Module Name:src
Committed By: knakahara
Date: Mon Oct 5 09:51:25 UTC 2020
Modified Files:
src/sys/netipsec: xform_esp.c
Log Message:
Make sequence number of esp header MP-safe for IPsec Tx side. reviewed by
ozaki-r@n.o
In IPsec Tx side, one Security Association can be u
Module Name:src
Committed By: knakahara
Date: Fri Mar 13 06:55:35 UTC 2020
Modified Files:
src/sys/netipsec: key.c
Log Message:
Fix kern/55066. Pointed out and fixed by Chuck Zmudzinski, thanks.
ok'ed by ozaki-r@n.o
To generate a diff of this commit:
cvs rdiff -u -r1.2
Module Name:src
Committed By: knakahara
Date: Fri Jan 31 06:54:19 UTC 2020
Modified Files:
src/sys/netipsec: ipsecif.c
Log Message:
Fix IPv6 over IPv4 ipsecif(4) uses IPv4 SP wrongly. Pointed out by ohishi@IIJ.
XXX pullup-8, pullup-9
To generate a diff of this commit:
Module Name:src
Committed By: knakahara
Date: Fri Apr 12 07:12:12 UTC 2019
Modified Files:
src/sys/netipsec: ipsecif.c
Log Message:
remove a variable which is no longer used.
To generate a diff of this commit:
cvs rdiff -u -r1.14 -r1.15 src/sys/netipsec/ipsecif.c
Please
Module Name:src
Committed By: maxv
Date: Tue Feb 26 06:52:34 UTC 2019
Modified Files:
src/sys/netipsec: keysock.c
Log Message:
Fix locking: it is fine if the lock is already key_so_mtx, this can happen
in socketpair. In that case don't take it.
Ok ozaki-r@
Reported-by: s
Module Name:src
Committed By: knakahara
Date: Wed Dec 26 08:58:51 UTC 2018
Modified Files:
src/sys/netipsec: ipsec_output.c ipsecif.c key.c
Log Message:
ipsecif(4) supports multiple peers in the same NAPT.
E.g. ipsec0 connects between NetBSD_A and NetBSD_B, ipsec1 connect
Module Name:src
Committed By: maxv
Date: Mon Dec 24 15:57:15 UTC 2018
Modified Files:
src/sys/netipsec: keysock.c keysock.h
Log Message:
Remove unused function.
To generate a diff of this commit:
cvs rdiff -u -r1.66 -r1.67 src/sys/netipsec/keysock.c
cvs rdiff -u -r1.11 -
Module Name:src
Committed By: knakahara
Date: Fri Dec 7 09:11:04 UTC 2018
Modified Files:
src/sys/netipsec: ipsecif.c
Log Message:
ipsecif(4) should not increment drop counter by errors not related to if_snd.
Pointed out by ozaki-r@n.o, thanks.
To generate a diff of th
Module Name:src
Committed By: maxv
Date: Sat Oct 27 05:42:23 UTC 2018
Modified Files:
src/sys/netipsec: ipsec.c ipsec.h ipsec_input.c
Log Message:
Localify one function, and switch to C99 types while here.
To generate a diff of this commit:
cvs rdiff -u -r1.165 -r1.166 s
Module Name:src
Committed By: ozaki-r
Date: Thu Aug 23 01:55:38 UTC 2018
Modified Files:
src/sys/netipsec: key.c
Log Message:
Don't call key_ismyaddr, which may sleep, in a pserialize read section
Use mutex here instead of pserialize because using mutex is simpler than
us
Module Name:src
Committed By: christos
Date: Wed Jul 4 19:20:25 UTC 2018
Modified Files:
src/sys/netipsec: key.c
Log Message:
merge duplicated code, more informative debugging.
To generate a diff of this commit:
cvs rdiff -u -r1.255 -r1.256 src/sys/netipsec/key.c
Pleas
Module Name:src
Committed By: maxv
Date: Thu May 31 15:34:25 UTC 2018
Modified Files:
src/sys/netipsec: ipsec_mbuf.c
Log Message:
Clarify, remove superfluous things.
