freebsd-dev/sys/netinet
Guido van Rooij 2f591ab8fe Get rid of checking for ip sec history. It is true that packets are not
supposed to be checked by the firewall rules twice. However, because the
various ipsec handlers never call ip_input(), this never happens anyway.

This fixes the situation where a gif tunnel is encrypted with IPsec. In
such a case, after IPsec processing, the unencrypted contents from the
GIF tunnel are fed back to the ipintrq and subsequently handeld by
ip_input(). Yet, since there still is IPSec history attached, the
packets coming out from the gif device are never fed into the filtering
code.
This fix was sent to Itojun, and he pointed towartds
    http://www.netbsd.org/Documentation/network/ipsec/#ipf-interaction.
This patch actually implements what is stated there (specifically:
Packet came from tunnel devices (gif(4) and ipip(4)) will still
go through ipf(4). You may need to identify these packets by
using interface name directive in ipf.conf(5).

Reviewed by:	rwatson
MFC after:	3 weeks
2002-10-16 09:01:48 +00:00
..
libalias Zap now-unused SHLIB_MINOR 2002-09-28 00:25:32 +00:00
accf_data.c Remove so*_locked(), which were backed out by mistake. 2002-06-18 07:42:02 +00:00
accf_http.c Remove so*_locked(), which were backed out by mistake. 2002-06-18 07:42:02 +00:00
icmp6.h s/__attribute__((__packed__))/__packed/g 2002-09-23 06:25:08 +00:00
icmp_var.h Remove __P. 2002-03-19 21:25:46 +00:00
if_atm.c - Change the newly turned INVARIANTS #ifdef blocks (they were changed from 2002-05-21 18:52:24 +00:00
if_atm.h Remove __P. 2002-03-19 21:25:46 +00:00
if_ether.c Introduce support for Mandatory Access Control and extensible 2002-07-31 16:45:16 +00:00
if_ether.h Fixed some style bugs in the removal of __P(()). Continuation lines 2002-03-24 10:19:10 +00:00
igmp_var.h Remove __P. 2002-03-19 21:25:46 +00:00
igmp.c Replace aux mbufs with packet tags: 2002-10-16 01:54:46 +00:00
igmp.h
in_cksum.c
in_gif.c Replace aux mbufs with packet tags: 2002-10-16 01:54:46 +00:00
in_gif.h Remove __P. 2002-03-19 21:25:46 +00:00
in_pcb.c Tie new "Fast IPsec" code into the build. This involves the usual 2002-10-16 02:25:05 +00:00
in_pcb.h Tie new "Fast IPsec" code into the build. This involves the usual 2002-10-16 02:25:05 +00:00
in_proto.c Tie new "Fast IPsec" code into the build. This involves the usual 2002-10-16 02:25:05 +00:00
in_rmx.c Remove __P. 2002-03-19 21:25:46 +00:00
in_systm.h Remove __P. 2002-03-19 21:25:46 +00:00
in_var.h Fixed some style bugs in the removal of __P(()). Continuation lines 2002-03-24 10:19:10 +00:00
in.c Lock up inpcb. 2002-06-10 20:05:46 +00:00
in.h Add in_hosteq() and in_nullhost() macros to make life of developers 2002-09-04 09:55:50 +00:00
ip6.h s/__attribute__((__packed__))/__packed/g 2002-09-23 06:25:08 +00:00
ip_divert.c Replace aux mbufs with packet tags: 2002-10-16 01:54:46 +00:00
ip_dummynet.c Replace aux mbufs with packet tags: 2002-10-16 01:54:46 +00:00
ip_dummynet.h Increase the max dummynet hash size from 1024 to 65536. Default is still 2002-10-12 07:45:23 +00:00
ip_ecn.c initialize local variable explicitly 2002-04-11 02:14:21 +00:00
ip_ecn.h Remove __P. 2002-03-19 21:25:46 +00:00
ip_encap.c Replace aux mbufs with packet tags: 2002-10-16 01:54:46 +00:00
