Up to [cvs.NetBSD.org] / src / sys / netipsec
Request diff between arbitrary revisions
Default branch: MAIN
Current tag: MAIN
Revision 1.20 / (download) - annotate - [select for diffs], Wed May 30 17:17:11 2018 UTC (3 weeks, 4 days ago) by maxv
CVS Tags: HEAD
Changes since 1.19: +2 -1 lines
Diff to previous 1.19 (colored)
Introduce ah_authsiz, which computes the length of the ICV only. Use it in esp_hdrsiz, and clarify. Until now we were using ah_hdrsiz, and were relying on the fact that the size of the AH header happens to be equal to that of the ESP trailer. Now the size of the ESP trailer is added manually. This also fixes one branch in esp_hdrsiz: we always append an ESP trailer, so it must always be taken into account, and not just when an ICV is here.
Revision 1.19 / (download) - annotate - [select for diffs], Mon May 7 09:25:04 2018 UTC (6 weeks, 6 days ago) by maxv
CVS Tags: pgoyette-compat-0521
Changes since 1.18: +2 -3 lines
Diff to previous 1.18 (colored)
Remove now unused 'isr', 'skip' and 'protoff' arguments from ipip_output.
Revision 1.18 / (download) - annotate - [select for diffs], Mon May 7 09:16:46 2018 UTC (6 weeks, 6 days ago) by maxv
Changes since 1.17: +17 -19 lines
Diff to previous 1.17 (colored)
Remove unused 'mp' argument from all the xf_output functions. Also clean up xform.h a bit.
Revision 1.17 / (download) - annotate - [select for diffs], Mon May 7 09:08:06 2018 UTC (6 weeks, 6 days ago) by maxv
Changes since 1.16: +1 -3 lines
Diff to previous 1.16 (colored)
Clarify IPIP: ipe4_xformsw is not allowed to call ipip_output, so replace the pointer by ipe4_output, which just panics. Group the ipe4_* functions together. Localify other functions. ok ozaki-r@
Revision 1.16 / (download) - annotate - [select for diffs], Tue May 1 08:08:46 2018 UTC (7 weeks, 5 days ago) by maxv
CVS Tags: pgoyette-compat-0502
Changes since 1.15: +1 -14 lines
Diff to previous 1.15 (colored)
Revision 1.15 / (download) - annotate - [select for diffs], Thu Apr 19 08:27:39 2018 UTC (2 months ago) by maxv
CVS Tags: pgoyette-compat-0422
Changes since 1.14: +2 -2 lines
Diff to previous 1.14 (colored)
Remove extra long file paths from the headers.
Revision 1.14 / (download) - annotate - [select for diffs], Fri Feb 16 15:18:41 2018 UTC (4 months ago) by maxv
CVS Tags: pgoyette-compat-base, pgoyette-compat-0415, pgoyette-compat-0407, pgoyette-compat-0330, pgoyette-compat-0322, pgoyette-compat-0315
Branch point for: pgoyette-compat
Changes since 1.13: +12 -13 lines
Diff to previous 1.13 (colored)
Style, remove unused and misleading macros and comments, localify, and reduce the diff between similar functions. No functional change.
Revision 1.13 / (download) - annotate - [select for diffs], Wed Nov 15 10:42:41 2017 UTC (7 months, 1 week ago) by knakahara
CVS Tags: tls-maxphys-base-20171202
Changes since 1.12: +3 -3 lines
Diff to previous 1.12 (colored)
Add argument to encapsw->pr_input() instead of m_tag.
Revision 1.12 / (download) - annotate - [select for diffs], Tue Oct 3 08:56:52 2017 UTC (8 months, 3 weeks ago) by ozaki-r
Changes since 1.11: +5 -5 lines
Diff to previous 1.11 (colored)
Constify isr at many places (NFC)
Revision 1.11 / (download) - annotate - [select for diffs], Fri Jul 14 12:26:26 2017 UTC (11 months, 1 week ago) by ozaki-r
CVS Tags: perseant-stdc-iso10646-base, perseant-stdc-iso10646, nick-nhusb-base-20170825
Changes since 1.10: +4 -3 lines
Diff to previous 1.10 (colored)
Prepare to stop using isr->sav isr is a shared resource and using isr->sav as a temporal storage for each packet processing is racy. And also having a reference from isr to sav makes the lifetime of sav non-deterministic; such a reference is removed when a packet is processed and isr->sav is overwritten by new one. Let's have a sav locally for each packet processing instead of using shared isr->sav. However this change doesn't stop using isr->sav yet because there are some users of isr->sav. isr->sav will be removed after the users find a way to not use isr->sav.
