Commit Graph

159 Commits

Author SHA1 Message Date
itojun 19dd3c9508 send error up when error happens during SADB_UPDATE. kame-pr-785 2004-08-03 15:53:03 +00:00
yamt 388343e340 key_sendup0: prepend a promisc header only for a mbuf given as a function arg.
mbufs on kp_queue already have their complete headers.
2004-07-24 09:15:56 +00:00
yamt 133bbf0b79 key_receive: pull packets from kp_queue.
otherwise a receiver can sleep on empty so_rcv
while having packets on kp_queue.

ok'ed by itojun.
2004-07-24 09:14:52 +00:00
yamt da6f02930b key_sendup0: add a missing sorwakeup().
ok'ed by itojun.
2004-07-08 10:42:41 +00:00
itojun caf5cb18b4 avoid null pointer deref
remove wrong comment
yamt@netbsd
2004-06-01 03:05:26 +00:00
itojun 25f8b7acdc recover kp_queue properly. yamt 2004-06-01 02:01:14 +00:00
itojun 78bf2102d3 correct kp_queue handling. yamt 2004-05-31 11:40:40 +00:00
itojun e58a39bab9 need to fix kp_queue better... 2004-05-31 09:20:38 +00:00
itojun 4516a4dc00 on EAGAIN, set kp_queue again for the next wakeup. pointed out by yamt 2004-05-31 09:06:36 +00:00
itojun 7bd231952e safer key_{spd,}dump. comment from yamt.
XXX is spl level ok?
2004-05-31 04:29:01 +00:00
itojun 2cb6995056 dump/spddump can now handle tons of records. 2004-05-26 02:59:15 +00:00
yamt c9290b239d key_sp_unlink: decrement refcnt of the policy only if it was chained.
otherwise SADB_X_SPDDELETE2 and SADB_X_SPDFLUSH can free per-pcb policies
erroneously.  it's the identical with what kame repository has.

ok'ed by itojun@
2004-05-10 09:30:23 +00:00
itojun 23973135aa fix key_mature for tcp md5 signature 2004-04-26 04:39:17 +00:00
itojun 06dd2ce65c add missing "break" 2004-04-26 04:00:06 +00:00
itojun e0395ac8f0 make TCP MD5 signature work with KAME IPSEC (#define IPSEC).
support IPv6 if KAME IPSEC (RFC is not explicit about how we make data stream
for checksum with IPv6, but i'm pretty sure using normal pseudo-header is the
right thing).

XXX
current TCP MD5 signature code has giant flaw:
it does not validate signature on input (can't believe it! what is the point?)
2004-04-26 03:54:28 +00:00
matt e06794e93a Remove #else of #if __STDC__ 2004-04-26 01:41:15 +00:00
matt e50668c7fa Constify protosw arrays. This can reduce the kernel .data section by
over 4K (if all the network protocols) are loaded.
2004-04-22 01:01:40 +00:00
matt 58011725c3 Use M_ZERO appropriately. 2004-04-18 23:33:58 +00:00
itojun 25b85e1925 fixed a memory leak (refcnt) in #ifdef IPSEC_DOSEQCHECK portion 2004-04-12 07:50:56 +00:00
atatat 19af35fd0d Tango on sysctl_createv() and flags. The flags have all been renamed,
and sysctl_createv() now uses more arguments.
2004-03-24 15:34:46 +00:00
wiz f05e6f1a3a occured -> occurred. From Peter Postma. 2004-02-24 15:12:51 +00:00
itojun 7df1e71161 invalidate pcb policy cache on key_timehandler(). part of
http://sources.zabbadoz.net/freebsd/patchset/110-ipsec-netkey-key.diff
2004-01-14 04:11:13 +00:00
itojun 45e487aa97 secpolicy refcnt mistake (missing key_freesp). part of
http://sources.zabbadoz.net/freebsd/patchset/110-ipsec-netkey-key.diff
2004-01-13 23:02:40 +00:00
itojun b37e7ce6ef do not touch sav->xx after key_freesav(). from hajimu umemoto 2003-12-10 23:46:42 +00:00
atatat 13f8d2ce5f Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al.  Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.

Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded.  Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.

All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.

PS - I'm sorry, but there's a distinct lack of documentation at the
moment.  I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.
2003-12-04 19:38:21 +00:00
itojun bf72fd111d missing splx. Hajimu UMEMOTO via kame 2003-11-27 18:26:46 +00:00
drochner ca3116d2f1 in_ifaddr -> in_ifaddrhead
use TAILQ_FOREACH macro
2003-11-11 21:41:11 +00:00
itojun f5c2aa04b0 splsoftnet() on spd/sad-dump-via-sysctl to ensure no 2 threads to go into
the function, or entries being removed during the dump operation.
suenaga@iij
2003-11-10 10:52:13 +00:00
itojun 57b5c736df suppress -Wuninitialized 2003-11-04 05:50:54 +00:00
christos e4e2331f07 fixed uninitialized variable 2003-10-25 08:27:12 +00:00
itojun e6d129819b update m_pkthdr.len 2003-10-13 08:55:59 +00:00
itojun ec5e739b46 extra blank line 2003-09-23 00:03:05 +00:00
itojun cd71ebe2f7 mark security policy that should persist in the system "persistent".
this should prevent recently-reported kernel panic when "spdflush" is issued.
2003-09-22 04:47:43 +00:00
itojun 17dc15d92a unifdef -UFAST_IPSEC 2003-09-20 05:12:45 +00:00
itojun 782cbb14c5 2^n hash table is better in the kernel. advise by perry@netbsd 2003-09-14 07:30:32 +00:00
itojun d669285a77 use prime number to hash SPI 2003-09-14 03:11:31 +00:00
itojun 72bcf50f26 no need for netipsec/key*, they are almost identical to netkey/key* 2003-09-12 11:09:32 +00:00
itojun 6371ddf557 make it possible to SADB_DUMP via sysctl. request by mrg 2003-09-12 07:38:10 +00:00
itojun 49fa1efdc6 remove #define for bsdi 2003-09-12 00:27:59 +00:00
itojun 14756c7d6d kill unneeded variable 2003-09-12 00:10:25 +00:00
itojun c1ae398301 correct hashed SPI lookup. reported by Greg Troxel 2003-09-09 21:58:26 +00:00
itojun 8ca90bd4e4 add /kern/ipsecsa and /kern/ipsecsp, which can be inspected by setkey(8).
it allows easier access to ipsecsa/sp.  it works around problem where
setkey -D does not work with large number of ipsec SAs due to socket buffer
size.
2003-09-08 06:51:53 +00:00
itojun bc1d89af4f splsoftnet in key_setspi 2003-09-08 01:55:09 +00:00
itojun fdbe07d467 revisit spihash logic 2003-09-07 20:41:27 +00:00
itojun 800fe5d178 - prepare for RFC2401bis 64bit sequence number (no behavior change yet)
- use hash for SPI-based SAD entry lookup (should be faster, i hope)
- cleanup keydb.c and key.c.  key.c is responsible for refcounting secasvar,
  keydb.c is responsible for alloc/free.
2003-09-07 15:59:36 +00:00
itojun 52f8075c5a allow userland to specify SPD ID. more readable debugging messages. 2003-08-22 06:22:21 +00:00
itojun 80e0659dae KNF 2003-08-22 06:21:09 +00:00
itojun 616adf38ee backout; committed by mistake 2003-08-22 05:48:27 +00:00
itojun 190b098134 do not quit from key_sendup() even if writes to non-target socket fails.
from SEIL team
2003-08-22 05:46:37 +00:00
itojun 8453a28003 fixed that the kernel crashed when key_spdacquire() was called
because key_spdacquire() had been implemented imcopletely.
sync w/kame
2003-07-25 09:04:48 +00:00