d/freebsd-nq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
8922ddbe40
freebsd-nq/sys/netinet
History
Andrey V. Elsukov 8922ddbe40 Move ip_ipsec_fwd() from ip_input() into ip_forward(). 
Remove check for presence PACKET_TAG_IPSEC_IN_DONE mbuf tag from
ip_ipsec_fwd(). PACKET_TAG_IPSEC_IN_DONE tag means that packet is
already handled by IPSEC code. This means that before IPSEC processing
it was destined to our address and security policy was checked in
the ip_ipsec_input(). After IPSEC processing packet has new IP
addresses and destination address isn't our own. So, anyway we can't
check security policy from the mbuf tag, because it corresponds
to different addresses.

We should check security policy that corresponds to packet
attributes in both cases - when it has a mbuf tag and when it has not.

Obtained from:	Yandex LLC
Sponsored by:	Yandex LLC
2014-12-11 16:53:29 +00:00
..
cc Remove SYSCTL_VNET_* macros, and simply put CTLFLAG_VNET where needed. 2014-11-07 09:39:05 +00:00
khelp
libalias
accf_data.c
accf_dns.c In preparation of merging projects/sendfile, transform bare access to 2014-11-12 09:57:15 +00:00
accf_http.c In preparation of merging projects/sendfile, transform bare access to 2014-11-12 09:57:15 +00:00
cc.h
icmp6.h
icmp_var.h Remove more constants related to static sysctl nodes. The MAXID constants 2014-02-25 18:44:33 +00:00
if_atm.c
if_atm.h
if_ether.c Do not return unlocked/unreferenced lle in arpresolve/nd6_storelladdr - 2014-11-27 23:06:25 +00:00
if_ether.h Do not return unlocked/unreferenced lle in arpresolve/nd6_storelladdr - 2014-11-27 23:06:25 +00:00
igmp_var.h Merge 'struct ip6protosw' and 'struct protosw' into one. Now we have 2014-08-08 01:57:15 +00:00
igmp.c Remove SYSCTL_VNET_* macros, and simply put CTLFLAG_VNET where needed. 2014-11-07 09:39:05 +00:00
igmp.h
in_cksum.c
in_debug.c
in_gif.c Remove SYSCTL_VNET_* macros, and simply put CTLFLAG_VNET where needed. 2014-11-07 09:39:05 +00:00
in_gif.h Overhaul if_gif(4): 2014-10-14 13:31:47 +00:00
in_kdtrace.c
in_kdtrace.h
in_mcast.c Only define the full inm_print() if KTR_IGMPV3 is enabled at compile time. 2014-09-30 17:26:34 +00:00
in_pcb.c Renove faith(4) and faithd(8) from base. It looks like industry 2014-11-09 21:33:01 +00:00
in_pcb.h Start process of removing the use of the deprecated "M_FLOWID" flag 2014-12-01 11:45:24 +00:00
in_pcbgroup.c Introduce INP6_PCBHASHKEY macro. Replace usage of hardcoded part of 2014-09-10 12:35:42 +00:00
in_proto.c Finish r274118: remove useless fields from struct domain. 2014-11-06 14:39:04 +00:00
in_rmx.c Kill custom in_matroute() radix mathing function removing one rte mutex lock. 2014-11-11 02:52:40 +00:00
in_rss.c Start process of removing the use of the deprecated "M_FLOWID" flag 2014-12-01 11:45:24 +00:00
in_rss.h Implement IPv4 RSS software hash functions to use during packet ingress 2014-09-09 03:10:21 +00:00
in_systm.h
in_var.h Kill custom in_matroute() radix mathing function removing one rte mutex lock. 2014-11-11 02:52:40 +00:00
in.c Remove SYSCTL_VNET_* macros, and simply put CTLFLAG_VNET where needed. 2014-11-07 09:39:05 +00:00
in.h Kill custom in_matroute() radix mathing function removing one rte mutex lock. 2014-11-11 02:52:40 +00:00
ip6.h Eliminate use of M_EXT in IP6_EXTHDR_CHECK() by trimming a redundant 2014-10-05 06:28:53 +00:00
ip_carp.c Remove SYSCTL_VNET_* macros, and simply put CTLFLAG_VNET where needed. 2014-11-07 09:39:05 +00:00