To generate a diff of this commit:
cvs rdiff -u -r1.27 -r1.28 src/sys/netipsec/ipsec_mbuf.c
Please note
Module Name:src
Committed By: maxv
Date: Thu May 31 15:06:45 UTC 2018
Modified Files:
src/sys/netipsec: ipsec_output.c
Log Message:
Adapt rev1.75, suggested by Alexander Bluhm. Relax the checks to allow
protocols smaller than two bytes (only IPPROTO_NONE). While here style
Module Name:src
Committed By: maxv
Date: Thu May 31 06:25:41 UTC 2018
Modified Files:
src/sys/netipsec: xform_ah.c
Log Message:
Constify ipseczeroes, and remove one use of it.
To generate a diff of this commit:
cvs rdiff -u -r1.105 -r1.106 src/sys/netipsec/xform_ah.c
Pl
Module Name:src
Committed By: maxv
Date: Thu May 31 06:14:18 UTC 2018
Modified Files:
src/sys/netipsec: xform_esp.c
Log Message:
Add a comment and a KASSERT. I remember wondering whether this check was a
problem, since ARC4 has a blocksize of one. Normally ARC4 can't be us
Module Name:src
Committed By: maxv
Date: Thu May 31 05:52:09 UTC 2018
Modified Files:
src/sys/netipsec: xform_esp.c
Log Message:
style
To generate a diff of this commit:
cvs rdiff -u -r1.94 -r1.95 src/sys/netipsec/xform_esp.c
Please note that diffs are not public domain
Module Name:src
Committed By: maxv
Date: Wed May 30 18:02:41 UTC 2018
Modified Files:
src/sys/netipsec: xform_ah.c
Log Message:
Correctly handle the padding for IPv6-AH, as specified by RFC4302. Seen in
a FreeBSD bug report, by Jason Mader.
The RFC specifies that under IP
Module Name:src
Committed By: maxv
Date: Wed May 30 17:17:11 UTC 2018
Modified Files:
src/sys/netipsec: xform.h xform_ah.c xform_esp.c
Log Message:
Introduce ah_authsiz, which computes the length of the ICV only. Use it in
esp_hdrsiz, and clarify.
Until now we were using
Module Name:src
Committed By: maxv
Date: Wed May 30 16:49:38 UTC 2018
Modified Files:
src/sys/netipsec: xform_esp.c
Log Message:
Apply the previous change in esp_input too, same as esp_output.
To generate a diff of this commit:
cvs rdiff -u -r1.92 -r1.93 src/sys/netipsec
Module Name:src
Committed By: maxv
Date: Wed May 30 16:43:29 UTC 2018
Modified Files:
src/sys/netipsec: xform_esp.c
Log Message:
Remove dead code, 'espx' is never NULL and dereferenced earlier, so no need
to NULL-check all the time.
To generate a diff of this commit:
cvs
Module Name:src
Committed By: maxv
Date: Wed May 30 16:32:26 UTC 2018
Modified Files:
src/sys/netipsec: xform_esp.c
Log Message:
Simplify the padding computation. Until now 'padlen' contained the ESP
Trailer (two bytes), and we were doing minus two all the time.
Declare '
Module Name:src
Committed By: maxv
Date: Wed May 30 16:15:19 UTC 2018
Modified Files:
src/sys/netipsec: xform_esp.c
Log Message:
Rename padding -> padlen, pad -> tail, and clarify.
To generate a diff of this commit:
cvs rdiff -u -r1.89 -r1.90 src/sys/netipsec/xform_esp.c
Module Name:src
Committed By: maxv
Date: Tue May 29 16:50:38 UTC 2018
Modified Files:
src/sys/netipsec: xform_ah.c
Log Message:
Strengthen and simplify, once more.
To generate a diff of this commit:
cvs rdiff -u -r1.102 -r1.103 src/sys/netipsec/xform_ah.c
Please note th
Module Name:src
Committed By: ozaki-r
Date: Tue May 29 09:25:44 UTC 2018
Modified Files:
src/sys/netipsec: xform_ah.c
Log Message:
Fix non-INET6 builds
To generate a diff of this commit:
cvs rdiff -u -r1.101 -r1.102 src/sys/netipsec/xform_ah.c
Please note that diffs are
Module Name:src
Committed By: maxv
Date: Fri May 18 19:02:49 UTC 2018
Modified Files:
src/sys/netipsec: ipsec_input.c xform_ah.c xform_esp.c
Log Message:
IP6_EXTHDR_GET -> M_REGION_GET, no functional change.
