Up to [local] / src / sys / netinet
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.120 / (download) - annotate - [select for diffs], Wed Apr 17 20:48:51 2024 UTC (7 weeks, 5 days ago) by bluhm
Branch: MAIN
CVS Tags: HEAD
Changes since 1.119: +18 -18 lines
Diff to previous 1.119 (colored)
Use struct ipsec_level within inpcb. Instead of passing around u_char[4], introduce struct ipsec_level that contains 4 ipsec levels. This provides better type safety. The embedding struct inpcb is globally visible for netstat(1), so put struct ipsec_level outside of #ifdef _KERNEL. OK deraadt@ mvs@
Revision 1.119 / (download) - annotate - [select for diffs], Sun Nov 26 22:08:10 2023 UTC (6 months, 2 weeks ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5
Changes since 1.118: +29 -30 lines
Diff to previous 1.118 (colored)
Remove inp parameter from ip_output(). ip_output() received inp as parameter. This is only used to lookup the IPsec level of the socket. Reasoning about MP locking is much easier if only relevant data is passed around. Convert ip_output() to receive constant inp_seclevel as argument and mark it as protected by net lock. OK mvs@
Revision 1.118 / (download) - annotate - [select for diffs], Sat Apr 22 20:51:56 2023 UTC (13 months, 2 weeks ago) by mvs
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4
Changes since 1.117: +3 -3 lines
Diff to previous 1.117 (colored)
Call pfkeyv2_sysctl_policydumper() with shared netlock. It performs read-olny access to netlock protected data, so the radix tree will not be modified during spd_table_walk() run. Also change netlock assertion within spd_table_add() and ipsec_delete_policy() to exclusive. These are correlating functions which modifies radix tree, so make us sure spd_table_walk() run with shared netlock is safe. Feedback and ok by bluhm@
Revision 1.117 / (download) - annotate - [select for diffs], Fri Jun 17 13:40:21 2022 UTC (23 months, 3 weeks ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.116: +5 -2 lines
Diff to previous 1.116 (colored)
The timeout for ipsec acquire does not decrement the reference counter to 0 properly. We have one reference count for the lists, and one for the timeout handler. When the timout fires, it has to decrement the reference to itself. Then the ipa is removed from the lists and decremented again. from Stefan Butz; OK tobhe@ mvs@
Revision 1.116 / (download) - annotate - [select for diffs], Wed May 4 15:29:58 2022 UTC (2 years, 1 month ago) by bluhm
Branch: MAIN
Changes since 1.115: +23 -20 lines
Diff to previous 1.115 (colored)
In ipsp_spd_lookup() rename the parameter tdbp to tdbin as it is always the incoming TDB that has to be checked. from markus@
Revision 1.115 / (download) - annotate - [select for diffs], Sun Mar 13 21:38:32 2022 UTC (2 years, 2 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.114: +64 -26 lines
Diff to previous 1.114 (colored)
Hrvoje has hit a crash with IPsec acquire while testing the parallel IP forwarding diff. Add mutex and refcount to make memory management of struct ipsec_acquire MP safe. testing Hrvoje Popovski; input sashan@; OK mvs@
Revision 1.114 / (download) - annotate - [select for diffs], Tue Mar 8 22:30:38 2022 UTC (2 years, 3 months ago) by bluhm
Branch: MAIN
Changes since 1.113: +3 -4 lines
Diff to previous 1.113 (colored)
In IPsec policy replace integer refcount with atomic refcount. OK tobhe@ mvs@
Revision 1.113 / (download) - annotate - [select for diffs], Sun Mar 6 15:24:50 2022 UTC (2 years, 3 months ago) by bluhm
Branch: MAIN
Changes since 1.112: +5 -7 lines
Diff to previous 1.112 (colored)
Usually we check ipsec_in_use as shortcut to avoid IPsec lookups, but that does not work when coming from tcp_output() as inp != NULL. This seems to be done to block packets from sockets with options in inp_seclevel. But instead of doing the route lookup, go directly to ipsp_spd_inp() where the socket policy checks are done. Calling rtable_l2() before the shortcut also costs a bit, do it when needed. OK tobhe@
Revision 1.112 / (download) - annotate - [select for diffs], Tue Feb 22 01:15:02 2022 UTC (2 years, 3 months ago) by guenther
Branch: MAIN
Changes since 1.111: +1 -3 lines
Diff to previous 1.111 (colored)
Delete unnecessary #includes of <sys/domain.h> and/or <sys/protosw.h> net/if_pppx.c pointed out by jsg@ ok gnezdo@ deraadt@ jsg@ mpi@ millert@
Revision 1.111 / (download) - annotate - [select for diffs], Tue Jan 4 06:32:39 2022 UTC (2 years, 5 months ago) by yasuoka
Branch: MAIN
Changes since 1.110: +6 -7 lines
Diff to previous 1.110 (colored)
Add `ipsec_flows_mtx' mutex(9) to protect `ipsp_ids_*' list and trees. ipsp_ids_lookup() returns `ids' with bumped reference counter. original diff from mvs ok mvs
Revision 1.110 / (download) - annotate - [select for diffs], Thu Dec 16 15:38:03 2021 UTC (2 years, 5 months ago) by bluhm
Branch: MAIN
Changes since 1.109: +21 -1 lines
Diff to previous 1.109 (colored)
Fix a tiny race in tdb_delete() between TDBF_DELETED, tdb_unlink() and tdb_cleanspd(). gettdb...() can return a TDB before tdb_unlink(). Then ipsp_spd_lookup() could add it to tdb_policy_head after tdb_cleanspd(). There it would stay until it hits the kassert in tdb_free(). OK tobhe@
Revision 1.109 / (download) - annotate - [select for diffs], Tue Dec 14 17:50:37 2021 UTC (2 years, 5 months ago) by bluhm
Branch: MAIN
Changes since 1.108: +61 -12 lines
Diff to previous 1.108 (colored)
To cache lookups, the policy ipo is linked to its SA tdb. There is also a list of SAs that belong to a policy. To make it MP safe, protect these pointers with a mutex. tested by Hrvoje Popovski; OK mvs@
Revision 1.108 / (download) - annotate - [select for diffs], Fri Dec 3 17:18:34 2021 UTC (2 years, 6 months ago) by bluhm
Branch: MAIN
