summaryrefslogtreecommitdiffstats
path: root/sys/netkey
Commit message (Collapse)AuthorAgeFilesLines
* Merge netipsec/key.c:1.17 into KAME pfkey implementation:rwatson2004-09-301-5/+0
| | | | | | | | | | | | | | | date: 2004/09/26 02:01:27; author: sam; state: Exp; lines: +0 -5 Correct handling of SADB_UPDATE and SADB_ADD requests. key_align may split the mbuf due to use of m_pulldown. Discarding the result because of this does not make sense as no subsequent code depends on the entire msg being linearized (only the individual pieces). It's likely something else is wrong here but for now this appears to get things back to a working state. Submitted by: Roselyn Lee This change was also made in the KAME CVS repository as key.c:1.337 by itojun.
* The KAME IPSEC implementation at one point used its own pseudo-randomrwatson2004-09-021-22/+0
| | | | | | | | number generator, which was re-seeded via a timeout. Now centralized randomness/entropy is used, we can garbage collect the timeout and re-seeding code (which was largely a no-op). Discussed with: itojun, suz, JINMEI Tatuya < jinmei at isl dot rdc dot toshiba dot co dot jp >
* Semi-gratuitous white space synchronization with KAME tree: to reducerwatson2004-08-271-10/+12
| | | | | | diffs against #ifdef'd version of IPSEC, use "struct thread *p" rather than "struct proc *p", fix some white space, and make some already inconsistent white space inconsiste differently.
* Diff reduce against KAME: minor white space synchronization to KAMErwatson2004-08-271-4/+4
| | | | tree.
* Merge next step in socket buffer locking:rwatson2004-06-211-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - sowakeup() now asserts the socket buffer lock on entry. Move the call to KNOTE higher in sowakeup() so that it is made with the socket buffer lock held for consistency with other calls. Release the socket buffer lock prior to calling into pgsigio(), so_upcall(), or aio_swake(). Locking for this event management will need revisiting in the future, but this model avoids lock order reversals when upcalls into other subsystems result in socket/socket buffer operations. Assert that the socket buffer lock is not held at the end of the function. - Wrapper macros for sowakeup(), sorwakeup() and sowwakeup(), now have _locked versions which assert the socket buffer lock on entry. If a wakeup is required by sb_notify(), invoke sowakeup(); otherwise, unconditionally release the socket buffer lock. This results in the socket buffer lock being released whether a wakeup is required or not. - Break out socantsendmore() into socantsendmore_locked() that asserts the socket buffer lock. socantsendmore() unconditionally locks the socket buffer before calling socantsendmore_locked(). Note that both functions return with the socket buffer unlocked as socantsendmore_locked() calls sowwakeup_locked() which has the same properties. Assert that the socket buffer is unlocked on return. - Break out socantrcvmore() into socantrcvmore_locked() that asserts the socket buffer lock. socantrcvmore() unconditionally locks the socket buffer before calling socantrcvmore_locked(). Note that both functions return with the socket buffer unlocked as socantrcvmore_locked() calls sorwakeup_locked() which has similar properties. Assert that the socket buffer is unlocked on return. - Break out sbrelease() into a sbrelease_locked() that asserts the socket buffer lock. sbrelease() unconditionally locks the socket buffer before calling sbrelease_locked(). sbrelease_locked() now invokes sbflush_locked() instead of sbflush(). - Assert the socket buffer lock in socket buffer sanity check functions sblastrecordchk(), sblastmbufchk(). - Assert the socket buffer lock in SBLINKRECORD(). - Break out various sbappend() functions into sbappend_locked() (and variations on that name) that assert the socket buffer lock. The !