summaryrefslogtreecommitdiff
path: root/sys/netinet/ipsec_input.c
AgeCommit message (Expand)Author
2022-02-22Delete unnecessary #includes of <netinet6/ip6protosw.h>: some neverPhilip Guenther
2022-01-04Add `ipsec_flows_mtx' mutex(9) to protect `ipsp_ids_*' list andYASUOKA Masahiko
2021-12-23IPsec is not MP safe yet. To allow forwarding in parallel withoutAlexander Bluhm
2021-12-22Consolidate enc_getif() lookups in IPsec input path to save one lookupTobias Heider
2021-12-20Use per-CPU counters for tunnel descriptor block (TDB) statistics.Vitaliy Makkoveev
2021-12-20Fix function name in panic string.Alexander Bluhm
2021-12-08Start documenting the locking strategy of struct tdb fields. NoteAlexander Bluhm
2021-12-02ipsec_common_input_cb() extracted the inner IP header of IPsecAlexander Bluhm
2021-12-02Allow to build kernel without IPSEC or INET6 defines.Alexander Bluhm
2021-12-01Let ipsp_spd_lookup() return an error instead of a TDB. The TDBAlexander Bluhm
2021-11-25Implement reference counting for IPsec tdbs. Not all cases areAlexander Bluhm
2021-11-21Fix whitespace and long lines.Alexander Bluhm
2021-11-11Do not call ip_deliver() recursively from IPsec. As there is noAlexander Bluhm
2021-11-01In ipsec_common_input_cb() pass mbuf pointer to pf_test() so thatAlexander Bluhm
2021-10-24Remove code duplication by merging the v4 and v6 input functionsAlexander Bluhm
2021-10-24There are more m_pullup() in IPsec input. Pass down the pointerAlexander Bluhm
2021-10-23There is an m_pullup() down in AH input. As it may free or changeAlexander Bluhm
2021-10-23Retire asynchronous crypto API as it is no longer required by any driver andTobias Heider
2021-10-22Make error handling in IPsec consistent. Pass errors to the callers.Alexander Bluhm
2021-10-13Remove redundant NULL checks in IPsec which are never reached.Alexander Bluhm
2021-10-13The function crypto_dispatch() never returns an error. Make itAlexander Bluhm
2021-10-05Cleanup the error handling in ipsec ipip_output() and consistentlyAlexander Bluhm
2021-10-05Move setting ipsec mtu into a function. The NULL and invalid checkAlexander Bluhm
2021-09-29Global variables to track initialisation behave poorly with MP.Alexander Bluhm
2021-07-27Revert "Use per-CPU counters for tunnel descriptor block" diff.mvs
2021-07-26Use per-CPU counters for tunnel descriptor block (tdb) statistics.mvs
2021-07-26Do not queue crypto operations for IPsec. The packet entries inAlexander Bluhm
2021-07-21Also count crypto errors in ipsec_input_cb() like IPsec output inAlexander Bluhm
2021-07-08Debug printfs in encdebug were inconsistent, some missing newlinesAlexander Bluhm
2021-06-18The crypto(9) framework used by IPsec runs on a kernel task thatAlexander Bluhm
2020-09-01Convert *_sysctl in ipsec_input.c to sysctl_bounded_arrgnezdo
2020-08-01Move range check inside sysctl_int_arrgnezdo
2020-06-24kernel: use gettime(9)/getuptime(9) in lieu of time_second(9)/time_uptime(9)cheloha
2020-04-23Add support for autmatically moving traffic between rdomains on ipsec(4)tobhe
2019-09-30remove the "copy function" argument to bpf_mtap_hdr.David Gwynne
2018-11-09Remove the last few XXX rdomain markers. Even those functions respect theClaudio Jeker
2018-09-14Initialize the TDB to NULL in ipsec_common_input() andRicardo Mestre
2018-08-28Add per-TDB counters and a new SADB extension to export them toMartin Pieuchot
2018-07-11Convert AH & IPcomp to ipsec_input_cb() and count drops on input.Martin Pieuchot
2018-07-10Introduce new IPsec (per-CPU) statistics and refactor ESP inputMartin Pieuchot
2018-05-14When checking the IPsec enable sysctls, ipsec_common_input() hadAlexander Bluhm
2018-05-12Cleanup IPsec common input error handling with consistent goto drop.Alexander Bluhm
2017-11-20Sprinkle some NET_ASSERT_LOCKED(), const and co to prepare runningMartin Pieuchot
2017-11-14Introduce ipsec_sysctl() and move IPsec tunables where they belong.Martin Pieuchot
2017-11-08Make {ah,esp,ipcomp}stat use percpu counters.Visa Hankala
2017-11-06Use %s and __func__ in DPRINTF() to reduce false positive with grep(1).Martin Pieuchot
2017-10-09Reduces the scope of the NET_LOCK() in sysctl(2) path.Martin Pieuchot
2017-07-05The IP in IP input function strips the outer header and reinsertsAlexander Bluhm
2017-06-19When dealing with mbuf pointers passed down as function parameters,Alexander Bluhm
2017-05-28Rename ip_local() to ip_deliver() and give it the same parametersAlexander Bluhm