Commit Graph

37 Commits

Author SHA1 Message Date
knakahara
51f4870974 eliminate variable argument in encapsw 2016-01-26 06:00:10 +00:00
knakahara
b546d5277b implement encapsw instead of protosw and uniform prototype.
suggested and advised by riastradh@n.o, thanks.

BTW, It seems in_stf_input() had bugs...
2016-01-26 05:58:05 +00:00
riastradh
e588d95c25 Back out previous change to introduce struct encapsw.
This change was intended, but Nakahara-san had already made a better
one locally!  So I'll let him commit that one, and I'll try not to
step on anyone's toes again.
2016-01-22 23:27:12 +00:00
riastradh
87bc652e3d Don't abuse struct protosw for ip_encap -- introduce struct encapsw.
Mostly mechanical change to replace it, culling some now-needless
boilerplate around all the users.

This does not substantively change the ip_encap API or eliminate
abuse of sketchy pointer casts -- that will come later, and will be
easier now that it is not tangled up with struct protosw.
2016-01-22 05:15:10 +00:00
riastradh
65a8f527af Eliminate struct protosw::pr_output.
You can't use this unless you know what it is a priori: the formal
prototype is variadic, and the different instances (e.g., ip_output,
route_output) have different real prototypes.

Convert the only user of it, raw_send in net/raw_cb.c, to take an
explicit callback argument.  Convert the only instances of it,
route_output and key_output, to such explicit callbacks for raw_send.
Use assertions to make sure the conversion to explicit callbacks is
warranted.

Discussed on tech-net with no objections:
https://mail-index.netbsd.org/tech-net/2016/01/16/msg005484.html
2016-01-20 21:43:59 +00:00
ozaki-r
9c3df7f835 Remove unnecessary ifdef IPSEC 2015-03-27 07:47:10 +00:00
rmind
60d350cf6d - Implement pktqueue interface for lockless IP input queue.
- Replace ipintrq and ip6intrq with the pktqueue mechanism.
- Eliminate kernel-lock from ipintr() and ip6intr().
- Some preparation work to push softnet_lock out of ipintr().

Discussed on tech-net.
2014-06-05 23:48:16 +00:00
rmind
39bd8dee77 Add struct pr_usrreqs with a pr_generic function and prepare for the
dismantling of pr_usrreq in the protocols; no functional change intended.
PRU_ATTACH/PRU_DETACH changes will follow soon.

Bump for struct protosw.  Welcome to 6.99.62!
2014-05-18 14:46:15 +00:00
christos
27fe772ddc IPSEC has not come in two speeds for a long time now (IPSEC == kame,
FAST_IPSEC). Make everything refer to IPSEC to avoid confusion.
2013-06-05 19:01:26 +00:00
joerg
3eb244d801 Retire varargs.h support. Move machine/stdarg.h logic into MI
sys/stdarg.h and expect compiler to provide proper builtins, defaulting
to the GCC interface. lint still has a special fallback.
Reduce abuse of _BSD_VA_LIST_ by defining __va_list by default and
derive va_list as required by standards.
2011-07-17 20:54:30 +00:00
drochner
a46f4db6fd remove a limitation that inner and outer IP version must be equal
for an ESP tunnel, and add some fixes which make v4-in-v6 work
(v6 as inner protocol isn't ready, even v6-in-v6 can never have worked)

being here, fix a statistics counter and kill an unused variable
2011-06-06 16:48:35 +00:00
drochner
909a8e8346 more "const" 2011-02-18 19:56:01 +00:00
drochner
bbd82ed172 sprinkle some "const", documenting that the SA is not supposed to
change during an xform operation
2011-02-18 19:06:45 +00:00
degroote
e7dc156f58 Fix some fallout from socket locking patch :
- {ah6,esp6}_ctlinput must return void*
 - use correct wrapper for rip_usrreq
2008-04-27 12:58:48 +00:00
ad
15e29e981b Merge the socket locking patch:
- Socket layer becomes MP safe.
- Unix protocols become MP safe.
- Allows protocol processing interrupts to safely block on locks.
- Fixes a number of race conditions.

With much feedback from matt@ and plunky@.
2008-04-24 11:38:36 +00:00
thorpej
caf49ea572 Make IPSEC and FAST_IPSEC stats per-cpu. Use <net/net_stats.h> and
netstat_sysctl().
2008-04-23 06:09:04 +00:00
degroote
f3f9c5b3a1 Fix build of FAST_IPSEC after the change of ip_newid prototype 2008-02-10 21:42:20 +00:00
elad
3668e580ae Use struct initializers. No functional change. 2007-12-07 19:46:18 +00:00
dyoung
5bbde3d775 Use IFNET_FOREACH() and IFADDR_FOREACH(). 2007-12-04 10:27:33 +00:00
adrianp
aaf8e048ae The function ipsec4_get_ulp assumes that ip_off is in host order. This results
in IPsec processing that is dependent on protocol and/or port can be bypassed.

