summaryrefslogtreecommitdiffstats
path: root/sys/netinet/ip_esp.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* we don't have to cast to caddr_t when calling m_copydata anymore.dlg2021-02-251-4/+4
| | | | | | | | | | | | | | | | the first cut of this diff was made with coccinelle using this spatch: @rule@ type caddr_t; expression m, off, len, cp; @@ -m_copydata(m, off, len, (caddr_t)cp) +m_copydata(m, off, len, cp) i had fix it's opinionated idea of formatting by hand though, so i'm not sure it was worth it. ok deraadt@ bluhm@
* Make sure the first packet of an SA has sequence number 1 (as described intobhe2020-12-181-5/+6
| | | | | | | RFC 4302 and RFC 4303). It seems this was changed by accident when support for 64 bit sequence numbers was added. ok bluhm@ patrick@
* Use ESP sequence number as IV for AES-CTR, AES-GCM and Chacha20.tobhe2020-12-161-2/+10
| | | | | | | This eliminates the risk for IV reuse because of random collisions and increases performance a little. ok patrick@ markus@
* remove the "copy function" argument to bpf_mtap_hdr.dlg2019-09-301-2/+2
| | | | | | | | it was previously (ab)used by pflog, which has since been fixed. apart from that nothing else used it, so we can trim the cruft. ok kn@ claudio@ visa@ visa@ also made sure i fixed ipw(4) so i386 won't break.
* Add per-TDB counters and a new SADB extension to export them tompi2018-08-281-3/+6
| | | | | | userland. Inputs from markus@, ok sthen@
* Introduce ipsec_output_cb() to merge duplicate code and account formpi2018-07-121-57/+9
| | | | | | | | dropped packets in the output path. While here fix a memory leak when compression is not needed w/ IPcomp. ok markus@
* Convert AH & IPcomp to ipsec_input_cb() and count drops on input.mpi2018-07-111-2/+2
| | | | ok markus@
* Introduce new IPsec (per-CPU) statistics and refactor ESP inputmpi2018-07-101-47/+8
| | | | | | | | | | callbacks to be able to count dropped packet. Having more generic statistics will help troubleshooting problems with specific tunnels. Per-TDB counters are coming once all the refactoring bits are in. ok markus@
* Cleanup IPsec ESP error handling with consistent goto drop.bluhm2018-05-091-84/+79
| | | | with and OK markus@
* Do not assume that mbufs within a chain do not have M_PKTHDR set.bluhm2018-05-021-7/+20
| | | | | | | | | | This could happen during fragment reassembly. Better check if we are dealing with the first mbuf of the chain. m_adj() changes the length of the mbuf, obviously. So when using this length to calulate the amount of adjustment, do not calculate it again after m_adj() with wrong input. Use a temporary variable to save the value. from Maxime Villard, NetBSD; OK markus@ claudio@
* Make {ah,esp,ipcomp}stat use percpu counters.visa2017-11-081-36/+34
| | | | OK bluhm@, mpi@
* Use %s and __func__ in DPRINTF() to reduce false positive with grep(1).mpi2017-11-061-49/+48
| | | | ok kettenis@, dhill@, visa@, jca@
* Remove NET_LOCK()'s argument.mpi2017-08-111-14/+13
| | | | Tested by Hrvoje Popovski, ok bluhm@
* add sizes to free() callsderaadt2017-05-301-3/+3
|
* Switch OCF and IPsec over to the new AESmikeb2017-05-021-2/+2
| | | | ok djm
* Convert bcopy to memcpy where the memory does not overlap, otherwise,dhill2017-04-061-6/+7
| | | | | | | use memmove. While here, change some previous conversions to a simple assignment. ok deraadt@
* IPsec packets could be dropped unaccounted if output after cryptobluhm2017-02-071-3/+3
| | | | | failed. Add a counter for that case. OK dhill@
* Reduce the per-packet allocation costs for crypto operations (cryptop)patrick2017-02-071-7/+7
| | | | | | | | | | | | | | by pre-allocating two cryptodesc objects and storing them in an array instead of a linked list. If more than two cryptodesc objects are required use mallocarray to fetch them. Adapt the drivers to the new API. This change results in one pool-get per ESP packet instead of three. It also simplifies softraid crypto where more cryptodesc objects are allocated than used. From, with and ok markus@, ok bluhm@ "looks sane" mpi@
* The return code of crp_callback is never checked, so it is notbluhm2017-02-071-31/+21
| | | | | | | | useful to propagate the error. When an error occurs in an asynchronous network path, incrementing a counter is the right thing. There are four places where an error is not accounted, just add a comment for now. OK mpi@ visa@
* Grab the NET_LOCK() in various callbacks.mpi2017-01-091-8/+8
| | | | | | Fix an assert reported by Hrvoje Popovski. ok visa@, mikeb@
* Grab the NET_LOCK() before calling ipsp_process_done() as it ends upmpi2016-12-241-5/+5
| | | | | | in ip_output(). Found the hardway by and ok kettenis@
* convert bcopy to memcpy. from david hill.tedu2016-09-191-8/+8
|
* avoid extensive mbuf allocation for IPsec by replacing m_inject(4)markus2016-09-131-8/+9
| | | | with m_makespace(4) from freebsd; ok mpi@, bluhm@, mikeb@, dlg@
* fix panics caused by replacing m_copym2 with m_dup_pkt.dlg2016-08-181-14/+6
