| /freebsd/sys/netpfil/ipfilter/netinet/ |
| H A D | ip_ipsec_pxy.c | 16 * IPSec proxy
41 * IPSec application proxy initialization.
55 MUTEX_INIT(&softi->ipsec_fr.fr_lock, "IPsec proxy rule lock"); in ipf_p_ipsec_soft_create()
123 * Setup for a new IPSEC proxy.
134 ipsec_pxy_t *ipsec; in ipf_p_ipsec_new() local
162 KMALLOC(ipsec, ipsec_pxy_t *); in ipf_p_ipsec_new()
163 if (ipsec == NULL) in ipf_p_ipsec_new()
168 KFREE(ipsec); in ipf_p_ipsec_new()
172 aps->aps_data = ipsec; in ipf_p_ipsec_new()
173 aps->aps_psiz = sizeof(*ipsec); in ipf_p_ipsec_new()
[all …]
|
| /freebsd/share/man/man4/ |
| H A D | ipsec.4 | 1 .\" $KAME: ipsec.4,v 1.17 2001/06/27 15:25:10 itojun Exp $
34 .Nm ipsec
37 .Cd "options IPSEC"
92 .It "net.inet.ipsec.filtertunnel 0 1"
123 interface and allows the programmer to define IPsec policies
139 IPsec policies can be managed in one of two ways, either by
147 you can define IPsec policies against packets using rules similar to packet
156 A properly-formed IPsec policy specification structure can be
170 system's IPsec behavior.
177 there is not then the packets are not processed by IPsec.
[all …]
|
| H A D | enc.4 | 57 .Xr ipsec 4
66 .Xr ipsec 4
72 interface inherits all IPsec traffic.
73 Thus all IPsec traffic can be filtered based on
75 and all IPsec traffic could be seen by invoking
114 ---- IPsec processing ---- (before) ---- (after) ----> | |
116 <--- IPsec processing ---- (after) ----- (before) ---- | |
130 .Xr ipsec 4 ,
141 .Xr ipsec 4 ,
|
| H A D | if_ipsec.4 | 30 .Nd IPsec virtual tunneling interface
36 IPsec implementation.
40 .Cd "options IPSEC"
44 .Cm ipsec
63 The administrator must configure IPsec
78 which are needed for establishing an IPsec tunnel.
101 The example below shows manual configuration of an IPsec tunnel
135 .Xr ipsec 4 ,
|
| /freebsd/sys/dev/mlx5/mlx5_fpga/ |
| H A D | mlx5fpga_ipsec.c | 36 #include <dev/mlx5/mlx5_fpga/ipsec.h>
104 mlx5_fpga_warn(fdev, "IPSec command send failed with status %u\n", in mlx5_fpga_ipsec_send_complete()
135 mlx5_fpga_warn(fdev, "Short receive from FPGA IPSec: %u < %zu bytes\n", in mlx5_fpga_ipsec_recv()
143 spin_lock_irqsave(&fdev->ipsec->pending_cmds_lock, flags); in mlx5_fpga_ipsec_recv()
144 context = list_first_entry_or_null(&fdev->ipsec->pending_cmds, in mlx5_fpga_ipsec_recv()
149 spin_unlock_irqrestore(&fdev->ipsec->pending_cmds_lock, flags); in mlx5_fpga_ipsec_recv()
152 mlx5_fpga_warn(fdev, "Received IPSec offload response without pending command request\n"); in mlx5_fpga_ipsec_recv()
169 mlx5_fpga_warn(fdev, "IPSec SADB command failed with syndrome %08x\n", in mlx5_fpga_ipsec_recv()
183 if (!fdev || !fdev->ipsec) in mlx5_fpga_ipsec_sa_cmd_exec()
196 spin_lock_irqsave(&fdev->ipsec->pending_cmds_lock, flags); in mlx5_fpga_ipsec_sa_cmd_exec()
[all …]
|
| /freebsd/sys/dev/mlx5/mlx5_accel/ |
| H A D | mlx5_ipsec_fs.c | 37 #include <netipsec/ipsec.h>
43 #include <dev/mlx5/mlx5_accel/ipsec.h>
124 struct mlx5e_ipsec_rule kspi_bypass_rule; /*rule for IPSEC bypass*/
326 mlx5_core_err(mdev, "fail to create IPsec miss_group err=%d\n", in ipsec_miss_create()
340 mlx5_core_err(mdev, "fail to create IPsec miss_rule err=%d\n", in ipsec_miss_create()
