<feed xmlns='http://www.w3.org/2005/Atom'>
<title>src/sys/netipsec/ipsec_input.c, branch releng/6.2</title>
<subtitle>FreeBSD source tree</subtitle>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/'/>
<entry>
<title>MFC</title>
<updated>2006-07-24T23:20:59+00:00</updated>
<author>
<name>Andrew Thompson</name>
<email>thompsa@FreeBSD.org</email>
</author>
<published>2006-07-24T23:20:59+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=75143f3ba4283ab55ef5120edd561f2c16d51f0b'/>
<id>75143f3ba4283ab55ef5120edd561f2c16d51f0b</id>
<content type='text'>
  Add a pseudo interface for packet filtering IPSec connections before or after
  encryption.

  r1.2         src/share/man/man4/enc.4
  r1.4         src/share/man/man4/fast_ipsec.4
  r1.1126      src/sys/conf/files
  r1.549       src/sys/conf/options
  r1.4         src/sys/net/if_enc.c
  r1.22        src/sys/net/if_types.h
  r1.12        src/sys/netipsec/ipsec.h
  r1.12        src/sys/netipsec/ipsec_input.c
  r1.12        src/sys/netipsec/ipsec_output.c
  r1.13        src/sys/netipsec/xform_ipip.c
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
  Add a pseudo interface for packet filtering IPSec connections before or after
  encryption.

  r1.2         src/share/man/man4/enc.4
  r1.4         src/share/man/man4/fast_ipsec.4
  r1.1126      src/sys/conf/files
  r1.549       src/sys/conf/options
  r1.4         src/sys/net/if_enc.c
  r1.22        src/sys/net/if_types.h
  r1.12        src/sys/netipsec/ipsec.h
  r1.12        src/sys/netipsec/ipsec_input.c
  r1.12        src/sys/netipsec/ipsec_output.c
  r1.13        src/sys/netipsec/xform_ipip.c
</pre>
</div>
</content>
</entry>
<entry>
<title>MFC: 1.10</title>
<updated>2006-06-15T16:27:15+00:00</updated>
<author>
<name>George V. Neville-Neil</name>
<email>gnn@FreeBSD.org</email>
</author>
<published>2006-06-15T16:27:15+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=1105b9542d281dcb0cc0bb4c1f837977f892d54e'/>
<id>1105b9542d281dcb0cc0bb4c1f837977f892d54e</id>
<content type='text'>
Extend the notdef #ifdef to cover the packet copy as there is no
point in doing that if we're not doing the rest of the work.

Submitted by:	thompsa
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Extend the notdef #ifdef to cover the packet copy as there is no
point in doing that if we're not doing the rest of the work.

Submitted by:	thompsa
</pre>
</div>
</content>
</entry>
<entry>
<title>/* -&gt; /*- for license, minor formatting changes</title>
<updated>2005-01-07T01:45:51+00:00</updated>
<author>
<name>Warner Losh</name>
<email>imp@FreeBSD.org</email>
</author>
<published>2005-01-07T01:45:51+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=c398230b64aea809cb7c5cea8db580af7097920c'/>
<id>c398230b64aea809cb7c5cea8db580af7097920c</id>
<content type='text'>
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
</pre>
</div>
</content>
</entry>
<entry>
<title>Apply error and success logic consistently to the function netisr_queue() and</title>
<updated>2004-08-27T18:33:08+00:00</updated>
<author>
<name>Andre Oppermann</name>
<email>andre@FreeBSD.org</email>
</author>
<published>2004-08-27T18:33:08+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=3161f583cab80c7b985abc00c709427f05f0acba'/>
<id>3161f583cab80c7b985abc00c709427f05f0acba</id>
<content type='text'>
its users.

netisr_queue() now returns (0) on success and ERRNO on failure.  At the
moment ENXIO (netisr queue not functional) and ENOBUFS (netisr queue full)
are supported.

Previously it would return (1) on success but the return value of IF_HANDOFF()
was interpreted wrongly and (0) was actually returned on success.  Due to this
schednetisr() was never called to kick the scheduling of the isr.  However this
was masked by other normal packets coming through netisr_dispatch() causing the
dequeueing of waiting packets.

PR:		kern/70988
Found by:	MOROHOSHI Akihiko &lt;moro@remus.dti.ne.jp&gt;
MFC after:	3 days
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
its users.

netisr_queue() now returns (0) on success and ERRNO on failure.  At the
moment ENXIO (netisr queue not functional) and ENOBUFS (netisr queue full)
are supported.

