The NetBSD Project

CVS log for src/sys/net/if_ipsec.c

[BACK] Up to [cvs.NetBSD.org] / src / sys / net

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.36 / (download) - annotate - [select for diffs], Sat Feb 10 18:43:53 2024 UTC (3 weeks ago) by andvar
Branch: MAIN
CVS Tags: HEAD
Changes since 1.35: +3 -3 lines
Diff to previous 1.35 (colored)

Fix various typos in comments, log messages and documentation.

Revision 1.35.4.1 / (download) - annotate - [select for diffs], Thu Nov 16 04:30:22 2023 UTC (3 months, 2 weeks ago) by thorpej
Branch: thorpej-ifq
Changes since 1.35: +3 -3 lines
Diff to previous 1.35 (colored) next main 1.36 (colored)

IFQ_CLASSIFY() -> ifq_classify_packet().

Revision 1.34.2.1 / (download) - annotate - [select for diffs], Mon Oct 2 12:58:51 2023 UTC (5 months ago) by martin
Branch: netbsd-10
CVS Tags: netbsd-10-0-RC5, netbsd-10-0-RC4, netbsd-10-0-RC3, netbsd-10-0-RC2, netbsd-10-0-RC1
Changes since 1.34: +5 -4 lines
Diff to previous 1.34 (colored) next main 1.35 (colored)

Pull up following revision(s) (requested by knakahara in ticket #378):

	tests/net/if_ipsec/t_ipsec_unnumbered.sh: revision 1.2
	sys/net/if_ipsec.c: revision 1.35
	sys/netipsec/key.c: revision 1.281

Use kmem_free instead of kmem_intr_free, as key_freesaval() is not called in softint after key.c:r1.223.
E.g. key_freesaval() was called the following call path before SAD MP-ify.
   esp_input_cb()
     KEY_FREESAV()
       key_freesav()
         key_delsav()
           key_freesaval()
ok'ed by ozaki-r@n.o.

Use unit id instead of if_index to reduce fixed_reqid space.

Update for sys/net/if_ipsec.c:r1.35

Revision 1.35 / (download) - annotate - [select for diffs], Tue Sep 26 03:43:27 2023 UTC (5 months ago) by knakahara
Branch: MAIN
CVS Tags: thorpej-ifq-base, thorpej-altq-separation-base, thorpej-altq-separation
Branch point for: thorpej-ifq
Changes since 1.34: +5 -4 lines
Diff to previous 1.34 (colored)

Use unit id instead of if_index to reduce fixed_reqid space.

Revision 1.34 / (download) - annotate - [select for diffs], Tue Oct 11 09:51:47 2022 UTC (16 months, 3 weeks ago) by knakahara
Branch: MAIN
CVS Tags: netbsd-10-base
Branch point for: netbsd-10
Changes since 1.33: +3 -3 lines
Diff to previous 1.33 (colored)

Add sadb_x_policy_flags to inform SP origination.

This extension(struct sadb_x_policy) is *not* defined by RFC2367.

OpenBSD does not have reserved fields in struct sadb_x_policy.
Linux does not use this field yet.
FreeBSD uses this field as "sadb_x_policy_scope"; the value range is
from 0x00 to 0x04.

We use from most significant bit to avoid the above usage.

Revision 1.33 / (download) - annotate - [select for diffs], Thu Oct 6 06:59:24 2022 UTC (16 months, 3 weeks ago) by knakahara
Branch: MAIN
Changes since 1.32: +4 -4 lines
Diff to previous 1.32 (colored)

Fix overflow case detected by clang.  Pointed out by wsh@IIJ, thanks.

Revision 1.32 / (download) - annotate - [select for diffs], Fri Sep 30 07:36:36 2022 UTC (17 months ago) by knakahara
Branch: MAIN
CVS Tags: bouyer-sunxi-drm-base, bouyer-sunxi-drm
Changes since 1.31: +190 -19 lines
Diff to previous 1.31 (colored)

ipsecif(4) can use fixed SP reqid based on ifindex, that can reduce number of reqid.

If we want to use fixed SP reqid for ipsecif(4), set
net.ipsecif.use_fixed_reqid=1  Default(=0) is the same as before.
net.ipsecif.use_fixed_reqid can be changed only if there is no ipsecif(4) yet.

If we want to change the range of ipseif(4) SP reqid,
set net.ipsecif.reqid_base and net.ipsecif.reqid_last.
These can also be changed only if there is no ipsecif(4) yet.

Revision 1.31 / (download) - annotate - [select for diffs], Mon Oct 11 05:13:11 2021 UTC (2 years, 4 months ago) by knakahara
Branch: MAIN
Changes since 1.30: +23 -7 lines
Diff to previous 1.30 (colored)

Make pktq_rps_hash() pluggable for each interface type.  Reviewed by gdt@n.o, thorpej@n.o, and riastradh@n.o, thanks.

Revision 1.30 / (download) - annotate - [select for diffs], Wed Oct 14 18:48:05 2020 UTC (3 years, 4 months ago) by roy
Branch: MAIN
CVS Tags: thorpej-i2c-spi-conf2-base, thorpej-i2c-spi-conf2, thorpej-i2c-spi-conf-base, thorpej-i2c-spi-conf, thorpej-futex2-base, thorpej-futex2, thorpej-futex-base, thorpej-futex, thorpej-cfargs2-base, thorpej-cfargs2, thorpej-cfargs-base, thorpej-cfargs, cjep_sun2x-base1, cjep_sun2x-base, cjep_sun2x, cjep_staticlib_x-base1, cjep_staticlib_x-base, cjep_staticlib_x
Changes since 1.29: +6 -3 lines
Diff to previous 1.29 (colored)

ipsecif: Set the link state UP if we have a tunnel, otherwise DOWN.

Revision 1.17.2.3 / (download) - annotate - [select for diffs], Mon Apr 13 08:05:15 2020 UTC (3 years, 10 months ago) by martin
Branch: phil-wifi
Changes since 1.17.2.2: +145 -30 lines
Diff to previous 1.17.2.2 (colored) to branchpoint 1.17 (colored) next main 1.18 (colored)

Mostly merge changes from HEAD upto 20200411

Revision 1.17.2.2 / (download) - annotate - [select for diffs], Wed Apr 8 14:08:57 2020 UTC (3 years, 10 months ago) by martin
Branch: phil-wifi
Changes since 1.17.2.1: +16 -17 lines
Diff to previous 1.17.2.1 (colored) to branchpoint 1.17 (colored)

Merge changes from current as of 20200406

Revision 1.3.2.13 / (download) - annotate - [select for diffs], Fri Mar 13 08:35:26 2020 UTC (3 years, 11 months ago) by martin
Branch: netbsd-8
CVS Tags: netbsd-8-2-RELEASE
Changes since 1.3.2.12: +7 -4 lines
Diff to previous 1.3.2.12 (colored) to branchpoint 1.3 (colored) next main 1.4 (colored)

Pull up following revision(s) (requested by knakahara in ticket #1520):

	sys/netipsec/key.c: revision 1.271
	sys/net/if_ipsec.c: revision 1.28
	sys/net/if_ipsec.c: revision 1.29

Fix ipsecif(4) SPDADD pfkey message has garbage.  Pointed out by ohishi@IIJ.