To generate a diff of this commit:
cvs rdiff -u -r1.69 -r1.70 s
Module Name:src
Committed By: ozaki-r
Date: Mon May 14 02:16:30 UTC 2018
Modified Files:
src/sys/netipsec: xform_tcp.c
Log Message:
Restore TCP header inclusions for TCP_SIGNATURE
To generate a diff of this commit:
cvs rdiff -u -r1.20 -r1.21 src/sys/netipsec/xform_tcp.c
Module Name:src
Committed By: maxv
Date: Sun May 13 18:34:59 UTC 2018
Modified Files:
src/sys/netipsec: xform_ah.c xform_esp.c xform_ipcomp.c
Log Message:
Remove unused calls to nat_t_ports_get.
To generate a diff of this commit:
cvs rdiff -u -r1.99 -r1.100 src/sys/netip
Module Name:src
Committed By: maxv
Date: Fri May 11 15:43:07 UTC 2018
Modified Files:
src/sys/netipsec: xform_ah.c xform_esp.c
Log Message:
ENOBUFS -> EACCES when updating the replay counter.
To generate a diff of this commit:
cvs rdiff -u -r1.98 -r1.99 src/sys/netipsec/
Module Name:src
Committed By: maxv
Date: Fri May 11 13:50:38 UTC 2018
Modified Files:
src/sys/netipsec: xform_tcp.c
Log Message:
Clean up, and panic if we call functions that are not supposed to be
called.
To generate a diff of this commit:
cvs rdiff -u -r1.19 -r1.20 src
Module Name:src
Committed By: maxv
Date: Thu May 10 05:15:14 UTC 2018
Modified Files:
src/sys/netipsec: ipsec.c
Log Message:
Replace dumb code by M_VERIFY_PACKET. In fact, perhaps we should not even
call M_VERIFY_PACKET here, there is no particular reason for this place to
Module Name:src
Committed By: maxv
Date: Wed May 9 07:33:31 UTC 2018
Modified Files:
src/sys/netipsec: ipsecif.c
Log Message:
static const on ipsecif4_encapsw
To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 src/sys/netipsec/ipsecif.c
Please note that diffs
Module Name:src
Committed By: maxv
Date: Mon May 7 09:33:51 UTC 2018
Modified Files:
src/sys/netipsec: ipsec_output.c xform_ipip.c
Log Message:
Remove a dummy reference to XF_IP4, explain briefly why we don't use
ipe4_xformsw, and remove unused includes.
To generate a d
Module Name:src
Committed By: maxv
Date: Mon May 7 09:25:04 UTC 2018
Modified Files:
src/sys/netipsec: ipsec_output.c xform.h xform_ipip.c
Log Message:
Remove now unused 'isr', 'skip' and 'protoff' arguments from ipip_output.
To generate a diff of this commit:
cvs rdiff
Module Name:src
Committed By: maxv
Date: Mon May 7 09:16:46 UTC 2018
Modified Files:
src/sys/netipsec: ipsec_output.c xform.h xform_ah.c xform_esp.c
xform_ipcomp.c xform_ipip.c xform_tcp.c
Log Message:
Remove unused 'mp' argument from all the xf_output functio
Module Name:src
Committed By: maxv
Date: Mon May 7 09:08:06 UTC 2018
Modified Files:
src/sys/netipsec: xform.h xform_ipip.c
Log Message:
Clarify IPIP: ipe4_xformsw is not allowed to call ipip_output, so replace
the pointer by ipe4_output, which just panics. Group the ipe4
Module Name:src
Committed By: maxv
Date: Tue May 1 08:34:08 UTC 2018
Modified Files:
src/sys/netipsec: ipsec.h
Log Message:
Remove some more dead code.
To generate a diff of this commit:
cvs rdiff -u -r1.79 -r1.80 src/sys/netipsec/ipsec.h
Please note that diffs are not
Module Name:src
Committed By: maxv
Date: Tue May 1 08:27:13 UTC 2018
Modified Files:
src/sys/netipsec: xform_ah.c xform_esp.c
Log Message:
When IP6_EXTHDR_GET fails, return ENOBUFS, and don't log an error (HDROPS
is not supposed to be used here).
To generate a diff of t
Module Name:src
Committed By: maxv
Date: Tue May 1 08:16:34 UTC 2018
Modified Files:
src/sys/netipsec: xform_ah.c xform_esp.c
Log Message:
When the replay check fails, return EACCES instead of ENOBUFS.
