficient. NetBSD PR 18751Hajimu UMEMOTO2003-01-082-1/+6
| | | | | | | | Obtained from: KAME MFC after: 1 days Notes: svn path=/head/; revision=108955
* Correct typos, mostly s/ a / an / where appropriate. Some whitespace cleanup,Jens Schweikhardt2003-01-011-4/+4
| | | | | | | especially in troff files. Notes: svn path=/head/; revision=108533
* o Untangle the confusion with the malloc flags {M_WAITOK, M_NOWAIT} andBosko Milekic2002-12-191-1/+1
| | | | | | | | | | | | | the mbuf allocator flags {M_TRYWAIT, M_DONTWAIT}. o Fix a bpf_compat issue where malloc() was defined to just call bpf_alloc() and pass the 'canwait' flag(s) along. It's been changed to call bpf_alloc() but pass the corresponding M_TRYWAIT or M_DONTWAIT flag (and only one of those two). Submitted by: Hiten Pandya <hiten@unixdaemons.com> (hiten->commit_count++) Notes: svn path=/head/; revision=108107
* - fixed the order of searching SA table for packets.Hajimu UMEMOTO2002-07-101-20/+47
| | | | | | | | | | | - comment about deletion of SA that has not been used by reaching soft lifetime. Obtained from: KAME MFC after: 2 week Notes: svn path=/head/; revision=99736
* Remove so*_locked(), which were backed out by mistake.Seigo Tanimura2002-06-181-1/+1
| | | | Notes: svn path=/head/; revision=98385
* Back out my lats commit of locking down a socket, it conflicts with hsu's work.Seigo Tanimura2002-05-311-5/+1
| | | | | | | Requested by: hsu Notes: svn path=/head/; revision=97658
* pacify gcc-3.1's -Wunused checking.Peter Wemm2002-05-241-1/+4
| | | | Notes: svn path=/head/; revision=97212
* Lock down a socket, milestone 1.Seigo Tanimura2002-05-201-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | o Add a mutex (sb_mtx) to struct sockbuf. This protects the data in a socket buffer. The mutex in the receive buffer also protects the data in struct socket. o Determine the lock strategy for each members in struct socket. o Lock down the following members: - so_count - so_options - so_linger - so_state o Remove *_locked() socket APIs. Make the following socket APIs touching the members above now require a locked socket: - sodisconnect() - soisconnected() - soisconnecting() - soisdisconnected() - soisdisconnecting() - sofree() - soref() - sorele() - sorwakeup() - sotryfree() - sowakeup() - sowwakeup() Reviewed by: alfred Notes: svn path=/head/; revision=96972
* Redo the sigio locking.Alfred Perlstein2002-05-011-5/+0
| | | | | | | | | | | | | | Turn the sigio sx into a mutex. Sigio lock is really only needed to protect interrupts from dereferencing the sigio pointer in an object when the sigio itself is being destroyed. In order to do this in the most unintrusive manner change pgsigio's sigio * argument into a **, that way we can lock internally to the function. Notes: svn path=/head/; revision=95883
generated by cgit v1.3 (git 2.53.0) at 2026-05-11 15:11:38 +0000