freebsd-skq/sys/netinet6
Hajimu UMEMOTO 0f9ade718d - cleanup SP refcnt issue.
- share policy-on-socket for listening socket.
- don't copy policy-on-socket at all.  secpolicy no longer contain
  spidx, which saves a lot of memory.
- deep-copy pcb policy if it is an ipsec policy.  assign ID field to
  all SPD entries.  make it possible for racoon to grab SPD entry on
  pcb.
- fixed the order of searching SA table for packets.
- fixed to get a security association header.  a mode is always needed
  to compare them.
- fixed that the incorrect time was set to
  sadb_comb_{hard|soft}_usetime.
- disallow port spec for tunnel mode policy (as we don't reassemble).
- an user can define a policy-id.
- clear enc/auth key before freeing.
- fixed that the kernel crashed when key_spdacquire() was called
  because key_spdacquire() had been implemented imcopletely.
- preparation for 64bit sequence number.
- maintain ordered list of SA, based on SA id.
- cleanup secasvar management; refcnt is key.c responsibility;
  alloc/free is keydb.c responsibility.
- cleanup, avoid double-loop.
- use hash for spi-based lookup.
- mark persistent SP "persistent".
  XXX in theory refcnt should do the right thing, however, we have
  "spdflush" which would touch all SPs.  another solution would be to
  de-register persistent SPs from sptree.
- u_short -> u_int16_t
- reduce kernel stack usage by auto variable secasindex.
- clarify function name confusion.  ipsec_*_policy ->
  ipsec_*_pcbpolicy.
- avoid variable name confusion.
  (struct inpcbpolicy *)pcb_sp, spp (struct secpolicy **), sp (struct
  secpolicy *)
- count number of ipsec encapsulations on ipsec4_output, so that we
  can tell ip_output() how to handle the packet further.
- When the value of the ul_proto is ICMP or ICMPV6, the port field in
  "src" of the spidx specifies ICMP type, and the port field in "dst"
  of the spidx specifies ICMP code.
- avoid from applying IPsec transport mode to the packets when the
  kernel forwards the packets.

Tested by:	nork
Obtained from:	KAME
2003-11-04 16:02:05 +00:00
..
ah6.h - correct signedness mixups. 2003-10-12 11:08:18 +00:00
ah_aesxcbcmac.c support AES XCBC MAC for AH. 2003-10-13 04:56:04 +00:00
ah_aesxcbcmac.h support AES XCBC MAC for AH. 2003-10-13 04:56:04 +00:00
ah_core.c - change scope to zone. 2003-10-21 20:05:32 +00:00
ah_input.c add ECN support in layer-3. 2003-10-29 15:07:04 +00:00
ah_output.c - avoid hardcoded values. 2003-10-12 12:03:25 +00:00
ah.h - correct signedness mixups. 2003-10-12 11:08:18 +00:00
dest6.c remove unused variable. 2003-10-12 15:14:33 +00:00
esp6.h
esp_aesctr.c - support AES counter mode for ESP. 2003-10-13 14:57:41 +00:00
esp_aesctr.h - support AES counter mode for ESP. 2003-10-13 14:57:41 +00:00
esp_core.c - revert to old rijndael code. new rijndael code broke gbde. 2003-10-19 21:28:34 +00:00
esp_input.c correct stat to increment. 2003-10-31 17:51:54 +00:00
esp_output.c - fix typo in comment. 2003-10-07 17:46:18 +00:00
esp_rijndael.c - support AES counter mode for ESP. 2003-10-13 14:57:41 +00:00
esp_rijndael.h - support AES counter mode for ESP. 2003-10-13 14:57:41 +00:00
esp.h - support AES counter mode for ESP. 2003-10-13 14:57:41 +00:00
frag6.c add ECN support in layer-3. 2003-10-29 15:07:04 +00:00
icmp6.c - cleanup SP refcnt issue. 2003-11-04 16:02:05 +00:00
icmp6.h
in6_cksum.c - fix typo in comments. 2003-10-08 18:26:08 +00:00
in6_gif.c add ECN support in layer-3. 2003-10-29 15:07:04 +00:00
in6_gif.h - fix typo in comments. 2003-10-08 18:26:08 +00:00
in6_ifattach.c use arc4random. 2003-10-31 16:06:05 +00:00
in6_ifattach.h nuku unused functions in6_nigroup_attach() and 2003-10-31 15:51:28 +00:00
in6_pcb.c Overhaul routing table entry cleanup by introducing a new rtexpunge 2003-10-30 23:02:51 +00:00
in6_pcb.h
in6_prefix.c return(code) -> return (code) 2003-10-06 14:02:09 +00:00
in6_prefix.h
in6_proto.c - implement lock around IPv6 reassembly, to avoid panic due to 2003-10-22 15:29:42 +00:00
in6_rmx.c Overhaul routing table entry cleanup by introducing a new rtexpunge 2003-10-30 23:02:51 +00:00
in6_src.c - update comments to refrect recent BSDs. 2003-11-04 14:08:31 +00:00
in6_var.h add management part of address selection policy described in 2003-10-30 15:29:17 +00:00
in6.c use nd6log(). 2003-11-04 14:09:37 +00:00
in6.h add management part of address selection policy described in 2003-10-30 15:29:17 +00:00
ip6_ecn.h add ECN support in layer-3. 2003-10-29 15:07:04 +00:00
ip6_forward.c - cleanup SP refcnt issue. 2003-11-04 16:02:05 +00:00
ip6_fw.c Replace the if_name and if_unit members of struct ifnet with new members 2003-10-31 18:32:15 +00:00
ip6_fw.h Replace the if_name and if_unit members of struct ifnet with new members 2003-10-31 18:32:15 +00:00
ip6_id.c add randomtab for ip6_randomflowlabel(). 2003-10-01 21:45:57 +00:00
ip6_input.c initialize in6_tmpaddrtimer_ch. 2003-10-31 15:57:02 +00:00
ip6_mroute.c Replace the if_name and if_unit members of struct ifnet with new members 2003-10-31 18:32:15 +00:00
ip6_mroute.h
ip6_output.c - cleanup SP refcnt issue. 2003-11-04 16:02:05 +00:00
ip6_var.h ip6_savecontrol() argument is redundant 2003-10-29 12:52:28 +00:00
ip6.h
ip6protosw.h - fix typo in comments. 2003-10-08 18:26:08 +00:00
ipcomp6.h
ipcomp_core.c - fix typo in comments. 2003-10-08 18:26:08 +00:00
ipcomp_input.c - typo. found by markus@openbsd 2003-10-09 18:44:54 +00:00
ipcomp_output.c sync with the latest KAME (just a cosmetic change) 2003-04-28 08:21:57 +00:00
ipcomp.h
ipsec6.h - cleanup SP refcnt issue. 2003-11-04 16:02:05 +00:00
ipsec.c - cleanup SP refcnt issue. 2003-11-04 16:02:05 +00:00
ipsec.h - cleanup SP refcnt issue. 2003-11-04 16:02:05 +00:00
mld6_var.h rename MLD6_* to MLD_*. 2003-10-31 16:07:15 +00:00
mld6.c rename MLD6_* to MLD_*. 2003-10-31 16:07:15 +00:00
nd6_nbr.c - cleanup SP refcnt issue. 2003-11-04 16:02:05 +00:00
nd6_rtr.c Switch Advanced Sockets API for IPv6 from RFC2292 to RFC3542 2003-10-24 18:26:30 +00:00
nd6.c - cleanup SP refcnt issue. 2003-11-04 16:02:05 +00:00
nd6.h use arc4random. 2003-10-31 16:06:05 +00:00
pim6_var.h
pim6.h
raw_ip6.c - cleanup SP refcnt issue. 2003-11-04 16:02:05 +00:00
raw_ip6.h
README
route6.c hide m_tag, again. 2003-10-29 12:49:12 +00:00
scope6_var.h - add dom_if{attach,detach} framework. 2003-10-17 15:46:31 +00:00
scope6.c protect sid_default and sid. 2003-10-22 15:13:36 +00:00
tcp6_var.h
udp6_output.c - cleanup SP refcnt issue. 2003-11-04 16:02:05 +00:00
udp6_usrreq.c - cleanup SP refcnt issue. 2003-11-04 16:02:05 +00:00
udp6_var.h

