| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.
Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/
Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/
Remove /\n+#if.*\n#endif.*\n+/
Remove /^#if.*\n#endif.*\n/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/
Sponsored by: Netflix
|
| |
|
|
|
|
|
|
| |
Remove ancient SCCS tags from the tree, automated scripting, with two
minor fixup to keep things compiling. All the common forms in the tree
were removed with a perl script.
Sponsored by: Netflix
|
| |
|
|
| |
Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/
|
| |
|
|
|
|
| |
- s/receieve/receive/
MFC after: 1 week
|
| |
|
|
|
|
|
|
| |
In particular fixes --libxo json
PR: 254673
Reported by: j.vandeville@gmail.com
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
At this point, AES is the more common name for Rijndael128. setkey(8)
will still accept the old name, and old constants remain for
compatiblity.
Reviewed by: cem, bcr (manpages)
MFC after: 2 weeks
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D24964
Notes:
svn path=/head/; revision=361810
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Examples of depecrated algorithms in manual pages and sample configs
are updated where relevant. I removed the one example of combining
ESP and AH (vs using a cipher and auth in ESP) as RFC 8221 says this
combination is NOT RECOMMENDED.
Specifically, this removes support for the following ciphers:
- des-cbc
- 3des-cbc
- blowfish-cbc
- cast128-cbc
- des-deriv
- des-32iv
- camellia-cbc
This also removes support for the following authentication algorithms:
- hmac-md5
- keyed-md5
- keyed-sha1
- hmac-ripemd160
Reviewed by: cem, gnn (older verisons)
Relnotes: yes
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D24342
Notes:
svn path=/head/; revision=360557
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Use keyed-md5 and keyed_sha1 instead of md5 and sha1 to match
the names accepted by setkey and to also avoid confusion since
these are not "plain" MD5 or SHA1.
- Remove always-true #ifdef's to make the source a bit easier to
read.
- Add missing mappings for tcp-md5, camellia-cbc, and aes-gmac.
MFC after: 2 weeks
Sponsored by: Chelsio Communications
Notes:
svn path=/head/; revision=350666
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When large SPDs are used, we face two problems:
- too many CPU cycles are spent during the linear searches in the SPD
for each packet
- too much contention on multi socket systems, since we use a single
shared lock.
Main changes:
- added the sysctl tree 'net.key.spdcache' to control the SPD cache
(disabled by default).
- cache the sp indexes that are used to perform SP lookups.
- use a range of dedicated mutexes to protect the cache lines.
Submitted by: Emeric Poupon <emeric.poupon@stormshield.eu>
Reviewed by: ae
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D15050
Notes:
svn path=/head/; revision=334054
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Mainly focus on files that use BSD 3-Clause license.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
Notes:
svn path=/head/; revision=326025
|
| |
|
|
|
|
|
|
| |
MFC after: 1 week
Sponsored by: Chelsio Communications
Notes:
svn path=/head/; revision=318996
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.
Submitted by: Jan Schaumann <jschauma@stevens.edu>
Pull Request: https://github.com/freebsd/freebsd/pull/96
Notes:
svn path=/head/; revision=314436
|
| |
|
|
|
|
|
|
|
|
|
|
| |
variable set rather than reading from kernel memory.
This also makes the -z (zero) flag work correctly
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC (Netgate)
Differential Revision: https://reviews.freebsd.org/D4591
Notes:
svn path=/head/; revision=292394
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update setkey and libipsec to understand aes-gcm-16 as an
encryption method.
A partial commit of the work in review D2936.
Submitted by: eri
Reviewed by: jmg
MFC after: 2 weeks
Sponsored by: Rubicon Communications (Netgate)
Notes:
svn path=/head/; revision=285108
|
| |
|
|
|
|
|
|
|
|
| |
Obtained from: Phil Shafer <phil@juniper.net>
Ported to -current by: alfred@ (mostly), Kim Shrier
Formatting: marcel@
Sponsored by: Juniper Networks, Inc.
Notes:
svn path=/head/; revision=279122
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
structure is used, but they already have equal fields in the struct
newipsecstat, that was introduced with FAST_IPSEC and then was merged
together with old ipsecstat structure.
This fixes kernel stack overflow on some architectures after migration
ipsecstat to PCPU counters.
Reported by: Taku YAMAMOTO, Maciej Milewski
Notes:
svn path=/head/; revision=253571
|
| |
|
|
|
|
|
| |
ipsec4stat, ipsec6stat to PCPU counters.
Notes:
svn path=/head/; revision=253088
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Use uint64_t as type for all fields of structures.
Changed structures: ahstat, arpstat, espstat, icmp6_ifstat, icmp6stat,
in6_ifstat, ip6stat, ipcompstat, ipipstat, ipsecstat, mrt6stat, mrtstat,
pfkeystat, pim6stat, pimstat, rip6stat, udpstat.
Discussed with: arch@
Notes:
svn path=/head/; revision=253081
|
| |
|
|
|
|
|
|
|
|
|
|
| |
is in accordance with the information provided at
ftp://ftp.cs.berkeley.edu/pub/4bsd/README.Impt.License.Change
Also add $FreeBSD$ to a few files to keep svn happy.
Discussed with: imp, rwatson
Notes:
svn path=/head/; revision=216370
|
| |
|
|
|
|
|
| |
needed.
Notes:
svn path=/head/; revision=200462
|
| |
|
|
|
|
|
| |
Tested with: make universe
Notes:
svn path=/head/; revision=200420
|
| |
|
|
|
|
|
|
|
|
| |
Try to version the struct in a backward compatible way.
