Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
69,810 Commits 606 Branches 0 Tags 3.1 GiB
Commit Graph

246 Commits

Author SHA1 Message Date
itojun 691fdbb4f0 kame sys/netinet6/icmp6.c 1.140 -> 1.144 
>   in the check for the incoming redirect message, examine the gateway
>   (from the routing table) only when the address family of the gateway is
>   AF_INET6.
 2000-09-16 10:12:22 +00:00
itojun 2192675fb1 move file static variable into auto variable, for better thread safety. 
(not really required for big lock MP).  sync with kame
 2000-09-09 16:15:47 +00:00
itojun f8481d085e add attribute(packed). 
From: Alfred Perlstein <bright@wintelcom.net>
 2000-09-09 11:42:22 +00:00
itojun dc23ec9971 add missing \n on log(). sync with kame 2000-08-31 07:35:44 +00:00
itojun 65fbdbe744 repair DES on LP64. past code did not interoperate with non-LP64, due to 
incorrect computed results.
remove unnecessary #ifdef/#define.  sync with kame.
 2000-08-31 07:33:04 +00:00
itojun 58c93e23cf LP64 fix (cast to u_long when printing size_t) 2000-08-30 14:58:33 +00:00
itojun 2af85c262b improve code sharing for esp_schedule(). add some diagnostics cases 
for esp_cbc_{en,de}crypt().  sync with kame.
 2000-08-29 11:32:21 +00:00
itojun 6fe60cce5f do not forward packets with unspecified source address (::). 
this is clarification recently made to RFC2460.  sync with kame.
 2000-08-29 09:19:43 +00:00
itojun bb8d535cc5 use per-block cipher function + esp_cbc_{de,en}crypt. do not use 
cbc-over-mbuf functions in sys/crypto.

the change should make it much easier to switch crypto function to
machine-dependent ones (like assembly code under sys/arch/i386/crypto?).
also it should be much easier to import AES algorithms.

XXX: it looks that past blowfish-cbc code was buggy.  i ran some test pattern,
and new blowfish-cbc code looks more correct.  there's no interoperability
between the old code (before the commit) and the new code (after the commit).

XXX: need serious interop tests before move it into 1.5 branch
 2000-08-29 09:08:42 +00:00
itojun 3da9705446 add a warning on IPv6 setsockopt number space (*BSD shares the number space 
so consult KAME for number allocation)
 2000-08-27 01:02:48 +00:00
itojun 152da24bd9 implement net.inet6.ip6.{anon,low}port{min,max} sysctl variable. 2000-08-26 11:03:45 +00:00
itojun 4d40179399 add missing IPNOPRIVPORTS case 2000-08-26 10:40:03 +00:00
thorpej 5bd1b19b29 Don't use MALLOC() for variable-sized allocations. 2000-08-25 21:22:16 +00:00
itojun cabceaa265 - icmp6 nodeinfo: remove possibility of unaligned pointer access. 
- jumbo payload output: fix incorrect mbuf manipulation
- pedant: align issues, mbuf assumption
(sync with kame)
 2000-08-19 08:15:53 +00:00
itojun e6efb27c84 add missing splx, when outgoing interface queue is full on tunnelled 
ESP packet output.  KAME PR 280.
 2000-08-16 09:54:39 +00:00
thorpej 831a48fd0b Make this compile without INET6 again. 2000-08-15 21:43:57 +00:00
itojun 54aeb79d4c supress warning (LOG_ERR -> LOG_DEBUG) which occurs in the following situation: 
- manually configure an address from prefix P (like P::1)
- autoconfigure additional address from the same prefix P (like P::ifid).
- rtrequest fails due to P/plen already exists

more fundamental solution should appear later, when kame side stablizes it.
from thopej.
 2000-08-13 23:45:22 +00:00
itojun 5e868d1e49 clearifications in icmp6 node query support. 
XXX previous commit included "supported qtypes" icmp6 node query support.
sorry commit message was mistaken.
 2000-08-03 16:30:37 +00:00
itojun afa5315364 correct typo in #define. ICMP6_NI_SUCESS -> SUCCESS (notice missing C). 
sync with kame.
 2000-08-03 14:31:04 +00:00
itojun 6574aa66e8 inhibit error code from rtinit(). this happens when we try to assign 
multiple addresses from same prefix, onto single interface.  PR 10427.


more info:
- 4.4BSD did not check return code from in_ifinit() at all.
  4.4BSD does not support multiple address from same prefix.
- past KAME change passed in{,6}_ifinit() to upwards, toward ifconfig(8).
  the behavior is filed as PR 10427.
- the commit inhibits EEXIST from rtinit(), hence partially recovers old
  4.4BSD behavior.
- the right thing to happen is to properly support multiple address assignment
  from the same prefix.  KAME tree has more extensive change, however, it needs
  much more time to get stabilized (rtentry refcnt change can cause serious
  issue, we really need to bake it before bring it to netbsd)
 2000-08-02 15:03:02 +00:00
itojun 32ef6bb0e7 sync comment with reality 2000-07-30 05:30:37 +00:00
itojun 0036ac92be clarify comment. from jhawk. sync with kame. 2000-07-30 04:33:34 +00:00
itojun 5e8b5a35e4 make ipsec_strerror(3) to return const char *, not char *. sync with kame. 2000-07-30 02:38:35 +00:00
itojun 63de4c2cb9 nuke the following sysctl variables. "ppsratelimit" should work better. 
need to recompile sbin/sysctl after updating /usr/include.
	net.inet.tcp.rstratelimit
	net.inet.icmp.errratelimit
	net.inet6.icmp6.errratelimit
 2000-07-28 04:06:52 +00:00
itojun 73a29e35ff do not forward packet with :: in the source. 
this is not in the spec - we had rough consensus on it in ipngwg,
spec will get updated to include this behavior.
 2000-07-27 15:53:51 +00:00
itojun fec624be3f wrap kernel function prototype by #ifdef _KERNEL. 2000-07-23 08:24:12 +00:00
itojun 411ff12b27 pre-compute and cache intermediate crypto key. suggestion from sommerfeld, 
sync with kame.

