summaryrefslogtreecommitdiffstats
path: root/sys/net/pfkeyv2.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* when dumping policies, skip those attached to a socket.hshoexer2005-06-011-1/+5
| | | | ok ho
* Only protect IDs by suser()hshoexer2005-05-281-9/+6
| | | | ok ho
* Must convert back from IPPROTO_x to SADB_SATYPE_x. hshoexer@ okho2005-05-271-2/+7
|
* Use export_flow() to wrap policies retrieved via sysctl in pfkey messagehshoexer2005-05-271-23/+200
| | | | ok ho markus
* AESCTR support for ESP (RFC 3686); ok hshoexermarkus2005-05-251-3/+9
|
* Make sure all fields in the SADB_DUMP header are zeroed properly. hshoexer@ ok.ho2005-05-241-3/+2
|
* support NULL encryption for ESP; ok hshoexer, homarkus2005-05-101-1/+2
|
* Add sysctl for dumping the SPDhshoexer2005-04-041-4/+42
| | | | ok deraadt, ok markus some time ago
* protect pfkeyv2_dump_walker with spltdb(). Noticed by mpech@, thanks!hshoexer2005-01-131-2/+6
| | | | ok ho@ markus@
* SADB_X_EXT_LIFETIME_LASTUSE is always definedmarkus2004-12-111-5/+1
|
* pass out the correct lifetime type on expiremarkus2004-12-111-4/+3
|
* count SADB_REGISTER only once per socketmarkus2004-12-111-3/+5
|
* fix ipsec crash from pr 4025, Stefan Miltchev; ok hshoexer@markus2004-12-101-2/+7
|
* tiny knf, no binary change.hshoexer2004-11-291-5/+6
| | | | ok otto jsg henning pat markus deraadt fgs
* implement net.key.v2.sadb_dump.{unspec,esp,ah,...} sysctl subtreemarkus2004-11-261-4/+107
| | | | and use sysctl for 'ipsecadm show'; ok deraadt
* Plug memory leak. Found by pat@. Thanks!hshoexer2004-11-191-5/+11
| | | | ok myself markus@
* Add SADB_X_EXT_LIFETIME_LASTUSE for use with isakmpd/DPD, adding thisho2004-08-101-15/+27
| | | | extends the bitmap to 64bits. Also repair SADB_GET. hshoexer@ ok.
* don't accept SADB_X_EXT_UDPENCAP if encapsulation is disabled; ok ho@markus2004-06-211-7/+9
|
* UDP encapsulation for ESP in transport mode (draft-ietf-ipsec-udp-encaps-XX.txt)markus2003-12-021-1/+28
| | | | ok deraadt@
* conform to RFC2367 on SADB_xx naming (local name must be prefixed withitojun2003-07-241-9/+9
| | | | SADB_X_xx)
* hmac-sha2-{256,384,512} support in AH/ESP auth. markus okitojun2003-07-241-4/+22
|
* KNFderaadt2003-02-161-118/+118
|
* KNFjason2003-02-161-1578/+1457
|
* skeleton support for LZS compressionjason2003-02-151-3/+7
|
* fix potential NULL pointer deref. From: tedu <grendel@zeitbombe.org>itojun2002-07-311-13/+9
|
* Add flow type arg to import_flow()ho2002-06-071-4/+10
|
* Pass authentication information (if available) in ACQUIRE message.angelos2002-05-311-100/+115
|
* Fix crashes associated with SADB_GET/SADB_DUMP --- memory was notangelos2002-03-031-1/+7
| | | | | allocated on outgoing message for encryption/authentication keys --- from umaraghunath@hotmail.com
* Correctly initialize the compression case.angelos2002-02-211-3/+3
|
* It looks like there has been one crack smoking and a few cut and pastes.art2002-01-231-2/+2
| | | | | PR_FREEHEADER should not be set in pool_init by the caller. It shouldn't be set in pool_init at all. Besides, it's going away soon anyway.
* Pool deals fairly well with physical memory shortage, but it doesn't dealart2002-01-231-3/+2
| | | | | | | | | | | | | | | | | | well (not at all) with shortages of the vm_map where the pages are mapped (usually kmem_map). Try to deal with it: - group all information the backend allocator for a pool in a separate struct. The pool will only have a pointer to that struct. - change the pool_init API to reflect that. - link all pools allocating from the same allocator on a linked list. - Since an allocator is responsible to wait for physical memory it will only fail (waitok) when it runs out of its backing vm_map, carefully drain pools using the same allocator so that va space is freed. (see comments in code for caveats and details). - change pool_reclaim to return if it actually succeeded to free some memory, use that information to make draining easier and more efficient. - get rid of PR_URGENT, noone uses it.
* Actually, move the check inside the switch.angelos2001-08-051-9/+6
|
* Only flush the policies if the message type is UNSPEC.angelos2001-08-051-5/+8
|
* Indentation.ho2001-07-061-10/+10
|
* IPComp. angelos@ ok.jjbg2001-07-051-2/+55
|
* Don't bzero() after doing a TAILQ_INIT()...angelos2001-06-271-3/+2
|
* Initialize acquire state list in newly allocated policy.angelos2001-06-271-1/+3
|
* Don't cache packets that hit policies -- we'll do that at the PCB forangelos2001-06-271-2/+6
| | | | local packets.
* Use pool(9) for IPsec policy structures.angelos2001-06-261-7/+16
|
* Keep the PFKEY sequence number at the TDB, plus a little bit of KNFangelos2001-06-261-2/+2
|
* Only delete/modify flows with the IPSP_POLICY_STATIC flag if the appropriateangelos2001-06-081-36/+47
| | | | flag is set in the protocol message.
* Trim some unnecessary includes.angelos2001-06-081-6/+1
|
* Fork out some of the code in pfkeyv2.c to pfkeyv2_convert.c, to makeangelos2001-06-081-611/+1
| | | | the former more managable/readable (an almost impossible task).
* On a pfkeyv2_get(), allocate enough room for the extra stuff we storeangelos2001-06-071-1/+13
| | | | in the SA.
* repair copyright notices for NRL & cmetz; cmetzderaadt2001-06-051-17/+68
|
* Make our pfkeyv2.h more RFC2367 compliant. Also fix some backwardsniklas2001-06-051-45/+45
| | | | | compatibility problems in isakmpd, at least 2.8 stable can compile current isakmpd now. angelos@ ok
* MBOX->USERFQDN, noticed by markus@angelos2001-05-301-5/+5
|
* Import/export authentication information for SA.angelos2001-05-301-15/+162
|
* Use a reference-counted structure for IPsec IDs and credentials, so weangelos2001-05-211-106/+89
| | | | can cheaply keep copies of them at the PCB. ok deraadt@
* Use the new M_* malloc typesangelos2001-05-051-45/+46
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.