summaryrefslogtreecommitdiffstats
path: root/sys/netinet6/ipsec.c
Commit message (Collapse)AuthorAgeFilesLines
* just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD.suz2002-04-191-24/+24
| | | | | | | (based on freebsd4-snap-20020128) Reviewed by: ume MFC after: 1 week
* Fixed the behavior when there is no inbound policy for the ipsecume2001-11-061-0/+8
| | | | | | | | | | | | | tunneled packet. When there is no suitable inbound policy for the packet of the ipsec tunnel mode, the kernel never decapsulate the tunneled packet as the ipsec tunnel mode even when the system wide policy is "none". Then the kernel leaves the generic tunnel module to process this packet. If there is no rule of the generic tunnel, the packet is rejected and the statistics will be counted up. Obtained from: KAME MFC after: 1 week
* Fixed to process a IPv6 packet when ah transport after esp tunnelume2001-10-171-3/+42
| | | | | | | | should be applied. the SA of AH transport could not be selected from the SAD because of this bug. Obtained from: KAME MFC after: 1 week
* Sync with recent KAME.ume2001-06-111-387/+617
| | | | | | | | | | | | | | | | | | This work was based on kame-20010528-freebsd43-snap.tgz and some critical problem after the snap was out were fixed. There are many many changes since last KAME merge. TODO: - The definitions of SADB_* in sys/net/pfkeyv2.h are still different from RFC2407/IANA assignment because of binary compatibility issue. It should be fixed under 5-CURRENT. - ip6po_m member of struct ip6_pktopts is no longer used. But, it is still there because of binary compatibility issue. It should be removed under 5-CURRENT. Reviewed by: itojun Obtained from: KAME MFC after: 3 weeks
* Add ``options RANDOM_IP_ID'' which randomizes the ID field of IP packets.kris2001-06-011-0/+4
| | | | | | | | | This closes a minor information leak which allows a remote observer to determine the rate at which the machine is generating packets, since the default behaviour is to increment a counter for each packet sent. Reviewed by: -net Obtained from: OpenBSD
* nuke IPSEC_SRCSEL which does not do the right thing.ume2001-03-161-33/+3
| | | | | | | adjust state->ro if the tunnel endpoint is offlink. KAME PR 233. PR: kern/21079
* Change check from mbuf->m_ext.ext_free to use the new ext_type in orderbmilekic2000-11-111-6/+3
| | | | | | | | | | to determine whether the given mbuf has a cluster (or some other type of external storage) attached to it. Note: This code should eventually be made to use M_WRITABLE() to determine whether or not a copy should be made. Reviewed by: jlemon
* backout my previous commit (KAME PR 296). foo != TUNNEL willume2000-11-091-4/+0
| | | | | | forbid "ANY" SA from being used for tnunel mode. Reported by: Chris Cason <casonc@netplex.aussie.org>
* check whether the packet is tunnel mode. reported from <larse@ISI.EDU>ume2000-11-031-0/+4
| | | | Obtained from: KAME
* Replace the mbuf external reference counting code with somethingdwmalone2000-08-191-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | that should be better. The old code counted references to mbuf clusters by using the offset of the cluster from the start of memory allocated for mbufs and clusters as an index into an array of chars, which did the reference counting. If the external storage was not a cluster then reference counting had to be done by the code using that external storage. NetBSD's system of linked lists of mbufs was cosidered, but Alfred felt it would have locking issues when the kernel was made more SMP friendly. The system implimented uses a pool of unions to track external storage. The union contains an int for counting the references and a pointer for forming a free list. The reference counts are incremented and decremented atomically and so should be SMP friendly. This system can track reference counts for any sort of external storage. Access to the reference counting stuff is now through macros defined in mbuf.h, so it should be easier to make changes to the system in the future. The possibility of storing the reference count in one of the referencing mbufs was considered, but was rejected 'cos it would often leave extra mbufs allocated. Storing the reference count in the cluster was also considered, but because the external storage may not be a cluster this isn't an option. The size of the pool of reference counters is available in the stats provided by "netstat -m". PR: 19866 Submitted by: Bosko Milekic <bmilekic@dsuper.net> Reviewed by: alfred (glanced at by others on -net)
* sync with kame tree as of july00. tons of bug fixes/improvements.itojun2000-07-041-324/+617
| | | | | | | API changes: - additional IPv6 ioctls - IPsec PF_KEY API was changed, it is mandatory to upgrade setkey(8). (also syntax change)
* Add missing include machine/in_cksum.h.ps2000-05-091-0/+2
| | | | Submitted by: n_hibma
* Fixed the problem that IPsec connection hangs when bigger data is sent.shin2000-01-151-7/+5
| | | | | | | -opt_ipsec.h was missing on some tcp files (sorry for basic mistake) -made buildable as above fix -also added some missing IPv4 mapped IPv6 addr consideration into ipsec4_getpolicybysock
* Change struct sockaddr_storage member name, because following changeshin2000-01-131-26/+26
| | | | | | | | | | | | is very likely to become consensus as recent ietf/ipng mailing list discussion. Also recent KAME repository and other KAME patched BSDs also applied it. s/__ss_family/ss_family/ s/__ss_len/ss_len/ Makeworld is confirmed, and no application should be affected by this change yet.
* IPSEC support in the kernel.shin1999-12-221-0/+3061
pr_input() routines prototype is also changed to support IPSEC and IPV6 chained protocol headers. Reviewed by: freebsd-arch, cvs-committers Obtained from: KAME project
OpenPOWER on IntegriCloud