Changes since 1.107: +4 -3 lines
Diff to previous 1.107 (colored)
Add TDB reference counting to ipsp_spd_lookup(). If an output pointer is passed to the function, it will return a refcounted TDB. The ref happens when ipsp_spd_inp() copies the pointer from ipo->ipo_tdb. The caller of ipsp_spd_lookup() has to unref after using it. tested by Hrvoje Popovski; OK mvs@ tobhe@
Revision 1.107 / (download) - annotate - [select for diffs], Wed Dec 1 12:51:09 2021 UTC (2 years, 6 months ago) by bluhm
Branch: MAIN
Changes since 1.106: +65 -86 lines
Diff to previous 1.106 (colored)
Let ipsp_spd_lookup() return an error instead of a TDB. The TDB is not always needed, but the error value is necessary for the caller. As TDB should be refcounted, it makes not sense to always return it. Pass an output pointer for the TDB which can be NULL. OK mvs@ tobhe@
Revision 1.106 / (download) - annotate - [select for diffs], Tue Nov 30 13:17:43 2021 UTC (2 years, 6 months ago) by bluhm
Branch: MAIN
Changes since 1.105: +14 -21 lines
Diff to previous 1.105 (colored)
Remove unused parameter from ipsp_spd_inp(). OK mvs@ yasuoka@
Revision 1.105 / (download) - annotate - [select for diffs], Thu Nov 25 13:46:02 2021 UTC (2 years, 6 months ago) by bluhm
Branch: MAIN
Changes since 1.104: +34 -23 lines
Diff to previous 1.104 (colored)
Implement reference counting for IPsec tdbs. Not all cases are covered yet, more ref counts to come. The timeouts are protected, so the racy tdb_reaper() gets retired. The tdb_policy_head, onext and inext lists are protected. All gettdb...() functions return a tdb that is ref counted and has to be unrefed later. A flag ensures that tdb_delete() is called only once. Tested by Hrvoje Popovski; OK sthen@ mvs@ tobhe@
Revision 1.104 / (download) - annotate - [select for diffs], Thu Jul 8 16:39:55 2021 UTC (2 years, 11 months ago) by mvs
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.103: +1 -8 lines
Diff to previous 1.103 (colored)
Initialize `ipsec_acquire_pool' pool (9) within pfkey_init() instead of doing that in runtime within ipsp_acquire_sa(). ok bluhm@
Revision 1.103 / (download) - annotate - [select for diffs], Tue May 4 09:28:04 2021 UTC (3 years, 1 month ago) by mvs
Branch: MAIN
Changes since 1.102: +1 -2 lines
Diff to previous 1.102 (colored)
Initialize `ipsec_policy_pool' within pfkey_init() instead of doing that in runtime within pfkeyv2_send(). Also set it's interrupt protection level to IPL_SOFTNET. ok bluhm@ mpi@
Revision 1.102 / (download) - annotate - [select for diffs], Wed Jun 24 22:03:43 2020 UTC (3 years, 11 months ago) by cheloha
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.101: +3 -3 lines
Diff to previous 1.101 (colored)
kernel: use gettime(9)/getuptime(9) in lieu of time_second(9)/time_uptime(9) time_second(9) and time_uptime(9) are widely used in the kernel to quickly get the system UTC or system uptime as a time_t. However, time_t is 64-bit everywhere, so it is not generally safe to use them on 32-bit platforms: you have a split-read problem if your hardware cannot perform atomic 64-bit reads. This patch replaces time_second(9) with gettime(9), a safer successor interface, throughout the kernel. Similarly, time_uptime(9) is replaced with getuptime(9). There is a performance cost on 32-bit platforms in exchange for eliminating the split-read problem: instead of two register reads you now have a lockless read loop to pull the values from the timehands. This is really not *too* bad in the grand scheme of things, but compared to what we were doing before it is several times slower. There is no performance cost on 64-bit (__LP64__) platforms. With input from visa@, dlg@, and tedu@. Several bugs squashed by visa@. ok kettenis@
Revision 1.101 / (download) - annotate - [select for diffs], Tue Dec 10 17:58:54 2019 UTC (4 years, 6 months ago) by tobhe
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.100: +19 -1 lines
Diff to previous 1.100 (colored)
Make bundled IPcomp/ESP policies work with IPSEC_LEVEL_REQUIRE. We only install flows for IPcomp. When processing an incoming ESP SA, look for a bundled IPcomp SA and use that in the policy check. ok bluhm@
Revision 1.100 / (download) - annotate - [select for diffs], Mon Jul 8 17:49:57 2019 UTC (4 years, 11 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.99: +3 -2 lines
Diff to previous 1.99 (colored)
free(9) sizes for M_RTABLE. ok kn@
Revision 1.99 / (download) - annotate - [select for diffs], Mon Oct 22 15:32:19 2018 UTC (5 years, 7 months ago) by cheloha
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.98: +3 -3 lines
Diff to previous 1.98 (colored)
ipsec: use monotonic clock for SA creation/lookup timestamps; ok dlg@
Revision 1.98 / (download) - annotate - [select for diffs], Mon Jun 25 11:11:41 2018 UTC (5 years, 11 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.97: +3 -1 lines
Diff to previous 1.97 (colored)
Assert that the NET_LOCK() is held when iterating over `ipsec_acquire_head'. ok visa@ as part of a larger bigger diff
Revision 1.97 / (download) - annotate - [select for diffs], Wed May 16 13:19:00 2018 UTC (6 years ago) by reyk
Branch: MAIN
Changes since 1.96: +3 -1 lines
Diff to previous 1.96 (colored)
Fix kernel builds without IPSEC. OK mikeb@
Revision 1.96 / (download) - annotate - [select for diffs], Mon Nov 20 10:56:52 2017 UTC (6 years, 6 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.95: +9 -4 lines
Diff to previous 1.95 (colored)
Flush flows using the radix-tree instead of a global list. This will allows us to get rid of the list. ok visa@
Revision 1.95 / (download) - annotate - [select for diffs], Tue Nov 7 11:02:07 2017 UTC (6 years, 7 months ago) by mpi
Branch: MAIN
Changes since 1.94: +1 -7 lines
Diff to previous 1.94 (colored)
Remove unused debug macro.
