#
d94c991f |
|
07-Nov-2023 |
Elyes Haouas <ehaouas@noos.fr> |
setkey: Use nitems(foo) instead of sizeof(foo)/sizeof(foo[0]) Pull Request: https://github.com/freebsd/freebsd-src/pull/888 Signed-off-by: Elyes Haouas <ehaouas@noos.fr>
|
#
2a63c3be |
|
16-Aug-2023 |
Warner Losh <imp@FreeBSD.org> |
Remove $FreeBSD$: one-line .c comment pattern Remove /^/[*/]\s*\$FreeBSD\$.*\n/
|
#
3cb80822 |
|
02-Apr-2023 |
Konstantin Belousov <kib@FreeBSD.org> |
setkey(8): add -e option to take script from the command line Reviewed by: ae Sponsored by: Nvidia networking MFC after: 1 week Differential revision: https://reviews.freebsd.org/D39393
|
#
0aef8628 |
|
05-May-2022 |
Eugene Grosbein <eugen@FreeBSD.org> |
If setkey(8) is used without ipsec.ko loaded beforehand, its attempt to install SA/SPD into the kernel results in cryptic EINVAL error code. Let it be a bit more user-friendly and try to load ipsec.ko automatically if it is not loaded, just like ifconfig(8) does it for modules it needs. PR: 263379 MFC after: 2 weeks
|
#
1e67e310 |
|
08-Jul-2021 |
Mateusz Guzik <mjg@FreeBSD.org> |
setkey: drop an unused argument from postproc
|
#
b2981787 |
|
08-Jul-2021 |
Mateusz Guzik <mjg@FreeBSD.org> |
setkey: fix several warnings popping up when compiling without WARNS=1
|
#
e0c0612d |
|
08-Jul-2021 |
Mateusz Guzik <mjg@FreeBSD.org> |
setkey: ansify
|
#
8a16b7a1 |
|
20-Nov-2017 |
Pedro F. Giffuni <pfg@FreeBSD.org> |
General further adoption of SPDX licensing ID tags. Mainly focus on files that use BSD 3-Clause license. The Software Package Data Exchange (SPDX) group provides a specification to make it easier for automated tools to detect and summarize well known opensource licenses. We are gradually adopting the specification, noting that the tags are considered only advisory and do not, in any way, superceed or replace the license texts. Special thanks to Wind River for providing access to "The Duke of Highlander" tool: an older (2014) run over FreeBSD tree was useful as a starting point.
|
#
22986c67 |
|
06-Mar-2017 |
Andrey V. Elsukov <ae@FreeBSD.org> |
Introduce the concept of IPsec security policies scope. Currently are defined three scopes: global, ifnet, and pcb. Generic security policies that IKE daemon can add via PF_KEY interface or an administrator creates with setkey(8) utility have GLOBAL scope. Such policies can be applied by the kernel to outgoing packets and checked agains inbound packets after IPsec processing. Security policies created by if_ipsec(4) interfaces have IFNET scope. Such policies are applied to packets that are passed through if_ipsec(4) interface. And security policies created by application using setsockopt() IP_IPSEC_POLICY option have PCB scope. Such policies are applied to packets related to specific socket. Currently there is no way to list PCB policies via setkey(8) utility. Modify setkey(8) and libipsec(3) to be able distinguish the scope of security policies in the `setkey -DP` listing. Add two optional flags: '-t' to list only policies related to virtual *tunneling* interfaces, i.e. policies with IFNET scope, and '-g' to list only policies with GLOBAL scope. By default policies from all scopes are listed. To implement this PF_KEY's sadb_x_policy structure was modified. sadb_x_policy_reserved field is used to pass the policy scope from the kernel to userland. SADB_SPDDUMP message extended to support filtering by scope: sadb_msg_satype field is used to specify bit mask of requested scopes. For IFNET policies the sadb_x_policy_priority field of struct sadb_x_policy is used to pass if_ipsec's interface if_index to the userland. For GLOBAL policies sadb_x_policy_priority is used only to manage order of security policies in the SPDB. For IFNET policies it is not used, so it can be used to keep if_index. After this change the output of `setkey -DP` now looks like: # setkey -DPt 0.0.0.0/0[any] 0.0.0.0/0[any] any in ipsec esp/tunnel/87.250.242.144-87.250.242.145/unique:145 spid=7 seq=3 pid=58025 scope=ifnet ifname=ipsec0 refcnt=1 # setkey -DPg ::/0 ::/0 icmp6 135,0 out none spid=5 seq=1 pid=872 scope=global refcnt=1 No objection from: #network Obtained from: Yandex LLC MFC after: 2 weeks Sponsored by: Yandex LLC Differential Revision: https://reviews.freebsd.org/D9805
|
#
a7d5f7eb |
|
19-Oct-2010 |
Jamie Gritton <jamie@FreeBSD.org> |
A new jail(8) with a configuration file, to replace the work currently done by /etc/rc.d/jail.