ip_encap.h Remove __P. 2002-03-19 21:25:46 +00:00
ip_flow.c s/FREE/free/ 2001-11-04 17:35:31 +00:00
ip_flow.h
ip_fw2.c Replace aux mbufs with packet tags: 2002-10-16 01:54:46 +00:00
ip_fw.c Remove (almost all) global variables that were used to hold 2002-06-22 11:51:02 +00:00
ip_fw.h One bugfix and one new feature. 2002-08-10 04:37:32 +00:00
ip_gre.c Since bpf is no longer an optional component, remove associated ifdef's. 2002-10-02 09:38:17 +00:00
ip_gre.h Add a new gre(4) driver, which could be used to create GRE (RFC1701) 2002-09-06 17:12:50 +00:00
ip_icmp.c Tie new "Fast IPsec" code into the build. This involves the usual 2002-10-16 02:25:05 +00:00
ip_icmp.h Remove __P. 2002-03-19 21:25:46 +00:00
ip_id.c Remove __P. 2002-03-19 21:25:46 +00:00
ip_input.c Get rid of checking for ip sec history. It is true that packets are not 2002-10-16 09:01:48 +00:00
ip_mroute.c Replace aux mbufs with packet tags: 2002-10-16 01:54:46 +00:00
ip_mroute.h Remove __P. 2002-03-19 21:25:46 +00:00
ip_output.c Tie new "Fast IPsec" code into the build. This involves the usual 2002-10-16 02:25:05 +00:00
ip_var.h Replace aux mbufs with packet tags: 2002-10-16 01:54:46 +00:00
ip.h o Add IPOPT_ESO for the 'Extended Security' IP option (RFC1108) 2001-12-14 19:37:32 +00:00
ipprotosw.h KSE Milestone 2 2001-09-12 08:38:13 +00:00
raw_ip.c Tie new "Fast IPsec" code into the build. This involves the usual 2002-10-16 02:25:05 +00:00
tcp_debug.c It's now sufficient to rely on a nested include of _label.h to make sure 2002-08-15 14:34:45 +00:00
tcp_debug.h make the strings for tcptimers, tanames and prurequests const to silence 2002-08-16 09:07:59 +00:00
tcp_fsm.h WARNS=n and lint(1) silencer. Declare an array of (const) strings 2002-02-03 11:57:32 +00:00
tcp_input.c Tie new "Fast IPsec" code into the build. This involves the usual 2002-10-16 02:25:05 +00:00
tcp_output.c Tie new "Fast IPsec" code into the build. This involves the usual 2002-10-16 02:25:05 +00:00
tcp_reass.c Tie new "Fast IPsec" code into the build. This involves the usual 2002-10-16 02:25:05 +00:00
tcp_seq.h Move initialization of snd_recover into tcp_sendseqinit(). 2001-11-21 18:45:51 +00:00
tcp_subr.c Tie new "Fast IPsec" code into the build. This involves the usual 2002-10-16 02:25:05 +00:00
tcp_syncache.c Tie new "Fast IPsec" code into the build. This involves the usual 2002-10-16 02:25:05 +00:00
tcp_timer.c Include <sys/mutex.h> and its prerequisite <sys/lock.h> instead of depending 2002-09-05 15:33:30 +00:00
tcp_timer.h make the strings for tcptimers, tanames and prurequests const to silence 2002-08-16 09:07:59 +00:00
tcp_timewait.c Tie new "Fast IPsec" code into the build. This involves the usual 2002-10-16 02:25:05 +00:00
tcp_usrreq.c Replace (ab)uses of "NULL" where "0" is really meant. 2002-08-22 21:24:01 +00:00
tcp_var.h Implement TCP bandwidth delay product window limiting, similar to (but 2002-08-17 18:26:02 +00:00
tcp.h Include <sys/cdefs.h> so the visibility conditionals are available. 2002-10-02 04:22:34 +00:00
tcpip.h Remove struct full_tcpiphdr{}. 2001-02-26 20:10:16 +00:00
udp_usrreq.c correct PCB locking in broadcast/multicast case that was exposed by change 2002-10-16 02:33:28 +00:00
udp_var.h Notify functions can destroy the pcb, so they have to return an 2002-06-14 08:35:21 +00:00
udp.h