Previously it would return (1) on success but the return value of IF_HANDOFF()
was interpreted wrongly and (0) was actually returned on success.  Due to this
schednetisr() was never called to kick the scheduling of the isr.  However this
was masked by other normal packets coming through netisr_dispatch() causing the
dequeueing of waiting packets.

PR:		kern/70988
Found by:	MOROHOSHI Akihiko &lt;moro@remus.dti.ne.jp&gt;
MFC after:	3 days
</pre>
</div>
</content>
</entry>
<entry>
<title>MFp4: portability work, general cleanup, locking fixes</title>
<updated>2003-09-29T22:57:43+00:00</updated>
<author>
<name>Sam Leffler</name>
<email>sam@FreeBSD.org</email>
</author>
<published>2003-09-29T22:57:43+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=9ffa96777e7ffbd3565a956780e930023e71cadb'/>
<id>9ffa96777e7ffbd3565a956780e930023e71cadb</id>
<content type='text'>
change 38496
o add ipsec_osdep.h that holds os-specific definitions for portability
o s/KASSERT/IPSEC_ASSERT/ for portability
o s/SPLASSERT/IPSEC_SPLASSERT/ for portability
o remove function names from ASSERT strings since line#+file pinpints
  the location
o use __func__ uniformly to reduce string storage
o convert some random #ifdef DIAGNOSTIC code to assertions
o remove some debuggging assertions no longer needed

change 38498
o replace numerous bogus panic's with equally bogus assertions
  that at least go away on a production system

change 38502 + 38530
o change explicit mtx operations to #defines to simplify
  future changes to a different lock type

change 38531
o hookup ipv4 ctlinput paths to a noop routine; we should be
  handling path mtu changes at least
o correct potential null pointer deref in ipsec4_common_input_cb

chnage 38685
o fix locking for bundled SA's and for when key exchange is required

change 38770
o eliminate recursion on the SAHTREE lock

change 38804
o cleanup some types: long -&gt; time_t
o remove refrence to dead #define

change 38805
o correct some types: long -&gt; time_t
o add scan generation # to secpolicy to deal with locking issues

change 38806
o use LIST_FOREACH_SAFE instead of handrolled code
o change key_flush_spd to drop the sptree lock before purging
  an entry to avoid lock recursion and to avoid holding the lock
  over a long-running operation
o misc cleanups of tangled and twisty code

There is still much to do here but for now things look to be
working again.

Supported by:	FreeBSD Foundation
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
change 38496
o add ipsec_osdep.h that holds os-specific definitions for portability
o s/KASSERT/IPSEC_ASSERT/ for portability
o s/SPLASSERT/IPSEC_SPLASSERT/ for portability
o remove function names from ASSERT strings since line#+file pinpints
  the location
o use __func__ uniformly to reduce string storage
o convert some random #ifdef DIAGNOSTIC code to assertions
o remove some debuggging assertions no longer needed

change 38498
o replace numerous bogus panic's with equally bogus assertions
  that at least go away on a production system

change 38502 + 38530
o change explicit mtx operations to #defines to simplify
  future changes to a different lock type

change 38531
o hookup ipv4 ctlinput paths to a noop routine; we should be
  handling path mtu changes at least
o correct potential null pointer deref in ipsec4_common_input_cb

chnage 38685
o fix locking for bundled SA's and for when key exchange is required

change 38770
o eliminate recursion on the SAHTREE lock

change 38804
o cleanup some types: long -&gt; time_t
o remove refrence to dead #define

change 38805
o correct some types: long -&gt; time_t
o add scan generation # to secpolicy to deal with locking issues

change 38806
o use LIST_FOREACH_SAFE instead of handrolled code
o change key_flush_spd to drop the sptree lock before purging
  an entry to avoid lock recursion and to avoid holding the lock
  over a long-running operation
o misc cleanups of tangled and twisty code

There is still much to do here but for now things look to be
working again.