To generate a diff of this commit:
cvs rdiff -u -r1.95 -r1.96 src/sy
Module Name:src
Committed By: maxv
Date: Tue May 1 08:13:37 UTC 2018
Modified Files:
src/sys/netipsec: xform_esp.c xform_ipcomp.c
Log Message:
Remove double include, opencrypto/xform.h is already included in
netipsec/xform.h.
To generate a diff of this commit:
cvs rdiff
Module Name:src
Committed By: maxv
Date: Tue May 1 08:08:46 UTC 2018
Modified Files:
src/sys/netipsec: xform.h
Log Message:
Remove unused.
To generate a diff of this commit:
cvs rdiff -u -r1.15 -r1.16 src/sys/netipsec/xform.h
Please note that diffs are not public domai
Module Name:src
Committed By: maxv
Date: Tue May 1 05:42:26 UTC 2018
Modified Files:
src/sys/netipsec: ipsec_output.c
Log Message:
Fix the checks in compute_ipsec_pos, otherwise m_copydata could crash. I
already fixed half of the problem two months ago in rev1.67, back th
Module Name:src
Committed By: maxv
Date: Sun Apr 29 14:54:09 UTC 2018
Modified Files:
src/sys/netipsec: ipsec_input.c
Log Message:
Remove useless icmp6.h include, remove manual externs and include in6.h
to get proper definitions, and remove duplicate logic in
ipsec6_common
Module Name:src
Committed By: maxv
Date: Sun Apr 29 14:35:36 UTC 2018
Modified Files:
src/sys/netipsec: ipsec_input.c xform_ipip.c
Log Message:
Remove obsolete/dead code, the IP-in-IP encapsulation doesn't work this
way anymore (XF_IP4 partly dropped by FAST_IPSEC).
To g
Module Name:src
Committed By: maxv
Date: Sun Apr 29 07:24:39 UTC 2018
Modified Files:
src/sys/netipsec: ipsec.h
Log Message:
Remove duplicate prototype.
To generate a diff of this commit:
cvs rdiff -u -r1.77 -r1.78 src/sys/netipsec/ipsec.h
Please note that diffs are not
Module Name:src
Committed By: maxv
Date: Sat Apr 28 15:45:16 UTC 2018
Modified Files:
src/sys/netipsec: ipsec.c ipsec_input.c ipsec_output.c ipsec_private.h
key.c xform_ah.c xform_esp.c xform_ipcomp.c xform_ipip.c
Log Message:
Remove IPSEC_SPLASSERT_SOFTNET, it
Module Name:src
Committed By: maxv
Date: Sat Apr 28 14:39:34 UTC 2018
Modified Files:
src/sys/netipsec: ipsec_mbuf.c ipsec_private.h
Log Message:
Inline M_EXT_WRITABLE directly, and remove the XXX, there's nothing wrong
in the use of !M_READONLY.
To generate a diff of th
Module Name:src
Committed By: maxv
Date: Sat Apr 28 14:25:56 UTC 2018
Modified Files:
src/sys/netipsec: ipsec.h ipsec6.h
Log Message:
Move the ipsec6_input prototype into ipsec6.h, and style.
To generate a diff of this commit:
cvs rdiff -u -r1.76 -r1.77 src/sys/netipsec/
Module Name:src
Committed By: maxv
Date: Sat Apr 28 14:01:51 UTC 2018
Modified Files:
src/sys/netipsec: ipsec.c ipsec.h
Log Message:
Style and remove unused stuff.
To generate a diff of this commit:
cvs rdiff -u -r1.157 -r1.158 src/sys/netipsec/ipsec.c
cvs rdiff -u -r1.7
Module Name:src
Committed By: maxv
Date: Sat Apr 28 13:44:19 UTC 2018
Modified Files:
src/sys/netipsec: ipsec_netbsd.c
Log Message:
Fix the net.inet6.ipsec6.def_policy node, the variable should be
&ip6_def_policy.policy, otherwise we're overwriting other fields of the
stru
Module Name:src
Committed By: maxv
Date: Sat Apr 28 13:23:18 UTC 2018
Modified Files:
src/sys/netipsec: ipsec_var.h key_var.h
Log Message:
Remove unused macros.
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 src/sys/netipsec/ipsec_var.h
cvs rdiff -u -r1.4 -r
Module Name:src
Committed By: maxv
Date: Sun Apr 22 10:25:40 UTC 2018
Modified Files:
src/sys/netipsec: ipip_var.h ipsec_netbsd.c xform_ipip.c
Log Message:
Rename ipip_allow->ipip_spoofcheck, and add net.inet.ipsec.ipip_spoofcheck.
