From owner-cvs-all Thu Jan 23 21:11:40 2003 Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D35EF37B401; Thu, 23 Jan 2003 21:11:37 -0800 (PST) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2F83643F1E; Thu, 23 Jan 2003 21:11:37 -0800 (PST) (envelope-from sam@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.12.6/8.12.6) with ESMTP id h0O5Babv029210; Thu, 23 Jan 2003 21:11:36 -0800 (PST) (envelope-from sam@repoman.freebsd.org) Received: (from sam@localhost) by repoman.freebsd.org (8.12.6/8.12.6/Submit) id h0O5Badx029206; Thu, 23 Jan 2003 21:11:36 -0800 (PST) Message-Id: <200301240511.h0O5Badx029206@repoman.freebsd.org> From: Sam Leffler Date: Thu, 23 Jan 2003 21:11:36 -0800 (PST) To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/conf files options src/sys/net pfkeyv2.h src/sys/netinet in_pcb.c in_pcb.h in_proto.c ip_icmp.c ip_input.c ip_output.c raw_ip.c tcp_input.c tcp_output.c tcp_subr.c tcp_syncache.c udp_usrreq.c src/sys/netinet6 icmp6.c in6_pcb.c ... X-FreeBSD-CVS-Branch: RELENG_4 Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG sam 2003/01/23 21:11:36 PST Modified files: (Branch: RELENG_4) sys/conf files options sys/net pfkeyv2.h sys/netinet in_pcb.c in_pcb.h in_proto.c ip_icmp.c ip_input.c ip_output.c raw_ip.c tcp_input.c tcp_output.c tcp_subr.c tcp_syncache.c udp_usrreq.c sys/netinet6 icmp6.c in6_pcb.c in6_proto.c ip6_forward.c ip6_input.c ip6_output.c raw_ip6.c udp6_usrreq.c Added files: (Branch: RELENG_4) sys/netipsec ah.h ah_var.h esp.h esp_var.h ipcomp.h ipcomp_var.h ipip_var.h ipsec.c ipsec.h ipsec6.h ipsec_input.c ipsec_mbuf.c ipsec_output.c key.c key.h key_debug.c key_debug.h key_var.h keydb.h keysock.c keysock.h xform.h xform_ah.c xform_esp.c xform_ipcomp.c xform_ipip.c Log: MFC: Fast IPsec "Fast IPsec": this is an experimental IPsec implementation that is derived from the KAME IPsec implementation, but with heavy borrowing and influence of openbsd. A key feature of this implementation is that it uses the kernel crypto framework to do all crypto work so when h/w crypto support is present IPsec operation is automatically accelerated. Otherwise the protocol implementations are rather differet while the SADB and policy management code is very similar to KAME (for the moment). Note that this implementation is enabled with a FAST_IPSEC option. With this you get all protocols; i.e. there is no FAST_IPSEC_ESP option. FAST_IPSEC and IPSEC are mutually exclusive; you cannot build both into a single system. This software is well tested with IPv4 but should be considered very experimental (i.e. do not deploy in production environments). This software does NOT currently support IPv6. In fact do not configure FAST_IPSEC and INET6 in the same system. Supported by: Vernier Networks Revision Changes Path 1.340.2.129 +11 -0 src/sys/conf/files 1.191.2.46 +1 -0 src/sys/conf/options 1.4.2.4 +17 -15 src/sys/net/pfkeyv2.h 1.59.2.26 +10 -0 src/sys/netinet/in_pcb.c 1.32.2.7 +1 -1 src/sys/netinet/in_pcb.h 1.53.2.6 +33 -0 src/sys/netinet/in_proto.c 1.39.2.19 +6 -0 src/sys/netinet/ip_icmp.c 1.130.2.46 +131 -2 src/sys/netinet/ip_input.c 1.99.2.35 +144 -2 src/sys/netinet/ip_output.c 1.64.2.14 +19 -0 src/sys/netinet/raw_ip.c 1.107.2.36 +19 -0 src/sys/netinet/tcp_input.c 1.39.2.19 +5 -0 src/sys/netinet/tcp_output.c 1.73.2.31 +8 -0 src/sys/netinet/tcp_subr.c 1.5.2.11 +9 -0 src/sys/netinet/tcp_syncache.c 1.64.2.18 +19 -0 src/sys/netinet/udp_usrreq.c 1.6.2.11 +6 -0 src/sys/netinet6/icmp6.c 1.10.2.9 +7 -0 src/sys/netinet6/in6_pcb.c 1.6.2.9 +9 -0 src/sys/netinet6/in6_proto.c 1.4.2.7 +9 -0 src/sys/netinet6/ip6_forward.c 1.11.2.15 +6 -0 src/sys/netinet6/ip6_input.c 1.13.2.18 +63 -4 src/sys/netinet6/ip6_output.c 1.7.2.7 +24 -0 src/sys/netinet6/raw_ip6.c 1.6.2.13 +29 -0 src/sys/netinet6/udp6_usrreq.c 1.1.4.1 +56 -0 src/sys/netipsec/ah.h (new) 1.1.4.1 +78 -0 src/sys/netipsec/ah_var.h (new) 1.1.4.1 +69 -0 src/sys/netipsec/esp.h (new) 1.1.4.1 +78 -0 src/sys/netipsec/esp_var.h (new) 1.1.4.1 +55 -0 src/sys/netipsec/ipcomp.h (new) 1.1.4.1 +67 -0 src/sys/netipsec/ipcomp_var.h (new) 1.1.4.1 +65 -0 src/sys/netipsec/ipip_var.h (new) 1.2.2.1 +1937 -0 src/sys/netipsec/ipsec.c (new) 1.2.4.1 +389 -0 src/sys/netipsec/ipsec.h (new) 1.1.4.1 +89 -0 src/sys/netipsec/ipsec6.h (new) 1.2.4.1 +729 -0 src/sys/netipsec/ipsec_input.c (new) 1.5.2.1 +455 -0 src/sys/netipsec/ipsec_mbuf.c (new) 1.3.2.1 +733 -0 src/sys/netipsec/ipsec_output.c (new) 1.3.2.1 +7285 -0 src/sys/netipsec/key.c (new) 1.1.4.1 +114 -0 src/sys/netipsec/key.h (new) 1.1.4.1 +747 -0 src/sys/netipsec/key_debug.c (new) 1.1.4.1 +88 -0 src/sys/netipsec/key_debug.h (new) 1.1.4.1 +74 -0 src/sys/netipsec/key_var.h (new) 1.1.4.1 +181 -0 src/sys/netipsec/keydb.h (new) 1.3.2.1 +605 -0 src/sys/netipsec/keysock.c (new) 1.1.4.1 +82 -0 src/sys/netipsec/keysock.h (new) 1.1.4.1 +126 -0 src/sys/netipsec/xform.h (new) 1.1.4.1 +1205 -0 src/sys/netipsec/xform_ah.c (new) 1.2.2.1 +962 -0 src/sys/netipsec/xform_esp.c (new) 1.1.4.1 +604 -0 src/sys/netipsec/xform_ipcomp.c (new) 1.3.2.1 +703 -0 src/sys/netipsec/xform_ipip.c (new) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message