_locked() variations unconditionally lock the socket buffer before calling their _locked counterparts. Internally, make sure to call _locked() support routines, etc, if already holding the socket buffer lock. - Break out sbinsertoob() into sbinsertoob_locked() that asserts the socket buffer lock. sbinsertoob() unconditionally locks the socket buffer before calling sbinsertoob_locked(). - Break out sbflush() into sbflush_locked() that asserts the socket buffer lock. sbflush() unconditionally locks the socket buffer before calling sbflush_locked(). Update panic strings for new function names. - Break out sbdrop() into sbdrop_locked() that asserts the socket buffer lock. sbdrop() unconditionally locks the socket buffer before calling sbdrop_locked(). - Break out sbdroprecord() into sbdroprecord_locked() that asserts the socket buffer lock. sbdroprecord() unconditionally locks the socket buffer before calling sbdroprecord_locked(). - sofree() now calls socantsendmore_locked() and re-acquires the socket buffer lock on return. It also now calls sbrelease_locked(). - sorflush() now calls socantrcvmore_locked() and re-acquires the socket buffer lock on return. Clean up/mess up other behavior in sorflush() relating to the temporary stack copy of the socket buffer used with dom_dispose by more properly initializing the temporary copy, and selectively bzeroing/copying more carefully to prevent WITNESS from getting confused by improperly initialized mutexes. Annotate why that's necessary, or at least, needed. - soisconnected() now calls sbdrop_locked() before unlocking the socket buffer to avoid locking overhead. Some parts of this change were: Submitted by: sam Sponsored by: FreeBSD Foundation Obtained from: BSD/OS
* avoid duplicate free.ume2004-01-251-3/+3
| | | | | | | (though KAME doesn't decide how to fix it yet, I once commit it to be in time for 5.2.1-RELEASE.) Submitted by: itojun
* invalidate secpolicy pcb cache on key_timehandler. part ofume2004-01-141-0/+3
| | | | | | | http://sources.zabbadoz.net/freebsd/patchset/110-ipsec-netkey-key.diff Submitted by: "Bjoern A. Zeeb" <bzeeb+freebsd@zabbadoz.net> Reviewed by: itojun
* add missing key_freesp()s. part ofume2004-01-141-1/+4
| | | | | | | | | http://sources.zabbadoz.net/freebsd/patchset/110-ipsec-netkey-key.diff with some modification. Submitted by: "Bjoern A. Zeeb" <bzeeb+freebsd@zabbadoz.net> Reviewed by: itojun Obtained from: KAME
* don't touch after free.ume2003-12-101-2/+3
|
* use callout_*() rather than timeout().ume2003-12-071-2/+5
|
* missing splx.ume2003-11-281-0/+1
| | | | | | | this is a NOOP change, and primarily merged for consistency with -STABLE. Approved by: re (rwatson)
* Introduce a MAC label reference in 'struct inpcb', which cachesrwatson2003-11-181-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | the MAC label referenced from 'struct socket' in the IPv4 and IPv6-based protocols. This permits MAC labels to be checked during network delivery operations without dereferencing inp->inp_socket to get to so->so_label, which will eventually avoid our having to grab the socket lock during delivery at the network layer. This change introduces 'struct inpcb' as a labeled object to the MAC Framework, along with the normal circus of entry points: initialization, creation from socket, destruction, as well as a delivery access control check. For most policies, the inpcb label will simply be a cache of the socket label, so a new protocol switch method is introduced, pr_sosetlabel() to notify protocols that the socket layer label has been updated so that the cache can be updated while holding appropriate locks. Most protocols implement this using pru_sosetlabel_null(), but IPv4/IPv6 protocols using inpcbs use the the worker function in_pcbsosetlabel(), which calls into the MAC Framework to perform a cache update. Biba, LOMAC, and MLS implement these entry points, as do the stub policy, and test policy. Reviewed by: sam, bms Obtained from: TrustedBSD Project Sponsored by: DARPA, Network Associates Laboratories
* add sysctl MIB net.key.esp_auth which was wrongly droppedume2003-11-131-0/+6
| | | | during recent KAME merge.
