d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
freebsd-skq/sys/netinet6
History
ae 8e6349d4bc Remove PACKET_TAG_IPSEC_IN_DONE mbuf tag lookup and usage of its 
security policy. The changed block of code in ip*_ipsec_input() is
called when packet has ESP/AH header. Presence of
PACKET_TAG_IPSEC_IN_DONE mbuf tag in the same time means that
packet was already handled by IPSEC and reinjected in the netisr,
and it has another ESP/AH headers (encrypted twice?).
Since it was already processed by IPSEC code, the AH/ESP headers
was already stripped (and probably outer IP header was stripped too)
and security policy from the tdb_ident was applied to those headers.
It is incorrect to apply this security policy to current headers.

Also make ip_ipsec_input() prototype similar to ip6_ipsec_input().

Obtained from:	Yandex LLC
Sponsored by:	Yandex LLC
2014-12-11 14:58:55 +00:00
..
dest6.c
The r48589 promised to remove implicit inclusion of if_var.h soon. Prepare
2013-10-26 17:58:36 +00:00
frag6.c
Remove ip6_getdstifaddr() and all functions to work with auxiliary data.
2014-11-08 19:38:34 +00:00
icmp6.c
Remove unneded check. No need to do m_pullup to the size that we prepended.
2014-12-02 05:41:03 +00:00
icmp6.h
in6_cksum.c
Fix the checksum computation for UDPLite/IPv6. This requires the
2014-10-02 10:32:24 +00:00
in6_gif.c
Remove SYSCTL_VNET_* macros, and simply put CTLFLAG_VNET where needed.
2014-11-07 09:39:05 +00:00
in6_gif.h
Overhaul if_gif(4):
2014-10-14 13:31:47 +00:00
in6_ifattach.c
Consistently use if_link.
2014-11-10 15:56:30 +00:00
in6_ifattach.h
Use FF02:0:0:0:0:2:FF00::/104 prefix for IPv6 Node Information Group
2013-05-04 19:16:26 +00:00
in6_mcast.c
Move ifq drain into in6m_purge().
2014-10-30 11:34:07 +00:00
in6_pcb.c
Start process of removing the use of the deprecated "M_FLOWID" flag
2014-12-01 11:45:24 +00:00
in6_pcb.h
Make in6_pcblookup_hash_locked and in6_pcbladdr static.
2014-09-10 13:17:35 +00:00
in6_pcbgroup.c
When it's time to do 4-tuple UDP IPv6 hashing, make sure this is a known
2014-07-20 07:39:54 +00:00
in6_proto.c
Renove faith(4) and faithd(8) from base. It looks like industry
2014-11-09 21:33:01 +00:00
in6_rmx.c
Kill custom in_matroute() radix mathing function removing one rte mutex lock.
2014-11-11 02:52:40 +00:00
in6_src.c
For now handle only multicast addresses, we still use routes to
2014-11-10 10:59:08 +00:00
in6_var.h
Make checks for rt_mtu generic:
2014-11-06 13:13:09 +00:00
in6.c
Remove link-local multicast routes remnants from in6_purgeaddr.
2014-11-10 16:01:31 +00:00
in6.h
Kill custom in_matroute() radix mathing function removing one rte mutex lock.
2014-11-11 02:52:40 +00:00
ip6_ecn.h
ip6_forward.c
Remove redundant call to ipsec_getpolicybyaddr().
2014-09-30 13:15:19 +00:00
ip6_gre.c
Overhaul if_gre(4).
2014-11-07 19:13:19 +00:00
ip6_id.c
Provide includes that are needed in these files, and before were read
2013-10-26 18:18:50 +00:00
ip6_input.c
Remove ip6_getdstifaddr() and all functions to work with auxiliary data.
2014-11-08 19:38:34 +00:00
ip6_ipsec.c
Remove PACKET_TAG_IPSEC_IN_DONE mbuf tag lookup and usage of its
2014-12-11 14:58:55 +00:00
ip6_ipsec.h
Fixed IPv4-in-IPv6 and IPv6-in-IPv4 IPsec tunnels.
2014-05-28 12:45:27 +00:00
ip6_mroute.c
When deciding whether to call m_pullup() even though there is adequate
2014-10-12 15:49:52 +00:00
ip6_mroute.h
revert part of r260485 which changes how part of the header gets
2014-01-09 22:41:18 +00:00
ip6_output.c
Start process of removing the use of the deprecated "M_FLOWID" flag
2014-12-01 11:45:24 +00:00
ip6_var.h
Renove faith(4) and faithd(8) from base. It looks like industry
2014-11-09 21:33:01 +00:00
ip6.h
ip6protosw.h
Merge 'struct ip6protosw' and 'struct protosw' into one. Now we have
2014-08-08 01:57:15 +00:00
mld6_var.h
mld6.c
Remove SYSCTL_VNET_* macros, and simply put CTLFLAG_VNET where needed.
2014-11-07 09:39:05 +00:00
mld6.h
nd6_nbr.c
Revert r275695: nd6_dad_find() was already correct.
2014-12-11 09:16:45 +00:00
nd6_rtr.c
Use in6_localip() instead of hand-rolled cycle.
2014-01-18 20:54:55 +00:00
nd6.c
Add refcounting to IPv6 DAD objects and simplify the DAD code to fix a
2014-12-08 04:44:40 +00:00
nd6.h
Add refcounting to IPv6 DAD objects and simplify the DAD code to fix a
2014-12-08 04:44:40 +00:00
pim6_var.h
Remove more constants related to static sysctl nodes. The MAXID constants
2014-02-25 18:44:33 +00:00
pim6.h
raw_ip6.c
Renove faith(4) and faithd(8) from base. It looks like industry
2014-11-09 21:33:01 +00:00
raw_ip6.h
Migrate structs ip6stat, icmp6stat and rip6stat to PCPU counters.
2013-07-09 09:54:54 +00:00
route6.c
The r48589 promised to remove implicit inclusion of if_var.h soon. Prepare
2013-10-26 17:58:36 +00:00
scope6_var.h
Add sa6_checkzone_ifp() function. It checks correctness of struct
2014-11-10 16:12:51 +00:00
scope6.c
Add sa6_checkzone_ifp() function. It checks correctness of struct
2014-11-10 16:12:51 +00:00
sctp6_usrreq.c
This is the SCTP specific companion of
2014-12-04 21:17:50 +00:00
sctp6_var.h
Add support for SCTP/UDP/IPV6.
2012-11-17 20:04:04 +00:00
send.c
Free mbuf in case of error.
2013-12-17 10:53:17 +00:00
send.h
tcp6_var.h
Remove __P.
2012-10-22 21:49:56 +00:00
udp6_usrreq.c
Start process of removing the use of the deprecated "M_FLOWID" flag
2014-12-01 11:45:24 +00:00
udp6_var.h
Add support for UDP-Lite protocol (RFC 3828) to IPv4 and IPv6 stacks.
2014-04-07 01:53:03 +00:00