|
#
fe0506d7 |
|
09-Mar-2010 |
Marcel Moolenaar <marcel@FreeBSD.org> |
Create the altix project branch. The altix project will add support for the SGI Altix 350 to FreeBSD/ia64. The hardware used for porting is a two-module system, consisting of a base compute module and a CPU expansion module. SGI's NUMAFlex architecture can be an excellent platform to test CPU affinity and NUMA-aware features in FreeBSD.
|
#
d7f03759 |
|
19-Oct-2008 |
Ulf Lilleengen <lulf@FreeBSD.org> |
- Import the HEAD csup code which is the basis for the cvsmode work.
|
#
784bddbc |
|
07-Nov-2007 |
Kevin Lo <kevlo@FreeBSD.org> |
Cleanup of userland __P use
|
#
8409aedf |
|
30-Jun-2007 |
George V. Neville-Neil <gnn@FreeBSD.org> |
Commit IPv6 support for FAST_IPSEC to the tree. This commit includes all remaining changes for the time being including user space updates. Submitted by: bz Approved by: re
|
#
cf43a054 |
|
05-Nov-2003 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
- do hexdump on send. set length field properly - check for encryption/authentication key together with algorithm. - warned if a deprecated encryption algorithm (that includes "simple") is specified. - changed the syntax how to define a policy of a ICMPv6 type and/or a code, like spdadd ::/0 ::/0 icmp6 134,0 -P out none; - random cleanup in parser. - use yyfatal, or return -1 after yyerror. - deal with strdup() failure. - permit scope notation in policy string (-P esp/tunnel/foo%scope-bar%scope/use) - simplify /prefix and [port]. - g/c some unused symbols. Obtained from: KAME
|
#
2f4c5de9 |
|
17-Oct-2003 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
- style - rename variable - use strlcpy - const'fy Obtained from: KAME
|
#
0fe26507 |
|
16-Apr-2003 |
Munechika SUMIKAWA <sumikawa@FreeBSD.org> |
Use NI_xxx macros. Obtained from: KAME MFC after: 1 week
|
#
33841545 |
|
10-Jun-2001 |
Hajimu UMEMOTO <ume@FreeBSD.org> |
Sync with recent KAME. This work was based on kame-20010528-freebsd43-snap.tgz and some critical problem after the snap was out were fixed. There are many many changes since last KAME merge. TODO: - The definitions of SADB_* in sys/net/pfkeyv2.h are still different from RFC2407/IANA assignment because of binary compatibility issue. It should be fixed under 5-CURRENT. - ip6po_m member of struct ip6_pktopts is no longer used. But, it is still there because of binary compatibility issue. It should be removed under 5-CURRENT. Reviewed by: itojun Obtained from: KAME MFC after: 3 weeks
|
#
3c62e87a |
|
04-Jul-2000 |
Jun-ichiro itojun Hagino <itojun@FreeBSD.org> |
synchronize with latest kame tree. behavior change: policy syntax was changed. you may need to update your setkey(8) configuration files.
|
#
9a4365d0 |
|
05-Jan-2000 |
Yoshinobu Inoue <shin@FreeBSD.org> |
libipsec and IPsec related apps. (and some KAME related man pages) Reviewed by: freebsd-arch, cvs-committers Obtained from: KAME project
|