* ipsec_esp_auth is unused when IPSEC_ESP is not defined.ume2003-11-111-0/+2
| | | | Reported by: Andre Oppermann <oppermann@pipeline.ch>
* - cleanup SP refcnt issue.ume2003-11-045-544/+771
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - share policy-on-socket for listening socket. - don't copy policy-on-socket at all. secpolicy no longer contain spidx, which saves a lot of memory. - deep-copy pcb policy if it is an ipsec policy. assign ID field to all SPD entries. make it possible for racoon to grab SPD entry on pcb. - fixed the order of searching SA table for packets. - fixed to get a security association header. a mode is always needed to compare them. - fixed that the incorrect time was set to sadb_comb_{hard|soft}_usetime. - disallow port spec for tunnel mode policy (as we don't reassemble). - an user can define a policy-id. - clear enc/auth key before freeing. - fixed that the kernel crashed when key_spdacquire() was called because key_spdacquire() had been implemented imcopletely. - preparation for 64bit sequence number. - maintain ordered list of SA, based on SA id. - cleanup secasvar management; refcnt is key.c responsibility; alloc/free is keydb.c responsibility. - cleanup, avoid double-loop. - use hash for spi-based lookup. - mark persistent SP "persistent". XXX in theory refcnt should do the right thing, however, we have "spdflush" which would touch all SPs. another solution would be to de-register persistent SPs from sptree. - u_short -> u_int16_t - reduce kernel stack usage by auto variable secasindex. - clarify function name confusion. ipsec_*_policy -> ipsec_*_pcbpolicy. - avoid variable name confusion. (struct inpcbpolicy *)pcb_sp, spp (struct secpolicy **), sp (struct secpolicy *) - count number of ipsec encapsulations on ipsec4_output, so that we can tell ip_output() how to handle the packet further. - When the value of the ul_proto is ICMP or ICMPV6, the port field in "src" of the spidx specifies ICMP type, and the port field in "dst" of the spidx specifies ICMP code. - avoid from applying IPsec transport mode to the packets when the kernel forwards the packets. Tested by: nork Obtained from: KAME
* correct %d/%u mismatch.ume2003-11-022-11/+11
| | | | Obtained from: KAME
* exit(3) with negative value does not make sense'ume2003-11-021-1/+1
| | | | Obtained from: KAME
* make debugging with "setkey -x" a lot easier.ume2003-11-021-4/+97
| | | | Obtained from: KAME
* cleanup secasvar management; refcnt is key.c responsibility;ume2003-11-023-99/+66
| | | | | | alloc/free is keydb.c responsibility. Obtained from: KAME
* - do not quit from key_sendup() even if writes to non-targetume2003-11-022-95/+10
| | | | | | | | | socket fails. - remove an unneeded function. - fix pfkey stat. - fix comment. Obtained from: KAME
* mib name was changed by fixing a spelling.ume2003-10-281-1/+1
| | | | | | net.key.prefered_oldsa -> net.key.preferred_oldsa Obtained from: KAME
* drop the code of HAVE_NRL_INPCB part. our system doesn'tume2003-10-221-10/+0
| | | | use NRL style INPCB.
* nuke unused ICMPV6CTL_NAMES and KEYCTL_NAMES macros.ume2003-10-071-17/+1
|
* Reduce diffs against KAME. No functional change.ume2003-09-301-15/+7
| | | | Obtained from: KAME
* Reduce diffs against KAME. No functional change.ume2003-09-302-9/+4
| | | | Obtained from: KAME
* Sync style and comments with latest KAME to reduce diffs.ume2003-09-301-71/+64
| | | | | | No functional change. Obtained from: KAME
* add /*CONSTCOND*/ to reduce diffs against latest KAME.ume2003-09-252-8/+8
| | | | Obtained from: KAME
* panic() doesn't need `\n'.ume2003-09-253-72/+72
| | | | Obtained from: KAME
* Use __FBSDID().obrien2003-06-114-4/+12
|
* Introduce an M_ASSERTPKTHDR() macro which performs the very common taskdes2003-04-081-2/+1
| | | | | | | of asserting that an mbuf has a packet header. Use it instead of hand- rolled versions wherever applicable. Submitted by: Hiten Pandya <hiten@unixdaemons.com>
* Back out M_* changes, per decision of the TRB.imp2003-02-192-27/+27
| | | | Approved by: trb
* Comment out srandom():ache2003-02-051-1/+2
| | | | | 1) Already called in init_main.c:proc0_post() 2) Seed is bad
* Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0.alfred2003-01-212-27/+27
| | | | Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.
* "struct route" is not sufficient. NetBSD PR 18751ume2003-01-082-1/+6
| | | | | Obtained from: KAME MFC after: 1 days
* Correct typos, mostly s/ a / an / where appropriate. Some whitespace cleanup,schweikh2003-01-011-4/+4
| | | | especially in troff files.
