Author: vanhu
Date: Wed Sep 16 11:56:44 2009
New Revision: 197250
URL: http://svn.freebsd.org/changeset/base/197250
Log:
When checking traffic endpoint's adresses families in key_spdadd(),
compare them together instead of comparing each one with respective
tunnel endpoint.
PR: kern/13
Author: vanhu
Date: Thu Oct 1 15:33:53 2009
New Revision: 197674
URL: http://svn.freebsd.org/changeset/base/197674
Log:
Changed an IPSEC_ASSERT to a simple test, as such invalid packets
may come from outside without being discarded before.
Submitted by: aurelien.an...@netasq.com
Review
Author: vanhu
Date: Fri Aug 19 09:06:00 2011
New Revision: 225001
URL: http://svn.freebsd.org/changeset/base/225001
Log:
MFC: Release SP's refcount in key_get_spdbyid().
PR: 156676
Submitted by: Tobias Brunner (tob...@strongswan.org)
Modified:
stable/8/sys/netipsec/key.c
Directory Prop
Author: vanhu
Date: Fri Aug 19 13:41:00 2011
New Revision: 225011
URL: http://svn.freebsd.org/changeset/base/225011
Log:
MFC:
fixed two race conditions when inserting/removing SAs via PFKey,
which can both lead to a kernel panic when adding/removing quickly
a lot of SAs.
Obtained from
Author: vanhu
Date: Fri Feb 18 09:40:13 2011
New Revision: 218794
URL: http://svn.freebsd.org/changeset/base/218794
Log:
Fixed IPsec's HMAC_SHA256-512 support to be RFC4868 compliant.
This will break interoperability with all older versions of
FreeBSD for those algorithms.
Reviewed by:
Author: vanhu
Date: Fri Feb 18 13:21:30 2011
New Revision: 218796
URL: http://svn.freebsd.org/changeset/base/218796
Log:
Moved the general note about FreeBSD 9.x at the beginning of the list.
Modified:
head/UPDATING
Modified: head/UPDATING
Hi.
On Sat, Feb 19, 2011 at 08:34:12AM +0100, Pawel Jakub Dawidek wrote:
> On Fri, Feb 18, 2011 at 09:40:13AM +0000, VANHULLEBUS Yvan wrote:
> > Author: vanhu
> > Date: Fri Feb 18 09:40:13 2011
> > New Revision: 218794
> > URL: http://svn.freebsd.org/changes
On Mon, Feb 21, 2011 at 10:21:43AM +0100, Pawel Jakub Dawidek wrote:
> On Mon, Feb 21, 2011 at 09:40:25AM +0100, VANHULLEBUS Yvan wrote:
[RFC4868 and MFC]
> You can't talk to two such peers with sysctl or without anyway. I assume
> that if someone already has tunnels configured and t
Author: vanhu
Date: Fri Feb 25 09:29:32 2011
New Revision: 219026
URL: http://svn.freebsd.org/changeset/base/219026
Log:
fixed size of AH_ALEN_MAX, which is 64 bytes for SHA-512.
Obtained from:Matthias Drochner
MFC after: 3d
Modified:
head/sys/opencrypto/xform.h
Modified: hea
Author: vanhu
Date: Thu Apr 28 08:49:43 2011
New Revision: 221157
URL: http://svn.freebsd.org/changeset/base/221157
Log:
MFC 218794, 219026:
Fixed IPsec's HMAC_SHA256-512 support to be RFC4868 compliant.
This will break interoperability with all older versions of
FreeBSD for those algorith
Author: vanhu
Date: Mon May 9 13:16:21 2011
New Revision: 221692
URL: http://svn.freebsd.org/changeset/base/221692
Log:
Release SP's refcount in key_get_spdbyid().
PR: 156676
Submitted by: Tobias Brunner (tob...@strongswan.org)
MFC after:1 week
Modified:
head/sys/netipsec/key.
Author: vanhu
Date: Thu Mar 19 15:44:13 2009
New Revision: 190071
URL: http://svn.freebsd.org/changeset/base/190071
Log:
Fixed style for some comments
Approved by: gnn(mentor)
Modified:
head/sys/netipsec/key.c
Modified: head/sys/netipsec/key.c
==
Author: vanhu
Date: Thu Mar 19 15:50:45 2009
New Revision: 190075
URL: http://svn.freebsd.org/changeset/base/190075
Log:
Fixed style for some comments
Approved by: gnn(mentor)
Modified:
head/sys/netipsec/key.c
Modified: head/sys/netipsec/key.c
==
Author: vanhu
Date: Fri Mar 20 09:12:01 2009
New Revision: 190138
URL: http://svn.freebsd.org/changeset/base/190138
Log:
Spelling fix in a comment
Approved by: gnn(mentor)
Modified:
head/sys/netipsec/key.c
Modified: head/sys/netipsec/key.c
==
Author: vanhu
Date: Mon Mar 23 16:20:39 2009
New Revision: 190323
URL: http://svn.freebsd.org/changeset/base/190323
Log:
Fixed comments so it stays in 80 chars by line
with hard tabs of 8 chars
Approved by: gnn(mentor)
Modified:
head/sys/netipsec/key.c
Modified: head/sys/netipsec
Author: vanhu
Date: Mon Mar 23 20:37:37 2009
New Revision: 190334
URL: http://svn.freebsd.org/changeset/base/190334
Log:
SAs are valid (but dying) when they reached soft lifetime,
even if they have never been used.
