The NetBSD Project

CVS log for src/sys/netipsec/xform.h

[BACK] Up to [cvs.NetBSD.org] / src / sys / netipsec

Request diff between arbitrary revisions


Default branch: MAIN
Current tag: MAIN


Revision 1.20 / (download) - annotate - [select for diffs], Wed May 30 17:17:11 2018 UTC (6 months, 2 weeks ago) by maxv
Branch: MAIN
CVS Tags: phil-wifi-base, phil-wifi, pgoyette-compat-1126, pgoyette-compat-1020, pgoyette-compat-0930, pgoyette-compat-0906, pgoyette-compat-0728, pgoyette-compat-0625, HEAD
Changes since 1.19: +2 -1 lines
Diff to previous 1.19 (colored)

Introduce ah_authsiz, which computes the length of the ICV only. Use it in
esp_hdrsiz, and clarify.

Until now we were using ah_hdrsiz, and were relying on the fact that the
size of the AH header happens to be equal to that of the ESP trailer.

Now the size of the ESP trailer is added manually. This also fixes one
branch in esp_hdrsiz: we always append an ESP trailer, so it must always
be taken into account, and not just when an ICV is here.

Revision 1.19 / (download) - annotate - [select for diffs], Mon May 7 09:25:04 2018 UTC (7 months, 1 week ago) by maxv
Branch: MAIN
CVS Tags: pgoyette-compat-0521
Changes since 1.18: +2 -3 lines
Diff to previous 1.18 (colored)

Remove now unused 'isr', 'skip' and 'protoff' arguments from ipip_output.

Revision 1.18 / (download) - annotate - [select for diffs], Mon May 7 09:16:46 2018 UTC (7 months, 1 week ago) by maxv
Branch: MAIN
Changes since 1.17: +17 -19 lines
Diff to previous 1.17 (colored)

Remove unused 'mp' argument from all the xf_output functions. Also clean
up xform.h a bit.

Revision 1.17 / (download) - annotate - [select for diffs], Mon May 7 09:08:06 2018 UTC (7 months, 1 week ago) by maxv
Branch: MAIN
Changes since 1.16: +1 -3 lines
Diff to previous 1.16 (colored)

Clarify IPIP: ipe4_xformsw is not allowed to call ipip_output, so replace
the pointer by ipe4_output, which just panics. Group the ipe4_* functions
together. Localify other functions.

ok ozaki-r@

Revision 1.16 / (download) - annotate - [select for diffs], Tue May 1 08:08:46 2018 UTC (7 months, 2 weeks ago) by maxv
Branch: MAIN
CVS Tags: pgoyette-compat-0502
Changes since 1.15: +1 -14 lines
Diff to previous 1.15 (colored)

Remove unused.

Revision 1.15 / (download) - annotate - [select for diffs], Thu Apr 19 08:27:39 2018 UTC (7 months, 4 weeks ago) by maxv
Branch: MAIN
CVS Tags: pgoyette-compat-0422
Changes since 1.14: +2 -2 lines
Diff to previous 1.14 (colored)

Remove extra long file paths from the headers.

Revision 1.14 / (download) - annotate - [select for diffs], Fri Feb 16 15:18:41 2018 UTC (10 months ago) by maxv
Branch: MAIN
CVS Tags: pgoyette-compat-base, pgoyette-compat-0415, pgoyette-compat-0407, pgoyette-compat-0330, pgoyette-compat-0322, pgoyette-compat-0315
Branch point for: pgoyette-compat
Changes since 1.13: +12 -13 lines
Diff to previous 1.13 (colored)

Style, remove unused and misleading macros and comments, localify, and
reduce the diff between similar functions. No functional change.

Revision 1.13 / (download) - annotate - [select for diffs], Wed Nov 15 10:42:41 2017 UTC (13 months ago) by knakahara
Branch: MAIN
CVS Tags: tls-maxphys-base-20171202
Changes since 1.12: +3 -3 lines
Diff to previous 1.12 (colored)

Add argument to encapsw->pr_input() instead of m_tag.

Revision 1.12 / (download) - annotate - [select for diffs], Tue Oct 3 08:56:52 2017 UTC (14 months, 2 weeks ago) by ozaki-r
Branch: MAIN
Changes since 1.11: +5 -5 lines
Diff to previous 1.11 (colored)

Constify isr at many places (NFC)

Revision 1.11 / (download) - annotate - [select for diffs], Fri Jul 14 12:26:26 2017 UTC (17 months ago) by ozaki-r
Branch: MAIN
CVS Tags: perseant-stdc-iso10646-base, perseant-stdc-iso10646, nick-nhusb-base-20170825
Changes since 1.10: +4 -3 lines
Diff to previous 1.10 (colored)

Prepare to stop using isr->sav

isr is a shared resource and using isr->sav as a temporal storage
for each packet processing is racy. And also having a reference from
isr to sav makes the lifetime of sav non-deterministic; such a reference
is removed when a packet is processed and isr->sav is overwritten by
new one. Let's have a sav locally for each packet processing instead of
using shared isr->sav.

