Commit Graph

165 Commits

Author SHA1 Message Date
ad
f474dceb13 Use the LWP cached credentials where sane. 2006-07-23 22:06:03 +00:00
tron
e12e4b2966 Remove test for M_CSUM_TSOv6 flag which is not (yet) defined in
NetBSD-current.
2006-07-12 14:07:02 +00:00
tron
9563ec16dc Add diagnostic checks for hardware-assisted checksum related flags in
the mbuf which supposed to get sent out:
- Complain in ip_output() if any of the IPv6 related flags are set.
- Complain in ip6_output() if any of the IPv4 related flags are set.
- Complain in both functions if the flags indicate that both a TCP and
  UCP checksum should be calculated by the hardware.
2006-07-12 13:11:27 +00:00
christos
fc6d984beb kauth fallout 2006-05-15 00:05:16 +00:00
elad
874fef3711 integrate kauth. 2006-05-14 21:19:33 +00:00
christos
23ecfee197 Handle IPSEC_NAT_T in the FAST_IPSEC case.
XXX: need to fix the FAST_IPSEC code now.
2006-02-23 01:35:19 +00:00
christos
95e1ffb156 merge ktrace-lwp. 2005-12-11 12:16:03 +00:00
dyoung
a58bd46ec2 People have to read this code, so I am removing the double-negative
tautology, #ifndef notdef, which is not only superfluous, but easily
misread as #ifdef notyet.
2005-09-19 05:28:46 +00:00
seb
cf017dd18f Replace plain 255 by MAXTTL. 2005-09-11 22:15:19 +00:00
christos
8c1f164eb6 Allow the multicast_ttl and the multicast_loop options to be set with both
u_char and u_int option variables. Original patch from seb.
2005-09-11 21:57:24 +00:00
yamt
2e85eff671 - introduce M_MOVE_PKTHDR and use it where appropriate.
intended to be mostly API compatible with openbsd/freebsd.
- remove a glue #define in netipsec/ipsec_osdep.h.
2005-08-18 00:30:58 +00:00
yamt
f02551ec2d move {tcp,udp}_do_loopback_cksum back to tcp/udp
so that they can be referenced by ipv6.
2005-08-10 13:06:49 +00:00
christos
ea2d4204b6 - add const
- remove bogus casts
- avoid nested variables
2005-05-29 21:41:23 +00:00
yamt
23cd288d37 ip_output: handle the case M_CSUM_TSOv4 but !IFCAP_TSOv4. 2005-04-18 22:06:28 +00:00
yamt
e5a2b5a4a4 fix problems related to loopback interface checksum omission. PR/29971.
- for ipv4, defer decision to ip layer as h/w checksum offloading does
  so that it can check the actual interface the packet is going to.
- for ipv6, disable it.
  (maybe will be revisited when it implements h/w checksum offloading.)

ok'ed by Jason Thorpe.
2005-04-18 21:50:25 +00:00
yamt
0b4d50d7bd when doing TSO, avoid to use duplicated ip_id heavily.
XXX ip_randomid
2005-04-07 12:22:47 +00:00
matt
7dfa1d8cf7 Set ip_len to 0 in the wm driver when TSO is being used. 2005-03-11 17:07:51 +00:00
thorpej
3901f760df In ip_fragment():
- Use the correct IP header length variable for other-than-first packets.
- Remove redundant setting of the original IP header length in the first
  packet's csum_data.  (It's already set before ip_fragment() is called
  in 1.147.)
2005-03-10 06:03:00 +00:00
matt
47df382bfe Move all the hardware-assisted checksum/segment offload code together. 2005-03-09 03:39:27 +00:00
matt
8e04817c50 Add IPv4/TCP hooks for TCP Segment Offload on transmit. 2005-03-06 00:35:07 +00:00
briggs
6fe1c07527 Fix checksum offload for fragmented packets. From John Heasley
on gnats-bugs in PR kern/29544.
Tested with an NFS client using default rwsize on an NFS server
with wm(4) interface configured IP4CSUM,TCP4CSUM,UDP4CSUM.
Prior revision required the server to have checksum offload disabled.
2005-03-05 02:46:38 +00:00
perry
f07677dd81 nuke trailing whitespace 2005-02-26 22:45:09 +00:00
heas
0f8efdd552 My last change for pseudo-header checksums was flawed. The pseudo-header
checksum is always in the L4 header by the time we get to this point.  It
was occasionally not there due to a bug in tcp_respond, which has since
been fixed.
So, instead just stash the length of the L3 header in the high 16 bits of
csum_data.
2005-02-18 00:52:56 +00:00
heas
2d4ced7c82 For controllers (eg: hme & gem) that can only perform linear hardware checksums
(from an offset to the end of the packet), the pseudo-header checksum must be
calculated by software.  So, provide it in the TCP/UDP header when
M_CSUM_NO_PSEUDOHDR is set in the interface's if_csum_flags_tx.

The start offset, the end of the IP header, is also provided in the high 16
bits of pkthdr.csum_data.  Such that the driver need not examine the packet
at all.

XXX At the request of Jonathan Stone, note that sharing of if_csum_flags_tx &
    pkthdr.csum_flags for checksum quirks should be re-evaluated.
2005-02-12 23:25:29 +00:00
manu
5c217c1a67 Add support for IPsec Network Address Translator traversal (NAT-T), as
described by RFC 3947 and 3948.
2005-02-12 12:31:07 +00:00
perry
d5c8fcf31c ANSIfy function declarations 2005-02-03 23:13:20 +00:00
perry
3494482345 de-__P -- will ANSIfy .c files later. 2005-02-02 21:41:55 +00:00
thorpej
7994b6f95e Don't perform checksums on loopback interfaces. They can be reenabled with
the net.inet.*.do_loopback_cksum sysctl.

