summaryrefslogtreecommitdiff
path: root/sys/netinet/ip_esp.c
AgeCommit message (Expand)Author
2022-05-03Retire CRYPTO_F_MPSAFE it is no longer of any use. The crypto frameworkClaudio Jeker
2022-01-20Shifting signed integers left by 31 is undefined behavior in C.Alexander Bluhm
2021-12-23Remove unused variables and assignments in ah and esp output.Alexander Bluhm
2021-12-23IPsec is not MP safe yet. To allow forwarding in parallel withoutAlexander Bluhm
2021-12-20Remove unused variable 'clen'.Tobias Heider
2021-12-20Use per-CPU counters for tunnel descriptor block (TDB) statistics.Vitaliy Makkoveev
2021-12-11Protect the write access to the TDB flags field with a mutex perAlexander Bluhm
2021-11-21Add the new `ipsec_exctdb' ipsec(4) counter to count and expose to theVitaliy Makkoveev
2021-11-11Do not call ip_deliver() recursively from IPsec. As there is noAlexander Bluhm
2021-11-08Use plen consistently.Tobias Heider
2021-11-04The authenticator is removed elsewhere.Tobias Heider
2021-10-24Merge esp_input_cb() intp esp_input().Tobias Heider
2021-10-24There are more m_pullup() in IPsec input. Pass down the pointerAlexander Bluhm
2021-10-24Remove 'struct tdb_crypto' allocations from esp_input() and esp_output().Tobias Heider
2021-10-24Remove crp_etype and return errors directly from crypto_invoke()Tobias Heider
2021-10-24Pass the error of the IPsec callback to the caller. The droppedAlexander Bluhm
2021-10-23There is an m_pullup() down in AH input. As it may free or changeAlexander Bluhm
2021-10-23Retire asynchronous crypto API as it is no longer required by any driver andTobias Heider
2021-10-22Make error handling in IPsec consistent. Pass errors to the callers.Alexander Bluhm
2021-10-21Remove code to run crypto operations in a task queue. The code wasTobias Heider
2021-10-21Remove duplicate variable ibytes, use plen instead.Tobias Heider
2021-10-13The function crypto_dispatch() never returns an error. Make itAlexander Bluhm
2021-10-13The function ipip_output() was registered as .xf_output() xformAlexander Bluhm
2021-07-27Revert "Use per-CPU counters for tunnel descriptor block" diff.mvs
2021-07-26Use per-CPU counters for tunnel descriptor block (tdb) statistics.mvs
2021-07-26Do not queue crypto operations for IPsec. The packet entries inAlexander Bluhm
2021-07-18The IPsec authentication before decryption used a different replayAlexander Bluhm
2021-07-16Improve comments in IPsec replay window calculation.Alexander Bluhm
2021-07-08The xformsw array never changes. Declare struct xformsw constantAlexander Bluhm
2021-07-08Debug printfs in encdebug were inconsistent, some missing newlinesAlexander Bluhm
2021-07-08The properties of the crypto algorithms never change. Declare themAlexander Bluhm
2021-07-07Fix whitespaces in IPsec code.Alexander Bluhm
2021-06-18The crypto(9) framework used by IPsec runs on a kernel task thatAlexander Bluhm
2021-02-25we don't have to cast to caddr_t when calling m_copydata anymore.David Gwynne
2020-12-18Make sure the first packet of an SA has sequence number 1 (as described intobhe
2020-12-16Use ESP sequence number as IV for AES-CTR, AES-GCM and Chacha20.tobhe
2019-09-30remove the "copy function" argument to bpf_mtap_hdr.David Gwynne
2018-08-28Add per-TDB counters and a new SADB extension to export them toMartin Pieuchot
2018-07-12Introduce ipsec_output_cb() to merge duplicate code and account forMartin Pieuchot
2018-07-11Convert AH & IPcomp to ipsec_input_cb() and count drops on input.Martin Pieuchot
2018-07-10Introduce new IPsec (per-CPU) statistics and refactor ESP inputMartin Pieuchot
2018-05-09Cleanup IPsec ESP error handling with consistent goto drop.Alexander Bluhm
2018-05-02Do not assume that mbufs within a chain do not have M_PKTHDR set.Alexander Bluhm
2017-11-08Make {ah,esp,ipcomp}stat use percpu counters.Visa Hankala
2017-11-06Use %s and __func__ in DPRINTF() to reduce false positive with grep(1).Martin Pieuchot
2017-08-11Remove NET_LOCK()'s argument.Martin Pieuchot
2017-05-30add sizes to free() callsTheo de Raadt
2017-05-02Switch OCF and IPsec over to the new AESMike Belopuhov
2017-04-06Convert bcopy to memcpy where the memory does not overlap, otherwise,David Hill
2017-02-07IPsec packets could be dropped unaccounted if output after cryptoAlexander Bluhm
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-26 19:14:23 +0000