| Commit message (Expand) | Author | Age | Files | Lines |
* | Make IPsec work with AES-GCM and AES-ICM (aka CTR) in OCF... IPsec | John-Mark Gurney | 2015-08-04 | 1 | -2/+0 |
* | Fill the port and protocol information in the SADB_ACQUIRE message | Andrey V. Elsukov | 2015-07-06 | 1 | -8/+60 |
* | drop key_sa_stir_iv as it isn't used... | John-Mark Gurney | 2015-06-11 | 1 | -8/+0 |
* | CALLOUT_MPSAFE has lost its meaning since r141428, i.e., for more than ten | Jung-uk Kim | 2015-05-22 | 1 | -1/+1 |
* | In the reply to SADB_X_SPDGET message use the same sequence number that | Andrey V. Elsukov | 2015-05-20 | 1 | -2/+3 |
* | Change SA's state before sending SADB_EXPIRE message. This state will | Andrey V. Elsukov | 2015-05-19 | 1 | -2/+2 |
* | Teach key_expire() send SADB_EXPIRE message with the SADB_EXT_LIFETIME_HARD | Andrey V. Elsukov | 2015-05-19 | 1 | -40/+38 |
* | Fix handling of scoped IPv6 addresses in IPSec code. | Andrey V. Elsukov | 2015-04-18 | 1 | -36/+7 |
* | Remove extra '&'. sin6 is already a pointer. | Andrey V. Elsukov | 2015-03-07 | 1 | -1/+1 |
* | Fix possible memory leak and several races in the IPsec policy management | Andrey V. Elsukov | 2015-02-24 | 1 | -1/+15 |
* | key_spdget uses key_setdumpsp() without SPTREE_RLOCK held (it uses | Andrey V. Elsukov | 2015-01-27 | 1 | -2/+0 |
* | In order to reduce use of M_EXT outside of the mbuf allocator and | Robert Watson | 2015-01-06 | 1 | -10/+5 |
* | Fix VIMAGE build. | Andrey V. Elsukov | 2014-12-25 | 1 | -1/+1 |
* | Rename ip4_def_policy variable to def_policy. It is used by both IPv4 and | Andrey V. Elsukov | 2014-12-24 | 1 | -172/+123 |
* | key_getspacq() returns holding the spacq_lock. Unlock it in all cases. | Andrey V. Elsukov | 2014-12-07 | 1 | -1/+2 |
* | Remove __P() macro. | Andrey V. Elsukov | 2014-12-03 | 1 | -112/+111 |
* | ANSIfy function declarations. | Andrey V. Elsukov | 2014-12-03 | 1 | -202/+80 |
* | Remove route chaching support from ipsec code. It isn't used for some time. | Andrey V. Elsukov | 2014-12-02 | 1 | -25/+0 |
* | Remove SYSCTL_VNET_* macros, and simply put CTLFLAG_VNET where needed. | Gleb Smirnoff | 2014-11-07 | 1 | -24/+24 |
* | Use in_localip() instead of handmade implementation. | Andrey V. Elsukov | 2014-10-31 | 1 | -21/+2 |
* | Use a static callout to drive key_timehandler() instead of timeout(). | John Baldwin | 2014-10-23 | 1 | -4/+9 |
* | Only do a ports check if this is a NAT-T SA. Otherwise other | Bjoern A. Zeeb | 2014-05-24 | 1 | -6/+20 |
* | The r48589 promised to remove implicit inclusion of if_var.h soon. Prepare | Gleb Smirnoff | 2013-10-26 | 1 | -1/+2 |
* | Use corresponding macros to update statistics for AH, ESP, IPIP, IPCOMP, | Andrey V. Elsukov | 2013-06-20 | 1 | -19/+19 |
* | Use m_get2() + m_align() instead of hand made key_alloc_mbuf(). Code | Gleb Smirnoff | 2013-03-15 | 1 | -104/+50 |
* | Mechanically substitute flags from historic mbuf allocator with | Gleb Smirnoff | 2012-12-05 | 1 | -21/+21 |
* | Mechanically remove the last stray remains of spl* calls from net*/*. | Andre Oppermann | 2012-10-18 | 1 | -6/+0 |
* | In NAT-T transport mode, allow a client to open a new connection just after | VANHULLEBUS Yvan | 2012-09-12 | 1 | -3/+5 |
* | Unexpand a couple of TAILQ_FOREACH()s. | John Baldwin | 2012-08-17 | 1 | -2/+1 |
* | Add missing va_end() in an error case to clean up after va_start() | Christian Brueffer | 2011-10-07 | 1 | -0/+1 |
* | Release SP's refcount in key_get_spdbyid(). | VANHULLEBUS Yvan | 2011-05-09 | 1 | -0/+1 |
* | Make IPsec compile without INET adding appropriate #ifdef checks. | Bjoern A. Zeeb | 2011-04-27 | 1 | -1/+1 |
* | Optimisation in IPSEC(4): | Fabien Thomas | 2011-03-31 | 1 | -30/+27 |
* | Fixed IPsec's HMAC_SHA256-512 support to be RFC4868 compliant. | VANHULLEBUS Yvan | 2011-02-18 | 1 | -1/+8 |
* | After some off-list discussion, revert a number of changes to the | Dimitry Andric | 2010-11-22 | 1 | -18/+18 |
* | Apply the STATIC_VNET_DEFINE and STATIC_DPCPU_DEFINE macros throughout | Dimitry Andric | 2010-11-14 | 1 | -18/+18 |
* | Make the IPsec SADB embedded route cache a union to be able to hold both the | Bjoern A. Zeeb | 2010-10-23 | 1 | -4/+4 |
* | Set SA's natt_type before calling key_mature() in key_add(), | VANHULLEBUS Yvan | 2010-05-05 | 1 | -6/+6 |
* | Update SA's NAT-T stuff before calling key_mature() in key_update(), | VANHULLEBUS Yvan | 2010-05-05 | 1 | -6/+6 |
* | MFP4: @176978-176982, 176984, 176990-176994, 177441 | Bjoern A. Zeeb | 2010-04-29 | 1 | -10/+11 |
* | Locks SPTREE when setting some SP entries to state DEAD. | VANHULLEBUS Yvan | 2010-04-15 | 1 | -0/+6 |
* | When tearing down IPsec as part of a (virtual) network stack, | Bjoern A. Zeeb | 2010-03-28 | 1 | -7/+9 |
* | fixed two race conditions when inserting/removing SAs via PFKey, | VANHULLEBUS Yvan | 2009-11-17 | 1 | -2/+3 |
* | When checking traffic endpoint's adresses families in key_spdadd(), | VANHULLEBUS Yvan | 2009-09-16 | 1 | -12/+2 |
* | Silent gcc? Yeah, you wish. What I ment was to silence gcc. | Pawel Jakub Dawidek | 2009-09-06 | 1 | -2/+2 |
* | Initialize state_valid and arraysize variable so gcc won't complain. | Pawel Jakub Dawidek | 2009-09-06 | 1 | -1/+3 |
* | Improve code a bit by eliminating goto and having one unlock per lock. | Pawel Jakub Dawidek | 2009-09-06 | 1 | -4/+3 |
* | Merge the remainder of kern_vimage.c and vimage.h into vnet.c and | Robert Watson | 2009-08-01 | 1 | -1/+0 |
* | Reimplement and/or implement vnet list locking by replacing a mostly | Robert Watson | 2009-07-19 | 1 | -2/+2 |
* | Remove unused VNET_SET() and related macros; only VNET_GET() is | Robert Watson | 2009-07-16 | 1 | -18/+18 |