"setkey -x" output is the following.
========== before ==========
sadb_msg{ version=2 type=14 errno=0 satype=0
  len=15 reserved=0 seq=0 pid=0
sadb_ext{ len=56 type=18 }
sadb_x_policy{ type=2 dir=1 id=9 }
 { len=40 proto=50 mode=1 level=3 reqid=16393
sockaddr{ len=0 family=0  }
sockaddr{ len=0 family=0  }
 }
========== before ==========

========== after ==========
sadb_msg{ version=2 type=14 errno=0 satype=0
  len=11 reserved=0 seq=0 pid=0
sadb_ext{ len=24 type=18 }
sadb_x_policy{ type=2 dir=1 id=9 }
 { len=8 proto=50 mode=1 level=3 reqid=16393
 }
========== after ==========

reduce unnecessary reqid of NAT-T ipsecif(4), suggested by ohishi@IIJ.

Fix kern/55066.  Pointed out and fixed by Chuck Zmudzinski, thanks.
ok'ed by ozaki-r@n.o

Revision 1.22.2.2 / (download) - annotate - [select for diffs], Fri Mar 13 08:33:32 2020 UTC (3 years, 11 months ago) by martin
Branch: netbsd-9
CVS Tags: netbsd-9-3-RELEASE, netbsd-9-2-RELEASE, netbsd-9-1-RELEASE
Changes since 1.22.2.1: +7 -4 lines
Diff to previous 1.22.2.1 (colored) to branchpoint 1.22 (colored) next main 1.23 (colored)

Pull up following revision(s) (requested by knakahara in ticket #780):

	sys/netipsec/key.c: revision 1.271
	sys/net/if_ipsec.c: revision 1.28
	sys/net/if_ipsec.c: revision 1.29

Fix ipsecif(4) SPDADD pfkey message has garbage.  Pointed out by ohishi@IIJ.

"setkey -x" output is the following.
========== before ==========
sadb_msg{ version=2 type=14 errno=0 satype=0
  len=15 reserved=0 seq=0 pid=0
sadb_ext{ len=56 type=18 }
sadb_x_policy{ type=2 dir=1 id=9 }
 { len=40 proto=50 mode=1 level=3 reqid=16393
sockaddr{ len=0 family=0  }
sockaddr{ len=0 family=0  }
 }
========== before ==========

========== after ==========
sadb_msg{ version=2 type=14 errno=0 satype=0
  len=11 reserved=0 seq=0 pid=0
sadb_ext{ len=24 type=18 }
sadb_x_policy{ type=2 dir=1 id=9 }
 { len=8 proto=50 mode=1 level=3 reqid=16393
 }
========== after ==========

reduce unnecessary reqid of NAT-T ipsecif(4), suggested by ohishi@IIJ.

Fix kern/55066.  Pointed out and fixed by Chuck Zmudzinski, thanks.
ok'ed by ozaki-r@n.o

Revision 1.29 / (download) - annotate - [select for diffs], Fri Mar 13 02:43:31 2020 UTC (3 years, 11 months ago) by knakahara
Branch: MAIN
CVS Tags: phil-wifi-20200421, phil-wifi-20200411, phil-wifi-20200406, is-mlppp-base, is-mlppp, bouyer-xenpvh-base2, bouyer-xenpvh-base1, bouyer-xenpvh-base, bouyer-xenpvh
Changes since 1.28: +6 -3 lines
Diff to previous 1.28 (colored)

reduce unnecessary reqid of NAT-T ipsecif(4), suggested by ohishi@IIJ.

Revision 1.28 / (download) - annotate - [select for diffs], Tue Mar 10 10:35:14 2020 UTC (3 years, 11 months ago) by knakahara
Branch: MAIN
Changes since 1.27: +3 -3 lines
Diff to previous 1.27 (colored)

Fix ipsecif(4) SPDADD pfkey message has garbage.  Pointed out by ohishi@IIJ.

"setkey -x" output is the following.

========== before ==========
sadb_msg{ version=2 type=14 errno=0 satype=0
  len=15 reserved=0 seq=0 pid=0
sadb_ext{ len=56 type=18 }
sadb_x_policy{ type=2 dir=1 id=9 }
 { len=40 proto=50 mode=1 level=3 reqid=16393
sockaddr{ len=0 family=0  }
sockaddr{ len=0 family=0  }
 }
========== before ==========

========== after ==========
sadb_msg{ version=2 type=14 errno=0 satype=0
  len=11 reserved=0 seq=0 pid=0
sadb_ext{ len=24 type=18 }
sadb_x_policy{ type=2 dir=1 id=9 }
 { len=8 proto=50 mode=1 level=3 reqid=16393
 }
========== after ==========

Revision 1.25.2.1 / (download) - annotate - [select for diffs], Sat Feb 29 20:21:06 2020 UTC (4 years ago) by ad
Branch: ad-namecache
Changes since 1.25: +11 -15 lines
Diff to previous 1.25 (colored) next main 1.26 (colored)

Sync with head.

Revision 1.27 / (download) - annotate - [select for diffs], Sat Feb 1 02:57:55 2020 UTC (4 years, 1 month ago) by riastradh
Branch: MAIN
CVS Tags: ad-namecache-base3
Changes since 1.26: +6 -8 lines
Diff to previous 1.26 (colored)

Fix order in rollback case; switch if_ipsec to atomic_load/store_*.

Revision 1.26 / (download) - annotate - [select for diffs], Wed Jan 29 04:34:10 2020 UTC (4 years, 1 month ago) by thorpej
Branch: MAIN
Changes since 1.25: +7 -9 lines
Diff to previous 1.25 (colored)

Adopt <net/if_stats.h>.

Revision 1.25 / (download) - annotate - [select for diffs], Fri Nov 1 04:28:14 2019 UTC (4 years, 4 months ago) by knakahara
Branch: MAIN
CVS Tags: phil-wifi-20191119, ad-namecache-base2, ad-namecache-base1, ad-namecache-base
Branch point for: ad-namecache
Changes since 1.24: +141 -2 lines
Diff to previous 1.24 (colored)

Make global and per-interface ipsecif(4) pmtu tunable like gif(4).

