![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / sys / netinet
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.92 / (download) - annotate - [select for diffs], Tue May 3 09:18:11 2022 UTC (2 years, 1 month ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
HEAD
Changes since 1.91: +3 -3 lines
Diff to previous 1.91 (colored)
Retire CRYPTO_F_MPSAFE it is no longer of any use. The crypto framework no longer uses a callback and so there is no need to define the callback as MPSAFE. OK bluhm@
Revision 1.91 / (download) - annotate - [select for diffs], Thu Dec 23 12:21:48 2021 UTC (2 years, 5 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.90: +1 -5 lines
Diff to previous 1.90 (colored)
IPsec is not MP safe yet. To allow forwarding in parallel without dirty hacks, it is better to protect IPsec input and output with kernel lock. Not much is lost as crypto needs the kernel lock anyway. From here we can refine the lock later. Note that there is no kernel lock in the SPD lockup path. Goal is to keep that lock free to allow fast forwarding with non IPsec traffic. tested by Hrvoje Popovski; OK tobhe@
Revision 1.90 / (download) - annotate - [select for diffs], Mon Dec 20 15:59:09 2021 UTC (2 years, 5 months ago) by mvs
Branch: MAIN
Changes since 1.89: +2 -2 lines
Diff to previous 1.89 (colored)
Use per-CPU counters for tunnel descriptor block (TDB) statistics. 'tdb_data' struct became unused and was removed. Tested by Hrvoje Popovski. ok bluhm@
Revision 1.89 / (download) - annotate - [select for diffs], Sat Dec 11 16:33:47 2021 UTC (2 years, 5 months ago) by bluhm
Branch: MAIN
Changes since 1.88: +15 -5 lines
Diff to previous 1.88 (colored)
Protect the write access to the TDB flags field with a mutex per TDB. Clearing the timeout flags just before pool put in tdb_free() does not make sense. Move this to tdb_delete(). While there make the parentheses in the flag check consistent. tested by Hrvoje Popovski; OK tobhe@
Revision 1.88 / (download) - annotate - [select for diffs], Sun Nov 21 16:17:48 2021 UTC (2 years, 6 months ago) by mvs
Branch: MAIN
Changes since 1.87: +3 -1 lines
Diff to previous 1.87 (colored)
Add the new `ipsec_exctdb' ipsec(4) counter to count and expose to the userland the TDBs which exceeded hard limit. Also the `ipsec_notdb' counter description in header doesn't math to netstat(1) description. We never count `ipsec_notdb' and the netstat(1) description looks more appropriate so it's used to avoid confusion with the new counter. ok bluhm@
Revision 1.87 / (download) - annotate - [select for diffs], Thu Nov 11 18:08:18 2021 UTC (2 years, 6 months ago) by bluhm
Branch: MAIN
Changes since 1.86: +2 -6 lines
Diff to previous 1.86 (colored)
Do not call ip_deliver() recursively from IPsec. As there is no crypto task anymore, it is possible to return the next protocol. Then ip_deliver() will walk the header chain in its loop. IPsec bridge(4) tested by jan@ OK mvs@ tobhe@ jan@
Revision 1.86 / (download) - annotate - [select for diffs], Sun Oct 24 18:15:58 2021 UTC (2 years, 7 months ago) by tobhe
Branch: MAIN
Changes since 1.85: +31 -114 lines
Diff to previous 1.85 (colored)
Refactor ipcomp_input() and ipcomp_output(). Remove obsolete code related to old crypto API. ok bluhm@
Revision 1.85 / (download) - annotate - [select for diffs], Sun Oct 24 17:08:27 2021 UTC (2 years, 7 months ago) by bluhm
Branch: MAIN
Changes since 1.84: +9 -6 lines
Diff to previous 1.84 (colored)
There are more m_pullup() in IPsec input. Pass down the pointer to the mbuf to update it globally. At the end it will reach ip_deliver() which expects a pointer to an mbuf. OK sashan@
Revision 1.84 / (download) - annotate - [select for diffs], Sun Oct 24 14:50:42 2021 UTC (2 years, 7 months ago) by tobhe
Branch: MAIN
Changes since 1.83: +8 -13 lines
Diff to previous 1.83 (colored)
Remove crp_etype and return errors directly from crypto_invoke() ok patrick@
Revision 1.83 / (download) - annotate - [select for diffs], Sun Oct 24 14:24:29 2021 UTC (2 years, 7 months ago) by bluhm
Branch: MAIN
Changes since 1.82: +3 -15 lines
Diff to previous 1.82 (colored)
Pass the error of the IPsec callback to the caller. The dropped counter is handled there. OK tobhe@
Revision 1.82 / (download) - annotate - [select for diffs], Sat Oct 23 22:19:37 2021 UTC (2 years, 7 months ago) by bluhm
Branch: MAIN
Changes since 1.81: +16 -12 lines
Diff to previous 1.81 (colored)
There is an m_pullup() down in AH input. As it may free or change the mbuf, the callers must be careful. Although there is no bug, use the common pattern to handle this. Pass down an mbuf pointer mp and let m_pullup() update the pointer in all callers. It looks like the tcp signature functions should not be called. Avoid an mbuf leak and return an error. OK mvs@
Revision 1.81 / (download) - annotate - [select for diffs], Sat Oct 23 22:00:51 2021 UTC (2 years, 7 months ago) by bluhm
Branch: MAIN
Changes since 1.80: +2 -2 lines
Diff to previous 1.80 (colored)
Fix use-after-free in ipcomp_output() introduced by previous commit. Retrieve ilen and olen from crypto descriptors before freeing them. Found by regress/sys/netinet/ipsec. OK mpi@
Revision 1.80 / (download) - annotate - [select for diffs], Sat Oct 23 15:42:35 2021 UTC (2 years, 7 months ago) by tobhe
Branch: MAIN
Changes since 1.79: +62 -9 lines
Diff to previous 1.79 (colored)
