Commit Graph

440 Commits

Author SHA1 Message Date
itojun 2af85c262b improve code sharing for esp_schedule(). add some diagnostics cases
for esp_cbc_{en,de}crypt().  sync with kame.
2000-08-29 11:32:21 +00:00
itojun 6fe60cce5f do not forward packets with unspecified source address (::).
this is clarification recently made to RFC2460.  sync with kame.
2000-08-29 09:19:43 +00:00
itojun bb8d535cc5 use per-block cipher function + esp_cbc_{de,en}crypt. do not use
cbc-over-mbuf functions in sys/crypto.

the change should make it much easier to switch crypto function to
machine-dependent ones (like assembly code under sys/arch/i386/crypto?).
also it should be much easier to import AES algorithms.

XXX: it looks that past blowfish-cbc code was buggy.  i ran some test pattern,
and new blowfish-cbc code looks more correct.  there's no interoperability
between the old code (before the commit) and the new code (after the commit).

XXX: need serious interop tests before move it into 1.5 branch
2000-08-29 09:08:42 +00:00
itojun 3da9705446 add a warning on IPv6 setsockopt number space (*BSD shares the number space
so consult KAME for number allocation)
2000-08-27 01:02:48 +00:00
itojun 152da24bd9 implement net.inet6.ip6.{anon,low}port{min,max} sysctl variable. 2000-08-26 11:03:45 +00:00
itojun 4d40179399 add missing IPNOPRIVPORTS case 2000-08-26 10:40:03 +00:00
thorpej 5bd1b19b29 Don't use MALLOC() for variable-sized allocations. 2000-08-25 21:22:16 +00:00
itojun cabceaa265 - icmp6 nodeinfo: remove possibility of unaligned pointer access.
- jumbo payload output: fix incorrect mbuf manipulation
- pedant: align issues, mbuf assumption
(sync with kame)
2000-08-19 08:15:53 +00:00
itojun e6efb27c84 add missing splx, when outgoing interface queue is full on tunnelled
ESP packet output.  KAME PR 280.
2000-08-16 09:54:39 +00:00
thorpej 831a48fd0b Make this compile without INET6 again. 2000-08-15 21:43:57 +00:00
itojun 54aeb79d4c supress warning (LOG_ERR -> LOG_DEBUG) which occurs in the following situation:
- manually configure an address from prefix P (like P::1)
- autoconfigure additional address from the same prefix P (like P::ifid).
- rtrequest fails due to P/plen already exists

more fundamental solution should appear later, when kame side stablizes it.
from thopej.
2000-08-13 23:45:22 +00:00
itojun 5e868d1e49 clearifications in icmp6 node query support.
XXX previous commit included "supported qtypes" icmp6 node query support.
sorry commit message was mistaken.
2000-08-03 16:30:37 +00:00
itojun afa5315364 correct typo in #define. ICMP6_NI_SUCESS -> SUCCESS (notice missing C).
sync with kame.
2000-08-03 14:31:04 +00:00
itojun 6574aa66e8 inhibit error code from rtinit(). this happens when we try to assign
multiple addresses from same prefix, onto single interface.  PR 10427.


more info:
- 4.4BSD did not check return code from in_ifinit() at all.
  4.4BSD does not support multiple address from same prefix.
- past KAME change passed in{,6}_ifinit() to upwards, toward ifconfig(8).
  the behavior is filed as PR 10427.
- the commit inhibits EEXIST from rtinit(), hence partially recovers old
  4.4BSD behavior.
- the right thing to happen is to properly support multiple address assignment
  from the same prefix.  KAME tree has more extensive change, however, it needs
  much more time to get stabilized (rtentry refcnt change can cause serious
  issue, we really need to bake it before bring it to netbsd)
2000-08-02 15:03:02 +00:00
itojun 32ef6bb0e7 sync comment with reality 2000-07-30 05:30:37 +00:00
itojun 0036ac92be clarify comment. from jhawk. sync with kame. 2000-07-30 04:33:34 +00:00
itojun 5e8b5a35e4 make ipsec_strerror(3) to return const char *, not char *. sync with kame. 2000-07-30 02:38:35 +00:00
itojun 63de4c2cb9 nuke the following sysctl variables. "ppsratelimit" should work better.
need to recompile sbin/sysctl after updating /usr/include.
	net.inet.tcp.rstratelimit
	net.inet.icmp.errratelimit
	net.inet6.icmp6.errratelimit
2000-07-28 04:06:52 +00:00
itojun 73a29e35ff do not forward packet with :: in the source.
this is not in the spec - we had rough consensus on it in ipngwg,
spec will get updated to include this behavior.
2000-07-27 15:53:51 +00:00
itojun fec624be3f wrap kernel function prototype by #ifdef _KERNEL. 2000-07-23 08:24:12 +00:00
itojun 411ff12b27 pre-compute and cache intermediate crypto key. suggestion from sommerfeld,
sync with kame.

