summaryrefslogtreecommitdiff
path: root/sys/netinet/ip_ah.c
AgeCommit message (Expand)Author
2021-12-23Remove unused variables and assignments in ah and esp output.Alexander Bluhm
2021-12-23IPsec is not MP safe yet. To allow forwarding in parallel withoutAlexander Bluhm
2021-12-20Remove unused variable 'clen'.Tobias Heider
2021-12-20Use per-CPU counters for tunnel descriptor block (TDB) statistics.Vitaliy Makkoveev
2021-12-11Protect the write access to the TDB flags field with a mutex perAlexander Bluhm
2021-12-02Allow to build kernel without IPSEC or INET6 defines.Alexander Bluhm
2021-11-21Add the new `ipsec_exctdb' ipsec(4) counter to count and expose to theVitaliy Makkoveev
2021-11-11Do not call ip_deliver() recursively from IPsec. As there is noAlexander Bluhm
2021-10-25Fix use of uninitialized variable 'rpl'.Tobias Heider
2021-10-24Refactor ah_input() and ah_output() for new crypto API.Tobias Heider
2021-10-24There are more m_pullup() in IPsec input. Pass down the pointerAlexander Bluhm
2021-10-24Remove crp_etype and return errors directly from crypto_invoke()Tobias Heider
2021-10-24Pass the error of the IPsec callback to the caller. The droppedAlexander Bluhm
2021-10-23There is an m_pullup() down in AH input. As it may free or changeAlexander Bluhm
2021-10-23Retire asynchronous crypto API as it is no longer required by any driver andTobias Heider
2021-10-22Make error handling in IPsec consistent. Pass errors to the callers.Alexander Bluhm
2021-10-21Remove code to run crypto operations in a task queue. The code wasTobias Heider
2021-10-13The function crypto_dispatch() never returns an error. Make itAlexander Bluhm
2021-10-13The function ipip_output() was registered as .xf_output() xformAlexander Bluhm
2021-07-27Revert "Use per-CPU counters for tunnel descriptor block" diff.mvs
2021-07-26Use per-CPU counters for tunnel descriptor block (tdb) statistics.mvs
2021-07-26Do not queue crypto operations for IPsec. The packet entries inAlexander Bluhm
2021-07-18The IPsec authentication before decryption used a different replayAlexander Bluhm
2021-07-08The xformsw array never changes. Declare struct xformsw constantAlexander Bluhm
2021-07-08Debug printfs in encdebug were inconsistent, some missing newlinesAlexander Bluhm
2021-07-08The properties of the crypto algorithms never change. Declare themAlexander Bluhm
2021-06-18The crypto(9) framework used by IPsec runs on a kernel task thatAlexander Bluhm
2021-02-25we don't have to cast to caddr_t when calling m_copydata anymore.David Gwynne
2020-12-18Make sure the first packet of an SA has sequence number 1 (as described intobhe
2019-09-30remove the "copy function" argument to bpf_mtap_hdr.David Gwynne
2018-08-28Add per-TDB counters and a new SADB extension to export them toMartin Pieuchot
2018-07-12Introduce ipsec_output_cb() to merge duplicate code and account forMartin Pieuchot
2018-07-11Convert AH & IPcomp to ipsec_input_cb() and count drops on input.Martin Pieuchot
2018-05-09Cleanup IPsec AH error handling with consistent goto drop.Alexander Bluhm
2018-05-02Do not assume that mbufs within a chain do not have M_PKTHDR set.Alexander Bluhm
2018-03-14When processing IPsec AH packets check that the header fits intoAlexander Bluhm
2018-02-27make kernel compile again without INET6Sebastian Benoit
2018-02-07comment change only. ok bluhm@Richard Procter
2018-02-06Do some cleanup in ah_massage_headers().Alexander Bluhm
2018-02-01When processing IPsec AH packets with IP options or IPv6 extensionAlexander Bluhm
2017-11-08Make {ah,esp,ipcomp}stat use percpu counters.Visa Hankala
2017-11-06Use %s and __func__ in DPRINTF() to reduce false positive with grep(1).Martin Pieuchot
2017-08-11Remove NET_LOCK()'s argument.Martin Pieuchot
2017-05-30add sizes to free() callsTheo de Raadt
2017-02-09Put back a return that I have removed by accident.Alexander Bluhm
2017-02-07IPsec packets could be dropped unaccounted if output after cryptoAlexander Bluhm
2017-02-07Reduce the per-packet allocation costs for crypto operations (cryptop)Patrick Wildt
2017-02-07The return code of crp_callback is never checked, so it is notAlexander Bluhm
2017-01-09Grab the NET_LOCK() in various callbacks.Martin Pieuchot
2016-12-24Grab the NET_LOCK() before calling ipsp_process_done() as it ends upMartin Pieuchot