Revision 1.94 / (download) - annotate - [select for diffs], Fri Oct 27 08:27:14 2017 UTC (6 years, 7 months ago) by mpi
Branch: MAIN
Changes since 1.93: +15 -1 lines
Diff to previous 1.93 (colored)
Dump IPsec flows by iterating over the rafdix-tree. This enforces an order and will allow us to get rid of the global list. ok millert@, visa@, markus@
Revision 1.93 / (download) - annotate - [select for diffs], Mon Oct 16 08:22:25 2017 UTC (6 years, 7 months ago) by mpi
Branch: MAIN
Changes since 1.92: +32 -6 lines
Diff to previous 1.92 (colored)
Last changes before running IPsec w/o KERNEL_LOCK(). Put more NET_ASSERT_LOCK() and document which globals it protects. Add a mutex for pfkeyv2 globals. Convert ipsp_delete_acquire() to timeout_set_proc(). Tested by Hrvoje Popovski, ok bluhm@ visa@
Revision 1.92 / (download) - annotate - [select for diffs], Thu Apr 6 14:25:18 2017 UTC (7 years, 2 months ago) by dhill
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.91: +3 -3 lines
Diff to previous 1.91 (colored)
Replace bcopy with a simple assignment where both variables are properly aligned and sockaddr_union fields, or with memcpy when the memory doesn't overlap. OK bluhm@
Revision 1.91 / (download) - annotate - [select for diffs], Tue Sep 27 12:32:26 2016 UTC (7 years, 8 months ago) by fcambus
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.90: +1 -5 lines
Diff to previous 1.90 (colored)
Remove empty #ifdef and #ifndef blocks OK natano@
Revision 1.90 / (download) - annotate - [select for diffs], Thu Sep 15 02:00:18 2016 UTC (7 years, 8 months ago) by dlg
Branch: MAIN
Changes since 1.89: +2 -3 lines
Diff to previous 1.89 (colored)
all pools have their ipl set via pool_setipl, so fold it into pool_init. the ioff argument to pool_init() is unused and has been for many years, so this replaces it with an ipl argument. because the ipl will be set on init we no longer need pool_setipl. most of these changes have been done with coccinelle using the spatch below. cocci sucks at formatting code though, so i fixed that by hand. the manpage and subr_pool.c bits i did myself. ok tedu@ jmatthew@ @ipl@ expression pp; expression ipl; expression s, a, o, f, m, p; @@ -pool_init(pp, s, a, o, f, m, p); -pool_setipl(pp, ipl); +pool_init(pp, s, a, ipl, f, m, p);
Revision 1.89 / (download) - annotate - [select for diffs], Tue Sep 6 00:04:15 2016 UTC (7 years, 9 months ago) by dlg
Branch: MAIN
Changes since 1.88: +2 -1 lines
Diff to previous 1.88 (colored)
pool_setipl for various netinet and netinet6 bits thank you to everyone who helped reviewed these diffs ok mpi@
Revision 1.88 / (download) - annotate - [select for diffs], Wed Oct 7 10:50:35 2015 UTC (8 years, 8 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.87: +3 -3 lines
Diff to previous 1.87 (colored)
Initialize the routing table before domains. The routing table is not an optional component of the network stack and initializing it inside the "routing domain" requires some ugly introspection in the domain interface. This put the rtable* layer at the same level of the if* level. These two subsystem are organized around the two global data structure used in the network stack: - the global &ifnet list, to be used in process context only, and - the routing table which can be read in interrupt context. This change makes the rtable_* layer domain-aware and extends the "struct domain" such that INET, INET6 and MPLS can specify the length of the binary key used in lookups. This allows us to keep, or move towards, AF-free route and rtable layers. While here stop the madness and pass the size of the maximum key length in *byte* to rn_inithead0(). ok claudio@, mikeb@
Revision 1.87 / (download) - annotate - [select for diffs], Thu Sep 10 17:52:05 2015 UTC (8 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.86: +3 -3 lines
Diff to previous 1.86 (colored)
It is time to put inet6 on a diet. Use the flensing knife and cut out the 3rd argument of in6_recoverscope() and make it return void. OK dlg@ mikeb@
Revision 1.86 / (download) - annotate - [select for diffs], Fri Jul 17 18:31:08 2015 UTC (8 years, 10 months ago) by blambert
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.85: +61 -30 lines
Diff to previous 1.85 (colored)
manage spd entries by using the radix api directly instead of reaching around through the routing table original diff by myself, much improved by mikeb@ and mpi@ ok and testing mikeb@ mpi@
Revision 1.85 / (download) - annotate - [select for diffs], Sat May 23 12:38:53 2015 UTC (9 years ago) by markus
Branch: MAIN
Changes since 1.84: +14 -39 lines
Diff to previous 1.84 (colored)
introduce ipsec-id bundles and use them for ipsecflowinfo, fixes rekeying for l2tp/ipsec against multiple windows clients and saves memory (for many SAs to same peers); feedback and ok mikeb@
Revision 1.84 / (download) - annotate - [select for diffs], Thu Apr 30 20:12:33 2015 UTC (9 years, 1 month ago) by millert
Branch: MAIN
Changes since 1.83: +7 -11 lines
Diff to previous 1.83 (colored)
Merge two identical if() statements in ipsp_acquire_sa(). The change in ip_spd.c 1.59 makes it appear that there is a cut & pasto. OK mikeb@
Revision 1.83 / (download) - annotate - [select for diffs], Thu Apr 16 19:24:13 2015 UTC (9 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.82: +20 -371 lines
Diff to previous 1.82 (colored)
remove unfinished/unused support for socket-attached ipsec-policies ok mikeb
Revision 1.82 / (download) - annotate - [select for diffs], Tue Apr 14 12:22:15 2015 UTC (9 years, 2 months ago) by mikeb
Branch: MAIN
Changes since 1.81: +14 -27 lines
Diff to previous 1.81 (colored)
Remove support for storing credentials and auth information in the kernel. This code is largely unfinished and is not used for anything. The change leaves identities as only objects referenced by ipsec_ref structure and their handling requires some changes to support more advanced matching of IPsec connections. No objections from reyk and hshoexer, with and OK markus.