And make hop limit tunable same as gif(4).

See http://mail-index.netbsd.org/source-changes/2019/10/30/msg110426.html

Revision 1.3.2.12 / (download) - annotate - [select for diffs], Tue Sep 24 18:27:09 2019 UTC (4 years, 5 months ago) by martin
Branch: netbsd-8
Changes since 1.3.2.11: +5 -34 lines
Diff to previous 1.3.2.11 (colored) to branchpoint 1.3 (colored)

Pull up following revision(s) (requested by knakahara in ticket #1385):

	sys/net/if.c				1.461
	sys/net/if.h				1.277
	sys/net/if_gif.c			1.149
	sys/net/if_gif.h			1.33
	sys/net/if_ipsec.c			1.19,1.20,1.24
	sys/net/if_ipsec.h			1.5
	sys/net/if_l2tp.c			1.33,1.36-1.39
	sys/net/if_l2tp.h			1.7,1.8
	sys/net/route.c				1.220,1.221
	sys/net/route.h				1.125
	sys/netinet/in_gif.c			1.95
	sys/netinet/in_l2tp.c			1.17
	sys/netinet/ip_input.c			1.391,1.392
	sys/netinet/wqinput.c			1.6
	sys/netinet6/in6_gif.c			1.94
	sys/netinet6/in6_l2tp.c			1.18
	sys/netinet6/ip6_forward.c		1.97
	sys/netinet6/ip6_input.c		1.210,1.211
	sys/netipsec/ipsec_output.c		1.82,1.83 (patched)
	sys/netipsec/ipsecif.c			1.12,1.13,1.15,1.17 (patched)
	sys/netipsec/key.c			1.259,1.260

ipsecif(4) support input drop packet counter.

ipsecif(4) should not increment drop counter by errors not related to if_snd. Pointed out by ozaki-r@n.o, thanks.
Remove unnecessary addresses in PF_KEY message.

MOBIKE Extensions for PF_KEY draft-schilcher-mobike-pfkey-extension-01.txt says
====================
5.  SPD Update
// snip
   SADB_X_SPDADD:
// snip
      sadb_x_ipsecrequest_reqid:
         An ID for that SA can be passed to the kernel in the
         sadb_x_ipsecrequest_reqid field.
      If tunnel mode is specified, the sadb_x_ipsecrequest structure is
      followed by two sockaddr structures that define the tunnel
      endpoint addresses.  In the case that transport mode is used, no
      additional addresses are specified.
====================
see: <a  rel="nofollow" href="https://tools.ietf.org/html/draft-schilcher-mobike-pfkey-extension-01">https://tools.ietf.org/html/draft-schilcher-mobike-pfkey-extension-01</a>

ipsecif(4) uses transport mode, so it should not add addresses.

ipsecif(4) supports multiple peers in the same NAPT.

E.g. ipsec0 connects between NetBSD_A and NetBSD_B, ipsec1 connects
NetBSD_A and NetBSD_C at the following figure.
                                        +----------+
                                   +----| NetBSD_B |
 +----------+           +------+   |    +----------+
 | NetBSD_A |--- ... ---| NAPT |---+
 +----------+           +------+   |    +----------+
                                   +----| NetBSD_C |
                                        +----------+

Add ATF later.

l2tp(4): fix output bytes counter. Pointed by k-goda@IIJ, thanks.
remove a variable which is no longer used.

l2tp: initialize mowner variables for MBUFTRACE

Avoid having a rtcache directly in a percpu storage
percpu(9) has a certain memory storage for each CPU and provides it by the piece
to users.  If the storages went short, percpu(9) enlarges them by allocating new
larger memory areas, replacing old ones with them and destroying the old ones.
A percpu storage referenced by a pointer gotten via percpu_getref can be
destroyed by the mechanism after a running thread sleeps even if percpu_putref
has not been called.

Using rtcache, i.e., packet processing, typically involves sleepable operations
such as rwlock so we must avoid dereferencing a rtcache that is directly stored
in a percpu storage during packet processing.  Address this situation by having
just a pointer to a rtcache in a percpu storage instead.

Reviewed by knakahara@ and yamaguchi@


wqinput: avoid having struct wqinput_worklist directly in a percpu storage
percpu(9) has a certain memory storage for each CPU and provides it by the piece
to users.  If the storages went short, percpu(9) enlarges them by allocating new
larger memory areas, replacing old ones with them and destroying the old ones.

A percpu storage referenced by a pointer gotten via percpu_getref can be
destroyed by the mechanism after a running thread sleeps even if percpu_putref
has not been called.

Input handlers of wqinput normally involves sleepable operations so we must
avoid dereferencing a percpu data (struct wqinput_worklist) after executing
an input handler.  Address this situation by having just a pointer to the data
in a percpu storage instead.

Reviewed by knakahara@ and yamaguchi@

Add missing #include <sys/kmem.h>

Divide Tx context of l2tp(4) to improve performance.
It seems l2tp(4) call path is too long for instruction cache. So, dividing
l2tp(4) Tx context improves CPU use efficiency.

After this commit, l2tp(4) throughput gains 10% on my machine(Atom C3000).

Apply some missing changes lost on the previous commit

Avoid having a rtcache directly in a percpu storage for tunnel protocols.
percpu(9) has a certain memory storage for each CPU and provides it by the piece
to users.  If the storages went short, percpu(9) enlarges them by allocating new
larger memory areas, replacing old ones with them and destroying the old ones.
A percpu storage referenced by a pointer gotten via percpu_getref can be
destroyed by the mechanism after a running thread sleeps even if percpu_putref
has not been called.

Using rtcache, i.e., packet processing, typically involves sleepable operations
such as rwlock so we must avoid dereferencing a rtcache that is directly stored
in a percpu storage during packet processing.  Address this situation by having
just a pointer to a rtcache in a percpu storage instead.

Reviewed by ozaki-r@ and yamaguchi@

l2tp(4): avoid having struct ifqueue directly in a percpu storage.

percpu(9) has a certain memory storage for each CPU and provides it by the piece
to users.  If the storages went short, percpu(9) enlarges them by allocating new
larger memory areas, replacing old ones with them and destroying the old ones.

A percpu storage referenced by a pointer gotten via percpu_getref can be
destroyed by the mechanism after a running thread sleeps even if percpu_putref
has not been called.

Tx processing of l2tp(4) uses normally involves sleepable operations so we
must avoid dereferencing a percpu data (struct ifqueue) after executing Tx
processing.  Address this situation by having just a pointer to the data in
a percpu storage instead.

