#
e63d5726 |
| 28-Oct-2024 |
Quentin Thébault <quentin.thebault@defenso.fr> |
ipsec.4: cross-reference typo
MFC after: 3 days Reviewed by: Alexander Ziaee <concussious@runbox.com> Pull Request: https://github.com/freebsd/freebsd-src/pull/1502
|
#
6e1fc011 |
| 15-Oct-2024 |
Graham Percival <gperciva@tarsnap.com> |
manuals: Fix "unusual .Xr" warnings with a script
These were reported by `mandoc -T lint ...` as warnings: - unusual Xr order - unusual Xr punctuation
Fixes made by script in https://github.com/Tar
manuals: Fix "unusual .Xr" warnings with a script
These were reported by `mandoc -T lint ...` as warnings: - unusual Xr order - unusual Xr punctuation
Fixes made by script in https://github.com/Tarsnap/freebsd-doc-scripts
Signed-off-by: Graham Percival <gperciva@tarsnap.com> Reviewed by: mhorne, Alexander Ziaee <concussious.bugzilla@runbox.com> Sponsored by: Tarsnap Backup Inc. Pull Request: https://github.com/freebsd/freebsd-src/pull/1464
show more ...
|
Revision tags: release/13.4.0, release/14.1.0, release/13.3.0, release/14.0.0 |
|
#
fa9896e0 |
| 16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: two-line nroff pattern
Remove /^\.\\"\n\.\\"\s*\$FreeBSD\$$\n/
|
Revision tags: release/13.2.0, release/12.4.0, release/13.1.0, release/12.3.0, release/13.0.0, release/12.2.0, release/11.4.0, release/12.1.0, release/11.3.0, release/12.0.0, release/11.2.0, release/10.4.0, release/11.1.0 |
|
#
1a36faad |
| 11-Feb-2017 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r313301 through r313643.
|
#
15df32b4 |
| 07-Feb-2017 |
Enji Cooper <ngie@FreeBSD.org> |
MFhead@r313360
|
#
fcf59617 |
| 06-Feb-2017 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Merge projects/ipsec into head/.
Small summary -------------
o Almost all IPsec releated code was moved into sys/netipsec. o New kernel modules added: ipsec.ko and tcpmd5.ko. New kernel option
Merge projects/ipsec into head/.
Small summary -------------
o Almost all IPsec releated code was moved into sys/netipsec. o New kernel modules added: ipsec.ko and tcpmd5.ko. New kernel option IPSEC_SUPPORT added. It enables support for loading and unloading of ipsec.ko and tcpmd5.ko kernel modules. o IPSEC_NAT_T option was removed. Now NAT-T support is enabled by default. The UDP_ENCAP_ESPINUDP_NON_IKE encapsulation type support was removed. Added TCP/UDP checksum handling for inbound packets that were decapsulated by transport mode SAs. setkey(8) modified to show run-time NAT-T configuration of SA. o New network pseudo interface if_ipsec(4) added. For now it is build as part of ipsec.ko module (or with IPSEC kernel). It implements IPsec virtual tunnels to create route-based VPNs. o The network stack now invokes IPsec functions using special methods. The only one header file <netipsec/ipsec_support.h> should be included to declare all the needed things to work with IPsec. o All IPsec protocols handlers (ESP/AH/IPCOMP protosw) were removed. Now these protocols are handled directly via IPsec methods. o TCP_SIGNATURE support was reworked to be more close to RFC. o PF_KEY SADB was reworked: - now all security associations stored in the single SPI namespace, and all SAs MUST have unique SPI. - several hash tables added to speed up lookups in SADB. - SADB now uses rmlock to protect access, and concurrent threads can do SA lookups in the same time. - many PF_KEY message handlers were reworked to reflect changes in SADB. - SADB_UPDATE message was extended to support new PF_KEY headers: SADB_X_EXT_NEW_ADDRESS_SRC and SADB_X_EXT_NEW_ADDRESS_DST. They can be used by IKE daemon to change SA addresses. o ipsecrequest and secpolicy structures were cardinally changed to avoid locking protection for ipsecrequest. Now we support only limited number (4) of bundled SAs, but they are supported for both INET and INET6. o INPCB security policy cache was introduced. Each PCB now caches used security policies to avoid SP lookup for each packet. o For inbound security policies added the mode, when the kernel does check for full history of applied IPsec transforms. o References counting rules for security policies and security associations were changed. The proper SA locking added into xform code. o xform code was also changed. Now it is possible to unregister xforms. tdb_xxx structures were changed and renamed to reflect changes in SADB/SPDB, and changed rules for locking and refcounting.
