History log of /freebsd/sys/netinet/sctp_os_bsd.h (Results 26 – 50 of 277)
Revision (<<< Hide revision tags) (Show revision tags >>>) Date Author Comments
# 051669e8 25-Jan-2020 Dimitry Andric <dim@FreeBSD.org>

Merge ^/head r356931 through r357118.


# a3b0db5b 22-Jan-2020 Gleb Smirnoff <glebius@FreeBSD.org>

Plug possible calls into ip6?_output() without network epoch from SCTP
bluntly adding epoch entrance into the macro that SCTP uses to call
ip6?_output(). This definitely will introduce several epoch

Plug possible calls into ip6?_output() without network epoch from SCTP
bluntly adding epoch entrance into the macro that SCTP uses to call
ip6?_output(). This definitely will introduce several epoch recursions.

Reported by: https://syzkaller.appspot.com/bug?id=79f03f574594a5be464997310896765c458ed80a
Reported by: https://syzkaller.appspot.com/bug?id=07c6f52106cddbe356cc2b2f3664a1c51cc0dadf

show more ...


Revision tags: release/12.1.0
# 94962f6b 05-Aug-2019 Michael Tuexen <tuexen@FreeBSD.org>

Improve consistency. No functional change.

MFC after: 3 days


# 0ecd976e 02-Aug-2019 Bjoern A. Zeeb <bz@FreeBSD.org>

IPv6 cleanup: kernel

Finish what was started a few years ago and harmonize IPv6 and IPv4
kernel names. We are down to very few places now that it is feasible
to do the change for everything remaini

IPv6 cleanup: kernel

Finish what was started a few years ago and harmonize IPv6 and IPv4
kernel names. We are down to very few places now that it is feasible
to do the change for everything remaining with causing too much disturbance.

Remove "aliases" for IPv6 names which confusingly could indicate
that we are talking about a different data structure or field or
have two fields, one for each address family.
Try to follow common conventions used in FreeBSD.

* Rename sin6p to sin6 as that is how it is spelt in most places.
* Remove "aliases" (#defines) for:
- in6pcb which really is an inpcb and nothing separate
- sotoin6pcb which is sotoinpcb (as per above)
- in6p_sp which is inp_sp
- in6p_flowinfo which is inp_flow
* Try to use ia6 for in6_addr rather than in6p.
* With all these gone also rename the in6p variables to inp as
that is what we call it in most of the network stack including
parts of netinet6.

The reasons behind this cleanup are that we try to further
unify netinet and netinet6 code where possible and that people
will less ignore one or the other protocol family when doing
code changes as they may not have spotted places due to different
names for the same thing.

No functional changes.

Discussed with: tuexen (SCTP changes)
MFC after: 3 months
Sponsored by: Netflix

show more ...


Revision tags: release/11.3.0, release/12.0.0
# 7847e041 24-Aug-2018 Dimitry Andric <dim@FreeBSD.org>

Merge ^/head r338026 through r338297, and resolve conflicts.


# 90ab3571 23-Aug-2018 Michael Tuexen <tuexen@FreeBSD.org>

Use arc4rand() instead of read_random() in the SCTP and TCP code.

This was suggested by jmg@.

Reviewed by: delphij@, jmg@, jtl@
MFC after: 1 month
Sponsored by: Netflix, Inc.
Differential Revisi

Use arc4rand() instead of read_random() in the SCTP and TCP code.

This was suggested by jmg@.

Reviewed by: delphij@, jmg@, jtl@
MFC after: 1 month
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D16860

show more ...


Revision tags: release/11.2.0
# 6469bdcd 06-Apr-2018 Brooks Davis <brooks@FreeBSD.org>

Move most of the contents of opt_compat.h to opt_global.h.

opt_compat.h is mentioned in nearly 180 files. In-progress network
driver compabibility improvements may add over 100 more so this is
close

Move most of the contents of opt_compat.h to opt_global.h.

opt_compat.h is mentioned in nearly 180 files. In-progress network
driver compabibility improvements may add over 100 more so this is
closer to "just about everywhere" than "only some files" per the
guidance in sys/conf/options.

Keep COMPAT_LINUX32 in opt_compat.h as it is confined to a subset of
sys/compat/linux/*.c. A fake _COMPAT_LINUX option ensure opt_compat.h
is created on all architectures.