Revision 1.81 / (download) - annotate - [select for diffs], Mon Apr 13 16:50:43 2015 UTC (9 years, 2 months ago) by mikeb
Branch: MAIN
Changes since 1.80: +13 -12 lines
Diff to previous 1.80 (colored)
Perform IPsec bypass check on a socket before performing TDB lookups. OK markus, hshoexer
Revision 1.80 / (download) - annotate - [select for diffs], Mon Apr 13 16:48:01 2015 UTC (9 years, 2 months ago) by mikeb
Branch: MAIN
Changes since 1.79: +4 -4 lines
Diff to previous 1.79 (colored)
Rename gettdbbyaddr to gettdbbydst; OK markus, hshoexer, mpi
Revision 1.79 / (download) - annotate - [select for diffs], Mon Apr 13 16:45:52 2015 UTC (9 years, 2 months ago) by mikeb
Branch: MAIN
Changes since 1.78: +7 -8 lines
Diff to previous 1.78 (colored)
Remove unused arguments from gettdb* functions; OK markus, hshoexer, mpi
Revision 1.78 / (download) - annotate - [select for diffs], Sat Mar 14 03:38:52 2015 UTC (9 years, 3 months ago) by jsg
Branch: MAIN
Changes since 1.77: +1 -2 lines
Diff to previous 1.77 (colored)
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels. ok tedu@ deraadt@
Revision 1.77 / (download) - annotate - [select for diffs], Fri Dec 19 17:14:40 2014 UTC (9 years, 5 months ago) by tedu
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.76: +1 -16 lines
Diff to previous 1.76 (colored)
unifdef INET in net code as a precursor to removing the pretend option. long live the one true internet. ok henning mikeb
Revision 1.76 / (download) - annotate - [select for diffs], Tue Nov 25 13:10:03 2014 UTC (9 years, 6 months ago) by mpi
Branch: MAIN
Changes since 1.75: +12 -16 lines
Diff to previous 1.75 (colored)
The proliferation of "struct route" in all its flavors didn't make any good to our network stack. The most visible effect is the maze of #ifdef's and casts. But the real problem is the very fragile way of checking if a (cached) route entry is still valid or not. What should we do if the route jumped to another ifaddr or if its gateway has been changed? This change start the dance of "struct route" & friends removal by sending the completly useless "struct route_enc" to the bucket. Tweak & ok claudio@
Revision 1.75 / (download) - annotate - [select for diffs], Sat Nov 1 21:40:39 2014 UTC (9 years, 7 months ago) by mpi
Branch: MAIN
Changes since 1.74: +3 -3 lines
Diff to previous 1.74 (colored)
Rename rtalloc1() into rtalloc(9) and convert its flags to only enable functionnality instead of a mix of enable/disable. ok bluhm@, jca@
Revision 1.74 / (download) - annotate - [select for diffs], Tue Oct 14 09:52:26 2014 UTC (9 years, 7 months ago) by mpi
Branch: MAIN
Changes since 1.73: +3 -3 lines
Diff to previous 1.73 (colored)
Use rtfree() instead of RTFREE(), NULLify some free'd route pointers and kill the macro. ok mikeb@, henning@
Revision 1.73 / (download) - annotate - [select for diffs], Sat Sep 27 12:26:16 2014 UTC (9 years, 8 months ago) by mpi
Branch: MAIN
Changes since 1.72: +3 -2 lines
Diff to previous 1.72 (colored)
Kill rtalloc() and update rtalloc1() and rtalloc_mpath() to no longer rely on "struct route" that should die. ok claudio@
Revision 1.72 / (download) - annotate - [select for diffs], Tue Jul 22 11:06:10 2014 UTC (9 years, 10 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.71: +1 -2 lines
Diff to previous 1.71 (colored)
Fewer <netinet/in_systm.h> !
Revision 1.71 / (download) - annotate - [select for diffs], Mon Apr 14 09:06:42 2014 UTC (10 years, 2 months ago) by mpi
Branch: MAIN
Changes since 1.70: +2 -2 lines
Diff to previous 1.70 (colored)
"struct pkthdr" holds a routing table ID, not a routing domain one. Avoid the confusion by using an appropriate name for the variable. Note that since routing domain IDs are a subset of the set of routing table IDs, the following idiom is correct: rtableid = rdomain But to get the routing domain ID corresponding to a given routing table ID, you must call rtable_l2(9). claudio@ likes it, ok mikeb@
Revision 1.70 / (download) - annotate - [select for diffs], Thu Jan 9 06:29:06 2014 UTC (10 years, 5 months ago) by tedu
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.69: +26 -32 lines
Diff to previous 1.69 (colored)
bzero/bcmp -> memset/memcmp. ok matthew
Revision 1.69 / (download) - annotate - [select for diffs], Thu Oct 24 11:31:43 2013 UTC (10 years, 7 months ago) by mpi
Branch: MAIN
Changes since 1.68: +1 -2 lines
Diff to previous 1.68 (colored)
Remove the number of in6_var.h inclusions by moving some functions and global variables to in6.h. ok deraadt@
Revision 1.68 / (download) - annotate - [select for diffs], Wed Oct 23 15:12:42 2013 UTC (10 years, 7 months ago) by mpi
Branch: MAIN
Changes since 1.67: +1 -2 lines
Diff to previous 1.67 (colored)
Remove the number of in_var.h inclusions by moving some functions and global variables to in.h. ok mikeb@, deraadt@
Revision 1.67 / (download) - annotate - [select for diffs], Tue May 14 14:29:08 2013 UTC (11 years, 1 month ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.66: +2 -1 lines
Diff to previous 1.66 (colored)
Fix build with ENCDEBUG defined.
Revision 1.66 / (download) - annotate - [select for diffs], Thu Apr 11 12:06:25 2013 UTC (11 years, 2 months ago) by mpi
Branch: MAIN
Changes since 1.65: +8 -1 lines
Diff to previous 1.65 (colored)
Remove the extern keyword from function declarations, document sysctl declarations, move variables and functions used in only one place in their corresponding file. No functional change. No objection from markus@, ok mikeb@
Revision 1.65 / (download) - annotate - [select for diffs], Thu Mar 28 23:10:06 2013 UTC (11 years, 2 months ago) by tedu
Branch: MAIN
Changes since 1.64: +2 -1 lines
Diff to previous 1.64 (colored)
code that calls timeout functions should include timeout.h slipped by on i386, but the zaurus doesn't automagically pick it up. spotted by patrick
Revision 1.64 / (download) - annotate - [select for diffs], Mon Jul 16 18:05:36 2012 UTC (11 years, 10 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3,
OPENBSD_5_2_BASE,
OPENBSD_5_2
Changes since 1.63: +21 -5 lines
Diff to previous 1.63 (colored)
add IP_IPSECFLOWINFO option to sendmsg() and recvmsg(), so npppd(4) can use this to select the IPsec tunnel for sending L2TP packets. this fixes Windows (always binding to 1701) and Android clients (negotiating wildcard flows); feedback mpf@ and yasuoka@; ok henning@ and yasuoka@; ok jmc@ for the manpage
Revision 1.63 / (download) - annotate - [select for diffs], Tue Sep 28 01:44:57 2010 UTC (13 years, 8 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0,
OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.62: +2 -2 lines
Diff to previous 1.62 (colored)
missing PR_NOWAIT
Revision 1.62 / (download) - annotate - [select for diffs], Fri Jul 9 16:58:06 2010 UTC (13 years, 11 months ago) by reyk
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.61: +19 -7 lines
Diff to previous 1.61 (colored)
Add support for using IPsec in multiple rdomains. This allows to run isakmpd/iked/ipsecctl in multiple rdomains independently (with "route exec"); the kernel will pickup the rdomain from the process context of the pfkey socket and load the flows and SAs into the matching rdomain encap routing table. The network stack also needs to pass the rdomain to the ipsec stack to lookup the correct rdomain that belongs to an interface/mbuf/... You can now run individual IPsec configs per rdomain or create IPsec VPNs between multiple rdomains on the same machine ;). Note that a primary enc(4) in addition to enc0 interface is required per rdomain, eg. enc1 rdomain 1. Test by some people, mostly on existing "rdomain 0" setups. Was in snaps for some days and people didn't complain. ok claudio@ naddy@
Revision 1.61 / (download) - annotate - [select for diffs], Fri Jul 2 03:58:48 2010 UTC (13 years, 11 months ago) by david
Branch: MAIN
Changes since 1.60: +3 -3 lines
Diff to previous 1.60 (colored)
don't reference an item after it has been returned to the pool an 8 year old bug exposed by recent uvm changes ok thib@ tedu@ deraadt@
Revision 1.60 / (download) - annotate - [select for diffs], Fri Jan 15 18:20:23 2010 UTC (14 years, 4 months ago) by chl
Branch: MAIN
CVS Tags: OPENBSD_4_7_BASE,
OPENBSD_4_7
Changes since 1.59: +3 -6 lines
Diff to previous 1.59 (colored)
Replace pool_get() + bzero() with pool_get(..., PR_ZERO). With input from oga@ and krw@ ok oga@ krw@ thib@ markus@ mk@
Revision 1.59 / (download) - annotate - [select for diffs], Tue Jan 27 22:40:10 2009 UTC (15 years, 4 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_4_6_BASE,
OPENBSD_4_6,
OPENBSD_4_5_BASE,
OPENBSD_4_5
Changes since 1.58: +5 -13 lines
Diff to previous 1.58 (colored)
In IPsec acquire mode, if the flow was configured for the "any" network 0.0.0.0/0 or ::/0, the SA was established for the IP address in the packet instead of the network in the flow. That means the SA was not negotiated for the network 0.0.0.0 with mask 0 but for the remote IP with mask 255.255.255.255. This SA did not match the flow and did not work. To differentiate between general flows that are used to trigger specific host-to-host SAs and flows for matching network SAs, the if condition only uses the ipo->ipo_dst field now. For a flow without peer, an SA must be negotiated for each host-to-host combination. Otherwise, if a peer exists at the flow, the kernel acquires one SA for the whole network. tested by todd@, ok hshoexer@, angelos@, todd@
Revision 1.58 / (download) - annotate - [select for diffs], Wed Sep 10 14:01:23 2008 UTC (15 years, 9 months ago) by blambert
Branch: MAIN
Changes since 1.57: +2 -2 lines
Diff to previous 1.57 (colored)
Convert timeout_add() calls using multiples of hz to timeout_add_sec() Really just the low-hanging fruit of (hopefully) forthcoming timeout conversions. ok art@, krw@
Revision 1.57 / (download) - annotate - [select for diffs], Tue Jul 22 09:26:39 2008 UTC (15 years, 10 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_4_4_BASE,
OPENBSD_4_4
Changes since 1.56: +2 -2 lines
Diff to previous 1.56 (colored)
Assign the struct size to sin6_len instead of sin6_family. ok hshoexer claudio mpf henning
Revision 1.56 / (download) - annotate - [select for diffs], Wed Jun 11 18:20:54 2008 UTC (16 years ago) by blambert
Branch: MAIN
Changes since 1.55: +2 -2 lines
Diff to previous 1.55 (colored)
0 -> PR_NOWAIT (which is defined as 0) in pool_get as an aid to readability ok and thinko-catching henning@
Revision 1.55 / (download) - annotate - [select for diffs], Fri May 9 15:48:59 2008 UTC (16 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.54: +9 -6 lines
Diff to previous 1.54 (colored)
more rtrequest() to rtrequest1() replacement. OK henning@
Revision 1.54 / (download) - annotate - [select for diffs], Sat Sep 1 18:49:28 2007 UTC (16 years, 9 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_4_3_BASE,
OPENBSD_4_3
Changes since 1.53: +2 -1 lines
Diff to previous 1.53 (colored)
since the MGET* macros were changed to function calls, there wasn't any need for the pool declarations and the inclusion of pool.h From: tbert <bret.lambert@gmail.com>
Revision 1.53 / (download) - annotate - [select for diffs], Wed Feb 14 00:53:48 2007 UTC (17 years, 4 months ago) by jsg
Branch: MAIN
CVS Tags: OPENBSD_4_2_BASE,
OPENBSD_4_2,
OPENBSD_4_1_BASE,
OPENBSD_4_1
Changes since 1.52: +5 -5 lines
Diff to previous 1.52 (colored)
Consistently spell FALLTHROUGH to appease lint. ok kettenis@ cloder@ tom@ henning@
Revision 1.52 / (download) - annotate - [select for diffs], Fri Jun 16 16:49:40 2006 UTC (17 years, 11 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_4_0_BASE,
OPENBSD_4_0
Changes since 1.51: +2 -2 lines
Diff to previous 1.51 (colored)
adjust functions dealing with the routing table to take a table ID as parameter so they can work on alternate tables. table 0 hardcoded for many callers yet, that will be adapted step by step. input + ok claudio norby hshoexer
Revision 1.51 / (download) - annotate - [select for diffs], Thu Feb 17 18:07:36 2005 UTC (19 years, 3 months ago) by jfb
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE,
OPENBSD_3_9,
OPENBSD_3_8_BASE,
OPENBSD_3_8,
OPENBSD_3_7_BASE,
OPENBSD_3_7
Changes since 1.50: +2 -2 lines
Diff to previous 1.50 (colored)
miscellaneous typo fixes: - sturct -> struct (spotted by pedro) - elimination of consecutive 'the' words ok jmc@, henning@, krw@, robert@, some whining by jolan@
Revision 1.50 / (download) - annotate - [select for diffs], Mon Jun 21 23:50:37 2004 UTC (19 years, 11 months ago) by tholo
Branch: MAIN
CVS Tags: OPENBSD_3_6_BASE,
OPENBSD_3_6
Changes since 1.49: +5 -5 lines
Diff to previous 1.49 (colored)
First step towards more sane time handling in the kernel -- this changes things such that code that only need a second-resolution uptime or wall time, and used to get that from time.tv_secs or mono_time.tv_secs now get this from separate time_t globals time_second and time_uptime. ok art@ niklas@ nordin@
Revision 1.49 / (download) - annotate - [select for diffs], Mon Jun 21 20:44:54 2004 UTC (19 years, 11 months ago) by itojun