* o Untangle the confusion with the malloc flags {M_WAITOK, M_NOWAIT} andbmilekic2002-12-191-1/+1
| | | | | | | | | | the mbuf allocator flags {M_TRYWAIT, M_DONTWAIT}. o Fix a bpf_compat issue where malloc() was defined to just call bpf_alloc() and pass the 'canwait' flag(s) along. It's been changed to call bpf_alloc() but pass the corresponding M_TRYWAIT or M_DONTWAIT flag (and only one of those two). Submitted by: Hiten Pandya <hiten@unixdaemons.com> (hiten->commit_count++)
* - fixed the order of searching SA table for packets.ume2002-07-101-20/+47
| | | | | | | | - comment about deletion of SA that has not been used by reaching soft lifetime. Obtained from: KAME MFC after: 2 week
* Remove so*_locked(), which were backed out by mistake.tanimura2002-06-181-1/+1
|
* Back out my lats commit of locking down a socket, it conflicts with hsu's work.tanimura2002-05-311-5/+1
| | | | Requested by: hsu
* pacify gcc-3.1's -Wunused checking.peter2002-05-241-1/+4
|
* Lock down a socket, milestone 1.tanimura2002-05-201-1/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | o Add a mutex (sb_mtx) to struct sockbuf. This protects the data in a socket buffer. The mutex in the receive buffer also protects the data in struct socket. o Determine the lock strategy for each members in struct socket. o Lock down the following members: - so_count - so_options - so_linger - so_state o Remove *_locked() socket APIs. Make the following socket APIs touching the members above now require a locked socket: - sodisconnect() - soisconnected() - soisconnecting() - soisdisconnected() - soisdisconnecting() - sofree() - soref() - sorele() - sorwakeup() - sotryfree() - sowakeup() - sowwakeup() Reviewed by: alfred
* Redo the sigio locking.alfred2002-05-011-5/+0
| | | | | | | | | | | Turn the sigio sx into a mutex. Sigio lock is really only needed to protect interrupts from dereferencing the sigio pointer in an object when the sigio itself is being destroyed. In order to do this in the most unintrusive manner change pgsigio's sigio * argument into a **, that way we can lock internally to the function.
* Revert the change of #includes in sys/filedesc.h and sys/socketvar.h.tanimura2002-04-301-1/+3
| | | | | | | | | | Requested by: bde Since locking sigio_lock is usually followed by calling pgsigio(), move the declaration of sigio_lock and the definitions of SIGIO_*() to sys/signalvar.h. While I am here, sort include files alphabetically, where possible.
* Add a global sx sigio_lock to protect the pointer to the sigio objecttanimura2002-04-271-1/+3
| | | | | | | | | | of a socket. This avoids lock order reversal caused by locking a process in pgsigio(). sowakeup() and the callers of it (sowwakeup, soisconnected, etc.) now require sigio_lock to be locked. Provide sowwakeup_locked(), soisconnected_locked(), and so on in case where we have to modify a socket and wake up a process atomically.
* just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD.suz2002-04-192-5/+5
| | | | | | | (based on freebsd4-snap-20020128) Reviewed by: ume MFC after: 1 week
* Remove __P.alfred2002-03-208-175/+172
|
* missing splxume2002-03-011-0/+1
| | | | | Obtained from: KAME MFC after: 1 week
* (when new sa is preferred than old sa)ume2002-03-011-9/+9
| | | | | | | even if we fail to send pfkey message, remove the old sa. Obtained from: KAME MFC after: 1 week
* Fix warningspeter2002-02-282-8/+8
|
* Lock struct pgrp, session and sigio.tanimura2002-02-231-4/+14
| | | | | | | | | | | | | | | | | | | | | | | | | New locks are: - pgrpsess_lock which locks the whole pgrps and sessions, - pg_mtx which protects the pgrp members, and - s_mtx which protects the session members. Please refer to sys/proc.h for the coverage of these locks. Changes on the pgrp/session interface: - pgfind() needs the pgrpsess_lock held. - The caller of enterpgrp() is responsible to allocate a new pgrp and session. - Call enterthispgrp() in order to enter an existing pgrp. - pgsignal() requires a pgrp lock held. Reviewed by: jhb, alfred Tested on: cvsup.jp.FreeBSD.org (which is a quad-CPU machine running -current)
OpenPOWER on IntegriCloud