d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
95,493 Commits 4 Branches 49 Tags
Commit Graph

322 Commits

Author SHA1 Message Date
ume
e0831e433f we have ppsratecheck(). 2003-10-22 19:23:51 +00:00
ume
caf3332c51 IP6Q_LOCK_CHECK -> IP6Q_LOCK_ASSERT. 
Sugested by:	sam
 2003-10-22 19:03:49 +00:00
ume
75025ec654 drop the code of HAVE_NRL_INPCB part. our system doesn't 
use NRL style INPCB.
 2003-10-22 18:52:57 +00:00
ume
b9e84a6697 pretect ip6 reassemble queue by use of mutex. 
Submitted by:	rwatson (with modification)
 2003-10-22 15:32:56 +00:00
ume
55ad7e749c - implement lock around IPv6 reassembly, to avoid panic due to 
frag6_drain (mutex version will come later).
- limit number of fragments (not fragment queues) in kernel.

Obtained from:	KAME
 2003-10-22 15:29:42 +00:00
ume
75c947372b protect sid_default and sid. 
Submitted by:	rwatson (with modification)
 2003-10-22 15:13:36 +00:00
ume
6018d9bfc9 reduce calling in6_addr2zoneid(). 2003-10-22 15:12:06 +00:00
suz
d11ff9f6a5 more strict sanity check for ESP tail 
Obtained from: KAME
 2003-10-22 10:44:59 +00:00
ume
5199c863f8 - change scope to zone. 
- change node-local to interface-local.
- better error handling of address-to-scope mapping.
- use in6_clearscope().

Obtained from:	KAME
 2003-10-21 20:05:32 +00:00
ume
1bfb498609 correct linkmtu handling. 
Obtained from:	KAME
 2003-10-20 15:27:48 +00:00
ume
8ff2c775d4 - revert to old rijndael code. new rijndael code broke gbde. 
- since aes-xcbc-mac and aes-ctr require functions in new
  rijndael code, aes-xcbc-mac and aes-ctr are disabled for now.
 2003-10-19 21:28:34 +00:00
ume
42120d22ea rtfree() must be called in lock context. 
Reported by:	jhay
 2003-10-18 17:46:23 +00:00
ume
31759c0525 nuke duplicate function and unused function. 
Obtained from:	KAME
 2003-10-17 17:50:09 +00:00
ume
89eb79f30b revert wrongly dropped null check by previous commit. 2003-10-17 17:34:31 +00:00
ume
babf2c3ec0 - add dom_if{attach,detach} framework. 
- transition to use ifp->if_afdata.

Obtained from:	KAME
 2003-10-17 15:46:31 +00:00
sam
81a0698b6a fix horribly botched MFp4 merge 2003-10-16 19:55:28 +00:00
sam
104396b82e pfil hooks can modify packet contents so check if the destination 
address has been changed when PFIL_HOOKS is enabled and, if it has,
arrange for the proper action by ip*_forward.

Submitted by:	Pyun YongHyeon
Supported by:	FreeBSD Foundation
 2003-10-16 18:57:45 +00:00
sam
5daf1cdd10 MFp4: correct locking issues in nd6_lookup 
Supported by:	FreeBSD Foundation
 2003-10-14 18:49:08 +00:00
ume
a89e9b5e91 use BF_ecb_encrypt(). 
Obtained from:	KAME
 2003-10-13 19:26:08 +00:00
ume
fd41336ef5 - support AES counter mode for ESP. 
- use size_t as return type of schedlen(), as there's no error
  check needed.
- clear key schedule buffer before freeing.

Obtained from:	KAME
 2003-10-13 14:57:41 +00:00
ume
0650be79cb support AES XCBC MAC for AH. 
Obtained from:	KAME
 2003-10-13 04:56:04 +00:00
ume
de427fb9bf - support AES XCBC MAC for AH 
- correct SADB_X_AALG_RIPEMD160HMAC to 8

Obtained from:	KAME
 2003-10-13 04:54:51 +00:00
ume
510a7d2039 include opencrypto/rmd160.h 2003-10-12 18:33:30 +00:00
ume
087c5fbdfa remove unused variable. 
Obtained from:	KAME
 2003-10-12 15:14:33 +00:00
ume
2e96368ca1 - avoid hardcoded values. 
- correct signedness mixups.
- log fix.
- preparation for 64bit sequence number.
  introduce SA id (unique ID for SA - SPI is useless as duplicated
  SPI is allowed)
- no need to malloc/free cksum buffer.

Obtained from:	KAME
 2003-10-12 12:03:25 +00:00
ume
efae2cbb66 - always check for optlen overrun. 
- panic if NULL is passed to ah_sumsiz (as we never do it,
  and callers do not properly check negative returns).