a note to committers about KAME tree
$FreeBSD$
KAME project


FreeBSD IPv6/IPsec tree is from KAMEproject (http://www.kame.net/).
To synchronize KAME tree and FreeBSD better today and in the future,
please understand the following:

- DO NOT MAKE COSTMETIC CHANGES.
  "Cosmetic changes" here includes tabify, untabify, removal of space at EOL,
  minor KNF items, and whatever adds more output lines on "diff freebsd kame".
  To make future synchronization easier. it is critical to preserve certain
  statements in the code.  Also, as KAME tree supports all 4 BSDs (Free, Open,
  Net, BSD/OS) in single shared tree, it is not always possible to backport
  FreeBSD changes into KAME tree.  So again, please do not make cosmetic
  changes.  Even if you think it a right thing, that will bite KAME guys badly
  during upgrade attempts, and prevent us from synchronizing two trees.
  (you don't usually make cosmetic changes against third-party code, do you?)

- REPORT CHANGES/BUGS TO KAME GUYS.
  It is not always possible for KAME guys to watch all the freebsd mailing
  list traffic, as the traffic is HUGE.  So if possible, please, inform
  kame guys of changes you made in IPv6/IPsec related portion.  Contact
  path would be snap-users@kame.net or KAME PR database on www.kame.net.
  (or to core@kame.net if it is necessary to make it confidential)

Thank you for your cooperation and have a happy IPv6 life!


Note: KAME-origin code is in the following locations.
The above notice applies to corresponding manpages too.
The list may not be complete.  If you see $KAME$ in the code, it is from
KAME distribution.  If you see some file that is IPv6/IPsec related, it is
highly possible that the file is from KAME distribution.

include/ifaddrs.h
lib/libc/net
lib/libc/net/getaddrinfo.c
lib/libc/net/getifaddrs.c
lib/libc/net/getnameinfo.c
lib/libc/net/ifname.c
lib/libc/net/ip6opt.c
lib/libc/net/map_v4v6.c
lib/libc/net/name6.c
lib/libftpio
lib/libipsec
sbin/ip6fw
sbin/ping6
sbin/rtsol
share/doc/IPv6
share/man/man4/ip6.4
share/man/man4/inet6.4
sys/crypto (except sys/crypto/rc4)
sys/kern/uipc_mbuf2.c
sys/net/if_faith.[ch]
sys/net/if_gif.[ch]
sys/net/if_stf.[ch]
sys/net/pfkeyv2.h
sys/netinet/icmp6.h
sys/netinet/in_gif.[ch]
sys/netinet/ip6.h
sys/netinet/ip_encap.[ch]
sys/netinet6
sys/netkey
usr.sbin/faithd
usr.sbin/gifconfig
usr.sbin/ifmcstat
usr.sbin/mld6query
usr.sbin/ndp
usr.sbin/pim6dd
usr.sbin/pim6sd
usr.sbin/prefix
usr.sbin/rip6query
usr.sbin/route6d
usr.sbin/rrenumd
usr.sbin/rtadvd
usr.sbin/rtsold
usr.sbin/scope6config
usr.sbin/setkey
usr.sbin/traceroute6