summaryrefslogtreecommitdiff
path: root/sys/net/pfkeyv2.c
AgeCommit message (Collapse)Author
2005-06-01when dumping policies, skip those attached to a socket.Hans-Joerg Hoexer
ok ho
2005-05-28Only protect IDs by suser()Hans-Joerg Hoexer
ok ho
2005-05-27Must convert back from IPPROTO_x to SADB_SATYPE_x. hshoexer@ okHakan Olsson
2005-05-27Use export_flow() to wrap policies retrieved via sysctl in pfkey messageHans-Joerg Hoexer
ok ho markus
2005-05-25AESCTR support for ESP (RFC 3686); ok hshoexerMarkus Friedl
2005-05-24Make sure all fields in the SADB_DUMP header are zeroed properly. hshoexer@ ok.Hakan Olsson
2005-05-10support NULL encryption for ESP; ok hshoexer, hoMarkus Friedl
2005-04-04Add sysctl for dumping the SPDHans-Joerg Hoexer
ok deraadt, ok markus some time ago
2005-01-13protect pfkeyv2_dump_walker with spltdb(). Noticed by mpech@, thanks!Hans-Joerg Hoexer
ok ho@ markus@
2004-12-11SADB_X_EXT_LIFETIME_LASTUSE is always definedMarkus Friedl
2004-12-11pass out the correct lifetime type on expireMarkus Friedl
2004-12-11count SADB_REGISTER only once per socketMarkus Friedl
2004-12-10fix ipsec crash from pr 4025, Stefan Miltchev; ok hshoexer@Markus Friedl
2004-11-29tiny knf, no binary change.Hans-Joerg Hoexer
ok otto jsg henning pat markus deraadt fgs
2004-11-26implement net.key.v2.sadb_dump.{unspec,esp,ah,...} sysctl subtreeMarkus Friedl
and use sysctl for 'ipsecadm show'; ok deraadt
2004-11-19Plug memory leak. Found by pat@. Thanks!Hans-Joerg Hoexer
ok myself markus@
2004-08-10Add SADB_X_EXT_LIFETIME_LASTUSE for use with isakmpd/DPD, adding thisHakan Olsson
extends the bitmap to 64bits. Also repair SADB_GET. hshoexer@ ok.
2004-06-21don't accept SADB_X_EXT_UDPENCAP if encapsulation is disabled; ok ho@Markus Friedl
2003-12-02UDP encapsulation for ESP in transport mode (draft-ietf-ipsec-udp-encaps-XX.txt)Markus Friedl
ok deraadt@
2003-07-24conform to RFC2367 on SADB_xx naming (local name must be prefixed withJun-ichiro itojun Hagino
SADB_X_xx)
2003-07-24hmac-sha2-{256,384,512} support in AH/ESP auth. markus okJun-ichiro itojun Hagino
2003-02-16KNFTheo de Raadt
2003-02-16KNFJason Wright
2003-02-15skeleton support for LZS compressionJason Wright
2002-07-31fix potential NULL pointer deref. From: tedu <grendel@zeitbombe.org>Jun-ichiro itojun Hagino
2002-06-07Add flow type arg to import_flow()Hakan Olsson
2002-05-31Pass authentication information (if available) in ACQUIRE message.Angelos D. Keromytis
2002-03-03Fix crashes associated with SADB_GET/SADB_DUMP --- memory was notAngelos D. Keromytis
allocated on outgoing message for encryption/authentication keys --- from umaraghunath@hotmail.com
2002-02-21Correctly initialize the compression case.Angelos D. Keromytis
2002-01-23It looks like there has been one crack smoking and a few cut and pastes.Artur Grabowski
PR_FREEHEADER should not be set in pool_init by the caller. It shouldn't be set in pool_init at all. Besides, it's going away soon anyway.
2002-01-23Pool deals fairly well with physical memory shortage, but it doesn't dealArtur Grabowski
well (not at all) with shortages of the vm_map where the pages are mapped (usually kmem_map). Try to deal with it: - group all information the backend allocator for a pool in a separate struct. The pool will only have a pointer to that struct. - change the pool_init API to reflect that. - link all pools allocating from the same allocator on a linked list. - Since an allocator is responsible to wait for physical memory it will only fail (waitok) when it runs out of its backing vm_map, carefully drain pools using the same allocator so that va space is freed. (see comments in code for caveats and details). - change pool_reclaim to return if it actually succeeded to free some memory, use that information to make draining easier and more efficient. - get rid of PR_URGENT, noone uses it.
2001-08-05Actually, move the check inside the switch.Angelos D. Keromytis
2001-08-05Only flush the policies if the message type is UNSPEC.Angelos D. Keromytis
2001-07-06Indentation.Hakan Olsson
2001-07-05IPComp. angelos@ ok.Jean-Jacques Bernard-Gundol
2001-06-27Don't bzero() after doing a TAILQ_INIT()...Angelos D. Keromytis
2001-06-27Initialize acquire state list in newly allocated policy.Angelos D. Keromytis
2001-06-27Don't cache packets that hit policies -- we'll do that at the PCB forAngelos D. Keromytis
local packets.
2001-06-26Use pool(9) for IPsec policy structures.Angelos D. Keromytis
2001-06-26Keep the PFKEY sequence number at the TDB, plus a little bit of KNFAngelos D. Keromytis
2001-06-08Only delete/modify flows with the IPSP_POLICY_STATIC flag if the appropriateAngelos D. Keromytis
flag is set in the protocol message.
2001-06-08Trim some unnecessary includes.Angelos D. Keromytis
2001-06-08Fork out some of the code in pfkeyv2.c to pfkeyv2_convert.c, to makeAngelos D. Keromytis
the former more managable/readable (an almost impossible task).
2001-06-07On a pfkeyv2_get(), allocate enough room for the extra stuff we storeAngelos D. Keromytis
in the SA.
2001-06-05repair copyright notices for NRL & cmetz; cmetzTheo de Raadt
2001-06-05Make our pfkeyv2.h more RFC2367 compliant. Also fix some backwardsNiklas Hallqvist
compatibility problems in isakmpd, at least 2.8 stable can compile current isakmpd now. angelos@ ok
2001-05-30MBOX->USERFQDN, noticed by markus@Angelos D. Keromytis
2001-05-30Import/export authentication information for SA.Angelos D. Keromytis
2001-05-21Use a reference-counted structure for IPsec IDs and credentials, so weAngelos D. Keromytis
can cheaply keep copies of them at the PCB. ok deraadt@
2001-05-05Use the new M_* malloc typesAngelos D. Keromytis
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-12 01:14:19 +0000