Approved by: gnn(mentor)
Modified:
stable/7/sys/ (props changed)
s
Author: vanhu
Date: Tue Mar 24 15:57:35 2009
New Revision: 190377
URL: http://svn.freebsd.org/changeset/base/190377
Log:
Fixed indentation for LINKTYPE_ENC
Approved by: gnn(mentor)
Modified:
head/contrib/libpcap/savefile.c
Modified: head/contrib/libpcap/savefile.c
=
On Mon, Mar 16, 2009 at 04:38:56PM +, Bjoern A. Zeeb wrote:
[...]
> If you haven't you should also submit this upstream as OpenBSD can
> make use of that as well. (www.tcpdump.org)
Done.
> All entries (that aren't overlong) are tab separated in in the
> linktype_map map[]. It would be nice,
Author: vanhu
Date: Wed Mar 25 14:11:29 2009
New Revision: 190412
URL: http://svn.freebsd.org/changeset/base/190412
Log:
MFC: Added DLT_ENC to map list, so it is now possible
to save dumps on enc0
Approved by: re (gnn)
Obtained from:NETASQ
Modified:
stable/7/contrib/libpcap/
Author: vanhu
Date: Wed Sep 12 12:14:50 2012
New Revision: 240392
URL: http://svn.freebsd.org/changeset/base/240392
Log:
In NAT-T transport mode, allow a client to open a new connection just after
closing another.
It worked only in tunnel mode before.
Submitted by: Andreas Longwitz
M
Author: vanhu
Date: Mon Mar 2 16:55:19 2009
New Revision: 189281
URL: http://svn.freebsd.org/changeset/base/189281
Log:
MFC: Remove remain <= MHLEN restriction in m_makespace(),
which caused assert with big packets
PR: kern/124609
Submitted by: fabien.tho...@netasq.com
Appr
Author: vanhu
Date: Thu Mar 5 16:22:32 2009
New Revision: 189406
URL: http://svn.freebsd.org/changeset/base/189406
Log:
SAs are valid (but dying) when they reached soft lifetime,
even if they have never been used.
Approved by: gnn(mentor)
MFC after:2 weeks
Modified:
head/sys/ne
Author: vanhu
Date: Mon Mar 16 15:09:47 2009
New Revision: 189877
URL: http://svn.freebsd.org/changeset/base/189877
Log:
Added DLT_ENC to map list, so it is now possible
to save dumps on enc0
Reviewed by: gnn(mentor)
Obtained from:NETASQ
MFC after:1 week
Modified:
head
Author: vanhu
Date: Wed Mar 18 14:01:41 2009
New Revision: 189962
URL: http://svn.freebsd.org/changeset/base/189962
Log:
Fixed deletion of sav entries in key_delsah()
Approved by: gnn(mentor)
Obtained from:NETASQ
MFC after:1 month
Modified:
head/sys/netipsec/key.c
Modif
Author: vanhu
Date: Tue Nov 17 16:00:41 2009
New Revision: 199398
URL: http://svn.freebsd.org/changeset/base/199398
Log:
fixed two race conditions when inserting/removing SAs via PFKey,
which can both lead to a kernel panic when adding/removing quickly
a lot of SAs.
Obtained from:
Author: vanhu
Date: Wed May 12 11:49:15 2010
New Revision: 207959
URL: http://svn.freebsd.org/changeset/base/207959
Log:
MFC:
Set/update SA's NAT-T stuff before calling key_mature() in
key_add() and key_update(), as the SA may be used as soon as
key_mature() has been called
Obtained f
Author: vanhu
Date: Mon May 17 15:31:24 2010
New Revision: 208194
URL: http://svn.freebsd.org/changeset/base/208194
Log:
MFC: Locks SPTREE when setting some SP entries to state DEAD.
This can prevent kernel panics when updating SPs while there is
some traffic for them.
Obtained from:
Author: vanhu
Date: Sun Dec 21 19:13:30 2008
New Revision: 186375
URL: http://svn.freebsd.org/changeset/base/186375
Log:
Fix to bug kern/126850. Only dispatch event hander if the interface had a
parent...
PR: kern/126850
Reviewed by: EvilSam
Approved by: re
Modified:
sta
Author: vanhu
Date: Sun Dec 21 19:16:30 2008
New Revision: 186377
URL: http://svn.freebsd.org/changeset/base/186377
Log:
Fix to bug kern/126850. Only dispatch event hander if the interface had a
parent...