People asked for the versioning of the stats structs in general before.
MFC after: 5 days
Notes:
svn path=/head/; revision=199946
|
| |
|
|
|
|
|
|
|
|
| |
+ kread is not a boolean, so check it as such
+ fix $FreeBSD$ Ids
+ denote copyrights with /*-
+ misc whitespace changes.
Notes:
svn path=/head/; revision=175061
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
general, when support was added to netstat for fetching data using sysctl,
no provision was left for fetching equivalent data from a core dump, and
in fact, netstat would _always_ fetch data from the live kernel using
sysctl even when -M was specified resulting in the user believing they
were getting data from coredumps when they actually weren't. Some specific
changes:
- Add a global 'live' variable that is true if netstat is running against
the live kernel and false if -M has been specified.
- Stop abusing the sysctl flag in the protocol tables to hold the protocol
number. Instead, the protocol is now its own field in the tables, and
it is passed as a separate parameter to the PCB and stat routines rather
than overloading the KVM offset parameter.
- Don't run PCB or stats functions who don't have a namelist offset if we
are being run against a crash dump (!live).
- For the inet and unix PCB routines, we generate the same buffer from KVM
that the sysctl usually generates complete with the header and trailer.
- Don't run bpf stats for !live (before it would just silently always run
live).
- kread() no longer trashes memory when opening the buffer if there is an
error on open and the passed in buffer is smaller than _POSIX2_LINE_MAX.
- The multicast routing code doesn't fallback to kvm on live kernels if
the sysctl fails. Keeping this made the code rather hairy, and netstat
is already tied to the kernel ABI anyway (even when using sysctl's since
things like xinpcb contain an inpcb) so any kernels this is run against
that have the multicast routing stuff should have the sysctls.
- Don't try to dig around in the kernel linker in the netgraph PCB routine
for core dumps.
Other notes:
- sctp's PCB routine only works on live kernels, it looked rather
complicated to generate all the same stuff via KVM. Someone can always
add it later if desired though.
- Fix the ipsec removal bug where N_xxx for IPSEC stats weren't renumbered.
- Use sysctlbyname() everywhere rather than hardcoded mib values.
MFC after: 1 week
Approved by: re (rwatson)
Notes:
svn path=/head/; revision=171465
|
| |
|
|
|
|
|
|
|
|
|
| |
This commit includes all remaining changes for the time being including
user space updates.
Submitted by: bz
Approved by: re
Notes:
svn path=/head/; revision=171135
|
| |
|
|
|
|
|
|
| |
Found by: WARNS=6
MFC after: 3 days
Notes:
svn path=/head/; revision=164687
|
| |
|
|
|
|
|
|
|
|
| |
including to printf(). Using uintmax_t is also robust to further
extensions in both the C language and the bitwidth of kernel counters.
Tested on: i386 amd64 ia64
Notes:
svn path=/head/; revision=160787
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
with FAST_IPSEC rather than the KAME IPSEC stack.
Note that the output of "netstat -s -p ipsec" differs depending on which
stack is compiled into the kernel since they each keep different stats.
This delta also adds the "esp", "ah", and "ipcomp" protocol stats, which
are also available when the kernel is compiled with the FAST_IPSEC stack
(e.g. "netstat -s -p esp").
Submitted by: Matt Titus <titus at nttmcl dot com>
MFC after: 3 days
Notes:
svn path=/head/; revision=153809
|
| |
|
|
|
|
|
|
| |
Use warnx() instead of warn() when error message is not of any interest. Add
prototypes.
Notes:
svn path=/head/; revision=132671
|
| |
|
|
|
|
|
|
|
| |
- support AES XCBC MAC/AES counter mode.
Obtained from: KAME
Notes:
svn path=/head/; revision=125481
|
| |
|
|
|
|
|
| |
Obtained from: KAME
Notes:
svn path=/head/; revision=125480
|
| |
|
|
|
|
|
|
|
|
|
| |
- goodbye RC5.
- use %llu directly.
- KNF.
Obtained from: KAME
Notes:
svn path=/head/; revision=125479
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
1) Include arpa/inet.h for ntohs.
2) Constness fixes.
3) Fix shadowing except for "sin" which shouldn't be in scope.
4) Remove register keyword.
5) Add missing initialsers to user defined structs.
5) Make prototype of netname6 globally visable.
6) Use right macros for printing syncache stats (even though entrie isn't
a word).
Notes:
svn path=/head/; revision=102975
|
| |
|
|
| |
Notes:
svn path=/head/; revision=81586
|
| |
|
|
|
|
|
|
| |
remove superfluous declarations
make things more consistent
Notes:
svn path=/head/; revision=78316
|
| |
|
|
| |
Notes:
svn path=/head/; revision=78314
|
| |
|
|
|
|
|
| |
Requested by: bde
Notes:
svn path=/head/; revision=78309
|
| |
|
|
| |
Notes:
svn path=/head/; revision=78245
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.
TODO:
- The definitions of SADB_* in sys/net/pfkeyv2.h are still different
from RFC2407/IANA assignment because of binary compatibility
issue. It should be fixed under 5-CURRENT.
- ip6po_m member of struct ip6_pktopts is no longer used. But, it
is still there because of binary compatibility issue. It should
be removed under 5-CURRENT.
Reviewed by: itojun
Obtained from: KAME
MFC after: 3 weeks
Notes:
svn path=/head/; revision=78064
|
|
|
Notes:
svn path=/head/; revision=62584
|
