Commit Graph

27 Commits

Author SHA1 Message Date
Brooks Davis
43bc7a9c62 With exception of the if_name() macro, all definitions in net_osdep.h
were unused or already in if_var.h so add if_name() to if_var.h and
remove net_osdep.h along with all references to it.

Longer term we may want to kill off if_name() entierly since all modern
BSDs have if_xname variables rendering it unnecessicary.
2006-08-04 21:27:40 +00:00
Hajimu UMEMOTO
a1f7e5f8ee scope cleanup. with this change
- most of the kernel code will not care about the actual encoding of
  scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
  scoped addresses as a special case.
- scope boundary check will be stricter.  For example, the current
  *BSD code allows a packet with src=::1 and dst=(some global IPv6
  address) to be sent outside of the node, if the application do:
    s = socket(AF_INET6);
    bind(s, "::1");
    sendto(s, some_global_IPv6_addr);
  This is clearly wrong, since ::1 is only meaningful within a single
  node, but the current implementation of the *BSD kernel cannot
  reject this attempt.

Submitted by:	JINMEI Tatuya <jinmei__at__isl.rdc.toshiba.co.jp>
Obtained from:	KAME
2005-07-25 12:31:43 +00:00
Warner Losh
caf43b0208 /* -> /*- for license, minor formatting changes, separate for KAME 2005-01-07 02:30:35 +00:00
SUZUKI Shinsuke
3d54848fc2 support TCP-MD5(IPv4) in KAME-IPSEC, too.
MFC after: 3 week
2004-11-08 18:49:51 +00:00
Robert Watson
0029e98f37 Move the AH algorithm list from a static local function variable to
a static const global variable in ah_core.c.  This makes it more clear
that this array does not require synchronization, as well as
synchronizing the layout to the ESP algorithm list.  This is the
version of my patch that Itojun committed to the KAME tree.

Obtained from:	me, via KAME
2004-03-10 04:56:54 +00:00
Hajimu UMEMOTO
fc8f306fc1 - m_cat() may free the mbuf on 2nd arg, so m_pkthdr manipulation has
to happen before the call to m_cat().
- correct signedness mixups.
- remove variable that is only assigned too but not referenced.

Obtained from:	KAME
2003-11-15 06:18:09 +00:00
Hajimu UMEMOTO
db54001806 enable aes-xcbc-mac and aes-ctr, again. 2003-11-10 10:39:14 +00:00
Hajimu UMEMOTO
9a4f9608ad - change scope to zone.
- change node-local to interface-local.
- better error handling of address-to-scope mapping.
- use in6_clearscope().

Obtained from:	KAME
2003-10-21 20:05:32 +00:00
Hajimu UMEMOTO
9132d5071c - revert to old rijndael code. new rijndael code broke gbde.
- since aes-xcbc-mac and aes-ctr require functions in new
  rijndael code, aes-xcbc-mac and aes-ctr are disabled for now.
2003-10-19 21:28:34 +00:00
Hajimu UMEMOTO
c65ee7c758 - support AES XCBC MAC for AH
- correct SADB_X_AALG_RIPEMD160HMAC to 8

Obtained from:	KAME
2003-10-13 04:54:51 +00:00
Hajimu UMEMOTO
d5d49fe472 include opencrypto/rmd160.h 2003-10-12 18:33:30 +00:00
Hajimu UMEMOTO
83ca448c94 - always check for optlen overrun.
- panic if NULL is passed to ah_sumsiz (as we never do it,
  and callers do not properly check negative returns).

Obtained from:	KAME
2003-10-12 11:18:04 +00:00
Hajimu UMEMOTO
00c62ed413 - correct signedness mixups.
- avoid assuming result buffer size

Obtained from:	KAME
2003-10-12 11:08:18 +00:00
Hajimu UMEMOTO
0c72771dea avoid hardcoding MD5 result length (16)
Obtained from:	KAME
2003-10-12 09:51:32 +00:00
Hajimu UMEMOTO
492528c051 - RIPEMD160 support
- pass size arg to ah->result (avoid assuming result buffer size)

Obtained from:	KAME
2003-10-12 09:41:42 +00:00
Hajimu UMEMOTO
06cd0a3f97 - fix typo in comment.
- style.

Obtained from:	KAME
2003-10-07 17:46:18 +00:00
Warner Losh
a163d034fa Back out M_* changes, per decision of the TRB.
Approved by: trb
2003-02-19 05:47:46 +00:00
Alfred Perlstein
44956c9863 Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0.
Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.
2003-01-21 08:56:16 +00:00
SUZUKI Shinsuke
88ff5695c1 just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD.
(based on freebsd4-snap-20020128)

Reviewed by:	ume
MFC after:	1 week
2002-04-19 04:46:24 +00:00
Hajimu UMEMOTO
3384154590 Sync with recent KAME.
This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.

TODO:
  - The definitions of SADB_* in sys/net/pfkeyv2.h are still different
    from RFC2407/IANA assignment because of binary compatibility
    issue.  It should be fixed under 5-CURRENT.
  - ip6po_m member of struct ip6_pktopts is no longer used.  But, it
    is still there because of binary compatibility issue.  It should
    be removed under 5-CURRENT.

Reviewed by:	itojun
Obtained from:	KAME
MFC after:	3 weeks
2001-06-11 12:39:29 +00:00
Kris Kennaway
19391949fb More IP option length validation.
Includes the following revisions from KAME (two of these were actually
committed previously but the CVS revisions weren't documented):

1.40      kame/kame/sys/netinet6/ah_core.c (committed in previous rev)
1.41      kame/kame/sys/netinet6/ah_core.c
1.28      kame/kame/sys/netinet6/ah_output.c (committed in previous rev)
1.29      kame/kame/sys/netinet6/ah_output.c
1.30      kame/kame/sys/netinet6/ah_output.c
1.129     kame/kame/sys/netinet6/nd6.c
1.130     kame/kame/sys/netinet6/nd6.c
1.24      kame/kame/sys/netinet6/dest6.c
1.25      kame/kame/sys/netinet6/dest6.c

Obtained from:	KAME
2001-02-26 03:41:13 +00:00
Kris Kennaway
504d8fd040 Correct IPv4 option processing.
Submitted by:	itojun
Obtained from:	KAME
2001-02-20 03:25:50 +00:00
Archie Cobbs
8576ccb74b Fix broken const'ness in declaration of sha1_loop(). 2000-10-09 18:49:14 +00:00
Jun-ichiro itojun Hagino
686cdd19b1 sync with kame tree as of july00. tons of bug fixes/improvements.
API changes:
- additional IPv6 ioctls
- IPsec PF_KEY API was changed, it is mandatory to upgrade setkey(8).
  (also syntax change)
2000-07-04 16:35:15 +00:00
Poul-Henning Kamp
eb95c536ad Remove unneeded #include <sys/kernel.h> 2000-04-29 15:36:14 +00:00
Yoshinobu Inoue
f7d7fca7fd Prototype fix for IPsec authentication related functions
Some of IPsec authentication related functions should have
  'const' for its 2nd argument, but not now.
  But if someone try to use them, and passed const data for
  those functions, then much bogus compile warnings will be
  generated.
  So those funcs prototype should be modified.

Requested by: archie
Approved by: jkh
2000-02-10 19:35:53 +00:00
Yoshinobu Inoue
6a800098cc IPSEC support in the kernel.
pr_input() routines prototype is also changed to support IPSEC and IPV6
chained protocol headers.

Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project
1999-12-22 19:13:38 +00:00