summaryrefslogtreecommitdiffstats
path: root/sys/netinet/ip_ipsp.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Remove kernfs, okay deraadt@.pedro2005-11-241-379/+1
|
* Add SA replay counter synchronization to pfsync(4). Required for IPsecho2005-05-281-6/+2
| | | | failover gateways. ok mcbride@, "looks good" hshoexer@
* long overdue snprintf cleanup in kernfs related codehshoexer2005-05-271-74/+149
| | | | ok cloder
* handle return value of snprintf correctlyhshoexer2005-04-211-1/+3
| | | | ok deraadt@
* Plug memory leak. Found by pat@. Thanks!hshoexer2004-11-191-40/+45
| | | | ok myself markus@
* First step towards more sane time handling in the kernel -- this changestholo2004-06-211-14/+14
| | | | | | | | things such that code that only need a second-resolution uptime or wall time, and used to get that from time.tv_secs or mono_time.tv_secs now get this from separate time_t globals time_second and time_uptime. ok art@ niklas@ nordin@
* simpler ipsp_aux_match() API; ok henning, hshoexermarkus2004-04-141-23/+25
|
* in gettdbbysrcdst(), allow matching with either src or dst beeing a wildcardhenning2004-03-311-3/+21
| | | | | (emtpy) entry ok markus@
* check TDBF_INVALID for TCP MD5 SA lookups; ok mcbride, henningmarkus2004-02-151-4/+5
|
* in gettdbbysrcdst(): hash by SRC and lookup SA in the tdbsrc[] hash tablemarkus2004-01-271-6/+8
| | | | with hshoexer@
* add gettdbbysrcdst(), just like gettdb(), but compares tdb_src as well; ok mcbride@markus2004-01-221-1/+28
|
* UDP encapsulation for ESP in transport mode (draft-ietf-ipsec-udp-encaps-XX.txt)markus2003-12-021-1/+8
| | | | ok deraadt@
* string cleaning; ok teduderaadt2003-05-091-76/+122
|
* string cleaning; tedu okderaadt2003-05-061-50/+66
|
* Use queue.h macrosjason2002-11-191-8/+8
|
* whitespaceitojun2002-06-091-4/+4
|
* Comment out currently-unused code (it's there for the ethernet-ipsecangelos2002-06-091-13/+15
| | | | cards, none of which we support at the moment).
* Move some common code to separate routines; also, fix the problem ofangelos2002-05-311-70/+73
| | | | | | | | | using the same SA for different traffic classes. Now, different SAs will be renegotiated as needed. XXX It's a sub-optimal (but correct) solution, as it looks for an exact match -- it should be checking for subset/subnet. One of these days...
* First round of __P removal in sysmillert2002-03-141-8/+8
|
* Print compression algorithm name too.angelos2002-02-231-1/+5
|
* KNF whackderaadt2001-12-051-24/+23
|
* If the TDB doesn't have an attached src/dst ID, it can be used for anyangelos2001-10-031-9/+5
| | | | type of traffic.
* use %ll instead of %qderaadt2001-09-051-14/+14
|
* Remove IPCOMP option, it's now part of IPSEC option. You still need tojjbg2001-08-081-3/+1
| | | | enable ipcomp via sysctl to use it. deraadt@ ok.
* IPComp support. angelos@ ok.jjbg2001-07-051-2/+28
|
* Minor nits.angelos2001-06-271-45/+50
|
* Don't cache packets that hit policies -- we'll do that at the PCB forangelos2001-06-271-12/+7
| | | | local packets.
* Keep the PFKEY sequence number at the TDB, plus a little bit of KNFangelos2001-06-261-2/+3
|
* KNFangelos2001-06-261-973/+929
|
* Copyright.angelos2001-06-251-3/+3
|
* print mtu of tdb if discoveredprovos2001-06-241-1/+6
|
* Print TDBF_USEDTUNNEL in ipsp_kern()angelos2001-06-241-1/+2
|
* Having to update queue(3) for DLIST_* is a major PITA; thus, just useangelos2001-06-231-12/+12
| | | | SLIST and be done with it.
* Use DLIST for tags.angelos2001-06-231-12/+12
|
* Trim include files.angelos2001-06-081-10/+2
|
* Simplify SPD logic (and correct some input cases).angelos2001-06-071-54/+24
|
* That DPRINTF() is not needed.angelos2001-06-051-4/+1
|
* Clear acquires only if TDB was established correctly.angelos2001-06-051-2/+3
|
* Correct credential matching logic.angelos2001-06-051-17/+13
|
* use a faster arc4random() for random spi generation; angelos@ okmickey2001-06-041-5/+2
|
* Merge two m_copydata() calls into one, and (hopefully) correct theangelos2001-06-011-8/+17
| | | | self-describing padding verification.
* ipsp_parse_headers() goes down a list of IPv4/IPv6/AH/ESP headers andangelos2001-06-011-1/+221
| | | | | | | | | creates a tag for each of the ESP/AH headers. This will be used by IPsec-aware NIC device drivers that need to notify IPsec that crypto processing has already been done. There is an excessive amount of m_copydata() calls used by this routine, but there's no way around it that I can think of.
* IPSP_IDENTITY_MBOX -> IPSP_IDENTITY_FQDN, and print type of creds/authangelos2001-05-301-1/+13
| | | | in kernfs
* Free remote authentication material on TDB free.angelos2001-05-301-1/+7
|
* Free local auth on TDB free.angelos2001-05-301-1/+7
|
* Keep track of when a TDB was last marked/unmared as SKIPCRYPTO, andangelos2001-05-291-3/+18
| | | | print the relevant information on KERNFS.
* Add ipsp_skipcrypto_{mark,unmark}()angelos2001-05-291-1/+27
|
* ipsp_copy_ident() no longer needed.angelos2001-05-271-23/+1
|
* Simplify option printing. ok deraadt@angelos2001-05-221-71/+22
|
* Use a reference-counted structure for IPsec IDs and credentials, so weangelos2001-05-211-32/+50
| | | | can cheaply keep copies of them at the PCB. ok deraadt@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.