Reviewed by ozaki-r@ and yamaguchi@

Revision 1.22.2.1 / (download) - annotate - [select for diffs], Tue Sep 24 03:10:35 2019 UTC (4 years, 5 months ago) by martin
Branch: netbsd-9
CVS Tags: netbsd-9-0-RELEASE, netbsd-9-0-RC2, netbsd-9-0-RC1
Changes since 1.22: +4 -27 lines
Diff to previous 1.22 (colored)

Pull up following revision(s) (requested by ozaki-r in ticket #238):

	sys/netipsec/ipsec_output.c: revision 1.83
	sys/net/route.h: revision 1.125
	sys/netinet6/ip6_input.c: revision 1.210
	sys/netinet6/ip6_input.c: revision 1.211
	sys/net/if.c: revision 1.461
	sys/net/if_gif.h: revision 1.33
	sys/net/route.c: revision 1.220
	sys/net/route.c: revision 1.221
	sys/net/if.h: revision 1.277
	sys/netinet6/ip6_forward.c: revision 1.97
	sys/netinet/wqinput.c: revision 1.6
	sys/net/if_ipsec.h: revision 1.5
	sys/netinet6/in6_l2tp.c: revision 1.18
	sys/netinet6/in6_gif.c: revision 1.94
	sys/net/if_l2tp.h: revision 1.7
	sys/net/if_gif.c: revision 1.149
	sys/net/if_l2tp.h: revision 1.8
	sys/netinet/in_gif.c: revision 1.95
	sys/netinet/in_l2tp.c: revision 1.17
	sys/netipsec/ipsecif.c: revision 1.17
	sys/net/if_ipsec.c: revision 1.24
	sys/net/if_l2tp.c: revision 1.37
	sys/netinet/ip_input.c: revision 1.391
	sys/net/if_l2tp.c: revision 1.38
	sys/netinet/ip_input.c: revision 1.392
	sys/net/if_l2tp.c: revision 1.39

Avoid having a rtcache directly in a percpu storage

percpu(9) has a certain memory storage for each CPU and provides it by the piece
to users.  If the storages went short, percpu(9) enlarges them by allocating new
larger memory areas, replacing old ones with them and destroying the old ones.

A percpu storage referenced by a pointer gotten via percpu_getref can be
destroyed by the mechanism after a running thread sleeps even if percpu_putref
has not been called.

Using rtcache, i.e., packet processing, typically involves sleepable operations
such as rwlock so we must avoid dereferencing a rtcache that is directly stored
in a percpu storage during packet processing.  Address this situation by having
just a pointer to a rtcache in a percpu storage instead.
Reviewed by knakahara@ and yamaguchi@

 -

wqinput: avoid having struct wqinput_worklist directly in a percpu storage

percpu(9) has a certain memory storage for each CPU and provides it by the piece
to users.  If the storages went short, percpu(9) enlarges them by allocating new
larger memory areas, replacing old ones with them and destroying the old ones.

A percpu storage referenced by a pointer gotten via percpu_getref can be
destroyed by the mechanism after a running thread sleeps even if percpu_putref
has not been called.

Input handlers of wqinput normally involves sleepable operations so we must
avoid dereferencing a percpu data (struct wqinput_worklist) after executing
an input handler.  Address this situation by having just a pointer to the data
in a percpu storage instead.
Reviewed by knakahara@ and yamaguchi@

 -

Add missing #include <sys/kmem.h>

 -

Divide Tx context of l2tp(4) to improve performance.

It seems l2tp(4) call path is too long for instruction cache. So, dividing
l2tp(4) Tx context improves CPU use efficiency.

After this commit, l2tp(4) throughput gains 10% on my machine(Atom C3000).

 -

Apply some missing changes lost on the previous commit

 -

Avoid having a rtcache directly in a percpu storage for tunnel protocols.
percpu(9) has a certain memory storage for each CPU and provides it by the piece
to users.  If the storages went short, percpu(9) enlarges them by allocating new
larger memory areas, replacing old ones with them and destroying the old ones.

A percpu storage referenced by a pointer gotten via percpu_getref can be
destroyed by the mechanism after a running thread sleeps even if percpu_putref
has not been called.

Using rtcache, i.e., packet processing, typically involves sleepable operations
such as rwlock so we must avoid dereferencing a rtcache that is directly stored
in a percpu storage during packet processing.  Address this situation by having
just a pointer to a rtcache in a percpu storage instead.

Reviewed by ozaki-r@ and yamaguchi@

 -

l2tp(4): avoid having struct ifqueue directly in a percpu storage.
percpu(9) has a certain memory storage for each CPU and provides it by the piece
to users.  If the storages went short, percpu(9) enlarges them by allocating new
larger memory areas, replacing old ones with them and destroying the old ones.

A percpu storage referenced by a pointer gotten via percpu_getref can be
destroyed by the mechanism after a running thread sleeps even if percpu_putref
has not been called.

Tx processing of l2tp(4) uses normally involves sleepable operations so we
must avoid dereferencing a percpu data (struct ifqueue) after executing Tx
processing.  Address this situation by having just a pointer to the data in
a percpu storage instead.

Reviewed by ozaki-r@ and yamaguchi@

Revision 1.24 / (download) - annotate - [select for diffs], Thu Sep 19 06:07:24 2019 UTC (4 years, 5 months ago) by knakahara
Branch: MAIN
Changes since 1.23: +4 -27 lines
Diff to previous 1.23 (colored)

Avoid having a rtcache directly in a percpu storage for tunnel protocols.

percpu(9) has a certain memory storage for each CPU and provides it by the piece
to users.  If the storages went short, percpu(9) enlarges them by allocating new
larger memory areas, replacing old ones with them and destroying the old ones.
A percpu storage referenced by a pointer gotten via percpu_getref can be
destroyed by the mechanism after a running thread sleeps even if percpu_putref
has not been called.

Using rtcache, i.e., packet processing, typically involves sleepable operations
such as rwlock so we must avoid dereferencing a rtcache that is directly stored
in a percpu storage during packet processing.  Address this situation by having
just a pointer to a rtcache in a percpu storage instead.

Reviewed by ozaki-r@ and yamaguchi@

Revision 1.23 / (download) - annotate - [select for diffs], Fri Sep 13 07:55:07 2019 UTC (4 years, 5 months ago) by msaitoh
Branch: MAIN
Changes since 1.22: +5 -5 lines
Diff to previous 1.22 (colored)

 if_flags is neither int nor short. It's unsigned short.

