Commit Graph

55 Commits

Author SHA1 Message Date
fvdl d5aece61d6 Back out the lwp/ktrace changes. They contained a lot of colateral damage,
and need to be examined and discussed more.
2003-06-29 22:28:00 +00:00
darrenr 960df3c8d1 Pass lwp pointers throughtout the kernel, as required, so that the lwpid can
be inserted into ktrace records.  The general change has been to replace
"struct proc *" with "struct lwp *" in various function prototypes, pass
the lwp through and use l_proc to get the process pointer when needed.

Bump the kernel rev up to 1.6V
2003-06-28 14:20:43 +00:00
itojun 9401012487 KNF - return is not a function. sync w/kame. 2002-09-11 02:46:42 +00:00
matt c03e11f081 Eliminate commons. 2002-05-12 20:33:50 +00:00
lukem 4f2ad95259 add RCSIDs 2001-11-13 00:56:55 +00:00
simonb 5f717f7c33 Don't need to include <uvm/uvm_extern.h> just to include <sys/sysctl.h>
anymore.
2001-10-29 07:02:30 +00:00
itojun 73f4e5001f more whitespace sync with kame 2001-10-24 06:36:37 +00:00
itojun c7e6405a34 remove unused codepath (unifdef -UUDP6) 2001-10-24 06:04:08 +00:00
itojun ae5499819c reduce diffs with kame (mostly cosmetic).
move IPV6_CHECKSUM processing to sys/netinet6/raw_ip6.c.
constify a couple of places.
2001-10-18 07:44:33 +00:00
itojun 91498ffec5 implement IPV6_V6ONLY socket option from draft-ietf-ipngwg-rfc2553bis-03.txt.
IPV6_BINDV6ONLY (netbsd only) is deprecated, but still work just like before.
2001-10-15 09:51:15 +00:00
itojun fd5e7077a3 allocate ipsec policy buffer attached to pcb in in*_pcballoc, before
giving anyone accesses to pcb (do not reveal an inconsistent ones).
sync with kame
2001-07-25 23:28:02 +00:00
itojun 193167b1eb call in{,6}_pcbpurgeif0() before in{,6}_purgeif(). 2001-07-03 08:06:19 +00:00
itojun e91c2ce847 remove debug printfs, which can be too noisy. sync with kame. 2001-05-27 17:36:07 +00:00
itojun a7596d1912 call icmp6_mtudisc_update(foo, 0) even if ICMPv6 messages are very short.
let icmp6 layer decide whether we take PMTUD routes or not.
2001-05-24 07:22:27 +00:00
itojun 1bec764d78 correct faith prefix determination. use sys/netinet/if_faith.c:faithprefix()
to determine.  sync with kame.
(without this change, non-faith socket may mistakenly accept for-faith traffic)
2001-05-08 10:15:13 +00:00
itojun bc5a6e2482 pull latest kame pcbnotify code. synchronizes ICMPv6 path mtu discovery
behavior with other protocols (i.e. validation, use of hiwat/lowat).
2001-02-11 06:49:49 +00:00
itojun e1f4f77960 to sync with kame better, (1) remove register declaration for variables,
(2) sync whitespaces, (3) update comments. (4) bring in some of portability
and logging enhancements.  no functional changes here.
2001-02-10 04:14:26 +00:00
itojun ae819d9324 move udp6_output() to separate file. (sync better with kame) 2001-02-08 16:48:01 +00:00
itojun 617b3fab7e - record IPsec packet history into m_aux structure.
- let ipfilter look at wire-format packet only (not the decapsulated ones),
  so that VPN setting can work with NAT/ipfilter settings.
sync with kame.

TODO: use header history for stricter inbound validation
2001-01-24 09:04:15 +00:00
itojun 5eae50d991 update icmp6 too big validation. the change is necessary since pmtud is
mandatory for IPv6 (so we can't just validate by using connected pcb - we need
to allow traffic from unconnected pcb to do pmtud).
- if the traffic is validated by xx_ctlinput, allow up to "hiwat" pmtud
  route entries.
- if the traffic was not validated by xx_ctlinput, allow up to "lowat" pmtud
  route entries (there's upper limit, so bad guys cannot blow up our routing
  table).
sync with kame

