#
283901 |
|
02-Jun-2015 |
ae |
MFC r275392: Remove route chaching support from ipsec code. It isn't used for some time. * remove sa_route_union declaration and route_cache member from struct secashead; * remove key_sa_routechange() call from ICMP and ICMPv6 code; * simplify ip_ipsec_mtu(); * remove #include <net/route.h>;
Sponsored by: Yandex LLC
|
#
274755 |
|
20-Nov-2014 |
ae |
MFC r274434: Fix ips_out_nosa errors accounting.
MFC r274454: ipsec6_process_packet is called before ip6_output fixes ip6_plen. Update ip6_plen before bpf processing to be able see correct value.
MFC r274455: We don't return sp pointer, thus NULL assignment isn't needed. And reference to sp will be freed at the end.
MFC r274465: Remove redundant ip6_plen initialization.
MFC r274466: Strip IP header only when we act in tunnel mode.
MFC r274467: Count statistics for the specific address family.
Sponsored by: Yandex LLC
|
#
274132 |
|
05-Nov-2014 |
ae |
MFC r266800 by vanhu: IPv4-in-IPv6 and IPv6-in-IPv4 IPsec tunnels. For IPv6-in-IPv4, you may need to do the following command on the tunnel interface if it is configured as IPv4 only: ifconfig <interface> inet6 -ifdisabled
Code logic inspired from NetBSD. PR: kern/169438
MC r266822 by bz: Use IPv4 statistics in ipsec4_process_packet() rather than the IPv6 version. This also unbreaks the NOINET6 builds after r266800.
MFC r268083 by zec: The assumption in ipsec4_process_packet() that the payload may be only IPv4 is wrong, so check the IP version before mangling the payload header.
MFC r272394: Do not strip outer header when operating in transport mode. Instead requeue mbuf back to IPv4 protocol handler. If there is one extra IP-IP encapsulation, it will be handled with tunneling interface. And thus proper interface will be exposed into mbuf's rcvif. Also, tcpdump that listens on tunneling interface will see packets in both directions.
PR: 194761
|
#
264814 |
|
23-Apr-2014 |
ae |
MFC r264124: Remove dead code.
MFC r264125: Remove unused variable.
MFC r264126: The check for local address spoofing lacks ifaddr locking. Remove these loops and use in_localip() and in6_localip() functions instead.
MFC r264520: Remove _IP_VHL* macros and related ifdefs.
|
#
283901 |
|
02-Jun-2015 |
ae |
MFC r275392: Remove route chaching support from ipsec code. It isn't used for some time. * remove sa_route_union declaration and route_cache member from struct secashead; * remove key_sa_routechange() call from ICMP and ICMPv6 code; * simplify ip_ipsec_mtu(); * remove #include <net/route.h>;
Sponsored by: Yandex LLC
|
#
274755 |
|
20-Nov-2014 |
ae |
MFC r274434: Fix ips_out_nosa errors accounting.
MFC r274454: ipsec6_process_packet is called before ip6_output fixes ip6_plen. Update ip6_plen before bpf processing to be able see correct value.
MFC r274455: We don't return sp pointer, thus NULL assignment isn't needed. And reference to sp will be freed at the end.
MFC r274465: Remove redundant ip6_plen initialization.
MFC r274466: Strip IP header only when we act in tunnel mode.
MFC r274467: Count statistics for the specific address family.
Sponsored by: Yandex LLC
|
#
274132 |
|
05-Nov-2014 |
ae |
MFC r266800 by vanhu: IPv4-in-IPv6 and IPv6-in-IPv4 IPsec tunnels. For IPv6-in-IPv4, you may need to do the following command on the tunnel interface if it is configured as IPv4 only: ifconfig <interface> inet6 -ifdisabled
Code logic inspired from NetBSD. PR: kern/169438
MC r266822 by bz: Use IPv4 statistics in ipsec4_process_packet() rather than the IPv6 version. This also unbreaks the NOINET6 builds after r266800.
MFC r268083 by zec: The assumption in ipsec4_process_packet() that the payload may be only IPv4 is wrong, so check the IP version before mangling the payload header.
MFC r272394: Do not strip outer header when operating in transport mode. Instead requeue mbuf back to IPv4 protocol handler. If there is one extra IP-IP encapsulation, it will be handled with tunneling interface. And thus proper interface will be exposed into mbuf's rcvif. Also, tcpdump that listens on tunneling interface will see packets in both directions.
PR: 194761
|
#
264814 |
|
23-Apr-2014 |
ae |
MFC r264124: Remove dead code.
MFC r264125: Remove unused variable.
MFC r264126: The check for local address spoofing lacks ifaddr locking. Remove these loops and use in_localip() and in6_localip() functions instead.
MFC r264520: Remove _IP_VHL* macros and related ifdefs.
|