summaryrefslogtreecommitdiffstats
path: root/sys/netkey/key.c
Commit message (Collapse)AuthorAgeFilesLines
* printed current sequence number of the SA. accordingly, changedume2001-08-061-6/+9
| | | | | | | | into sadb_x_sa2_sequence from sadb_x_sa2_reserved3 in the sadb_x_sa2 structure. Also the output of setkey is changed. sequence number of the sadb is replaced to the end of the output. Obtained from: KAME
* do not play too much trick with evaluation order. from netbsdume2001-08-061-2/+2
| | | | Obtained from: KAME
* fixed to make a response in key_spdadd(). reported by <R.P.Koster@kpn.com>ume2001-08-061-2/+2
| | | | Obtained from: KAME
* merged key_cmpsaidx_*.ume2001-08-061-149/+60
| | | | Obtained from: KAME
* Sync with recent KAME.ume2001-06-111-243/+732
| | | | | | | | | | | | | | | | | | This work was based on kame-20010528-freebsd43-snap.tgz and some critical problem after the snap was out were fixed. There are many many changes since last KAME merge. TODO: - The definitions of SADB_* in sys/net/pfkeyv2.h are still different from RFC2407/IANA assignment because of binary compatibility issue. It should be fixed under 5-CURRENT. - ip6po_m member of struct ip6_pktopts is no longer used. But, it is still there because of binary compatibility issue. It should be removed under 5-CURRENT. Reviewed by: itojun Obtained from: KAME MFC after: 3 weeks
* fixed possibility of panic at key_acquire().ume2001-01-141-9/+8
| | | | | | key_acquire() does not require a secpolicy structure. Obtained from: KAME
* Revert previous commit after discussion with phk.kris2000-10-301-0/+1
|
* Remove unneeded #include <sys/proc.h> lines.phk2000-10-291-1/+0
|
* Convert all users of fldoff() to offsetof(). fldoff() is badphk2000-10-271-3/+0
| | | | | | | | | | | | | | | | | | | | | | | because it only takes a struct tag which makes it impossible to use unions, typedefs etc. Define __offsetof() in <machine/ansi.h> Define offsetof() in terms of __offsetof() in <stddef.h> and <sys/types.h> Remove myriad of local offsetof() definitions. Remove includes of <stddef.h> in kernel code. NB: Kernelcode should *never* include from /usr/include ! Make <sys/queue.h> include <machine/ansi.h> to avoid polluting the API. Deprecate <struct.h> with a warning. The warning turns into an error on 01-12-2000 and the file gets removed entirely on 01-01-2001. Paritials reviews by: various. Significant brucifications by: bde
* make sure we have IV that is random enough. memory allocator onume2000-08-281-5/+9
| | | | | | some of platforms give us almost constant number (oops). Obtained from: KAME
* sync with kame tree as of july00. tons of bug fixes/improvements.itojun2000-07-041-1707/+3598
| | | | | | | API changes: - additional IPv6 ioctls - IPsec PF_KEY API was changed, it is mandatory to upgrade setkey(8). (also syntax change)
* Back out the previous change to the queue(3) interface.jake2000-05-261-4/+4
| | | | | | It was not discussed and should probably not happen. Requested by: msmith and others
* Change the way that the queue(3) structures are declared; don't assume thatjake2000-05-231-4/+4
| | | | | | | | the type argument to *_HEAD and *_ENTRY is a struct. Suggested by: phk Reviewed by: phk Approved by: mdodd
* Change struct sockaddr_storage member name, because following changeshin2000-01-131-39/+39
| | | | | | | | | | | | is very likely to become consensus as recent ietf/ipng mailing list discussion. Also recent KAME repository and other KAME patched BSDs also applied it. s/__ss_family/ss_family/ s/__ss_len/ss_len/ Makeworld is confirmed, and no application should be affected by this change yet.
* IPSEC support in the kernel.shin1999-12-221-2253/+5011
| | | | | | | | pr_input() routines prototype is also changed to support IPSEC and IPV6 chained protocol headers. Reviewed by: freebsd-arch, cvs-committers Obtained from: KAME project
* #ifdef out unused function key_freetables.eivind1999-01-121-1/+2
|
* The "easy" fixes for compiling the kernel -Wunused: remove unreferenced staticarchie1998-12-071-14/+16
| | | | and local variables, goto labels, and functions declared but not defined.
* Really make this compile..peter1998-04-061-12/+58
| | | | Pointed out by: bde
* Maybe fix netkey. I am not sure how to test this..peter1998-04-051-44/+68
|
* Substitute a panic for a undefined function so LINT will compile.phk1998-04-041-0/+4
|
* Eradicate the variable "time" from the kernel, using various measures.phk1998-03-301-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | "time" wasn't a atomic variable, so splfoo() protection were needed around any access to it, unless you just wanted the seconds part. Most uses of time.tv_sec now uses the new variable time_second instead. gettime() changed to getmicrotime(0. Remove a couple of unneeded splfoo() protections, the new getmicrotime() is atomic, (until Bruce sets a breakpoint in it). A couple of places needed random data, so use read_random() instead of mucking about with time which isn't random. Add a new nfs_curusec() function. Mark a couple of bogosities involving the now disappeard time variable. Update ffs_update() to avoid the weird "== &time" checks, by fixing the one remaining call that passwd &time as args. Change profiling in ncr.c to use ticks instead of time. Resolution is the same. Add new function "tvtohz()" to avoid the bogus "splfoo(), add time, call hzto() which subtracts time" sequences. Reviewed by: bde
* Removed unused #includes.bde1998-03-281-3/+0
|
* key_getspi() bugfix.itojun1998-03-231-2/+19
| | | | Submitted by: k-sugyou@ccs.mt.nec.co.jp
* polish the code.itojun1998-02-271-92/+174
| | | | use tradictional decls. tabify. remove bogus #defines. prototypes.
* make sys/netkey/key{,_debug}.c compile. I believe it works but not tested.itojun1998-02-271-29/+141
| | | | I'll polish the code later on.
* Added a used #include.bde1998-02-251-0/+1
| | | | | "options KEY" is not in LINT, and consequently doesn't actually compile, even with this change.
* Last major round (Unless Bruce thinks of somthing :-) of malloc changes.phk1997-10-121-1/+1
| | | | | | | | Distribute all but the most fundamental malloc types. This time I also remembered the trick to making things static: Put "static" in front of them. A couple of finer points by: bde
* Distribute and statizice a lot of the malloc M_* types.phk1997-10-111-0/+2
| | | | Substantial input from: bde
* This is the `netkey' kernel key-management service (the PF_KEY analoguewollman1996-06-141-0/+2270
to PF_ROUTE) from NRL's IPv6 distribution, heavily modified by me for better source layout, formatting, and textual conventions. I am told that this code is no longer under active development, but it's a useful hack for those interested in doing work on network security, key management, etc. This code has only been tested twice, so it should be considered highly experimental. Obtained from: ftp.ripe.net
OpenPOWER on IntegriCloud