Retire asynchronous crypto API as it is no longer required by any driver and adds unnecessary complexity. Dedicated crypto offloading devices are not common anymore. Modern CPU crypto acceleration works synchronously, eliminating the need for callbacks. Replace all occurrences of crypto_dispatch() with crypto_invoke(), which is blocking and only returns after the operation has completed or an error occured. Invoke callback functions directly from the consumer (e.g. IPsec, softraid) instead of relying on the crypto driver to call crypto_done(). ok bluhm@ mvs@ patrick@
Revision 1.79 / (download) - annotate - [select for diffs], Fri Oct 22 15:44:20 2021 UTC (2 years, 7 months ago) by bluhm
Branch: MAIN
Changes since 1.78: +11 -9 lines
Diff to previous 1.78 (colored)
Make error handling in IPsec consistent. Pass errors to the callers. OK tobhe@
Revision 1.78 / (download) - annotate - [select for diffs], Fri Oct 22 12:30:53 2021 UTC (2 years, 7 months ago) by bluhm
Branch: MAIN
Changes since 1.77: +1 -5 lines
Diff to previous 1.77 (colored)
After deleting hifn(4) the only provider for the LZS compression algorithm is gone. Reomve all LZS references from the tree. The v42bis in isakmpd also looks unsupported. OK mvs@ patrick@ sthen@
Revision 1.77 / (download) - annotate - [select for diffs], Thu Oct 21 22:59:07 2021 UTC (2 years, 7 months ago) by tobhe
Branch: MAIN
Changes since 1.76: +3 -3 lines
Diff to previous 1.76 (colored)
Remove code to run crypto operations in a task queue. The code was not reachable because all callers had set the CRYPTO_F_NOQUEUE flag. ok patrick@ mvs@ bluhm@
Revision 1.76 / (download) - annotate - [select for diffs], Wed Oct 13 22:43:44 2021 UTC (2 years, 7 months ago) by bluhm
Branch: MAIN
Changes since 1.75: +6 -6 lines
Diff to previous 1.75 (colored)
The function crypto_dispatch() never returns an error. Make it void and remove error handling in the callers. OK patrick@ mvs@
Revision 1.75 / (download) - annotate - [select for diffs], Wed Oct 13 14:36:31 2021 UTC (2 years, 7 months ago) by bluhm
Branch: MAIN
Changes since 1.74: +2 -3 lines
Diff to previous 1.74 (colored)
The function ipip_output() was registered as .xf_output() xform function. But was is never called via this pointer. It would have immediatley crashed as mp is always NULL when called via .xf_output(). Do not set .xf_output to ipip_output. This allows to pass only the parameters which are actually needed and the control flow is clearer. OK mpi@
Revision 1.74 / (download) - annotate - [select for diffs], Tue Jul 27 17:13:03 2021 UTC (2 years, 10 months ago) by mvs
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.73: +2 -2 lines
Diff to previous 1.73 (colored)
Revert "Use per-CPU counters for tunnel descriptor block" diff. Panic reported by Hrvoje Popovski.
Revision 1.73 / (download) - annotate - [select for diffs], Mon Jul 26 23:17:06 2021 UTC (2 years, 10 months ago) by mvs
Branch: MAIN
Changes since 1.72: +2 -2 lines
Diff to previous 1.72 (colored)
Use per-CPU counters for tunnel descriptor block (tdb) statistics. 'tdb_data' struct became unused and was removed. ok bluhm@
Revision 1.72 / (download) - annotate - [select for diffs], Mon Jul 26 21:27:57 2021 UTC (2 years, 10 months ago) by bluhm
Branch: MAIN
Changes since 1.71: +3 -7 lines
Diff to previous 1.71 (colored)
Do not queue crypto operations for IPsec. The packet entries in task queues were unlimited and could overflow during havy traffic. Even if we still use hardware drivers that sleep, softnet task instead of soft interrupt can handle this now. Without queues net lock is inherited and kernel lock is only needed once per packet. This results in less lock contention and faster IPsec. Also protect tdb drop counters with net lock and avoid a leak in crypto dispatch error handling. intense testing Hrvoje Popovski; OK mpi@
Revision 1.71 / (download) - annotate - [select for diffs], Thu Jul 8 21:07:19 2021 UTC (2 years, 10 months ago) by bluhm
Branch: MAIN
Changes since 1.70: +2 -2 lines
Diff to previous 1.70 (colored)
The xformsw array never changes. Declare struct xformsw constant and map data read only. OK deraadt@ mvs@ mpi@
Revision 1.70 / (download) - annotate - [select for diffs], Thu Jul 8 15:13:14 2021 UTC (2 years, 10 months ago) by bluhm
Branch: MAIN
Changes since 1.69: +34 -30 lines
Diff to previous 1.69 (colored)
Debug printfs in encdebug were inconsistent, some missing newlines produced ugly output. Move the function name and the newline into the DPRINTF macro. This simplifies the debug statements. OK tobhe@
Revision 1.69 / (download) - annotate - [select for diffs], Thu Jul 8 09:22:30 2021 UTC (2 years, 10 months ago) by bluhm
Branch: MAIN
Changes since 1.68: +4 -4 lines
Diff to previous 1.68 (colored)
The properties of the crypto algorithms never change. Declare them constant. Then they are mapped as read only. OK deraadt@ dlg@
Revision 1.68 / (download) - annotate - [select for diffs], Fri Jun 18 15:34:21 2021 UTC (2 years, 11 months ago) by bluhm
Branch: MAIN
Changes since 1.67: +20 -8 lines
Diff to previous 1.67 (colored)
The crypto(9) framework used by IPsec runs on a kernel task that is protected by kernel lock. There were crashes in swcr_authenc() when it was accessing swcr_sessions. As a quick fix, protect all calls from network stack to crypto with kernel lock. This also covers the rekeying case that is called from pfkey via tdb_init(). OK mvs@
Revision 1.67 / (download) - annotate - [select for diffs], Mon Sep 30 01:53:05 2019 UTC (4 years, 8 months ago) by dlg
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.66: +2 -2 lines
Diff to previous 1.66 (colored)
remove the "copy function" argument to bpf_mtap_hdr. it was previously (ab)used by pflog, which has since been fixed. apart from that nothing else used it, so we can trim the cruft. ok kn@ claudio@ visa@ visa@ also made sure i fixed ipw(4) so i386 won't break.
