| Commit message (Expand) | Author | Age | Files | Lines |
* | Implement anti-replay algorithm with ESN support | Marcin Wojtas | 2020-10-16 | 1 | -85/+208 |
* | net: clean up empty lines in .c and .h files | Mateusz Guzik | 2020-09-01 | 1 | -2/+0 |
* | Remove support for IPsec algorithms deprecated in r348205 and r360202. | John Baldwin | 2020-05-02 | 1 | -5/+0 |
* | Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many) | Pawel Biernacki | 2020-02-26 | 1 | -4/+6 |
* | Fix broken window replay check that will allow old packet to be accepted. | Fabien Thomas | 2019-09-06 | 1 | -0/+2 |
* | Make the warning intervals for deprecated crypto algorithms tunable. | John Baldwin | 2019-06-11 | 1 | -0/+5 |
* | Use the new VNET_DEFINE_STATIC macro when we are defining static VNET | Andrew Turner | 2018-07-24 | 1 | -4/+4 |
* | OpenCrypto: Convert sessions to opaque handles instead of integers | Conrad Meyer | 2018-07-18 | 1 | -2/+2 |
* | OCF: Add a typedef for session identifiers | Conrad Meyer | 2018-07-13 | 1 | -2/+3 |
* | Remove unused variables and sysctl declaration. | Andrey V. Elsukov | 2018-02-19 | 1 | -5/+0 |
* | sys: further adoption of SPDX licensing ID tags. | Pedro F. Giffuni | 2017-11-20 | 1 | -0/+2 |
* | crypto(9) is called from ipsec in CRYPTO_F_CBIFSYNC mode. This is working | Fabien Thomas | 2017-11-03 | 1 | -0/+12 |
* | Remove stale comments. | Andrey V. Elsukov | 2017-08-21 | 1 | -2/+0 |
* | Fix the regression introduced in r275710. | Andrey V. Elsukov | 2017-08-21 | 1 | -10/+14 |
* | Merge projects/ipsec into head/. | Andrey V. Elsukov | 2017-02-06 | 1 | -967/+626 |
* | Add direction argument to ipsec_setspidx_inpcb() function. | Andrey V. Elsukov | 2017-01-08 | 1 | -7/+10 |
* | IPsec RFC6479 support for replay window sizes up to 2^32 - 32 packets. | Fabien Thomas | 2016-11-25 | 1 | -94/+74 |
* | Get closer to a VIMAGE network stack teardown from top to bottom rather | Bjoern A. Zeeb | 2016-06-21 | 1 | -1/+1 |
* | sys/net*: minor spelling fixes. | Pedro F. Giffuni | 2016-05-03 | 1 | -3/+3 |
* | netipsec: Don't leak memory when deep copy fails | Conrad Meyer | 2016-04-26 | 1 | -0/+1 |
* | Constify mbuf pointer for IPSEC functions where mbuf isn't modified. | Andrey V. Elsukov | 2016-04-21 | 1 | -31/+36 |
* | Overhaul if_enc(4) and make it loadable in run-time. | Andrey V. Elsukov | 2015-11-25 | 1 | -0/+30 |
* | Turning on IPSEC used to introduce a slight amount of performance | George V. Neville-Neil | 2015-10-27 | 1 | -0/+6 |
* | Reduce overhead of IPSEC for traffic generated from host | Ermal Luçi | 2015-07-03 | 1 | -0/+6 |
* | Make ipsec_in_reject() static. We use ipsec[46]_in_reject() instead. | Andrey V. Elsukov | 2015-04-27 | 1 | -1/+2 |
* | Change ipsec_address() and ipsec_logsastr() functions to take two | Andrey V. Elsukov | 2015-04-18 | 1 | -45/+17 |
* | Rename ip4_def_policy variable to def_policy. It is used by both IPv4 and | Andrey V. Elsukov | 2014-12-24 | 1 | -16/+11 |
* | Treat errors when retrieving security policy as policy violation. | Andrey V. Elsukov | 2014-12-11 | 1 | -2/+4 |
* | Initialize error variable. | Andrey V. Elsukov | 2014-12-11 | 1 | -0/+1 |
* | Remove flag/flags argument from the following functions: | Andrey V. Elsukov | 2014-12-11 | 1 | -20/+10 |
* | Remove __P() macro. | Andrey V. Elsukov | 2014-12-03 | 1 | -9/+9 |
* | Remove route chaching support from ipsec code. It isn't used for some time. | Andrey V. Elsukov | 2014-12-02 | 1 | -1/+0 |
* | Remove SYSCTL_VNET_* macros, and simply put CTLFLAG_VNET where needed. | Gleb Smirnoff | 2014-11-07 | 1 | -40/+40 |
* | Remove _IP_VHL* macros and related ifdefs. | Andrey V. Elsukov | 2014-04-16 | 1 | -12/+0 |
* | The r48589 promised to remove implicit inclusion of if_var.h soon. Prepare | Gleb Smirnoff | 2013-10-26 | 1 | -0/+1 |
* | Migrate structs ahstat, espstat, ipcompstat, ipipstat, pfkeystat, | Andrey V. Elsukov | 2013-07-09 | 1 | -12/+18 |
* | Use IPSECSTAT_INC() and IPSEC6STAT_INC() macros for ipsec statistics | Andrey V. Elsukov | 2013-06-20 | 1 | -4/+4 |
* | Switch the entire IPv4 stack to keep the IP packet header | Gleb Smirnoff | 2012-10-22 | 1 | -3/+2 |
* | Announce both IPsec and UDP Encap (NAT-T) if available for | Bjoern A. Zeeb | 2010-10-30 | 1 | -0/+5 |
* | MFP4: @176978-176982, 176984, 176990-176994, 177441 | Bjoern A. Zeeb | 2010-04-29 | 1 | -0/+1 |
* | Fix a logic error in ipsec code that extracts | Ermal Luçi | 2010-04-02 | 1 | -1/+1 |
* | Merge the remainder of kern_vimage.c and vimage.h into vnet.c and | Robert Watson | 2009-08-01 | 1 | -1/+0 |
* | Introduce and use a sysinit-based initialization scheme for virtual | Robert Watson | 2009-07-23 | 1 | -25/+3 |
* | Garbage collect vnet module registrations that have neither constructors | Robert Watson | 2009-07-20 | 1 | -1/+0 |
* | Build on Jeff Roberson's linker-set based dynamic per-CPU allocator | Robert Watson | 2009-07-14 | 1 | -167/+77 |
* | Properly hide IPv4 only variables and functions under #ifdef INET. | Bjoern A. Zeeb | 2009-06-10 | 1 | -0/+2 |
* | Introduce an infrastructure for dismantling vnet instances. | Marko Zec | 2009-06-08 | 1 | -2/+18 |
* | Add sysctls to toggle the behaviour of the (former) IPSEC_FILTERTUNNEL | Bjoern A. Zeeb | 2009-05-23 | 1 | -0/+16 |
* | Permit buiding kernels with options VIMAGE, restricted to only a single | Marko Zec | 2009-04-30 | 1 | -0/+1 |
* | Introduce vnet module registration / initialization framework with | Marko Zec | 2009-04-11 | 1 | -0/+14 |