Move COMPAT_LINUXKPI to opt_dontuse.h as it is only used to control the
set of compiled files.

Reviewed by: kib, cem, jhb, jtl
Sponsored by: DARPA, AFRL
Differential Revision: https://reviews.freebsd.org/D14941

show more ...


# 82725ba9 23-Nov-2017 Hans Petter Selasky <hselasky@FreeBSD.org>

Merge ^/head r325999 through r326131.


# 51369649 20-Nov-2017 Pedro F. Giffuni <pfg@FreeBSD.org>

sys: further adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 3-Clause license.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for

sys: further adoption of SPDX licensing ID tags.

Mainly focus on files that use BSD 3-Clause license.

The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.

Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.

show more ...


# c2c014f2 07-Nov-2017 Hans Petter Selasky <hselasky@FreeBSD.org>

Merge ^/head r323559 through r325504.


Revision tags: release/10.4.0
# e5d34ca9 23-Sep-2017 Enji Cooper <ngie@FreeBSD.org>

MFhead@r320180


# fe40f49b 16-Sep-2017 Michael Tuexen <tuexen@FreeBSD.org>

Remove code not used on any platform currently supported.

MFC after: 1 week


# 531c2d7a 24-Jul-2017 Enji Cooper <ngie@FreeBSD.org>

MFhead@r320180


# bca9d05f 23-Jul-2017 Hans Petter Selasky <hselasky@FreeBSD.org>

Merge ^/head r319973 through 321382.


Revision tags: release/11.1.0
# 7a0f2789 20-Jul-2017 Dimitry Andric <dim@FreeBSD.org>

Merge ^/head r321239 through r321306.


# 9dd6ca96 20-Jul-2017 Michael Tuexen <tuexen@FreeBSD.org>

Deal with listening socket correctly.


# d02c951f 26-May-2017 Dimitry Andric <dim@FreeBSD.org>

Merge ^/head r318658 through r318963.


# 5d08768a 26-May-2017 Michael Tuexen <tuexen@FreeBSD.org>

Use the SCTP_PCB_FLAGS_ACCEPTING flags to check for listeners.

While there, use a macro for checking the listen state to allow for
easier changes if required.

This done to help glebius@ with his li

Use the SCTP_PCB_FLAGS_ACCEPTING flags to check for listeners.

While there, use a macro for checking the listen state to allow for
easier changes if required.

This done to help glebius@ with his listen changes.

show more ...


# a3906ca5 17-Feb-2017 Dimitry Andric <dim@FreeBSD.org>

Merge ^/head r313644 through r313895.


# 627c036f 13-Feb-2017 Andrey V. Elsukov <ae@FreeBSD.org>

Remove IPsec related PCB code from SCTP.

The inpcb structure has inp_sp pointer that is initialized by
ipsec_init_pcbpolicy() function. This pointer keeps strorage for IPsec
security policies associ

Remove IPsec related PCB code from SCTP.

The inpcb structure has inp_sp pointer that is initialized by
ipsec_init_pcbpolicy() function. This pointer keeps strorage for IPsec
security policies associated with a specific socket.
An application can use IP_IPSEC_POLICY and IPV6_IPSEC_POLICY socket
options to configure these security policies. Then ip[6]_output()
uses inpcb pointer to specify that an outgoing packet is associated
with some socket. And IPSEC_OUTPUT() method can use a security policy
stored in the inp_sp. For inbound packet the protocol-specific input
routine uses IPSEC_CHECK_POLICY() method to check that a packet conforms
to inbound security policy configured in the inpcb.

SCTP protocol doesn't specify inpcb for ip[6]_output() when it sends
packets. Thus IPSEC_OUTPUT() method does not consider such packets as
associated with some socket and can not apply security policies
from inpcb, even if they are configured. Since IPSEC_CHECK_POLICY()
method is called from protocol-specific input routine, it can specify
inpcb pointer and associated with socket inbound policy will be
checked. But there are two problems:
1. Such check is asymmetric, becasue we can not apply security policy
from inpcb for outgoing packet.
2. IPSEC_CHECK_POLICY() expects that caller holds INPCB lock and
access to inp_sp is protected. But for SCTP this is not correct,
becasue SCTP uses own locks to protect inpcb.