However this change doesn't stop using isr->sav yet because there are
some users of isr->sav. isr->sav will be removed after the users find
a way to not use isr->sav.

Revision 1.10 / (download) - annotate - [select for diffs], Fri Jul 14 01:24:23 2017 UTC (17 months ago) by ozaki-r
Branch: MAIN
Changes since 1.9: +4 -3 lines
Diff to previous 1.9 (colored)

Pass sav directly to opencrypto callback

In a callback, use a passed sav as-is by default and look up a sav
only if the passed sav is dead.

Revision 1.9 / (download) - annotate - [select for diffs], Wed Jul 5 03:44:59 2017 UTC (17 months, 2 weeks ago) by ozaki-r
Branch: MAIN
Changes since 1.8: +1 -2 lines
Diff to previous 1.8 (colored)

Remove codes for PACKET_TAG_IPSEC_IN_CRYPTO_DONE

It seems that PACKET_TAG_IPSEC_IN_CRYPTO_DONE is for network adapters
that have IPsec accelerators; a driver sets the mtag to a packet
when its device has already encrypted the packet.

Unfortunately no driver implements such offload features for long
years and seems unlikely to implement them soon. (Note that neither
FreeBSD nor Linux doesn't have such drivers.) Let's remove related
(unused) codes and simplify the IPsec code.

Revision 1.8 / (download) - annotate - [select for diffs], Tue Jan 26 06:00:10 2016 UTC (2 years, 10 months ago) by knakahara
Branch: MAIN
CVS Tags: prg-localcount2-base3, prg-localcount2-base2, prg-localcount2-base1, prg-localcount2-base, prg-localcount2, pgoyette-localcount-base, pgoyette-localcount-20170426, pgoyette-localcount-20170320, pgoyette-localcount-20170107, pgoyette-localcount-20161104, pgoyette-localcount-20160806, pgoyette-localcount-20160726, pgoyette-localcount, nick-nhusb-base-20170204, nick-nhusb-base-20161204, nick-nhusb-base-20161004, nick-nhusb-base-20160907, nick-nhusb-base-20160529, nick-nhusb-base-20160422, nick-nhusb-base-20160319, netbsd-8-base, localcount-20160914, jdolecek-ncq-base, jdolecek-ncq, bouyer-socketcan-base1, bouyer-socketcan-base, bouyer-socketcan
Branch point for: netbsd-8
Changes since 1.7: +2 -2 lines
Diff to previous 1.7 (colored)

