Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
94,201 Commits 606 Branches 0 Tags 3.1 GiB
0cb6a3a2a5
Commit Graph

462 Commits

Author SHA1 Message Date
itojun
57030e2f12 cache IPsec policy on in6?pcb. most of the lookup operations can be bypassed, 
especially when it is a connected SOCK_STREAM in6?pcb.  sync with kame.
 2001-08-06 10:25:00 +00:00
itojun
e3d077542f cosmetic (spacing near /* */). sync with kame 2001-08-05 22:20:44 +00:00
itojun
cad488d032 sync gif interface code with latest kame. 
IFF_RUNNING is clearified.  attach/detach logic is more clearner.
the old code mistakenly set IFF_UP by itself, now the behavior is gone.
 2001-07-29 05:08:32 +00:00
itojun
fd5e7077a3 allocate ipsec policy buffer attached to pcb in in*_pcballoc, before 
giving anyone accesses to pcb (do not reveal an inconsistent ones).
sync with kame
 2001-07-25 23:28:02 +00:00
itojun
a21ce80cd6 ifindex2ifnet could return NULL if if_detach() is used (pcmcia card 
removal and such).
 2001-07-25 09:23:46 +00:00
itojun
0cd424b3ce ifidex2ifnet could contain NULL after if_detach(). sync with kame 2001-07-25 06:59:51 +00:00
itojun
19392ee73b fix comment on setsockopt arg size. KAME PR 369 2001-07-24 00:44:36 +00:00
itojun
bee33e3d00 repair scoped address handling in PRU_BIND. sync with kame. 2001-07-23 19:29:53 +00:00
wiz
a9356936b4 seperate -> separate 2001-07-22 13:33:58 +00:00
itojun
7f070caa75 sync rt_ifp check with IPv4 counterpart (see sys/net/if_ethersubr.c 1.27). 
sync with kame
 2001-07-20 20:26:35 +00:00
itojun
8c9f492242 do not malloc() during interrupt context for IPv6 multicast kludge table. 
malloc() during interface initialization.  sync with kame
 2001-07-18 13:12:27 +00:00
itojun
fc35f336c7 sync with draft-ietf-ipngwg-p2p-pingpong-00.txt. apply special behavior 
only if ip6_dst is "neighbor" within p2p prefix.  sync with kame
 2001-07-18 09:24:26 +00:00
itojun
5e920039c6 have ovbcopy() macro, for cross-BSD compatibility only. 2001-07-07 14:45:46 +00:00
itojun
193167b1eb call in{,6}_pcbpurgeif0() before in{,6}_purgeif(). 2001-07-03 08:06:19 +00:00
itojun
1ff38f4d03 on interface removal, remove multicast groups joined from pcb, before 
removing interface addresses.  without the change, we may deref
NULL pointer in in_pcbpurgeif().  from jinmei@kame, sync with kame
 2001-07-02 15:25:34 +00:00
itojun
03927c60a5 call defrouter_select() only if it is autoconfigured host. 2001-06-29 16:01:47 +00:00
itojun
02c94ca414 refresh default router list on nd6_detach(), only if we are an 
autoconfigured host.  bug was that, we will lose default route on
"ifconfig gif0 destroy" even if default is not pointing to gif0.
reported by ume@mahoroba.org.  sync with kame
 2001-06-27 17:36:14 +00:00
itojun
9ccf08b3c5 netbsd; on interface removal, force pcbs to leave from multicast groups 
pointing toward the interface about to be removed.  sync with kame
XXX still need more discussions on semantics.  the behavior should be safer
 2001-06-27 15:53:14 +00:00
itojun
77a4124f7d the documents are out of sync with the latest situation. remove them. 2001-06-24 19:40:35 +00:00
itojun
885b74c2be select default router again, when L2 address of the router changes 2001-06-22 13:36:12 +00:00
itojun
0213b76857 remove RFC1885 compatibility code in #ifdef COMPAT_RFC1885, for icmp6 
reply packet size consideration (obsolete, not used for a long time).
sync with kame
 2001-06-22 13:01:49 +00:00
itojun
57d1913ebc do not forward packet back to point-to-point interface, if the packet 
matches the ipv6 prefix assigned to the p2p interface (= redirect case).
this leads to pingpong, chews bandwidth.  bad thing is that bad guy from
remote can chew bandwidth.  (follows upcoming internet draft)
 2001-06-22 12:33:05 +00:00
wiz
ccfe29f3cf Symmetric has one s and two m's. 2001-06-18 11:23:00 +00:00
matt
5571e920d6 senderr needs only be declared when PFIL_HOOKS is defined 2001-06-12 17:55:52 +00:00
itojun
bdbfdf946d run pfil_hooks for IPv6 forwarding path (note: ip6_forward() does not 
call ip6_output()).
 2001-06-12 15:12:33 +00:00
itojun
8b646a5273 remove IPV6FIREWALL case, which is never used 2001-06-11 13:49:18 +00:00
wiz
40ac848024 Fix various misspellings of compatible/compatibility. 2001-06-11 01:50:48 +00:00
mrg
6a536c0364 fix a IPNOPRIVPORTS unused variable botch. noted by proff. 2001-06-06 06:07:06 +00:00
thorpej
ad9d3794b0 Implement support for IP/TCP/UDP checksum offloading provided by 
network interfaces.  This works by pre-computing the pseudo-header
checksum and caching it, delaying the actual checksum to ip_output()
if the hardware cannot perform the sum for us.  In-bound checksums
can either be fully-checked by hardware, or summed up for final
verification by software.  This method was modeled after how this
is done in FreeBSD, although the code is significantly different in
most places.

