|
Revision tags: release/13.3.0, release/14.0.0 |
|
| #
d94c991f |
| 07-Nov-2023 |
Elyes Haouas <ehaouas@noos.fr> |
setkey: Use nitems(foo) instead of sizeof(foo)/sizeof(foo[0])
Pull Request: https://github.com/freebsd/freebsd-src/pull/888
Signed-off-by: Elyes Haouas <ehaouas@noos.fr>
|
| #
2a63c3be |
| 16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: one-line .c comment pattern
Remove /^/[*/]\s*\$FreeBSD\$.*\n/
|
|
Revision tags: release/13.2.0 |
|
| #
3cb80822 |
| 03-Apr-2023 |
Konstantin Belousov <kib@FreeBSD.org> |
setkey(8): add -e option to take script from the command line
Reviewed by: ae
Sponsored by: Nvidia networking
MFC after: 1 week
Differential revision: https://reviews.freebsd.org/D39393
|
|
Revision tags: release/12.4.0, release/13.1.0 |
|
| #
0aef8628 |
| 05-May-2022 |
Eugene Grosbein <eugen@FreeBSD.org> |
If setkey(8) is used without ipsec.ko loaded beforehand,
its attempt to install SA/SPD into the kernel results in cryptic
EINVAL error code.
Let it be a bit more user-friendly and try to load ipsec.
If setkey(8) is used without ipsec.ko loaded beforehand,
its attempt to install SA/SPD into the kernel results in cryptic
EINVAL error code.
Let it be a bit more user-friendly and try to load ipsec.ko
automatically if it is not loaded, just like ifconfig(8) does it
for modules it needs.
PR: 263379
MFC after: 2 weeks
show more ...
|
|
Revision tags: release/12.3.0 |
|
| #
1e67e310 |
| 08-Jul-2021 |
Mateusz Guzik <mjg@FreeBSD.org> |
setkey: drop an unused argument from postproc
|
| #
b2981787 |
| 08-Jul-2021 |
Mateusz Guzik <mjg@FreeBSD.org> |
setkey: fix several warnings popping up when compiling without WARNS=1
|
| #
e0c0612d |
| 08-Jul-2021 |
Mateusz Guzik <mjg@FreeBSD.org> |
setkey: ansify
|
|
Revision tags: release/13.0.0, release/12.2.0, release/11.4.0, release/12.1.0, release/11.3.0, release/12.0.0, release/11.2.0 |
|
| #
82725ba9 |
| 23-Nov-2017 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
Merge ^/head r325999 through r326131.
|
| #
8a16b7a1 |
| 20-Nov-2017 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
General further adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 3-Clause license.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier f
General further adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 3-Clause license.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
show more ...
|
|
Revision tags: release/10.4.0, release/11.1.0 |
|
| #
22986c67 |
| 07-Mar-2017 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Introduce the concept of IPsec security policies scope.
Currently are defined three scopes: global, ifnet, and pcb.
Generic security policies that IKE daemon can add via PF_KEY interface
or an admin
Introduce the concept of IPsec security policies scope.
Currently are defined three scopes: global, ifnet, and pcb.
Generic security policies that IKE daemon can add via PF_KEY interface
or an administrator creates with setkey(8) utility have GLOBAL scope.
Such policies can be applied by the kernel to outgoing packets and checked
agains inbound packets after IPsec processing.
Security policies created by if_ipsec(4) interfaces have IFNET scope.
Such policies are applied to packets that are passed through if_ipsec(4)
interface.
And security policies created by application using setsockopt()
IP_IPSEC_POLICY option have PCB scope. Such policies are applied to
packets related to specific socket. Currently there is no way to list
PCB policies via setkey(8) utility.
Modify setkey(8) and libipsec(3) to be able distinguish the scope of
security policies in the `setkey -DP` listing. Add two optional flags:
'-t' to list only policies related to virtual *tunneling* interfaces,
i.e. policies with IFNET scope, and '-g' to list only policies with GLOBAL
scope. By default policies from all scopes are listed.
To implement this PF_KEY's sadb_x_policy structure was modified.
sadb_x_policy_reserved field is used to pass the policy scope from the
kernel to userland. SADB_SPDDUMP message extended to support filtering
by scope: sadb_msg_satype field is used to specify bit mask of requested
scopes.
For IFNET policies the sadb_x_policy_priority field of struct sadb_x_policy
is used to pass if_ipsec's interface if_index to the userland. For GLOBAL
policies sadb_x_policy_priority is used only to manage order of security
policies in the SPDB. For IFNET policies it is not used, so it can be used
to keep if_index.
