Home
last modified time | relevance | path

Searched full:ipsec (Results 1 – 25 of 308) sorted by relevance

12345678910>>...13

/freebsd-src/sys/netpfil/ipfilter/netinet/
H A Dip_ipsec_pxy.c16 * IPSec proxy
41 * IPSec application proxy initialization.
55 MUTEX_INIT(&softi->ipsec_fr.fr_lock, "IPsec proxy rule lock"); in ipf_p_ipsec_soft_create()
123 * Setup for a new IPSEC proxy.
134 ipsec_pxy_t *ipsec; in ipf_p_ipsec_new() local
162 KMALLOC(ipsec, ipsec_pxy_t *); in ipf_p_ipsec_new()
163 if (ipsec == NULL) in ipf_p_ipsec_new()
168 KFREE(ipsec); in ipf_p_ipsec_new()
172 aps->aps_data = ipsec; in ipf_p_ipsec_new()
173 aps->aps_psiz = sizeof(*ipsec); in ipf_p_ipsec_new()
[all …]
/freebsd-src/share/man/man4/
H A Dipsec.41 .\" $KAME: ipsec.4,v 1.17 2001/06/27 15:25:10 itojun Exp $
31 .Dt IPSEC 4
34 .Nm ipsec
37 .Cd "options IPSEC"
43 .In netipsec/ipsec.h
92 .It "net.inet.ipsec.filtertunnel 0 1"
123 interface and allows the programmer to define IPsec policies
139 IPsec policies can be managed in one of two ways, either by
147 you can define IPsec policies against packets using rules similar to packet
156 A properly-formed IPsec polic
[all...]
H A Denc.457 .Xr ipsec 4
66 .Xr ipsec 4
72 interface inherits all IPsec traffic.
73 Thus all IPsec traffic can be filtered based on
75 and all IPsec traffic could be seen by invoking
114 ---- IPsec processing ---- (before) ---- (after) ----> | |
116 <--- IPsec processing ---- (after) ----- (before) ---- | |
130 .Xr ipsec 4 ,
141 .Xr ipsec 4 ,
H A Dif_ipsec.430 .Nd IPsec virtual tunneling interface
36 IPsec implementation.
40 .Cd "options IPSEC"
44 .Cm ipsec
63 The administrator must configure IPsec
78 which are needed for establishing an IPsec tunnel.
101 The example below shows manual configuration of an IPsec tunnel
135 .Xr ipsec 4 ,
/freebsd-src/sys/dev/mlx5/mlx5_fpga/
H A Dmlx5fpga_ipsec.c36 #include <dev/mlx5/mlx5_fpga/ipsec.h>
104 mlx5_fpga_warn(fdev, "IPSec command send failed with status %u\n", in mlx5_fpga_ipsec_send_complete()
135 mlx5_fpga_warn(fdev, "Short receive from FPGA IPSec: %u < %zu bytes\n", in mlx5_fpga_ipsec_recv()
143 spin_lock_irqsave(&fdev->ipsec->pending_cmds_lock, flags); in mlx5_fpga_ipsec_recv()
144 context = list_first_entry_or_null(&fdev->ipsec->pending_cmds, in mlx5_fpga_ipsec_recv()
149 spin_unlock_irqrestore(&fdev->ipsec->pending_cmds_lock, flags); in mlx5_fpga_ipsec_recv()
152 mlx5_fpga_warn(fdev, "Received IPSec offload response without pending command request\n"); in mlx5_fpga_ipsec_recv()
169 mlx5_fpga_warn(fdev, "IPSec SADB command failed with syndrome %08x\n", in mlx5_fpga_ipsec_recv()
183 if (!fdev || !fdev->ipsec) in mlx5_fpga_ipsec_sa_cmd_exec()
196 spin_lock_irqsave(&fdev->ipsec->pending_cmds_lock, flags); in mlx5_fpga_ipsec_sa_cmd_exec()
[all …]
/freebsd-src/lib/libipsec/
H A Dipsec_set_policy.337 .Nd create an IPsec policy structure from a human readable string
52 function generates an IPsec policy specification structure,
65 IPsec policy specification structure.
79 function converts an IPsec policy structure into a human readable form.
82 argument points to an IPsec policy structure,
124 indicates that IPsec processing should not occur and that the
130 .Li ipsec
134 .Li ipsec
135 means that matching packets are processed by IPsec.