We don't delay checksums for IPv6/TCP, but we do take advantage of the
cached pseudo-header checksum.

Note: hardware-assisted checksumming defaults to "off".  It is
enabled with ifconfig(8).  See the manual page for details.

Implement hardware-assisted checksumming on the DP83820 Gigabit Ethernet,
3c90xB/3c90xC 10/100 Ethernet, and Alteon Tigon/Tigon2 Gigabit Ethernet.
 2001-06-02 16:17:09 +00:00
itojun
781f6920ab use default hoplimit when incoming interface is not given to icmp6_reflect. 
sync with kame
 2001-06-01 05:54:19 +00:00
mrg
67afbd6270 use _KERNEL_OPT 2001-05-30 11:57:16 +00:00
thorpej
c973d6a0eb Skip the pseudo-header if nxt == 0. This is already documented 
in in6_cksum(9) and is also the behavior of the i386 optimized
version.
 2001-05-30 03:06:56 +00:00
itojun
e91c2ce847 remove debug printfs, which can be too noisy. sync with kame. 2001-05-27 17:36:07 +00:00
itojun
fc644273cd print more diag message on in6_addmulti() failures. 2001-05-24 08:17:22 +00:00
itojun
a7596d1912 call icmp6_mtudisc_update(foo, 0) even if ICMPv6 messages are very short. 
let icmp6 layer decide whether we take PMTUD routes or not.
 2001-05-24 07:22:27 +00:00
itojun
fc66251bda plug memory leak on invalid fragment packet. supress noisy log. from kame 2001-05-17 14:01:37 +00:00
itojun
498fdebcd7 drop multi destination mode (IFF_LINK0). 2001-05-14 13:35:20 +00:00
itojun
f4d5905544 there's no need to #if NFAITH here. IN6P_FAITH can be set even on 
NFAITH == 0 kernel, it is safer to always check the condition.
sync with kame.
 2001-05-11 18:38:03 +00:00
itojun
63181d71c1 correct ecn consideration on tunnel encap/decap. sync with kame. 2001-05-10 01:37:42 +00:00
itojun
1bec764d78 correct faith prefix determination. use sys/netinet/if_faith.c:faithprefix() 
to determine.  sync with kame.
(without this change, non-faith socket may mistakenly accept for-faith traffic)
 2001-05-08 10:15:13 +00:00
itojun
d1b6307b88 do not copy TTL field on ipsec tunnel mode encapsulation. sync with kame 2001-04-15 01:55:49 +00:00
thorpej
bf2dcec4f5 Remove the use of splimp() from the NetBSD kernel. splnet() 
and only splnet() is allowed for the protection of data structures
used by network devices.
 2001-04-13 23:29:55 +00:00
itojun
f4e4c674a7 disallow userland programs from specifying addresses with IPV6_PKTINFO 
setsockopt, if:
- the address is not verified by DAD (= not ready)
- the address is an anycast address (= not permitted as source)
sync with kame
 2001-04-11 04:57:53 +00:00
itojun
5ed8fd262b suppress RS/RA log messages (can be re-enabled by net.inet6.icmp6.nd6_debug), 
as they may fill up /var.  sync with kame.
 2001-04-04 06:28:41 +00:00
itojun
2abaa8eae5 make sure rcvif is sane on call to icmp6_reflect 2001-04-04 06:28:40 +00:00
itojun
92969654c0 enable FAKE_LOOPBACK_IF case by default. 
now traffic on loopback interface will be presented to bpf as normal wire
format packet (without KAME scopeid in s6_addr16[1]).

fix KAME PR 250 (host mistakenly accepts packets to fe80::x%lo0).