Revision 1.10 / (download) - annotate - [select for diffs], Fri Jul 14 01:24:23 2017 UTC (11 months, 1 week ago) by ozaki-r
Changes since 1.9: +4 -3 lines
Diff to previous 1.9 (colored)
Pass sav directly to opencrypto callback In a callback, use a passed sav as-is by default and look up a sav only if the passed sav is dead.
Revision 1.9 / (download) - annotate - [select for diffs], Wed Jul 5 03:44:59 2017 UTC (11 months, 2 weeks ago) by ozaki-r
Changes since 1.8: +1 -2 lines
Diff to previous 1.8 (colored)
Remove codes for PACKET_TAG_IPSEC_IN_CRYPTO_DONE It seems that PACKET_TAG_IPSEC_IN_CRYPTO_DONE is for network adapters that have IPsec accelerators; a driver sets the mtag to a packet when its device has already encrypted the packet. Unfortunately no driver implements such offload features for long years and seems unlikely to implement them soon. (Note that neither FreeBSD nor Linux doesn't have such drivers.) Let's remove related (unused) codes and simplify the IPsec code.
Revision 1.8 / (download) - annotate - [select for diffs], Tue Jan 26 06:00:10 2016 UTC (2 years, 4 months ago) by knakahara
CVS Tags: prg-localcount2-base3, prg-localcount2-base2, prg-localcount2-base1, prg-localcount2-base, prg-localcount2, pgoyette-localcount-base, pgoyette-localcount-20170426, pgoyette-localcount-20170320, pgoyette-localcount-20170107, pgoyette-localcount-20161104, pgoyette-localcount-20160806, pgoyette-localcount-20160726, pgoyette-localcount, nick-nhusb-base-20170204, nick-nhusb-base-20161204, nick-nhusb-base-20161004, nick-nhusb-base-20160907, nick-nhusb-base-20160529, nick-nhusb-base-20160422, nick-nhusb-base-20160319, netbsd-8-base, localcount-20160914, jdolecek-ncq-base, jdolecek-ncq, bouyer-socketcan-base1, bouyer-socketcan-base, bouyer-socketcan
Branch point for: netbsd-8
Changes since 1.7: +2 -2 lines
Diff to previous 1.7 (colored)
eliminate variable argument in encapsw
Revision 1.7 / (download) - annotate - [select for diffs], Fri Feb 25 20:13:10 2011 UTC (7 years, 3 months ago) by drochner
CVS Tags: yamt-pagecache-tag8, yamt-pagecache-base9, yamt-pagecache-base8, yamt-pagecache-base7, yamt-pagecache-base6, yamt-pagecache-base5, yamt-pagecache-base4, yamt-pagecache-base3, yamt-pagecache-base2, yamt-pagecache-base, yamt-pagecache, tls-maxphys-base, tls-earlyentropy-base, tls-earlyentropy, rmind-uvmplock-nbase, rmind-uvmplock-base, rmind-smpnet-nbase, rmind-smpnet-base, rmind-smpnet, riastradh-xf86-video-intel-2-7-1-pre-2-21-15, riastradh-drm2-base3, riastradh-drm2-base2, riastradh-drm2-base1, riastradh-drm2-base, riastradh-drm2, nick-nhusb-base-20151226, nick-nhusb-base-20150921, nick-nhusb-base-20150606, nick-nhusb-base-20150406, nick-nhusb-base, netbsd-7-nhusb-base-20170116, netbsd-7-nhusb-base, netbsd-7-nhusb, netbsd-7-base, netbsd-7-1-RELEASE, netbsd-7-1-RC2, netbsd-7-1-RC1, netbsd-7-1-2-RELEASE, netbsd-7-1-1-RELEASE, netbsd-7-1, netbsd-7-0-RELEASE, netbsd-7-0-RC3, netbsd-7-0-RC2, netbsd-7-0-RC1, netbsd-7-0-2-RELEASE, netbsd-7-0-1-RELEASE, netbsd-7-0, netbsd-7, netbsd-6-base, netbsd-6-1-RELEASE, netbsd-6-1-RC4, netbsd-6-1-RC3, netbsd-6-1-RC2, netbsd-6-1-RC1, netbsd-6-1-5-RELEASE, netbsd-6-1-4-RELEASE, netbsd-6-1-3-RELEASE, netbsd-6-1-2-RELEASE, netbsd-6-1-1-RELEASE, netbsd-6-1, netbsd-6-0-RELEASE, netbsd-6-0-RC2, netbsd-6-0-RC1, netbsd-6-0-6-RELEASE, netbsd-6-0-5-RELEASE, netbsd-6-0-4-RELEASE, netbsd-6-0-3-RELEASE, netbsd-6-0-2-RELEASE, netbsd-6-0-1-RELEASE, netbsd-6-0, netbsd-6, matt-nb6-plus-nbase, matt-nb6-plus-base, matt-nb6-plus, khorben-n900, jmcneill-usbmp-pre-base2, jmcneill-usbmp-base9, jmcneill-usbmp-base8, jmcneill-usbmp-base7, jmcneill-usbmp-base6, jmcneill-usbmp-base5, jmcneill-usbmp-base4, jmcneill-usbmp-base3, jmcneill-usbmp-base2, jmcneill-usbmp-base10, jmcneill-usbmp-base, jmcneill-usbmp, jmcneill-audiomp3-base, jmcneill-audiomp3, cherry-xenmp-base, cherry-xenmp, bouyer-quota2-nbase, agc-symver-base, agc-symver
Branch point for: tls-maxphys, nick-nhusb
Changes since 1.6: +1 -2 lines
Diff to previous 1.6 (colored)
make the use of SHA2-HMAC by FAST_IPSEC compliant to current standards: -RFC2104 says that the block size of the hash algorithm must be used for key/ipad/opad calculations. While formerly all ciphers used a block length of 64, SHA384 and SHA512 use 128 bytes. So we can't use the HMAC_BLOCK_LEN constant anymore. Add a new field to "struct auth_hash" for the per-cipher blocksize. -Due to this, there can't be a single "CRYPTO_SHA2_HMAC" external name anymore. Replace this by 3 for the 3 different keysizes. This was done by Open/FreeBSD before. -Also fix the number of authenticator bits used tor ESP and AH to conform to RFC4868, and remove uses of AH_HMAC_HASHLEN which did assume a fixed authenticator size of 12 bytes. FAST_IPSEC will not interoperate with KAME IPSEC anymore if sha2 is used, because the latter doesn't implement these standards. It should interoperate with at least modern Free/OpenBSD now. (I've only tested with NetBSD-current/FAST_IPSEC on both ends.)
Revision 1.6 / (download) - annotate - [select for diffs], Fri Feb 18 20:40:58 2011 UTC (7 years, 4 months ago) by drochner
Changes since 1.5: +9 -8 lines
Diff to previous 1.5 (colored)
Revision 1.5 / (download) - annotate - [select for diffs], Fri Feb 18 19:06:45 2011 UTC (7 years, 4 months ago) by drochner
Changes since 1.4: +2 -2 lines
Diff to previous 1.4 (colored)
sprinkle some "const", documenting that the SA is not supposed to change during an xform operation
Revision 1.4 / (download) - annotate - [select for diffs], Sun Mar 4 06:03:30 2007 UTC (11 years, 3 months ago) by christos