523 struct mlx5e_ipsec *ipsec = sa_entry->ipsec; in rx_add_rule() local
532 rx = (attrs->family == AF_INET) ? ipsec->rx_ipv4 : ipsec->rx_ipv6; in rx_add_rule()
592 mlx5_core_err(mdev, "fail to add RX ipsec rule err=%d\n", err); in rx_add_rule()
605 "fail to add RX ipsec zero vid rule err=%d\n", in rx_add_rule()
664 mlx5_core_err(mdev, "Fail to add ipsec tx counter rule err=%d\n", err); in ipsec_counter_rule_tx()
[all …]
|
| H A D | ipsec.h | 79 /* Protect ASO WQ access, as it is global to whole IPsec */
158 struct mlx5e_ipsec *ipsec; member
199 struct mlx5e_ipsec *ipsec; member
210 int mlx5e_ipsec_aso_init(struct mlx5e_ipsec *ipsec);
211 void mlx5e_ipsec_aso_cleanup(struct mlx5e_ipsec *ipsec);
221 return sa_entry->ipsec->mdev; in mlx5e_ipsec_sa2dev()
227 return pol_entry->ipsec->mdev; in mlx5e_ipsec_pol2dev()
234 int mlx5e_accel_ipsec_fs_init(struct mlx5e_ipsec *ipsec);
235 void mlx5e_accel_ipsec_fs_cleanup(struct mlx5e_ipsec *ipsec);
|
| /freebsd/lib/libipsec/ |
| H A D | ipsec_set_policy.3 | 37 .Nd create an IPsec policy structure from a human readable string
42 .In netipsec/ipsec.h
52 function generates an IPsec policy specification structure,
65 IPsec policy specification structure.
79 function converts an IPsec policy structure into a human readable form.
82 argument points to an IPsec policy structure,
124 indicates that IPsec processing should not occur and that the
130 .Li ipsec
134 .Li ipsec
135 means that matching packets are processed by IPsec
[all...] |
| H A D | test-policy.c | 41 #include <netipsec/ipsec.h>
56 { 0, "out ipsec" },
58 { 1, "in ipsec must_error" },
59 { 1, "out ipsec esp/must_error" },
64 { 1, "out ipsec esp" },
65 { 0, "in ipsec ah/transport" },
66 { 1, "in ipsec ah/tunnel" },
67 { 0, "out ipsec ah/transport/" },
68 { 1, "out ipsec ah/tunnel/" },
69 { 0, "in ipsec esp / transport / 10.0.0.1-10.0.0.2" },
[all …]
|
| /freebsd/libexec/rc/rc.d/ |
| H A D | ipsec | 5 # PROVIDE: ipsec
12 name="ipsec"
22 required_modules="ipsec"
28 warn "$ipsec_file not readable; ipsec start aborted."
37 echo "Installing ipsec manual keys/policies."
43 echo "Clearing ipsec manual keys/policies."
55 echo "Reloading ipsec manual keys/policies."
|
| /freebsd/sbin/ipf/libipf/ |
| H A D | printaps.c | 19 ipsec_pxy_t ipsec; in printaps() local
95 } else if (!strcmp(apr.apr_label, "ipsec") && in printaps()
96 (ap.aps_psiz == sizeof(ipsec))) { in printaps()
97 if (kmemcpy((char *)&ipsec, (long)ap.aps_data, sizeof(ipsec))) in printaps()
101 (u_int)ntohl(ipsec.ipsc_icookie[0]), in printaps()
102 (u_int)ntohl(ipsec.ipsc_icookie[1]), in printaps()
103 (u_int)ntohl(ipsec.ipsc_rcookie[0]), in printaps()
104 (u_int)ntohl(ipsec.ipsc_rcookie[1]), in printaps()
105 ipsec.ipsc_rckset ? "(Set)" : "(Not set)"); in printaps()
|
| /freebsd/share/doc/IPv6/ |
| H A D | IMPLEMENTATION | 69 4. IPsec
75 4.6 ECN consideration on IPsec tunnels
77 4.8 Operations with IPsec tunnel mode
78 4.8.1 RFC2401 IPsec tunnel mode approach
79 4.8.2 draft-touch-ipsec-vpn approach
937 IPsec does not work on jumbograms. This is due to some specification twists
977 Because of this, if you receive IPsec-over-IPv4 packet with massive
978 number of IPsec headers, kernel stack may blow up. IPsec-over-IPv6 is okay.