loopback, blowfish-cbc transport mode, 128bit key
before: 86588496 bytes received in 00:42 (1.94 MB/s)
after: 86588496 bytes received in 00:31 (2.58 MB/s)
 2000-07-23 05:23:04 +00:00
itojun 65d37eff7f correct RFC2367 PF_KEY conformance (SADB_[AE]ALG_xx values and namespaces). 
sync from kame.

WARNING: need recompilation of setkey(8) and pkgsrc/security/racoon.
(no ipsec-ready netbsd was released as official release)
 2000-07-18 14:56:42 +00:00
itojun 5f09b77987 s/IPSEC_IPV6FWD/IPSEC/. this should correct strange behavior on ipv6 
forwarding (even if policy asks for tunnel mode encryption, packets
go out in clear).  sync with kame.
 2000-07-16 07:57:55 +00:00
itojun a2744a4cf8 do not pull sys/queue.h from netinet6/in6.h. PR10597. 
some sync with kame.
 2000-07-16 01:10:34 +00:00
itojun 20964b0c23 fatal bug fix from kame (rtentry refcnt goes negative if we play with IPv6 
address/routing table too much).

in6_ifloop_request()
  not to request rtrequest to return an rtentry except for the ADD
  operation, in order to avoid misdecreasing the refcnt (which might
  cause leak of rtentry)
 2000-07-13 09:56:20 +00:00
itojun f5211e847a remove m_pulldown statistics code. it is highly experimental and belong 
to kame tree only (not for *bsd).
 2000-07-13 05:34:21 +00:00
itojun d8a9a3cc7b add ppsratelimit(9), which does event-per-sec rate limitation. 
use it from icmp6 error rate limitation code.
XXX better name for the function?
 2000-07-09 06:44:57 +00:00
itojun ec67eee51f sync with kame. 
introduce in6_{recover,embed}scope, for in-kernel scoped-address manipulation.
improve in6_pcbnotify.
 2000-07-07 15:54:16 +00:00
christos 2068dee670 elide lint cast type conversion warnings. 2000-07-06 17:42:55 +00:00
itojun 210a3e2f80 remove unnecessary #include <netkey/key_debug.h>. from kame. 2000-07-06 12:51:39 +00:00
itojun 0a1e211454 - do not use bitfield for router renumbering header. 
- add protection mechanism against ND cache corruption due to bad NUD hints.
- more stats
- icmp6 pps limitation.  TOOD: should implement ppsratecheck(9).
 2000-07-06 12:36:18 +00:00
itojun 6fff122160 drop packet to tentative/duplicated interface address earlier. sync w/kame 2000-07-02 09:56:39 +00:00
itojun 8ff902fca1 repair kernel faithd(8) support. there were two mistakes: 
(1) tcp6_input dropped packets for translation
(2) in6_pcblookup_connect was too strict
 2000-07-02 08:04:10 +00:00
itojun 3ade27131a suppress too noisy warning on forward-over-loopback case. from kame 2000-06-30 19:46:05 +00:00
mrg cf594a3f4d <vm/vm.h> -> <uvm/uvm_extern.h> 2000-06-28 03:01:16 +00:00
kleink d2787dad27 XNS5.2: define sa_family_t and use it where specified by the standard. 2000-06-26 15:48:19 +00:00
itojun 278184a8ab avoid possible mbuf leaks on ipsec policy violation.(sync with kame) 2000-06-20 02:24:42 +00:00
itojun 90ca25568b remove obsolete sysctl MIB net.inet.ipsec.inbound_call_ike. 
(sync with kame)
 2000-06-15 05:01:06 +00:00
thorpej 1b8ede9f7c Import IPsec ESP from netbsd-cryptosrc-intl. 2000-06-14 19:39:42 +00:00
itojun dafb757588 add algorithm name into algorithm table. (commit to crypto-intl will follow) 2000-06-14 11:27:35 +00:00
itojun af9d516560 signedness issue with char, take 2. confirmed with i386 cc -funsigned-char. 2000-06-13 17:31:37 +00:00
itojun c6a8ca266b workaround to suppress warning on char == unsigned char arch. 2000-06-13 16:34:37 +00:00
itojun 0455eac327 do not use cached route if the route becomes !RTF_UP. 
make the validation for jumbo payload option more strict.
 2000-06-13 14:43:44 +00:00
itojun 36887242d7 add sanity check on in6_ifaddr. 2000-06-13 04:35:29 +00:00