136 .Li ipsec
[all …]
H A Dtest-policy.c41 #include <netipsec/ipsec.h>
56 { 0, "out ipsec" },
58 { 1, "in ipsec must_error" },
59 { 1, "out ipsec esp/must_error" },
64 { 1, "out ipsec esp" },
65 { 0, "in ipsec ah/transport" },
66 { 1, "in ipsec ah/tunnel" },
67 { 0, "out ipsec ah/transport/" },
68 { 1, "out ipsec ah/tunnel/" },
69 { 0, "in ipsec esp / transport / 10.0.0.1-10.0.0.2" },
[all …]
/freebsd-src/libexec/rc/rc.d/
H A Dipsec5 # PROVIDE: ipsec
12 name="ipsec"
22 required_modules="ipsec"
28 warn "$ipsec_file not readable; ipsec start aborted."
37 echo "Installing ipsec manual keys/policies."
43 echo "Clearing ipsec manual keys/policies."
55 echo "Reloading ipsec manual keys/policies."
/freebsd-src/sbin/ipf/libipf/
H A Dprintaps.c19 ipsec_pxy_t ipsec; in printaps() local
95 } else if (!strcmp(apr.apr_label, "ipsec") && in printaps()
96 (ap.aps_psiz == sizeof(ipsec))) { in printaps()
97 if (kmemcpy((char *)&ipsec, (long)ap.aps_data, sizeof(ipsec))) in printaps()
101 (u_int)ntohl(ipsec.ipsc_icookie[0]), in printaps()
102 (u_int)ntohl(ipsec.ipsc_icookie[1]), in printaps()
103 (u_int)ntohl(ipsec.ipsc_rcookie[0]), in printaps()
104 (u_int)ntohl(ipsec.ipsc_rcookie[1]), in printaps()
105 ipsec.ipsc_rckset ? "(Set)" : "(Not set)"); in printaps()
/freebsd-src/tools/regression/ipsec/
H A Dipsec6.t3 # IPv6 IPsec test based on ipsec.t, in this same directory, which tests
4 # IPsec by setting up a set of tunnels and then sending ICMPv6 packets,
18 #sysctl net.inet.ipsec.crypto_support=1 >/dev/null 2>&1
70 echo "spdadd -6 1::1 2::1 any -P out ipsec esp/transport//require;"
71 echo "spdadd -6 2::1 1::1 any -P in ipsec esp/transport//require;"
72 echo "spdadd -6 1::1 2::1 any -P in ipsec esp/transport//require;"
73 echo "spdadd -6 2::1 1::1 any -P out ipsec esp/transport//require;"
H A Dipsec.t3 # IPsec regression test.
18 #sysctl net.inet.ipsec.crypto_support=1 >/dev/null 2>&1
70 echo "spdadd ${ipbase}.0.1 ${ipbase}.1.1 any -P out ipsec esp/transport//require;"
71 echo "spdadd ${ipbase}.1.1 ${ipbase}.0.1 any -P in ipsec esp/transport//require;"
72 echo "spdadd ${ipbase}.0.1 ${ipbase}.1.1 any -P in ipsec esp/transport//require;"
73 echo "spdadd ${ipbase}.1.1 ${ipbase}.0.1 any -P out ipsec esp/transport//require;"
/freebsd-src/share/doc/IPv6/
H A DIMPLEMENTATION69 4. IPsec
75 4.6 ECN consideration on IPsec tunnels
77 4.8 Operations with IPsec tunnel mode
78 4.8.1 RFC2401 IPsec tunnel mode approach
79 4.8.2 draft-touch-ipsec-vpn approach
937 IPsec does not work on jumbograms. This is due to some specification twists
977 Because of this, if you receive IPsec-over-IPv4 packet with massive
978 number of IPsec headers, kernel stack may blow up. IPsec-over-IPv6 is okay.
1245 which was derived from NRL IPv6/IPsec stack. We guess it supports IPv4 mapped
1266 which was derived from NRL IPv6/IPsec stack.
[all …]
/freebsd-src/sbin/setkey/
H A Dtest-policy.c37 #include <netipsec/ipsec.h>
44 "ipsec must_error", /* must be error */
45 "ipsec esp/must_error", /* must be error */
50 "ipsec esp", /* must be error */
51 "ipsec ah/require",
52 "ipsec ah/use/",
53 "ipsec esp/require ah/default/203.178.141.194",
54 "ipsec ah/use/203.178.141.195 esp/use/203.178.141.194",
55 "ipsec esp/elf.wide.ydc.co.jp esp/www.wide.ydc.co.jp"
57 ipsec esp/require ah/use esp/require/10.0.0.1
H A Dsetkey.836 .Nd "manually manipulate the IPsec SA/SP database"
455 The following example shows a policy where IPSec is not required for
467 protocols other than TCP, UDP and ICMP may not be suitable to use with IPsec.
