Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
153,102 Commits 606 Branches 0 Tags 3.1 GiB
ff7c31739a
Commit Graph

190 Commits

Author SHA1 Message Date
smb
f182d6d2ee Fix argument order 2006-10-14 21:05:40 +00:00
christos
8056b71c34 more __unused 2006-10-14 18:59:57 +00:00
christos
4d595fd7b1 - sprinkle __unused on function decls. 
- fix a couple of unused bugs
- no more -Wno-unused for i386
 2006-10-12 01:30:41 +00:00
christos
ec219b9b61 use c99 initializers 2006-09-02 06:44:59 +00:00
christos
f7619e4f98 add missing initializers 2006-09-02 06:41:16 +00:00
christos
10f27c9c57 remove impossible comparison 2006-09-02 06:39:27 +00:00
christos
4db35667c5 remove excess initializer 2006-08-28 02:54:11 +00:00
ad
f474dceb13 Use the LWP cached credentials where sane. 2006-07-23 22:06:03 +00:00
kardel
de4337ab21 merge FreeBSD timecounters from branch simonb-timecounters 
- struct timeval time is gone
  time.tv_sec -> time_second
- struct timeval mono_time is gone
  mono_time.tv_sec -> time_uptime
- access to time via
	{get,}{micro,nano,bin}time()
	get* versions are fast but less precise
- support NTP nanokernel implementation (NTP API 4)
- further reading:
  Timecounter Paper: http://phk.freebsd.dk/pubs/timecounter.pdf
  NTP Nanokernel: http://www.eecis.udel.edu/~mills/ntp/html/kern.html
 2006-06-07 22:33:33 +00:00
rpaulo
c87dd30f36 Make this compile without INET6. Spotted by Arto Selonen and Kurt 
Schreiner.
 2006-01-25 15:12:05 +00:00
rpaulo
78678b130a Better support of IPv6 scoped addresses. 
- most of the kernel code will not care about the actual encoding of
  scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
  scoped addresses as a special case.
- scope boundary check will be stricter.  For example, the current
  *BSD code allows a packet with src=::1 and dst=(some global IPv6
  address) to be sent outside of the node, if the application do:
    s = socket(AF_INET6);
    bind(s, "::1");
    sendto(s, some_global_IPv6_addr);
  This is clearly wrong, since ::1 is only meaningful within a single
  node, but the current implementation of the *BSD kernel cannot
  reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
  entry in in6_ifdetach() as it's already gone.

This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.

From the KAME project via JINMEI Tatuya.
Approved by core@.
 2006-01-21 00:15:35 +00:00
christos
95e1ffb156 merge ktrace-lwp. 2005-12-11 12:16:03 +00:00
elad
58e7332bdf Multiple inclusion protection, as suggested by christos@ on tech-kern@ 
few days ago.
 2005-12-11 00:02:28 +00:00
manu
a02c0f01ca Make sure that the port numbers are set to 0 in SAD and SPD when NAT-T 
is not enabled. While we are here, add some safety tests on PFKEY
messages