After this change the output of `setkey -DP` now looks like:
# setkey -DPt
0.0.0.0/0[any] 0.0.0.0/0[any] any
in ipsec
esp/tunnel/87.250.242.144-87.250.242.145/unique:145
spid=7 seq=3 pid=58025 scope=ifnet ifname=ipsec0
refcnt=1
# setkey -DPg
::/0 ::/0 icmp6 135,0
out none
spid=5 seq=1 pid=872 scope=global
refcnt=1
No objection from: #network
Obtained from: Yandex LLC
MFC after: 2 weeks
Sponsored by: Yandex LLC
Differential Revision: https://reviews.freebsd.org/D9805
show more ...
|
|
Revision tags: release/11.0.1, release/11.0.0, release/10.3.0, release/10.2.0, release/10.1.0, release/9.3.0, release/10.0.0, release/9.2.0, release/8.4.0, release/9.1.0, release/8.3.0_cvs, release/8.3.0, release/9.0.0, release/7.4.0_cvs, release/8.2.0_cvs, release/7.4.0, release/8.2.0, release/8.1.0_cvs, release/8.1.0, release/7.3.0_cvs, release/7.3.0, release/8.0.0_cvs, release/8.0.0, release/7.2.0_cvs, release/7.2.0, release/7.1.0_cvs, release/7.1.0, release/6.4.0_cvs, release/6.4.0, release/7.0.0_cvs, release/7.0.0, release/6.3.0_cvs, release/6.3.0 |
|
| #
784bddbc |
| 07-Nov-2007 |
Kevin Lo <kevlo@FreeBSD.org> |
Cleanup of userland __P use
|
| #
8409aedf |
| 01-Jul-2007 |
George V. Neville-Neil <gnn@FreeBSD.org> |
Commit IPv6 support for FAST_IPSEC to the tree.
This commit includes all remaining changes for the time being including
user space updates.
Submitted by: bz
Approved by: re
|
|
Revision tags: release/6.2.0_cvs, release/6.2.0, release/5.5.0_cvs, release/5.5.0, release/6.1.0_cvs, release/6.1.0, release/6.0.0_cvs, release/6.0.0, release/5.4.0_cvs, release/5.4.0, release/4.11.0_cvs, release/4.11.0, release/5.3.0_cvs, release/5.3.0, release/4.10.0_cvs, release/4.10.0, release/5.2.1_cvs, release/5.2.1, release/5.2.0_cvs, release/5.2.0 |
|
| #
cf43a054 |
| 05-Nov-2003 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
- do hexdump on send. set length field properly
- check for encryption/authentication key together with algorithm.
- warned if a deprecated encryption algorithm (that includes "simple")
is specifi
- do hexdump on send. set length field properly
- check for encryption/authentication key together with algorithm.
- warned if a deprecated encryption algorithm (that includes "simple")
is specified.
- changed the syntax how to define a policy of a ICMPv6 type and/or a
code, like spdadd ::/0 ::/0 icmp6 134,0 -P out none;
- random cleanup in parser.
- use yyfatal, or return -1 after yyerror.
- deal with strdup() failure.
- permit scope notation in policy string (-P
esp/tunnel/foo%scope-bar%scope/use)
- simplify /prefix and [port].
- g/c some unused symbols.
Obtained from: KAME
show more ...
|
|
Revision tags: release/4.9.0_cvs, release/4.9.0 |
|
| #
2f4c5de9 |
| 17-Oct-2003 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
- style
- rename variable
- use strlcpy
- const'fy
Obtained from: KAME
|
|
Revision tags: release/5.1.0_cvs, release/5.1.0 |
|
| #
0fe26507 |
| 16-Apr-2003 |
Munechika SUMIKAWA <sumikawa@FreeBSD.org> |
Use NI_xxx macros.
Obtained from: KAME
MFC after: 1 week
|
|
Revision tags: release/4.8.0_cvs, release/4.8.0, release/5.0.0_cvs, release/5.0.0, release/4.7.0_cvs, release/4.6.2_cvs, release/4.6.2, release/4.6.1, release/4.6.0_cvs, release/4.5.0_cvs, release/4.4.0_cvs |
|
| #
33841545 |
| 11-Jun-2001 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
Sync with recent KAME.
This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.
TODO:
Sync with recent KAME.
This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.
TODO:
- The definitions of SADB_* in sys/net/pfkeyv2.h are still different
from RFC2407/IANA assignment because of binary compatibility
issue. It should be fixed under 5-CURRENT.
- ip6po_m member of struct ip6_pktopts is no longer used. But, it
is still there because of binary compatibility issue. It should
be removed under 5-CURRENT.
