| #
221b3499 |
| 02-Feb-2016 |
Glen Barber <gjb@FreeBSD.org> |
MFH
Sponsored by: The FreeBSD Foundation
|
| #
8ec07310 |
| 01-Feb-2016 |
Gleb Smirnoff <glebius@FreeBSD.org> |
These files were getting sys/malloc.h and vm/uma.h with header pollution
via sys/mbuf.h
|
| #
11d38a57 |
| 28-Oct-2015 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Merge from head
Sponsored by: Gandi.net
|
| #
f94594b3 |
| 12-Sep-2015 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Finish merging from head, messed up in previous attempt
|
| #
ab875b71 |
| 14-Aug-2015 |
Navdeep Parhar <np@FreeBSD.org> |
Catch up with head, primarily for the 1.14.4.0 firmware.
|
|
Revision tags: release/10.2.0 |
|
| #
1347814c |
| 07-Aug-2015 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r285924 through r286421.
|
| #
a2bc81bf |
| 04-Aug-2015 |
John-Mark Gurney <jmg@FreeBSD.org> |
Make IPsec work with AES-GCM and AES-ICM (aka CTR) in OCF... IPsec
defines the keys differently than NIST does, so we have to muck with
key lengths and nonce/IVs to be standard compliant...
Remove
Make IPsec work with AES-GCM and AES-ICM (aka CTR) in OCF... IPsec
defines the keys differently than NIST does, so we have to muck with
key lengths and nonce/IVs to be standard compliant...
Remove the iv from secasvar as it was unused...
Add a counter protected by a mutex to ensure that the counter for GCM
and ICM will never be repeated.. This is a requirement for security..
I would use atomics, but we don't have a 64bit one on all platforms..
Fix a bug where IPsec was depending upon the OCF to ensure that the
blocksize was always at least 4 bytes to maintain alignment... Move
this logic into IPsec so changes to OCF won't break IPsec...
In one place, espx was always non-NULL, so don't test that it's
non-NULL before doing work..
minor style cleanups...
drop setting key and klen as they were not used...
Enforce that OCF won't pass invalid key lengths to AES that would
panic the machine...
This was has been tested by others too... I tested this against
NetBSD 6.1.5 using mini-test suite in
https://github.com/jmgurney/ipseccfgs and the only things that don't
pass are keyed md5 and sha1, and 3des-deriv (setkey syntax error),
all other modes listed in setkey's man page... The nice thing is
that NetBSD uses setkey, so same config files were used on both...
Reviewed by: gnn
show more ...
|
| #
98e0ffae |
| 27-May-2015 |
Simon J. Gerraty <sjg@FreeBSD.org> |
Merge sync of head
|
| #
d899be7d |
| 19-Jan-2015 |
Glen Barber <gjb@FreeBSD.org> |
Reintegrate head: r274132-r277384
Sponsored by: The FreeBSD Foundation
|
| #
8f0ea33f |
| 13-Jan-2015 |
Glen Barber <gjb@FreeBSD.org> |
Reintegrate head revisions r273096-r277147
Sponsored by: The FreeBSD Foundation
|
| #
a4ed7276 |
| 03-Jan-2015 |
Enji Cooper <ngie@FreeBSD.org> |
MFhead @ r276594
|
| #
8007ee2b |
| 27-Dec-2014 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r274961 through r276301.
|
| #
93201211 |
| 24-Dec-2014 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Rename ip4_def_policy variable to def_policy. It is used by both IPv4 and
IPv6. Initialize it only once in def_policy_init(). Remove its
initialization from key_init() and make it static.
Remove sev
Rename ip4_def_policy variable to def_policy. It is used by both IPv4 and
IPv6. Initialize it only once in def_policy_init(). Remove its
initialization from key_init() and make it static.
Remove several fields from struct secpolicy:
* lock - it isn't so useful having mutex in the structure, but the only
thing we do with it is initialization and destroying.
* state - it has only two values - DEAD and ALIVE. Instead of take a lock
and change the state to DEAD, then take lock again in GC function and
delete policy from the chain - keep in the chain only ALIVE policies.
* scangen - it was used in GC function to protect from sending several
SADB_SPDEXPIRE messages for one SPD entry. Now we don't keep DEAD entries
in the chain and there is no need to have scangen variable.
Use TAILQ to implement SPD entries chain. Use rmlock to protect access
to SPD entries chain. Protect all SP lookup with RLOCK, and use WLOCK
when we are inserting (or removing) SP entry in the chain.
Instead of using pattern "LOCK(); refcnt++; UNLOCK();", use refcount(9)
API to implement refcounting in SPD. Merge code from key_delsp() and
_key_delsp() into _key_freesp(). And use KEY_FREESP() macro in all cases
when we want to release reference or just delete SP entry.