This fixes the problem described in bin/30437
 2005-10-03 13:14:38 +00:00
tron
b7be5e481c Defopt IPSEC_NAT_T. 2005-07-07 19:34:51 +00:00
manu
771a32d331 Another NAT-T fix: don't check for port information in transport mode, as there 
is no port information.
 2005-07-03 22:57:09 +00:00
christos
8eaf136917 - sprinkle const 
- change b*() -> mem*()
- rename shadowed variables.
 2005-05-29 21:29:43 +00:00
manu
b83e2b6cb3 Yet another NAT-T fix: don't forbid SP with ports in the policy 2005-05-05 12:08:24 +00:00
manu
29ba532e9b After more testing, it turns out that we don't really need to check the 
source address to make NAT-T working with multiple clients behind the NAT.
Remove that check for the sake of RFC 2401 conformance.
 2005-04-25 08:39:28 +00:00
manu
455d55f55b Enhance IPSEC_NAT_T so that it can work with multiple machines behind the 
same NAT.
 2005-04-23 14:05:28 +00:00
manu
c5a5178582 Send NAT-T ports in SAD dump so that setkey -D can display them. 2005-04-20 15:44:12 +00:00
perry
bcfcddbac1 nuke trailing whitespace 2005-02-26 22:31:44 +00:00
manu
5c217c1a67 Add support for IPsec Network Address Translator traversal (NAT-T), as 
described by RFC 3947 and 3948.
 2005-02-12 12:31:07 +00:00
matt
d341be30f4 Change initialzie of domains to use link sets. Switch to using STAILQ. 
Add a convenience macro DOMAIN_FOREACH to interate through the domain.
 2005-01-23 18:41:56 +00:00
itojun
4db58ab415 fixed a unexpected addr/port matching failure in SA management 
FreeBSD-PR: kern/72393
 2005-01-11 01:30:17 +00:00
itojun
8d487352ba move SA header to DEAD if there's no children. markus@openbsd 2004-12-06 08:07:28 +00:00
itojun
bc4b33d8be reqid (for unique policy) is u_int16_t quantity. from markus@openbsd 2004-12-06 08:05:26 +00:00
dsl
e26801d6fb Use unsigned char * variables when scanning buffer - saves casts and & 0xff 2004-10-30 08:22:40 +00:00
dsl
2722aff86f Add (unsigned char) cast to ctype function (for /sbin/setkey) 2004-10-29 19:31:04 +00:00
itojun
b637834754 m->m_next check here is not needed, since we make no assumption on m_len below, 
and key_align() may chop mbuf into multiple mbufs.
from freebsd via kame
 2004-09-28 04:24:54 +00:00
itojun
3b68465490 as we use arc4random(9) for random number, we no longer need to reseed random 
number.  noted by rwatson@freebsd
 2004-08-27 04:56:16 +00:00
itojun
19dd3c9508 send error up when error happens during SADB_UPDATE. kame-pr-785 2004-08-03 15:53:03 +00:00
yamt
388343e340 key_sendup0: prepend a promisc header only for a mbuf given as a function arg. 
mbufs on kp_queue already have their complete headers.
 2004-07-24 09:15:56 +00:00
yamt
133bbf0b79 key_receive: pull packets from kp_queue. 
otherwise a receiver can sleep on empty so_rcv
while having packets on kp_queue.

ok'ed by itojun.
 2004-07-24 09:14:52 +00:00
yamt
da6f02930b key_sendup0: add a missing sorwakeup(). 
ok'ed by itojun.
 2004-07-08 10:42:41 +00:00
itojun
caf5cb18b4 avoid null pointer deref 
remove wrong comment
yamt@netbsd
 2004-06-01 03:05:26 +00:00
itojun
25f8b7acdc recover kp_queue properly. yamt 2004-06-01 02:01:14 +00:00
itojun
78bf2102d3 correct kp_queue handling. yamt 2004-05-31 11:40:40 +00:00
itojun
e58a39bab9 need to fix kp_queue better... 2004-05-31 09:20:38 +00:00
itojun
4516a4dc00 on EAGAIN, set kp_queue again for the next wakeup. pointed out by yamt 2004-05-31 09:06:36 +00:00
itojun
7bd231952e safer key_{spd,}dump. comment from yamt. 
XXX is spl level ok?
 2004-05-31 04:29:01 +00:00
itojun
2cb6995056 dump/spddump can now handle tons of records. 2004-05-26 02:59:15 +00:00
yamt
c9290b239d key_sp_unlink: decrement refcnt of the policy only if it was chained. 
otherwise SADB_X_SPDDELETE2 and SADB_X_SPDFLUSH can free per-pcb policies
erroneously.  it's the identical with what kame repository has.

ok'ed by itojun@
 2004-05-10 09:30:23 +00:00
itojun
23973135aa fix key_mature for tcp md5 signature 2004-04-26 04:39:17 +00:00
itojun
06dd2ce65c add missing "break" 2004-04-26 04:00:06 +00:00
itojun
e0395ac8f0 make TCP MD5 signature work with KAME IPSEC (#define IPSEC). 
support IPv6 if KAME IPSEC (RFC is not explicit about how we make data stream
for checksum with IPv6, but i'm pretty sure using normal pseudo-header is the
right thing).

XXX
current TCP MD5 signature code has giant flaw:
it does not validate signature on input (can't believe it! what is the point?)
 2004-04-26 03:54:28 +00:00
matt
e06794e93a Remove #else of #if __STDC__ 2004-04-26 01:41:15 +00:00
matt
e50668c7fa Constify protosw arrays. This can reduce the kernel .data section by 
over 4K (if all the network protocols) are loaded.
 2004-04-22 01:01:40 +00:00
matt
58011725c3 Use M_ZERO appropriately. 2004-04-18 23:33:58 +00:00
itojun
25b85e1925 fixed a memory leak (refcnt) in #ifdef IPSEC_DOSEQCHECK portion 2004-04-12 07:50:56 +00:00