aboutsummaryrefslogtreecommitdiff
path: root/sys/netipsec
Commit message (Expand)AuthorAgeFilesLines
* Set tres to NULL to avoid a double free if the m_pullup() below fails.Mark Johnston2016-03-021-0/+1
* Fix useless check. m_pkthdr.len should be equal to orglen.Andrey V. Elsukov2016-02-241-2/+1
* These files were getting sys/malloc.h and vm/uma.h with header pollutionGleb Smirnoff2016-02-012-1/+2
* Overhaul if_enc(4) and make it loadable in run-time.Andrey V. Elsukov2015-11-254-102/+80
* Implement the sadb_x_policy_priority field as it is done in Linux:Fabien Thomas2015-11-172-7/+31
* Use explicitly specified ivsize instead of blocksize when we mean IV size.Andrey V. Elsukov2015-11-162-8/+2
* Turning on IPSEC used to introduce a slight amount of performanceGeorge V. Neville-Neil2015-10-271-0/+6
* Take extra reference to security policy before calling crypto_dispatch().Andrey V. Elsukov2015-09-304-14/+5
* Make IPsec work with AES-GCM and AES-ICM (aka CTR) in OCF... IPsecJohn-Mark Gurney2015-08-044-89/+96
* these are comparing authenticators and need to be constant time...John-Mark Gurney2015-07-312-2/+2
* Clean up this header file...John-Mark Gurney2015-07-311-2/+0
* Correct IPSec SA statistic keepingErmal Luçi2015-07-301-1/+2
* RFC4868 section 2.3 requires that the output be half... This fixesJohn-Mark Gurney2015-07-293-26/+38
* IPSEC, remove variable argument function its already due.Ermal Luçi2015-07-212-23/+8
* Summary: Fix LINT build. The names of the new AES modes were notGeorge V. Neville-Neil2015-07-101-3/+3
* Add support for AES modes to IPSec. These modes work both in software onlyGeorge V. Neville-Neil2015-07-092-73/+99
* Fill the port and protocol information in the SADB_ACQUIRE messageAndrey V. Elsukov2015-07-061-8/+60
* Reduce overhead of IPSEC for traffic generated from hostErmal Luçi2015-07-031-0/+6
* drop key_sa_stir_iv as it isn't used...John-Mark Gurney2015-06-112-9/+0
* CALLOUT_MPSAFE has lost its meaning since r141428, i.e., for more than tenJung-uk Kim2015-05-221-1/+1
* In the reply to SADB_X_SPDGET message use the same sequence number thatAndrey V. Elsukov2015-05-201-2/+3
* Remove unneded mbuf length adjustment, M_PREPEND() already did that.Andrey V. Elsukov2015-05-191-2/+0
* Change SA's state before sending SADB_EXPIRE message. This state willAndrey V. Elsukov2015-05-191-2/+2
* Teach key_expire() send SADB_EXPIRE message with the SADB_EXT_LIFETIME_HARDAndrey V. Elsukov2015-05-191-40/+38
* Summary: Remove spurious, extra, next header comments.George V. Neville-Neil2015-05-151-4/+2
* Fix the comment. We will not do SPD lookup again, becauseAndrey V. Elsukov2015-04-281-2/+1
* Since PFIL can change mbuf pointer, we should update pointers afterAndrey V. Elsukov2015-04-282-0/+3
* Make ipsec_in_reject() static. We use ipsec[46]_in_reject() instead.Andrey V. Elsukov2015-04-272-2/+2
* Fix possible use after free due to security policy deletion.Andrey V. Elsukov2015-04-274-8/+30
* Change ipsec_address() and ipsec_logsastr() functions to take twoAndrey V. Elsukov2015-04-187-132/+105
* Requeue mbuf via netisr when we use IPSec tunnel mode and IPv6.Andrey V. Elsukov2015-04-181-1/+30
* Fix handling of scoped IPv6 addresses in IPSec code.Andrey V. Elsukov2015-04-183-36/+21
* Remove xform_ipip.c and code related to XF_IP4.Andrey V. Elsukov2015-04-183-404/+129
* o Use new function ip_fillid() in all places throughout the kernel,Gleb Smirnoff2015-04-011-3/+1
* Remove extra '&'. sin6 is already a pointer.Andrey V. Elsukov2015-03-071-1/+1
* Fix possible memory leak and several races in the IPsec policy managementAndrey V. Elsukov2015-02-242-1/+18
* key_spdget uses key_setdumpsp() without SPTREE_RLOCK held (it usesAndrey V. Elsukov2015-01-271-2/+0
* In order to reduce use of M_EXT outside of the mbuf allocator andRobert Watson2015-01-062-12/+6
* Fix VIMAGE build.Andrey V. Elsukov2014-12-251-1/+1
* Rename ip4_def_policy variable to def_policy. It is used by both IPv4 andAndrey V. Elsukov2014-12-244-209/+140
* Treat errors when retrieving security policy as policy violation.Andrey V. Elsukov2014-12-111-2/+4
* Initialize error variable.Andrey V. Elsukov2014-12-111-0/+1
* Remove flag/flags argument from the following functions:Andrey V. Elsukov2014-12-112-23/+12
* Remove flags and tunalready arguments from ipsec4_process_packet()Andrey V. Elsukov2014-12-112-94/+54
* Remove now unused mtag argument from ipsec*_common_input_cb.Andrey V. Elsukov2014-12-116-31/+16
* Remove code related to PACKET_TAG_IPSEC_IN_CRYPTO_DONE mbuf tag.Andrey V. Elsukov2014-12-112-153/+71
* Remove unused mtag variable.Andrey V. Elsukov2014-12-111-2/+0
* key_getspacq() returns holding the spacq_lock. Unlock it in all cases.Andrey V. Elsukov2014-12-071-1/+2
* Fix style(9) and remove m_freem(NULL).Andrey V. Elsukov2014-12-041-4/+3
* Remove __P() macro.Andrey V. Elsukov2014-12-0310-206/+202