loopback, blowfish-cbc transport mode, 128bit key
before: 86588496 bytes received in 00:42 (1.94 MB/s)
after: 86588496 bytes received in 00:31 (2.58 MB/s)
2000-07-23 05:23:04 +00:00
itojun 65d37eff7f correct RFC2367 PF_KEY conformance (SADB_[AE]ALG_xx values and namespaces).
sync from kame.

WARNING: need recompilation of setkey(8) and pkgsrc/security/racoon.
(no ipsec-ready netbsd was released as official release)
2000-07-18 14:56:42 +00:00
itojun 5f09b77987 s/IPSEC_IPV6FWD/IPSEC/. this should correct strange behavior on ipv6
forwarding (even if policy asks for tunnel mode encryption, packets
go out in clear).  sync with kame.
2000-07-16 07:57:55 +00:00
itojun a2744a4cf8 do not pull sys/queue.h from netinet6/in6.h. PR10597.
some sync with kame.
2000-07-16 01:10:34 +00:00
itojun 20964b0c23 fatal bug fix from kame (rtentry refcnt goes negative if we play with IPv6
address/routing table too much).

in6_ifloop_request()
  not to request rtrequest to return an rtentry except for the ADD
  operation, in order to avoid misdecreasing the refcnt (which might
  cause leak of rtentry)
2000-07-13 09:56:20 +00:00
itojun f5211e847a remove m_pulldown statistics code. it is highly experimental and belong
to kame tree only (not for *bsd).
2000-07-13 05:34:21 +00:00
itojun d8a9a3cc7b add ppsratelimit(9), which does event-per-sec rate limitation.
use it from icmp6 error rate limitation code.
XXX better name for the function?
2000-07-09 06:44:57 +00:00
itojun ec67eee51f sync with kame.
introduce in6_{recover,embed}scope, for in-kernel scoped-address manipulation.
improve in6_pcbnotify.
2000-07-07 15:54:16 +00:00
christos 2068dee670 elide lint cast type conversion warnings. 2000-07-06 17:42:55 +00:00
itojun 210a3e2f80 remove unnecessary #include <netkey/key_debug.h>. from kame. 2000-07-06 12:51:39 +00:00
itojun 0a1e211454 - do not use bitfield for router renumbering header.
- add protection mechanism against ND cache corruption due to bad NUD hints.
- more stats
- icmp6 pps limitation.  TOOD: should implement ppsratecheck(9).
2000-07-06 12:36:18 +00:00
itojun 6fff122160 drop packet to tentative/duplicated interface address earlier. sync w/kame 2000-07-02 09:56:39 +00:00
itojun 8ff902fca1 repair kernel faithd(8) support. there were two mistakes:
(1) tcp6_input dropped packets for translation
(2) in6_pcblookup_connect was too strict
2000-07-02 08:04:10 +00:00
itojun 3ade27131a suppress too noisy warning on forward-over-loopback case. from kame 2000-06-30 19:46:05 +00:00
mrg cf594a3f4d <vm/vm.h> -> <uvm/uvm_extern.h> 2000-06-28 03:01:16 +00:00
kleink d2787dad27 XNS5.2: define sa_family_t and use it where specified by the standard. 2000-06-26 15:48:19 +00:00
itojun 278184a8ab avoid possible mbuf leaks on ipsec policy violation.(sync with kame) 2000-06-20 02:24:42 +00:00
itojun 90ca25568b remove obsolete sysctl MIB net.inet.ipsec.inbound_call_ike.
(sync with kame)
2000-06-15 05:01:06 +00:00
thorpej 1b8ede9f7c Import IPsec ESP from netbsd-cryptosrc-intl. 2000-06-14 19:39:42 +00:00
itojun dafb757588 add algorithm name into algorithm table. (commit to crypto-intl will follow) 2000-06-14 11:27:35 +00:00
itojun af9d516560 signedness issue with char, take 2. confirmed with i386 cc -funsigned-char. 2000-06-13 17:31:37 +00:00
itojun c6a8ca266b workaround to suppress warning on char == unsigned char arch. 2000-06-13 16:34:37 +00:00
itojun 0455eac327 do not use cached route if the route becomes !RTF_UP.
make the validation for jumbo payload option more strict.
2000-06-13 14:43:44 +00:00
itojun 36887242d7 add sanity check on in6_ifaddr. 2000-06-13 04:35:29 +00:00
itojun fa24d1db9b make sure to link new in6_ifaddr to if_addrlist. 2000-06-13 02:54:11 +00:00
itojun 07098cd363 better conformance to draft-ietf-ipngwg-icmp-name-lookups-05.
the old code was chimera of 03 and 05 draft.