Approved by: groo
2004-12-15 04:25:19 +00:00
peter
396b87b8c2 Convert lo(4) to a clonable device.
This also removes the loif array and changes all code to use the new
lo0ifp pointer which points to the lo0 ifnet structure.

Approved by christos.
2004-12-04 16:10:25 +00:00
thorpej
402ff2cf29 Slight simplification to IFA_STATS handling. 2004-10-06 05:42:24 +00:00
manu
6e3c639957 IPv4 PIM support, based on a submission from Pavlin Radoslavov posted on
tech-net@
2004-09-04 23:29:44 +00:00
minoura
c3ed038115 Remove broken code for now: getsockopt(s, IPPROTO_IP, IP_IPSEC_POLICY,...).
It returned EINVAL, now returns ENOPROTOOPT.
Ok'd by itojun.
2004-07-06 04:30:27 +00:00
itojun
b834441eb5 update mtu value if outgoing interface changes with ipsec ops
(draft-touch-vpn case only?)  iij seil team
2004-06-01 05:06:56 +00:00
christos
0d17293b81 Fix buffer overrun in in_pcbopts() (FreeBSD PR/66386) 2004-05-18 16:47:08 +00:00
matt
5413745100 Remove #else clause of __STDC__ 2004-04-26 01:31:56 +00:00
thorpej
2803ff0955 Use the new IPSEC_PCB_SKIP_IPSEC() to bypass a socket policy lookup
when possible.  This shaves several cycles from the output path for
non-IPsec connections, even if the policy is cached in the PCB.
2004-03-02 02:28:28 +00:00
itojun
aa8a6718f0 use if_indexlim (instead of if_index) and ifindex2ifnet[x] != NULL
to check if interface exists, as (1) if_index has different meaning
(2) ifindex2ifnet could become NULL when interface gets destroyed,
since when we have introduced dynamically-created interfaces.  from kame
2003-12-10 11:46:33 +00:00
jonathan
130f3bfc26 Patch back support for (badly) randomized IP ids, by request:
* Include "opt_inet.h" everywhere IP-ids are generated with ip_newid(),
  so the RANDOM_IP_ID option is visible. Also in ip_id(), to ensure
  the prototype for ip_randomid() is made visible.

* Add new sysctl to enable randomized IP-ids, provided the kernel was
  configured with RANDOM_IP_ID. (The sysctl defaults to zero, and is
  a read-only zero if RANDOM_IP_ID is not configured).

Note that the implementation of randomized IP ids is still defective,
and should not be enabled at all (even if configured) without
very careful deliberation. Caveat emptor.
2003-11-19 18:39:34 +00:00
jonathan
995c532c33 Revert the (default) ip_id algorithm to the pre-randomid algorithm,
due to demonstrated low-period repeated IDs from the randomized IP_id
code.  Consensus is that the low-period repetition (much less than
2^15) is not suitable for general-purpose use.

Allocators of new IPv4 IDs should now call the function ip_newid().
Randomized IP_ids is now a config-time option, "options RANDOM_IP_ID".
ip_newid() can use ip_random-id()_IP_ID if and only if configured
with RANDOM_IP_ID. A sysctl knob should be  provided.

This API may be reworked in the near future to support linear ip_id
counters per (src,dst) IP-address pair.
2003-11-17 21:34:27 +00:00
enami
bae9643b84 Increment stats when packet is dropped since there is no room
to put all fragments in the interfaces's send queue.  Some large
UDP packets are dropped here and administrator may want to bump ifqmaxlen.
2003-10-17 20:31:12 +00:00
itojun
5e7b0c710b more correction to ip_fragment; free mbuf correctly if ENOBUFS is raised
during fragmenting.
2003-10-14 06:36:48 +00:00
itojun
00af50df1b avoid mbuf leak on ip_fragment(); obey 4.4bsd mbuf passing rule (mbuf passed
to a function must be freed by the called function on error).
pointed out by enami
2003-10-14 03:38:49 +00:00
itojun
98d5598feb when dropping M_PKTHDR, need to free m_tag associated with it. 2003-10-03 20:56:11 +00:00
itojun
899b67c09a correct ip_fragment() wrt ip->ip_off handling.
do not send out incomplete fragment due to ENOBUFS (behavior change from 4.4BSD)
2003-10-01 23:54:40 +00:00
jonathan
5923dedaeb Fast-ipsec can call ip_output() with a null 'struct socket *so'
argument.  So check so is non-NULL before doing the pointer-chasing
dance to find the PCB. (Unless and until we rework fast-ipsec and
KAME, to pass a struct in_pcbhdr * instead of the struct socket *).
2003-09-19 00:27:56 +00:00
itojun
32e3deae21 randomize IPv4/v6 fragment ID and IPv6 flowlabel. avoids predictability
of these fields.  ip_id.c is from openbsd.  ip6_id.c is adapted by kame.
2003-09-06 03:36:30 +00:00
itojun
5c39f4aaa7 don't intiialize m by m0, m0 is not initialized (by introduction of ip_fragment) 2003-08-27 02:09:59 +00:00
itojun
3e76200c67 need sys/domain.h for FAST_IPSEC case; jonathan 2003-08-23 01:41:10 +00:00
itojun
11ede1ed88 remove ipsec_set/getsocket. now we explicitly pass socket * to ip{,6}_output. 2003-08-22 22:00:36 +00:00
itojun
82eb4ce914 change the additional arg to be passed to ip{,6}_output to struct socket *.
this fixes KAME policy lookup which was broken by the previous commit.
2003-08-22 21:53:01 +00:00