summaryrefslogtreecommitdiffstats
path: root/sys/netipsec
Commit message (Collapse)AuthorAgeFilesLines
* o handle jumbograms in m_clonesam2003-01-091-52/+82
| | | | | | o fixup some comments Submitted by: Doug Ambrisko <ambrisko@verniernetworks.com>
* Correct typos, mostly s/ a / an / where appropriate. Some whitespace cleanup,schweikh2003-01-012-6/+6
| | | | especially in troff files.
* Correct mbuf packet header propagation. Previously, packet headerssam2002-12-302-2/+2
| | | | | | | | | | | | | | | | | | | | | | were sometimes propagated using M_COPY_PKTHDR which actually did something between a "move" and a "copy" operation. This is replaced by M_MOVE_PKTHDR (which copies the pkthdr contents and "removes" it from the source mbuf) and m_dup_pkthdr which copies the packet header contents including any m_tag chain. This corrects numerous problems whereby mbuf tags could be lost during packet manipulations. These changes also introduce arguments to m_tag_copy and m_tag_copy_chain to specify if the tag copy work should potentially block. This introduces an incompatibility with openbsd which we may want to revisit. Note that move/dup of packet headers does not handle target mbufs that have a cluster bound to them. We may want to support this; for now we watch for it with an assert. Finally, M_COPYFLAGS was updated to include M_FIRSTFRAG|M_LASTFRAG. Supported by: Vernier Networks Reviewed by: Robert Watson <rwatson@FreeBSD.org>
* o cannot use M_COPY_PKTHDR on an mbuf that has a cluster; if we need tosam2002-12-301-8/+29
| | | | | | | | do this avoid m_getcl so we can copy the packet header to a clean mbuf before adding the cluster o move an assert to the right place Supported by: Vernier Networks
* SMP locking for ifnet list.hsu2002-12-221-0/+4
|
* o Untangle the confusion with the malloc flags {M_WAITOK, M_NOWAIT} andbmilekic2002-12-191-1/+1
| | | | | | | | | | the mbuf allocator flags {M_TRYWAIT, M_DONTWAIT}. o Fix a bpf_compat issue where malloc() was defined to just call bpf_alloc() and pass the 'canwait' flag(s) along. It's been changed to call bpf_alloc() but pass the corresponding M_TRYWAIT or M_DONTWAIT flag (and only one of those two). Submitted by: Hiten Pandya <hiten@unixdaemons.com> (hiten->commit_count++)
* FAST_IPSEC fixups:sam2002-11-082-0/+21
| | | | | | | | | | | o fix #ifdef typo o must use "bounce functions" when dispatched from the protosw table don't know how this stuff was missed in my testing; must've committed the wrong bits Pointy hat: sam Submitted by: "Doug Ambrisko" <ambrisko@verniernetworks.com>
* "Fast IPsec": this is an experimental IPsec implementation that is derivedsam2002-10-1626-0/+17530
from the KAME IPsec implementation, but with heavy borrowing and influence of openbsd. A key feature of this implementation is that it uses the kernel crypto framework to do all crypto work so when h/w crypto support is present IPsec operation is automatically accelerated. Otherwise the protocol implementations are rather differet while the SADB and policy management code is very similar to KAME (for the moment). Note that this implementation is enabled with a FAST_IPSEC option. With this you get all protocols; i.e. there is no FAST_IPSEC_ESP option. FAST_IPSEC and IPSEC are mutually exclusive; you cannot build both into a single system. This software is well tested with IPv4 but should be considered very experimental (i.e. do not deploy in production environments). This software does NOT currently support IPv6. In fact do not configure FAST_IPSEC and INET6 in the same system. Obtained from: KAME + openbsd Supported by: Vernier Networks
OpenPOWER on IntegriCloud