itojun
88122ef746
should return error code from key_senderror(). sync w/kame
2002-08-20 08:17:02 +00:00
itojun
ccc183b4d1
fixed that the incorrect time was set to sadb_comb_{hard|soft}_usetime.
...
sync w/kame
2002-08-20 06:20:26 +00:00
itojun
2169d69bcf
correct %d/%u mismatch. sync w/kame
2002-06-27 14:39:45 +00:00
itojun
c1808f02bf
cache pcb policy as much as possible. in fact, if policy is not
...
IPSEC_POLICY_IPSEC we don't need to compare spidx. sync w/kame
2002-06-14 14:47:24 +00:00
itojun
dc96111483
deep-copy pcb policy if it is an ipsec policy. assign ID field to all
...
SPD entries. make it possible for racoon to grab SPD entry on pcb
(racoon side needs some changes). sync w/kame
2002-06-12 17:56:45 +00:00
itojun
cc8fe8c179
make function static
2002-06-12 03:46:16 +00:00
itojun
bad1f500a7
remove unused functions
2002-06-12 03:37:14 +00:00
itojun
3489976392
do not copy policy-on-socket at all. avoid copying packet header value to
...
struct spindex. should reduce memory usage per socket/pcb, and should speedup
ipsec processing. sync w/kame
2002-06-12 01:47:34 +00:00
itojun
fa53d749ff
share policy-on-pcb for listening socket. sync w/kame
...
todo: share even more, avoid frequent updates of spidx
2002-06-11 19:39:59 +00:00
itojun
52d0ba15c8
reduce unneeded #ifdef
2002-05-30 05:51:21 +00:00
itojun
d208a22daa
use arc4random() where possible.
...
XXX is it necessary to do microtime() on tcp syn cache?
2002-05-28 10:11:49 +00:00
itojun
12bdf036e2
pull in SPD lifetime management code. fix refcnt for SPD entries.
...
sync w/kame
XXX dead SPD entry lifetime - undergoing sakane's review
2002-05-19 08:22:12 +00:00
itojun
9244bd8154
document net.key.* sysctl. provide sysctl MIB for controlling
...
proposal payload on ACQUIRE message. sync w/kame
2002-05-19 08:12:55 +00:00
itojun
691d519c66
remove unneeded decl for __ss_{len,family}
2002-05-19 07:54:05 +00:00
itojun
0c85427e40
remove unneeded #if
2002-03-21 04:41:03 +00:00
itojun
53a52c0ad8
pfkey statistics was presented in wrong direction.
2002-03-21 04:23:36 +00:00
itojun
418fefdef0
remove a function no longer in use
2002-03-21 04:10:21 +00:00
itojun
900347e4d0
comment wording
2002-03-21 02:27:50 +00:00
itojun
8e4fadc28a
missing splx
2002-03-01 04:19:42 +00:00
itojun
3edb75b9d5
unifdef -D__NetBSD__
2002-03-01 04:16:38 +00:00
itojun
88123ecf38
change key_timehandler to take void * as argument. sync with kame.
...
PR 14351
2002-01-31 07:05:43 +00:00
itojun
867ce59a46
use ipseclog() instead of #ifdef IPSEC_DEBUG, to make it possible to
...
turn on/off debugging messages at runtime. sync with kame
2002-01-31 06:35:25 +00:00
itojun
8297f55292
change SPDUPDATE's behavior to meet with the latest KAME kit.
...
(there's no need to have policy before SPDUPDATE)
2002-01-31 06:17:03 +00:00
lukem
2565646230
don't need <sys/types.h> when including <sys/param.h>
2001-11-15 09:47:59 +00:00
lukem
4f2ad95259
add RCSIDs
2001-11-13 00:56:55 +00:00
simonb
5f717f7c33
Don't need to include <uvm/uvm_extern.h> just to include <sys/sysctl.h>
...
anymore.
2001-10-29 07:02:30 +00:00
itojun
07b78861d0
sync with kame:
...
fixed the value of the prefixlen in the sadb_address structure.
when pfkey message relative to SA is sent, the prefixlen was incorrect.
2001-10-19 01:57:20 +00:00
wiz
4c99916337
va_{start,end} audit:
...
Make sure that each va_start has one and only one matching va_end,
especially in error cases.
If the va_list is used multiple times, do multiple va_starts/va_ends.
If a function gets va_list as argument, don't let it use va_end (since
it's the callers responsibility).
Improved by comments from enami and christos -- thanks!