Makes it simpler, and also fixes PR/39919
Module Name:src
Committed By: maxv
Date: Thu Apr 19 08:27:39 UTC 2018
Modified Files:
src/sys/netipsec: ah.h ah_var.h esp.h esp_var.h ipcomp.h ipcomp_var.h
ipip_var.h ipsec.c ipsec.h ipsec6.h ipsec_input.c ipsec_mbuf.c
ipsec_output.c ipsec_var.h key.
Module Name:src
Committed By: maxv
Date: Thu Apr 19 08:16:44 UTC 2018
Modified Files:
src/sys/netipsec: xform_ipip.c
Log Message:
Remove unused typedef, remove unused arguments from _ipip_input, sync
comment with reality, and change panic message.
To generate a diff of t
Module Name:src
Committed By: maxv
Date: Thu Apr 19 07:58:26 UTC 2018
Modified Files:
src/sys/netipsec: xform_ipcomp.c
Log Message:
Add a KASSERT (which is not triggerable since ipsec_common_input already
ensures 8 bytes are present), add an XXX (about the fact that it is
Module Name:src
Committed By: maxv
Date: Thu Apr 19 07:36:23 UTC 2018
Modified Files:
src/sys/netipsec: xform_esp.c
Log Message:
Style, and remove meaningless XXX.
To generate a diff of this commit:
cvs rdiff -u -r1.79 -r1.80 src/sys/netipsec/xform_esp.c
Please note tha
Module Name:src
Committed By: maxv
Date: Thu Apr 19 07:22:30 UTC 2018
Modified Files:
src/sys/netipsec: xform_ah.c
Log Message:
cosmetic
To generate a diff of this commit:
cvs rdiff -u -r1.90 -r1.91 src/sys/netipsec/xform_ah.c
Please note that diffs are not public domai
Module Name:src
Committed By: maxv
Date: Wed Apr 18 17:58:07 UTC 2018
Modified Files:
src/sys/netipsec: xform_ah.c
Log Message:
Simplify the IPv4 parser. Get the option length in 'optlen', and sanitize
it earlier. A new check is added (off + optlen > skip).
In the IPv6 pa
Module Name:src
Committed By: maxv
Date: Wed Apr 18 17:34:54 UTC 2018
Modified Files:
src/sys/netipsec: ipsec_mbuf.c
Log Message:
Remove unused includes, remove misleading comments, and style.
To generate a diff of this commit:
cvs rdiff -u -r1.24 -r1.25 src/sys/netipsec
Module Name:src
Committed By: maxv
Date: Wed Apr 18 07:38:02 UTC 2018
Modified Files:
src/sys/netipsec: ipsec_input.c ipsec_netbsd.c
Log Message:
Remove unused malloc.h include.
To generate a diff of this commit:
cvs rdiff -u -r1.64 -r1.65 src/sys/netipsec/ipsec_input.c
Module Name:src
Committed By: maxv
Date: Wed Apr 18 07:32:44 UTC 2018
Modified Files:
src/sys/netipsec: key.h
Log Message:
Style, and remove unused MALLOC_DECLARE.
To generate a diff of this commit:
cvs rdiff -u -r1.34 -r1.35 src/sys/netipsec/key.h
Please note that diff
Module Name:src
Committed By: maxv
Date: Wed Apr 18 06:57:39 UTC 2018
Modified Files:
src/sys/netipsec: ipsec.c
Log Message:
Remove dead code.
ok ozaki-r@
To generate a diff of this commit:
cvs rdiff -u -r1.155 -r1.156 src/sys/netipsec/ipsec.c
Please note that diffs ar
Module Name:src
Committed By: maxv
Date: Wed Apr 18 06:52:35 UTC 2018
Modified Files:
src/sys/netipsec: ipsec_output.c
Log Message:
style
To generate a diff of this commit:
cvs rdiff -u -r1.71 -r1.72 src/sys/netipsec/ipsec_output.c
Please note that diffs are not public
Module Name:src
Committed By: maxv
Date: Wed Apr 18 06:43:10 UTC 2018
Modified Files:
src/sys/netipsec: xform_ipip.c
Log Message:
style
To generate a diff of this commit:
cvs rdiff -u -r1.63 -r1.64 src/sys/netipsec/xform_ipip.c
Please note that diffs are not public doma
Module Name:src
Committed By: maxv
Date: Wed Apr 18 06:22:47 UTC 2018
Modified Files:
src/sys/netipsec: ipsec_netbsd.c
Log Message:
Style, and remove another misleading comment.