Revision 1.66 / (download) - annotate - [select for diffs], Thu Sep 13 12:29:43 2018 UTC (5 years, 8 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.65: +2 -2 lines
Diff to previous 1.65 (colored)
Include the size of IPCOMP header when checking for compression. Problem found and anaylyzed by Romain Gabet, ok markus@
Revision 1.65 / (download) - annotate - [select for diffs], Tue Aug 28 15:15:02 2018 UTC (5 years, 9 months ago) by mpi
Branch: MAIN
Changes since 1.64: +6 -3 lines
Diff to previous 1.64 (colored)
Add per-TDB counters and a new SADB extension to export them to userland. Inputs from markus@, ok sthen@
Revision 1.64 / (download) - annotate - [select for diffs], Mon Jul 16 07:49:31 2018 UTC (5 years, 10 months ago) by mpi
Branch: MAIN
Changes since 1.63: +4 -4 lines
Diff to previous 1.63 (colored)
Fix for uninitialized variables. Found by and ok jsg@, ok markus@
Revision 1.63 / (download) - annotate - [select for diffs], Thu Jul 12 15:51:50 2018 UTC (5 years, 10 months ago) by mpi
Branch: MAIN
Changes since 1.62: +16 -58 lines
Diff to previous 1.62 (colored)
Introduce ipsec_output_cb() to merge duplicate code and account for dropped packets in the output path. While here fix a memory leak when compression is not needed w/ IPcomp. ok markus@
Revision 1.62 / (download) - annotate - [select for diffs], Wed Jul 11 09:07:59 2018 UTC (5 years, 10 months ago) by mpi
Branch: MAIN
Changes since 1.61: +11 -57 lines
Diff to previous 1.61 (colored)
Convert AH & IPcomp to ipsec_input_cb() and count drops on input. ok markus@
Revision 1.61 / (download) - annotate - [select for diffs], Sat May 12 09:38:33 2018 UTC (6 years ago) by bluhm
Branch: MAIN
Changes since 1.60: +41 -44 lines
Diff to previous 1.60 (colored)
Cleanup IPsec IPComp error handling with consistent goto drop. from markus@; OK mpi@
Revision 1.59.2.1 / (download) - annotate - [select for diffs], Thu May 3 16:40:27 2018 UTC (6 years, 1 month ago) by bluhm
Branch: OPENBSD_6_3
Changes since 1.59: +20 -7 lines
Diff to previous 1.59 (colored) next main 1.60 (colored)
Do not assume that mbufs within a chain do not have M_PKTHDR set. This could happen during fragment reassembly. Better check if we are dealing with the first mbuf of the chain. m_adj() changes the length of the mbuf, obviously. So when using this length to calulate the amount of adjustment, do not calculate it again after m_adj() with wrong input. Use a temporary variable to save the value. found by Maxime Villard; from NetBSD; OK markus@ claudio@ OpenBSD 6.3 errata 006
Revision 1.57.4.1 / (download) - annotate - [select for diffs], Thu May 3 16:38:57 2018 UTC (6 years, 1 month ago) by bluhm
Branch: OPENBSD_6_2
Changes since 1.57: +20 -7 lines
Diff to previous 1.57 (colored) next main 1.58 (colored)
Do not assume that mbufs within a chain do not have M_PKTHDR set. This could happen during fragment reassembly. Better check if we are dealing with the first mbuf of the chain. m_adj() changes the length of the mbuf, obviously. So when using this length to calulate the amount of adjustment, do not calculate it again after m_adj() with wrong input. Use a temporary variable to save the value. found by Maxime Villard; from NetBSD; OK markus@ claudio@ OpenBSD 6.2 errata 013
Revision 1.60 / (download) - annotate - [select for diffs], Wed May 2 21:28:01 2018 UTC (6 years, 1 month ago) by bluhm
Branch: MAIN
Changes since 1.59: +20 -7 lines
Diff to previous 1.59 (colored)
Do not assume that mbufs within a chain do not have M_PKTHDR set. This could happen during fragment reassembly. Better check if we are dealing with the first mbuf of the chain. m_adj() changes the length of the mbuf, obviously. So when using this length to calulate the amount of adjustment, do not calculate it again after m_adj() with wrong input. Use a temporary variable to save the value. from Maxime Villard, NetBSD; OK markus@ claudio@
Revision 1.59 / (download) - annotate - [select for diffs], Wed Nov 8 16:29:20 2017 UTC (6 years, 6 months ago) by visa
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE
Branch point for: OPENBSD_6_3
Changes since 1.58: +23 -25 lines
Diff to previous 1.58 (colored)
Make {ah,esp,ipcomp}stat use percpu counters.
