freebsd-skq/sys/netinet
ume 373abd9403 - cleanup SP refcnt issue.
- share policy-on-socket for listening socket.
- don't copy policy-on-socket at all.  secpolicy no longer contain
  spidx, which saves a lot of memory.
- deep-copy pcb policy if it is an ipsec policy.  assign ID field to
  all SPD entries.  make it possible for racoon to grab SPD entry on
  pcb.
- fixed the order of searching SA table for packets.
- fixed to get a security association header.  a mode is always needed
  to compare them.
- fixed that the incorrect time was set to
  sadb_comb_{hard|soft}_usetime.
- disallow port spec for tunnel mode policy (as we don't reassemble).
- an user can define a policy-id.
- clear enc/auth key before freeing.
- fixed that the kernel crashed when key_spdacquire() was called
  because key_spdacquire() had been implemented imcopletely.
- preparation for 64bit sequence number.
- maintain ordered list of SA, based on SA id.
- cleanup secasvar management; refcnt is key.c responsibility;
  alloc/free is keydb.c responsibility.
- cleanup, avoid double-loop.
- use hash for spi-based lookup.
- mark persistent SP "persistent".
  XXX in theory refcnt should do the right thing, however, we have
  "spdflush" which would touch all SPs.  another solution would be to
  de-register persistent SPs from sptree.
- u_short -> u_int16_t
- reduce kernel stack usage by auto variable secasindex.
- clarify function name confusion.  ipsec_*_policy ->
  ipsec_*_pcbpolicy.
- avoid variable name confusion.
  (struct inpcbpolicy *)pcb_sp, spp (struct secpolicy **), sp (struct
  secpolicy *)
- count number of ipsec encapsulations on ipsec4_output, so that we
  can tell ip_output() how to handle the packet further.
- When the value of the ul_proto is ICMP or ICMPV6, the port field in
  "src" of the spidx specifies ICMP type, and the port field in "dst"
  of the spidx specifies ICMP code.
- avoid from applying IPsec transport mode to the packets when the
  kernel forwards the packets.

Tested by:	nork
Obtained from:	KAME
2003-11-04 16:02:05 +00:00
..
libalias Grrr...add the Skinny alias code forgotten in the last commit. 2003-09-23 07:42:33 +00:00
accf_data.c Remove so*_locked(), which were backed out by mistake. 2002-06-18 07:42:02 +00:00
accf_http.c Remove so*_locked(), which were backed out by mistake. 2002-06-18 07:42:02 +00:00
icmp6.h revert following unwanted changes: 2003-10-25 10:57:08 +00:00
icmp_var.h
if_atm.c Locking for updates to routing table entries. Each rtentry gets a mutex 2003-10-04 03:44:50 +00:00
if_atm.h
if_ether.c Replace the if_name and if_unit members of struct ifnet with new members 2003-10-31 18:32:15 +00:00
if_ether.h Update netisr handling; Each SWI now registers its queue, and all queue 2003-03-04 23:19:55 +00:00
igmp_var.h
igmp.c Remove redundant initialization of rti; SLIST_FOREACH does that for 2003-08-28 22:15:05 +00:00
igmp.h
in_cksum.c
in_gif.c add ECN support in layer-3. 2003-10-29 15:07:04 +00:00
in_gif.h - fix typo in comment. 2003-10-07 17:46:18 +00:00
in_pcb.c - cleanup SP refcnt issue. 2003-11-04 16:02:05 +00:00
in_pcb.h correct tab and order. 2003-10-24 19:51:49 +00:00
in_proto.c hookup ctlinput for fast ipsec versions of esp+ah protocols 2003-10-03 22:06:36 +00:00
in_rmx.c Remove bogus RTFREE that was added in rev 1.47. The rmx code operates 2003-11-03 06:11:44 +00:00
in_systm.h
in_var.h Move from a custom-crafted singly-linked list to the SLIST_* macros 2003-08-20 17:09:01 +00:00
in.c Correct rev 1.56 which (incorrectly) reversed the test used to 2003-11-03 03:22:39 +00:00
in.h correct namespace pollution. 2003-10-25 09:37:10 +00:00