To generate a diff of this commit:
cvs rdiff -u -r1.50 -r1.51 src/sys/netipsec/ipsec_netbsd.c
Module Name:src
Committed By: maxv
Date: Wed Apr 18 06:13:23 UTC 2018
Modified Files:
src/sys/netipsec: ipsec_netbsd.c
Log Message:
Remove the
net.inet6.esp6
net.inet6.ipcomp6
net.inet6.ah6
subtrees. They are aliases to net.inet6.ipsec6, but they
Module Name:src
Committed By: maxv
Date: Wed Apr 18 06:03:37 UTC 2018
Modified Files:
src/sys/netipsec: ipsec_netbsd.c
Log Message:
Remove duplicate sysctls:
net.inet.esp.trans_deflev = net.inet.ipsec.esp_trans_deflev
net.inet.esp.net_deflev = net.inet.i
Module Name:src
Committed By: maxv
Date: Tue Apr 17 17:56:08 UTC 2018
Modified Files:
src/sys/netipsec: ipsec_input.c
Log Message:
fix comments
To generate a diff of this commit:
cvs rdiff -u -r1.63 -r1.64 src/sys/netipsec/ipsec_input.c
Please note that diffs are not pu
Module Name:src
Committed By: maxv
Date: Tue Apr 17 17:47:05 UTC 2018
Modified Files:
src/sys/netipsec: ipsec.c
Log Message:
Add XXX. If this code really does something, it should use MCHTYPE.
To generate a diff of this commit:
cvs rdiff -u -r1.154 -r1.155 src/sys/netips
Module Name:src
Committed By: maxv
Date: Tue Apr 17 17:40:38 UTC 2018
Modified Files:
src/sys/netipsec: ipsec.c
Log Message:
Style, add XXX (about the mtu that goes negative), and remove #ifdef inet.
To generate a diff of this commit:
cvs rdiff -u -r1.153 -r1.154 src/sys
Module Name:src
Committed By: maxv
Date: Tue Apr 17 09:06:33 UTC 2018
Modified Files:
src/sys/netipsec: ipsec_mbuf.c
Log Message:
Fix a pretty bad mistake, that has always been there.
m_adj(m1, -(m1->m_len - roff));
if (m1 != m)
Module Name:src
Committed By: maxv
Date: Tue Apr 17 06:23:30 UTC 2018
Modified Files:
src/sys/netipsec: ipsec_mbuf.c
Log Message:
Don't assume M_PKTHDR is set only on the first mbuf of the chain. It
should, but it looks like there are several places that can put M_PKTHDR
o
Module Name:src
Committed By: yamaguchi
Date: Tue Apr 17 04:22:59 UTC 2018
Modified Files:
src/sys/netipsec: key.c
Log Message:
Fix panic of SADB when the state of sav is changed in timeout
pointed out by ozaki-r@n.o, thanks
To generate a diff of this commit:
cvs rdiff
Module Name:src
Committed By: maxv
Date: Mon Apr 16 17:32:34 UTC 2018
Modified Files:
src/sys/netipsec: xform_ah.c
Log Message:
Remove dead code.
ok ozaki-r@
To generate a diff of this commit:
cvs rdiff -u -r1.88 -r1.89 src/sys/netipsec/xform_ah.c
Please note that diff
Module Name:src
Committed By: yamaguchi
Date: Mon Apr 16 08:56:08 UTC 2018
Modified Files:
src/sys/netipsec: key.c keydb.h
Log Message:
Added a lookup table to find an sav quickly
key_sad.sahlists doesn't work well for inbound packets because
its key includes source addre
Module Name:src
Committed By: yamaguchi
Date: Mon Apr 16 08:52:09 UTC 2018
Modified Files:
src/sys/netipsec: key.c
Log Message:
Introduced a hash table to sahlist
An saidx of sah included in the list is unique so that
the search can use a hash list whose hash is calculate
Module Name:src
Committed By: maxv
Date: Fri Apr 13 09:34:20 UTC 2018
Modified Files:
src/sys/netipsec: xform_ah.c
Log Message:
Remove duplicate, to better show that this place doesn't make a lot of
sense. The code should probably be removed, it's a leftover from when we
h
Module Name:src
Committed By: yamaguchi
Date: Mon Apr 9 06:26:05 UTC 2018
Modified Files:
src/sys/netipsec: key.c
Log Message:
Removed the unnecessary order check of key_lookup_sa
key_prefered_oldsa flag can change the sa to use if an sah
has multiple sav. However the mu
Module Name:src
Committed By: knakahara
Date: Fri Apr 6 10:31:35 UTC 2018
Modified Files:
src/sys/netipsec: ipsecif.c
Log Message:
Add IPv4 ID when the ipsecif(4) packet can be fragmented. Implemented by
hsuenaga@IIJ and ohishi@IIJ, thanks.