OK bluhm@, mpi@
Revision 1.58 / (download) - annotate - [select for diffs], Mon Nov 6 15:12:43 2017 UTC (6 years, 6 months ago) by mpi
Branch: MAIN
Changes since 1.57: +26 -28 lines
Diff to previous 1.57 (colored)
Use %s and __func__ in DPRINTF() to reduce false positive with grep(1). ok kettenis@, dhill@, visa@, jca@
Revision 1.57 / (download) - annotate - [select for diffs], Fri Aug 11 21:24:20 2017 UTC (6 years, 9 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE
Branch point for: OPENBSD_6_2
Changes since 1.56: +12 -12 lines
Diff to previous 1.56 (colored)
Remove NET_LOCK()'s argument. Tested by Hrvoje Popovski, ok bluhm@
Revision 1.56 / (download) - annotate - [select for diffs], Wed Apr 5 22:27:03 2017 UTC (7 years, 1 month ago) by dhill
Branch: MAIN
Changes since 1.55: +5 -5 lines
Diff to previous 1.55 (colored)
Replace 2 bcopy()'s with a simple assignment as both variables are properly aligned malloc(9)d data and sockaddr_union fields. While here, convert the remaining bcopy() to memmove(). with and ok @bluhm
Revision 1.55 / (download) - annotate - [select for diffs], Fri Feb 17 14:49:03 2017 UTC (7 years, 3 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.54: +2 -1 lines
Diff to previous 1.54 (colored)
Using ipcomp(4) with IPv6 transport mode failed with protocol family not supported. A break in the af switch statement was missing since revision 1.1 from 2001. OK visa@ deraadt@
Revision 1.54 / (download) - annotate - [select for diffs], Thu Feb 9 00:43:58 2017 UTC (7 years, 3 months ago) by bluhm
Branch: MAIN
Changes since 1.53: +2 -1 lines
Diff to previous 1.53 (colored)
Put back a return that I have removed by accident.
Revision 1.53 / (download) - annotate - [select for diffs], Tue Feb 7 18:18:16 2017 UTC (7 years, 3 months ago) by bluhm
Branch: MAIN
Changes since 1.52: +5 -5 lines
Diff to previous 1.52 (colored)
IPsec packets could be dropped unaccounted if output after crypto failed. Add a counter for that case. OK dhill@
Revision 1.52 / (download) - annotate - [select for diffs], Tue Feb 7 17:25:46 2017 UTC (7 years, 3 months ago) by patrick
Branch: MAIN
Changes since 1.51: +3 -3 lines
Diff to previous 1.51 (colored)
Reduce the per-packet allocation costs for crypto operations (cryptop) by pre-allocating two cryptodesc objects and storing them in an array instead of a linked list. If more than two cryptodesc objects are required use mallocarray to fetch them. Adapt the drivers to the new API. This change results in one pool-get per ESP packet instead of three. It also simplifies softraid crypto where more cryptodesc objects are allocated than used. From, with and ok markus@, ok bluhm@ "looks sane" mpi@
Revision 1.51 / (download) - annotate - [select for diffs], Tue Feb 7 15:10:48 2017 UTC (7 years, 3 months ago) by bluhm
Branch: MAIN
Changes since 1.50: +20 -30 lines
Diff to previous 1.50 (colored)
The return code of crp_callback is never checked, so it is not useful to propagate the error. When an error occurs in an asynchronous network path, incrementing a counter is the right thing. There are four places where an error is not accounted, just add a comment for now. OK mpi@ visa@
Revision 1.50 / (download) - annotate - [select for diffs], Mon Jan 9 17:56:37 2017 UTC (7 years, 4 months ago) by visa
Branch: MAIN
Changes since 1.49: +5 -5 lines
Diff to previous 1.49 (colored)
Grab the NET_LOCK() in ipcomp input callback. OK mikeb@ mpi@
Revision 1.49 / (download) - annotate - [select for diffs], Sat Dec 24 11:17:35 2016 UTC (7 years, 5 months ago) by mpi
Branch: MAIN
Changes since 1.48: +6 -6 lines
Diff to previous 1.48 (colored)
Grab the NET_LOCK() before calling ipsp_process_done() as it ends up in ip_output(). Found the hardway by and ok kettenis@
Revision 1.48 / (download) - annotate - [select for diffs], Sat Sep 24 14:51:37 2016 UTC (7 years, 8 months ago) by naddy
Branch: MAIN
Changes since 1.47: +6 -18 lines
Diff to previous 1.47 (colored)
ANSIfy netinet/; from David Hill
Revision 1.47 / (download) - annotate - [select for diffs], Tue Sep 13 19:56:55 2016 UTC (7 years, 8 months ago) by markus
Branch: MAIN
Changes since 1.46: +4 -4 lines
Diff to previous 1.46 (colored)
avoid extensive mbuf allocation for IPsec by replacing m_inject(4) with m_makespace(4) from freebsd; ok mpi@, bluhm@, mikeb@, dlg@
Revision 1.46 / (download) - annotate - [select for diffs], Thu Aug 18 06:01:10 2016 UTC (7 years, 9 months ago) by dlg
Branch: MAIN
Changes since 1.45: +7 -14 lines
Diff to previous 1.45 (colored)
fix panics caused by replacing m_copym2 with m_dup_pkt. m_copym2 is fine duplicating an arbitrary chain of mbufs, while m_dup_pkt wants to dup a packet with proper headers in the first mbuf. ipsec copied the tail of an mbuf if any of the clusters are shared or readonly, and swapped that tail with the result of m_copym2. m_dup_pkt panics cos of that. this makes ipsec duplicate the whole packet if any of the chain is readonly. found by naddy@ and mlarkin@ this fix is from visa@ who told me to commit it cos he's afk (sleeping) tested by naddy@
Revision 1.45 / (download) - annotate - [select for diffs], Mon Aug 15 11:35:25 2016 UTC (7 years, 9 months ago) by dlg
Branch: MAIN
Changes since 1.44: +2 -2 lines
Diff to previous 1.44 (colored)
replace the last uses of m_copym2 with m_dup_pkt. ok mpi@ visa@
Revision 1.44 / (download) - annotate - [select for diffs], Wed Jul 15 22:16:42 2015 UTC (8 years, 10 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9,
OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.43: +3 -5 lines
Diff to previous 1.43 (colored)
m_freem() can handle NULL, do not check for this condition beforehands. ok stsp mpi
Revision 1.43 / (download) - annotate - [select for diffs], Mon Jun 15 13:26:48 2015 UTC (8 years, 11 months ago) by mikeb
Branch: MAIN
Changes since 1.42: +11 -17 lines
Diff to previous 1.42 (colored)
Use proper argument type for crp_callback functions; no functional change.