ip_carp.h Merge 'struct ip6protosw' and 'struct protosw' into one. Now we have 2014-08-08 01:57:15 +00:00
ip_divert.c Update ip_divert.ko to depend on version 3 of ipfw. 2014-10-11 16:08:54 +00:00
ip_divert.h
ip_dummynet.h ECN marking implenetation for dummynet. 2014-06-01 07:28:24 +00:00
ip_ecn.c
ip_ecn.h
ip_encap.c Merge 'struct ip6protosw' and 'struct protosw' into one. Now we have 2014-08-08 01:57:15 +00:00
ip_encap.h Merge 'struct ip6protosw' and 'struct protosw' into one. Now we have 2014-08-08 01:57:15 +00:00
ip_fastfwd.c Remove kernel handling of ICMP_SOURCEQUENCH. 2014-11-10 23:10:01 +00:00
ip_fw.h Fix matching default rule on clear/show commands. 2014-10-13 13:49:28 +00:00
ip_gre.c Overhaul if_gre(4). 2014-11-07 19:13:19 +00:00
ip_icmp.c Remove route chaching support from ipsec code. It isn't used for some time. 2014-12-02 04:20:50 +00:00
ip_icmp.h Merge 'struct ip6protosw' and 'struct protosw' into one. Now we have 2014-08-08 01:57:15 +00:00
ip_id.c
ip_input.c Move ip_ipsec_fwd() from ip_input() into ip_forward(). 2014-12-11 16:53:29 +00:00
ip_ipsec.c Move ip_ipsec_fwd() from ip_input() into ip_forward(). 2014-12-11 16:53:29 +00:00
ip_ipsec.h Remove PACKET_TAG_IPSEC_IN_DONE mbuf tag lookup and usage of its 2014-12-11 14:58:55 +00:00
ip_mroute.c Remove SYSCTL_VNET_* macros, and simply put CTLFLAG_VNET where needed. 2014-11-07 09:39:05 +00:00
ip_mroute.h
ip_options.c Use generic SYSCTL_* macro instead of deprecated SYSCTL_VNET_*. 2014-09-15 14:43:58 +00:00
ip_options.h Make net.inet.ip.sourceroute, net.inet.ip.accept_sourceroute, and 2014-09-15 07:20:40 +00:00
ip_output.c Start process of removing the use of the deprecated "M_FLOWID" flag 2014-12-01 11:45:24 +00:00
ip_var.h Add a flag to ip_output() - IP_NODEFAULTFLOWID - which prevents it from 2014-09-09 00:19:02 +00:00
ip.h
pim_var.h Merge 'struct ip6protosw' and 'struct protosw' into one. Now we have 2014-08-08 01:57:15 +00:00
pim.h
raw_ip.c Remove SYSCTL_VNET_* macros, and simply put CTLFLAG_VNET where needed. 2014-11-07 09:39:05 +00:00
sctp_asconf.c Address another warnings reported by Patrick Laimbock when compiling 2014-09-07 17:07:19 +00:00
sctp_asconf.h
sctp_auth.c Use a consistent type for the number of HMAC algorithms. 2014-09-16 14:20:33 +00:00
sctp_auth.h Use a consistent type for the number of HMAC algorithms. 2014-09-16 14:20:33 +00:00
sctp_bsd_addr.c
sctp_bsd_addr.h
sctp_cc_functions.c Small cleanup which addresses a warning regaring the truncation 2014-09-16 13:48:46 +00:00
sctp_constants.h Fix the handling of sysctl variables when used with VIMAGE. 2014-09-06 19:12:14 +00:00
sctp_crc32.c
sctp_crc32.h
sctp_dtrace_declare.h
sctp_dtrace_define.h
sctp_header.h Fix the reported streams in a SCTP_STREAM_RESET_EVENT, if a 2014-10-16 15:36:04 +00:00
sctp_indata.c This is the SCTP specific companion of 2014-12-04 21:17:50 +00:00
sctp_indata.h
sctp_input.c Include the received chunk padding when reporting an unknown chunk. 2014-12-06 22:57:19 +00:00
sctp_input.h Fix the reported streams in a SCTP_STREAM_RESET_EVENT, if a 2014-10-16 15:36:04 +00:00
sctp_lock_bsd.h
sctp_os_bsd.h Do the renaming of sb_cc to sb_ccc in a way with less code changes by 2014-12-02 20:29:29 +00:00
sctp_os.h
sctp_output.c This is the SCTP specific companion of 2014-12-04 21:17:50 +00:00
sctp_output.h Ensure that the list of streams sent in a stream reset parameter fits 2014-10-08 15:30:59 +00:00
sctp_pcb.c This is the SCTP specific companion of 2014-12-04 21:17:50 +00:00