sync with kame.
 2001-03-30 11:08:56 +00:00
itojun
dbcd4b8d03 fix constness of IN6_{IS,ARE}_xx with RFC2553. sync with kame. 2001-03-30 05:53:52 +00:00
itojun
2fb1887b31 re-initialize mopt in ip6_insert_jumboopt(). sync with kame 
From: csapuntz@stanford.edu
 2001-03-25 09:58:43 +00:00
itojun
0c8d8ae7a0 couple of missing splx. sync with kame. 
From: csapuntz@play-doh.stanford.edu (Constantine Sapuntzakis)
 2001-03-25 09:06:03 +00:00
itojun
3e898c9239 in nd6_cache_lladdr(), set nd6_gctimer to ln_expire just after the state 
transition to STALE.  fixes tahi test breakage.  sync with kame.
 2001-03-21 21:56:29 +00:00
thorpej
20fe4e2d96 Add a protosw flag, PR_ABRTACPTDIS (Abort on Accept of Disconnected 
Socket), and add it to the protocols that use that behavior (all
PR_LISTEN protocols except for PF_LOCAL stream sockets).
 2001-03-21 19:22:27 +00:00
itojun
4ce63adb1e do not inject packets to ipfilter, if the packet went through IPsec tunnel. 
http://www.netbsd.org/Documentation/network/ipsec/#ipf-interaction
 2001-03-21 19:12:56 +00:00
itojun
93b8b31feb set rmx_mtu to L2 interface mtu, instead of 0, on mtudisc timeout. 
ip6_output() change is for safety.  sync with kame
 2001-03-21 07:52:13 +00:00
itojun
e4ecd03f2a drop packets with link-local addresses, 
if (internally-used) interface ID portion is already filled.  sync with kame
 2001-03-16 12:22:34 +00:00
itojun
27a0af5865 nd6_storelladdr() was not consistent about m_freem() policy. 
do not touch RTF_STATIC entries (static ND entries) on ND cache update.
couple of costmetic sync.  sync with kame
 2001-03-08 10:49:32 +00:00
itojun
7695280d34 more missing splx. from kame 2001-03-08 10:48:40 +00:00
itojun
912f42ecda remove bogus rtfree. sync with kame. inspired by openbsd PR 1706. 2001-03-08 00:19:03 +00:00
itojun
4e45315377 missing splx. from aaron@openbsd. sync with kame 2001-03-07 22:50:14 +00:00
itojun
c9e08725bc avoid possible alignment issue. sync with kame 2001-03-04 16:49:17 +00:00
itojun
dc3424f555 pass key to rijndael logic as binary, not hexadecimal string. 
sync with kame
 2001-03-02 15:42:39 +00:00
itojun
f03176a0a8 have comment that refers to kame COVERAGE document. sync with kame 2001-03-02 04:55:40 +00:00
itojun
8c8c2f71a4 the date string in KAME version is getting very meaningless, remove. 2001-03-02 04:52:54 +00:00
itojun
2d6047cff9 make sure to enforce inbound ipsec policy checking, for any protocols on top 
of ip (check it when final header is visited).  sync with kame.
XXX kame team will need to re-check policy engine code
 2001-03-01 16:31:37 +00:00
itojun
233e3963ed make sure to validate packet against ipsec policy. 2001-02-26 07:20:44 +00:00
cgd
023e9f0649 C requires that labels be followed by statements. 2001-02-24 00:01:22 +00:00
itojun
f2a66201fc garbage-collect stale ND entries (default: 1 day). 
RFC 2461 5.3.  sync with kame.
 2001-02-23 08:02:41 +00:00
itojun
e1196a8f6e remove unnecessary state, ND6_LLINFO_WAITDELETE, from neighbor cache 
state machine.
no need for RTF_REJECT on neighbor cache entires, they are leftover from
ARP code.
sync with kame.
 2001-02-23 06:41:50 +00:00
itojun
2df943e652 correct handling of upper limitation to # of reass queue. 2001-02-22 05:04:42 +00:00
itojun
49889b3afd be more more picky about option length parsing. sync with kame 2001-02-22 01:40:25 +00:00
itojun
e1e316562b make validation code more strict for ND6/dest6 variable length headers. 
check duplicated nd6_ifinfo table initialization in a better way.
sync with kame
 2001-02-21 17:23:09 +00:00
itojun
96413230d1 style, to make kame sync easier 2001-02-21 16:28:43 +00:00
itojun
52f2cece9f tighten AH IPv4 option chasing more. drop too short (< 2) option. 
sync with kame.
 2001-02-21 01:27:58 +00:00
itojun
c9928e0ab1 need PR_ADDR|PR_ATOMIC for IPPROTO_EON. fix typo. from chopps, sync with kame 2001-02-21 00:11:53 +00:00
itojun
da8a3f0179 add AF_ISO case to output. from chopps. 2001-02-20 10:41:47 +00:00
itojun
176db3e930 ISO over IPv4/v6 by EON encapsulation. from chopps, sync with kame. 2001-02-20 08:49:15 +00:00
itojun
5bc3f3ff96 correct IPv4 option handling. 2001-02-19 04:24:27 +00:00
itojun
26a76076be correct IPv4 option header chasing. the old code may overrun the buffer 
if the option header is truncated.  sync with kame
 2001-02-19 03:47:01 +00:00
itojun
e6dbed9659 wording in comment. 
is contradict -> "is contradictory", or "contradicts".
 2001-02-16 15:13:40 +00:00
itojun
f99a50f858 protect router list management by splsoftnet properly. sync with kame 2001-02-11 07:12:01 +00:00
itojun
1bc6ca28a1 make sure to clean ln_byhint on reachability confirmation. 2001-02-11 07:00:03 +00:00
itojun
1442c06fae wrap kernel-only #define (kame cross-bsd portability) into _KERNEL. 2001-02-11 06:50:59 +00:00
itojun
bc5a6e2482 pull latest kame pcbnotify code. synchronizes ICMPv6 path mtu discovery 
behavior with other protocols (i.e. validation, use of hiwat/lowat).
 2001-02-11 06:49:49 +00:00
itojun
2390806e17 whitespace sync with kame 2001-02-11 05:25:04 +00:00
itojun
5318e0ee0f remove #ifdef __FreeBSD__. 2001-02-11 05:24:21 +00:00
itojun
37bb4bf58b set frag6_doing_reass properly (for frag6_drain). sync with kame. 2001-02-11 05:05:27 +00:00
itojun
7781d63a92 recover $NetBSD$ (removed by mistake) 2001-02-11 04:53:49 +00:00
itojun
9a9c998cc7 add missing IFAFREE() in error recovery case. 2001-02-11 04:29:30 +00:00
itojun
e1f4f77960 to sync with kame better, (1) remove register declaration for variables, 
(2) sync whitespaces, (3) update comments. (4) bring in some of portability
and logging enhancements.  no functional changes here.
 2001-02-10 04:14:26 +00:00
itojun
4cd9449e34 initialize "mbz" member. kame 1.35 -> 1.36 2001-02-10 03:06:39 +00:00
itojun
7f548573d5 cosmetic changes to sync with kame. tabify and minor local variable renames 2001-02-10 02:19:57 +00:00
itojun
20e2452579 fix if_set for architectures with sizeof(long) != 4. IF_xxx behaved badly. 
(no fear of overrun, since index was mistakenly computed to too small value)
 2001-02-10 02:10:14 +00:00
itojun
6b9104e0f7 sync with kame better. cosmetic/stat changes only. 2001-02-08 18:43:17 +00:00
itojun
ae819d9324 move udp6_output() to separate file. (sync better with kame) 2001-02-08 16:48:01 +00:00
itojun
109fcc5522 implement upper limit to icmp6 redirects (experimental, turned off) 
negative value to {mtudisc,redirect}_{hi,lo}wat will turn off the limitation.
sync with kame.
 2001-02-08 16:07:39 +00:00
itojun
179a7e0d7b send up dst_unreach_admin error to local node, if transport-mode 
ipsec key is not found.  rather experimental.  kame 1.83 -> 1.84