CVS Tags: yamt-x86pmap-base4, yamt-x86pmap-base3, yamt-x86pmap-base2, yamt-x86pmap-base, yamt-x86pmap, yamt-pf42-baseX, yamt-pf42-base4, yamt-pf42-base3, yamt-pf42-base2, yamt-pf42-base, yamt-pf42, yamt-nfs-mp-base9, yamt-nfs-mp-base8, yamt-nfs-mp-base7, yamt-nfs-mp-base6, yamt-nfs-mp-base5, yamt-nfs-mp-base4, yamt-nfs-mp-base3, yamt-nfs-mp-base2, yamt-nfs-mp-base11, yamt-nfs-mp-base10, yamt-nfs-mp-base, yamt-nfs-mp, yamt-lazymbuf-base15, yamt-lazymbuf-base14, yamt-kmem-base3, yamt-kmem-base2, yamt-kmem-base, yamt-kmem, yamt-idlelwp-base8, wrstuden-revivesa-base-4, wrstuden-revivesa-base-3, wrstuden-revivesa-base-2, wrstuden-revivesa-base-1, wrstuden-revivesa-base, wrstuden-revivesa, vmlocking2-base3, vmlocking2-base2, vmlocking2-base1, vmlocking2, vmlocking-nbase, vmlocking-base, vmlocking, uebayasi-xip-base4, uebayasi-xip-base3, uebayasi-xip-base2, uebayasi-xip-base1, uebayasi-xip-base, uebayasi-xip, thorpej-atomic-base, thorpej-atomic, simonb-wapbl-nbase, simonb-wapbl-base, simonb-wapbl, reinoud-bufcleanup-nbase, reinoud-bufcleanup-base, reinoud-bufcleanup, nick-net80211-sync-base, nick-net80211-sync, nick-hppapmap-base4, nick-hppapmap-base3, nick-hppapmap-base2, nick-hppapmap-base, nick-hppapmap, nick-csl-alignment-base5, nick-csl-alignment-base, nick-csl-alignment, netbsd-5-base, netbsd-5-2-RELEASE, netbsd-5-2-RC1, netbsd-5-2-3-RELEASE, netbsd-5-2-2-RELEASE, netbsd-5-2-1-RELEASE, netbsd-5-2, netbsd-5-1-RELEASE, netbsd-5-1-RC4, netbsd-5-1-RC3, netbsd-5-1-RC2, netbsd-5-1-RC1, netbsd-5-1-5-RELEASE, netbsd-5-1-4-RELEASE, netbsd-5-1-3-RELEASE, netbsd-5-1-2-RELEASE, netbsd-5-1-1-RELEASE, netbsd-5-1, netbsd-5-0-RELEASE, netbsd-5-0-RC4, netbsd-5-0-RC3, netbsd-5-0-RC2, netbsd-5-0-RC1, netbsd-5-0-2-RELEASE, netbsd-5-0-1-RELEASE, netbsd-5-0, netbsd-5, mjf-ufs-trans-base, mjf-ufs-trans, mjf-devfs2-base, mjf-devfs2, mjf-devfs-base, mjf-devfs, matt-premerge-20091211, matt-nb5-pq3-base, matt-nb5-pq3, matt-nb5-mips64-u2-k2-k4-k7-k8-k9, matt-nb5-mips64-u1-k1-k5, matt-nb5-mips64-premerge-20101231, matt-nb5-mips64-premerge-20091211, matt-nb5-mips64-k15, matt-nb5-mips64, matt-nb4-mips64-k7-u2a-k9b, matt-mips64-premerge-20101231, matt-mips64-base2, matt-mips64-base, matt-mips64, matt-armv6-prevmlocking, matt-armv6-nbase, matt-armv6-base, matt-armv6, keiichi-mipv6-nbase, keiichi-mipv6-base, keiichi-mipv6, jymxensuspend-base, jym-xensuspend-nbase, jym-xensuspend-base, jym-xensuspend, jruoho-x86intr-base, jmcneill-pm-base, jmcneill-pm, jmcneill-base, hpcarm-cleanup-nbase, hpcarm-cleanup-base, hpcarm-cleanup, haad-nbase2, haad-dm-base2, haad-dm-base1, haad-dm-base, haad-dm, cube-autoconf-base, cube-autoconf, bouyer-xeni386-nbase, bouyer-xeni386-merge1, bouyer-xeni386-base, bouyer-xeni386, bouyer-xenamd64-base2, bouyer-xenamd64-base, bouyer-xenamd64, bouyer-quota2-base, ad-socklock-base1, ad-audiomp2-base, ad-audiomp2
Branch point for: rmind-uvmplock, jruoho-x86intr, bouyer-quota2
Changes since 1.3: +2 -2 lines
Diff to previous 1.3 (colored)
Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.