Branch: MAIN
Changes since 1.48: +3 -3 lines
Diff to previous 1.48 (colored)
make it possble to use IPsec over link-local address (policy table uses sin6_scope_id, IPsec porion uses embedded form). beck ok
Revision 1.19.2.6 / (download) - annotate - [select for diffs], Sat Jun 5 23:11:25 2004 UTC (20 years ago) by niklas
Branch: SMP
Changes since 1.19.2.5: +13 -16 lines
Diff to previous 1.19.2.5 (colored) next main 1.20 (colored)
Merge with the trunk
Revision 1.48 / (download) - annotate - [select for diffs], Wed Apr 14 20:10:04 2004 UTC (20 years, 2 months ago) by markus
Branch: MAIN
CVS Tags: SMP_SYNC_B,
SMP_SYNC_A
Changes since 1.47: +14 -17 lines
Diff to previous 1.47 (colored)
simpler ipsp_aux_match() API; ok henning, hshoexer
Revision 1.40.4.4 / (download) - annotate - [select for diffs], Mon May 19 22:40:41 2003 UTC (21 years ago) by tedu
Branch: UBC
Changes since 1.40.4.3: +9 -1 lines
Diff to previous 1.40.4.3 (colored) to branchpoint 1.40 (colored) next main 1.41 (colored)
sync
Revision 1.19.2.5 / (download) - annotate - [select for diffs], Fri Mar 28 00:06:54 2003 UTC (21 years, 2 months ago) by niklas
Branch: SMP
Changes since 1.19.2.4: +389 -62 lines
Diff to previous 1.19.2.4 (colored)
Sync the SMP branch with 3.3
Revision 1.46.2.1 / (download) - annotate - [select for diffs], Fri Mar 14 04:48:07 2003 UTC (21 years, 3 months ago) by margarida
Branch: OPENBSD_3_2
Changes since 1.46: +9 -1 lines
Diff to previous 1.46 (colored) next main 1.47 (colored)
Pull patch from current: Fix by dhartmei@ Check for undersized IP header, found by jbm@. ok deraadt@ millert@
Revision 1.47 / (download) - annotate - [select for diffs], Tue Nov 12 13:38:41 2002 UTC (21 years, 7 months ago) by dhartmei
Branch: MAIN
CVS Tags: UBC_SYNC_A,
OPENBSD_3_5_BASE,
OPENBSD_3_5,
OPENBSD_3_4_BASE,
OPENBSD_3_4,
OPENBSD_3_3_BASE,
OPENBSD_3_3
Changes since 1.46: +9 -1 lines
Diff to previous 1.46 (colored)
Check for undersized IP header, found by jbm@, ok angelos@
Revision 1.40.4.3 / (download) - annotate - [select for diffs], Tue Oct 29 00:36:47 2002 UTC (21 years, 7 months ago) by art
Branch: UBC
Changes since 1.40.4.2: +2 -2 lines
Diff to previous 1.40.4.2 (colored) to branchpoint 1.40 (colored)
sync to -current
Revision 1.40.4.2 / (download) - annotate - [select for diffs], Tue Jun 11 03:31:37 2002 UTC (22 years ago) by art
Branch: UBC
Changes since 1.40.4.1: +382 -63 lines
Diff to previous 1.40.4.1 (colored) to branchpoint 1.40 (colored)
Sync UBC branch to -current
Revision 1.46 / (download) - annotate - [select for diffs], Sun Jun 9 16:26:10 2002 UTC (22 years ago) by itojun
Branch: MAIN
CVS Tags: UBC_SYNC_B,
OPENBSD_3_2_BASE
Branch point for: OPENBSD_3_2
Changes since 1.45: +2 -2 lines
Diff to previous 1.45 (colored)
whitespace
Revision 1.45 / (download) - annotate - [select for diffs], Fri May 31 02:42:22 2002 UTC (22 years ago) by angelos
Branch: MAIN
Changes since 1.44: +381 -62 lines
Diff to previous 1.44 (colored)
Per-socket policies and authentication. Finally.
Revision 1.19.2.4 / (download) - annotate - [select for diffs], Wed Mar 6 02:15:07 2002 UTC (22 years, 3 months ago) by niklas
Branch: SMP
Changes since 1.19.2.3: +5 -6 lines
Diff to previous 1.19.2.3 (colored)
Merge in trunk
Revision 1.44 / (download) - annotate - [select for diffs], Mon Feb 18 04:46:29 2002 UTC (22 years, 3 months ago) by angelos
Branch: MAIN
CVS Tags: OPENBSD_3_1_BASE,
OPENBSD_3_1
Changes since 1.43: +2 -2 lines
Diff to previous 1.43 (colored)
Search the correct ACQUIRE list --- shifflett@nps.navy.mil
Revision 1.40.4.1 / (download) - annotate - [select for diffs], Thu Jan 31 22:55:45 2002 UTC (22 years, 4 months ago) by niklas
Branch: UBC
Changes since 1.40: +4 -5 lines
Diff to previous 1.40 (colored)
Merge in -current, builds on i386, otherwise untested
Revision 1.43 / (download) - annotate - [select for diffs], Wed Jan 23 01:33:07 2002 UTC (22 years, 4 months ago) by art
Branch: MAIN
Changes since 1.42: +3 -3 lines
Diff to previous 1.42 (colored)
It looks like there has been one crack smoking and a few cut and pastes. PR_FREEHEADER should not be set in pool_init by the caller. It shouldn't be set in pool_init at all. Besides, it's going away soon anyway.
Revision 1.42 / (download) - annotate - [select for diffs], Wed Jan 23 00:39:48 2002 UTC (22 years, 4 months ago) by art
Branch: MAIN
Changes since 1.41: +3 -5 lines
Diff to previous 1.41 (colored)
Pool deals fairly well with physical memory shortage, but it doesn't deal well (not at all) with shortages of the vm_map where the pages are mapped (usually kmem_map). Try to deal with it: - group all information the backend allocator for a pool in a separate struct. The pool will only have a pointer to that struct. - change the pool_init API to reflect that. - link all pools allocating from the same allocator on a linked list. - Since an allocator is responsible to wait for physical memory it will only fail (waitok) when it runs out of its backing vm_map, carefully drain pools using the same allocator so that va space is freed. (see comments in code for caveats and details). - change pool_reclaim to return if it actually succeeded to free some memory, use that information to make draining easier and more efficient. - get rid of PR_URGENT, noone uses it.
Revision 1.41 / (download) - annotate - [select for diffs], Wed Jan 2 20:35:40 2002 UTC (22 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.40: +2 -1 lines
Diff to previous 1.40 (colored)
at least ; required after label or case; openbsd@davidkrause.com
Revision 1.19.2.3 / (download) - annotate - [select for diffs], Wed Oct 31 03:29:03 2001 UTC (22 years, 7 months ago) by nate
Branch: SMP
Changes since 1.19.2.2: +17 -20 lines
Diff to previous 1.19.2.2 (colored)
Sync the SMP branch to something just after 3.0
Revision 1.40 / (download) - annotate - [select for diffs], Mon Sep 24 16:22:08 2001 UTC (22 years, 8 months ago) by angelos
Branch: MAIN
CVS Tags: UBC_BASE,
OPENBSD_3_0_BASE,
OPENBSD_3_0
Branch point for: UBC
Changes since 1.39: +2 -1 lines
Diff to previous 1.39 (colored)
Reset the error return value if the cached TDB matches the policy. Pointed out by jdmcbride@iol.ie
Revision 1.39 / (download) - annotate - [select for diffs], Tue Aug 21 06:48:55 2001 UTC (22 years, 9 months ago) by angelos
Branch: MAIN
Changes since 1.38: +4 -5 lines
Diff to previous 1.38 (colored)
When the outgoing socket has BYPASS set, don't bother calling the PCB-checking routine.
