FreeBSD source tree https://cgit-dev.freebsd.org/src/atom?h=release%2F4.8.0 2003-01-23T21:06:48Z 2003-01-23T21:06:48Z Sam Leffler sam@FreeBSD.org 2003-01-23T21:06:48Z urn:sha1:e1b7c4cdaa276a21e66dc41dc066ac341c49e76e Replace aux mbufs with packet tags: o instead of a list of mbufs use a list of m_tag structures a la openbsd o for netgraph et. al. extend the stock openbsd m_tag to include a 32-bit ABI/module number cookie o for openbsd compatibility define a well-known cookie MTAG_ABI_COMPAT and use this in defining openbsd-compatible m_tag_find and m_tag_get routines o rewrite KAME use of aux mbufs in terms of packet tags o eliminate the most heavily used aux mbufs by adding an additional struct inpcb parameter to ip_output and ip6_output to allow the IPsec code to locate the security policy to apply to outbound packets o bump __FreeBSD_version so code can be conditionalized o fixup ipfilter's call to ip_output based on __FreeBSD_version 2002-04-28T05:40:29Z SUZUKI Shinsuke suz@FreeBSD.org 2002-04-28T05:40:29Z urn:sha1:16d053fe829126730a609c1b1052cebdba21ea30 just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD. (based on freebsd4-snap-20020128) 2001-11-20T12:26:13Z Hajimu UMEMOTO ume@FreeBSD.org 2001-11-20T12:26:13Z urn:sha1:40b804bf899fda2aeba0358a7687f4c2c3b9c97c - net.inet.ipsec.esp_auth hasn't been there - nuke all debug printfs, which are unneeded by now. - get rid of #ifdef IPSEC_DEBUG in headers - now that key_debug_level is always defined, there's no need for #ifdef IPSEC_DEBUG around sysctl MIB code (net.key.debug). - switch all debug printf() to ipseclog(). - When there is no suitable inbound policy for the packet of the ipsec tunnel mode, the kernel never decapsulate the tunneled packet as the ipsec tunnel mode even when the system wide policy is "none". Then the kernel leaves the generic tunnel module to process this packet. If there is no rule of the generic tunnel, the packet is rejected and the statistics will be counted up. sys/netinet6/ipsec.c: 1.14 sys/netkey/key.c: 1.32-1.35 sys/netkey/key_debug.c: 1.16 sys/netkey/key_debug.h: 1.8 sys/netkey/key_var.h: 1.5 sys/netkey/keysock.c: 1.8 2001-10-24T19:29:43Z Hajimu UMEMOTO ume@FreeBSD.org 2001-10-24T19:29:43Z urn:sha1:9d674823ccb152a8183dc7eb91093e9eabe0ea96 should be applied. the SA of AH transport could not be selected from the SAD because of this bug. 2001-07-19T06:37:26Z Kris Kennaway kris@FreeBSD.org 2001-07-19T06:37:26Z urn:sha1:e62c173e4ddf132e8b62462cca1313ded662e2eb packets. This closes