aboutsummaryrefslogtreecommitdiff
path: root/sys/netipsec/key.c
Commit message (Expand)AuthorAgeFilesLines
* Make IPsec work with AES-GCM and AES-ICM (aka CTR) in OCF... IPsecJohn-Mark Gurney2015-08-041-2/+0
* Fill the port and protocol information in the SADB_ACQUIRE messageAndrey V. Elsukov2015-07-061-8/+60
* drop key_sa_stir_iv as it isn't used...John-Mark Gurney2015-06-111-8/+0
* CALLOUT_MPSAFE has lost its meaning since r141428, i.e., for more than tenJung-uk Kim2015-05-221-1/+1
* In the reply to SADB_X_SPDGET message use the same sequence number thatAndrey V. Elsukov2015-05-201-2/+3
* Change SA's state before sending SADB_EXPIRE message. This state willAndrey V. Elsukov2015-05-191-2/+2
* Teach key_expire() send SADB_EXPIRE message with the SADB_EXT_LIFETIME_HARDAndrey V. Elsukov2015-05-191-40/+38
* Fix handling of scoped IPv6 addresses in IPSec code.Andrey V. Elsukov2015-04-181-36/+7
* Remove extra '&'. sin6 is already a pointer.Andrey V. Elsukov2015-03-071-1/+1
* Fix possible memory leak and several races in the IPsec policy managementAndrey V. Elsukov2015-02-241-1/+15
* key_spdget uses key_setdumpsp() without SPTREE_RLOCK held (it usesAndrey V. Elsukov2015-01-271-2/+0
* In order to reduce use of M_EXT outside of the mbuf allocator andRobert Watson2015-01-061-10/+5
* Fix VIMAGE build.Andrey V. Elsukov2014-12-251-1/+1
* Rename ip4_def_policy variable to def_policy. It is used by both IPv4 andAndrey V. Elsukov2014-12-241-172/+123
* key_getspacq() returns holding the spacq_lock. Unlock it in all cases.Andrey V. Elsukov2014-12-071-1/+2
* Remove __P() macro.Andrey V. Elsukov2014-12-031-112/+111
* ANSIfy function declarations.Andrey V. Elsukov2014-12-031-202/+80
* Remove route chaching support from ipsec code. It isn't used for some time.Andrey V. Elsukov2014-12-021-25/+0
* Remove SYSCTL_VNET_* macros, and simply put CTLFLAG_VNET where needed.Gleb Smirnoff2014-11-071-24/+24
* Use in_localip() instead of handmade implementation.Andrey V. Elsukov2014-10-311-21/+2
* Use a static callout to drive key_timehandler() instead of timeout().John Baldwin2014-10-231-4/+9
* Only do a ports check if this is a NAT-T SA. Otherwise otherBjoern A. Zeeb2014-05-241-6/+20
* The r48589 promised to remove implicit inclusion of if_var.h soon. PrepareGleb Smirnoff2013-10-261-1/+2
* Use corresponding macros to update statistics for AH, ESP, IPIP, IPCOMP,Andrey V. Elsukov2013-06-201-19/+19
* Use m_get2() + m_align() instead of hand made key_alloc_mbuf(). CodeGleb Smirnoff2013-03-151-104/+50
* Mechanically substitute flags from historic mbuf allocator withGleb Smirnoff2012-12-051-21/+21
* Mechanically remove the last stray remains of spl* calls from net*/*.Andre Oppermann2012-10-181-6/+0
* In NAT-T transport mode, allow a client to open a new connection just afterVANHULLEBUS Yvan2012-09-121-3/+5
* Unexpand a couple of TAILQ_FOREACH()s.John Baldwin2012-08-171-2/+1
* Add missing va_end() in an error case to clean up after va_start()Christian Brueffer2011-10-071-0/+1
* Release SP's refcount in key_get_spdbyid().VANHULLEBUS Yvan2011-05-091-0/+1
* Make IPsec compile without INET adding appropriate #ifdef checks.Bjoern A. Zeeb2011-04-271-1/+1
* Optimisation in IPSEC(4):Fabien Thomas2011-03-311-30/+27
* Fixed IPsec's HMAC_SHA256-512 support to be RFC4868 compliant.VANHULLEBUS Yvan2011-02-181-1/+8
* After some off-list discussion, revert a number of changes to theDimitry Andric2010-11-221-18/+18
* Apply the STATIC_VNET_DEFINE and STATIC_DPCPU_DEFINE macros throughoutDimitry Andric2010-11-141-18/+18
* Make the IPsec SADB embedded route cache a union to be able to hold both theBjoern A. Zeeb2010-10-231-4/+4
* Set SA's natt_type before calling key_mature() in key_add(),VANHULLEBUS Yvan2010-05-051-6/+6
* Update SA's NAT-T stuff before calling key_mature() in key_update(),VANHULLEBUS Yvan2010-05-051-6/+6
* MFP4: @176978-176982, 176984, 176990-176994, 177441Bjoern A. Zeeb2010-04-291-10/+11
* Locks SPTREE when setting some SP entries to state DEAD.VANHULLEBUS Yvan2010-04-151-0/+6
* When tearing down IPsec as part of a (virtual) network stack,Bjoern A. Zeeb2010-03-281-7/+9
* fixed two race conditions when inserting/removing SAs via PFKey,VANHULLEBUS Yvan2009-11-171-2/+3
* When checking traffic endpoint's adresses families in key_spdadd(),VANHULLEBUS Yvan2009-09-161-12/+2
* Silent gcc? Yeah, you wish. What I ment was to silence gcc.Pawel Jakub Dawidek2009-09-061-2/+2
* Initialize state_valid and arraysize variable so gcc won't complain.Pawel Jakub Dawidek2009-09-061-1/+3
* Improve code a bit by eliminating goto and having one unlock per lock.Pawel Jakub Dawidek2009-09-061-4/+3
* Merge the remainder of kern_vimage.c and vimage.h into vnet.c andRobert Watson2009-08-011-1/+0
* Reimplement and/or implement vnet list locking by replacing a mostlyRobert Watson2009-07-191-2/+2
* Remove unused VNET_SET() and related macros; only VNET_GET() isRobert Watson2009-07-161-18/+18