Revision 1.42 / (download) - annotate - [select for diffs], Fri Apr 17 11:04:01 2015 UTC (9 years, 1 month ago) by mikeb
Branch: MAIN
Changes since 1.41: +2 -4 lines
Diff to previous 1.41 (colored)
Stubs and support code for NIC-enabled IPsec bite the dust. No objection from reyk@, OK markus, hshoexer
Revision 1.41 / (download) - annotate - [select for diffs], Tue Apr 14 14:20:01 2015 UTC (9 years, 1 month ago) by mikeb
Branch: MAIN
Changes since 1.40: +27 -13 lines
Diff to previous 1.40 (colored)
make ipsp_address thread safe; ok mpi
Revision 1.40 / (download) - annotate - [select for diffs], Sat Mar 14 03:38:52 2015 UTC (9 years, 2 months ago) by jsg
Branch: MAIN
Changes since 1.39: +1 -3 lines
Diff to previous 1.39 (colored)
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels. ok tedu@ deraadt@
Revision 1.39 / (download) - annotate - [select for diffs], Fri Dec 19 17:14:40 2014 UTC (9 years, 5 months ago) by tedu
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.38: +1 -12 lines
Diff to previous 1.38 (colored)
unifdef INET in net code as a precursor to removing the pretend option. long live the one true internet. ok henning mikeb
Revision 1.38 / (download) - annotate - [select for diffs], Fri Dec 5 15:50:04 2014 UTC (9 years, 5 months ago) by mpi
Branch: MAIN
Changes since 1.37: +2 -1 lines
Diff to previous 1.37 (colored)
Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>. ok mikeb@, krw@, bluhm@, tedu@
Revision 1.37 / (download) - annotate - [select for diffs], Tue Nov 18 02:37:31 2014 UTC (9 years, 6 months ago) by tedu
Branch: MAIN
Changes since 1.36: +1 -3 lines
Diff to previous 1.36 (colored)
move arc4random prototype to systm.h. more appropriate for most code to include that than rdnvar.h. ok deraadt dlg
Revision 1.36 / (download) - annotate - [select for diffs], Tue Jul 22 11:06:10 2014 UTC (9 years, 10 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.35: +1 -2 lines
Diff to previous 1.35 (colored)
Fewer <netinet/in_systm.h> !
Revision 1.35 / (download) - annotate - [select for diffs], Sat Jul 12 18:44:23 2014 UTC (9 years, 10 months ago) by tedu
Branch: MAIN
Changes since 1.34: +10 -10 lines
Diff to previous 1.34 (colored)
add a size argument to free. will be used soon, but for now default to 0. after discussions with beck deraadt kettenis.
Revision 1.34 / (download) - annotate - [select for diffs], Wed Jul 9 09:30:49 2014 UTC (9 years, 10 months ago) by henning
Branch: MAIN
Changes since 1.33: +1 -1 lines
Diff to previous 1.33 (colored)
bpf code surgery / shuffling / simplification. the various bpf_mtap_* are very similiar, they differ in what (and to some extent how) they prepend something, and what copy function they pass to bpf_catchpacket. use an internal _bpf_mtap as "backend" for bpf_mtap and friends. extend bpf_mtap_hdr so that it covers all common cases: if dlen is 0, nothing gets prepended. copy function can be given, if NULL the default bpf_mcopy is used. adjust the existing bpf_mtap_hdr users to pass a NULL ptr for the copy fn. re-implement bpf_mtap_af as simple wrapper for bpf_mtap_hdr. re-implement bpf_mtap_ether using bpf_map_hdr re-implement bpf_mtap_pflog as trivial bpf_mtap_hdr wrapper ok bluhm benno
Revision 1.33 / (download) - annotate - [select for diffs], Thu Jan 9 06:29:06 2014 UTC (10 years, 4 months ago) by tedu
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.32: +4 -4 lines
Diff to previous 1.32 (colored)
bzero/bcmp -> memset/memcmp. ok matthew
Revision 1.32 / (download) - annotate - [select for diffs], Tue May 14 14:29:08 2013 UTC (11 years ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.31: +2 -1 lines
Diff to previous 1.31 (colored)
Fix build with ENCDEBUG defined.