-n by default, since IPv6 reverse lookup takes too much time.
use -H to enable reverse name lookup.
2000-06-12 16:21:02 +00:00
itojun 8f26bbadf9 sync with latest kame tree (tiny update in IPv4 mapped issue) 2000-06-12 10:47:17 +00:00
itojun 92e64a4a0d sync with almost-latest KAME IPsec. full changelog would be too big
to mention here.  notable changes are like below.

kernel:
- make PF_KEY kernel interface more robust against broken input stream.
  it includes complete internal structure change in sys/netkey/key.c.
- remove non-RFC compliant change in PF_KEY API, in particular,
  in struct sadb_msg.  we cannot just change these standard structs.
  sadb_x_sa2 is introduced instead.
- remove prototypes for pfkey_xx functions from /usr/include/net/pfkeyv2.h.
  these functions are not supplied in /usr/lib.

setkey(8):
- get/delete does not require "-m mode" (ignored with warning, if you
  specify it)
- spddelete takes direction specification
2000-06-12 10:40:37 +00:00
itojun 90fb69b2b2 sync with latest kame document.
- update 6to4 i-d #.
- update descr on source address selection.
2000-06-10 08:21:11 +00:00
danw f7d6ee345c Use _POSIX_SOURCE-safe type names 2000-06-08 19:01:44 +00:00
itojun ffedfcb68d make sure not to overwrite sockaddr on PRU_SEND/PRU_CONNECT to
link-local address.  From: frank
2000-06-08 13:51:33 +00:00
itojun 8fe589a2ae fix anycast address determination.
correct interface address addition when link-local is added (check if ifp
matches).
make diff to kame repository easier (breaks some KNF)

sync with kame.
2000-06-07 06:27:43 +00:00
itojun 8183434ff7 s/PIMCTL/PIM6CTL/ to avoid future confusion. 2000-06-07 04:40:46 +00:00
itojun af6b403d46 backout change to in6_pcbnotify(). the change seems premature
(may cause trouble with advanced API in certain situation).
2000-06-05 08:09:48 +00:00
itojun 8987054176 pass struct proc * down to udp6_output and in6_pcbbind. 2000-06-05 06:38:22 +00:00
itojun 93b2b4e693 remove include files in nonstandard path
(has been #error for couple of months).
2000-06-04 11:52:06 +00:00
itojun d7e34999be sync with recent kame.
avoid use of macros to manipulate sockaddrs (hides error case too much).
correct IPv4 packet handling when ip option is present.
preparations for ipsec policy engine upgrades.
2000-06-03 16:14:02 +00:00
itojun 9d853e8a4f sync with kame.
- use latest source address selection code - in6_src.c.
- correct frag header insertion.
- deep copy ip6 header portion in ip6_mloopback to avoid overwrite.
- do not bark when we forward packet to loopback.
- some cosmetics.
2000-06-03 14:36:32 +00:00
itojun e0b65589f1 sync with more recent kame. cope with malloc failure more gracefully
some cosmetics.
2000-06-02 18:20:15 +00:00
itojun 4308599c5a disallow bind(2) with IPv4 mapped address for now. port number check is
insufficient at this moment and we can bind(2) two sockets listen on same
port number.

