summaryrefslogtreecommitdiffstats
path: root/sys/net/pfkey.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* PFKEY version 2 is the only pfkey version supported. No need for extraclaudio2017-05-291-241/+0
| | | | | abstraction. First step of making PF_KEY a bit more like PF_ROUTE. OK mpi@
* There is only one version of pfkey in OpenBSD and this will not change anyclaudio2017-05-261-113/+18
| | | | | time soon so remove all the code to support multiple pfkey versions. OK mpi@
* Replace remaining splsoftassert(IPL_SOFTNET) by NET_ASSERT_LOCKED().mpi2017-05-161-2/+2
| | | | ok visa@
* Move PRU_ATTACH out of the pr_usrreq functions into pr_attach.claudio2017-03-131-14/+20
| | | | | | | Attach is quite a different thing to the other PRU functions and this should make locking a bit simpler. This also removes the ugly hack on how proto was passed to the attach function. OK bluhm@ and mpi@ on a previous version
* Convert the variable argument list of the pr_output functions tobluhm2017-03-031-9/+10
| | | | | fixed parameters. OK mpi@ claudio@ dhill@
* Convert domain declarations to C99 initializers.mpi2017-03-021-8/+4
| | | | ok dhill@, florian@, bluhm@
* Use c99 struct initialization with protosw.dhill2017-02-221-15/+7
| | | | | | | This makes it easier to grep for a member, such as .pr_usrreq, and know which functions to review. ok mpi@ bluhm@ jca@
* A space here, a space there. Soon we're talking real whitespacekrw2017-01-241-9/+9
| | | | rectification.
* The function raw_input() has not been called since netiso has beenbluhm2017-01-231-2/+2
| | | | | | | | | removed in 2004. The comment about raw_input() above rip_input() was added in 1981, but it is wrong since 1992. After that it has been copied to rip6_input(). (*pr_input)() is never called with the parameters (mbuf, sockproto, sockaddr, sockaddr). So retire raw_input(). OK guenther@ deraadt@
* Remove recursive splsoftnet() but use splsoftassert() instead.mpi2017-01-131-5/+3
| | | | Tested by Hrvoje Popovski, ok bluhm@
* m_free() and m_freem() test for NULL. Simplify callers which had their ownjsg2016-11-291-3/+2
| | | | | | NULL tests. ok mpi@
* Kill duplicated declarations.mpi2016-11-071-4/+1
|
* Kill raw_ctlinput() this function is INCOMPLETE since rev 1.1 and is notclaudio2016-09-051-2/+2
| | | | | needed. All callers using the protosw pr_ctlinput pointer do a NULL check before so there is no need to provide the function.
* replace the last uses of m_copym2 with m_dup_pkt.dlg2016-08-151-2/+2
| | | | ok mpi@ visa@
* slight knfdlg2016-03-221-3/+3
|
* Initialize the routing table before domains.mpi2015-10-071-3/+1
| | | | | | | | | | | | | | | | | | | | | | | The routing table is not an optional component of the network stack and initializing it inside the "routing domain" requires some ugly introspection in the domain interface. This put the rtable* layer at the same level of the if* level. These two subsystem are organized around the two global data structure used in the network stack: - the global &ifnet list, to be used in process context only, and - the routing table which can be read in interrupt context. This change makes the rtable_* layer domain-aware and extends the "struct domain" such that INET, INET6 and MPLS can specify the length of the binary key used in lookups. This allows us to keep, or move towards, AF-free route and rtable layers. While here stop the madness and pass the size of the maximum key length in *byte* to rn_inithead0(). ok claudio@, mikeb@
* Make every subsystem using a radix tree call rn_init() and pass thempi2015-09-041-3/+4
| | | | | | | | | | | | | | | length of the key as argument. This way every consumer of the radix tree has a chance to explicitly initialize the shared data structures and no longer rely on another subsystem to do the initialization. As a bonus ``dom_maxrtkey'' is no longer used an die. ART kernels should now be fully usable because pf(4) and IPSEC properly initialized the radix tree. ok chris@, reyk@
* Use a global table for domains instead of building a list at run time.mpi2015-08-301-2/+1
| | | | | | | As a side effect there's no need to run if_attachdomain() after the list of domains has been built. ok claudio@, reyk@
* manage spd entries by using the radix api directly instead ofblambert2015-07-171-16/+14
| | | | | | | | reaching around through the routing table original diff by myself, much improved by mikeb@ and mpi@ ok and testing mikeb@ mpi@
* More malloc() -> mallocarray() in the kernel.doug2014-12-091-2/+2
| | | | ok deraadt@ tedu@
* length argument for some free() calls; ok dougderaadt2014-11-231-2/+2
|
* remove uneeded route.h includesjsg2014-09-081-2/+2
| | | | ok miod@ mpi@
* add a size argument to free. will be used soon, but for now default to 0.tedu2014-07-121-4/+4
| | | | after discussions with beck deraadt kettenis.