Revision 1.31 / (download) - annotate - [select for diffs], Thu Apr 11 12:06:25 2013 UTC (11 years, 1 month ago) by mpi
Branch: MAIN
Changes since 1.30: +4 -1 lines
Diff to previous 1.30 (colored)
Remove the extern keyword from function declarations, document sysctl declarations, move variables and functions used in only one place in their corresponding file. No functional change. No objection from markus@, ok mikeb@
Revision 1.30 / (download) - annotate - [select for diffs], Thu Feb 14 16:22:34 2013 UTC (11 years, 3 months ago) by mikeb
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3
Changes since 1.29: +1 -2 lines
Diff to previous 1.29 (colored)
Merge of an original work by markus@ and gerhard@ to increase the anti-replay window size to 2100 entries; plus small ESN related improvements. ok markus
Revision 1.29 / (download) - annotate - [select for diffs], Thu Sep 20 10:25:03 2012 UTC (11 years, 8 months ago) by blambert
Branch: MAIN
Changes since 1.28: +3 -3 lines
Diff to previous 1.28 (colored)
spltdb() was really just #define'd to be splsoftnet(); replace the former with the latter no change in md5 checksum of generated files ok claudio@ henning@
Revision 1.28 / (download) - annotate - [select for diffs], Thu Jul 7 02:57:25 2011 UTC (12 years, 11 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_5_2_BASE,
OPENBSD_5_2,
OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0
Changes since 1.27: +3 -2 lines
Diff to previous 1.27 (colored)
Replace the cruddy old sys/net/zlib.[ch]. We now use the sys/lib/libz code. Missing chunks of the API are imported from the libc version, with a few #ifdef's to port it into the kernel environment. The bootblocks already used the newer code, and should encounter no surprises since there are so few changes to the existing files. In the kernel, ipcomp and kernel ppp are changed to the new API. ipcomp has been tested. ok tedu the brave
Revision 1.27 / (download) - annotate - [select for diffs], Fri Jul 9 16:58:06 2010 UTC (13 years, 10 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_4_9_BASE,
OPENBSD_4_9,
OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.26: +5 -3 lines
Diff to previous 1.26 (colored)
Add support for using IPsec in multiple rdomains. This allows to run isakmpd/iked/ipsecctl in multiple rdomains independently (with "route exec"); the kernel will pickup the rdomain from the process context of the pfkey socket and load the flows and SAs into the matching rdomain encap routing table. The network stack also needs to pass the rdomain to the ipsec stack to lookup the correct rdomain that belongs to an interface/mbuf/... You can now run individual IPsec configs per rdomain or create IPsec VPNs between multiple rdomains on the same machine ;). Note that a primary enc(4) in addition to enc0 interface is required per rdomain, eg. enc1 rdomain 1. Test by some people, mostly on existing "rdomain 0" setups. Was in snaps for some days and people didn't complain. ok claudio@ naddy@
Revision 1.26 / (download) - annotate - [select for diffs], Fri Jul 2 02:40:16 2010 UTC (13 years, 11 months ago) by blambert
Branch: MAIN
Changes since 1.25: +2 -2 lines
Diff to previous 1.25 (colored)
m_copyback can fail to allocate memory, but is a void fucntion so gymnastics are required to detect that. Change the function to take a wait argument (used in nfs server, but M_NOWAIT everywhere else for now) and to return an error ok claudio@ henning@ krw@
Revision 1.25 / (download) - annotate - [select for diffs], Thu Jul 1 02:09:45 2010 UTC (13 years, 11 months ago) by reyk
Branch: MAIN
Changes since 1.24: +2 -2 lines
Diff to previous 1.24 (colored)
Allow to specify an alternative enc(4) interface for an SA. All traffic for this SA will appear on the specified enc interface instead of enc0 and can be filtered and monitored separately. This will allow to group individual ipsec policies to virtual interfaces and simplifies monitoring and pf filtering with many ipsec policies a lot. This diff includes the following changes: - Store the enc interface unit (default 0) in the TDB of an SA and pass it to the enc_getif() lookup when running the bpf or pf_test() handlers. - Add the pfkey SADB_X_EXT_TAP extension to communicate the encX interface unit for a specified SA between userland and kernel. - Update enc(4) again to use an allocate array instead of the TAILQ to lookup the matching enc interface in enc_getif() quickly. Discussed with many, tested by a few, will need more testing & review. ok deraadt@
Revision 1.24 / (download) - annotate - [select for diffs], Tue Jun 29 21:28:37 2010 UTC (13 years, 11 months ago) by reyk
Branch: MAIN
Changes since 1.23: +14 -9 lines
Diff to previous 1.23 (colored)
Replace enc(4) with a new implementation as a cloner device. We still create enc0 by default, but it is possible to add additional enc interfaces. This will be used later to allow alternative encs per policy or to have an enc per rdomain when IPsec becomes rdomain-aware. manpage bits ok jmc@ input from henning@ deraadt@ toby@ naddy@ ok henning@ claudio@
Revision 1.23 / (download) - annotate - [select for diffs], Mon Sep 15 21:46:01 2008 UTC (15 years, 8 months ago) by chl
Branch: MAIN
CVS Tags: OPENBSD_4_7_BASE,
OPENBSD_4_7,
OPENBSD_4_6_BASE,
OPENBSD_4_6,
OPENBSD_4_5_BASE,
OPENBSD_4_5
Changes since 1.22: +1 -5 lines
Diff to previous 1.22 (colored)
remove dead stores and newly created unused variables. Found by LLVM/Clang Static Analyzer. ok mpf@ looks good mk@ ok henning@
Revision 1.22 / (download) - annotate - [select for diffs], Sat Oct 6 02:18:38 2007 UTC (16 years, 8 months ago) by krw
Branch: MAIN
CVS Tags: OPENBSD_4_4_BASE,
OPENBSD_4_4,
OPENBSD_4_3_BASE,
OPENBSD_4_3
Changes since 1.21: +10 -10 lines
Diff to previous 1.21 (colored)
Oops. Forgot to do FREE -> free when I did MALLOC -> malloc.