Obtained from: Yandex LLC
Sponsored by: Yandex LLC
show more ...
|
| #
da976f9d |
| 05-Dec-2014 |
Enji Cooper <ngie@FreeBSD.org> |
MFhead @ r275496
|
| #
24ce0a02 |
| 04-Dec-2014 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r275387 through r275477.
|
| #
18961126 |
| 03-Dec-2014 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Remove __P() macro.
Suggested by: kevlo
Sponsored by: Yandex LLC
|
| #
2e84e6ea |
| 03-Dec-2014 |
Andrey V. Elsukov <ae@FreeBSD.org> |
ANSIfy function declarations.
Sponsored by: Yandex LLC
|
| #
2d957916 |
| 02-Dec-2014 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Remove route chaching support from ipsec code. It isn't used for some time.
* remove sa_route_union declaration and route_cache member from struct secashead;
* remove key_sa_routechange() call from I
Remove route chaching support from ipsec code. It isn't used for some time.
* remove sa_route_union declaration and route_cache member from struct secashead;
* remove key_sa_routechange() call from ICMP and ICMPv6 code;
* simplify ip_ipsec_mtu();
* remove #include <net/route.h>;
Sponsored by: Yandex LLC
show more ...
|
|
Revision tags: release/10.1.0 |
|
| #
246e7a2b |
| 02-Sep-2014 |
Neel Natu <neel@FreeBSD.org> |
IFC @r269962
Submitted by: Anish Gupta (akgupt3@gmail.com)
|
| #
ee7b0571 |
| 19-Aug-2014 |
Simon J. Gerraty <sjg@FreeBSD.org> |
Merge head from 7/28
|
| #
1b833d53 |
| 13-Aug-2014 |
Alexander V. Chernikov <melifaro@FreeBSD.org> |
Sync to HEAD@r269943.
|
| #
fcc34a23 |
| 11-Jul-2014 |
Gleb Smirnoff <glebius@FreeBSD.org> |
Fix style bug: rename the refcount field of m_ext to ext_cnt, to match
other members.
Sponsored by: Nginx, Inc.
|
|
Revision tags: release/9.3.0, release/10.0.0, release/9.2.0, release/8.4.0, release/9.1.0, release/8.3.0_cvs, release/8.3.0, release/9.0.0, release/7.4.0_cvs, release/8.2.0_cvs, release/7.4.0, release/8.2.0, release/8.1.0_cvs, release/8.1.0, release/7.3.0_cvs, release/7.3.0, release/8.0.0_cvs, release/8.0.0 |
|
| #
10b3b545 |
| 17-Sep-2009 |
Dag-Erling Smørgrav <des@FreeBSD.org> |
Merge from head
|
| #
11e9b8ba |
| 04-Aug-2009 |
Oleksandr Tymoshenko <gonzo@FreeBSD.org> |
- MFC @196061
|
| #
eddfbb76 |
| 15-Jul-2009 |
Robert Watson <rwatson@FreeBSD.org> |
Build on Jeff Roberson's linker-set based dynamic per-CPU allocator
(DPCPU), as suggested by Peter Wemm, and implement a new per-virtual
network stack memory allocator. Modify vnet to use the alloca
Build on Jeff Roberson's linker-set based dynamic per-CPU allocator
(DPCPU), as suggested by Peter Wemm, and implement a new per-virtual
network stack memory allocator. Modify vnet to use the allocator
instead of monolithic global container structures (vinet, ...). This
change solves many binary compatibility problems associated with
VIMAGE, and restores ELF symbols for virtualized global variables.
Each virtualized global variable exists as a "reference copy", and also
once per virtual network stack. Virtualized global variables are
tagged at compile-time, placing the in a special linker set, which is
loaded into a contiguous region of kernel memory. Virtualized global
variables in the base kernel are linked as normal, but those in modules
are copied and relocated to a reserved portion of the kernel's vnet
region with the help of a the kernel linker.
Virtualized global variables exist in per-vnet memory set up when the
network stack instance is created, and are initialized statically from
the reference copy. Run-time access occurs via an accessor macro, which
converts from the current vnet and requested symbol to a per-vnet
address. When "options VIMAGE" is not compiled into the kernel, normal
global ELF symbols will be used instead and indirection is avoided.
This change restores static initialization for network stack global
variables, restores support for non-global symbols and types, eliminates
the need for many subsystem constructors, eliminates large per-subsystem
structures that caused many binary compatibility issues both for
monitoring applications (netstat) and kernel modules, removes the
per-function INIT_VNET_*() macros throughout the stack, eliminates the
need for vnet_symmap ksym(2) munging, and eliminates duplicate
definitions of virtualized globals under VIMAGE_GLOBALS.
Bump __FreeBSD_version and update UPDATING.
Portions submitted by: bz
Reviewed by: bz, zec
Discussed with: gnn, jamie, jeff, jhb, julian, sam
Suggested by: peter
Approved by: re (kensmith)
show more ...
|