summaryrefslogtreecommitdiffstats
path: root/sys/netkey
Commit message (Collapse)AuthorAgeFilesLines
* Introduce an M_ASSERTPKTHDR() macro which performs the very common taskdes2003-04-081-2/+1
| | | | | | | of asserting that an mbuf has a packet header. Use it instead of hand- rolled versions wherever applicable. Submitted by: Hiten Pandya <hiten@unixdaemons.com>
* Back out M_* changes, per decision of the TRB.imp2003-02-192-27/+27
| | | | Approved by: trb
* Comment out srandom():ache2003-02-051-1/+2
| | | | | 1) Already called in init_main.c:proc0_post() 2) Seed is bad
* Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0.alfred2003-01-212-27/+27
| | | | Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.
* "struct route" is not sufficient. NetBSD PR 18751ume2003-01-082-1/+6
| | | | | Obtained from: KAME MFC after: 1 days
* Correct typos, mostly s/ a / an / where appropriate. Some whitespace cleanup,schweikh2003-01-011-4/+4
| | | | especially in troff files.
* o Untangle the confusion with the malloc flags {M_WAITOK, M_NOWAIT} andbmilekic2002-12-191-1/+1
| | | | | | | | | | the mbuf allocator flags {M_TRYWAIT, M_DONTWAIT}. o Fix a bpf_compat issue where malloc() was defined to just call bpf_alloc() and pass the 'canwait' flag(s) along. It's been changed to call bpf_alloc() but pass the corresponding M_TRYWAIT or M_DONTWAIT flag (and only one of those two). Submitted by: Hiten Pandya <hiten@unixdaemons.com> (hiten->commit_count++)
* - fixed the order of searching SA table for packets.ume2002-07-101-20/+47
| | | | | | | | - comment about deletion of SA that has not been used by reaching soft lifetime. Obtained from: KAME MFC after: 2 week
* Remove so*_locked(), which were backed out by mistake.tanimura2002-06-181-1/+1
|
* Back out my lats commit of locking down a socket, it conflicts with hsu's work.tanimura2002-05-311-5/+1
| | | | Requested by: hsu
* pacify gcc-3.1's -Wunused checking.peter2002-05-241-1/+4
|
* Lock down a socket, milestone 1.tanimura2002-05-201-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | o Add a mutex (sb_mtx) to struct sockbuf. This protects the data in a socket buffer. The mutex in the receive buffer also protects the data in struct socket. o Determine the lock strategy for each members in struct socket. o Lock down the following members: - so_count - so_options - so_linger - so_state o Remove *_locked() socket APIs. Make the following socket APIs touching the members above now require a locked socket: - sodisconnect() - soisconnected() - soisconnecting() - soisdisconnected() - soisdisconnecting() - sofree() - soref() - sorele() - sorwakeup() - sotryfree() - sowakeup() - sowwakeup() Reviewed by: alfred
* Redo the sigio locking.alfred2002-05-011-5/+0
| | | | | | | | | | | Turn the sigio sx into a mutex. Sigio lock is really only needed to protect interrupts from dereferencing the sigio pointer in an object when the sigio itself is being destroyed. In order to do this in the most unintrusive manner change pgsigio's sigio * argument into a **, that way we can lock internally to the function.
* Revert the change of #includes in sys/filedesc.h and sys/socketvar.h.tanimura2002-04-301-1/+3
| | | | | | | | | | Requested by: bde Since locking sigio_lock is usually followed by calling pgsigio(), move the declaration of sigio_lock and the definitions of SIGIO_*() to sys/signalvar.h. While I am here, sort include files alphabetically, where possible.
* Add a global sx sigio_lock to protect the pointer to the sigio objecttanimura2002-04-271-1/+3
| | | | | | | | | | of a socket. This avoids lock order reversal caused by locking a process in pgsigio(). sowakeup() and the callers of it (sowwakeup, soisconnected, etc.) now require sigio_lock to be locked. Provide sowwakeup_locked(), soisconnected_locked(), and so on in case where we have to modify a socket and wake up a process atomically.