a minor information leak which allows a remote observer to determine the rate at which the machine is generating packets, since the default behaviour is to increment a counter for each packet sent. 2001-07-03T11:02:18Z Hajimu UMEMOTO ume@FreeBSD.org 2001-07-03T11:02:18Z urn:sha1:56bc0a86e6c7bc4284aa95027299f0df6e37241f This work was based on kame-20010528-freebsd43-snap.tgz and some critical problem after the snap was out were fixed. There are many many changes since last KAME merge. etc/defaults/rc.conf: 1.111 etc/rc.network: 1.98 etc/rc.network6: 1.20 lib/libipsec/ipsec_set_policy.3: 1.8 lib/libipsec/ipsec_strerror.3: 1.7 lib/libipsec/ipsec_strerror.c: 1.3 lib/libipsec/ipsec_strerror.h: 1.3 lib/libipsec/libpfkey.h: 1.2 lib/libipsec/pfkey.c: 1.3 lib/libipsec/pfkey_dump.c: 1.3 lib/libipsec/policy_token.l: 1.5 lib/libipsec/test-policy.c: 1.4 sbin/ifconfig/ifconfig.8: 1.42 sbin/ifconfig/ifconfig.c: 1.63 sbin/ping6/ping6.8: 1.10 sbin/ping6/ping6.c: 1.9 sbin/route/route.c: 1.48, 1.50 sbin/rtsol/Makefile: 1.4 share/doc/IPv6/IMPLEMENTATION: 1.3 share/examples/IPv6/USAGE: 1.3 share/man/man4/faith.4: 1.10 share/man/man4/gif.4: 1.9 share/man/man4/inet6.4: 1.8 share/man/man4/ip6.4: 1.8 share/man/man4/ipsec.4: 1.9 share/man/man4/kame.4: 1.8 share/man/man4/stf.4: 1.8 sys/conf/files: 1.534 sys/crypto/md5.c: 1.4 sys/crypto/sha1.c: 1.7 sys/crypto/blowfish/bf_enc.c: 1.4 sys/crypto/blowfish/bf_locl.h: 1.4 sys/crypto/blowfish/bf_skey.c: 1.4 sys/crypto/blowfish/blowfish.h: 1.4 sys/crypto/cast128/cast128.c: 1.4 sys/crypto/cast128/cast128.h: 1.4 sys/crypto/des/des.h: 1.4 sys/crypto/des/des_ecb.c: 1.4 sys/crypto/des/des_locl.h: 1.5 sys/crypto/des/des_setkey.c: 1.4 sys/crypto/rijndael/boxes-fst.dat: 1.2 sys/crypto/rijndael/rijndael-alg-fst.c: 1.2, 1.3 sys/crypto/rijndael/rijndael-alg-fst.h: 1.2 sys/crypto/rijndael/rijndael-api-fst.c: 1.2 sys/crypto/rijndael/rijndael-api-fst.h: 1.2 sys/crypto/rijndael/rijndael_local.h: 1.3 sys/kern/uipc_domain.c: 1.24 sys/kern/uipc_mbuf.c: 1.82 sys/kern/uipc_mbuf2.c: 1.8 sys/net/if.c: 1.109 sys/net/if_faith.c: 1.4, 1.5 sys/net/if_gif.c: 1.10 sys/net/if_gif.h: 1.4 sys/net/if_loop.c: 1.61 sys/net/if_sppp.h: 1.17 sys/net/if_spppsubr.c: 1.68, 1.69 sys/net/net_osdep.c: 1.4 sys/net/net_osdep.h: 1.5 sys/net/pfkeyv2.h: 1.6 sys/net/ppp_defs.h: 1.7 sys/net/rtsock.c: 1.52 sys/netinet/icmp6.h: 1.4 sys/netinet/in.c: 1.54 sys/netinet/in_gif.c: 1.10 sys/netinet/in_pcb.c: 1.84 sys/netinet/in_pcb.h: 1.38 sys/netinet/in_proto.c: 1.56 sys/netinet/ip6.h: 1.5 sys/netinet/ip_ecn.c: 