#
283901 |
|
02-Jun-2015 |
ae |
MFC r275392: Remove route chaching support from ipsec code. It isn't used for some time. * remove sa_route_union declaration and route_cache member from struct secashead; * remove key_sa_routechange() call from ICMP and ICMPv6 code; * simplify ip_ipsec_mtu(); * remove #include <net/route.h>;
Sponsored by: Yandex LLC
|
#
274794 |
|
21-Nov-2014 |
ae |
MFC r274230: Pass mbuf to pfil processing before stripping outer IP header as it is described in if_enc(4).
|
#
274755 |
|
20-Nov-2014 |
ae |
MFC r274434: Fix ips_out_nosa errors accounting.
MFC r274454: ipsec6_process_packet is called before ip6_output fixes ip6_plen. Update ip6_plen before bpf processing to be able see correct value.
MFC r274455: We don't return sp pointer, thus NULL assignment isn't needed. And reference to sp will be freed at the end.
MFC r274465: Remove redundant ip6_plen initialization.
MFC r274466: Strip IP header only when we act in tunnel mode.
MFC r274467: Count statistics for the specific address family.
Sponsored by: Yandex LLC
|
#
274469 |
|
13-Nov-2014 |
ae |
MFC r274193: When mode isn't explicitly specified (wildcard) and inner protocol isn't IPv4 or IPv6, assume it is the transport mode.
Sponsored by: Yandex LLC
|
#
274132 |
|
05-Nov-2014 |
ae |
MFC r266800 by vanhu: IPv4-in-IPv6 and IPv6-in-IPv4 IPsec tunnels. For IPv6-in-IPv4, you may need to do the following command on the tunnel interface if it is configured as IPv4 only: ifconfig <interface> inet6 -ifdisabled
Code logic inspired from NetBSD. PR: kern/169438
MC r266822 by bz: Use IPv4 statistics in ipsec4_process_packet() rather than the IPv6 version. This also unbreaks the NOINET6 builds after r266800.
MFC r268083 by zec: The assumption in ipsec4_process_packet() that the payload may be only IPv4 is wrong, so check the IP version before mangling the payload header.
MFC r272394: Do not strip outer header when operating in transport mode. Instead requeue mbuf back to IPv4 protocol handler. If there is one extra IP-IP encapsulation, it will be handled with tunneling interface. And thus proper interface will be exposed into mbuf's rcvif. Also, tcpdump that listens on tunneling interface will see packets in both directions.
PR: 194761
|
#
259385 |
|
14-Dec-2013 |
ae |
MFC r257987: Initialize prot variable.
PR: 177417
|
#
283901 |
|
02-Jun-2015 |
ae |
MFC r275392: Remove route chaching support from ipsec code. It isn't used for some time. * remove sa_route_union declaration and route_cache member from struct secashead; * remove key_sa_routechange() call from ICMP and ICMPv6 code; * simplify ip_ipsec_mtu(); * remove #include <net/route.h>;
Sponsored by: Yandex LLC
|
#
274794 |
|
21-Nov-2014 |
ae |
MFC r274230: Pass mbuf to pfil processing before stripping outer IP header as it is described in if_enc(4).
|
#
274755 |
|
20-Nov-2014 |
ae |
MFC r274434: Fix ips_out_nosa errors accounting.
MFC r274454: ipsec6_process_packet is called before ip6_output fixes ip6_plen. Update ip6_plen before bpf processing to be able see correct value.
MFC r274455: We don't return sp pointer, thus NULL assignment isn't needed. And reference to sp will be freed at the end.
MFC r274465: Remove redundant ip6_plen initialization.
MFC r274466: Strip IP header only when we act in tunnel mode.
MFC r274467: Count statistics for the specific address family.
Sponsored by: Yandex LLC
|
#
274469 |
|
13-Nov-2014 |
ae |
MFC r274193: When mode isn't explicitly specified (wildcard) and inner protocol isn't IPv4 or IPv6, assume it is the transport mode.
Sponsored by: Yandex LLC
|
#
274132 |
|
05-Nov-2014 |
ae |
MFC r266800 by vanhu: IPv4-in-IPv6 and IPv6-in-IPv4 IPsec tunnels. For IPv6-in-IPv4, you may need to do the following command on the tunnel interface if it is configured as IPv4 only: ifconfig <interface> inet6 -ifdisabled
Code logic inspired from NetBSD. PR: kern/169438
MC r266822 by bz: Use IPv4 statistics in ipsec4_process_packet() rather than the IPv6 version. This also unbreaks the NOINET6 builds after r266800.
MFC r268083 by zec: The assumption in ipsec4_process_packet() that the payload may be only IPv4 is wrong, so check the IP version before mangling the payload header.
MFC r272394: Do not strip outer header when operating in transport mode. Instead requeue mbuf back to IPv4 protocol handler. If there is one extra IP-IP encapsulation, it will be handled with tunneling interface. And thus proper interface will be exposed into mbuf's rcvif. Also, tcpdump that listens on tunneling interface will see packets in both directions.
PR: 194761
|
#
259385 |
|
14-Dec-2013 |
ae |
MFC r257987: Initialize prot variable.
PR: 177417
|