Commit Graph

25 Commits

Author SHA1 Message Date
elad 58e7332bdf Multiple inclusion protection, as suggested by christos@ on tech-kern@
few days ago.
2005-12-11 00:02:28 +00:00
tron b7be5e481c Defopt IPSEC_NAT_T. 2005-07-07 19:34:51 +00:00
manu 455d55f55b Enhance IPSEC_NAT_T so that it can work with multiple machines behind the
same NAT.
2005-04-23 14:05:28 +00:00
perry bcfcddbac1 nuke trailing whitespace 2005-02-26 22:31:44 +00:00
manu 5c217c1a67 Add support for IPsec Network Address Translator traversal (NAT-T), as
described by RFC 3947 and 3948.
2005-02-12 12:31:07 +00:00
itojun bc4b33d8be reqid (for unique policy) is u_int16_t quantity. from markus@openbsd 2004-12-06 08:05:26 +00:00
itojun ec5e739b46 extra blank line 2003-09-23 00:03:05 +00:00
itojun 17dc15d92a unifdef -UFAST_IPSEC 2003-09-20 05:12:45 +00:00
itojun 72bcf50f26 no need for netipsec/key*, they are almost identical to netkey/key* 2003-09-12 11:09:32 +00:00
itojun 800fe5d178 - prepare for RFC2401bis 64bit sequence number (no behavior change yet)
- use hash for SPI-based SAD entry lookup (should be faster, i hope)
- cleanup keydb.c and key.c.  key.c is responsible for refcounting secasvar,
  keydb.c is responsible for alloc/free.
2003-09-07 15:59:36 +00:00
itojun 52f8075c5a allow userland to specify SPD ID. more readable debugging messages. 2003-08-22 06:22:21 +00:00
itojun 616adf38ee backout; committed by mistake 2003-08-22 05:48:27 +00:00
itojun 190b098134 do not quit from key_sendup() even if writes to non-target socket fails.
from SEIL team
2003-08-22 05:46:37 +00:00
thorpej b193480908 Add extensible malloc types, adapted from FreeBSD. This turns
malloc types into a structure, a pointer to which is passed around,
instead of an int constant.  Allow the limit to be adjusted when the
malloc type is defined, or with a function call, as suggested by
Jonathan Stone.
2003-02-01 06:23:35 +00:00
itojun 177ed24b8b allocate route_in6 in struct secashead, to avoid mistakenly overrun
the end of secashead.  Fixes PR18751.
2003-01-08 05:46:49 +00:00
itojun 6dedde045a correct signedness mixup in pointer passing. sync w/kame 2002-09-11 02:41:19 +00:00
itojun 3489976392 do not copy policy-on-socket at all. avoid copying packet header value to
struct spindex.  should reduce memory usage per socket/pcb, and should speedup
ipsec processing.  sync w/kame
2002-06-12 01:47:34 +00:00
itojun 89f53512af use real wallclock (got by microtime) to compute IPsec database lifetimes.
previous code used interval timers, and had problem with suspend/resume.
sync with KAME.
2000-09-22 16:55:04 +00:00
itojun 9e0a696a8a remove #ifdef notdef part. sync with kame. 2000-07-26 07:40:52 +00:00
itojun 411ff12b27 pre-compute and cache intermediate crypto key. suggestion from sommerfeld,
sync with kame.

loopback, blowfish-cbc transport mode, 128bit key
before: 86588496 bytes received in 00:42 (1.94 MB/s)
after: 86588496 bytes received in 00:31 (2.58 MB/s)
2000-07-23 05:23:04 +00:00
itojun f982a33213 correct ordering mistake in SADB_DUMP.
correct bug in key length management in SA database.
improbe mbuf printing (for debugging only).
2000-06-15 12:37:07 +00:00
itojun 92e64a4a0d sync with almost-latest KAME IPsec. full changelog would be too big
to mention here.  notable changes are like below.

kernel:
- make PF_KEY kernel interface more robust against broken input stream.
  it includes complete internal structure change in sys/netkey/key.c.
- remove non-RFC compliant change in PF_KEY API, in particular,
  in struct sadb_msg.  we cannot just change these standard structs.
  sadb_x_sa2 is introduced instead.
- remove prototypes for pfkey_xx functions from /usr/include/net/pfkeyv2.h.
  these functions are not supplied in /usr/lib.

setkey(8):
- get/delete does not require "-m mode" (ignored with warning, if you
  specify it)
- spddelete takes direction specification
2000-06-12 10:40:37 +00:00
itojun 1a2a1e2b1f bring in latest KAME ipsec tree.
- interop issues in ipcomp is fixed
- padding type (after ESP) is configurable
- key database memory management (need more fixes)
- policy specification is revisited

XXX m->m_pkthdr.rcvif is still overloaded - hope to fix it soon
2000-01-31 14:18:52 +00:00
thorpej cd3a345ea0 RCS ID police. 1999-07-03 21:24:45 +00:00
itojun 74d3c214ec KAME/NetBSD 1.4 SNAP kit, dated 19990628.
NOTE: this branch (kame) is used just for refernce.  this may not compile
due to multiple reasons.
1999-06-28 06:36:47 +00:00