ip6.h revert following unwanted changes: 2003-10-25 10:57:08 +00:00
ip_divert.c Replace the if_name and if_unit members of struct ifnet with new members 2003-10-31 18:32:15 +00:00
ip_dummynet.c Replace the if_name and if_unit members of struct ifnet with new members 2003-10-31 18:32:15 +00:00
ip_dummynet.h place some kernel-specific data structures under #ifdef _KERNEL 2003-10-03 20:58:56 +00:00
ip_ecn.c add ECN support in layer-3. 2003-10-29 15:07:04 +00:00
ip_ecn.h add ECN support in layer-3. 2003-10-29 15:07:04 +00:00
ip_encap.c Remove unused variables. 2003-06-01 09:20:38 +00:00
ip_encap.h
ip_flow.c Locking for updates to routing table entries. Each rtentry gets a mutex 2003-10-04 03:44:50 +00:00
ip_flow.h add locking 2003-09-01 05:12:36 +00:00
ip_fw2.c Replace the if_name and if_unit members of struct ifnet with new members 2003-10-31 18:32:15 +00:00
ip_fw.h Replace the if_name and if_unit members of struct ifnet with new members 2003-10-31 18:32:15 +00:00
ip_gre.c Finish driving a stake through the heart of netns and the associated 2003-03-05 19:24:24 +00:00
ip_gre.h de-__P(). 2002-10-16 22:27:27 +00:00
ip_icmp.c Introduce the notion of "persistent mbuf tags"; these are tags that stay 2003-10-29 05:40:07 +00:00
ip_icmp.h Add comments regarding the ICMP timestamp fields. 2003-03-21 15:28:10 +00:00
ip_id.c
ip_input.c - cleanup SP refcnt issue. 2003-11-04 16:02:05 +00:00
ip_mroute.c Replace the if_name and if_unit members of struct ifnet with new members 2003-10-31 18:32:15 +00:00
ip_mroute.h 1. Basic PIM kernel support 2003-08-07 18:16:59 +00:00
ip_output.c - cleanup SP refcnt issue. 2003-11-04 16:02:05 +00:00
ip_var.h Lock ip forwarding route cache. While we're at it, remove the global 2003-10-14 19:19:12 +00:00
ip.h add ECN support in layer-3. 2003-10-29 15:07:04 +00:00
ipprotosw.h
pim_var.h New PIM header files. 2003-08-07 18:17:43 +00:00
pim.h New PIM header files. 2003-08-07 18:17:43 +00:00
raw_ip.c shuffle code so we don't "continue" and miss a needed unlock operation 2003-09-17 21:13:16 +00:00
tcp_debug.c It's now sufficient to rely on a nested include of _label.h to make sure 2002-08-15 14:34:45 +00:00
tcp_debug.h make the strings for tcptimers, tanames and prurequests const to silence 2002-08-16 09:07:59 +00:00
tcp_fsm.h
tcp_input.c speedup stream socket recv handling by tracking the tail of 2003-10-28 05:47:40 +00:00
tcp_output.c - cleanup SP refcnt issue. 2003-11-04 16:02:05 +00:00
tcp_reass.c speedup stream socket recv handling by tracking the tail of 2003-10-28 05:47:40 +00:00
tcp_seq.h Unify the "send high" and "recover" variables as specified in the 2003-07-15 21:49:53 +00:00
tcp_subr.c Add an additional check to the tcp_twrecycleable function; I had 2003-11-02 07:47:03 +00:00
tcp_syncache.c - cleanup SP refcnt issue. 2003-11-04 16:02:05 +00:00
tcp_timer.c Unify the "send high" and "recover" variables as specified in the 2003-07-15 21:49:53 +00:00
tcp_timer.h Remove a panic(); if the zone allocator can't provide more timewait 2003-03-08 22:06:20 +00:00
tcp_timewait.c Add an additional check to the tcp_twrecycleable function; I had 2003-11-02 07:47:03 +00:00
tcp_usrreq.c speedup stream socket recv handling by tracking the tail of 2003-10-28 05:47:40 +00:00
tcp_var.h Add an additional check to the tcp_twrecycleable function; I had 2003-11-02 07:47:03 +00:00
tcp.h Include <sys/cdefs.h> so the visibility conditionals are available. 2002-10-02 04:22:34 +00:00
tcpip.h
udp_usrreq.c ip6_savecontrol() argument is redundant 2003-10-29 12:52:28 +00:00
udp_var.h Notify functions can destroy the pcb, so they have to return an 2002-06-14 08:35:21 +00:00
udp.h