Revision 1.22 / (download) - annotate - [select for diffs], Tue Jun 25 12:30:50 2019 UTC (4 years, 8 months ago) by msaitoh
Branch: MAIN
CVS Tags: netbsd-9-base
Branch point for: netbsd-9
Changes since 1.21: +3 -4 lines
Diff to previous 1.21 (colored)

 Simplify "LIST_HEAD();" to make the code more understandable.
No functional change.

Revision 1.17.2.1 / (download) - annotate - [select for diffs], Mon Jun 10 22:09:45 2019 UTC (4 years, 8 months ago) by christos
Branch: phil-wifi
Changes since 1.17: +10 -13 lines
Diff to previous 1.17 (colored)

Sync with HEAD

Revision 1.3.2.11 / (download) - annotate - [select for diffs], Fri Mar 15 14:47:22 2019 UTC (4 years, 11 months ago) by martin
Branch: netbsd-8
CVS Tags: netbsd-8-1-RELEASE, netbsd-8-1-RC1
Changes since 1.3.2.10: +5 -2 lines
Diff to previous 1.3.2.10 (colored) to branchpoint 1.3 (colored)

Pull up following revision(s) (requested by knakahara in ticket #1216):

	sys/net/if_ipsec.c: revision 1.21

Fix ipsecif(4) memory leak in some ioctl cases.

Revision 1.21 / (download) - annotate - [select for diffs], Thu Mar 14 03:52:40 2019 UTC (4 years, 11 months ago) by knakahara
Branch: MAIN
CVS Tags: phil-wifi-20190609, isaki-audio2-base, isaki-audio2
Changes since 1.20: +5 -2 lines
Diff to previous 1.20 (colored)

Fix ipsecif(4) memory leak in some ioctl cases.

Revision 1.3.4.8 / (download) - annotate - [select for diffs], Fri Jan 18 08:50:58 2019 UTC (5 years, 1 month ago) by pgoyette
Branch: pgoyette-compat
CVS Tags: pgoyette-compat-merge-20190127
Changes since 1.3.4.7: +2 -9 lines
Diff to previous 1.3.4.7 (colored) to branchpoint 1.3 (colored) next main 1.4 (colored)

Synch with HEAD

Revision 1.3.4.7 / (download) - annotate - [select for diffs], Wed Dec 26 14:02:04 2018 UTC (5 years, 2 months ago) by pgoyette
Branch: pgoyette-compat
Changes since 1.3.4.6: +3 -2 lines
Diff to previous 1.3.4.6 (colored) to branchpoint 1.3 (colored)

Sync with HEAD, resolve a few conflicts

Revision 1.20 / (download) - annotate - [select for diffs], Wed Dec 26 08:55:14 2018 UTC (5 years, 2 months ago) by knakahara
Branch: MAIN
CVS Tags: pgoyette-compat-20190127, pgoyette-compat-20190118
Changes since 1.19: +2 -9 lines
Diff to previous 1.19 (colored)

Remove unnecessary addresses in PF_KEY message.

MOBIKE Extensions for PF_KEY draft-schilcher-mobike-pfkey-extension-01.txt says
====================
5.  SPD Update
// snip
   SADB_X_SPDADD:
// snip
      sadb_x_ipsecrequest_reqid:

         An ID for that SA can be passed to the kernel in the
         sadb_x_ipsecrequest_reqid field.


      If tunnel mode is specified, the sadb_x_ipsecrequest structure is
      followed by two sockaddr structures that define the tunnel
      endpoint addresses.  In the case that transport mode is used, no
      additional addresses are specified.
====================
see: https://tools.ietf.org/html/draft-schilcher-mobike-pfkey-extension-01

ipsecif(4) uses transport mode, so it should not add addresses.

Revision 1.19 / (download) - annotate - [select for diffs], Fri Dec 7 05:09:39 2018 UTC (5 years, 2 months ago) by knakahara
Branch: MAIN
CVS Tags: pgoyette-compat-1226
Changes since 1.18: +3 -2 lines
Diff to previous 1.18 (colored)

ipsecif(4) support input drop packet counter.

Revision 1.3.2.10 / (download) - annotate - [select for diffs], Sun Oct 21 11:55:54 2018 UTC (5 years, 4 months ago) by martin
Branch: netbsd-8
Changes since 1.3.2.9: +6 -6 lines
Diff to previous 1.3.2.9 (colored) to branchpoint 1.3 (colored)

Pull up following revision(s) (requested by knakahara in ticket #1066):

	sys/net/if_vlan.c: revision 1.133
	sys/net/if_gif.h: revision 1.32
	sys/net/if_ipsec.c: revision 1.18
	sys/net/if_ipsec.h: revision 1.4
	sys/net/if_gif.c: revision 1.144
	sys/net/if_l2tp.h: revision 1.6
	sys/net/if_l2tp.c: revision 1.30

Fix panic when doing ioctl to multiple pseudo interfaces. Pointed out by k-goda@IIJ.

XXX pullup-8

Revision 1.3.4.6 / (download) - annotate - [select for diffs], Sat Oct 20 06:58:45 2018 UTC (5 years, 4 months ago) by pgoyette
Branch: pgoyette-compat
Changes since 1.3.4.5: +6 -6 lines
Diff to previous 1.3.4.5 (colored) to branchpoint 1.3 (colored)

Sync with head

Revision 1.18 / (download) - annotate - [select for diffs], Fri Oct 19 00:12:56 2018 UTC (5 years, 4 months ago) by knakahara
Branch: MAIN
CVS Tags: pgoyette-compat-1126, pgoyette-compat-1020
Changes since 1.17: +6 -6 lines
Diff to previous 1.17 (colored)

Fix panic when doing ioctl to multiple pseudo interfaces. Pointed out by k-goda@IIJ.

XXX pullup-8

Revision 1.3.4.5 / (download) - annotate - [select for diffs], Sat Jul 28 04:38:10 2018 UTC (5 years, 7 months ago) by pgoyette
Branch: pgoyette-compat
Changes since 1.3.4.4: +4 -4 lines
Diff to previous 1.3.4.4 (colored) to branchpoint 1.3 (colored)

Sync with HEAD

Revision 1.17 / (download) - annotate - [select for diffs], Tue Jun 26 06:48:02 2018 UTC (5 years, 8 months ago) by msaitoh
Branch: MAIN
CVS Tags: phil-wifi-base, pgoyette-compat-0930, pgoyette-compat-0906, pgoyette-compat-0728
Branch point for: phil-wifi
Changes since 1.16: +4 -4 lines
Diff to previous 1.16 (colored)

 Implement the BPF direction filter (BIOC[GS]DIRECTION). It provides backward
compatibility with BIOC[GS]SEESENT ioctl. The userland interface is the same
as FreeBSD.

