aboutsummaryrefslogtreecommitdiff
path: root/sys/netipsec/key.c
Commit message (Expand)AuthorAgeFilesLines
* ipsec: fix race condition in key.cWojciech Macek2021-08-131-16/+37
* netipsec/key.c: Use ANSI C definition for key_random()Konstantin Belousov2021-08-101-1/+1
* ipsec: globalize lft zone and zero out buffers at allocation timeMateusz Guzik2021-06-281-12/+11
* Trigger soft lifetime expiration on sequence numberMarcin Wojtas2020-10-161-1/+6
* net: clean up empty lines in .c and .h filesMateusz Guzik2020-09-011-7/+1
* Simplify IPsec transform-specific teardown.John Baldwin2020-06-251-4/+1
* Use zfree() to explicitly zero IPsec keys.John Baldwin2020-06-251-11/+3
* Remove support for IPsec algorithms deprecated in r348205 and r360202.John Baldwin2020-05-021-12/+0
* Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many)Pawel Biernacki2020-02-261-1/+3
* netipsec: fix a mismatched uma_zfree -> uma_zfree_pcpuMateusz Guzik2020-02-121-1/+1
* Add missing new line in several log messages.Andrey V. Elsukov2019-08-091-6/+6
* netipsec key_register: check for M_NOWAIT alloc failureRyan Libby2019-06-251-1/+1
* Replace read_random(9) with more appropriate arc4rand(9) KPIsConrad Meyer2019-04-041-25/+1
* Add sadb_x_sa2 extension to SADB_ACQUIRE requests.Andrey V. Elsukov2018-10-211-1/+15
* Fix witness warning in xform_init().Andrey V. Elsukov2018-09-261-80/+1
* Use the new VNET_DEFINE_STATIC macro when we are defining static VNETAndrew Turner2018-07-241-37/+37
* uma: implement provisional api for per-cpu zonesMateusz Guzik2018-06-081-2/+2
* Temporary disable SPDCACHE statistic accounting until proper fix will beAndrey V. Elsukov2018-05-281-2/+2
* netipsec/!VIMAGE: don't declare/define spdcache_destroy on non-VIMAGE buildsMatt Macy2018-05-241-2/+4
* Add a SPD cache to speed up lookups.Fabien Thomas2018-05-221-20/+255
* Do pass removing some write-only variables from the kernel.Alexander Kabaev2017-12-251-5/+0
* Do better cleaning in key_destroy() for VIMAGE case.Andrey V. Elsukov2017-12-011-0/+19
* sys: further adoption of SPDX licensing ID tags.Pedro F. Giffuni2017-11-201-0/+2
* ipsec: Use the same keysize values for HMAC as prior to r324017Conrad Meyer2017-11-151-1/+1
* Use correct pointer in key_updateaddresses() when updating NAT-T config.Andrey V. Elsukov2017-11-031-1/+1
* Make user supplied data checks a bit stricter.Andrey V. Elsukov2017-08-091-5/+21
* When we are doing SA lookup for TCP-MD5, check both source andAndrey V. Elsukov2017-04-041-2/+4
* Fix bug in r308972 that leads to panic when non-compressed IPCompAndrey V. Elsukov2017-03-291-2/+2
* Introduce the concept of IPsec security policies scope.Andrey V. Elsukov2017-03-071-71/+112
* Merge projects/ipsec into head/.Andrey V. Elsukov2017-02-061-2752/+3093
* IPsec RFC6479 support for replay window sizes up to 2^32 - 32 packets.Fabien Thomas2016-11-251-14/+116
* netipsec: Fix minor style nitConrad Meyer2016-05-101-1/+1
* sys/net*: minor spelling fixes.Pedro F. Giffuni2016-05-031-6/+6
* Handle non-compressed packets for IPComp in tunnel mode.Andrey V. Elsukov2016-04-241-0/+60
* kernel: use our nitems() macro when it is available through param.h.Pedro F. Giffuni2016-04-191-4/+4
* sys/net* : for pointers replace 0 with NULL.Pedro F. Giffuni2016-04-151-6/+6
* Put IPSec's anouncement of its successful intialisation under bootverbose:Robert Watson2016-03-131-1/+2
* Set tres to NULL to avoid a double free if the m_pullup() below fails.Mark Johnston2016-03-021-0/+1
* Fix useless check. m_pkthdr.len should be equal to orglen.Andrey V. Elsukov2016-02-241-2/+1
* Implement the sadb_x_policy_priority field as it is done in Linux:Fabien Thomas2015-11-171-7/+30
* Use explicitly specified ivsize instead of blocksize when we mean IV size.Andrey V. Elsukov2015-11-161-1/+1
* Make IPsec work with AES-GCM and AES-ICM (aka CTR) in OCF... IPsecJohn-Mark Gurney2015-08-041-2/+0
* Fill the port and protocol information in the SADB_ACQUIRE messageAndrey V. Elsukov2015-07-061-8/+60
* drop key_sa_stir_iv as it isn't used...John-Mark Gurney2015-06-111-8/+0
* CALLOUT_MPSAFE has lost its meaning since r141428, i.e., for more than tenJung-uk Kim2015-05-221-1/+1
* In the reply to SADB_X_SPDGET message use the same sequence number thatAndrey V. Elsukov2015-05-201-2/+3
* Change SA's state before sending SADB_EXPIRE message. This state willAndrey V. Elsukov2015-05-191-2/+2
* Teach key_expire() send SADB_EXPIRE message with the SADB_EXT_LIFETIME_HARDAndrey V. Elsukov2015-05-191-40/+38
* Fix handling of scoped IPv6 addresses in IPSec code.Andrey V. Elsukov2015-04-181-36/+7
* Remove extra '&'. sin6 is already a pointer.Andrey V. Elsukov2015-03-071-1/+1