Revision 1.38 / (download) - annotate - [select for diffs], Wed Aug 15 09:50:12 2001 UTC (22 years, 10 months ago) by niklas
Branch: MAIN
Changes since 1.37: +2 -2 lines
Diff to previous 1.37 (colored)
bcmp done wrong, detected at bakeoff. Hint: always use relational operators when using *cmp APIs in conditional expressions.
Revision 1.37 / (download) - annotate - [select for diffs], Mon Aug 6 18:46:16 2001 UTC (22 years, 10 months ago) by angelos
Branch: MAIN
Changes since 1.36: +12 -15 lines
Diff to previous 1.36 (colored)
Don't drop packets if we're using an ACQUIRE policy and some error occurs while notifying key mgmt; also, always check for new TDBs for policies where the destination gateway is left unspecified (end-to-end IPsec case), to avoid asking for new SAs from key mgmt.
Revision 1.19.2.2 / (download) - annotate - [select for diffs], Wed Jul 4 10:54:58 2001 UTC (22 years, 11 months ago) by niklas
Branch: SMP
Changes since 1.19.2.1: +631 -935 lines
Diff to previous 1.19.2.1 (colored)
Merge in -current from two days ago in the SMP branch. As usual with merges, they do not indicate progress, so do not hold your breath for working SMP, and do not mail me and ask about the state of it. It has not changed. There is work ongoing, but very, very slowly. The commit is done in parts as to not lock up the tree in too big chunks at a time.
Revision 1.36 / (download) - annotate - [select for diffs], Wed Jun 27 05:35:51 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.35: +3 -5 lines
Diff to previous 1.35 (colored)
Use TAILQ_FOREACH() instead of hand-crafted for loops.
Revision 1.35 / (download) - annotate - [select for diffs], Wed Jun 27 04:44:03 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.34: +4 -4 lines
Diff to previous 1.34 (colored)
When determining whether there's a pending acquire wrt a policy, look at the acquires associated with the policy only.
Revision 1.34 / (download) - annotate - [select for diffs], Wed Jun 27 04:41:32 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.33: +15 -3 lines
Diff to previous 1.33 (colored)
Attach IPsec acquire state to policy entries, and relevant cleanups.
Revision 1.33 / (download) - annotate - [select for diffs], Wed Jun 27 01:34:07 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.32: +18 -91 lines
Diff to previous 1.32 (colored)
Don't cache packets that hit policies -- we'll do that at the PCB for local packets.
Revision 1.32 / (download) - annotate - [select for diffs], Tue Jun 26 23:30:59 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.31: +45 -73 lines
Diff to previous 1.31 (colored)
Use the ACQUIRE sequence number to "wake up" acquire state kept and cause retransmission of outgoing packets. Also, only store outgoing packets -- just drop incoming packets that cause an SA acquisition. Some comment fixup.
Revision 1.31 / (download) - annotate - [select for diffs], Tue Jun 26 19:57:49 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.30: +3 -1 lines
Diff to previous 1.30 (colored)
ifdef out some currently unused code
Revision 1.30 / (download) - annotate - [select for diffs], Tue Jun 26 19:49:29 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.29: +69 -75 lines
Diff to previous 1.29 (colored)
Rewrite ipsp_clear_acquire() to be more readable, after all the KNF'ing
Revision 1.29 / (download) - annotate - [select for diffs], Tue Jun 26 19:01:27 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.28: +19 -12 lines
Diff to previous 1.28 (colored)
Use pool(9) for IPsec acquires too.
Revision 1.28 / (download) - annotate - [select for diffs], Tue Jun 26 18:56:30 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.27: +15 -6 lines
Diff to previous 1.27 (colored)
Use pool(9) for IPsec policy structures.
Revision 1.27 / (download) - annotate - [select for diffs], Tue Jun 26 18:34:40 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.26: +12 -8 lines
Diff to previous 1.26 (colored)
Keep the PFKEY sequence number at the TDB, plus a little bit of KNF
Revision 1.26 / (download) - annotate - [select for diffs], Tue Jun 26 03:52:42 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.25: +695 -703 lines
Diff to previous 1.25 (colored)
KNF
Revision 1.25 / (download) - annotate - [select for diffs], Mon Jun 25 05:11:59 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.24: +3 -4 lines
Diff to previous 1.24 (colored)
Copyright.
Revision 1.24 / (download) - annotate - [select for diffs], Sun Jun 24 21:50:51 2001 UTC (22 years, 11 months ago) by mickey
Branch: MAIN
Changes since 1.23: +8 -36 lines
Diff to previous 1.23 (colored)
use new timeouts for spd expirations; ho@ ok
Revision 1.23 / (download) - annotate - [select for diffs], Fri Jun 8 03:13:14 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.22: +2 -8 lines
Diff to previous 1.22 (colored)
Trim include files.
Revision 1.22 / (download) - annotate - [select for diffs], Thu Jun 7 16:19:47 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.21: +138 -335 lines
Diff to previous 1.21 (colored)
Simplify SPD logic (and correct some input cases).
Revision 1.21 / (download) - annotate - [select for diffs], Wed May 30 12:22:15 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.20: +3 -3 lines
Diff to previous 1.20 (colored)
Match prototype.
Revision 1.20 / (download) - annotate - [select for diffs], Wed May 30 10:59:03 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.19: +6 -4 lines
Diff to previous 1.19 (colored)
Correctly free information attached to the policy.
Revision 1.19.2.1 / (download) - annotate - [select for diffs], Mon May 14 22:40:13 2001 UTC (23 years, 1 month ago) by niklas
Branch: SMP
Changes since 1.19: +23 -32 lines
Diff to previous 1.19 (colored)
merge in approximately 2.9 into SMP branch
Revision 1.19 / (download) - annotate - [select for diffs], Sat May 5 00:31:20 2001 UTC (23 years, 1 month ago) by angelos
Branch: MAIN
Branch point for: SMP
Changes since 1.18: +30 -23 lines
Diff to previous 1.18 (colored)
Check that SAs also match on the credentials and the IDs. This means that flows with different source/destination ID requirements will cause different SAs to be established by IKE (or whatever other protocol). Also, use the new data types for allocated memory.
Revision 1.18 / (download) - annotate - [select for diffs], Mon Apr 23 10:00:09 2001 UTC (23 years, 1 month ago) by art
Branch: MAIN
CVS Tags: OPENBSD_2_9_BASE,
OPENBSD_2_9
Changes since 1.17: +3 -1 lines
Diff to previous 1.17 (colored)
Missing splx in error handling.