eliminate variable argument in encapsw

Revision 1.7 / (download) - annotate - [select for diffs], Fri Feb 25 20:13:10 2011 UTC (7 years, 9 months ago) by drochner
Branch: MAIN
CVS Tags: yamt-pagecache-tag8, yamt-pagecache-base9, yamt-pagecache-base8, yamt-pagecache-base7, yamt-pagecache-base6, yamt-pagecache-base5, yamt-pagecache-base4, yamt-pagecache-base3, yamt-pagecache-base2, yamt-pagecache-base, yamt-pagecache, tls-maxphys-base, tls-earlyentropy-base, tls-earlyentropy, rmind-uvmplock-nbase, rmind-uvmplock-base, rmind-smpnet-nbase, rmind-smpnet-base, rmind-smpnet, riastradh-xf86-video-intel-2-7-1-pre-2-21-15, riastradh-drm2-base3, riastradh-drm2-base2, riastradh-drm2-base1, riastradh-drm2-base, riastradh-drm2, nick-nhusb-base-20151226, nick-nhusb-base-20150921, nick-nhusb-base-20150606, nick-nhusb-base-20150406, nick-nhusb-base, netbsd-7-nhusb-base-20170116, netbsd-7-nhusb-base, netbsd-7-nhusb, netbsd-7-base, netbsd-7-2-RELEASE, netbsd-7-1-RELEASE, netbsd-7-1-RC2, netbsd-7-1-RC1, netbsd-7-1-2-RELEASE, netbsd-7-1-1-RELEASE, netbsd-7-1, netbsd-7-0-RELEASE, netbsd-7-0-RC3, netbsd-7-0-RC2, netbsd-7-0-RC1, netbsd-7-0-2-RELEASE, netbsd-7-0-1-RELEASE, netbsd-7-0, netbsd-7, netbsd-6-base, netbsd-6-1-RELEASE, netbsd-6-1-RC4, netbsd-6-1-RC3, netbsd-6-1-RC2, netbsd-6-1-RC1, netbsd-6-1-5-RELEASE, netbsd-6-1-4-RELEASE, netbsd-6-1-3-RELEASE, netbsd-6-1-2-RELEASE, netbsd-6-1-1-RELEASE, netbsd-6-1, netbsd-6-0-RELEASE, netbsd-6-0-RC2, netbsd-6-0-RC1, netbsd-6-0-6-RELEASE, netbsd-6-0-5-RELEASE, netbsd-6-0-4-RELEASE, netbsd-6-0-3-RELEASE, netbsd-6-0-2-RELEASE, netbsd-6-0-1-RELEASE, netbsd-6-0, netbsd-6, matt-nb6-plus-nbase, matt-nb6-plus-base, matt-nb6-plus, khorben-n900, jmcneill-usbmp-pre-base2, jmcneill-usbmp-base9, jmcneill-usbmp-base8, jmcneill-usbmp-base7, jmcneill-usbmp-base6, jmcneill-usbmp-base5, jmcneill-usbmp-base4, jmcneill-usbmp-base3, jmcneill-usbmp-base2, jmcneill-usbmp-base10, jmcneill-usbmp-base, jmcneill-usbmp, jmcneill-audiomp3-base, jmcneill-audiomp3, cherry-xenmp-base, cherry-xenmp, bouyer-quota2-nbase, agc-symver-base, agc-symver
Branch point for: tls-maxphys, nick-nhusb
Changes since 1.6: +1 -2 lines
Diff to previous 1.6 (colored)

make the use of SHA2-HMAC by FAST_IPSEC compliant to current standards:
-RFC2104 says that the block size of the hash algorithm must be used
 for key/ipad/opad calculations. While formerly all ciphers used a block
 length of 64, SHA384 and SHA512 use 128 bytes. So we can't use the
 HMAC_BLOCK_LEN constant anymore. Add a new field to "struct auth_hash"
 for the per-cipher blocksize.
-Due to this, there can't be a single "CRYPTO_SHA2_HMAC" external name
 anymore. Replace this by 3 for the 3 different keysizes.
 This was done by Open/FreeBSD before.
-Also fix the number of authenticator bits used tor ESP and AH to
 conform to RFC4868, and remove uses of AH_HMAC_HASHLEN which did
 assume a fixed authenticator size of 12 bytes.

FAST_IPSEC will not interoperate with KAME IPSEC anymore if sha2 is used,
because the latter doesn't implement these standards. It should
interoperate with at least modern Free/OpenBSD now.
(I've only tested with NetBSD-current/FAST_IPSEC on both ends.)

Revision 1.6 / (download) - annotate - [select for diffs], Fri Feb 18 20:40:58 2011 UTC (7 years, 10 months ago) by drochner
Branch: MAIN
Changes since 1.5: +9 -8 lines
Diff to previous 1.5 (colored)

more "const"

Revision 1.5 / (download) - annotate - [select for diffs], Fri Feb 18 19:06:45 2011 UTC (7 years, 10 months ago) by drochner
Branch: MAIN
Changes since 1.4: +2 -2 lines
Diff to previous 1.4 (colored)

sprinkle some "const", documenting that the SA is not supposed to
change during an xform operation