 This change also fixes a bug that the direction is misunderstand on some
environment by passing the direction to bpf_mtap*() instead of checking
m->m_pkthdr.rcvif.

Revision 1.3.4.4 / (download) - annotate - [select for diffs], Mon Jun 25 07:26:06 2018 UTC (5 years, 8 months ago) by pgoyette
Branch: pgoyette-compat
Changes since 1.3.4.3: +16 -7 lines
Diff to previous 1.3.4.3 (colored) to branchpoint 1.3 (colored)

Sync with HEAD

Revision 1.3.2.9 / (download) - annotate - [select for diffs], Thu Jun 7 16:22:43 2018 UTC (5 years, 8 months ago) by martin
Branch: netbsd-8
CVS Tags: netbsd-8-0-RELEASE, netbsd-8-0-RC2
Changes since 1.3.2.8: +5 -5 lines
Diff to previous 1.3.2.8 (colored) to branchpoint 1.3 (colored)

Pull up following revision(s) (requested by knakahara in ticket #840):

	sys/net/if_ipsec.c: revision 1.15,1.16

Fix panic when ipsecif(4) adds discard policy. Pointed out by ohishi@IIJ, thanks.
Reviewd by ohishi@IIJ. Sorry, I jumped the gun and committed.

Fix the following two issues.
    - remove extra padding of sizeof(xisr) when adding ipsec policy
    - add padding for xpl when adding discard policy

Revision 1.3.2.8 / (download) - annotate - [select for diffs], Thu Jun 7 16:19:47 2018 UTC (5 years, 8 months ago) by martin
Branch: netbsd-8
Changes since 1.3.2.7: +13 -4 lines
Diff to previous 1.3.2.7 (colored) to branchpoint 1.3 (colored)

Pull up following revision(s) (requested by knakahara in ticket #839):

	sys/net/if_ipsec.c: revision 1.14

ipsecif(4) must not set port number to spidx even if NAT-T. Pointed out by ohishi@IIJ, thanks.

Revision 1.16 / (download) - annotate - [select for diffs], Tue May 29 04:45:50 2018 UTC (5 years, 9 months ago) by knakahara
Branch: MAIN
CVS Tags: pgoyette-compat-0625
Changes since 1.15: +5 -5 lines
Diff to previous 1.15 (colored)

Reviewd by ohishi@IIJ. Sorry, I jumped the gun and committed.

Fix the following two issues.
    - remove extra padding of sizeof(xisr) when adding ipsec policy
    - add padding for xpl when adding discard policy

Revision 1.15 / (download) - annotate - [select for diffs], Tue May 29 03:38:24 2018 UTC (5 years, 9 months ago) by knakahara
Branch: MAIN
Changes since 1.14: +6 -6 lines
Diff to previous 1.14 (colored)

Fix panic when ipsecif(4) adds discard policy. Pointed out by ohishi@IIJ, thanks.

Revision 1.14 / (download) - annotate - [select for diffs], Thu May 24 07:00:28 2018 UTC (5 years, 9 months ago) by knakahara
Branch: MAIN
Changes since 1.13: +13 -4 lines
Diff to previous 1.13 (colored)

ipsecif(4) must not set port number to spidx even if NAT-T. Pointed out by ohishi@IIJ, thanks.

Revision 1.3.2.7 / (download) - annotate - [select for diffs], Thu May 17 14:07:03 2018 UTC (5 years, 9 months ago) by martin
Branch: netbsd-8
Changes since 1.3.2.6: +4 -4 lines
Diff to previous 1.3.2.6 (colored) to branchpoint 1.3 (colored)

Pull up following revision(s) (requested by knakahara in ticket #829):

	sys/net/if_l2tp.c: revision 1.24
	sys/net/if_ipsec.c: revision 1.13
	sys/net/if_gif.h: revision 1.31
	sys/netipsec/ipsecif.c: revision 1.8
	sys/net/if_gif.c: revision 1.140
	sys/netinet6/in6_l2tp.c: revision 1.15
	sys/net/if_ipsec.h: revision 1.3
	sys/netinet6/in6_gif.c: revision 1.92
	sys/net/if_l2tp.h: revision 1.5
	sys/netinet/in_l2tp.c: revision 1.13
	sys/netinet/in_gif.c: revision 1.93

Fix LOCKDEBUG kernel panic when many(about 200) tunnel interfaces is created.

The tunnel interfaces are gif(4), l2tp(4), and ipsecif(4). They use mutex
itself in percpu area. When percpu_cpu_enlarge() run, the address of the
mutex in percpu area becomes different from the address which lockdebug
saved. That can cause "already initialized" false detection.

Revision 1.3.2.6 / (download) - annotate - [select for diffs], Thu May 17 14:02:31 2018 UTC (5 years, 9 months ago) by martin
Branch: netbsd-8
Changes since 1.3.2.5: +10 -8 lines
Diff to previous 1.3.2.5 (colored) to branchpoint 1.3 (colored)

Pull up following revision(s) (requested by knakahara in ticket #828):

	sys/net/if_ipsec.c: revision 1.12

Fix "how" argument of MGET(). Pointed out by maxv@n.o, thanks.
MGET() does not have M_ZERO flag, so add memset when it is required.

Revision 1.3.4.3 / (download) - annotate - [select for diffs], Wed May 2 07:20:22 2018 UTC (5 years, 10 months ago) by pgoyette
Branch: pgoyette-compat
Changes since 1.3.4.2: +12 -10 lines
Diff to previous 1.3.4.2 (colored) to branchpoint 1.3 (colored)

Synch with HEAD

Revision 1.13 / (download) - annotate - [select for diffs], Fri Apr 27 09:55:27 2018 UTC (5 years, 10 months ago) by knakahara
Branch: MAIN
CVS Tags: pgoyette-compat-0521, pgoyette-compat-0502
Changes since 1.12: +4 -4 lines
Diff to previous 1.12 (colored)

Fix LOCKDEBUG kernel panic when many(about 200) tunnel interfaces is created.

The tunnel interfaces are gif(4), l2tp(4), and ipsecif(4). They use mutex
itself in percpu area. When percpu_cpu_enlarge() run, the address of the
mutex in percpu area becomes different from the address which lockdebug
saved. That can cause "already initialized" false detection.

Revision 1.12 / (download) - annotate - [select for diffs], Fri Apr 27 00:06:40 2018 UTC (5 years, 10 months ago) by knakahara
Branch: MAIN
Changes since 1.11: +10 -8 lines
Diff to previous 1.11 (colored)

Fix "how" argument of MGET(). Pointed out by maxv@n.o, thanks.

