| #
5e3934b1 |
| 24-Nov-2023 |
Warner Losh <imp@FreeBSD.org> |
usr.bin: Automated cleanup of cdefs and other formatting
Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.
R
usr.bin: Automated cleanup of cdefs and other formatting
Apply the following automated changes to try to eliminate
no-longer-needed sys/cdefs.h includes as well as now-empty
blank lines in a row.
Remove /^#if.*\n#endif.*\n#include\s+<sys/cdefs.h>.*\n/
Remove /\n+#include\s+<sys/cdefs.h>.*\n+#if.*\n#endif.*\n+/
Remove /\n+#if.*\n#endif.*\n+/
Remove /^#if.*\n#endif.*\n/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/types.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/param.h>/
Remove /\n+#include\s+<sys/cdefs.h>\n#include\s+<sys/capsicum.h>/
Sponsored by: Netflix
show more ...
|
| #
bdcbfde3 |
| 23-Nov-2023 |
Warner Losh <imp@FreeBSD.org> |
usr.bin: Remove ancient SCCS tags.
Remove ancient SCCS tags from the tree, automated scripting, with two
minor fixup to keep things compiling. All the common forms in the tree
were removed with a pe
usr.bin: Remove ancient SCCS tags.
Remove ancient SCCS tags from the tree, automated scripting, with two
minor fixup to keep things compiling. All the common forms in the tree
were removed with a perl script.
Sponsored by: Netflix
show more ...
|
|
Revision tags: release/14.0.0 |
|
| #
1d386b48 |
| 16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: one-line .c pattern
Remove /^[\s*]*__FBSDID\("\$FreeBSD\$"\);?\s*\n/
|
|
Revision tags: release/13.2.0, release/12.4.0, release/13.1.0 |
|
| #
ecc467eb |
| 06-Feb-2022 |
Gordon Bergling <gbe@FreeBSD.org> |
ipsec(4): Fix a few typos in error messages
- s/receieve/receive/
MFC after: 1 week
|
|
Revision tags: release/12.3.0 |
|
| #
ae4fb190 |
| 05-Oct-2021 |
Mateusz Guzik <mjg@FreeBSD.org> |
netstat: split ipsec and ipsec6 statistics in libxo
In particular fixes --libxo json
PR: 254673
Reported by: j.vandeville@gmail.com
Sponsored by: Rubicon Communications, LLC ("Netgate")
|
|
Revision tags: release/13.0.0, release/12.2.0, release/11.4.0 |
|
| #
00a4311a |
| 05-Jun-2020 |
John Baldwin <jhb@FreeBSD.org> |
Refer to AES-CBC as "aes-cbc" rather than "rijndael-cbc" for IPsec.
At this point, AES is the more common name for Rijndael128. setkey(8)
will still accept the old name, and old constants remain fo
Refer to AES-CBC as "aes-cbc" rather than "rijndael-cbc" for IPsec.
At this point, AES is the more common name for Rijndael128. setkey(8)
will still accept the old name, and old constants remain for
compatiblity.
Reviewed by: cem, bcr (manpages)
MFC after: 2 weeks
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D24964
show more ...
|
| #
16aabb76 |
| 02-May-2020 |
John Baldwin <jhb@FreeBSD.org> |
Remove support for IPsec algorithms deprecated in r348205 and r360202.
Examples of depecrated algorithms in manual pages and sample configs
are updated where relevant. I removed the one example of
Remove support for IPsec algorithms deprecated in r348205 and r360202.
Examples of depecrated algorithms in manual pages and sample configs
are updated where relevant. I removed the one example of combining
ESP and AH (vs using a cipher and auth in ESP) as RFC 8221 says this
combination is NOT RECOMMENDED.
Specifically, this removes support for the following ciphers:
- des-cbc
- 3des-cbc
- blowfish-cbc
- cast128-cbc
- des-deriv
- des-32iv
- camellia-cbc
This also removes support for the following authentication algorithms:
- hmac-md5
- keyed-md5
- keyed-sha1
- hmac-ripemd160
Reviewed by: cem, gnn (older verisons)
Relnotes: yes
Sponsored by: Chelsio Communications
Differential Revision: https://reviews.freebsd.org/D24342
show more ...
|
|
Revision tags: release/12.1.0 |
|
| #
67b3fe8e |
| 07-Aug-2019 |
John Baldwin <jhb@FreeBSD.org> |
Tidy up the list of auth and encryption algorithms for IPsec stats.
- Use keyed-md5 and keyed_sha1 instead of md5 and sha1 to match
the names accepted by setkey and to also avoid confusion since
Tidy up the list of auth and encryption algorithms for IPsec stats.
- Use keyed-md5 and keyed_sha1 instead of md5 and sha1 to match
the names accepted by setkey and to also avoid confusion since
these are not "plain" MD5 or SHA1.
- Remove always-true #ifdef's to make the source a bit easier to
read.
- Add missing mappings for tcp-md5, camellia-cbc, and aes-gmac.
MFC after: 2 weeks
Sponsored by: Chelsio Communications
show more ...
|
|
Revision tags: release/11.3.0, release/12.0.0, release/11.2.0 |
|
| #
f8e73c47 |
| 22-May-2018 |
Fabien Thomas <fabient@FreeBSD.org> |
Add a SPD cache to speed up lookups.