To fix these problems remove IPsec related PCB code from SCTP.
This imply that IP_IPSEC_POLICY and IPV6_IPSEC_POLICY socket options
will be not applicable to SCTP sockets. To be able correctly check
inbound security policies for SCTP, mark its protocol header with
the PR_LASTHDR flag.

Reported by: tuexen
Reviewed by: tuexen
Differential Revision: https://reviews.freebsd.org/D9538

show more ...


# 1a36faad 11-Feb-2017 Dimitry Andric <dim@FreeBSD.org>

Merge ^/head r313301 through r313643.


# 15df32b4 07-Feb-2017 Enji Cooper <ngie@FreeBSD.org>

MFhead@r313360


# fcf59617 06-Feb-2017 Andrey V. Elsukov <ae@FreeBSD.org>

Merge projects/ipsec into head/.

Small summary
-------------

o Almost all IPsec releated code was moved into sys/netipsec.
o New kernel modules added: ipsec.ko and tcpmd5.ko. New kernel
option

Merge projects/ipsec into head/.

Small summary
-------------

o Almost all IPsec releated code was moved into sys/netipsec.
o New kernel modules added: ipsec.ko and tcpmd5.ko. New kernel
option IPSEC_SUPPORT added. It enables support for loading
and unloading of ipsec.ko and tcpmd5.ko kernel modules.
o IPSEC_NAT_T option was removed. Now NAT-T support is enabled by
default. The UDP_ENCAP_ESPINUDP_NON_IKE encapsulation type
support was removed. Added TCP/UDP checksum handling for
inbound packets that were decapsulated by transport mode SAs.
setkey(8) modified to show run-time NAT-T configuration of SA.
o New network pseudo interface if_ipsec(4) added. For now it is
build as part of ipsec.ko module (or with IPSEC kernel).
It implements IPsec virtual tunnels to create route-based VPNs.
o The network stack now invokes IPsec functions using special
methods. The only one header file <netipsec/ipsec_support.h>
should be included to declare all the needed things to work
with IPsec.
o All IPsec protocols handlers (ESP/AH/IPCOMP protosw) were removed.
Now these protocols are handled directly via IPsec methods.
o TCP_SIGNATURE support was reworked to be more close to RFC.
o PF_KEY SADB was reworked:
- now all security associations stored in the single SPI namespace,
and all SAs MUST have unique SPI.
- several hash tables added to speed up lookups in SADB.
- SADB now uses rmlock to protect access, and concurrent threads
can do SA lookups in the same time.
- many PF_KEY message handlers were reworked to reflect changes
in SADB.
- SADB_UPDATE message was extended to support new PF_KEY headers:
SADB_X_EXT_NEW_ADDRESS_SRC and SADB_X_EXT_NEW_ADDRESS_DST. They
can be used by IKE daemon to change SA addresses.
o ipsecrequest and secpolicy structures were cardinally changed to
avoid locking protection for ipsecrequest. Now we support
only limited number (4) of bundled SAs, but they are supported
for both INET and INET6.
o INPCB security policy cache was introduced. Each PCB now caches
used security policies to avoid SP lookup for each packet.
o For inbound security policies added the mode, when the kernel does
check for full history of applied IPsec transforms.
o References counting rules for security policies and security
associations were changed. The proper SA locking added into xform
code.
o xform code was also changed. Now it is possible to unregister xforms.
tdb_xxx structures were changed and renamed to reflect changes in
SADB/SPDB, and changed rules for locking and refcounting.

Reviewed by: gnn, wblock
Obtained from: Yandex LLC
Relnotes: yes
Sponsored by: Yandex LLC
Differential Revision: https://reviews.freebsd.org/D9352

show more ...


# 1bde3b70 09-Dec-2016 Dimitry Andric <dim@FreeBSD.org>

Merge ^/head r309519 through r309757.


# 5b495f17 06-Dec-2016 Michael Tuexen <tuexen@FreeBSD.org>

Whitespace changes.

The tools using to generate the sources has been updated and produces
different whitespaces. Commit this seperately to avoid intermixing
these with real code changes.

MFC after:

Whitespace changes.

The tools using to generate the sources has been updated and produces
different whitespaces. Commit this seperately to avoid intermixing
these with real code changes.

MFC after: 3 days

show more ...


12345678910>>...12