| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
| |
were unused or already in if_var.h so add if_name() to if_var.h and
remove net_osdep.h along with all references to it.
Longer term we may want to kill off if_name() entierly since all modern
BSDs have if_xname variables rendering it unnecessicary.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
Submitted by: JINMEI Tatuya <jinmei__at__isl.rdc.toshiba.co.jp>
Obtained from: KAME
|
| |
|
|
|
|
| |
MFC after: 3 week
|
|
|
|
|
|
|
|
|
| |
a static const global variable in ah_core.c. This makes it more clear
that this array does not require synchronization, as well as
synchronizing the layout to the ESP algorithm list. This is the
version of my patch that Itojun committed to the KAME tree.
Obtained from: me, via KAME
|
|
|
|
|
|
|
|
| |
to happen before the call to m_cat().
- correct signedness mixups.
- remove variable that is only assigned too but not referenced.
Obtained from: KAME
|
| |
|
|
|
|
|
|
|
|
| |
- change node-local to interface-local.
- better error handling of address-to-scope mapping.
- use in6_clearscope().
Obtained from: KAME
|
|
|
|
|
| |
- since aes-xcbc-mac and aes-ctr require functions in new
rijndael code, aes-xcbc-mac and aes-ctr are disabled for now.
|
|
|
|
|
|
| |
- correct SADB_X_AALG_RIPEMD160HMAC to 8
Obtained from: KAME
|
| |
|
|
|
|
|
|
|
| |
- panic if NULL is passed to ah_sumsiz (as we never do it,
and callers do not properly check negative returns).
Obtained from: KAME
|
|
|
|
|
|
| |
- avoid assuming result buffer size
Obtained from: KAME
|
|
|
|
| |
Obtained from: KAME
|
|
|
|
|
|
| |
- pass size arg to ah->result (avoid assuming result buffer size)
Obtained from: KAME
|
|
|
|
|
|
| |
- style.
Obtained from: KAME
|
|
|
|
| |
Approved by: trb
|
|
|
|
| |
Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.
|
|
|
|
|
|
|
| |
(based on freebsd4-snap-20020128)
Reviewed by: ume
MFC after: 1 week
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.
TODO:
- The definitions of SADB_* in sys/net/pfkeyv2.h are still different
from RFC2407/IANA assignment because of binary compatibility
issue. It should be fixed under 5-CURRENT.
- ip6po_m member of struct ip6_pktopts is no longer used. But, it
is still there because of binary compatibility issue. It should
be removed under 5-CURRENT.
Reviewed by: itojun
Obtained from: KAME
MFC after: 3 weeks
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Includes the following revisions from KAME (two of these were actually
committed previously but the CVS revisions weren't documented):
1.40 kame/kame/sys/netinet6/ah_core.c (committed in previous rev)
1.41 kame/kame/sys/netinet6/ah_core.c
1.28 kame/kame/sys/netinet6/ah_output.c (committed in previous rev)
1.29 kame/kame/sys/netinet6/ah_output.c
1.30 kame/kame/sys/netinet6/ah_output.c
1.129 kame/kame/sys/netinet6/nd6.c
1.130 kame/kame/sys/netinet6/nd6.c
1.24 kame/kame/sys/netinet6/dest6.c
1.25 kame/kame/sys/netinet6/dest6.c
Obtained from: KAME
|
|
|
|
|
| |
Submitted by: itojun
Obtained from: KAME
|
| |
|
|
|
|
|
|
|
| |
API changes:
- additional IPv6 ioctls
- IPsec PF_KEY API was changed, it is mandatory to upgrade setkey(8).
(also syntax change)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some of IPsec authentication related functions should have
'const' for its 2nd argument, but not now.
But if someone try to use them, and passed const data for
those functions, then much bogus compile warnings will be
generated.
So those funcs prototype should be modified.
Requested by: archie
Approved by: jkh
|
|
pr_input() routines prototype is also changed to support IPSEC and IPV6
chained protocol headers.
Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project
|