Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
127,386 Commits 606 Branches 0 Tags 3.1 GiB
Commit Graph

36 Commits

Author SHA1 Message Date
itojun 721292cf12 constify AH algorithm function table. suggested by robert watson 2004-03-10 03:45:04 +00:00
itojun d6c4b6beb6 minor KNF 2003-07-25 10:17:36 +00:00
itojun 969d6f5037 typo 2003-07-25 10:16:28 +00:00
itojun 1270423572 add AH/ESP algorithms: hmac-ripemd160 (AH), AES XCBC MAC (AH), 
AES counter mode (ESP)
 2003-07-25 10:00:49 +00:00
itojun c8ebadb000 unifdef -U_IP_VHL 2003-07-22 11:18:24 +00:00
itojun d64e1c8d6a add hmac-sha2 support. various cleanups (like avoid hardcoding '16'). 
from kame
 2003-07-22 03:24:23 +00:00
itojun 0445f65670 avoid assuming result buffer size in AH logic. sync w/kame 2003-07-20 18:01:41 +00:00
itojun b2fcce1997 style 2003-04-22 10:08:33 +00:00
itojun 8808abb7b8 correct pointer signedness mixups. sync w/kame 2002-09-11 03:45:44 +00:00
itojun e4f39ff86f panic() if NULL is passed to ah_sumsiz_xx. suggested by sam leffler, sync w/kame 2002-06-07 23:42:41 +00:00
lukem 4f2ad95259 add RCSIDs 2001-11-13 00:56:55 +00:00
itojun 7b1918bdc8 always check extension header length. 2001-10-29 05:23:17 +00:00
itojun 99d25b4e8a reduce diff with kame. whitespace changes only. 2001-10-15 03:55:37 +00:00
itojun 52f2cece9f tighten AH IPv4 option chasing more. drop too short (< 2) option. 
sync with kame.
 2001-02-21 01:27:58 +00:00
itojun 26a76076be correct IPv4 option header chasing. the old code may overrun the buffer 
if the option header is truncated.  sync with kame
 2001-02-19 03:47:01 +00:00
itojun dcfe05e7c1 fix compilation without INET. fix confusion between ipsecstat and ipsec6stat. 
sync with kame.
 2000-10-02 03:55:41 +00:00
itojun 65d37eff7f correct RFC2367 PF_KEY conformance (SADB_[AE]ALG_xx values and namespaces). 
sync from kame.

WARNING: need recompilation of setkey(8) and pkgsrc/security/racoon.
(no ipsec-ready netbsd was released as official release)
 2000-07-18 14:56:42 +00:00
itojun dafb757588 add algorithm name into algorithm table. (commit to crypto-intl will follow) 2000-06-14 11:27:35 +00:00
itojun e0b65589f1 sync with more recent kame. cope with malloc failure more gracefully 
some cosmetics.
 2000-06-02 18:20:15 +00:00
itojun fadbd2b29a cleanup AH/policy processing. 
- parse IPv6 header by using common function, ip6_{last,next}hdr.
- fix behaivior in multiple AH cases.
  make strict boundary checks on mbuf chasing.
(sync with latest kame)
 2000-03-21 23:53:30 +00:00
itojun 90736ab608 fix include pathname for better rfc2292 compliance. 2000-02-06 12:49:37 +00:00
itojun 1a2a1e2b1f bring in latest KAME ipsec tree. 
- interop issues in ipcomp is fixed
- padding type (after ESP) is configurable
- key database memory management (need more fixes)
- policy specification is revisited

XXX m->m_pkthdr.rcvif is still overloaded - hope to fix it soon
 2000-01-31 14:18:52 +00:00
itojun 08e76e0086 add missing ipcomp cases. 2000-01-16 18:06:03 +00:00
itojun ec63b40402 remove too much portability code in KAME, to improve readability. 2000-01-06 07:31:07 +00:00
itojun abddb5f851 do not overwrite traffic class field when we write IPv6 version field. 1999-12-15 06:28:43 +00:00
itojun b3d9b0130c eliminate unnecessary splnet(). 1999-09-17 12:26:04 +00:00
itojun 5a219342f2 sync with kame; typo in comment. 1999-08-26 11:11:51 +00:00
itojun 4e69e908fe fix AH computation for HbB options. 1999-08-25 17:47:47 +00:00
itojun 70ada0957e sync with recent KAME. 
- loosen ipsec restriction on packet diredtion.
- revise icmp6 redirect handling on IsRouter bit.
- tcp/udp notification processing (link-local address case)
- cosmetic fixes (better code share across *BSD).
 1999-07-31 18:41:15 +00:00
itojun 06c350054d remove reference to in6_systm.h (file itself will be removed afterwords) 1999-07-30 10:35:34 +00:00
thorpej f9a7668b3f defopt IPSEC and IPSEC_ESP (both into opt_ipsec.h). 1999-07-09 22:57:15 +00:00
itojun f3c72d8503 fix IPSEC (but not INET6) build. 
PR: 7921, 7922, 7924
From: rafal@mediaone.net
 1999-07-06 05:09:22 +00:00
itojun 9b74747370 s/splnet/splsoftnet/ in IPv6/IPsec part. 
hope I made no mistake (the kernel works fine but I need a regress test)

Suggested by: thorpej
 1999-07-04 02:01:15 +00:00
thorpej cd3a345ea0 RCS ID police. 1999-07-03 21:24:45 +00:00
itojun 118d2b1d4f IPv6 kernel code, based on KAME/NetBSD 1.4, SNAP kit 19990628. 
(Sorry for a big commit, I can't separate this into several pieces...)
Pls check sys/netinet6/TODO and sys/netinet6/IMPLEMENTATION for details.

- sys/kern: do not assume single mbuf, accept chained mbuf on passing
  data from userland to kernel (or other way round).
- "midway" ATM card: ATM PVC pseudo device support, like those done in ALTQ
  package (ftp://ftp.csl.sony.co.jp/pub/kjc/).
- sys/netinet/tcp*: IPv4/v6 dual stack tcp support.
- sys/netinet/{ip6,icmp6}.h, sys/net/pfkeyv2.h: IETF document assumes those
  file to be there so we patch it up.
- sys/netinet: IPsec additions are here and there.
- sys/netinet6/*: most of IPv6 code sits here.
- sys/netkey: IPsec key management code
- dev/pci/pcidevs: regen

In my understanding no code here is subject to export control so it
should be safe.
 1999-07-01 08:12:45 +00:00
itojun 74d3c214ec KAME/NetBSD 1.4 SNAP kit, dated 19990628. 
NOTE: this branch (kame) is used just for refernce.  this may not compile
due to multiple reasons.
 1999-06-28 06:36:47 +00:00