This modification reduces pac
Module Name:src
Committed By: maxv
Date: Sat Mar 31 19:27:14 UTC 2018
Modified Files:
src/sys/netipsec: ipsec.c
Log Message:
typo in comments
To generate a diff of this commit:
cvs rdiff -u -r1.151 -r1.152 src/sys/netipsec/ipsec.c
Please note that diffs are not public d
Module Name:src
Committed By: knakahara
Date: Tue Mar 13 03:05:13 UTC 2018
Modified Files:
src/sys/netipsec: ipsecif.c
Log Message:
comment out confusing (and incorrect) code and add comment. Pointed out by
maxv@n.o, thanks.
To generate a diff of this commit:
cvs rdiff
Module Name:src
Committed By: maxv
Date: Sat Mar 10 17:52:50 UTC 2018
Modified Files:
src/sys/netipsec: ipsec_mbuf.c
Log Message:
Add KASSERTs.
To generate a diff of this commit:
cvs rdiff -u -r1.21 -r1.22 src/sys/netipsec/ipsec_mbuf.c
Please note that diffs are not pub
Module Name:src
Committed By: maxv
Date: Sat Mar 10 17:48:32 UTC 2018
Modified Files:
src/sys/netipsec: xform_ipcomp.c
Log Message:
Fix the computation. Normally that's harmless since ip6_output recomputes
ip6_plen.
To generate a diff of this commit:
cvs rdiff -u -r1.59
Module Name:src
Committed By: knakahara
Date: Fri Mar 9 11:05:21 UTC 2018
Modified Files:
src/sys/netipsec: ipsecif.c
Log Message:
Fix ipsec(4) I/F esp_frag support.
To generate a diff of this commit:
cvs rdiff -u -r1.3 -r1.4 src/sys/netipsec/ipsecif.c
Please note that
Module Name:src
Committed By: knakahara
Date: Tue Mar 6 10:07:06 UTC 2018
Modified Files:
src/sys/netipsec: ipsecif.c
Log Message:
Fix fragment processing in ipsec4_fragout(). Pointed out by maxv@n.o, thanks.
XXX need pullup-8
To generate a diff of this commit:
cvs rdi
Module Name:src
Committed By: maxv
Date: Mon Mar 5 12:42:28 UTC 2018
Modified Files:
src/sys/netipsec: ipsec_mbuf.c
Log Message:
Improve stupid check, style, and fix leak (m, not m0).
To generate a diff of this commit:
cvs rdiff -u -r1.20 -r1.21 src/sys/netipsec/ipsec_m
Module Name:src
Committed By: maxv
Date: Mon Mar 5 11:50:25 UTC 2018
Modified Files:
src/sys/netipsec: ipsec_output.c
Log Message:
Call m_pullup earlier, fixes one branch.
To generate a diff of this commit:
cvs rdiff -u -r1.70 -r1.71 src/sys/netipsec/ipsec_output.c
Ple
Module Name:src
Committed By: maxv
Date: Sat Mar 3 09:54:55 UTC 2018
Modified Files:
src/sys/netipsec: ipsec.c
Log Message:
Reduce the diff between ipsec4_output and ipsec6_check_policy. While here
style.
To generate a diff of this commit:
cvs rdiff -u -r1.150 -r1.151 s
Module Name:src
Committed By: maxv
Date: Sat Mar 3 09:47:01 UTC 2018
Modified Files:
src/sys/netipsec: ipsec.c
Log Message:
Dedup.
