diff options
| author | Sebastian Huber <sebastian.huber@embedded-brains.de> | 2018-08-09 14:02:09 +0200 |
|---|---|---|
| committer | Sebastian Huber <sebastian.huber@embedded-brains.de> | 2018-09-21 10:29:38 +0200 |
| commit | bb80d9df8bac71eedee1a6787ca63aef972a7e48 (patch) | |
| tree | 1b5cb9443c5ead5706c35afb618abbbd1592315e /freebsd/sys/netipsec | |
| parent | Update to FreeBSD head 2017-10-01 (diff) | |
| download | rtems-libbsd-bb80d9df8bac71eedee1a6787ca63aef972a7e48.tar.bz2 | |
Update to FreeBSD head 2017-12-01
Git mirror commit e724f51f811a4b2bd29447f8b85ab5c2f9b88266.
Update #3472.
Diffstat (limited to 'freebsd/sys/netipsec')
| -rw-r--r-- | freebsd/sys/netipsec/ah.h | 2 | ||||
| -rw-r--r-- | freebsd/sys/netipsec/esp.h | 2 | ||||
| -rw-r--r-- | freebsd/sys/netipsec/ipcomp.h | 2 | ||||
| -rw-r--r-- | freebsd/sys/netipsec/ipcomp_var.h | 2 | ||||
| -rw-r--r-- | freebsd/sys/netipsec/ipsec.c | 14 | ||||
| -rw-r--r-- | freebsd/sys/netipsec/ipsec.h | 4 | ||||
| -rw-r--r-- | freebsd/sys/netipsec/ipsec6.h | 2 | ||||
| -rw-r--r-- | freebsd/sys/netipsec/ipsec_mbuf.c | 2 | ||||
| -rw-r--r-- | freebsd/sys/netipsec/ipsec_output.c | 2 | ||||
| -rw-r--r-- | freebsd/sys/netipsec/key.c | 6 | ||||
| -rw-r--r-- | freebsd/sys/netipsec/key.h | 2 | ||||
| -rw-r--r-- | freebsd/sys/netipsec/key_debug.c | 2 | ||||
| -rw-r--r-- | freebsd/sys/netipsec/key_debug.h | 2 | ||||
| -rw-r--r-- | freebsd/sys/netipsec/key_var.h | 2 | ||||
| -rw-r--r-- | freebsd/sys/netipsec/keydb.h | 2 | ||||
| -rw-r--r-- | freebsd/sys/netipsec/keysock.c | 2 | ||||
| -rw-r--r-- | freebsd/sys/netipsec/keysock.h | 2 | ||||
| -rw-r--r-- | freebsd/sys/netipsec/xform_ah.c | 4 | ||||
| -rw-r--r-- | freebsd/sys/netipsec/xform_esp.c | 4 | ||||
| -rw-r--r-- | freebsd/sys/netipsec/xform_ipcomp.c | 2 | ||||
| -rw-r--r-- | freebsd/sys/netipsec/xform_tcp.c | 2 |
21 files changed, 62 insertions, 2 deletions
diff --git a/freebsd/sys/netipsec/ah.h b/freebsd/sys/netipsec/ah.h index 1ffeacdc..8c76dbc4 100644 --- a/freebsd/sys/netipsec/ah.h +++ b/freebsd/sys/netipsec/ah.h @@ -2,6 +2,8 @@ /* $KAME: ah.h,v 1.13 2000/10/18 21:28:00 itojun Exp $ */ /*- + * SPDX-License-Identifier: BSD-3-Clause + * * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. * All rights reserved. * diff --git a/freebsd/sys/netipsec/esp.h b/freebsd/sys/netipsec/esp.h index 8eb09630..94612b87 100644 --- a/freebsd/sys/netipsec/esp.h +++ b/freebsd/sys/netipsec/esp.h @@ -2,6 +2,8 @@ /* $KAME: esp.h,v 1.16 2000/10/18 21:28:00 itojun Exp $ */ /*- + * SPDX-License-Identifier: BSD-3-Clause + * * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. * All rights reserved. * diff --git a/freebsd/sys/netipsec/ipcomp.h b/freebsd/sys/netipsec/ipcomp.h index 47e9305e..f1ffdc9b 100644 --- a/freebsd/sys/netipsec/ipcomp.h +++ b/freebsd/sys/netipsec/ipcomp.h @@ -2,6 +2,8 @@ /* $KAME: ipcomp.h,v 1.8 2000/09/26 07:55:14 itojun Exp $ */ /*- + * SPDX-License-Identifier: BSD-3-Clause + * * Copyright (C) 1999 WIDE Project. * All rights reserved. * diff --git a/freebsd/sys/netipsec/ipcomp_var.h b/freebsd/sys/netipsec/ipcomp_var.h index 5062c9dd..34bfb767 100644 --- a/freebsd/sys/netipsec/ipcomp_var.h +++ b/freebsd/sys/netipsec/ipcomp_var.h @@ -2,6 +2,8 @@ /* $KAME: ipcomp.h,v 1.8 2000/09/26 07:55:14 itojun Exp $ */ /*- + * SPDX-License-Identifier: BSD-3-Clause + * * Copyright (C) 1999 WIDE Project. * All rights reserved. * diff --git a/freebsd/sys/netipsec/ipsec.c b/freebsd/sys/netipsec/ipsec.c index 79c9519c..4d75b51b 100644 --- a/freebsd/sys/netipsec/ipsec.c +++ b/freebsd/sys/netipsec/ipsec.c @@ -4,6 +4,8 @@ /* $KAME: ipsec.c,v 1.103 2001/05/24 07:14:18 sakane Exp $ */ /*- + * SPDX-License-Identifier: BSD-3-Clause + * * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. * All rights reserved. * @@ -151,6 +153,15 @@ sysctl_def_policy(SYSCTL_HANDLER_ARGS) * 0 take anything */ VNET_DEFINE(int, crypto_support) = CRYPTOCAP_F_HARDWARE | CRYPTOCAP_F_SOFTWARE; + +/* + * Use asynchronous mode to parallelize crypto jobs: + * + * 0 - disabled + * 1 - enabled + */ +VNET_DEFINE(int, async_crypto) = 0; + /* * TCP/UDP checksum handling policy for transport mode NAT-T (RFC3948) * @@ -197,6 +208,9 @@ SYSCTL_INT(_net_inet_ipsec, IPSECCTL_ECN, ecn, SYSCTL_INT(_net_inet_ipsec, OID_AUTO, crypto_support, CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(crypto_support), 0, "Crypto driver selection."); +SYSCTL_INT(_net_inet_ipsec, OID_AUTO, async_crypto, + CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(async_crypto), 0, + "Use asynchronous mode to parallelize crypto jobs."); SYSCTL_INT(_net_inet_ipsec, OID_AUTO, check_policy_history, CTLFLAG_VNET | CTLFLAG_RW, &VNET_NAME(check_policy_history), 0, "Use strict check of inbound packets to security policy compliance."); diff --git a/freebsd/sys/netipsec/ipsec.h b/freebsd/sys/netipsec/ipsec.h index a61730ef..a1e27bbf 100644 --- a/freebsd/sys/netipsec/ipsec.h +++ b/freebsd/sys/netipsec/ipsec.h @@ -2,6 +2,8 @@ /* $KAME: ipsec.h,v 1.53 2001/11/20 08:32:38 itojun Exp $ */ /*- + * SPDX-License-Identifier: BSD-3-Clause + * * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. * All rights reserved. * @@ -283,6 +285,7 @@ VNET_DECLARE(int, ip4_ipsec_dfbit); VNET_DECLARE(int, ip4_ipsec_ecn); VNET_DECLARE(int, ip4_esp_randpad); VNET_DECLARE(int, crypto_support); +VNET_DECLARE(int, async_crypto); VNET_DECLARE(int, natt_cksum_policy); #define IPSECSTAT_INC(name) \ @@ -296,6 +299,7 @@ VNET_DECLARE(int, natt_cksum_policy); #define V_ip4_ipsec_ecn VNET(ip4_ipsec_ecn) #define V_ip4_esp_randpad VNET(ip4_esp_randpad) #define V_crypto_support VNET(crypto_support) +#define V_async_crypto VNET(async_crypto) #define V_natt_cksum_policy VNET(natt_cksum_policy) #define ipseclog(x) do { if (V_ipsec_debug) log x; } while (0) diff --git a/freebsd/sys/netipsec/ipsec6.h b/freebsd/sys/netipsec/ipsec6.h index 33aa30f3..6d44f989 100644 --- a/freebsd/sys/netipsec/ipsec6.h +++ b/freebsd/sys/netipsec/ipsec6.h @@ -2,6 +2,8 @@ /* $KAME: ipsec.h,v 1.44 2001/03/23 08:08:47 itojun Exp $ */ /*- + * SPDX-License-Identifier: BSD-3-Clause + * * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. * All rights reserved. * diff --git a/freebsd/sys/netipsec/ipsec_mbuf.c b/freebsd/sys/netipsec/ipsec_mbuf.c index 80cb8fbc..66d53514 100644 --- a/freebsd/sys/netipsec/ipsec_mbuf.c +++ b/freebsd/sys/netipsec/ipsec_mbuf.c @@ -1,6 +1,8 @@ #include <machine/rtems-bsd-kernel-space.h> /*- + * SPDX-License-Identifier: BSD-2-Clause-FreeBSD + * * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting * All rights reserved. * diff --git a/freebsd/sys/netipsec/ipsec_output.c b/freebsd/sys/netipsec/ipsec_output.c index ac9529d5..f5ee076c 100644 --- a/freebsd/sys/netipsec/ipsec_output.c +++ b/freebsd/sys/netipsec/ipsec_output.c @@ -1,6 +1,8 @@ #include <machine/rtems-bsd-kernel-space.h> /*- + * SPDX-License-Identifier: BSD-2-Clause-FreeBSD + * * Copyright (c) 2002, 2003 Sam Leffler, Errno Consulting * Copyright (c) 2016 Andrey V. Elsukov <ae@FreeBSD.org> * All rights reserved. diff --git a/freebsd/sys/netipsec/key.c b/freebsd/sys/netipsec/key.c index ef5d8419..3652524c 100644 --- a/freebsd/sys/netipsec/key.c +++ b/freebsd/sys/netipsec/key.c @@ -4,6 +4,8 @@ /* $KAME: key.c,v 1.191 2001/06/27 10:46:49 sakane Exp $ */ /*- + * SPDX-License-Identifier: BSD-3-Clause + * * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. * All rights reserved. * @@ -5102,7 +5104,7 @@ key_updateaddresses(struct socket *so, struct mbuf *m, newsav->natt = NULL; newsav->sah = sah; newsav->state = SADB_SASTATE_MATURE; - error = key_setnatt(sav, mhp); + error = key_setnatt(newsav, mhp); if (error != 0) goto fail; @@ -6265,7 +6267,7 @@ key_getsizes_ah(const struct auth_hash *ah, int alg, u_int16_t* min, u_int16_t* max) { - *min = *max = ah->keysize; + *min = *max = ah->hashsize; if (ah->keysize == 0) { /* * Transform takes arbitrary key size but algorithm diff --git a/freebsd/sys/netipsec/key.h b/freebsd/sys/netipsec/key.h index a646832e..6c3e05c0 100644 --- a/freebsd/sys/netipsec/key.h +++ b/freebsd/sys/netipsec/key.h @@ -2,6 +2,8 @@ /* $KAME: key.h,v 1.21 2001/07/27 03:51:30 itojun Exp $ */ /*- + * SPDX-License-Identifier: BSD-3-Clause + * * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. * All rights reserved. * diff --git a/freebsd/sys/netipsec/key_debug.c b/freebsd/sys/netipsec/key_debug.c index f71212b7..12cfe34e 100644 --- a/freebsd/sys/netipsec/key_debug.c +++ b/freebsd/sys/netipsec/key_debug.c @@ -4,6 +4,8 @@ /* $KAME: key_debug.c,v 1.26 2001/06/27 10:46:50 sakane Exp $ */ /*- + * SPDX-License-Identifier: BSD-3-Clause + * * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. * All rights reserved. * diff --git a/freebsd/sys/netipsec/key_debug.h b/freebsd/sys/netipsec/key_debug.h index afb11cb1..a2dd57ed 100644 --- a/freebsd/sys/netipsec/key_debug.h +++ b/freebsd/sys/netipsec/key_debug.h @@ -2,6 +2,8 @@ /* $KAME: key_debug.h,v 1.10 2001/08/05 08:37:52 itojun Exp $ */ /*- + * SPDX-License-Identifier: BSD-3-Clause + * * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. * All rights reserved. * diff --git a/freebsd/sys/netipsec/key_var.h b/freebsd/sys/netipsec/key_var.h index ecef2360..bd68645e 100644 --- a/freebsd/sys/netipsec/key_var.h +++ b/freebsd/sys/netipsec/key_var.h @@ -2,6 +2,8 @@ /* $KAME: key_var.h,v 1.11 2001/09/12 23:05:07 sakane Exp $ */ /*- + * SPDX-License-Identifier: BSD-3-Clause + * * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. * All rights reserved. * diff --git a/freebsd/sys/netipsec/keydb.h b/freebsd/sys/netipsec/keydb.h index ab03abb1..19eae767 100644 --- a/freebsd/sys/netipsec/keydb.h +++ b/freebsd/sys/netipsec/keydb.h @@ -2,6 +2,8 @@ /* $KAME: keydb.h,v 1.14 2000/08/02 17:58:26 sakane Exp $ */ /*- + * SPDX-License-Identifier: BSD-3-Clause + * * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. * All rights reserved. * diff --git a/freebsd/sys/netipsec/keysock.c b/freebsd/sys/netipsec/keysock.c index a7421af6..7ecd50b8 100644 --- a/freebsd/sys/netipsec/keysock.c +++ b/freebsd/sys/netipsec/keysock.c @@ -4,6 +4,8 @@ /* $KAME: keysock.c,v 1.25 2001/08/13 20:07:41 itojun Exp $ */ /*- + * SPDX-License-Identifier: BSD-3-Clause + * * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. * All rights reserved. * diff --git a/freebsd/sys/netipsec/keysock.h b/freebsd/sys/netipsec/keysock.h index 8fbf4a02..30b68da6 100644 --- a/freebsd/sys/netipsec/keysock.h +++ b/freebsd/sys/netipsec/keysock.h @@ -2,6 +2,8 @@ /* $KAME: keysock.h,v 1.8 2000/03/27 05:11:06 sumikawa Exp $ */ /*- + * SPDX-License-Identifier: BSD-3-Clause + * * Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project. * All rights reserved. * diff --git a/freebsd/sys/netipsec/xform_ah.c b/freebsd/sys/netipsec/xform_ah.c index 6e9baa1f..5667f78f 100644 --- a/freebsd/sys/netipsec/xform_ah.c +++ b/freebsd/sys/netipsec/xform_ah.c @@ -659,6 +659,8 @@ ah_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) /* Crypto operation descriptor. */ crp->crp_ilen = m->m_pkthdr.len; /* Total input length. */ crp->crp_flags = CRYPTO_F_IMBUF | CRYPTO_F_CBIFSYNC; + if (V_async_crypto) + crp->crp_flags |= CRYPTO_F_ASYNC | CRYPTO_F_ASYNC_KEEPORDER; crp->crp_buf = (caddr_t) m; crp->crp_callback = ah_input_cb; crp->crp_sid = cryptoid; @@ -1035,6 +1037,8 @@ ah_output(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav, /* Crypto operation descriptor. */ crp->crp_ilen = m->m_pkthdr.len; /* Total input length. */ crp->crp_flags = CRYPTO_F_IMBUF | CRYPTO_F_CBIFSYNC; + if (V_async_crypto) + crp->crp_flags |= CRYPTO_F_ASYNC | CRYPTO_F_ASYNC_KEEPORDER; crp->crp_buf = (caddr_t) m; crp->crp_callback = ah_output_cb; crp->crp_sid = cryptoid; diff --git a/freebsd/sys/netipsec/xform_esp.c b/freebsd/sys/netipsec/xform_esp.c index 8310b799..8af95f7d 100644 --- a/freebsd/sys/netipsec/xform_esp.c +++ b/freebsd/sys/netipsec/xform_esp.c @@ -387,6 +387,8 @@ esp_input(struct mbuf *m, struct secasvar *sav, int skip, int protoff) /* Crypto operation descriptor */ crp->crp_ilen = m->m_pkthdr.len; /* Total input length */ crp->crp_flags = CRYPTO_F_IMBUF | CRYPTO_F_CBIFSYNC; + if (V_async_crypto) + crp->crp_flags |= CRYPTO_F_ASYNC | CRYPTO_F_ASYNC_KEEPORDER; crp->crp_buf = (caddr_t) m; crp->crp_callback = esp_input_cb; crp->crp_sid = cryptoid; @@ -843,6 +845,8 @@ esp_output(struct mbuf *m, struct secpolicy *sp, struct secasvar *sav, /* Crypto operation descriptor. */ crp->crp_ilen = m->m_pkthdr.len; /* Total input length. */ crp->crp_flags = CRYPTO_F_IMBUF | CRYPTO_F_CBIFSYNC; + if (V_async_crypto) + crp->crp_flags |= CRYPTO_F_ASYNC | CRYPTO_F_ASYNC_KEEPORDER; crp->crp_buf = (caddr_t) m; crp->crp_callback = esp_output_cb; crp->crp_opaque = (caddr_t) xd; diff --git a/freebsd/sys/netipsec/xform_ipcomp.c b/freebsd/sys/netipsec/xform_ipcomp.c index e79301b1..4764e609 100644 --- a/freebsd/sys/netipsec/xform_ipcomp.c +++ b/freebsd/sys/netipsec/xform_ipcomp.c @@ -4,6 +4,8 @@ /* $OpenBSD: ip_ipcomp.c,v 1.1 2001/07/05 12:08:52 jjbg Exp $ */ /*- + * SPDX-License-Identifier: BSD-3-Clause + * * Copyright (c) 2001 Jean-Jacques Bernard-Gundol (jj@wabbitt.org) * * Redistribution and use in source and binary forms, with or without diff --git a/freebsd/sys/netipsec/xform_tcp.c b/freebsd/sys/netipsec/xform_tcp.c index 3df5db3a..9310cf2c 100644 --- a/freebsd/sys/netipsec/xform_tcp.c +++ b/freebsd/sys/netipsec/xform_tcp.c @@ -1,6 +1,8 @@ #include <machine/rtems-bsd-kernel-space.h> /*- + * SPDX-License-Identifier: BSD-3-Clause + * * Copyright (c) 2003 Bruce M. Simpson <bms@spc.org> * Copyright (c) 2016 Andrey V. Elsukov <ae@FreeBSD.org> * |