Heimdal/krb4/KAME changes already fed back, rest to follow.
Inspired by, but not not based on, OpenBSD.
2001-09-24 13:22:25 +00:00
wiz
456dff6cb8
Spell 'occurred' with two 'r's.
2001-09-16 16:34:23 +00:00
itojun
fd048b8ff1
avoid symbol conflict with "sin()".
2001-08-16 14:28:54 +00:00
itojun
99c5195929
remove "#ifdef IPSEC_DEBUG" conditional from from key_debug.h
...
(headers must have no #if). sync with kame
2001-08-12 11:52:43 +00:00
itojun
984d46bbc4
there is no KEY_DEBBUG. use IPSEC_DEBUG
2001-08-12 11:48:27 +00:00
itojun
57030e2f12
cache IPsec policy on in6?pcb. most of the lookup operations can be bypassed,
...
especially when it is a connected SOCK_STREAM in6?pcb. sync with kame.
2001-08-06 10:25:00 +00:00
itojun
ce781443e0
pass replay sequence number on sadb_x_sa2 (it's outside of PF_KEY standard
...
anyways).
2001-08-02 12:10:14 +00:00
itojun
b26591525e
remove "register" variable specifier. sync with kame
2001-08-02 11:32:14 +00:00
itojun
182b1e5191
do not #ifdef KEY_DEBUG in header. sync with kame
2001-07-27 04:48:13 +00:00
mrg
8a49f07b1b
avoid assigning to policy_id twice. fixes more gcc 3.0 prerelease errors.
2001-06-04 21:38:28 +00:00
mrg
c13e3a6693
use _KERNEL_OPT
2001-05-30 11:40:35 +00:00
wiz
14dbdf5518
Negative exit code cleanup: Replace exit(-x) with exit(x).
...
As seen on tech-userlevel.
2001-04-06 11:13:45 +00:00
jdolecek
522f569810
make some more constant arrays 'const'
2001-02-21 21:39:52 +00:00
thorpej
786149d624
When processing an SADB_DELETE message, allow SADB_EXT_SA to be
...
blank. In this case, we delete all non-LARVAL SAs that match the
src/dst/protocol. This is particularly useful in IKE INITIAL-CONTACT
processing. Idea from Bill Sommerfeld <sommerfeld@east.sun.com>, who
implemented it in post-Solaris8.
2001-02-16 23:53:59 +00:00
itojun
a688af5edf
if 2nd parameter of key_acquire() is NULL it panics.
...
key_acquire () does not really require 2nd argument.
1.179 -> 1.180 on kame.
2001-01-10 18:52:51 +00:00
itojun
8b5ceae516
don't waste entropy by use of key_random(). use key_randomfill() for
...
IV initialization.
2000-10-07 12:08:33 +00:00
itojun
a6f9652adf
always use rnd(4) for IPsec random number source. avoid random(9).
...
if there's no rnd(4), random(9) will be used with one-time warning printf(9).
XXX not sure how good rnd_extract_data(RND_EXTRACT_ANY) is, under entropy-
starvation situation
2000-10-05 04:49:17 +00:00
itojun
dcfe05e7c1
fix compilation without INET. fix confusion between ipsecstat and ipsec6stat.
...
sync with kame.
2000-10-02 03:55:41 +00:00
itojun
8a9f93dc37
update ip compression algorithm lookup.
...
attach sadb_comb for IP compression (not in RFC2367;
discussed on pf_key@inner.net ). sync with kame
2000-09-26 08:40:23 +00:00
itojun
89f53512af
use real wallclock (got by microtime) to compute IPsec database lifetimes.
...
previous code used interval timers, and had problem with suspend/resume.
sync with KAME.
2000-09-22 16:55:04 +00:00
itojun
fd5d3908d3
wake up socket even with socket recieve buffer is full. otherwise,
...
we will have lots of pending mbufs on heavy SADB_ACQUIRE traffic.
KAME 1.22 -> 1.23
2000-09-22 08:28:56 +00:00
itojun
5f3d7ea2b5
suppress debugging message in key_acquire2(). this is purely for debugging,
...
not useful/no interest from normal use. KAME 1.155 -> 1.156
2000-09-21 20:35:09 +00:00
itojun
6aadfa317f
on SADB_UPDATE, check SPI range only for AH/ESP, not IPComp.
...
endian/signedness fix for debug messages.
KAME 1.154 -> 1.155
2000-09-20 19:55:05 +00:00