summaryrefslogtreecommitdiffstats
path: root/sys/netinet6/ah_core.c
Commit message (Collapse)AuthorAgeFilesLines
* MFC after: 3 daysbms2007-02-051-1/+1
|
* With exception of the if_name() macro, all definitions in net_osdep.hbrooks2006-08-041-2/+0
| | | | | | | | were unused or already in if_var.h so add if_name() to if_var.h and remove net_osdep.h along with all references to it. Longer term we may want to kill off if_name() entierly since all modern BSDs have if_xname variables rendering it unnecessicary.
* scope cleanup. with this changeume2005-07-251-0/+1
| | | | | | | | | | | | | | | | | | | - most of the kernel code will not care about the actual encoding of scope zone IDs and won't touch "s6_addr16[1]" directly. - similarly, most of the kernel code will not care about link-local scoped addresses as a special case. - scope boundary check will be stricter. For example, the current *BSD code allows a packet with src=::1 and dst=(some global IPv6 address) to be sent outside of the node, if the application do: s = socket(AF_INET6); bind(s, "::1"); sendto(s, some_global_IPv6_addr); This is clearly wrong, since ::1 is only meaningful within a single node, but the current implementation of the *BSD kernel cannot reject this attempt. Submitted by: JINMEI Tatuya <jinmei__at__isl.rdc.toshiba.co.jp> Obtained from: KAME
* /* -> /*- for license, minor formatting changes, separate for KAMEimp2005-01-071-1/+1
|
* support TCP-MD5(IPv4) in KAME-IPSEC, too.suz2004-11-081-0/+6
| | | | MFC after: 3 week
* Move the AH algorithm list from a static local function variable torwatson2004-03-101-37/+38
| | | | | | | | | a static const global variable in ah_core.c. This makes it more clear that this array does not require synchronization, as well as synchronizing the layout to the ESP algorithm list. This is the version of my patch that Itojun committed to the KAME tree. Obtained from: me, via KAME
* - m_cat() may free the mbuf on 2nd arg, so m_pkthdr manipulation hasume2003-11-151-1/+1
| | | | | | | | to happen before the call to m_cat(). - correct signedness mixups. - remove variable that is only assigned too but not referenced. Obtained from: KAME
* enable aes-xcbc-mac and aes-ctr, again.ume2003-11-101-4/+0
|
* - change scope to zone.ume2003-10-211-4/+2
| | | | | | | | - change node-local to interface-local. - better error handling of address-to-scope mapping. - use in6_clearscope(). Obtained from: KAME
* - revert to old rijndael code. new rijndael code broke gbde.ume2003-10-191-0/+4
| | | | | - since aes-xcbc-mac and aes-ctr require functions in new rijndael code, aes-xcbc-mac and aes-ctr are disabled for now.
* - support AES XCBC MAC for AHume2003-10-131-0/+7
| | | | | | - correct SADB_X_AALG_RIPEMD160HMAC to 8 Obtained from: KAME
* include opencrypto/rmd160.hume2003-10-121-1/+1
|
* - always check for optlen overrun.ume2003-10-121-4/+11
| | | | | | | - panic if NULL is passed to ah_sumsiz (as we never do it, and callers do not properly check negative returns). Obtained from: KAME
* - correct signedness mixups.ume2003-10-121-76/+75
| | | | | | - avoid assuming result buffer size Obtained from: KAME
* avoid hardcoding MD5 result length (16)ume2003-10-121-3/+4
| | | | Obtained from: KAME
* - RIPEMD160 supportume2003-10-121-204/+186
| | | | | | - pass size arg to ah->result (avoid assuming result buffer size) Obtained from: KAME
* - fix typo in comment.ume2003-10-071-3/+3
| | | | | | - style. Obtained from: KAME
* Back out M_* changes, per decision of the TRB.imp2003-02-191-8/+8
| | | | Approved by: trb
* Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0.alfred2003-01-211-8/+8
| | | | Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.
* just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD.suz2002-04-191-4/+4
| | | | | | | (based on freebsd4-snap-20020128) Reviewed by: ume MFC after: 1 week
* Sync with recent KAME.ume2001-06-111-34/+513
| | | | | | | | | | | | | | | | | | This work was based on kame-20010528-freebsd43-snap.tgz and some critical problem after the snap was out were fixed. There are many many changes since last KAME merge. TODO: - The definitions of SADB_* in sys/net/pfkeyv2.h are still different from RFC2407/IANA assignment because of binary compatibility issue. It should be fixed under 5-CURRENT. - ip6po_m member of struct ip6_pktopts is no longer used. But, it is still there because of binary compatibility issue. It should be removed under 5-CURRENT. Reviewed by: itojun Obtained from: KAME MFC after: 3 weeks
* More IP option length validation.kris2001-02-261-1/+12
| | | | | | | | | | | | | | | | | Includes the following revisions from KAME (two of these were actually committed previously but the CVS revisions weren't documented): 1.40 kame/kame/sys/netinet6/ah_core.c (committed in previous rev) 1.41 kame/kame/sys/netinet6/ah_core.c 1.28 kame/kame/sys/netinet6/ah_output.c (committed in previous rev) 1.29 kame/kame/sys/netinet6/ah_output.c 1.30 kame/kame/sys/netinet6/ah_output.c 1.129 kame/kame/sys/netinet6/nd6.c 1.130 kame/kame/sys/netinet6/nd6.c 1.24 kame/kame/sys/netinet6/dest6.c 1.25 kame/kame/sys/netinet6/dest6.c Obtained from: KAME
* Correct IPv4 option processing.kris2001-02-201-2/+13
| | | | | Submitted by: itojun Obtained from: KAME
* Fix broken const'ness in declaration of sha1_loop().archie2000-10-091-4/+4
|
* sync with kame tree as of july00. tons of bug fixes/improvements.itojun2000-07-041-396/+414
| | | | | | | API changes: - additional IPv6 ioctls - IPsec PF_KEY API was changed, it is mandatory to upgrade setkey(8). (also syntax change)
* Remove unneeded #include <sys/kernel.h>phk2000-04-291-1/+0
|
* Prototype fix for IPsec authentication related functionsshin2000-02-101-10/+11
| | | | | | | | | | | | Some of IPsec authentication related functions should have 'const' for its 2nd argument, but not now. But if someone try to use them, and passed const data for those functions, then much bogus compile warnings will be generated. So those funcs prototype should be modified. Requested by: archie Approved by: jkh
* IPSEC support in the kernel.shin1999-12-221-0/+1125
pr_input() routines prototype is also changed to support IPSEC and IPV6 chained protocol headers. Reviewed by: freebsd-arch, cvs-committers Obtained from: KAME project
OpenPOWER on IntegriCloud