src/sys/netipsec, branch release/8.2.0 FreeBSD source tree MFC r214565: 2010-11-13T01:28:56+00:00 Bjoern A. Zeeb bz@FreeBSD.org 2010-11-13T01:28:56+00:00 4078adbf1a91b447cc1c02bc16f571535b5c5239 Announce both IPsec and UDP Encap (NAT-T) if available for feature_present(3) checks. This will help to run-time detect and conditionally handle specific optionas of either feature in user space (i.e. in libipsec). Descriptions read by: rwatson 
  Announce both IPsec and UDP Encap (NAT-T) if available for
  feature_present(3) checks.

  This will help to run-time detect and conditionally handle specific
  optionas of either feature in user space (i.e. in libipsec).

  Descriptions read by: rwatson
MFC r214250: 2010-11-06T14:46:24+00:00 Bjoern A. Zeeb bz@FreeBSD.org 2010-11-06T14:46:24+00:00 c241774266168834304a6048ce5ea19a6351751f Make the IPsec SADB embedded route cache a union to be able to hold both the legacy and IPv6 route destination address. Previously in case of IPv6, there was a memory overwrite due to not enough space for the IPv6 address. PR: kern/122565 
  Make the IPsec SADB embedded route cache a union to be able to hold both the
  legacy and IPv6 route destination address.
  Previously in case of IPv6, there was a memory overwrite due to not enough
  space for the IPv6 address.

PR:		kern/122565
MFC r213837: 2010-10-17T09:13:47+00:00 Bjoern A. Zeeb bz@FreeBSD.org 2010-10-17T09:13:47+00:00 da559fd3e70b09d8c3c3ef5fe02892d8c0c1e056 Remove dead code: assignment to a local variable not used anywhere after that. 
  Remove dead code:
  assignment to a local variable not used anywhere after that.
MFC r213836: 2010-10-17T08:59:02+00:00 Bjoern A. Zeeb bz@FreeBSD.org 2010-10-17T08:59:02+00:00 f4c40b79094ff83459e74a4bbc5cd3401caca764 Style: make the asterisk go with the variable name, not the type. 
  Style: make the asterisk go with the variable name, not the type.
MFC r208508: 2010-07-04T12:22:17+00:00 Bjoern A. Zeeb bz@FreeBSD.org 2010-07-04T12:22:17+00:00 0cf161c648e4ceaf5a8489f0a905b77508e642c4 MFp4 @178283: Improve IPsec flow distribution for better netisr parallelism. Instead of using the pointer that would have the last bits masked in a % statement in netisr_select_cpuid() to select the queue, use the SPI. Reviewed by: rwatson 
  MFp4 @178283:

  Improve IPsec flow distribution for better netisr parallelism.
  Instead of using the pointer that would have the last bits masked in a %
  statement in netisr_select_cpuid() to select the queue, use the SPI.

  Reviewed by:  rwatson
MFC: Locks SPTREE when setting some SP entries to state DEAD. 2010-05-17T15:31:24+00:00 VANHULLEBUS Yvan vanhu@FreeBSD.org 2010-05-17T15:31:24+00:00 0b4ae73d99fc110e1d94c87536994016f5f75af7 This can prevent kernel panics when updating SPs while there is some traffic for them. Obtained from: NETASQ 
This can prevent kernel panics when updating SPs while there is
some traffic for them.

Obtained from:	NETASQ
MFC: 2010-05-12T11:49:15+00:00 VANHULLEBUS Yvan vanhu@FreeBSD.org 2010-05-12T11:49:15+00:00 6a7674ccb20393b562ff8031c43bdaa6f08d488d Set/update SA's NAT-T stuff before calling key_mature() in key_add() and key_update(), as the SA may be used as soon as key_mature() has been called Obtained from: NETASQ 
Set/update SA's NAT-T stuff before calling key_mature() in
key_add() and key_update(), as the SA may be used as soon as
key_mature() has been called

Obtained from: NETASQ
MFC r207369: 2010-05-06T06:44:19+00:00 Bjoern A. Zeeb bz@FreeBSD.org 2010-05-06T06:44:19+00:00 480d7c6c419d5be2cd82024245b354f1ee7dcb90 MFP4: @176978-176982, 176984, 176990-176994, 177441 "Whitspace" churn after the VIMAGE/VNET whirls. Remove the need for some "init" functions within the network stack, like pim6_init(), icmp_init() or significantly shorten others like ip6_init() and nd6_init(), using static initialization again where possible and formerly missed. Move (most) variables back to the place they used to be before the container structs and VIMAGE_GLOABLS (before r185088) and try to reduce the diff to stable/7 and earlier as good as possible, to help out-of-tree consumers to update from 6.x or 7.x to 8 or 9. This also removes some header file pollution for putatively static global variables. Revert VIMAGE specific changes in ipfilter::ip_auth.c, that are no longer needed. Reviewed by: jhb Discussed with: rwatson Sponsored by: The FreeBSD Foundation Sponsored by: CK Software GmbH 
  MFP4: @176978-176982, 176984, 176990-176994, 177441

  "Whitspace" churn after the VIMAGE/VNET whirls.

  Remove the need for some "init" functions within the network
  stack, like pim6_init(), icmp_init() or significantly shorten
  others like ip6_init() and nd6_init(), using static initialization
  again where possible and formerly missed.

  Move (most) variables back to the place they used to be before the
  container structs and VIMAGE_GLOABLS (before r185088) and try to
  reduce the diff to stable/7 and earlier as good as possible,
  to help out-of-tree consumers to update from 6.x or 7.x to 8 or 9.

  This also removes some header file pollution for putatively
  static global variables.

  Revert VIMAGE specific changes in ipfilter::ip_auth.c, that are
  no longer needed.

  Reviewed by:	jhb
  Discussed with:	rwatson
  Sponsored by:	The FreeBSD Foundation
  Sponsored by:	CK Software GmbH
MFC r205789: 2010-04-02T17:48:01+00:00 Bjoern A. Zeeb bz@FreeBSD.org 2010-04-02T17:48:01+00:00 ac28297bcea1608c1c81628874c5766007fb2d0a When tearing down IPsec as part of a (virtual) network stack, do not try to free the same list twice but free both the acquiring list and the security policy acquiring list. Reviewed by: anchie 
  When tearing down IPsec as part of a (virtual) network stack,
  do not try to free the same list twice but free both the
  acquiring list and the security policy acquiring list.

  Reviewed by:  anchie
MFC r199947, 199950: 2009-12-05T19:25:29+00:00 Bjoern A. Zeeb bz@FreeBSD.org 2009-12-05T19:25:29+00:00 3b558c96ce35d39e105be3bb6f42718bea3dbea9 Enable IPcomp by default. PR: kern/123587 
  Enable IPcomp by default.

PR:	kern/123587