thorpej
d9ae0a6eb1
IPSEC_ESP depends on the "des", "blowfish", "cast128", and "rijndael"
...
attributes.
2002-10-12 15:41:24 +00:00
thorpej
5b2b587c85
Move netinet, netinet6, ipsec, and ipfilter config defns to
...
netinet/files.ipfilter, etinet/files.netinet, netinet6/files.netinet6,
and netinet6/files.netipsec.
XXX There are still a few stragglers in conf/files, which are entangled
with other network protocols.
2002-10-10 22:45:45 +00:00
itojun
b15fea2610
suppress too noisy log by default (can be re-enabled by sysctl). sync w/kame
2002-10-09 20:22:16 +00:00
provos
0f09ed48a5
remove trailing \n in panic(). approved perry.
2002-09-27 15:35:29 +00:00
itojun
ce1bd42a2c
length field on PADN option, before jumbo payload option was wrong.
...
sync w/kame
2002-09-23 13:28:55 +00:00
itojun
0a734b348e
better fix to PR 18163 ("deprecated" flag manipulation). sync w/kame
2002-09-23 13:16:52 +00:00
simonb
4e3613273b
Remove breaks after returns, unreachable returns and returns after
...
returns(!).
2002-09-23 05:51:10 +00:00
simonb
03d61a28e4
Remove an extern declaration for the "pim6stat" variable; the only other
...
occurance of this is a static variable in ip6_mroute.c.
2002-09-23 04:56:58 +00:00
itojun
d694b45f9d
remove extra blank line
2002-09-15 01:18:59 +00:00
itojun
255121cf44
avoid from applying IPsec transport mode to the packets when the kernel
...
forwards the packets.
sync w/kame
2002-09-11 08:15:37 +00:00
itojun
8808abb7b8
correct pointer signedness mixups. sync w/kame
2002-09-11 03:45:44 +00:00
itojun
75e1911429
reduce diff w/kame
2002-09-11 03:23:24 +00:00
itojun
9401012487
KNF - return is not a function. sync w/kame.
2002-09-11 02:46:42 +00:00
itojun
6dedde045a
correct signedness mixup in pointer passing. sync w/kame
2002-09-11 02:41:19 +00:00
itojun
37bd81ba1e
allow "deprecated" bit to be manually set. PR 18163
2002-09-04 07:22:28 +00:00
itojun
c7b00b4ce4
pass proc * to in6_pcbsetport. PR 18073
2002-08-26 14:25:00 +00:00
itojun
967cf54a67
check packet length before fetching ESP crypto checksum. sync w/kame
2002-08-21 23:12:01 +00:00
itojun
e5df0242ce
sync up use_deprecated handling with latest kame.
...
- bind(deprecated) is allowed, trusting userland app is doing the right thing
- use_deprecated default to 1
2002-08-20 22:06:04 +00:00
itojun
ddbeae9874
check error from copyout
2002-08-19 23:23:22 +00:00
itojun
bec19ac64c
typo in comment
2002-08-19 23:21:11 +00:00
itojun
041c651838
fix copyout() logic. more proper fix to be done on kame tree.
2002-08-19 23:14:39 +00:00
itojun
8b2ed6900d
copyout only if oldp is non-null
2002-08-19 07:23:22 +00:00
itojun
cc0fa7bc37
need explicit copyout(), apparently
2002-08-19 06:50:22 +00:00
itojun
e89be6a279
set default value for use_deprecated to 0, to avoid consequences with ftpd.
2002-08-17 22:15:58 +00:00
itojun
c00fa8dfd9
avoid swapping endian of ip_len and ip_off on mbuf, to meet with M_LEADINGSPACE
...
optimization made last year. should solve PR 17867 and 10195.
IP_HDRINCL behavior of raw ip socket is kept unchanged. we may want to
provide IP_HDRINCL variant that does not swap endian.
2002-08-14 00:23:27 +00:00
itojun
ed12d77e43
avoid hardcoded "16" for max AH sum size. use AH_MAXSUMSIZE.
2002-08-09 07:01:21 +00:00
itojun
68e52f0ace
use correct padding boundary, to correctly estimate ESP header size.