XXX need to think again about default hiwat/lowat value.
XXX victim selection to help starvation case
2000-12-09 01:29:45 +00:00
itojun ef8a34f5c3 fix IPv4 TTL selection with AF_INET6 API. sync with kame. From: jdc 2000-11-06 00:50:12 +00:00
itojun edd876a35d validate ICMPv6 too big message.
XXX too restrictive given frequent uses of sendto(2)
2000-10-19 01:14:13 +00:00
itojun 6e3a9bc311 validate mbuf chain length on *_ctlinput. remote node may be able to
transmit a truncated icmp6 packet and panic the system.  sync with kame.
2000-10-13 17:53:44 +00:00
itojun ec67eee51f sync with kame.
introduce in6_{recover,embed}scope, for in-kernel scoped-address manipulation.
improve in6_pcbnotify.
2000-07-07 15:54:16 +00:00
mrg cf594a3f4d <vm/vm.h> -> <uvm/uvm_extern.h> 2000-06-28 03:01:16 +00:00
itojun ffedfcb68d make sure not to overwrite sockaddr on PRU_SEND/PRU_CONNECT to
link-local address.  From: frank
2000-06-08 13:51:33 +00:00
itojun 8987054176 pass struct proc * down to udp6_output and in6_pcbbind. 2000-06-05 06:38:22 +00:00
itojun fa2abf5727 make net.inet6.udp6.* sysctl name meet with IPv4 counterpart.
XXX do we need to keep symbols mistakingly added (like UDP6CTL_SENDMAX)
for backward compatibility?  I believe not.
2000-05-22 15:22:36 +00:00
itojun 81e8059dfc fix endian issue in filling in interface id.
better sync with kame (nuke space at EOL).
2000-04-17 16:26:07 +00:00
itojun 04ac848d6f introduce m->m_pkthdr.aux to hold random data which needs to be passed
between protocol handlers.

ipsec socket pointers, ipsec decryption/auth information, tunnel
decapsulation information are in my mind - there can be several other usage.
at this moment, we use this for ipsec socket pointer passing.  this will
avoid reuse of m->m_pkthdr.rcvif in ipsec code.

due to the change, MHLEN will be decreased by sizeof(void *) - for example,
for i386, MHLEN was 100 bytes, but is now 96 bytes.
we may want to increase MSIZE from 128 to 256 for some of our architectures.

take caution if you use it for keeping some data item for long period
of time - use extra caution on M_PREPEND() or m_adj(), as they may result
in loss of m->m_pkthdr.aux pointer (and mbuf leak).

this will bump kernel version.

(as discussed in tech-net, tested in kame tree)
2000-03-01 12:49:27 +00:00
itojun 03f0ac370f make ICMPv6 redirect actually flush route cache in udp6/raw6 socket. 2000-02-28 16:10:52 +00:00
itojun 1bb987a022 remove extra NULL check
typo in PULLDOWN_TEST case
note: the fixes does not affect normal configuration.
(sync with kame)
2000-02-25 00:29:00 +00:00
itojun 90736ab608 fix include pathname for better rfc2292 compliance. 2000-02-06 12:49:37 +00:00
itojun 76064f5770 don't chase mbuf pointer when it is NULL. 2000-02-06 08:06:43 +00:00
thorpej c1185c1020 PRU_PURGEADDR -> PRU_PURGEIF, per a discussion w/ itojun. In the IPv4
and IPv6 code, also use this to traverse PCB tables, looking for cached
routes referencing the dying ifnet, forcing them to be refreshed.
2000-02-02 23:28:08 +00:00
thorpej d844a3ac41 First-draft if_detach() implementation, originally from Bill Studnemund,
although this version has been changed somewhat:
- reference counting on ifaddrs isn't as complete as Bill's original
  work was.  This is hard to get right, and we should attack one
  protocol at a time.
- This doesn't do reference counting or dynamic allocation of ifnets yet.
- This version introduces a new PRU -- PRU_PURGEADDR, which is used to
  purge an ifaddr from a protocol.  The old method Bill used didn't work
  on all protocols, and it only worked on some because it was Very Lucky.