Reviewed by: itojun
Obtained from: KAME
MFC after: 3 weeks
show more ...
|
|
Revision tags: release/4.3.0_cvs, release/4.3.0, release/4.2.0, release/4.1.1_cvs, release/4.1.0 |
|
| #
3c62e87a |
| 04-Jul-2000 |
Jun-ichiro itojun Hagino <itojun@FreeBSD.org> |
synchronize with latest kame tree.
behavior change: policy syntax was changed. you may need to update your
setkey(8) configuration files.
|
|
Revision tags: release/3.5.0_cvs, release/4.0.0_cvs |
|
| #
9a4365d0 |
| 06-Jan-2000 |
Yoshinobu Inoue <shin@FreeBSD.org> |
libipsec and IPsec related apps. (and some KAME related man pages)
Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project
|
|
Revision tags: release/11.0.1, release/11.0.0, release/10.3.0, release/10.2.0, release/10.1.0, release/9.3.0, release/10.0.0, release/9.2.0, release/8.4.0, release/9.1.0, release/8.3.0_cvs, release/8.3.0, release/9.0.0, release/7.4.0_cvs, release/8.2.0_cvs, release/7.4.0, release/8.2.0, release/8.1.0_cvs, release/8.1.0, release/7.3.0_cvs, release/7.3.0, release/8.0.0_cvs, release/8.0.0, release/7.2.0_cvs, release/7.2.0, release/7.1.0_cvs, release/7.1.0, release/6.4.0_cvs, release/6.4.0, release/7.0.0_cvs, release/7.0.0, release/6.3.0_cvs, release/6.3.0 |
|
| #
784bddbc |
| 07-Nov-2007 |
Kevin Lo <kevlo@FreeBSD.org> |
Cleanup of userland __P use
|
| #
8409aedf |
| 01-Jul-2007 |
George V. Neville-Neil <gnn@FreeBSD.org> |
Commit IPv6 support for FAST_IPSEC to the tree.
This commit includes all remaining changes for the time being including
user space updates.
Submitted by: bz
Approved by: re
|
|
Revision tags: release/6.2.0_cvs, release/6.2.0, release/5.5.0_cvs, release/5.5.0, release/6.1.0_cvs, release/6.1.0, release/6.0.0_cvs, release/6.0.0, release/5.4.0_cvs, release/5.4.0, release/4.11.0_cvs, release/4.11.0, release/5.3.0_cvs, release/5.3.0, release/4.10.0_cvs, release/4.10.0, release/5.2.1_cvs, release/5.2.1, release/5.2.0_cvs, release/5.2.0 |
|
| #
cf43a054 |
| 05-Nov-2003 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
- do hexdump on send. set length field properly
- check for encryption/authentication key together with algorithm.
- warned if a deprecated encryption algorithm (that includes "simple")
is specifi
- do hexdump on send. set length field properly
- check for encryption/authentication key together with algorithm.
- warned if a deprecated encryption algorithm (that includes "simple")
is specified.
- changed the syntax how to define a policy of a ICMPv6 type and/or a
code, like spdadd ::/0 ::/0 icmp6 134,0 -P out none;
- random cleanup in parser.
- use yyfatal, or return -1 after yyerror.
- deal with strdup() failure.
- permit scope notation in policy string (-P
esp/tunnel/foo%scope-bar%scope/use)
- simplify /prefix and [port].
- g/c some unused symbols.
Obtained from: KAME
show more ...
|
|
Revision tags: release/4.9.0_cvs, release/4.9.0 |
|
| #
2f4c5de9 |
| 17-Oct-2003 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
- style
- rename variable
- use strlcpy
- const'fy
Obtained from: KAME
|
|
Revision tags: release/5.1.0_cvs, release/5.1.0 |
|
| #
0fe26507 |
| 16-Apr-2003 |
Munechika SUMIKAWA <sumikawa@FreeBSD.org> |
Use NI_xxx macros.
Obtained from: KAME
MFC after: 1 week
|
|
Revision tags: release/4.8.0_cvs, release/4.8.0, release/5.0.0_cvs, release/5.0.0, release/4.7.0_cvs, release/4.6.2_cvs, release/4.6.2, release/4.6.1, release/4.6.0_cvs, release/4.5.0_cvs, release/4.4.0_cvs |
|
| #
33841545 |
| 11-Jun-2001 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
Sync with recent KAME.
This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.
TODO:
Sync with recent KAME.
This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.
TODO:
- The definitions of SADB_* in sys/net/pfkeyv2.h are still different
from RFC2407/IANA assignment because of binary compatibility
issue. It should be fixed under 5-CURRENT.
- ip6po_m member of struct ip6_pktopts is no longer used. But, it
is still there because of binary compatibility issue. It should
be removed under 5-CURRENT.
Reviewed by: itojun
Obtained from: KAME
MFC after: 3 weeks
show more ...
|
|
Revision tags: release/4.3.0_cvs, release/4.3.0, release/4.2.0, release/4.1.1_cvs, release/4.1.0 |
|
| #
3c62e87a |
| 04-Jul-2000 |
Jun-ichiro itojun Hagino <itojun@FreeBSD.org> |
synchronize with latest kame tree.
behavior change: policy syntax was changed. you may need to update your
setkey(8) configuration files.
|