Obtained from:	KAME
 2003-10-12 11:18:04 +00:00
ume
a6ff42e2be - correct signedness mixups. 
- avoid assuming result buffer size

Obtained from:	KAME
 2003-10-12 11:08:18 +00:00
ume
b586f811af avoid hardcoding MD5 result length (16) 
Obtained from:	KAME
 2003-10-12 09:51:32 +00:00
ume
2da6bcd326 - RIPEMD160 support 
- pass size arg to ah->result (avoid assuming result buffer size)

Obtained from:	KAME
 2003-10-12 09:41:42 +00:00
ume
d8181d09cf fixed an endian bug on fragment header scanning 
Obtained from:	KAME
 2003-10-10 19:49:52 +00:00
ume
a72f1bdb76 nuke SCOPEDROUTING. Though it was there for a long time, 
it was never enabled.
 2003-10-10 16:04:00 +00:00
ume
8df937af7e switch cast128 implementation to implementation by Steve Reid; 
smaller footprint.

Obtained from:	KAME
 2003-10-10 15:06:16 +00:00
ume
4ce3fa6f53 - typo. found by markus@openbsd 
- correct signedness mixup in pointer passing.
- drop meaningless variable.

Obtained from:	KAME
 2003-10-09 18:44:54 +00:00
ume
5f396e4dfe - typo in comment 
- style
- ANSIfy
(there is no functional change.)

Obtained from:	KAME
 2003-10-09 16:13:47 +00:00
ume
cb2c1545ab - fix typo in comments. 
- style.
- NULL is not 0.
- some variables were renamed.
- nuke unused logic.
(there is no functional change.)

Obtained from:	KAME
 2003-10-08 18:26:08 +00:00
sam
5506d3b8f4 must lock route when the caller provided a route but not 
an interface; otherwise the subsequent unlock blows up

Suffered by:	Marcel Moolenaar <marcel@xcllnt.net>
Supported by:	FreeBSD Foundation
 2003-10-07 20:57:35 +00:00
ume
2a03d283e4 indent 2003-10-07 20:22:01 +00:00
ume
90f2ffba9c style and indent. no functional change. 
Obtained from:	KAME
 2003-10-07 19:51:22 +00:00
ume
399a4e7221 - fix typo in comment. 
- style.

Obtained from:	KAME
 2003-10-07 17:46:18 +00:00
ume
54458dd4e1 nuke unused CTL_IPV6PROTO_NAMES macro. 2003-10-07 17:42:31 +00:00
ume
6c1377b9ef return(code) -> return (code) 
(reduce diffs against KAME)
 2003-10-06 14:02:09 +00:00
sam
9d93fce265 Locking for updates to routing table entries. Each rtentry gets a mutex 
that covers updates to the contents.  Note this is separate from holding
a reference and/or locking the routing table itself.

Other/related changes:

o rtredirect loses the final parameter by which an rtentry reference
  may be returned; this was never used and added unwarranted complexity
  for locking.
o minor style cleanups to routing code (e.g. ansi-fy function decls)
o remove the logic to bump the refcnt on the parent of cloned routes,
  we assume the parent will remain as long as the clone; doing this avoids
  a circularity in locking during delete
o convert some timeouts to MPSAFE callouts

Notes:

1. rt_mtx in struct rtentry is guarded by #ifdef _KERNEL as user-level
   applications cannot/do-no know about mutex's.  Doing this requires
   that the mutex be the last element in the structure.  A better solution
   is to introduce an externalized version of struct rtentry but this is
   a major task because of the intertwining of rtentry and other data
   structures that are visible to user applications.
2. There are known LOR's that are expected to go away with forthcoming
   work to eliminate many held references.  If not these will be resolved
   prior to release.
3. ATM changes are untested.

Sponsored by:	FreeBSD Foundation
Obtained from:	BSD/OS (partly)
 2003-10-04 03:44:50 +00:00
ume
f89179cc1b add randomtab for ip6_randomflowlabel(). 
Obtained from:	KAME
 2003-10-01 21:45:57 +00:00
ume
dff1ad31d5 randomize IPv6 flowlabel when RANDOM_IP_ID is defined. 
Obtained from:	KAME
 2003-10-01 21:24:28 +00:00
ume
1510816eb2 use arc4random() 2003-10-01 21:10:02 +00:00
ume
57a2e3592f - include opt_random_ip_id.h 
- we don't need to obtain microtime when using ip6_randomid.
 2003-10-01 20:24:20 +00:00
ume
f0203cacdc we don't need ip6_id when RANDOM_IP_ID is defined. 2003-10-01 18:23:27 +00:00
ume
a7837fa779 include opt_random_ip_id.h 2003-10-01 17:28:42 +00:00
ume
4d9c2d35dd Don't compiled ip6_randomid() in if RANDOM_IP_ID is not defined. 2003-10-01 16:22:58 +00:00
ume
59fe55cb24 Obey RANDOM_IP_ID. 
Requested by:	sam
 2003-10-01 16:00:12 +00:00