Revision 1.21 / (download) - annotate - [select for diffs], Wed Oct 3 10:52:11 2007 UTC (16 years, 8 months ago) by krw
Branch: MAIN
Changes since 1.20: +3 -7 lines
Diff to previous 1.20 (colored)
MALLOC+bzero -> malloc+M_ZERO. In ip_esp.c all allocated memory is now zero'd in the "malloc(sizeof(*tc) + alen ..." case. The +alen memory was not initialized by the bzero() call. Noticed by chl@. "Looks good" art@ "seems ok" chl@
Revision 1.20 / (download) - annotate - [select for diffs], Sat Mar 25 22:41:48 2006 UTC (18 years, 2 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_4_2_BASE,
OPENBSD_4_2,
OPENBSD_4_1_BASE,
OPENBSD_4_1,
OPENBSD_4_0_BASE,
OPENBSD_4_0
Changes since 1.19: +3 -2 lines
Diff to previous 1.19 (colored)
allow bpf(4) to ignore packets based on their direction (inbound or outbound), using a new BIOCSDIRFILT ioctl; guidance, feedback and ok canacar@
Revision 1.19 / (download) - annotate - [select for diffs], Tue Dec 20 13:36:28 2005 UTC (18 years, 5 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE,
OPENBSD_3_9
Changes since 1.18: +4 -5 lines
Diff to previous 1.18 (colored)
use M_READONLY when trying to find out whether we have to copy the mbuf before encryption. otherwise mbufs with M_EXT but w/o M_CLUSTER get modified; ok hshoexer
Revision 1.18 / (download) - annotate - [select for diffs], Sun Jul 31 03:52:19 2005 UTC (18 years, 10 months ago) by pascoe
Branch: MAIN
CVS Tags: OPENBSD_3_8_BASE,
OPENBSD_3_8
Changes since 1.17: +5 -13 lines
Diff to previous 1.17 (colored)
Introduce bpf_mtap_af and bpf_mtap_hdr to be used when passing a mbuf chain to bpf with either an address family or other header added. These helpers only allocate a much smaller struct m_hdr on the stack when needed, rather than leaving 256 byte struct mbufs on the stack in deep call paths. Also removes a fair bit of duplicated code. commit now, tune after deraadt@
Revision 1.17 / (download) - annotate - [select for diffs], Thu Nov 25 21:54:54 2004 UTC (19 years, 6 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_7_BASE,
OPENBSD_3_7
Changes since 1.16: +1 -2 lines
Diff to previous 1.16 (colored)
resolve conflict between M_TUNNEL and M_ANYCAST6, remove M_COMP (it's only set and never read), update documentation; ok fgsch, deraadt, millert
Revision 1.16 / (download) - annotate - [select for diffs], Sat Jun 26 17:34:16 2004 UTC (19 years, 11 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_3_6_BASE,
OPENBSD_3_6
Changes since 1.15: +35 -77 lines
Diff to previous 1.15 (colored)
only add ipcomp headers if we've actually compressed the payload; with jfb@ ok hshoexer, jfb
Revision 1.1.4.4 / (download) - annotate - [select for diffs], Thu Feb 19 10:57:24 2004 UTC (20 years, 3 months ago) by niklas
Branch: SMP
Changes since 1.1.4.3: +3 -3 lines
Diff to previous 1.1.4.3 (colored) to branchpoint 1.1 (colored) next main 1.2 (colored)
Merge of current from two weeks agointo the SMP branch
Revision 1.15 / (download) - annotate - [select for diffs], Thu Aug 14 19:00:12 2003 UTC (20 years, 9 months ago) by jason
Branch: MAIN
CVS Tags: SMP_SYNC_B,
SMP_SYNC_A,
OPENBSD_3_5_BASE,
OPENBSD_3_5,
OPENBSD_3_4_BASE,
OPENBSD_3_4
Changes since 1.14: +3 -3 lines
Diff to previous 1.14 (colored)
m_copyback()'s 4th arg is const void *, nuke (caddr_t) casts.
Revision 1.1.6.2 / (download) - annotate - [select for diffs], Mon May 19 22:40:40 2003 UTC (21 years ago) by tedu
Branch: UBC
Changes since 1.1.6.1: +53 -38 lines
Diff to previous 1.1.6.1 (colored) to branchpoint 1.1 (colored) next main 1.2 (colored)
sync
Revision 1.1.4.3 / (download) - annotate - [select for diffs], Tue May 13 19:36:17 2003 UTC (21 years ago) by ho
Branch: SMP
Changes since 1.1.4.2: +48 -36 lines
Diff to previous 1.1.4.2 (colored) to branchpoint 1.1 (colored)
Sync the SMP branch to -current. This includes moving to ELF.
