summaryrefslogtreecommitdiffstats
path: root/sys/netipsec
Commit message (Collapse)AuthorAgeFilesLines
* Introduce an M_ASSERTPKTHDR() macro which performs the very common taskdes2003-04-081-2/+1
| | | | | | | of asserting that an mbuf has a packet header. Use it instead of hand- rolled versions wherever applicable. Submitted by: Hiten Pandya <hiten@unixdaemons.com>
* ovbcopy -> bcopydes2003-04-041-1/+1
|
* Replace ovbcopy() with bcopy().des2003-04-041-3/+2
|
* add missing copyright noticessam2003-03-283-4/+90
| | | | Noticed by: Robert Watson
* Update netisr handling; Each SWI now registers its queue, and all queuejlemon2003-03-042-9/+2
| | | | | | | | | | drain routines are done by swi_net, which allows for better queue control at some future point. Packets may also be directly dispatched to a netisr instead of queued, this may be of interest at some installations, but currently defaults to off. Reviewed by: hsu, silby, jayanth, sam Sponsored by: DARPA, NAI Labs
* fix compilation w/o INET6sam2003-02-281-0/+4
| | | | Noticed by: "James E. Flemer" <jflemer@acm.jhu.edu>
* Update to work with the new timewait state.jlemon2003-02-241-21/+5
| | | | Reviewed by: sam
* o add a CRYPTO_F_CBIMM flag to symmetric ops to indicate the callbacksam2003-02-233-3/+3
| | | | | | | | | | | | | | | | | | should be done in crypto_done rather than in the callback thread o use this flag to mark operations from /dev/crypto since the callback routine just does a wakeup; this eliminates the last unneeded ctx switch o change CRYPTO_F_NODELAY to CRYPTO_F_BATCH with an inverted meaning so "0" becomes the default/desired setting (needed for user-mode compatibility with openbsd) o change crypto_dispatch to honor CRYPTO_F_BATCH instead of always dispatching immediately o remove uses of CRYPTO_F_NODELAY o define COP_F_BATCH for ops submitted through /dev/crypto and pass this on to the op that is submitted Similar changes and more eventually coming for asymmetric ops. MFC if re gives approval.
* Back out M_* changes, per decision of the TRB.imp2003-02-196-39/+39
| | | | Approved by: trb
* Comment out srandom():ache2003-02-051-0/+2
| | | | | 1) Already called in init_main.c:proc0_post() 2) Seed is bad
* Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0.alfred2003-01-216-39/+39
| | | | Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.
* o handle jumbograms in m_clonesam2003-01-091-52/+82
| | | | | | o fixup some comments Submitted by: Doug Ambrisko <ambrisko@verniernetworks.com>
* Correct typos, mostly s/ a / an / where appropriate. Some whitespace cleanup,schweikh2003-01-012-6/+6
| | | | especially in troff files.
* Correct mbuf packet header propagation. Previously, packet headerssam2002-12-302-2/+2
| | | | | | | | | | | | | | | | | | | | | | were sometimes propagated using M_COPY_PKTHDR which actually did something between a "move" and a "copy" operation. This is replaced by M_MOVE_PKTHDR (which copies the pkthdr contents and "removes" it from the source mbuf) and m_dup_pkthdr which copies the packet header contents including any m_tag chain. This corrects numerous problems whereby mbuf tags could be lost during packet manipulations. These changes also introduce arguments to m_tag_copy and m_tag_copy_chain to specify if the tag copy work should potentially block. This introduces an incompatibility with openbsd which we may want to revisit. Note that move/dup of packet headers does not handle target mbufs that have a cluster bound to them. We may want to support this; for now we watch for it with an assert. Finally, M_COPYFLAGS was updated to include M_FIRSTFRAG|M_LASTFRAG. Supported by: Vernier Networks Reviewed by: Robert Watson <rwatson@FreeBSD.org>
* o cannot use M_COPY_PKTHDR on an mbuf that has a cluster; if we need tosam2002-12-301-8/+29
| | | | | | | | do this avoid m_getcl so we can copy the packet header to a clean mbuf before adding the cluster o move an assert to the right place Supported by: Vernier Networks
* SMP locking for ifnet list.hsu2002-12-221-0/+4
|
* o Untangle the confusion with the malloc flags {M_WAITOK, M_NOWAIT} andbmilekic2002-12-191-1/+1
| | | | | | | | | | the mbuf allocator flags {M_TRYWAIT, M_DONTWAIT}. o Fix a bpf_compat issue where malloc() was defined to just call bpf_alloc() and pass the 'canwait' flag(s) along. It's been changed to call bpf_alloc() but pass the corresponding M_TRYWAIT or M_DONTWAIT flag (and only one of those two). Submitted by: Hiten Pandya <hiten@unixdaemons.com> (hiten->commit_count++)
* FAST_IPSEC fixups:sam2002-11-082-0/+21
| | | | | | | | | | | o fix #ifdef typo o must use "bounce functions" when dispatched from the protosw table don't know how this stuff was missed in my testing; must've committed the wrong bits Pointy hat: sam Submitted by: "Doug Ambrisko" <ambrisko@verniernetworks.com>
* "Fast IPsec": this is an experimental IPsec implementation that is derivedsam2002-10-1626-0/+17530
from the KAME IPsec implementation, but with heavy borrowing and influence of openbsd. A key feature of this implementation is that it uses the kernel crypto framework to do all crypto work so when h/w crypto support is present IPsec operation is automatically accelerated. Otherwise the protocol implementations are rather differet while the SADB and policy management code is very similar to KAME (for the moment). Note that this implementation is enabled with a FAST_IPSEC option. With this you get all protocols; i.e. there is no FAST_IPSEC_ESP option. FAST_IPSEC and IPSEC are mutually exclusive; you cannot build both into a single system. This software is well tested with IPv4 but should be considered very experimental (i.e. do not deploy in production environments). This software does NOT currently support IPv6. In fact do not configure FAST_IPSEC and INET6 in the same system. Obtained from: KAME + openbsd Supported by: Vernier Networks
OpenPOWER on IntegriCloud