Revision 1.4 / (download) - annotate - [select for diffs], Sun Mar 4 06:03:30 2007 UTC (11 years, 9 months ago) by christos
Branch: MAIN
CVS Tags: yamt-x86pmap-base4, yamt-x86pmap-base3, yamt-x86pmap-base2, yamt-x86pmap-base, yamt-x86pmap, yamt-pf42-baseX, yamt-pf42-base4, yamt-pf42-base3, yamt-pf42-base2, yamt-pf42-base, yamt-pf42, yamt-nfs-mp-base9, yamt-nfs-mp-base8, yamt-nfs-mp-base7, yamt-nfs-mp-base6, yamt-nfs-mp-base5, yamt-nfs-mp-base4, yamt-nfs-mp-base3, yamt-nfs-mp-base2, yamt-nfs-mp-base11, yamt-nfs-mp-base10, yamt-nfs-mp-base, yamt-nfs-mp, yamt-lazymbuf-base15, yamt-lazymbuf-base14, yamt-kmem-base3, yamt-kmem-base2, yamt-kmem-base, yamt-kmem, yamt-idlelwp-base8, wrstuden-revivesa-base-4, wrstuden-revivesa-base-3, wrstuden-revivesa-base-2, wrstuden-revivesa-base-1, wrstuden-revivesa-base, wrstuden-revivesa, vmlocking2-base3, vmlocking2-base2, vmlocking2-base1, vmlocking2, vmlocking-nbase, vmlocking-base, vmlocking, uebayasi-xip-base4, uebayasi-xip-base3, uebayasi-xip-base2, uebayasi-xip-base1, uebayasi-xip-base, uebayasi-xip, thorpej-atomic-base, thorpej-atomic, simonb-wapbl-nbase, simonb-wapbl-base, simonb-wapbl, reinoud-bufcleanup-nbase, reinoud-bufcleanup-base, reinoud-bufcleanup, nick-net80211-sync-base, nick-net80211-sync, nick-hppapmap-base4, nick-hppapmap-base3, nick-hppapmap-base2, nick-hppapmap-base, nick-hppapmap, nick-csl-alignment-base5, nick-csl-alignment-base, nick-csl-alignment, netbsd-5-base, netbsd-5-2-RELEASE, netbsd-5-2-RC1, netbsd-5-2-3-RELEASE, netbsd-5-2-2-RELEASE, netbsd-5-2-1-RELEASE, netbsd-5-2, netbsd-5-1-RELEASE, netbsd-5-1-RC4, netbsd-5-1-RC3, netbsd-5-1-RC2, netbsd-5-1-RC1, netbsd-5-1-5-RELEASE, netbsd-5-1-4-RELEASE, netbsd-5-1-3-RELEASE, netbsd-5-1-2-RELEASE, netbsd-5-1-1-RELEASE, netbsd-5-1, netbsd-5-0-RELEASE, netbsd-5-0-RC4, netbsd-5-0-RC3, netbsd-5-0-RC2, netbsd-5-0-RC1, netbsd-5-0-2-RELEASE, netbsd-5-0-1-RELEASE, netbsd-5-0, netbsd-5, mjf-ufs-trans-base, mjf-ufs-trans, mjf-devfs2-base, mjf-devfs2, mjf-devfs-base, mjf-devfs, matt-premerge-20091211, matt-nb5-pq3-base, matt-nb5-pq3, matt-nb5-mips64-u2-k2-k4-k7-k8-k9, matt-nb5-mips64-u1-k1-k5, matt-nb5-mips64-premerge-20101231, matt-nb5-mips64-premerge-20091211, matt-nb5-mips64-k15, matt-nb5-mips64, matt-nb4-mips64-k7-u2a-k9b, matt-mips64-premerge-20101231, matt-mips64-base2, matt-mips64-base, matt-mips64, matt-armv6-prevmlocking, matt-armv6-nbase, matt-armv6-base, matt-armv6, keiichi-mipv6-nbase, keiichi-mipv6-base, keiichi-mipv6, jymxensuspend-base, jym-xensuspend-nbase, jym-xensuspend-base, jym-xensuspend, jruoho-x86intr-base, jmcneill-pm-base, jmcneill-pm, jmcneill-base, hpcarm-cleanup-nbase, hpcarm-cleanup-base, hpcarm-cleanup, haad-nbase2, haad-dm-base2, haad-dm-base1, haad-dm-base, haad-dm, cube-autoconf-base, cube-autoconf, bouyer-xeni386-nbase, bouyer-xeni386-merge1, bouyer-xeni386-base, bouyer-xeni386, bouyer-xenamd64-base2, bouyer-xenamd64-base, bouyer-xenamd64, bouyer-quota2-base, ad-socklock-base1, ad-audiomp2-base, ad-audiomp2
Branch point for: rmind-uvmplock, jruoho-x86intr, bouyer-quota2
Changes since 1.3: +2 -2 lines
Diff to previous 1.3 (colored)

Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.

