Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
NetBSD/sys/netipsec
History
christos f18b57f7ac PR/56836: Andrew Cagney: IPv6 ESN tunneling IPcomp has corrupt header 
Always always send / expect CPI in IPcomp header

Fixes kern/56836 where an IPsec interop combining compression and
ESP|AH would fail.

Since fast ipsec, the outgoing IPcomp header has contained the
compression algorithm instead of the CPI.  Adding the
SADB_X_EXT_RAWCPI flag worked around this but ...

The IPcomp's SADB was unconditionally hashed using the compression
algorithm instead of the CPI.  This meant that an incoming packet with
a valid CPI could never match its SADB.
 		2022-10-19 21:28:02 +00:00
..
Makefile
ah.h
ah_var.h
esp.h
esp_var.h
files.netipsec Rename enc_xform_rijndael128 -> enc_xform_aes. 2020-06-30 04:14:55 +00:00
ipcomp.h
ipcomp_var.h
ipip_var.h Rename ipip_allow->ipip_spoofcheck, and add net.inet.ipsec.ipip_spoofcheck. 2018-04-22 10:25:40 +00:00
ipsec.c s/speficication/specification/ 2021-12-08 20:03:26 +00:00
ipsec.h ipsec: rename ipsec_ip_input to ipsec_ip_input_checkpolicy 2020-08-28 06:20:44 +00:00
ipsec6.h Fix ipsecif(4) IPV6_MINMTU does not work correctly. 2019-11-01 04:23:21 +00:00
ipsec_input.c Improve IPsec log when no key association found for SA. Implemented by ohishi@IIJ. 2022-08-23 09:25:10 +00:00
ipsec_mbuf.c Replace: M_MOVE_PKTHDR -> m_move_pkthdr. No functional change, since the 2018-12-22 13:11:37 +00:00
ipsec_netbsd.c Remove unnecessary inclusion of <net/netisr.h>. 2022-09-02 23:48:10 +00:00
ipsec_output.c fix various typos in comments and output/log messages. 2022-04-10 09:50:44 +00:00
ipsec_private.h Remove IPSEC_SPLASSERT_SOFTNET, it has always been a no-op. 2018-04-28 15:45:16 +00:00
ipsec_var.h - Cleanup for dynamic sysctl: 2018-08-22 01:05:21 +00:00
ipsecif.c Fix IPv6 over IPv4 ipsecif(4) uses IPv4 SP wrongly. Pointed out by ohishi@IIJ. 2020-01-31 06:54:19 +00:00
ipsecif.h Make global and per-interface ipsecif(4) pmtu tunable like gif(4). 2019-11-01 04:28:14 +00:00
key.c PR/56836: Andrew Cagney: IPv6 ESN tunneling IPcomp has corrupt header 2022-10-19 21:28:02 +00:00
key.h fix various typos in compatibility, mainly in comments. 2021-08-09 20:49:08 +00:00
key_debug.c Add sadb_x_policy_flags to inform SP origination. 2022-10-11 09:51:47 +00:00
key_debug.h PR/56841: Andrew Cagney: debug-log IPcomp CPI lookups: 2022-05-18 15:20:18 +00:00
key_var.h Add sysctl entry to improve interconnectivity to some VPN appliances, pointed out by seil-team@IIJ. 2022-08-09 08:03:22 +00:00
keydb.h s/assocciation/association/ in comment. 2021-11-10 16:55:20 +00:00
keysock.c make DPRINTF use varyadic cpp macros, and merge with IPSECLOG. 2019-06-12 22:23:50 +00:00
keysock.h fix few typos in comments and log message. 2022-02-13 22:20:08 +00:00
xform.h netipsec: Nothing uses xf_zeroize return value. Nix it. 2022-05-22 11:39:08 +00:00
xform_ah.c opencrypto: crypto_dispatch never fails now. Make it return void. 2022-05-22 11:40:29 +00:00
xform_esp.c ipsec: don't assert for the format of incoming packets 2022-05-25 04:15:44 +00:00
xform_ipcomp.c PR/56836: Andrew Cagney: IPv6 ESN tunneling IPcomp has corrupt header 2022-10-19 21:28:02 +00:00
xform_ipip.c netipsec: Nothing uses xf_zeroize return value. Nix it. 2022-05-22 11:39:08 +00:00
xform_tcp.c netipsec: Nothing uses xf_zeroize return value. Nix it. 2022-05-22 11:39:08 +00:00