* just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD.suz2002-04-192-5/+5
| | | | | | | (based on freebsd4-snap-20020128) Reviewed by: ume MFC after: 1 week
* Remove __P.alfred2002-03-208-175/+172
|
* missing splxume2002-03-011-0/+1
| | | | | Obtained from: KAME MFC after: 1 week
* (when new sa is preferred than old sa)ume2002-03-011-9/+9
| | | | | | | even if we fail to send pfkey message, remove the old sa. Obtained from: KAME MFC after: 1 week
* Fix warningspeter2002-02-282-8/+8
|
* Lock struct pgrp, session and sigio.tanimura2002-02-231-4/+14
| | | | | | | | | | | | | | | | | | | | | | | | | New locks are: - pgrpsess_lock which locks the whole pgrps and sessions, - pg_mtx which protects the pgrp members, and - s_mtx which protects the session members. Please refer to sys/proc.h for the coverage of these locks. Changes on the pgrp/session interface: - pgfind() needs the pgrpsess_lock held. - The caller of enterpgrp() is responsible to allocate a new pgrp and session. - Call enterthispgrp() in order to enter an existing pgrp. - pgsignal() requires a pgrp lock held. Reviewed by: jhb, alfred Tested on: cvsup.jp.FreeBSD.org (which is a quad-CPU machine running -current)
* Newer SA is prefered for a out-bound packet than old oneume2001-12-052-7/+89
| | | | | | | when net.key.prefered_oldsa is set to zero. Obtained from: KAME MFC after: 1 week
* Fixed the behavior when there is no inbound policy for the ipsecume2001-11-061-22/+0
| | | | | | | | | | | | | tunneled packet. When there is no suitable inbound policy for the packet of the ipsec tunnel mode, the kernel never decapsulate the tunneled packet as the ipsec tunnel mode even when the system wide policy is "none". Then the kernel leaves the generic tunnel module to process this packet. If there is no rule of the generic tunnel, the packet is rejected and the statistics will be counted up. Obtained from: KAME MFC after: 1 week
* - net.inet.ipsec.esp_auth hasn't been thereume2001-11-055-527/+224
| | | | | | | | | | | - nuke all debug printfs, which are unneeded by now. - get rid of #ifdef IPSEC_DEBUG in headers - now that key_debug_level is always defined, there's no need for #ifdef IPSEC_DEBUG around sysctl MIB code (net.key.debug). - switch all debug printf() to ipseclog(). Obtained from: KAME MFC after: 1 week
* Unbreak build without INET6.ume2001-11-031-0/+2
| | | | | Reported by: Christopher N . Harrell <cnh@netvmg.com> MFC after: 1 week
* System wide policy should be returned when no policy found in the SPD.ume2001-10-291-0/+26
| | | | | | | The packet was rejected in ipsec[46]_tunnel_validate(). Obtained from: KAME MFC after: 1 week
* Fixed the value of the prefixlen in the sadb_address structure.ume2001-10-221-8/+20
| | | | | | | When pfkey message relative to SA is sent, the prefixlen was incorrect. Obtained from: KAME MFC after: 1 week
* The behavior of SPDUPDATE has been changed.ume2001-10-171-10/+6
| | | | | | | | SPDUPDATE doesn't depend on whether there is a SP or not. This change makes `generate_policy on' of racoon work. Obtained from: KAME MFC after: 1 week
* KSE Milestone 2julian2001-09-121-8/+8
| | | | | | | | | | | | | | Note ALL MODULES MUST BE RECOMPILED make the kernel aware that there are smaller units of scheduling than the process. (but only allow one thread per process at this time). This is functionally equivalent to teh previousl -current except that there is a thread associated with each process. Sorry john! (your next MFC will be a doosie!) Reviewed by: peter@freebsd.org, dillon@freebsd.org X-MFC after: ha ha ha ha
* printed current sequence number of the SA. accordingly, changedume2001-08-062-10/+13
| | | | | | | | into sadb_x_sa2_sequence from sadb_x_sa2_reserved3 in the sadb_x_sa2 structure. Also the output of setkey is changed. sequence number of the sadb is replaced to the end of the output. Obtained from: KAME
* do not play too much trick with evaluation order. from netbsdume2001-08-061-2/+2
| | | | Obtained from: KAME
* fixed to make a response in key_spdadd(). reported by <R.P.Koster@kpn.com>ume2001-08-061-2/+2
| | | | Obtained from: KAME
* merged key_cmpsaidx_*.ume2001-08-061-149/+60
| | | | Obtained from: KAME
* Sync with recent KAME.ume2001-06-117-270/+799
| | | | | | | | | | | | | | | | | | This work was based on kame-20010528-freebsd43-snap.tgz and some critical problem after the snap was out were fixed. There are many many changes since last KAME merge. TODO: - The definitions of SADB_* in sys/net/pfkeyv2.h are still different from RFC2407/IANA assignment because of binary compatibility issue. It should be fixed under 5-CURRENT. - ip6po_m member of struct ip6_pktopts is no longer used. But, it is still there because of binary compatibility issue. It should be removed under 5-CURRENT. Reviewed by: itojun Obtained from: KAME MFC after: 3 weeks
* Remove unneeded includes of sys/ipl.h and machine/ipl.h.jhb2001-05-151-2/+0
|