Revision 1.3 / (download) - annotate - [select for diffs], Sat Dec 10 23:44:08 2005 UTC (12 years, 6 months ago) by elad
CVS Tags: yamt-uio_vmspace-base5, yamt-uio_vmspace, yamt-splraiseipl-base5, yamt-splraiseipl-base4, yamt-splraiseipl-base3, yamt-splraiseipl-base2, yamt-splraiseipl-base, yamt-splraiseipl, yamt-pdpolicy-base9, yamt-pdpolicy-base8, yamt-pdpolicy-base7, yamt-pdpolicy-base6, yamt-pdpolicy-base5, yamt-pdpolicy-base4, yamt-pdpolicy-base3, yamt-pdpolicy-base2, yamt-pdpolicy-base, yamt-pdpolicy, wrstuden-fixsa-newbase, wrstuden-fixsa-base-1, wrstuden-fixsa-base, wrstuden-fixsa, simonb-timecounters-base, simonb-timecounters, simonb-timcounters-final, rpaulo-netinet-merge-pcb-base, rpaulo-netinet-merge-pcb, post-newlock2-merge, peter-altq-base, peter-altq, newlock2-nbase, newlock2-base, newlock2, netbsd-4-base, netbsd-4-0-RELEASE, netbsd-4-0-RC5, netbsd-4-0-RC4, netbsd-4-0-RC3, netbsd-4-0-RC2, netbsd-4-0-RC1, netbsd-4-0-1-RELEASE, netbsd-4-0, netbsd-4, matt-nb4-arm-base, matt-nb4-arm, ktrace-lwp-base, gdamore-uart-base, gdamore-uart, elad-kernelauth-base, elad-kernelauth, chap-midi-nbase, chap-midi-base, chap-midi, ad-audiomp-base, ad-audiomp, abandoned-netbsd-4-base, abandoned-netbsd-4
Branch point for: yamt-idlelwp
Changes since 1.2: +2 -2 lines
Diff to previous 1.2 (colored)
Multiple inclusion protection, as suggested by christos@ on tech-kern@ few days ago.
Revision 1.2 / (download) - annotate - [select for diffs], Fri Jun 10 13:22:42 2005 UTC (13 years ago) by christos
CVS Tags: yamt-vop-base3, yamt-vop-base2, yamt-vop-base, yamt-vop, yamt-readahead-pervnode, yamt-readahead-perfile, yamt-readahead-base3, yamt-readahead-base2, yamt-readahead-base, yamt-readahead, thorpej-vnode-attr-base, thorpej-vnode-attr
Branch point for: yamt-lazymbuf
Changes since 1.1: +2 -2 lines
Diff to previous 1.1 (colored)
constify and unshadow.
Revision 1.1 / (download) - annotate - [select for diffs], Wed Aug 13 20:06:51 2003 UTC (14 years, 10 months ago) by jonathan
CVS Tags: yamt-km-base4, yamt-km-base3, yamt-km-base2, yamt-km-base, yamt-km, netbsd-3-base, netbsd-3-1-RELEASE, netbsd-3-1-RC4, netbsd-3-1-RC3, netbsd-3-1-RC2, netbsd-3-1-RC1, netbsd-3-1-1-RELEASE, netbsd-3-1, netbsd-3-0-RELEASE, netbsd-3-0-RC6, netbsd-3-0-RC5, netbsd-3-0-RC4, netbsd-3-0-RC3, netbsd-3-0-RC2, netbsd-3-0-RC1, netbsd-3-0-3-RELEASE, netbsd-3-0-2-RELEASE, netbsd-3-0-1-RELEASE, netbsd-3-0, netbsd-3, netbsd-2-base, netbsd-2-1-RELEASE, netbsd-2-1-RC6, netbsd-2-1-RC5, netbsd-2-1-RC4, netbsd-2-1-RC3, netbsd-2-1-RC2, netbsd-2-1-RC1, netbsd-2-1, netbsd-2-0-base, netbsd-2-0-RELEASE, netbsd-2-0-RC5, netbsd-2-0-RC4, netbsd-2-0-RC3, netbsd-2-0-RC2, netbsd-2-0-RC1, netbsd-2-0-3-RELEASE, netbsd-2-0-2-RELEASE, netbsd-2-0-1-RELEASE, netbsd-2-0, netbsd-2, kent-audio2-base, kent-audio2, kent-audio1-beforemerge, kent-audio1-base, kent-audio1
Branch point for: ktrace-lwp
Initial import of Sam Leffler's `Fast-IPsec' from FreeBSD 4. Fast-IPsec is a rework of the OpenBSD and KAME IPsec code, using the OpenCryptoFramework (and thus hardware crypto accelerators) and numerous detailed performance improvements. This import is (aside from SPL-level names) the FreeBSD source, imported ``as-is'' as a historical snapshot, for future maintenance and comparison against the FreeBSD source. For now, several minor kernel-API differences are hidden by macros a shim file, ipsec_osdep.h, which (aside from SPL names) can be targeted at either NetBSD or FreeBSD.
This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.