* remove incorrect splnet usage in pfkey interfacemikeb2012-11-271-10/+2
| | | | | and make raw_usrreq do an splsoftnet on its own; joint work with david hill, ok claudio
* spltdb() was really just #define'd to be splsoftnet(); replace the formerblambert2012-09-201-2/+2
| | | | | | | | with the latter no change in md5 checksum of generated files ok claudio@ henning@
* Deal with the situation when TCP nfs mounts timeout and processesthib2008-05-231-10/+10
| | | | | | | | | | | | | get hung in nfs_reconnect() because they do not have the proper privilages to bind to a socket, by adding a struct proc * argument to sobind() (and the *_usrreq() routines, and finally in{6}_pcbbind) and do the sobind() with proc0 in nfs_connect. OK markus@, blambert@. "go ahead" deraadt@. Fixes an issue reported by bernd@ (Tested by bernd@). Fixes PR5135 too.
* Convert MALLOC/FREE to malloc/free and use M_ZERO where applicable.hshoexer2007-09-131-3/+2
| | | | ok krw@
* implement net.key.v2.sadb_dump.{unspec,esp,ah,...} sysctl subtreemarkus2004-11-261-1/+2
| | | | and use sysctl for 'ipsecadm show'; ok deraadt
* the rest of the '#if DIAGNOSTIC' -> '#ifdef DIAGNOSTIC' in the kernel; ok miod@todd2004-08-031-2/+2
|
* KNFderaadt2003-02-161-3/+3
|
* KNFjason2003-02-161-176/+183
|
* Use m_copym2 to copy the whole mbuf (cluster included) and notfgsch2002-12-111-2/+2
| | | | | | incrementing its reference. Fixes a m_zero panic reported by markus@ when pfdatatopacket returns a cluster. Tested by markus@, jason@ ok.
* Yet more include file cleanup.angelos2001-06-081-7/+2
|
* repair copyright notices for NRL & cmetz; cmetzderaadt2001-06-051-16/+68
|
* SPD-driven IPsec.angelos2000-09-191-0/+1
|
* Major style cleanup for pfkeyv2.cangelos2000-01-121-8/+0
|
* Introduce M_PFKEY kmem type, and use it. (angelos@ ok)ho1999-06-011-5/+5
|
* For hard expiration-pressure you need to protect PF_KEY socketniklas1999-05-211-1/+5
| | | | queueing with spltdb()
* Plug mbuf leakniklas1999-05-031-7/+21
|
* Introduce net.inet.{ah,esp}.enable sysctl controls that are off by default.niklas1999-04-111-25/+1
| | | | | | If you are going to use either of AH or ESP or both, enable these in /etc/sysctl.conf. Also correct the IPSec debugging sysctl code, it is now named net.inet.ip.encdebug. Some corrected function signatures too.
* Unnecessary ifdefangelos1999-02-251-4/+0
|
* Removed osdep.h dependencies.angelos1999-02-251-3/+17
|
* PF_KEY_V2, with local extensions for SPD management.angelos1999-02-241-0/+308
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.