1245 which was derived from NRL IPv6/IPsec stack. We guess it supports IPv4 mapped
1266 which was derived from NRL IPv6/IPsec stack.
[all …]
|
| /freebsd/tools/regression/ipsec/ |
| H A D | ipsec6.t | 3 # IPv6 IPsec test based on ipsec.t, in this same directory, which tests
4 # IPsec by setting up a set of tunnels and then sending ICMPv6 packets,
18 #sysctl net.inet.ipsec.crypto_support=1 >/dev/null 2>&1
70 echo "spdadd -6 1::1 2::1 any -P out ipsec esp/transport//require;"
71 echo "spdadd -6 2::1 1::1 any -P in ipsec esp/transport//require;"
72 echo "spdadd -6 1::1 2::1 any -P in ipsec esp/transport//require;"
73 echo "spdadd -6 2::1 1::1 any -P out ipsec esp/transport//require;"
|
| /freebsd/sbin/setkey/ |
| H A D | test-policy.c | 37 #include <netipsec/ipsec.h>
44 "ipsec must_error", /* must be error */
45 "ipsec esp/must_error", /* must be error */
50 "ipsec esp", /* must be error */
51 "ipsec ah/require",
52 "ipsec ah/use/",
53 "ipsec esp/require ah/default/203.178.141.194",
54 "ipsec ah/use/203.178.141.195 esp/use/203.178.141.194",
55 "ipsec esp/elf.wide.ydc.co.jp esp/www.wide.ydc.co.jp"
57 ipsec esp/require ah/use esp/require/10.0.0.1
|
| H A D | setkey.8 | 36 .Nd "manually manipulate the IPsec SA/SP database"
455 The following example shows a policy where IPSec is not required for
467 protocols other than TCP, UDP and ICMP may not be suitable to use with IPsec.
477 .It Xo Fl P Ar direction Li ipsec
495 .Li ipsec .
505 policy level means that IPsec operations will not take place on
509 .Li ipsec
510 policy level means that IPsec operation will take place onto
593 .Xr racoon 8 Pq Pa ports/security/ipsec-tools
738 -P out ipsec esp/tunnel/192.168.0.1-192.168.1.2/require ;
[all …]
|
| /freebsd/sys/netipsec/ |
| H A D | ipsec_mod.c | 48 #include <netipsec/ipsec.h>
100 * Always register ipsec module.
101 * Even when IPsec is build in the kernel, we need to have
102 * module registered. This will prevent to load ipsec.ko.
140 "ipsec",
145 DECLARE_MODULE(ipsec, ipsec_mod, SI_SUB_PROTO_DOMAIN, SI_ORDER_ANY);
146 MODULE_VERSION(ipsec, 1);
148 MODULE_DEPEND(ipsec, ipsec_support, 1, 1, 1);
|
| H A D | ipsec.h | 1 /* $KAME: ipsec.h,v 1.53 2001/11/20 08:32:38 itojun Exp $ */
35 * IPsec controller part.
70 /* Request for IPsec */
74 u_int level; /* IPsec level defined below. */
92 u_int tcount; /* IPsec transforms count */
124 * Such policies can have IPSEC, BYPASS and ENTRUST type.
126 * When application sets BYPASS or IPSEC type policy, the flags field
154 /* buffer size for formatted output of ipsec address */
182 * IPSEC, ENTRUST and BYPASS are allowed for setsockopt() in PCB,
183 * DISCARD, IPSEC and NONE are allowed for setkey() in SPD.
[all …]
|
| H A D | ipsec_output.c | 31 * IPsec output processing.
82 #include <netipsec/ipsec.h>
130 DPRINTF(("%s: IPsec outbound packet dropped due" in ipsec4_allocsa()
171 * this IPsec transform, thus we can continue w/o in ipsec4_allocsa()
172 * IPsec processing, i.e. return EJUSTRETURN. in ipsec4_allocsa()
186 * IPsec output logic for IPv4.