477 .It Xo Fl P Ar direction Li ipsec
495 .Li ipsec .
505 policy level means that IPsec operations will not take place on
509 .Li ipsec
510 policy level means that IPsec operation will take place onto
593 .Xr racoon 8 Pq Pa ports/security/ipsec-tools
738 -P out ipsec es
[all...]
H A Dsample.cf29 # There are sample scripts for IPsec configuration by manual keying.
46 spdadd fec0::10[any] fec0::11[110] tcp -P out ipsec
48 spdadd fec0::11[110] fec0::10[any] tcp -P in ipsec
72 spdadd 10.0.1.0/24 10.0.2.0/24 any -P out ipsec
74 spdadd 10.0.2.0/24 10.0.1.0/24 any -P in ipsec
89 spdadd 10.0.2.0/24 10.0.1.0/24 any -P out ipsec
91 spdadd 10.0.1.0/24 10.0.2.0/24 any -P in ipsec
112 spdadd fec0:0:0:1::/64 fec0:0:0:2::/64 any -P out ipsec
115 spdadd fec0:0:0:2::/64 fec0:0:0:1::/64 any -P in ipsec
147 spdadd fec0:0:0:1::1[any] fec0:0:0:2::2[80] tcp -P out ipsec
[all …]
/freebsd-src/sys/netipsec/
H A Dipsec_mod.c48 #include <netipsec/ipsec.h>
100 * Always register ipsec module.
101 * Even when IPsec is build in the kernel, we need to have
102 * module registered. This will prevent to load ipsec.ko.
140 "ipsec",
145 DECLARE_MODULE(ipsec, ipsec_mod, SI_SUB_PROTO_DOMAIN, SI_ORDER_ANY);
146 MODULE_VERSION(ipsec, 1);
148 MODULE_DEPEND(ipsec, ipsec_support, 1, 1, 1);
H A Dipsec.h1 /* $KAME: ipsec.h,v 1.53 2001/11/20 08:32:38 itojun Exp $ */
35 * IPsec controller part.
70 /* Request for IPsec */
74 u_int level; /* IPsec level defined below. */
92 u_int tcount; /* IPsec transforms count */
124 * Such policies can have IPSEC, BYPASS and ENTRUST type.
126 * When application sets BYPASS or IPSEC type policy, the flags field
154 /* buffer size for formatted output of ipsec address */
182 * IPSEC, ENTRUST and BYPASS are allowed for setsockopt() in PCB,
183 * DISCARD, IPSEC an
[all...]
H A Dipsec_output.c31 * IPsec output processing.
82 #include <netipsec/ipsec.h>
130 DPRINTF(("%s: IPsec outbound packet dropped due" in ipsec4_allocsa()
171 * this IPsec transform, thus we can continue w/o in ipsec4_allocsa()
172 * IPsec processing, i.e. return EJUSTRETURN. in ipsec4_allocsa()
186 * IPsec output logic for IPv4.
200 IPSEC_ASSERT(idx < sp->tcount, ("Wrong IPsec request index %d", idx)); in ipsec4_perform_request()
213 if (error == EJUSTRETURN) { /* No IPsec required */ in ipsec4_perform_request()
255 if_printf(ifp, "Tx TLS+IPSEC packet\n"); in ipsec4_perform_request()
289 * Dispatch to the appropriate IPsec transfor in ipsec4_perform_request()
[all...]
H A Dsubr_ipsec.c50 #include <netipsec/ipsec.h>
58 * This file is build in the kernel only when 'options IPSEC' or
156 MTX_SYSINIT(xfroms_list, &xforms_lock, "IPsec transforms list", MTX_DEF); in ipsec_kmod_drain()
225 * IPSEC_SUPPORT - loading of ipsec.ko and tcpmd5.ko is supported. in xform_init()
226 * IPSEC + IPSEC_SUPPORT - loading tcpmd5.ko is supported. in xform_init()
227 * IPSEC + TCP_SIGNATURE - all is build in the kernel, do not build in xform_init()
230 #if !defined(IPSEC) || !defined(TCP_SIGNATURE) in xform_init()
266 #endif /* !IPSEC || !TCP_SIGNATURE */ in ipsec_support_modevent()
311 #ifndef IPSEC in tcpmd5_support_disable()
313 * IPsec suppor in tcpmd5_support_disable()
[all...]
