Age | Commit message (Collapse) | Author |
|
|
|
security properties of the packets to be pushed up to the application
(not done yet). Eventually, this will be turned into a packet
attributes framework.
Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS)
does weird things with mbufs.
|
|
|
|
|
|
|
|
Bear in mind, you will need to recompile both isakmpd/ipsecadm and
your kernel --- otherwise things won't work together.
Naturally, all these changes will not be folded into -STABLE, since
they would break binary compatibility.
|
|
if mastering isn't enabled, scream
document netsec rev A workaround
|
|
isn't always enabled. (CSR & IER) == 0, means not to claim the intr.
deraadt ok
|
|
|
|
|
|
size_t on printf (cast to u_long and use %lu)
|
|
- temporary workaround for netsec hifn7751 rev A: half the amount of memory
because two of the address lines were left floating (better memory check
coming soon).
|
|
|
|
|
|
|
|
|
|
the length in the descriptors (which is sometimes 0!).
|
|
(similiar to what's in ubsec)
|
|
|
|
|
|
the original packet.
|
|
computing the length of a destination buffer in the callback since hifn always
writes in multiples of 4 bytes (and AH can produce non-nice packets)
|
|
the allocation size to determine the length of a destination buffer
|
|
|
|
|
|
(falls under the category of compute it once and use it).
- just copy the computed masks in hifn_write_command()
- remove the now unnecessary flags field from hifn_command
|
|
hifn_build_command() middle layer for building the command descriptor
- remove an unnecessary assignment in hifn_process()
|
|
unlock secret is all 0's as well, my, what a coincidence!
|
|
- recompute destination length from destination descriptors and reclaim the
destination ring there.
|
|
- remove some debugging code
- fix arguments to last call to crypto_register()
- for sram boards, only check 1mb of ram
- when the rings are full, call the crp->callback with crp->crp_etype == ENOMEM
so it can clean up, then return 0
- some KNF
|
|
enabling interrupts when the command queue has more than one entry.
- fix comment on hifn_newsession to reflect reality
- allocate session structure in softc
- compute a random IV when a session is created and try to chain from a
software kept IV for subsequent packets
- add handling of CRD_F_EXPLICIT
|
|
|
|
300 clock penalty on key upload)
XXX hifn_freesession should probably zot the keys from context ram but
XXX does not yet.
|
|
register as supporting MD5_HMAC96 and SHA1_HMAC96
use the correct bit (HIFN_MAC_CMD_NEW_KEY) when checking the mac_cmd mask
don't append the mac result to the dest buffer, add it to the result buffer
remove incorrect source count calculation involving mac length
add order checking to hifn_process so that we can verify the request is
possible given the ordering of processing units within the hifn.
correct hifn_callback()'s handling of mac checking and copy the computed
mac into the right place in the mbuf.
|
|
Make sure to skip over zero length mbufs when building the pa/len array
Correct some of the comments to reflect reality
Fix sanity checking of the device based on the 'sid'
|
|
|
|
|
|
(results/bytes) as well as "ring full" and "other" errors
rework hifn_process so that in the event of a ring full or other error,
the error type is set in the descriptor and the callback is executed.
|
|
- remove all ability to block (no more tsleep/wakeup)
|
|
being more intelligent about allocation in the future.
|
|
o register the hifn as handling DES and 3DES (no md5 or sha1 yet) depending
on whether the board is unlocked (none, half, or full)
o Fix many KNF nits
o print the amount of memory correctly and don't print the number of sessions
o set command and result buffer sizes correctly
o reclaim the descriptor rings so new commands and buffers can be added
o remove some bogus checks on the command buffer
o add new variables mac_process_len and crypt_process_len to hifn_command_t
o fix calculation in hifn_mbuf to generate the pa/len array for src/dst
o simplify the code for setting up the jump descriptor
o rework the hifn_intr routine to interrupt at IPL_IMP and simplify it's
results processing
o more to come...
|
|
|
|
|
|
the result descriptor (the command descriptor has an extra bit, but it
gets blown away in transit).
|
|
For round robin requests, use one static variable and hifn_cd to decide
the next device to use.
|
|
Attempt to figure out how much context ram is on the board (known to work
with sram boards).
From the amount of ram & other configuration, figure out how many sessions
are available for storage.
|
|
|
|
|
|
|
|
|