for real fix, we need to check inpcb table with in6pcb.  we can't
find inpcb chain from particular in6pcb chain (like finding tcbtable from tcb6)
luckily RFC2553 does not talk about bind(2) behavior for IPv4 mapped.
IPv4 mapped brings in too much complexities...
2000-05-29 00:03:18 +00:00
itojun c0ccb49681 sync with reality in netbsd-current.
- pcb layer changes
- officially supported net interfaces
- minor typo
- draft # updates
2000-05-28 23:44:30 +00:00
itojun 418a734f51 enforce parameter type check for IN6_ARE_ADDR_EQUAL(). (sync with kame) 2000-05-24 14:40:09 +00:00
itojun fa2abf5727 make net.inet6.udp6.* sysctl name meet with IPv4 counterpart.
XXX do we need to keep symbols mistakingly added (like UDP6CTL_SENDMAX)
for backward compatibility?  I believe not.
2000-05-22 15:22:36 +00:00
itojun 5de72de121 disallow negative numbers for ratelimit interval (tcp, icmp, icmp6). 2000-05-22 12:08:43 +00:00
itojun 48c5048502 correct manipulation of link-local scoped address on loopback.
now "telnet fe80::1%lo0" should work again.
(we have another bug near here - will attack it soon)
2000-05-19 20:09:26 +00:00
itojun 41f4d3e2b6 correct MLD API. (binary backward compatibility is kept)
commit to usr.sbin/pim6* will follow.
2000-05-19 10:39:43 +00:00
thorpej f636538446 NULL != 0 2000-05-19 04:34:39 +00:00
itojun fa5c89d64a do not mistakingly forward link-local scoped packet (the bug was added
with "beyondscope" icmp6 support).
"options FAKE_LOOPBACK_IF" will honor scope on loopback outputs.  rcvif will
be real interface, not the loopback, just like when multicast loopback.

(sync with kame)
2000-05-19 01:40:18 +00:00
itojun 4f1c7f0bbe do not try NUD unless the gateway is a real neighbor.
real fix to KAME PR 245 (workaround has been implemented).
2000-05-09 11:51:12 +00:00
thorpej e0d0cba239 Remove junk at the end of #undef. 2000-05-08 18:31:10 +00:00
itojun b5393f9387 correct in6_ifdetach() (previous code touched dangling pointers).
actually the corrected portion was never visited.
2000-05-05 08:03:12 +00:00
itojun 57434b944b misuse of free(ia) in #if 0'ed region.
From: Lennart Augustsson <lennart@augustsson.net>
2000-04-27 16:44:19 +00:00
itojun 7e72267252 correct in6_ifdetach(). free oia, not ia.
From: Lennart Augustsson <augustss@augustsson.net>
2000-04-27 15:39:05 +00:00
itojun b360c656a0 temporary workaround against GIF NUD issue (when you configure globals
onto GIF, NUD prevents packet from going out)
KAME PR 245.  From: Andreas Wrede <andreas@planix.com>
2000-04-27 00:33:47 +00:00
itojun 5393e61dd0 add boundary check for nd6_ifinfo (otherwise ndp -i can make out-of-bound
accesses).
2000-04-19 07:13:03 +00:00
itojun 3909133548 introduce sys/netinet/ip_encap.c, to dispatch inbound packets
to protocol handlers, based on src/dst (for ip proto #4/41).
see comment in ip_encap.c for details of the problem we have.
there are too many protocol specs for ip proto #4/41.
backward compatibility with MROUTING case is now provided in ip_encap.c.

fix ipip to work with gif (using ip_encap.c).  sorry for breakage.

gif now uses ip_encap.c.