nuke IPSEC_SRCSEL which does not do the right thing.
adjust state->ro if the tunnel endpoint is offlink.  KAME PR 233.
kame 1.84 -> 1.85
 2001-02-08 15:04:26 +00:00
itojun
574214f10a amove in6_{embed,recover}scope prototypes to in6_var.h (kernel only). 
add in6_clearscope.  sync with kame
 2001-02-08 14:56:15 +00:00
itojun
a1d89972c7 when chasing nd6_llinfo chain, make sure we do not touch dangling 
pointer (due to RTM_DELETE during default router list management).
from kame
 2001-02-08 12:57:54 +00:00
itojun
c8e86cc06a remove bogus DIAGNOSTIC. sync with kame 2001-02-07 10:56:38 +00:00
itojun
22b473e0f6 during ip6/icmp6 inbound packet processing, do not call log() nor printf() in 
normal operation (/var can get filled up by flodding bogus packets).
sysctl net.inet6.icmp6.nd6_debug will turn on diagnostic messages.
(#define ND6_DEBUG will turn it on by default)

improve stats in ND6 code.

lots of synchronziation with kame (including comments and cometic ones).
 2001-02-07 08:59:47 +00:00
itojun
172e802b90 bad semicolon after "if" conditional. sync with kame 2001-02-06 01:27:29 +00:00