MGET() does not have M_ZERO flag, so add memset when it is required.

Revision 1.3.2.5 / (download) - annotate - [select for diffs], Mon Apr 9 17:01:20 2018 UTC (5 years, 10 months ago) by martin
Branch: netbsd-8
CVS Tags: netbsd-8-0-RC1
Changes since 1.3.2.4: +37 -11 lines
Diff to previous 1.3.2.4 (colored) to branchpoint 1.3 (colored)

Pull up following revision(s) (requested by knakahara in ticket #714):

	sys/net/if_ipsec.c: revision 1.8 - 1.11
	sys/netipsec/ipsecif.h: revision 1.2
	sys/netipsec/ipsecif.c: revision 1.6,1.7

fix ipsec(4) encap_lock leak.

fix ipsecif(4) unmatch curlwp_bind.

fix ipsecif(4) stack overflow.

Add IPv4 ID when the ipsecif(4) packet can be fragmented. Implemented by hsuenaga@IIJ and ohishi@IIJ, thanks.
This modification reduces packet loss of fragmented packets on a
network where reordering occurs.

Alghough this modification has been applied, IPv4 ID is not set for
the packet smaller then IP_MINFRAGSIZE. According to RFC 6864, that
must not cause problems.

Fix unexpected failure when ipsecif(4) over IPv6 is changed port number only.
Here is an example of the operation which causes this problem.
    # ifconfig ipsec0 create link0
    # ifconfig ipsec0 tunnel fc00:1001::2,4500 fc00:1001::1,4501
    # ifconfig ipsec0 tunnel fc00:1001::2,4500 fc00:1001::1,4502

Revision 1.3.4.2 / (download) - annotate - [select for diffs], Sat Apr 7 04:12:19 2018 UTC (5 years, 10 months ago) by pgoyette
Branch: pgoyette-compat
Changes since 1.3.4.1: +37 -11 lines
Diff to previous 1.3.4.1 (colored) to branchpoint 1.3 (colored)

Sync with HEAD.  77 conflicts resolved - all of them $NetBSD$

Revision 1.11 / (download) - annotate - [select for diffs], Fri Apr 6 10:38:53 2018 UTC (5 years, 10 months ago) by knakahara
Branch: MAIN
CVS Tags: pgoyette-compat-0422, pgoyette-compat-0415, pgoyette-compat-0407
Changes since 1.10: +29 -8 lines
Diff to previous 1.10 (colored)

Fix unexpected failure when ipsecif(4) over IPv6 is changed port number only.

Here is an example of the operation which causes this problem.
    # ifconfig ipsec0 create link0
    # ifconfig ipsec0 tunnel fc00:1001::2,4500 fc00:1001::1,4501
    # ifconfig ipsec0 tunnel fc00:1001::2,4500 fc00:1001::1,4502

Revision 1.10 / (download) - annotate - [select for diffs], Fri Apr 6 09:30:09 2018 UTC (5 years, 10 months ago) by knakahara
Branch: MAIN
Changes since 1.9: +7 -5 lines
Diff to previous 1.9 (colored)

fix ipsecif(4) stack overflow.

XXX pullup-8

Revision 1.9 / (download) - annotate - [select for diffs], Fri Apr 6 09:28:26 2018 UTC (5 years, 10 months ago) by knakahara
Branch: MAIN
Changes since 1.8: +4 -2 lines
Diff to previous 1.8 (colored)

fix ipsecif(4) unmatch curlwp_bind.

XXX pullup-8

Revision 1.8 / (download) - annotate - [select for diffs], Fri Apr 6 09:24:13 2018 UTC (5 years, 10 months ago) by knakahara
Branch: MAIN
Changes since 1.7: +3 -2 lines
Diff to previous 1.7 (colored)

fix ipsec(4) encap_lock leak.

XXX pullup-8

Revision 1.3.4.1 / (download) - annotate - [select for diffs], Thu Mar 15 09:12:06 2018 UTC (5 years, 11 months ago) by pgoyette
Branch: pgoyette-compat
Changes since 1.3: +54 -31 lines
Diff to previous 1.3 (colored)

Synch with HEAD

Revision 1.3.2.4 / (download) - annotate - [select for diffs], Tue Mar 13 15:34:33 2018 UTC (5 years, 11 months ago) by martin
Branch: netbsd-8
Changes since 1.3.2.3: +28 -23 lines
Diff to previous 1.3.2.3 (colored) to branchpoint 1.3 (colored)

Pull up following revision(s) (requested by knakahara in ticket #627):
	sys/netipsec/ipsecif.c: revision 1.5
	tests/net/if_ipsec/t_ipsec.sh: revision 1.4
	sys/net/if_ipsec.c: revision 1.7
Fix IPv6 ipsecif(4) ATF regression, sorry.
There must *not* be padding between the src sockaddr and the dst sockaddr
after struct sadb_x_policy.

Comment out confusing (and incorrect) code and add comment. Pointed out by maxv@n.o, thanks.

Enhance assertion ipsecif(4) ATF to avoid confusing setkey(8) error message.

When setkey(8) says "syntax error at [-E]", it must mean get_if_ipsec_unique()
failed.

Revision 1.3.2.3 / (download) - annotate - [select for diffs], Tue Mar 13 15:29:45 2018 UTC (5 years, 11 months ago) by martin
Branch: netbsd-8
Changes since 1.3.2.2: +47 -29 lines
Diff to previous 1.3.2.2 (colored) to branchpoint 1.3 (colored)

Pull up following revision(s) (requested by knakahara in ticket #620):
	sys/netipsec/ipsecif.c: revision 1.4
	sys/net/if_ipsec.c: revision 1.4
	sys/net/if_ipsec.c: revision 1.5
	sys/net/if_ipsec.c: revision 1.6
NAT-T src and dst port in ipsec_variant should be network byte order.
Fix missing sadb_x_ipsecrequest informations for PF_KEY message.
Functionalize duplicated code. No functional changes.
Fix ipsec(4) I/F esp_frag support.

Revision 1.7 / (download) - annotate - [select for diffs], Tue Mar 13 02:12:05 2018 UTC (5 years, 11 months ago) by knakahara
Branch: MAIN
CVS Tags: pgoyette-compat-0330, pgoyette-compat-0322, pgoyette-compat-0315
Changes since 1.6: +28 -23 lines
Diff to previous 1.6 (colored)

Fix IPv6 ipsecif(4) ATF regression, sorry.

There must *not* be padding between the src sockaddr and the dst sockaddr
after struct sadb_x_policy.