PR: kern/126850
Reviewed by: EvilSam
Approved by: re
Modified:
rel
On Sun, Dec 21, 2008 at 11:56:51AM -0800, Sam Leffler wrote:
> VANHULLEBUS Yvan wrote:
>> Author: vanhu
>> Date: Sun Dec 21 19:16:30 2008
>> New Revision: 186377
>> URL: http://svn.freebsd.org/changeset/base/186377
>>
>> Log:
>> Fix to bug kern/126850
Author: vanhu
Date: Wed Jan 28 10:41:10 2009
New Revision: 187815
URL: http://svn.freebsd.org/changeset/base/187815
Log:
Remove remain <= MHLEN restriction in m_makespace(),
which caused assert with big packets
PR: kern/124609
Submitted by: fabien.tho...@netasq.com
Approved by: gnn(m
Author: vanhu
Date: Mon Jun 15 13:17:05 2009
New Revision: 194236
URL: http://svn.freebsd.org/changeset/base/194236
Log:
MFC: Lock SPTREE before parsing it in key_spddump()
Obtained from:NETASQ
Modified:
stable/7/sys/ (props changed)
stable/7/sys/contrib/pf/ (props changed)
Author: vanhu
Date: Mon Jun 15 13:48:31 2009
New Revision: 194238
URL: http://svn.freebsd.org/changeset/base/194238
Log:
MFC: Changed to M_NOWAIT when reallocing psc_buf in padlock_sha_update(),
as we already hold the non sleepable crypto_driver_mutex.
Obtained from:NETASQ
Modif
Author: vanhu
Date: Fri Jun 26 13:37:53 2009
New Revision: 195053
URL: http://svn.freebsd.org/changeset/base/195053
Log:
MFC: Only decrease refcnt once when flushing SPD entries, to
avoid flushing entries which are still used.
Obtained from:NETASQ
Modified:
stable/7/sys/ (pro
Author: vanhu
Date: Thu Apr 15 12:40:33 2010
New Revision: 206659
URL: http://svn.freebsd.org/changeset/base/206659
Log:
Locks SPTREE when setting some SP entries to state DEAD.
This can prevent kernel panics when updating SPs while
there is some traffic for them.
Obtained from: NETASQ
Author: vanhu
Date: Wed May 5 08:55:26 2010
New Revision: 207651
URL: http://svn.freebsd.org/changeset/base/207651
Log:
Update SA's NAT-T stuff before calling key_mature() in key_update(),
as SA may be used as soon as key_mature() has been called.
Obtained from:NETASQ
MFC after
Author: vanhu
Date: Wed May 5 08:58:58 2010
New Revision: 207652
URL: http://svn.freebsd.org/changeset/base/207652
Log:
Set SA's natt_type before calling key_mature() in key_add(),
as the SA may be used as soon as key_mature() has been done.
Obtained from:NETASQ
MFC after:1
Author: vanhu
Date: Thu May 14 07:32:33 2009
New Revision: 192088
URL: http://svn.freebsd.org/changeset/base/192088
Log:
MFC: Fixed deletion of sav entries in key_delsah()
Approved by: gnn(mentor)
Obtained from:NETASQ
Modified:
stable/7/sys/ (props changed)
stable/7/sys/co
Author: vanhu
Date: Wed May 27 09:31:50 2009
New Revision: 192880
URL: http://svn.freebsd.org/changeset/base/192880
Log:
Only decrease refcnt once when flushing SPD entries, to
avoid flushing entries which are still used.
Approved by: gnn(mentor)
Obtained from:NETASQ
MFC afte
Author: vanhu
Date: Wed May 27 09:44:14 2009
New Revision: 192882
URL: http://svn.freebsd.org/changeset/base/192882
Log:
Lock SPTREE before parsing it in key_spddump()
Approved by: gnn(mentor)
Obtained from:NETASQ
MFC after:2 weeks
Modified:
head/sys/netipsec/key.c
Modi
Author: vanhu
Date: Wed May 27 09:52:12 2009
New Revision: 192883
URL: http://svn.freebsd.org/changeset/base/192883
Log:
Changed to M_NOWAIT when reallocing psc_buf in padlock_sha_update(),
as we already hold the non sleepable crypto_driver_mutex.
Approved by: gnn(mentor)
Obtained from
Author: vanhu
Date: Fri Jun 12 15:44:35 2009
New Revision: 194062
URL: http://svn.freebsd.org/changeset/base/194062
Log:
Added support for NAT-Traversal (RFC 3948) in IPsec stack.
Thanks to (no special order) Emmanuel Dreyfus (m...@netbsd.org), Larry
Baird (l...@gta.com), gnn, bz, and oth
Author: vanhu
Date: Wed May 28 12:45:27 2014
New Revision: 266800
URL: http://svnweb.freebsd.org/changeset/base/266800
Log:
Fixed IPv4-in-IPv6 and IPv6-in-IPv4 IPsec tunnels.
For IPv6-in-IPv4, you may need to do the following command
on the tunnel interface if it is configured as IPv4 only:
43 matches
Mail list logo