Supported by:	FreeBSD Foundation
</pre>
</div>
</content>
</entry>
<entry>
<title>Locking and misc cleanups; most of which I've been running for &gt;4 months:</title>
<updated>2003-09-01T05:35:55+00:00</updated>
<author>
<name>Sam Leffler</name>
<email>sam@FreeBSD.org</email>
</author>
<published>2003-09-01T05:35:55+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=6464079f103e7c50dd90d328663098eb1bbecee0'/>
<id>6464079f103e7c50dd90d328663098eb1bbecee0</id>
<content type='text'>
o add locking
o strip irrelevant spl's
o split malloc types to better account for memory use
o remove unused IPSEC_NONBLOCK_ACQUIRE code
o remove dead code

Sponsored by:	FreeBSD Foundation
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
o add locking
o strip irrelevant spl's
o split malloc types to better account for memory use
o remove unused IPSEC_NONBLOCK_ACQUIRE code
o remove dead code

Sponsored by:	FreeBSD Foundation
</pre>
</div>
</content>
</entry>
<entry>
<title>make sure the packets contains a complete inner header</title>
<updated>2003-08-13T22:36:24+00:00</updated>
<author>
<name>Sam Leffler</name>
<email>sam@FreeBSD.org</email>
</author>
<published>2003-08-13T22:36:24+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=4dbc6e51dfb79c33afa66d1911c8570ea3c12e0f'/>
<id>4dbc6e51dfb79c33afa66d1911c8570ea3c12e0f</id>
<content type='text'>
for ip{4,6}-in-ip{4,6} encapsulation; fixes panic
for truncated ip-in-ip over ipsec

Submitted by:	Markus Friedl &lt;markus@openbsd.org&gt;
Obtained from:	OpenBSD (rev 1.66 ipsec_input.c)
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
for ip{4,6}-in-ip{4,6} encapsulation; fixes panic
for truncated ip-in-ip over ipsec

Submitted by:	Markus Friedl &lt;markus@openbsd.org&gt;
Obtained from:	OpenBSD (rev 1.66 ipsec_input.c)
</pre>
</div>
</content>
</entry>
<entry>
<title>add missing copyright notices</title>
<updated>2003-03-28T20:28:05+00:00</updated>
<author>
<name>Sam Leffler</name>
<email>sam@FreeBSD.org</email>
</author>
<published>2003-03-28T20:28:05+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=aaea26ef3facd34b7916c2a5c04fe5ab7c038f78'/>
<id>aaea26ef3facd34b7916c2a5c04fe5ab7c038f78</id>
<content type='text'>
Noticed by:	Robert Watson
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
Noticed by:	Robert Watson
</pre>
</div>
</content>
</entry>
<entry>
<title>Update netisr handling; Each SWI now registers its queue, and all queue</title>
<updated>2003-03-04T23:19:55+00:00</updated>
<author>
<name>Jonathan Lemon</name>
<email>jlemon@FreeBSD.org</email>
</author>
<published>2003-03-04T23:19:55+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=1cafed3941f1a4e9d2beb4fb126e91018505dfd4'/>
<id>1cafed3941f1a4e9d2beb4fb126e91018505dfd4</id>
<content type='text'>
drain routines are done by swi_net, which allows for better queue control
at some future point.  Packets may also be directly dispatched to a netisr
instead of queued, this may be of interest at some installations, but
currently defaults to off.

Reviewed by: hsu, silby, jayanth, sam
Sponsored by: DARPA, NAI Labs
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
drain routines are done by swi_net, which allows for better queue control
at some future point.  Packets may also be directly dispatched to a netisr
instead of queued, this may be of interest at some installations, but
currently defaults to off.

Reviewed by: hsu, silby, jayanth, sam
Sponsored by: DARPA, NAI Labs
</pre>
</div>
</content>
</entry>
<entry>
<title>FAST_IPSEC fixups:</title>
<updated>2002-11-08T23:37:50+00:00</updated>
<author>
<name>Sam Leffler</name>
<email>sam@FreeBSD.org</email>
</author>
<published>2002-11-08T23:37:50+00:00</published>
<link rel='alternate' type='text/html' href='http://cgit.freebsd.org/src/commit/?id=e8539d32f07691cc34a2dea66d4d66db7e23410f'/>
<id>e8539d32f07691cc34a2dea66d4d66db7e23410f</id>
<content type='text'>
o fix #ifdef typo
o must use "bounce functions" when dispatched from the protosw table

don't know how this stuff was missed in my testing; must've committed
the wrong bits

Pointy hat:	sam
Submitted by:	"Doug Ambrisko" &lt;ambrisko@verniernetworks.com&gt;
</content>
<content type='xhtml'>
<div xmlns='http://www.w3.org/1999/xhtml'>
<pre>
o fix #ifdef typo
o must use "bounce functions" when dispatched from the protosw table

don't know how this stuff was missed in my testing; must've committed
the wrong bits

Pointy hat:	sam
Submitted by:	"Doug Ambrisko" &lt;ambrisko@verniernetworks.com&gt;
</pre>
</div>
</content>
</entry>
</feed>