Revision 1.6 / (download) - annotate - [select for diffs], Fri Mar 9 11:03:26 2018 UTC (5 years, 11 months ago) by knakahara
Branch: MAIN
Changes since 1.5: +20 -33 lines
Diff to previous 1.5 (colored)

Functionalize duplicated code. No functional changes.

Revision 1.5 / (download) - annotate - [select for diffs], Fri Mar 9 11:01:41 2018 UTC (5 years, 11 months ago) by knakahara
Branch: MAIN
Changes since 1.4: +38 -7 lines
Diff to previous 1.4 (colored)

Fix missing sadb_x_ipsecrequest informations for PF_KEY message.

Revision 1.4 / (download) - annotate - [select for diffs], Fri Mar 9 10:59:36 2018 UTC (5 years, 11 months ago) by knakahara
Branch: MAIN
Changes since 1.3: +8 -8 lines
Diff to previous 1.3 (colored)

NAT-T src and dst port in ipsec_variant should be network byte order.

Revision 1.3.2.2 / (download) - annotate - [select for diffs], Sun Feb 11 21:17:34 2018 UTC (6 years ago) by snj
Branch: netbsd-8
Changes since 1.3.2.1: +1748 -0 lines
Diff to previous 1.3.2.1 (colored) to branchpoint 1.3 (colored)

Pull up following revision(s) (requested by ozaki-r in ticket #536):
	distrib/sets/lists/base/shl.mi: 1.825
	distrib/sets/lists/comp/mi: 1.2168-1.2169
	distrib/sets/lists/comp/shl.mi: 1.310
	distrib/sets/lists/debug/mi: 1.234
	distrib/sets/lists/debug/shl.mi: 1.188
	distrib/sets/lists/man/mi: 1.1570
	distrib/sets/lists/tests/mi: 1.772
	etc/mtree/NetBSD.dist.tests: 1.150
	share/man/man4/Makefile: 1.650
	share/man/man4/ipsec.4: 1.42-1.43
	share/man/man4/ipsecif.4: 1.1-1.5
	sys/arch/amd64/conf/ALL: 1.77
	sys/arch/amd64/conf/GENERIC: 1.480
	sys/conf/files: 1.1191
	sys/net/Makefile: 1.34
	sys/net/files.net: 1.14
	sys/net/if.c: 1.404
	sys/net/if.h: 1.248
	sys/net/if_gif.c: 1.135
	sys/net/if_ipsec.c: 1.1-1.3
	sys/net/if_ipsec.h: 1.1
	sys/net/if_l2tp.c: 1.16
	sys/net/if_types.h: 1.28
	sys/netinet/in.c: 1.214
	sys/netinet/in.h: 1.103
	sys/netinet/in_gif.c: 1.92
	sys/netinet/ip_var.h: 1.122
	sys/netinet6/in6.c: 1.257
	sys/netinet6/in6.h: 1.88
	sys/netinet6/in6_gif.c: 1.90
	sys/netinet6/ip6_var.h: 1.75
	sys/netipsec/Makefile: 1.6
	sys/netipsec/files.netipsec: 1.13
	sys/netipsec/ipsec.h: 1.62
	sys/netipsec/ipsecif.c: 1.1
	sys/netipsec/ipsecif.h: 1.1
	sys/netipsec/key.c: 1.246-1.247
	sys/netipsec/key.h: 1.34
	sys/rump/net/Makefile.rumpnetcomp: 1.20
	sys/rump/net/lib/libipsec/IPSEC.ioconf: 1.1
	sys/rump/net/lib/libipsec/Makefile: 1.1
	sys/rump/net/lib/libipsec/ipsec_component.c: 1.1
	tests/net/Makefile: 1.34
	tests/net/if_ipsec/Makefile: 1.1
	tests/net/if_ipsec/t_ipsec.sh: 1.1-1.2
Don't touch an SP without a reference to it
unify processing to check nesting count for some tunnel protocols.
add ipsec(4) interface, which is used for route-based VPN.
man and ATF are added later, please see man for details.
reviewed by christos@n.o, joerg@n.o and ozaki-r@n.o, thanks.
https://mail-index.netbsd.org/tech-net/2017/12/18/msg006557.html
ipsec(4) interface supports rump now.
add ipsec(4) interface ATF.
add ipsec(4) interface man as ipsecif.4.
add ipsec(4) interface to amd64/GENERIC and amd64/ALL configs.
apply in{,6}_tunnel_validate() to gif(4).
Spell IPsec that way. Simplify macro usage. Sort SEE ALSO. Bump
date for previous.
Improve wording and macro use.
Some parts are not clear to me, so someone with knowledge of ipsecif(4)
should improve this some more.
Improve ipsecif.4. Default port ipsec(4) NAT-T is tested now.
pointed out by wiz@n.o and suggested by ozaki-r@n.o, thanks.
Change the prefix of test names to ipsecif_ to distinguish from tests for ipsec(4)
New sentence, new line. Remove empty macro.
Fix PR kern/52920. Pointed out by David Binderman, thanks.
Improve wording, and put a new drawing, from me and Kengo Nakahara.
apply a little more #ifdef INET/INET6.  fixes !INET6 builds.

Revision 1.3.2.1, Wed Jan 31 07:33:18 2018 UTC (6 years, 1 month ago) by snj
Branch: netbsd-8
Changes since 1.3: +0 -1748 lines
FILE REMOVED

file if_ipsec.c was added on branch netbsd-8 on 2018-02-11 21:17:34 +0000

Revision 1.3 / (download) - annotate - [select for diffs], Wed Jan 31 07:33:18 2018 UTC (6 years, 1 month ago) by mrg
Branch: MAIN
CVS Tags: pgoyette-compat-base
Branch point for: pgoyette-compat, netbsd-8
Changes since 1.2: +14 -2 lines
Diff to previous 1.2 (colored)

apply a little more #ifdef INET/INET6.  fixes !INET6 builds.

Revision 1.2 / (download) - annotate - [select for diffs], Mon Jan 15 02:39:53 2018 UTC (6 years, 1 month ago) by knakahara
Branch: MAIN
Changes since 1.1: +3 -3 lines
Diff to previous 1.1 (colored)

Fix PR kern/52920. Pointed out by David Binderman, thanks.

Revision 1.1 / (download) - annotate - [select for diffs], Wed Jan 10 10:56:30 2018 UTC (6 years, 1 month ago) by knakahara
Branch: MAIN

add ipsec(4) interface, which is used for route-based VPN.

man and ATF are added later, please see man for details.

reviewed by christos@n.o, joerg@n.o and ozaki-r@n.o, thanks.
https://mail-index.netbsd.org/tech-net/2017/12/18/msg006557.html

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>