Revision 1.17 / (download) - annotate - [select for diffs], Sat Apr 14 00:30:59 2001 UTC (23 years, 2 months ago) by angelos
Branch: MAIN
Changes since 1.16: +3 -3 lines
Diff to previous 1.16 (colored)
Minor changes, preparing for real socket-attached TDBs; also, more information will be stored in the TDB. ok ho@ provos@
Revision 1.16 / (download) - annotate - [select for diffs], Tue Apr 10 21:52:38 2001 UTC (23 years, 2 months ago) by provos
Branch: MAIN
Changes since 1.15: +9 -5 lines
Diff to previous 1.15 (colored)
allow host-to-host negotiations if no gateway has been specified. from angelos@
Revision 1.15 / (download) - annotate - [select for diffs], Fri Apr 6 04:42:08 2001 UTC (23 years, 2 months ago) by csapuntz
Branch: MAIN
Changes since 1.14: +1 -5 lines
Diff to previous 1.14 (colored)
Move offsetof define into sys/param.h
Revision 1.14 / (download) - annotate - [select for diffs], Wed Mar 28 20:03:06 2001 UTC (23 years, 2 months ago) by angelos
Branch: MAIN
Changes since 1.13: +7 -3 lines
Diff to previous 1.13 (colored)
Allow tdbi's to appear in mbufs throughout the stack; this allows security properties of the packets to be pushed up to the application (not done yet). Eventually, this will be turned into a packet attributes framework. Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS) does weird things with mbufs.
Revision 1.13 / (download) - annotate - [select for diffs], Thu Mar 15 22:43:03 2001 UTC (23 years, 3 months ago) by bjc
Branch: MAIN
Changes since 1.12: +3 -1 lines
Diff to previous 1.12 (colored)
include <machine/cpu.h>, since schednetisr needs to do a splsoftnet
Revision 1.12 / (download) - annotate - [select for diffs], Wed Feb 28 08:24:53 2001 UTC (23 years, 3 months ago) by angelos
Branch: MAIN
Changes since 1.11: +7 -2 lines
Diff to previous 1.11 (colored)
Pretty.
Revision 1.11 / (download) - annotate - [select for diffs], Wed Feb 28 05:27:37 2001 UTC (23 years, 3 months ago) by angelos
Branch: MAIN
Changes since 1.10: +11 -10 lines
Diff to previous 1.10 (colored)
Handle failures more gracefully.
Revision 1.10 / (download) - annotate - [select for diffs], Wed Feb 28 04:16:57 2001 UTC (23 years, 3 months ago) by angelos
Branch: MAIN
Changes since 1.9: +167 -86 lines
Diff to previous 1.9 (colored)
Keep the last packet sent or received that matched an SPD entry, and retransmit if we eventually have an SA setup for that policy.
Revision 1.6.2.2 / (download) - annotate - [select for diffs], Thu Dec 14 18:53:45 2000 UTC (23 years, 6 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.6.2.1: +9 -3 lines
Diff to previous 1.6.2.1 (colored) to branchpoint 1.6 (colored) next main 1.7 (colored)
Pull in patch from current: Fix (angelos): Compile in non-INET6 kernels.
Revision 1.9 / (download) - annotate - [select for diffs], Thu Dec 14 18:33:32 2000 UTC (23 years, 6 months ago) by angelos
Branch: MAIN
Changes since 1.8: +9 -3 lines
Diff to previous 1.8 (colored)
Compile in non-INET6 kernels.
Revision 1.6.2.1 / (download) - annotate - [select for diffs], Thu Dec 14 05:37:46 2000 UTC (23 years, 6 months ago) by jason
Branch: OPENBSD_2_8
Changes since 1.6: +32 -5 lines
Diff to previous 1.6 (colored)
Pull in patch from current: Fix (angelos): Always look for a suitable TDB if the gateway is left unspecified.
Revision 1.8 / (download) - annotate - [select for diffs], Thu Dec 14 05:13:10 2000 UTC (23 years, 6 months ago) by angelos
Branch: MAIN
Changes since 1.7: +32 -5 lines
Diff to previous 1.7 (colored)
Always look for a suitable TDB if the gateway is left unspecified.
Revision 1.7 / (download) - annotate - [select for diffs], Fri Nov 17 04:16:19 2000 UTC (23 years, 6 months ago) by angelos
Branch: MAIN
Changes since 1.6: +52 -30 lines
Diff to previous 1.6 (colored)
All-1s addresses as policy destinations is also reserved for future use (policy discovery).
Revision 1.6 / (download) - annotate - [select for diffs], Wed Oct 18 20:35:21 2000 UTC (23 years, 7 months ago) by chris
Branch: MAIN
CVS Tags: OPENBSD_2_8_BASE
Branch point for: OPENBSD_2_8
Changes since 1.5: +3 -1 lines
Diff to previous 1.5 (colored)
Fix compile error if lacking -DINET6
Revision 1.5 / (download) - annotate - [select for diffs], Sat Oct 14 06:23:52 2000 UTC (23 years, 8 months ago) by angelos
Branch: MAIN
Changes since 1.4: +184 -10 lines
Diff to previous 1.4 (colored)
ASKPOLICY message; used by key management to inquire about policy triggering an ACQUIRE.
Revision 1.4 / (download) - annotate - [select for diffs], Fri Sep 29 19:46:26 2000 UTC (23 years, 8 months ago) by angelos
Branch: MAIN
Changes since 1.3: +15 -1 lines
Diff to previous 1.3 (colored)
Make sure there's enough data on the mbuf for the TCP/UDP ports (if applicable) -- bug located thanks to a crashdump from HJungheim@vpnet.com
Revision 1.3 / (download) - annotate - [select for diffs], Wed Sep 27 07:28:24 2000 UTC (23 years, 8 months ago) by angelos
Branch: MAIN
Changes since 1.2: +41 -11 lines
Diff to previous 1.2 (colored)
Fix checking for incoming packets when the remote gateway has been fully specified in the flow.
Revision 1.2 / (download) - annotate - [select for diffs], Wed Sep 20 19:13:18 2000 UTC (23 years, 8 months ago) by angelos
Branch: MAIN
Changes since 1.1: +5 -1 lines
Diff to previous 1.1 (colored)
Add IDENTITY payloads to flow establishment (and cleanup accordingly) -- this will address one of itojun's question on how are IDs for IKE to be determined (need to add support for this to ipsecadm).
Revision 1.1 / (download) - annotate - [select for diffs], Tue Sep 19 03:20:59 2000 UTC (23 years, 8 months ago) by angelos
Branch: MAIN
Lots and lots of changes.