200 IPSEC_ASSERT(idx < sp->tcount, ("Wrong IPsec request index %d", idx)); in ipsec4_perform_request()
213 if (error == EJUSTRETURN) { /* No IPsec required */ in ipsec4_perform_request()
255 if_printf(ifp, "Tx TLS+IPSEC packet\n"); in ipsec4_perform_request()
289 * Dispatch to the appropriate IPsec transform logic. The in ipsec4_perform_request()
[all …]
|
| H A D | subr_ipsec.c | 50 #include <netipsec/ipsec.h>
58 * This file is build in the kernel only when 'options IPSEC' or
156 MTX_SYSINIT(xfroms_list, &xforms_lock, "IPsec transforms list", MTX_DEF);
225 * IPSEC_SUPPORT - loading of ipsec.ko and tcpmd5.ko is supported.
226 * IPSEC + IPSEC_SUPPORT - loading tcpmd5.ko is supported.
227 * IPSEC + TCP_SIGNATURE - all is build in the kernel, do not build
230 #if !defined(IPSEC) || !defined(TCP_SIGNATURE)
266 #endif /* !IPSEC || !TCP_SIGNATURE */
311 #ifndef IPSEC
313 * IPsec support is build as kernel module.
[all …]
|
| /freebsd/tests/sys/netipsec/tunnel/ |
| H A D | utils.subr | 10 if ! sysctl -q kern.features.ipsec >/dev/null ; then
11 atf_skip "This test requires ipsec"
102 printf " ipsec esp/tunnel/${SRC_GW}-${DST_GW}/require;\n"
105 printf " ipsec esp/tunnel/${DST_GW}-${SRC_GW}/require;\n"
110 ) > ${TMPDIR}/ipsec.${jname}.conf
119 atf_check -s exit:0 -o ignore jexec ipsecA setkey -f ${TMPDIR}/ipsec.ipsecA.conf
121 atf_check -s exit:0 -o ignore jexec ipsecB setkey -f ${TMPDIR}/ipsec.ipsecB.conf
122 # Check ipsec tunnel
|
| /freebsd/tests/sys/netpfil/pf/ |
| H A D | if_enc.sh | 43 # .----------->| gateway | < IPsec > | gateway |<-----------.
56 # encrypted, i.e. host wan should see IPsec flow (ESP packets).
61 if ! sysctl -q kern.features.ipsec >/dev/null ; then
62 atf_skip "This test requires ipsec"
113 spdadd 1.0.0.0/24 4.0.0.0/24 any -P out ipsec esp/tunnel/2.0.0.22-3.0.0.33/require;
114 spdadd 4.0.0.0/24 1.0.0.0/24 any -P in ipsec esp/tunnel/3.0.0.33-2.0.0.22/require;
121 spdadd 4.0.0.0/24 1.0.0.0/24 any -P out ipsec esp/tunnel/3.0.0.33-2.0.0.22/require;
122 spdadd 1.0.0.0/24 4.0.0.0/24 any -P in ipsec esp/tunnel/2.0.0.22-3.0.0.33/require;
147 jexec bgw sysctl net.inet.ipsec.filtertunnel=0
|
| /freebsd/sys/dev/ice/ |
| H A D | virtchnl_inline_ipsec.h | |
| /freebsd/sbin/ping/ |
| H A D | main.h | 32 #ifdef IPSEC
33 #include <netipsec/ipsec.h>
34 #endif /*IPSEC*/
36 #if defined(INET) && defined(IPSEC) && defined(IPSEC_POLICY_IPSEC)
43 #if defined(INET6) && defined(IPSEC) && defined(IPSEC_POLICY_IPSEC)
45 #elif defined(INET6) && defined(IPSEC) && !defined(IPSEC_POLICY_IPSEC)
|
| /freebsd/usr.sbin/rrenumd/ |
| H A D | rrenumd.c | 51 #ifdef IPSEC
52 #include <netipsec/ipsec.h>
78 #ifdef IPSEC
85 #endif /*IPSEC*/
128 #ifdef IPSEC in show_usage()
134 #endif /* IPSEC */ in show_usage()
273 #ifdef IPSEC in sock6_open()
315 #ifdef IPSEC in sock6_open()
348 #endif /* IPSEC */ in sock6_open()
358 #ifdef IPSEC in sock4_open()
[all …]
|
| /freebsd/sys/contrib/device-tree/Bindings/crypto/ |
| H A D | picochip-spacc.txt | 4 IPSEC and femtocell layer 2 ciphering.
7 - compatible : "picochip,spacc-ipsec" for the IPSEC offload engine
16 compatible = "picochip,spacc-ipsec";
|