Revision 1.3 / (download) - annotate - [select for diffs], Sat Dec 10 23:44:08 2005 UTC (13 years ago) by elad
Branch: MAIN
CVS Tags: yamt-uio_vmspace-base5, yamt-uio_vmspace, yamt-splraiseipl-base5, yamt-splraiseipl-base4, yamt-splraiseipl-base3, yamt-splraiseipl-base2, yamt-splraiseipl-base, yamt-splraiseipl, yamt-pdpolicy-base9, yamt-pdpolicy-base8, yamt-pdpolicy-base7, yamt-pdpolicy-base6, yamt-pdpolicy-base5, yamt-pdpolicy-base4, yamt-pdpolicy-base3, yamt-pdpolicy-base2, yamt-pdpolicy-base, yamt-pdpolicy, wrstuden-fixsa-newbase, wrstuden-fixsa-base-1, wrstuden-fixsa-base, wrstuden-fixsa, simonb-timecounters-base, simonb-timecounters, simonb-timcounters-final, rpaulo-netinet-merge-pcb-base, rpaulo-netinet-merge-pcb, post-newlock2-merge, peter-altq-base, peter-altq, newlock2-nbase, newlock2-base, newlock2, netbsd-4-base, netbsd-4-0-RELEASE, netbsd-4-0-RC5, netbsd-4-0-RC4, netbsd-4-0-RC3, netbsd-4-0-RC2, netbsd-4-0-RC1, netbsd-4-0-1-RELEASE, netbsd-4-0, netbsd-4, matt-nb4-arm-base, matt-nb4-arm, ktrace-lwp-base, gdamore-uart-base, gdamore-uart, elad-kernelauth-base, elad-kernelauth, chap-midi-nbase, chap-midi-base, chap-midi, ad-audiomp-base, ad-audiomp, abandoned-netbsd-4-base, abandoned-netbsd-4
Branch point for: yamt-idlelwp
Changes since 1.2: +2 -2 lines
Diff to previous 1.2 (colored)

Multiple inclusion protection, as suggested by christos@ on tech-kern@
few days ago.

Revision 1.2 / (download) - annotate - [select for diffs], Fri Jun 10 13:22:42 2005 UTC (13 years, 6 months ago) by christos
Branch: MAIN
CVS Tags: yamt-vop-base3, yamt-vop-base2, yamt-vop-base, yamt-vop, yamt-readahead-pervnode, yamt-readahead-perfile, yamt-readahead-base3, yamt-readahead-base2, yamt-readahead-base, yamt-readahead, thorpej-vnode-attr-base, thorpej-vnode-attr
Branch point for: yamt-lazymbuf
Changes since 1.1: +2 -2 lines
Diff to previous 1.1 (colored)

constify and unshadow.

Revision 1.1 / (download) - annotate - [select for diffs], Wed Aug 13 20:06:51 2003 UTC (15 years, 4 months ago) by jonathan
Branch: MAIN
CVS Tags: yamt-km-base4, yamt-km-base3, yamt-km-base2, yamt-km-base, yamt-km, netbsd-3-base, netbsd-3-1-RELEASE, netbsd-3-1-RC4, netbsd-3-1-RC3, netbsd-3-1-RC2, netbsd-3-1-RC1, netbsd-3-1-1-RELEASE, netbsd-3-1, netbsd-3-0-RELEASE, netbsd-3-0-RC6, netbsd-3-0-RC5, netbsd-3-0-RC4, netbsd-3-0-RC3, netbsd-3-0-RC2, netbsd-3-0-RC1, netbsd-3-0-3-RELEASE, netbsd-3-0-2-RELEASE, netbsd-3-0-1-RELEASE, netbsd-3-0, netbsd-3, netbsd-2-base, netbsd-2-1-RELEASE, netbsd-2-1-RC6, netbsd-2-1-RC5, netbsd-2-1-RC4, netbsd-2-1-RC3, netbsd-2-1-RC2, netbsd-2-1-RC1, netbsd-2-1, netbsd-2-0-base, netbsd-2-0-RELEASE, netbsd-2-0-RC5, netbsd-2-0-RC4, netbsd-2-0-RC3, netbsd-2-0-RC2, netbsd-2-0-RC1, netbsd-2-0-3-RELEASE, netbsd-2-0-2-RELEASE, netbsd-2-0-1-RELEASE, netbsd-2-0, netbsd-2, kent-audio2-base, kent-audio2, kent-audio1-beforemerge, kent-audio1-base, kent-audio1
Branch point for: ktrace-lwp

Initial import of Sam Leffler's `Fast-IPsec' from FreeBSD 4.
Fast-IPsec is a rework of the OpenBSD and KAME IPsec code, using the
OpenCryptoFramework (and thus hardware crypto accelerators) and
numerous detailed performance improvements.

This import is (aside from SPL-level names) the FreeBSD source,
imported ``as-is'' as a historical snapshot, for future maintenance
and comparison against the FreeBSD source.  For now, several minor
kernel-API differences are hidden by macros a shim file, ipsec_osdep.h,
which (aside from SPL names) can be targeted at either NetBSD or FreeBSD.

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>