summaryrefslogtreecommitdiffstats
path: root/sys/netipsec/ipsec_mbuf.c
Commit message (Collapse)AuthorAgeFilesLines
* Commit IPv6 support for FAST_IPSEC to the tree.gnn2007-07-011-5/+5
| | | | | | | | | This commit includes only the kernel files, the rest of the files will follow in a second commit. Reviewed by: bz Approved by: re Supported by: Secure Computing
* promote fast ipsec's m_clone routine for public use; it is renamedsam2006-03-151-149/+0
| | | | | | | m_unshare and the caller can now control how mbufs are allocated Reviewed by: andre, luigi, mlaier MFC after: 1 week
* Replace custom mbuf writeability test with generic M_WRITABLE() testandre2005-09-261-1/+1
| | | | | | covering all edge cases too. Sponsored by: TCP/IP Optimization Fundraise 2005
* Push m_apply() and m_getptr() up into the colleciton of standard mbufbms2003-12-151-2/+0
| | | | | | | | routines, and purge them from opencrypto. Reviewed by: sam Obtained from: NetBSD Sponsored by: spc.org
* MFp4: portability work, general cleanup, locking fixessam2003-09-291-16/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | change 38496 o add ipsec_osdep.h that holds os-specific definitions for portability o s/KASSERT/IPSEC_ASSERT/ for portability o s/SPLASSERT/IPSEC_SPLASSERT/ for portability o remove function names from ASSERT strings since line#+file pinpints the location o use __func__ uniformly to reduce string storage o convert some random #ifdef DIAGNOSTIC code to assertions o remove some debuggging assertions no longer needed change 38498 o replace numerous bogus panic's with equally bogus assertions that at least go away on a production system change 38502 + 38530 o change explicit mtx operations to #defines to simplify future changes to a different lock type change 38531 o hookup ipv4 ctlinput paths to a noop routine; we should be handling path mtu changes at least o correct potential null pointer deref in ipsec4_common_input_cb chnage 38685 o fix locking for bundled SA's and for when key exchange is required change 38770 o eliminate recursion on the SAHTREE lock change 38804 o cleanup some types: long -> time_t o remove refrence to dead #define change 38805 o correct some types: long -> time_t o add scan generation # to secpolicy to deal with locking issues change 38806 o use LIST_FOREACH_SAFE instead of handrolled code o change key_flush_spd to drop the sptree lock before purging an entry to avoid lock recursion and to avoid holding the lock over a long-running operation o misc cleanups of tangled and twisty code There is still much to do here but for now things look to be working again. Supported by: FreeBSD Foundation
* Replace ovbcopy() with bcopy().des2003-04-041-3/+2
|
* add missing copyright noticessam2003-03-281-1/+27
| | | | Noticed by: Robert Watson
* Back out M_* changes, per decision of the TRB.imp2003-02-191-7/+7
| | | | Approved by: trb
* Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0.alfred2003-01-211-7/+7
| | | | Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.
* o handle jumbograms in m_clonesam2003-01-091-52/+82
| | | | | | o fixup some comments Submitted by: Doug Ambrisko <ambrisko@verniernetworks.com>
* Correct mbuf packet header propagation. Previously, packet headerssam2002-12-301-1/+1
| | | | | | | | | | | | | | | | | | | | | | were sometimes propagated using M_COPY_PKTHDR which actually did something between a "move" and a "copy" operation. This is replaced by M_MOVE_PKTHDR (which copies the pkthdr contents and "removes" it from the source mbuf) and m_dup_pkthdr which copies the packet header contents including any m_tag chain. This corrects numerous problems whereby mbuf tags could be lost during packet manipulations. These changes also introduce arguments to m_tag_copy and m_tag_copy_chain to specify if the tag copy work should potentially block. This introduces an incompatibility with openbsd which we may want to revisit. Note that move/dup of packet headers does not handle target mbufs that have a cluster bound to them. We may want to support this; for now we watch for it with an assert. Finally, M_COPYFLAGS was updated to include M_FIRSTFRAG|M_LASTFRAG. Supported by: Vernier Networks Reviewed by: Robert Watson <rwatson@FreeBSD.org>
* o cannot use M_COPY_PKTHDR on an mbuf that has a cluster; if we need tosam2002-12-301-8/+29
| | | | | | | | do this avoid m_getcl so we can copy the packet header to a clean mbuf before adding the cluster o move an assert to the right place Supported by: Vernier Networks
* "Fast IPsec": this is an experimental IPsec implementation that is derivedsam2002-10-161-0/+401
from the KAME IPsec implementation, but with heavy borrowing and influence of openbsd. A key feature of this implementation is that it uses the kernel crypto framework to do all crypto work so when h/w crypto support is present IPsec operation is automatically accelerated. Otherwise the protocol implementations are rather differet while the SADB and policy management code is very similar to KAME (for the moment). Note that this implementation is enabled with a FAST_IPSEC option. With this you get all protocols; i.e. there is no FAST_IPSEC_ESP option. FAST_IPSEC and IPSEC are mutually exclusive; you cannot build both into a single system. This software is well tested with IPv4 but should be considered very experimental (i.e. do not deploy in production environments). This software does NOT currently support IPv6. In fact do not configure FAST_IPSEC and INET6 in the same system. Obtained from: KAME + openbsd Supported by: Vernier Networks
OpenPOWER on IntegriCloud