Revision 1.14 / (download) - annotate - [select for diffs], Wed Apr 2 20:09:26 2003 UTC (21 years, 2 months ago) by millert
Branch: MAIN
CVS Tags: UBC_SYNC_A
Changes since 1.13: +34 -28 lines
Diff to previous 1.13 (colored)
o sanity check mbuf earlier. o return errno, not NULL. o add some missing error values o proper crypto_freereq() in ip_ipcomp.c From Patrick Latifi; OK angelos@
Revision 1.13 / (download) - annotate - [select for diffs], Mon Mar 31 20:52:06 2003 UTC (21 years, 2 months ago) by millert
Branch: MAIN
Changes since 1.12: +16 -12 lines
Diff to previous 1.12 (colored)
Avoid using FREEd data when we get a crypto error; Patrick Latifi Also move the session ID reset into the crp_etype == EAGAIN case (noticed by angelos@). OK jason@ and angelos@
Revision 1.12 / (download) - annotate - [select for diffs], Mon Mar 31 17:16:56 2003 UTC (21 years, 2 months ago) by millert
Branch: MAIN
Changes since 1.11: +3 -1 lines
Diff to previous 1.11 (colored)
Add missing splx; Patrick Latifi jason@ OK
Revision 1.1.4.2 / (download) - annotate - [select for diffs], Fri Mar 28 00:06:54 2003 UTC (21 years, 2 months ago) by niklas
Branch: SMP
Changes since 1.1.4.1: +56 -63 lines
Diff to previous 1.1.4.1 (colored) to branchpoint 1.1 (colored)
Sync the SMP branch with 3.3
Revision 1.11 / (download) - annotate - [select for diffs], Tue Feb 18 18:47:40 2003 UTC (21 years, 3 months ago) by jason
Branch: MAIN
CVS Tags: OPENBSD_3_3_BASE,
OPENBSD_3_3
Changes since 1.10: +4 -3 lines
Diff to previous 1.10 (colored)
missed in lzs addition: allow LZS as an comp type
Revision 1.10 / (download) - annotate - [select for diffs], Wed Feb 12 14:41:07 2003 UTC (21 years, 3 months ago) by jason
Branch: MAIN
Changes since 1.9: +3 -1 lines
Diff to previous 1.9 (colored)
Remove commons; inspired by netbsd.
Revision 1.1.6.1 / (download) - annotate - [select for diffs], Tue Oct 29 00:36:47 2002 UTC (21 years, 7 months ago) by art
Branch: UBC
Changes since 1.1: +52 -62 lines
Diff to previous 1.1 (colored)
sync to -current
Revision 1.9 / (download) - annotate - [select for diffs], Thu Sep 12 10:11:39 2002 UTC (21 years, 8 months ago) by ho
Branch: MAIN
CVS Tags: UBC_SYNC_B,
OPENBSD_3_2_BASE,
OPENBSD_3_2
Changes since 1.8: +4 -5 lines
Diff to previous 1.8 (colored)
Fix max packet size check. Noticed by <j@pureftpd.org>. jjbg@ ok.
Revision 1.8 / (download) - annotate - [select for diffs], Fri Jul 5 23:20:53 2002 UTC (21 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.7: +6 -3 lines
Diff to previous 1.7 (colored)
Free crp_opaque only after we've determined we're not going to re-submit it. From sam@errno.com
Revision 1.7 / (download) - annotate - [select for diffs], Thu Jun 20 03:49:02 2002 UTC (21 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.6: +11 -11 lines
Diff to previous 1.6 (colored)
minor indent cleanup while reading code
Revision 1.6 / (download) - annotate - [select for diffs], Tue Jun 18 23:06:57 2002 UTC (21 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.5: +13 -26 lines
Diff to previous 1.5 (colored)
Style.
Revision 1.5 / (download) - annotate - [select for diffs], Tue Jun 18 22:48:16 2002 UTC (21 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.4: +2 -1 lines
Diff to previous 1.4 (colored)
Initialize mo to NULL, for good measure -- sam@errno.com
Revision 1.4 / (download) - annotate - [select for diffs], Tue Jun 18 22:26:12 2002 UTC (21 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.3: +4 -4 lines
Diff to previous 1.3 (colored)
Missing freeing of crp, from sam@errno.com
Revision 1.3 / (download) - annotate - [select for diffs], Tue Jun 18 19:28:05 2002 UTC (21 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.2: +12 -12 lines
Diff to previous 1.2 (colored)
Fix double-free.
Revision 1.2 / (download) - annotate - [select for diffs], Sun Jun 9 16:26:10 2002 UTC (21 years, 11 months ago) by itojun
Branch: MAIN
Changes since 1.1: +11 -11 lines
Diff to previous 1.1 (colored)
whitespace
Revision 1.1.4.1 / (download) - annotate - [select for diffs], Wed Oct 31 03:29:03 2001 UTC (22 years, 7 months ago) by nate
Branch: SMP
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored)
Sync the SMP branch to something just after 3.0
Revision 1.1 / (download) - annotate - [select for diffs], Thu Jul 5 12:08:52 2001 UTC (22 years, 11 months ago) by jjbg
Branch: MAIN
CVS Tags: UBC_BASE,
OPENBSD_3_1_BASE,
OPENBSD_3_1,
OPENBSD_3_0_BASE,
OPENBSD_3_0
Branch point for: UBC,
SMP
IPComp. Just like for deflate earlier, it won't be compiled until everything is in the tree