When large SPDs are used, we face two problems:
- too many CPU cycles are spent during the linear searches in the SPD
for each packet
- too much contention on
Add a SPD cache to speed up lookups.
When large SPDs are used, we face two problems:
- too many CPU cycles are spent during the linear searches in the SPD
for each packet
- too much contention on multi socket systems, since we use a single
shared lock.
Main changes:
- added the sysctl tree 'net.key.spdcache' to control the SPD cache
(disabled by default).
- cache the sp indexes that are used to perform SP lookups.
- use a range of dedicated mutexes to protect the cache lines.
Submitted by: Emeric Poupon <emeric.poupon@stormshield.eu>
Reviewed by: ae
Sponsored by: Stormshield
Differential Revision: https://reviews.freebsd.org/D15050
show more ...
|
| #
82725ba9 |
| 23-Nov-2017 |
Hans Petter Selasky <hselasky@FreeBSD.org> |
Merge ^/head r325999 through r326131.
|
| #
8a16b7a1 |
| 20-Nov-2017 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
General further adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 3-Clause license.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier f
General further adoption of SPDX licensing ID tags.
Mainly focus on files that use BSD 3-Clause license.
The Software Package Data Exchange (SPDX) group provides a specification
to make it easier for automated tools to detect and summarize well known
opensource licenses. We are gradually adopting the specification, noting
that the tags are considered only advisory and do not, in any way,
superceed or replace the license texts.
Special thanks to Wind River for providing access to "The Duke of
Highlander" tool: an older (2014) run over FreeBSD tree was useful as a
starting point.
show more ...
|
|
Revision tags: release/10.4.0, release/11.1.0 |
|
| #
a773cead |
| 30-May-2017 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r318964 through r319164.
|
| #
708e72dc |
| 27-May-2017 |
John Baldwin <jhb@FreeBSD.org> |
Add descriptions for AES-GCM IPSec authentication (AH) counters.
MFC after: 1 week
Sponsored by: Chelsio Communications
|
| #
348238db |
| 01-Mar-2017 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r314420 through r314481.
|
| #
fbbd9655 |
| 01-Mar-2017 |
Warner Losh <imp@FreeBSD.org> |
Renumber copyright clause 4
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is
Renumber copyright clause 4
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.
Submitted by: Jan Schaumann <jschauma@stevens.edu>
Pull Request: https://github.com/freebsd/freebsd/pull/96
show more ...
|
|
Revision tags: release/11.0.1, release/11.0.0, release/10.3.0 |
|
| #
b626f5a7 |
| 04-Jan-2016 |
Glen Barber <gjb@FreeBSD.org> |
MFH r289384-r293170
Sponsored by: The FreeBSD Foundation
|
| #
9a7cd2e6 |
| 22-Dec-2015 |
Bjoern A. Zeeb <bz@FreeBSD.org> |
MFH @r292599
This includes the pluggable TCP framework and other chnages to the
netstack to track for VNET stability.
Security: The FreeBSD Foundation
|
| #
9d2d8e7b |
| 17-Dec-2015 |
George V. Neville-Neil <gnn@FreeBSD.org> |
Switch the IPsec related statistics to using the built in sysctl
variable set rather than reading from kernel memory.
This also makes the -z (zero) flag work correctly
MFC after: 1 week
Sponsored by
Switch the IPsec related statistics to using the built in sysctl
variable set rather than reading from kernel memory.
This also makes the -z (zero) flag work correctly
MFC after: 1 week
Sponsored by: Rubicon Communications, LLC (Netgate)
Differential Revision: https://reviews.freebsd.org/D4591
show more ...
|
| #
b5ff185e |
| 12-Sep-2015 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Merge from head
|
| #
ab875b71 |
| 14-Aug-2015 |
Navdeep Parhar <np@FreeBSD.org> |
Catch up with head, primarily for the 1.14.4.0 firmware.
|
|
Revision tags: release/10.2.0 |
|
| #
4cd9b24e |
| 04-Jul-2015 |
Dimitry Andric <dim@FreeBSD.org> |
Merge ^/head r284737 through r285152.
|
| #
987de844 |
| 03-Jul-2015 |
George V. Neville-Neil <gnn@FreeBSD.org> |
New AES modes for IPSec, user space components.
Update setkey and libipsec to understand aes-gcm-16 as an
encryption method.
A partial commit of the work in review D2936.
Submitted by: eri
Reviewed
New AES modes for IPSec, user space components.
Update setkey and libipsec to understand aes-gcm-16 as an
encryption method.
A partial commit of the work in review D2936.
Submitted by: eri
Reviewed by: jmg
MFC after: 2 weeks
Sponsored by: Rubicon Communications (Netgate)
show more ...
|
| #
98e0ffae |
| 27-May-2015 |
Simon J. Gerraty <sjg@FreeBSD.org> |
Merge sync of head
|
| #
e6e746bf |
| 25-Mar-2015 |
Glen Barber <gjb@FreeBSD.org> |
MFH: r278968-r280640
Sponsored by: The FreeBSD Foundation
|
| #
fa1e92b6 |
| 04-Mar-2015 |
Baptiste Daroussin <bapt@FreeBSD.org> |
Merge from head
|