...
problem found by Arto Selonen <arto@selonen.org>
2002-08-09 06:38:12 +00:00
itojun
bb92058a0f
cut and paste error in comment. From: Arto Selonen <arto@selonen.org>
2002-08-09 06:29:01 +00:00
itojun
af8ad017f7
typo. From: Arto Selonen <arto@selonen.org>, sync w/kame
2002-08-01 05:17:47 +00:00
itojun
a919a4c628
no need to check NULL mbuf, as we touch it already.
...
From: tedu <grendel@zeitbombe.org>
2002-07-30 23:27:15 +00:00
itojun
d337ab206e
no need to handle NULL argument in defrouter_delreq.
...
From: tedu <grendel@zeitbombe.org>
2002-07-30 23:24:21 +00:00
itojun
d08a33e8b1
correct multicast packet MTU check. sync w/kame
2002-07-25 12:41:51 +00:00
itojun
8b02a8b924
remove unneeded extern decl (commented out). sync w/kame
2002-07-20 21:11:55 +00:00
wiz
e00173a7f2
Spell 'should' correctly.
2002-07-18 11:59:06 +00:00
itojun
d67bce4593
no need to bzero() twice. from he@netbsd
2002-07-13 21:04:55 +00:00
itojun
51bd9285d5
correct ping6 -w result wth hostname with [A-Z]. PR 17540. sync w/kame
2002-07-10 05:05:01 +00:00
thorpej
10c252ba47
Changes to allow the IPv4 and IPv6 layers to align headers themseves,
...
as necessary:
* Implement a new mbuf utility routine, m_copyup(), is is like
m_pullup(), except that it always prepends and copies, rather
than only doing so if the desired length is larger than m->m_len.
m_copyup() also allows an offset into the destination mbuf, which
allows space for packet headers, in the forwarding case.
* Add *_HDR_ALIGNED_P() macros for IP, IPv6, ICMP, and IGMP. These
macros expand to 1 if __NO_STRICT_ALIGNMENT is defined, so that
architectures which do not have strict alignment constraints don't
pay for the test or visit the new align-if-needed path.
* Use the new macros to check if a header needs to be aligned, or to
assert that it already is, as appropriate.
Note: This code is still somewhat experimental. However, the new
code path won't be visited if individual device drivers continue
to guarantee that packets are delivered to layer 3 already properly
aligned (which are rules that are already in use).
2002-06-30 22:40:32 +00:00
itojun
3973cdf049
typo in name
2002-06-29 12:33:33 +00:00
itojun
d7006267f3
reduce kernel stack usage by separating struct secasindex. sync w/kame
...
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
2002-06-27 12:12:49 +00:00
itojun
61f28217c4
move sanity check upwards. sync w/kame
...
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
2002-06-22 12:27:09 +00:00
itojun
cfb9a4a799
avoid listening socket from mistakenly use incorrect cached policy.
...
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp> sync w/kame
2002-06-22 12:04:07 +00:00
itojun
69d65da8c6
sizeof mistake in DIAGNOSTIC path. sync w/kame
...
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
2002-06-21 23:15:35 +00:00
itojun
3033187db0
previous commit cached pcb policy too much (when pcb points to
...
SPD entry that is not ipsec - like "none"). back it out. sync w/kame
2002-06-16 16:28:36 +00:00
itojun
c1808f02bf
cache pcb policy as much as possible. in fact, if policy is not
...
IPSEC_POLICY_IPSEC we don't need to compare spidx. sync w/kame
2002-06-14 14:47:24 +00:00
itojun
813344bfbe
remove redundant line
2002-06-14 14:17:55 +00:00
itojun
a8dde3fa57
free secpolicy on deepcopy failure
2002-06-13 05:10:13 +00:00
itojun
dc96111483
deep-copy pcb policy if it is an ipsec policy. assign ID field to all
...
SPD entries. make it possible for racoon to grab SPD entry on pcb
(racoon side needs some changes). sync w/kame
2002-06-12 17:56:45 +00:00
itojun
3489976392
do not copy policy-on-socket at all. avoid copying packet header value to
...
struct spindex. should reduce memory usage per socket/pcb, and should speedup
ipsec processing. sync w/kame
2002-06-12 01:47:34 +00:00
itojun
fa53d749ff
share policy-on-pcb for listening socket. sync w/kame
...
todo: share even more, avoid frequent updates of spidx
2002-06-11 19:39:59 +00:00
itojun
2533e1f81f
avoid variable name confusion. sync w/kame
2002-06-11 17:26:52 +00:00