summaryrefslogtreecommitdiffstats
path: root/sys/net/if_enc.c
Commit message (Collapse)AuthorAgeFilesLines
* Catch up with the revised network interface cloning which takes an optionalthompsa2006-07-101-2/+2
| | | | opaque parameter that can specify configuration parameters.
* Fix a braino in the last revision, enc_clone_destroy needs return void insteadthompsa2006-07-041-12/+3
| | | | | | | of int. The clone system will ensure that our first interface is not destroyed so we dont need the extra checking anyway. Tested by: Scott Ullrich
* A small race existed where the lock was dropped between when encif wasthompsa2006-06-281-24/+20
| | | | | | | | | | | | tested and then set. [1] Reorganise things to eliminate this, we now ensure that enc0 can not be destroyed which as the benefit of no longer needing to lock in ipsec_filter and ipsec_bpf. The cloner will create one interface during the init so we can guarantee that encif will be valid before any SPD entries are added to ipsec. Spotted by: glebius [1]
* Simplify ipsec_bpf by using bpf_mtap2().thompsa2006-06-271-9/+2
|
* Add a pseudo interface for packet filtering IPSec connections before or afterthompsa2006-06-261-0/+323
encryption. There are two functions, a bpf tap which has a basic header with the SPI number which our current tcpdump knows how to display, and handoff to pfil(9) for packet filtering. Obtained from: OpenBSD Based on: kern/94829 No objections: arch, net MFC after: 1 month
OpenPOWER on IntegriCloud