sctp_pcb.h Do the renaming of sb_cc to sb_ccc in a way with less code changes by 2014-12-02 20:29:29 +00:00
sctp_peeloff.c Add support for the SCTP_AUTH_SUPPORTED and SCTP_ASCONF_SUPPORTED 2014-08-12 11:30:16 +00:00
sctp_peeloff.h
sctp_ss_functions.c
sctp_structs.h This is the SCTP specific companion of 2014-12-04 21:17:50 +00:00
sctp_syscalls.c Avoid dynamic syscall overhead for statically compiled modules. 2014-10-26 19:42:44 +00:00
sctp_sysctl.c Don't zero the stats before they are read out. 2014-11-01 10:35:45 +00:00
sctp_sysctl.h Fix the handling of sysctl variables when used with VIMAGE. 2014-09-06 19:12:14 +00:00
sctp_timer.c Add support for the SCTP_PR_SUPPORTED socket option as specified in 2014-08-02 21:36:40 +00:00
sctp_timer.h
sctp_uio.h Add support for the SCTP_PR_STREAM_STATUS and SCTP_PR_ASSOC_STATUS 2014-08-13 15:50:16 +00:00
sctp_usrreq.c Fix the support of mapped IPv4 addresses. 2014-12-06 20:00:08 +00:00
sctp_var.h Do the renaming of sb_cc to sb_ccc in a way with less code changes by 2014-12-02 20:29:29 +00:00
sctp.h Add support for the SCTP_PR_STREAM_STATUS and SCTP_PR_ASSOC_STATUS 2014-08-13 15:50:16 +00:00
sctputil.c Fix the support of mapped IPv4 addresses. 2014-12-06 20:00:08 +00:00
sctputil.h Do the renaming of sb_cc to sb_ccc in a way with less code changes by 2014-12-02 20:29:29 +00:00
siftr.c In preparation of merging projects/sendfile, transform bare access to 2014-11-12 09:57:15 +00:00
tcp_debug.c
tcp_debug.h
tcp_fsm.h
tcp_hostcache.c Remove SYSCTL_VNET_* macros, and simply put CTLFLAG_VNET where needed. 2014-11-07 09:39:05 +00:00
tcp_hostcache.h Add scope zone id to the in_endpoints and hc_metrics structures. 2014-09-10 16:26:18 +00:00
tcp_input.c Start process of removing the use of the deprecated "M_FLOWID" flag 2014-12-01 11:45:24 +00:00
tcp_lro.c
tcp_lro.h
tcp_offload.c
tcp_offload.h
tcp_output.c In preparation of merging projects/sendfile, transform bare access to 2014-11-12 09:57:15 +00:00
tcp_reass.c Merge from projects/sendfile: extend protocols API to support 2014-11-30 13:24:21 +00:00
tcp_sack.c Remove SYSCTL_VNET_* macros, and simply put CTLFLAG_VNET where needed. 2014-11-07 09:39:05 +00:00
tcp_seq.h
tcp_subr.c Remove kernel handling of ICMP_SOURCEQUENCH. 2014-11-10 23:10:01 +00:00
tcp_syncache.c Start process of removing the use of the deprecated "M_FLOWID" flag 2014-12-01 11:45:24 +00:00
tcp_syncache.h
tcp_timer.c Fix a race condition in TCP timewait between tcp_tw_2msl_reuse() and 2014-10-30 08:53:56 +00:00
tcp_timer.h Fix a race condition in TCP timewait between tcp_tw_2msl_reuse() and 2014-10-30 08:53:56 +00:00
tcp_timewait.c Remove SYSCTL_VNET_* macros, and simply put CTLFLAG_VNET where needed. 2014-11-07 09:39:05 +00:00
tcp_usrreq.c Merge from projects/sendfile: 2014-11-30 13:43:52 +00:00
tcp_var.h Re-introduce padding fields removed with r264321 to keep 2014-11-17 14:56:02 +00:00
tcp.h
tcpip.h
toecore.c Do not return unlocked/unreferenced lle in arpresolve/nd6_storelladdr - 2014-11-27 23:06:25 +00:00
toecore.h
toeplitz.c Several years after initial development, merge prototype support for 2014-03-15 00:57:50 +00:00
toeplitz.h Several years after initial development, merge prototype support for 2014-03-15 00:57:50 +00:00
udp_usrreq.c MFp4: @181627 2014-12-06 02:59:59 +00:00
udp_var.h Add context pointer and source address to the UDP tunnel callback 2014-10-10 06:08:59 +00:00
udp.h
udplite.h Add support for UDP-Lite protocol (RFC 3828) to IPv4 and IPv6 stacks. 2014-04-07 01:53:03 +00:00