/freebsd-src/tests/sys/netipsec/tunnel/
H A Dutils.subr10 if ! sysctl -q kern.features.ipsec >/dev/null ; then
11 atf_skip "This test requires ipsec"
102 printf " ipsec esp/tunnel/${SRC_GW}-${DST_GW}/require;\n"
105 printf " ipsec esp/tunnel/${DST_GW}-${SRC_GW}/require;\n"
110 ) > ${TMPDIR}/ipsec.${jname}.conf
119 atf_check -s exit:0 -o ignore jexec ipsecA setkey -f ${TMPDIR}/ipsec.ipsecA.conf
121 atf_check -s exit:0 -o ignore jexec ipsecB setkey -f ${TMPDIR}/ipsec.ipsecB.conf
122 # Check ipsec tunnel
/freebsd-src/sbin/ping/
H A Dmain.h32 #ifdef IPSEC
33 #include <netipsec/ipsec.h>
34 #endif /*IPSEC*/
36 #if defined(INET) && defined(IPSEC) && defined(IPSEC_POLICY_IPSEC)
43 #if defined(INET6) && defined(IPSEC) && defined(IPSEC_POLICY_IPSEC)
45 #elif defined(INET6) && defined(IPSEC) && !defined(IPSEC_POLICY_IPSEC)
/freebsd-src/sys/contrib/device-tree/Bindings/crypto/
H A Dpicochip-spacc.txt4 IPSEC and femtocell layer 2 ciphering.
7 - compatible : "picochip,spacc-ipsec" for the IPSEC offload engine
16 compatible = "picochip,spacc-ipsec";
/freebsd-src/tests/sys/netpfil/pf/
H A Dif_enc.sh43 # .----------->| gateway | < IPsec > | gateway |<-----------.
56 # encrypted, i.e. host wan should see IPsec flow (ESP packets).
61 if ! sysctl -q kern.features.ipsec >/dev/null ; then
62 atf_skip "This test requires ipsec"
113 spdadd 1.0.0.0/24 4.0.0.0/24 any -P out ipsec esp/tunnel/2.0.0.22-3.0.0.33/require;
114 spdadd 4.0.0.0/24 1.0.0.0/24 any -P in ipsec esp/tunnel/3.0.0.33-2.0.0.22/require;
121 spdadd 4.0.0.0/24 1.0.0.0/24 any -P out ipsec esp/tunnel/3.0.0.33-2.0.0.22/require;
122 spdadd 1.0.0.0/24 4.0.0.0/24 any -P in ipsec esp/tunnel/2.0.0.22-3.0.0.33/require;
147 jexec bgw sysctl net.inet.ipsec.filtertunnel=0
/freebsd-src/sys/net/
H A Dpfkeyv2.h225 u_int16_t sadb_x_policy_type; /* See policy type of ipsec.h */
226 u_int8_t sadb_x_policy_dir; /* direction, see ipsec.h */
227 u_int8_t sadb_x_policy_scope; /* scope, see ipsec.h */
237 * When policy_type == IPSEC, it is followed by some of
238 * the ipsec policy request.
239 * [total length of ipsec policy requests]
243 /* XXX IPsec Policy Request Extension */
249 u_int16_t sadb_x_ipsecrequest_proto; /* See ipsec.h */
250 u_int8_t sadb_x_ipsecrequest_mode; /* See IPSEC_MODE_XX in ipsec.h. */
251 u_int8_t sadb_x_ipsecrequest_level; /* See IPSEC_LEVEL_XX in ipsec
[all...]
/freebsd-src/usr.sbin/rrenumd/
H A Drrenumd.c51 #ifdef IPSEC
52 #include <netipsec/ipsec.h>
78 #ifdef IPSEC
85 #endif /*IPSEC*/
128 #ifdef IPSEC in show_usage()
134 #endif /* IPSEC */ in show_usage()
273 #ifdef IPSEC in sock6_open()
315 #ifdef IPSEC in sock6_open()
348 #endif /* IPSEC */ in sock6_open()
358 #ifdef IPSEC in sock4_open()
[all …]

12345678910>>...13