1.4 sys/netinet/ip_ecn.h: 1.4 sys/netinet/ip_encap.c: 1.4 sys/netinet/ip_icmp.c: 1.57 sys/netinet/ip_input.c: 1.171 sys/netinet/ip_output.c: 1.126 sys/netinet/ip_var.h: 1.56 sys/netinet/raw_ip.c: 1.78 sys/netinet/tcp_input.c: 1.132 sys/netinet/tcp_output.c: 1.50 sys/netinet/tcp_subr.c: 1.103 sys/netinet/tcp_usrreq.c: 1.60 sys/netinet/udp_usrreq.c: 1.89 sys/netinet6/ah.h: 1.5 sys/netinet6/ah6.h: 1.4 sys/netinet6/ah_core.c: 1.8 sys/netinet6/ah_input.c: 1.7 sys/netinet6/ah_output.c: 1.7 sys/netinet6/dest6.c: 1.6 sys/netinet6/esp.h: 1.4 sys/netinet6/esp6.h: 1.4 sys/netinet6/esp_core.c: 1.5 sys/netinet6/esp_input.c: 1.7 sys/netinet6/esp_output.c: 1.5 sys/netinet6/frag6.c: 1.8 sys/netinet6/icmp6.c: 1.11 sys/netinet6/in6.c: 1.12 sys/netinet6/in6.h: 1.13 sys/netinet6/in6_cksum.c: 1.4 sys/netinet6/in6_gif.c: 1.5 sys/netinet6/in6_ifattach.c: 1.6 sys/netinet6/in6_ifattach.h: 1.3 sys/netinet6/in6_pcb.c: 1.15 sys/netinet6/in6_pcb.h: 1.4 sys/netinet6/in6_prefix.c: 1.7 sys/netinet6/in6_prefix.h: 1.5 sys/netinet6/in6_proto.c: 1.14 sys/netinet6/in6_rmx.c: 1.4 sys/netinet6/in6_src.c: 1.4 sys/netinet6/in6_var.h: 1.8 sys/netinet6/ip6_ecn.h: 1.4 sys/netinet6/ip6_forward.c: 1.11 sys/netinet6/ip6_fw.c: 1.11 sys/netinet6/ip6_fw.h: 1.11 sys/netinet6/ip6_input.c: 1.27 sys/netinet6/ip6_mroute.c: 1.7 sys/netinet6/ip6_mroute.h: 1.4 sys/netinet6/ip6_output.c: 1.25 sys/netinet6/ip6_var.h: 1.7 sys/netinet6/ip6protosw.h: 1.6 sys/netinet6/ipcomp.h: 1.2 sys/netinet6/ipcomp6.h: 1.2 sys/netinet6/ipcomp_core.c: 1.2 sys/netinet6/ipcomp_input.c: 1.2 sys/netinet6/ipcomp_output.c: 1.2 sys/netinet6/ipsec.c: 1.12 sys/netinet6/ipsec.h: 1.8 sys/netinet6/ipsec6.h: 1.5 sys/netinet6/mld6.c: 1.7 sys/netinet6/nd6.c: 1.9 sys/netinet6/nd6.h: 1.7 sys/netinet6/nd6_nbr.c: 1.9 sys/netinet6/nd6_rtr.c: 1.7, 1.8 sys/netinet6/raw_ip6.c: 1.11 sys/netinet6/route6.c: 1.4 sys/netinet6/scope6.c: 1.2 sys/netinet6/udp6_output.c: 1.3 sys/netinet6/udp6_usrreq.c: 1.15 sys/netkey/key.c: 1.25 sys/netkey/key.h: 1.7 sys/netkey/key_debug.c: 1.14 sys/netkey/key_debug.h: 1.7 sys/netkey/key_var.h: 1.4 sys/netkey/keydb.h: 1.6 sys/netkey/keysock.c: 1.6 sys/netsmb/smb_crypt.c: 1.2 sys/sys/mbuf.h: 1.79, 1.80 sys/sys/protosw.h: 1.33 sys/sys/socket.h: 1.54, 1.56 sys/sys/sockio.h: 1.17 usr.bin/netstat/inet.c: 1.42 usr.bin/netstat/inet6.c: 1.10 usr.bin/netstat/ipsec.c: 1.2 usr.bin/netstat/main.c: 1.40 usr.bin/netstat/mroute6.c: 1.5 usr.bin/netstat/netstat.1: 1.29 usr.bin/netstat/netstat.h: 1.21 usr.bin/netstat/route.c: 1.50, 1.51, 1.55 