#
301780 |
|
10-Jun-2016 |
ngie |
MFC r299387: r299387 (by cem):
netipsec: Fix minor style nit
Coverity points out that 'continue' is equivalent to 'break' in a do {} while(false) loop.
CID: 1354983
|
#
296558 |
|
09-Mar-2016 |
ae |
MFC r295967: Fix useless check. m_pkthdr.len should be equal to orglen.
|
#
285614 |
|
15-Jul-2015 |
ae |
MFC r285204: Fill the port and protocol information in the SADB_ACQUIRE message in case when security policy has it as required by RFC 2367.
PR: 192774
Approved by: re (delphij)
|
#
283937 |
|
03-Jun-2015 |
ae |
MFC r283146: In the reply to SADB_X_SPDGET message use the same sequence number that was in the request. Some IKE deamons expect it will the same. Linux and NetBSD also follow this behaviour.
PR: 137309
|
#
283903 |
|
02-Jun-2015 |
ae |
MFC r283101: Teach key_expire() send SADB_EXPIRE message with the SADB_EXT_LIFETIME_HARD extension header type. The key_flush_sad() now will send SADB_EXPIRE message when HARD lifetime expires. This is required by RFC 2367 and some keying daemons rely on these messages. HARD lifetime messages have precedence over SOFT lifetime messages, so now they will be checked first. Also now SADB_EXPIRE messages will be send even the SA has not been used, because keying daemons might want to rekey such SA.
PR: 200282, 200283
MFC r283102: Change SA's state before sending SADB_EXPIRE message. This state will be reported to keying daemon.
|
#
283902 |
|
02-Jun-2015 |
ae |
MFC r275390: Remove unused declartations.
MFC r275437: ANSIfy function declarations.
MFC r275438: Remove __P() macro.
Sponsored by: Yandex LLC
|
#
283901 |
|
02-Jun-2015 |
ae |
MFC r275392: Remove route chaching support from ipsec code. It isn't used for some time. * remove sa_route_union declaration and route_cache member from struct secashead; * remove key_sa_routechange() call from ICMP and ICMPv6 code; * simplify ip_ipsec_mtu(); * remove #include <net/route.h>;
Sponsored by: Yandex LLC
|
#
279989 |
|
14-Mar-2015 |
ae |
MFC r279735: Remove extra '&'. sin6 is already a pointer.
PR: 195011
|
#
275822 |
|
16-Dec-2014 |
ae |
MFC r275575: key_getspacq() returns holding the spacq_lock. Unlock it in all cases.
Sponsored by: Yandex LLC
|
#
274468 |
|
13-Nov-2014 |
ae |
MFC r273904: Use in_localip() instead of handmade implementation.
Sponsored by: Yandex LLC
|
#
270053 |
|
16-Aug-2014 |
bz |
MFC r266606:
Only do a ports check if this is a NAT-T SA. Otherwise other lookups providing ports may get unexpected results.
|
#
285614 |
|
15-Jul-2015 |
ae |
MFC r285204: Fill the port and protocol information in the SADB_ACQUIRE message in case when security policy has it as required by RFC 2367.
PR: 192774
Approved by: re (delphij)
|
#
283937 |
|
03-Jun-2015 |
ae |
MFC r283146: In the reply to SADB_X_SPDGET message use the same sequence number that was in the request. Some IKE deamons expect it will the same. Linux and NetBSD also follow this behaviour.
PR: 137309
|
#
283903 |
|
02-Jun-2015 |
ae |
MFC r283101: Teach key_expire() send SADB_EXPIRE message with the SADB_EXT_LIFETIME_HARD extension header type. The key_flush_sad() now will send SADB_EXPIRE message when HARD lifetime expires. This is required by RFC 2367 and some keying daemons rely on these messages. HARD lifetime messages have precedence over SOFT lifetime messages, so now they will be checked first. Also now SADB_EXPIRE messages will be send even the SA has not been used, because keying daemons might want to rekey such SA.
PR: 200282, 200283
MFC r283102: Change SA's state before sending SADB_EXPIRE message. This state will be reported to keying daemon.
|
#
283902 |
|
02-Jun-2015 |
ae |
MFC r275390: Remove unused declartations.
MFC r275437: ANSIfy function declarations.
MFC r275438: Remove __P() macro.
Sponsored by: Yandex LLC
|
#
283901 |
|
02-Jun-2015 |
ae |
MFC r275392: Remove route chaching support from ipsec code. It isn't used for some time. * remove sa_route_union declaration and route_cache member from struct secashead; * remove key_sa_routechange() call from ICMP and ICMPv6 code; * simplify ip_ipsec_mtu(); * remove #include <net/route.h>;
Sponsored by: Yandex LLC
|
#
279989 |
|
14-Mar-2015 |
ae |
MFC r279735: Remove extra '&'. sin6 is already a pointer.
PR: 195011
|
#
275822 |
|
16-Dec-2014 |
ae |
MFC r275575: key_getspacq() returns holding the spacq_lock. Unlock it in all cases.
Sponsored by: Yandex LLC
|
#
274468 |
|
13-Nov-2014 |
ae |
MFC r273904: Use in_localip() instead of handmade implementation.
Sponsored by: Yandex LLC
|
#
270053 |
|
16-Aug-2014 |
bz |
MFC r266606:
Only do a ports check if this is a NAT-T SA. Otherwise other lookups providing ports may get unexpected results.
|