| | | | | | | | | | | | | | | | m_copym2 is fine duplicating an arbitrary chain of mbufs, while m_dup_pkt wants to dup a packet with proper headers in the first mbuf. ipsec copied the tail of an mbuf if any of the clusters are shared or readonly, and swapped that tail with the result of m_copym2. m_dup_pkt panics cos of that. this makes ipsec duplicate the whole packet if any of the chain is readonly. found by naddy@ and mlarkin@ this fix is from visa@ who told me to commit it cos he's afk (sleeping) tested by naddy@
* replace the last uses of m_copym2 with m_dup_pkt.dlg2016-08-151-2/+2
| | | | ok mpi@ visa@
* Sync no-argument function declaration and definition by adding (void).naddy2016-03-071-2/+2
| | | | ok mpi@ millert@
* Remove plain DES encryption from IPsec.naddy2015-12-091-5/+1
| | | | | | | | | | DES is insecure since brute force attacks are practical due to its short key length. This removes support for DES-CBC encryption in ESP and in IKE main and quick mode from the kernel, isakmpd(8), ipsecctl(8), and iked(8). ok mikeb@
* Plumb Chacha20-Poly1305 into the IPsec/ESP and PF_KEY frameworksmikeb2015-11-031-3/+19
| | | | ok naddy
* m_freem() can handle NULL, do not check for this condition beforehands.deraadt2015-07-151-5/+3
| | | | ok stsp mpi
* No need for an extra local variable; no functional change.mikeb2015-06-151-11/+9
|
* Use proper argument type for crp_callback functions; no functional change.mikeb2015-06-151-15/+11
|
* Stubs and support code for NIC-enabled IPsec bite the dust.mikeb2015-04-171-58/+22
| | | | No objection from reyk@, OK markus, hshoexer
* make ipsp_address thread safe; ok mpimikeb2015-04-141-33/+74
|
* unifdef INET in net code as a precursor to removing the pretend option.tedu2014-12-191-8/+1
| | | | | long live the one true internet. ok henning mikeb
* Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.mpi2014-12-051-1/+2
| | | | ok mikeb@, krw@, bluhm@, tedu@
* move arc4random prototype to systm.h. more appropriate for most codetedu2014-11-181-3/+1
| | | | to include that than rdnvar.h. ok deraadt dlg
* Fewer <netinet/in_systm.h> !mpi2014-07-221-2/+1
|
* add a size argument to free. will be used soon, but for now default to 0.tedu2014-07-121-12/+12
| | | | after discussions with beck deraadt kettenis.
* bpf code surgery / shuffling / simplification.henning2014-07-091-2/+2
| | | | | | | | | | | | | | | the various bpf_mtap_* are very similiar, they differ in what (and to some extent how) they prepend something, and what copy function they pass to bpf_catchpacket. use an internal _bpf_mtap as "backend" for bpf_mtap and friends. extend bpf_mtap_hdr so that it covers all common cases: if dlen is 0, nothing gets prepended. copy function can be given, if NULL the default bpf_mcopy is used. adjust the existing bpf_mtap_hdr users to pass a NULL ptr for the copy fn. re-implement bpf_mtap_af as simple wrapper for bpf_mtap_hdr. re-implement bpf_mtap_ether using bpf_map_hdr re-implement bpf_mtap_pflog as trivial bpf_mtap_hdr wrapper ok bluhm benno
* bzero/bcmp -> memset/memcmp. ok matthewtedu2014-01-091-8/+8
|
* Remove the extern keyword from function declarations, documentmpi2013-04-111-1/+4
| | | | | | | sysctl declarations, move variables and functions used in only one place in their corresponding file. No functional change. No objection from markus@, ok mikeb@
* Merge of an original work by markus@ and gerhard@ to increasemikeb2013-02-141-52/+43
| | | | | the anti-replay window size to 2100 entries; plus small ESN related improvements. ok markus
* simplify checkreplaywindow() API; make call/return code handling consistentmarkus2012-10-181-22/+44
| | | | ok mikeb@
* spltdb() was really just #define'd to be splsoftnet(); replace the formerblambert2012-09-201-3/+3
| | | | | | | | with the latter no change in md5 checksum of generated files ok claudio@ henning@
* remove the SADB_X_SAFLAGS_{HALFIV,RANDOMPADDING,NOREPLAY} pfkey-API (not setmarkus2012-09-181-82/+25
| | | | | anywhere) as well as the matching TDBF_{HALFIV,RANDOMPADDING,NOREPLAY} code. ok mikeb@
* Add support for the Extended (64-bit) Sequence Number as definedmikeb2012-06-291-45/+137
| | | | | | | | | | | | in RFC4302 and RFC4303. Right now only software crypto engine is capable of doing it. Replay check was rewritten to implement algorithm described in the Appendix A of RFC4303 and the window size was increased to 64. Tested against OpenBSD, Linux (strongswan) and Windows. No objection from the usual suspects.
* for key material that is being being discarded, convert bzero() toderaadt2011-01-111-3/+3
| | | | | explicit_bzero() where required ok markus mikeb
* don't leak mbuf if padding failes; ok mikeb@markus2010-12-211-1/+2
|
* Retire Skipjackmikeb2010-10-061-5/+1
| | | | | | | | | | | There's not much use for the declassified cipher from the 80's with a questionable license these days. According to the FIPS drafts, Skipjack reaches its EOL in December 2010. The libc portion will be removed after the ports hackathon. djm and thib agree, no objections from deraadt Thanks to jsg for digging up FIPS drafts.
* remove m_pad in favor of m_inject as it's equivalent to m_injectmikeb2010-09-231-77/+5
| | | | | | with an offset equal to the actual data length. ok henning blambert
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.