usr.sbin/faithd/Makefile: 1.6 usr.sbin/faithd/README: 1.4 usr.sbin/faithd/faithd.8: 1.9 usr.sbin/faithd/faithd.c: 1.7 usr.sbin/faithd/faithd.h: 1.3 usr.sbin/faithd/ftp.c: 1.5 usr.sbin/faithd/rsh.c: 1.5 usr.sbin/faithd/tcp.c: 1.3 usr.sbin/gifconfig/gifconfig.8: 1.6 usr.sbin/gifconfig/gifconfig.c: 1.4 usr.sbin/ifmcstat/ifmcstat.8: 1.3 usr.sbin/ifmcstat/ifmcstat.c: 1.7 usr.sbin/mld6query/mld6.c: 1.2 usr.sbin/mld6query/mld6query.8: 1.2 usr.sbin/ndp/ndp.8: 1.6 usr.sbin/ndp/ndp.c: 1.6 usr.sbin/prefix/Makefile: 1.4 usr.sbin/rip6query/rip6query.8: 1.4 usr.sbin/rip6query/rip6query.c: 1.5 usr.sbin/route6d/route6d.8: 1.6 usr.sbin/route6d/route6d.c: 1.9 usr.sbin/route6d/route6d.h: 1.3 usr.sbin/rrenumd/lexer.l: 1.3 usr.sbin/rrenumd/parser.y: 1.3 usr.sbin/rrenumd/rrenumd.8: 1.6 usr.sbin/rrenumd/rrenumd.c: 1.4 usr.sbin/rrenumd/rrenumd.conf.5: 1.10 usr.sbin/rrenumd/rrenumd.h: 1.3 usr.sbin/rtadvd/advcap.c: 1.4 usr.sbin/rtadvd/advcap.h: 1.4 usr.sbin/rtadvd/config.c: 1.7 usr.sbin/rtadvd/config.h: 1.4 usr.sbin/rtadvd/dump.c: 1.3 usr.sbin/rtadvd/dump.h: 1.3 usr.sbin/rtadvd/if.c: 1.6 usr.sbin/rtadvd/if.h: 1.4 usr.sbin/rtadvd/pathnames.h: 1.5 usr.sbin/rtadvd/rrenum.c: 1.5 usr.sbin/rtadvd/rrenum.h: 1.4 usr.sbin/rtadvd/rtadvd.8: 1.8 usr.sbin/rtadvd/rtadvd.c: 1.6 usr.sbin/rtadvd/rtadvd.conf.5: 1.6 usr.sbin/rtadvd/rtadvd.h: 1.4 usr.sbin/rtadvd/timer.c: 1.4 usr.sbin/rtadvd/timer.h: 1.4 usr.sbin/rtsold/Makefile: 1.6 usr.sbin/rtsold/dump.c: 1.4 usr.sbin/rtsold/if.c: 1.5 usr.sbin/rtsold/probe.c: 1.5 usr.sbin/rtsold/rtsol.c: 1.4 usr.sbin/rtsold/rtsold.8: 1.5 usr.sbin/rtsold/rtsold.c: 1.4 usr.sbin/rtsold/rtsold.h: 1.4 usr.sbin/setkey/parse.y: 1.3 usr.sbin/setkey/scriptdump.pl: 1.3 usr.sbin/setkey/setkey.8: 1.14 usr.sbin/setkey/setkey.c: 1.3 usr.sbin/setkey/token.l: 1.5 usr.sbin/traceroute6/traceroute6.8: 1.7 usr.sbin/traceroute6/traceroute6.c: 1.8 2001-03-16T19:23:32Z Hajimu UMEMOTO ume@FreeBSD.org 2001-03-16T19:23:32Z urn:sha1:85e04363569e3e6a1313d7c6a4ae2374d2b076e2 adjust state->ro if the tunnel endpoint is offlink. KAME PR 233. Approved by: jkh 2000-11-10T08:33:07Z Hajimu UMEMOTO ume@FreeBSD.org 2000-11-10T08:33:07Z urn:sha1:de226580da28874108fb19351c980f04a49556dc forbid "ANY" SA from being used for tnunel mode. 2000-11-03T16:16:51Z Hajimu UMEMOTO ume@FreeBSD.org 2000-11-03T16:16:51Z urn:sha1:c8f860d19cb7e4980c3fb1f1d55d7af5eb05535c reported from <larse@ISI.EDU> Approved by: jkh 2000-07-15T07:14:44Z Kris Kennaway kris@FreeBSD.org 2000-07-15T07:14:44Z urn:sha1:8b0561f1900283a280aa406a12c2db7e4c7eaea0