Bug report, analysis and initial fix from Karl Knutsson.
Final patch and ok from degroote@
2007-10-28 15:48:23 +00:00
degroote
dd86ba7231 Remove useless cast
Use NULL instead of (void*) 0
2007-03-04 21:17:54 +00:00
christos
53524e44ef Kill caddr_t; there will be some MI fallout, but it will be fixed shortly. 2007-03-04 05:59:00 +00:00
degroote
e2211411a4 Commit my SoC work
Add ipv6 support for fast_ipsec
Note that currently, packet with extensions headers are not correctly
supported
Change the ipcomp logic
2007-02-10 09:43:05 +00:00
christos
168cd830d2 __unused removal on arguments; approved by core. 2006-11-16 01:32:37 +00:00
christos
6c265266c5 more __unused 2006-10-13 20:53:59 +00:00
christos
95e1ffb156 merge ktrace-lwp. 2005-12-11 12:16:03 +00:00
martin
71d020f371 Since we decided "const struct mbuf *" would not do the right thing (tm),
remove ~all const from mbuf pointers.
2005-06-06 06:06:50 +00:00
perry
f07677dd81 nuke trailing whitespace 2005-02-26 22:45:09 +00:00
jonathan
60f87b2f99 sys/netinet6/ip6_ecn.h is reportedly a FreeBSD-ism; NetBSD has
prototypes for the IPv6 ECN ingress/egress functions in sys/netinet/ip_ecn.h,
inside an #ifdef INET6 wrapper.   So, wrap sys/netipsec ocurrences of
	#include <netinet6/ip6_ecn.h>
in #ifdef __FreeBSD__/#endif, until both camps can agree on this
teensy little piece of namespace. Affects:
    ipsec_output.c xform_ah.c xform_esp.c xform_ipip.c
2004-03-17 00:21:43 +00:00
scw
f8d2d740de Fix ipip_output() to always set *mp to NULL on failure, even if 'm'
is NULL, otherwise ipsec4_process_packet() may try to m_freem() a
bad pointer.

In ipsec4_process_packet(), don't try to m_freem() 'm' twice; ipip_output()
already did it.
2004-01-16 11:06:27 +00:00
jonathan
995c532c33 Revert the (default) ip_id algorithm to the pre-randomid algorithm,
due to demonstrated low-period repeated IDs from the randomized IP_id
code.  Consensus is that the low-period repetition (much less than
2^15) is not suitable for general-purpose use.

Allocators of new IPv4 IDs should now call the function ip_newid().
Randomized IP_ids is now a config-time option, "options RANDOM_IP_ID".
ip_newid() can use ip_random-id()_IP_ID if and only if configured
with RANDOM_IP_ID. A sysctl knob should be  provided.

This API may be reworked in the near future to support linear ip_id
counters per (src,dst) IP-address pair.
2003-11-17 21:34:27 +00:00
jonathan
ae4accd0de Use ip_randomid(), dependent on either __NetBSD__ preprocessor
token or FreeBSD RANDOM_IP_ID config option.
2003-11-14 07:15:28 +00:00
tls
9355900ec9 Reversion of "netkey merge", part 2 (replacement of removed files in the
repository by christos was part 1).  netipsec should now be back as it
was on 2003-09-11, with some very minor changes:

1) Some residual platform-dependent code was moved from ipsec.h to
   ipsec_osdep.h; without this, IPSEC_ASSERT() was multiply defined.  ipsec.h
   now includes ipsec_osdep.h

2) itojun's renaming of netipsec/files.ipsec to netipsec/files.netipsec has
   been left in place (it's arguable which name is less confusing but the
   rename is pretty harmless).

3) Some #endif TOKEN has been replaced by #endif /* TOKEN */; #endif TOKEN
   is invalid and GCC 3 won't compile it.

An i386 kernel with "options FAST_IPSEC" and "options OPENCRYPTO" now
gets through "make depend" but fails to build with errors in ip_input.c.
But it's better than it was (thank heaven for small favors).
2003-10-06 22:05:15 +00:00
itojun
eb305c3c3c merge netipsec/key* into netkey/key*. no need for both.
change confusing filename
2003-09-12 11:20:57 +00:00
itojun
3df4458661 use ip_randomid 2003-09-12 11:09:31 +00:00
jonathan
c23a2c9c86 opt_inet6.h is FreeBSD-specific, so wrap it with #ifdef __FreeBSD__/#endif. 2003-08-20 22:33:40 +00:00
jonathan
740290313e Initial import of Sam Leffler's `Fast-IPsec' from FreeBSD 4.
Fast-IPsec is a rework of the OpenBSD and KAME IPsec code, using the
OpenCryptoFramework (and thus hardware crypto accelerators) and
numerous detailed performance improvements.

This import is (aside from SPL-level names) the FreeBSD source,
imported ``as-is'' as a historical snapshot, for future maintenance
and comparison against the FreeBSD source.  For now, several minor
kernel-API differences are hidden by macros a shim file, ipsec_osdep.h,
which (aside from SPL names) can be targeted at either NetBSD or FreeBSD.
2003-08-13 20:06:49 +00:00