To generate a diff of this commit:
cvs rdiff -u -r1.149 -r1.150 src/sys/netipsec/ipsec.c
Please note that diffs are not public domain; the
Module Name:src
Committed By: ozaki-r
Date: Fri Mar 2 07:37:14 UTC 2018
Modified Files:
src/sys/netipsec: key.c keydb.h
Log Message:
Avoid data races on lifetime counters by using percpu(9)
We don't make them percpu(9) directly because the structure is exposed to
userlan
Module Name:src
Committed By: maxv
Date: Wed Feb 28 11:29:14 UTC 2018
Modified Files:
src/sys/netipsec: ipsec.c
Log Message:
add missing static
To generate a diff of this commit:
cvs rdiff -u -r1.148 -r1.149 src/sys/netipsec/ipsec.c
Please note that diffs are not public
Module Name:src
Committed By: maxv
Date: Wed Feb 28 11:19:49 UTC 2018
Modified Files:
src/sys/netipsec: ipsec_private.h
Log Message:
Remove unused macros, and while here style.
To generate a diff of this commit:
cvs rdiff -u -r1.6 -r1.7 src/sys/netipsec/ipsec_private.h
Module Name:src
Committed By: maxv
Date: Wed Feb 28 10:16:19 UTC 2018
Modified Files:
src/sys/netipsec: ipsec.c
Log Message:
Dedup: merge ipsec4_setspidx_inpcb and ipsec6_setspidx_in6pcb.
To generate a diff of this commit:
cvs rdiff -u -r1.147 -r1.148 src/sys/netipsec/ip
Module Name:src
Committed By: maxv
Date: Wed Feb 28 10:09:17 UTC 2018
Modified Files:
src/sys/netipsec: ipsec.c
Log Message:
ipsec6_setspidx_in6pcb: call ipsec_setspidx() only once, just like the
IPv4 code. While here put the correct variable in sizeof.
ok ozaki-r@
To g
Module Name:src
Committed By: maxv
Date: Tue Feb 27 14:52:51 UTC 2018
Modified Files:
src/sys/netipsec: ipsec.c
Log Message:
Remove duplicate checks, and no need to initialize 'newsp' in
ipsec_set_policy.
To generate a diff of this commit:
cvs rdiff -u -r1.144 -r1.145 sr
Module Name:src
Committed By: maxv
Date: Tue Feb 27 13:36:21 UTC 2018
Modified Files:
src/sys/netipsec: ipsec.c
Log Message:
Use inpcb_hdr to reduce the diff between
ipsec4_set_policy and ipsec6_set_policy
ipsec4_get_policy and ipsec6_get_policy
ip
Module Name:src
Committed By: maxv
Date: Tue Feb 27 08:05:19 UTC 2018
Modified Files:
src/sys/netipsec: ipsec.c
Log Message:
Optimize: use ipsec_sp_hdrsiz instead of ipsec_hdrsiz, not to re-query
the SP.
ok ozaki-r@
To generate a diff of this commit:
cvs rdiff -u -r1.14
Module Name:src
Committed By: maxv
Date: Mon Feb 26 10:36:24 UTC 2018
Modified Files:
src/sys/netipsec: ipsec.c
Log Message:
Dedup: call ipsec_in_reject directly. IPSEC_STAT_IN_POLVIO also gets
increased now.
To generate a diff of this commit:
cvs rdiff -u -r1.140 -r1.14
Module Name:src
Committed By: maxv
Date: Mon Feb 26 10:19:13 UTC 2018
Modified Files:
src/sys/netipsec: ipsec.c
Log Message:
Reduce the diff between ipsec6_input and ipsec4_input.
To generate a diff of this commit:
cvs rdiff -u -r1.139 -r1.140 src/sys/netipsec/ipsec.c
P
Module Name:src
Committed By: maxv
Date: Mon Feb 26 08:42:16 UTC 2018
Modified Files:
src/sys/netipsec: ipsec.c ipsec6.h
Log Message:
Dedup: merge ipsec4_checkpolicy and ipsec6_checkpolicy into
ipsec_checkpolicy.
ok ozaki-r@
To generate a diff of this commit:
cvs rdiff
Module Name:src
Committed By: maxv
Date: Mon Feb 26 06:58:56 UTC 2018
Modified Files:
src/sys/netipsec: ipsec_input.c
Log Message:
If 'skip' is lower than sizeof(struct ip), we are in trouble. So remove a
nonsensical branch, and add a panic at the beginning of the function
1 - 100 of 429 matches
Mail list logo
