FreeBSD src
Go to file
Hajimu UMEMOTO 0f9ade718d - cleanup SP refcnt issue.
- share policy-on-socket for listening socket.
- don't copy policy-on-socket at all.  secpolicy no longer contain
  spidx, which saves a lot of memory.
- deep-copy pcb policy if it is an ipsec policy.  assign ID field to
  all SPD entries.  make it possible for racoon to grab SPD entry on
  pcb.
- fixed the order of searching SA table for packets.
- fixed to get a security association header.  a mode is always needed
  to compare them.
- fixed that the incorrect time was set to
  sadb_comb_{hard|soft}_usetime.
- disallow port spec for tunnel mode policy (as we don't reassemble).
- an user can define a policy-id.
- clear enc/auth key before freeing.
- fixed that the kernel crashed when key_spdacquire() was called
  because key_spdacquire() had been implemented imcopletely.
- preparation for 64bit sequence number.
- maintain ordered list of SA, based on SA id.
- cleanup secasvar management; refcnt is key.c responsibility;
  alloc/free is keydb.c responsibility.
- cleanup, avoid double-loop.
- use hash for spi-based lookup.
- mark persistent SP "persistent".
  XXX in theory refcnt should do the right thing, however, we have
  "spdflush" which would touch all SPs.  another solution would be to
  de-register persistent SPs from sptree.
- u_short -> u_int16_t
- reduce kernel stack usage by auto variable secasindex.
- clarify function name confusion.  ipsec_*_policy ->
  ipsec_*_pcbpolicy.
- avoid variable name confusion.
  (struct inpcbpolicy *)pcb_sp, spp (struct secpolicy **), sp (struct
  secpolicy *)
- count number of ipsec encapsulations on ipsec4_output, so that we
  can tell ip_output() how to handle the packet further.
- When the value of the ul_proto is ICMP or ICMPV6, the port field in
  "src" of the spidx specifies ICMP type, and the port field in "dst"
  of the spidx specifies ICMP code.
- avoid from applying IPsec transport mode to the packets when the
  kernel forwards the packets.

Tested by:	nork
Obtained from:	KAME
2003-11-04 16:02:05 +00:00
bin Style. 2003-11-02 06:47:39 +00:00
contrib Remove a reference to part of the pcap API not yet merged. 2003-11-04 06:16:55 +00:00
crypto Add a missing word. 2003-10-31 21:49:47 +00:00
etc Change a bogus -n parameter to echo(1). 2003-11-03 17:03:01 +00:00
games Fix a typo: 'in cloud' -> 'in a cloud'. 2003-11-04 09:21:59 +00:00
gnu Since we do not honour the Confidential: field, and as an attempt to 2003-11-02 17:35:33 +00:00
include Add a new flag to vis(3): VIS_GLOB which encodes the glob(3) magic 2003-10-30 10:40:49 +00:00
kerberos5 The header files hdb_asn1.h, hdb_err.h, and kadm5_err.h are generated, 2003-10-10 13:12:35 +00:00
lib Pass mbrtowc() and wcrtomb() NULL instead of a pointer to a freshly zeroed 2003-11-04 11:05:55 +00:00
libexec Tidy up some xdrproc_t related warnings. 2003-10-26 04:32:53 +00:00
release Catch up with the English version: 2003-11-03 12:48:41 +00:00
rescue Temporarily disable ipfstat and ipnat in /rescue to fix world. 2003-10-31 19:48:40 +00:00
sbin In mapdirs(), do not use the `dp' inode pointer after searchdir() 2003-11-04 14:20:14 +00:00
secure Explicitly add libz and libcrypto to LDADD for any ssh utilities missing 2003-08-19 07:45:03 +00:00
share Start of new ATA man page that reflects the curretn state of art. 2003-11-04 13:16:07 +00:00
sys - cleanup SP refcnt issue. 2003-11-04 16:02:05 +00:00
tools Add a "-f" flag for asf(8) which performs a search to find the each module 2003-11-04 06:38:37 +00:00
usr.bin Be sure to restore foreground group to parent su before parent su 2003-11-04 14:51:34 +00:00
usr.sbin Add a "-f" flag for asf(8) which performs a search to find the each module 2003-11-04 06:38:37 +00:00
COPYRIGHT
MAINTAINERS I'll maintain dhclient from now on. 2003-08-01 17:54:11 +00:00
Makefile Retired the "most" and "installmost" targets -- they just 2003-10-04 18:53:38 +00:00
Makefile.inc1 Don't be so chatty about building includes. 2003-11-03 21:09:47 +00:00
README KerberosIV de-orbit burn continues. Disconnect from "make world". 2003-03-08 10:01:26 +00:00
UPDATING Add an entry dealing with the change from 'options APIC_IO' to 2003-11-03 23:02:17 +00:00

This is the top level of the FreeBSD source directory.  This file
was last revised on:
$FreeBSD$

For copyright information, please see the file COPYRIGHT in this
directory (additional copyright information also exists for some
sources in this tree - please see the specific source directories for
more information).

The Makefile in this directory supports a number of targets for
building components (or all) of the FreeBSD source tree, the most
commonly used one being ``world'', which rebuilds and installs
everything in the FreeBSD system from the source tree except the
kernel, the kernel-modules and the contents of /etc.  The
``buildkernel'' and ``installkernel'' targets build and install
the kernel and the modules (see below).  Please see the top of
the Makefile in this directory for more information on the
standard build targets and compile-time flags.

Building a kernel is a somewhat more involved process, documentation
for which can be found at:
   http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/kernelconfig.html
And in the config(8) man page.
Note: If you want to build and install the kernel with the
``buildkernel'' and ``installkernel'' targets, you might need to build
world before.  More information is available in the handbook.

The sample kernel configuration files reside in the sys/<arch>/conf
sub-directory (assuming that you've installed the kernel sources), the
file named GENERIC being the one used to build your initial installation
kernel.  The file NOTES contains entries and documentation for all possible
devices, not just those commonly used.  It is the successor of the ancient
LINT file, but in contrast to LINT, it is not buildable as a kernel but a
pure reference and documentation file.


Source Roadmap:
---------------
bin		System/user commands.

contrib		Packages contributed by 3rd parties.

crypto		Cryptography stuff (see crypto/README).

etc		Template files for /etc.

games		Amusements.

gnu		Various commands and libraries under the GNU Public License.
		Please see gnu/COPYING* for more information.

include		System include files.

kerberos5	Kerberos5 (Heimdal) package.

lib		System libraries.

libexec		System daemons.

release		Release building Makefile & associated tools.

sbin		System commands.

secure		Cryptographic libraries and commands.

share		Shared resources.

sys		Kernel sources.

tools		Utilities for regression testing and miscellaneous tasks.

usr.bin		User commands.

usr.sbin	System administration commands.


For information on synchronizing your source tree with one or more of
the FreeBSD Project's development branches, please see:

  http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/synching.html