Reviewed by: gnn, wblock Obtained from: Yandex LLC Relnotes: yes Sponsored by: Yandex LLC Differential Revision: https://reviews.freebsd.org/D9352
show more ...
|
Revision tags: release/11.0.1, release/11.0.0, release/10.3.0, release/10.2.0, release/10.1.0, release/9.3.0, release/10.0.0, release/9.2.0 |
|
#
cfe30d02 |
| 19-Jun-2013 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Merge fresh head.
|
Revision tags: release/8.4.0 |
|
#
d9a44755 |
| 08-Feb-2013 |
David E. O'Brien <obrien@FreeBSD.org> |
Sync with HEAD.
|
Revision tags: release/9.1.0 |
|
#
300675f6 |
| 27-Nov-2012 |
Alexander Motin <mav@FreeBSD.org> |
MFC
|
#
7d3d462b |
| 13-Nov-2012 |
Neel Natu <neel@FreeBSD.org> |
IFC @ r242940
|
#
d92303b6 |
| 07-Nov-2012 |
Kevin Lo <kevlo@FreeBSD.org> |
Nm ipsec
|
Revision tags: release/8.3.0_cvs, release/8.3.0, release/9.0.0, release/7.4.0_cvs, release/8.2.0_cvs, release/7.4.0, release/8.2.0 |
|
#
c913de0e |
| 16-Aug-2010 |
Joel Dahl <joel@FreeBSD.org> |
Put parentheses around a few macros to prevent mdoc warnings.
|
Revision tags: release/8.1.0_cvs, release/8.1.0, release/7.3.0_cvs, release/7.3.0 |
|
#
1a0fda2b |
| 04-Mar-2010 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
IFH@204581
|
#
9199c09a |
| 06-Jan-2010 |
Warner Losh <imp@FreeBSD.org> |
Merge from head at r201628.
# This hasn't been tested, and there are at least three bad commits # that need to be backed out before the branch will be stable again.
|
#
3b558c96 |
| 05-Dec-2009 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
MFC r199947, 199950: Enable IPcomp by default.
PR: kern/123587
|
#
fbd69dff |
| 29-Nov-2009 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Correct typo.
Reported by: gabor MFC after: 5 days
|
#
a77cb332 |
| 29-Nov-2009 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Enable IPcomp by default.
PR: kern/123587 MFC after: 5 days
|
Revision tags: release/8.0.0_cvs, release/8.0.0 |
|
#
10b3b545 |
| 17-Sep-2009 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Merge from head
|
#
2e370a5c |
| 26-May-2009 |
Oleksandr Tymoshenko <gonzo@FreeBSD.org> |
Merge from HEAD
|
#
db2e4792 |
| 23-May-2009 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Add sysctls to toggle the behaviour of the (former) IPSEC_FILTERTUNNEL kernel option. This also permits tuning of the option per virtual network stack, as well as separately per inet, inet6.
The ker
Add sysctls to toggle the behaviour of the (former) IPSEC_FILTERTUNNEL kernel option. This also permits tuning of the option per virtual network stack, as well as separately per inet, inet6.
The kernel option is left for a transition period, marked deprecated, and will be removed soon.
Initially requested by: phk (1 year 1 day ago) MFC after: 4 weeks
show more ...
|
Revision tags: release/7.2.0_cvs, release/7.2.0, release/7.1.0_cvs, release/7.1.0, release/6.4.0_cvs, release/6.4.0, release/7.0.0_cvs, release/7.0.0, release/6.3.0_cvs, release/6.3.0 |
|
#
cc977adc |
| 05-Aug-2007 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Rename option IPSEC_FILTERGIF to IPSEC_FILTERTUNNEL. Also rename the related functions in a similar way. There are no functional changes.
For a packet coming in with IPsec tunnel mode, the default i
Rename option IPSEC_FILTERGIF to IPSEC_FILTERTUNNEL. Also rename the related functions in a similar way. There are no functional changes.
For a packet coming in with IPsec tunnel mode, the default is to only call into the firewall with the "outer" IP header and payload.
With this option turned on, in addition to the "outer" parts, the "inner" IP header and payload are passed to the firewall too when going through ip_input() the second time.
The option was never only related to a gif(4) tunnel within an IPsec tunnel and thus the name was very misleading.
Discussed at: BSDCan 2007 Best new name suggested by: rwatson Reviewed by: rwatson Approved by: re (bmah)
show more ...
|
#
e0c92631 |
| 02-Aug-2007 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
Remove the last entries to fast_ipsec. Merge in parts of the old fast_ipsec.4 man page to ipsec.4 and start updating ipsec.4 man page.
Reviewed by: brueffer, sam (slightly earlier versions), bmah Ap
Remove the last entries to fast_ipsec. Merge in parts of the old fast_ipsec.4 man page to ipsec.4 and start updating ipsec.4 man page.
Reviewed by: brueffer, sam (slightly earlier versions), bmah Approved by: re (bmah)
show more ...
|
Revision tags: release/6.2.0_cvs, release/6.2.0 |
|
#
81ae4b8d |
| 18-Sep-2006 |
Ruslan Ermilov <ru@FreeBSD.org> |
Markup fixes.
|
#
354a2389 |
| 24-Aug-2006 |
Daniel Gerzo <danger@FreeBSD.org> |
- add note about IPSEC_FILTERGIF to fast_ipsec(4) and let the users know that it is not possible to use Fast IPsec in conjuction with KAME IPsec - add available kernel options to ipsec(4) - add ref
- add note about IPSEC_FILTERGIF to fast_ipsec(4) and let the users know that it is not possible to use Fast IPsec in conjuction with KAME IPsec - add available kernel options to ipsec(4) - add reference for fast_ipsec(4) to ipsec(4)
Reviewed by: trhodes (mentor), keramida (mentor) Approved by: keramida (mentor)
show more ...
|
Revision tags: release/5.5.0_cvs, release/5.5.0, release/6.1.0_cvs, release/6.1.0 |
|
#
0ae1d432 |
| 14-Feb-2006 |
George V. Neville-Neil <gnn@FreeBSD.org> |
A little extra cleaning up.
MFC after: 1 week
|