This mostly works ... i.e. works for my USB Ethernet, except for a dangling
ifaddr reference left by the IPv6 code; have not yet tracked this down.
2000-02-01 22:52:04 +00:00
itojun 1a2a1e2b1f bring in latest KAME ipsec tree.
- interop issues in ipcomp is fixed
- padding type (after ESP) is configurable
- key database memory management (need more fixes)
- policy specification is revisited

XXX m->m_pkthdr.rcvif is still overloaded - hope to fix it soon
2000-01-31 14:18:52 +00:00
itojun 63fd2c0262 destination port == 0 is illegal based on RFC768.
(NetBSD PR: 9137 - I thought I committed this already but I wasn't)
2000-01-31 10:39:26 +00:00
itojun b3761abef8 remove extra portability #ifdef (like #ifdef __FreeBSD__) in KAME IPv6/IPsec
code, from netbsd-current repository.
#ifdef'ed version is always available from ftp.kame.net.

XXX please do not make too many diff-unfriendly changes, we'll need to take
bunch of diffs on upgrade...
2000-01-06 15:46:07 +00:00
itojun dc0f1c0435 drop IPv6 packets with v4 mapped address on src/dst. they are illegal
and may be used to fool IPv6 implementations (by using ::ffff:127.0.0.1 as
source you may be able to pretend the packet is from local node)
1999-12-22 04:03:01 +00:00
itojun abddb5f851 do not overwrite traffic class field when we write IPv6 version field. 1999-12-15 06:28:43 +00:00
itojun ea861f0183 sync IPv6 part with latest KAME tree. IPsec part is left unmodified
due to massive changes in KAME side.
- IPv6 output goes through nd6_output
- faith can capture IPv4 packets as well - you can run IPv4-to-IPv6 translator
  using heavily modified DNS servers
- per-interface statistics (required for IPv6 MIB)
- interface autoconfig is revisited
- udp input handling has a big change for mapped address support.
- introduce in4_cksum() for non-overwriting checksumming
- introduce m_pulldown()
- neighbor discovery cleanups/improvements
- netinet/in.h strictly conforms to RFC2553 (no extra defs visible to userland)
- IFA_STATS is fixed a bit (not tested)
- and more more more.

TODO:
- cleanup os-independency #ifdef
- avoid rcvif dual use (for IPsec) to help ifdetach

(sorry for jumbo commit, I can't separate this any more...)
1999-12-13 15:17:17 +00:00
itojun 6b9bfc0691 - Call in{,6}_pcbdetach if ipsec initialization is failed during PRU_ATTACH.
This situation happens on severe memory shortage.  We may need more
  improvements here and there.
- Grab IEEE802 address from IFT_ETHER card, even if the card is
  inserted after bootup time.  Is there any other card that can be
  inserted afterwards?  pcmcia fddi card? :-P
- RFC2373 u bit handling suggests that we SHOULD NOT copy interface id from
  ethernet card to pseudo interface, when ethernet card has IEEE802/EUI64
  with u bit != 0 (this means that IEEE802/EUI64 is not universally unique).
  Do not use such address as, for example, interface id for gif interface.
  (I have such an ethernet card myself)
  This may change interface id for your gif interface.  be careful upgrading
  rc files.

(sync with recent KAME)
1999-09-13 12:15:54 +00:00
itojun d48c55f4f0 ctlinput handling must look at ip6_src, not ip6_dst.
(this makes path mtu handling wrong)
1999-08-25 12:38:14 +00:00
itojun 8dba61e664 fix multicast demux.
From: Matthias Drochner <drochner@zel459.zel.kfa-juelich.de>
1999-08-13 10:57:05 +00:00
itojun a9b7fe4621 return with doing nothing from xx_ctlinput(), when sa->sa_family
is not the expected one.

I see PRC_REDIRECT_HOST with sa->sa_family == AF_UNIX coming to
{tcp,udp}_ctlinput() when I use dhclient, and I feel like adding
more sanity checks, without logging - if we log it it is too noisy.
1999-08-09 10:55:29 +00:00
itojun 7a60aa28c2 log() needs "\n" at the end. 1999-08-09 02:24:52 +00:00
itojun 6d8996ba49 import recent kAME fixes.
- initialize hoplimit for raw6 socket properly.
- respect SO_TIMESTAMP on udp6.
- more sanity checks.
1999-08-05 16:01:07 +00:00
itojun 70ada0957e sync with recent KAME.
- loosen ipsec restriction on packet diredtion.
- revise icmp6 redirect handling on IsRouter bit.
- tcp/udp notification processing (link-local address case)
- cosmetic fixes (better code share across *BSD).
1999-07-31 18:41:15 +00:00
itojun 06c350054d remove reference to in6_systm.h (file itself will be removed afterwords) 1999-07-30 10:35:34 +00:00