* Undo part of the tangle of having sys/lock.h and sys/mutex.h included inmarkm2001-05-011-5/+7
| | | | | | | | | | | other "system" header files. Also help the deprecation of lockmgr.h by making it a sub-include of sys/lock.h and removing sys/lockmgr.h form kernel .c files. Sort sys/*.h includes where possible in affected files. OK'ed by: bde (with reservations)
* fixed possibility of panic at key_acquire().ume2001-01-141-9/+8
| | | | | | key_acquire() does not require a secpolicy structure. Obtained from: KAME
* Revert previous commit after discussion with phk.kris2000-10-301-0/+1
|
* Remove unneeded #include <sys/proc.h> lines.phk2000-10-291-1/+0
|
* Convert all users of fldoff() to offsetof(). fldoff() is badphk2000-10-271-3/+0
| | | | | | | | | | | | | | | | | | | | | | | because it only takes a struct tag which makes it impossible to use unions, typedefs etc. Define __offsetof() in <machine/ansi.h> Define offsetof() in terms of __offsetof() in <stddef.h> and <sys/types.h> Remove myriad of local offsetof() definitions. Remove includes of <stddef.h> in kernel code. NB: Kernelcode should *never* include from /usr/include ! Make <sys/queue.h> include <machine/ansi.h> to avoid polluting the API. Deprecate <struct.h> with a warning. The warning turns into an error on 01-12-2000 and the file gets removed entirely on 01-01-2001. Paritials reviews by: various. Significant brucifications by: bde
* make sure we have IV that is random enough. memory allocator onume2000-08-281-5/+9
| | | | | | some of platforms give us almost constant number (oops). Obtained from: KAME
* Replace the mbuf external reference counting code with somethingdwmalone2000-08-191-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | that should be better. The old code counted references to mbuf clusters by using the offset of the cluster from the start of memory allocated for mbufs and clusters as an index into an array of chars, which did the reference counting. If the external storage was not a cluster then reference counting had to be done by the code using that external storage. NetBSD's system of linked lists of mbufs was cosidered, but Alfred felt it would have locking issues when the kernel was made more SMP friendly. The system implimented uses a pool of unions to track external storage. The union contains an int for counting the references and a pointer for forming a free list. The reference counts are incremented and decremented atomically and so should be SMP friendly. This system can track reference counts for any sort of external storage. Access to the reference counting stuff is now through macros defined in mbuf.h, so it should be easier to make changes to the system in the future. The possibility of storing the reference count in one of the referencing mbufs was considered, but was rejected 'cos it would often leave extra mbufs allocated. Storing the reference count in the cluster was also considered, but because the external storage may not be a cluster this isn't an option. The size of the pool of reference counters is available in the stats provided by "netstat -m". PR: 19866 Submitted by: Bosko Milekic <bmilekic@dsuper.net> Reviewed by: alfred (glanced at by others on -net)
* Add missing #include to unbreak IPSEC_DEBUG buildskris2000-07-071-0/+1
| | | | Submitted by: Jim Bloom <bloom@reyim.ne.mediaone.net>
* sync with kame tree as of july00. tons of bug fixes/improvements.itojun2000-07-049-2174/+4463
| | | | | | | API changes: - additional IPv6 ioctls - IPsec PF_KEY API was changed, it is mandatory to upgrade setkey(8). (also syntax change)
* Check for MGET* returning NULL and return ENOBUFS in this case.jlemon2000-06-101-2/+8
| | | | Submitted by: Bosko Milekic <bmilekic@technokratis.com>
* Back out the previous change to the queue(3) interface.jake2000-05-262-9/+9
| | | | | | It was not discussed and should probably not happen. Requested by: msmith and others
* Change the way that the queue(3) structures are declared; don't assume thatjake2000-05-232-9/+9
| | | | | | | | the type argument to *_HEAD and *_ENTRY is a struct. Suggested by: phk Reviewed by: phk Approved by: mdodd
* comment the string after #endifshin2000-01-151-1/+1
| | | | Specified by: bde
* Change struct sockaddr_storage member name, because following changeshin2000-01-132-43/+43
| | | | | | | | | | | | is very likely to become consensus as recent ietf/ipng mailing list discussion. Also recent KAME repository and other KAME patched BSDs also applied it. s/__ss_family/ss_family/ s/__ss_len/ss_len/ Makeworld is confirmed, and no application should be affected by this change yet.
* Change #ifdef KERNEL to #ifdef _KERNEL in the public headers. "KERNEL"peter1999-12-295-26/+20
| | | | | | is an application space macro and the applications are supposed to be free to use it as they please (but cannot). This is consistant with the other BSD's who made this change quite some time ago. More commits to come.
OpenPOWER on IntegriCloud