introduce stf pseudo interface (implements 6to4, another IPv6-over-IPv4 code
with ip proto #41).
2000-04-19 06:30:51 +00:00
itojun 81e8059dfc fix endian issue in filling in interface id.
better sync with kame (nuke space at EOL).
2000-04-17 16:26:07 +00:00
itojun 3e34240544 perform neighbor unreachability detection on p2p links (spec requires
it for bidir p2p links).
improve -i in ndp(8) to allow tweaking per-interface ND flag on.
fix ndp(8) infinite loop on certain routing table setup.
2000-04-16 15:27:59 +00:00
itojun 30272756a8 better sync with latest kame (cosmetic only). 2000-04-16 15:00:56 +00:00
itojun 7716681678 add comment on sdl_alen check (sync with kame) 2000-04-13 16:27:00 +00:00
itojun ff22afe8bf fix fatal bug in EUI64 generation (0xff -> 0xfe typo) 2000-04-13 16:21:25 +00:00
itojun 8b8adc2ee4 bark if sdl_alen == 0. test code for KAME PR 235. 2000-04-13 14:32:53 +00:00
itojun 18f9d539cc even if nd6_nud_hint is called, do not change a neighbor's status
unless the old status is probably reachable (i.e. the link-layer address
has already been resolved).
KAME PR 235.
2000-04-13 14:11:06 +00:00
itojun af4021abec do not return icmp6 error against icmp6 error.
(this is due to a bug in header chain chasing)
2000-04-13 14:07:10 +00:00
itojun ecb5f2e56a revisit in6_ifattach().
- be persistent on initializing interfaces, even if there's manually-
  assigned linklocal, multicast/whatever initialization is necessary.
- do not cache mac addr in the kernel.  grab mac addr from existing cards
  (this is important when you swap ethernet cards back and forth)
now ppp6 works just fine!

call in6_ifattach() on ATM PVC interface to assign link-local, using
hardware MAC address as seed.

(the change is in sync with kame tree).
2000-04-12 10:36:38 +00:00
itojun 6db43d2c0e cosmetic (space before EOL), to ease diff against kame 2000-04-10 15:45:24 +00:00
simonb 56fba1c4d0 Remove duplicate declaration of ifindex2ifnet - it's in <net/if.h>. 2000-03-29 03:38:53 +00:00
mycroft a5edb9f747 Oops; fix thinko. 2000-03-26 19:11:04 +00:00
mycroft a08d308dc2 Update byte count and time stamps for received packets (as in ESP).
May help fix stalls.
2000-03-26 18:55:37 +00:00
itojun e2d658087d move ia6->ia6_dad_ch to dp->dad_timer_ch, to ease KAME code sharing.
now in6_var.h does not need to pull sys/callout.h in.
2000-03-24 04:09:04 +00:00
thorpej fc96443d15 New callout mechanism with two major improvements over the old
timeout()/untimeout() API:
- Clients supply callout handle storage, thus eliminating problems of
  resource allocation.
- Insertion and removal of callouts is constant time, important as
  this facility is used quite a lot in the kernel.

The old timeout()/untimeout() API has been removed from the kernel.
2000-03-23 07:01:25 +00:00
itojun e8808e9659 correct references. update ipsec description (sync with kame). 2000-03-22 08:20:18 +00:00
itojun d6c5619790 use ip6_{last,next}hdr in icmp6 inbound packet parsing. 2000-03-22 04:42:01 +00:00
itojun fadbd2b29a cleanup AH/policy processing.
- parse IPv6 header by using common function, ip6_{last,next}hdr.
- fix behaivior in multiple AH cases.
  make strict boundary checks on mbuf chasing.
(sync with latest kame)
2000-03-21 23:53:30 +00:00
itojun 48d556091f s/ND6DEBUG/ND6_DEBUG/ (just to meet nd6_nbr.c) 2000-03-21 11:34:25 +00:00
itojun 19b198e8c2 improve comment (about undo'ing code on in{,6}_ifinit failure) 2000-03-21 11:23:31 +00:00
itojun a25da23509 #if 0'ed too strong sanity check against packets with v4 compatible addresses.
we may want to re-enable it whenever mech-xx clarifies router behavior
against native IPv6 packet with IPv4 compatible addresses.
2000-03-21 11:05:12 +00:00
itojun d926d6fa47 #if 0'ed undo code for interface address addition failure.
it was a bit too strong, and forbids multiple addresses from
same prefix to be assigned.

now the behavior is the same as previous - memory leak on interface address
addition failure.
http://orange.kame.net/dev/query-pr.cgi?pr=218
2000-03-18 02:41:58 +00:00
thorpej 2ac45d6eef Quiet down the DAD messages a little more. 2000-03-16 02:53:45 +00:00
itojun 7560717e93 undo interface addition attempt if in6_ifinit() fails.
without it, :: will be kept if in6_ifinit() fails.
2000-03-12 05:23:07 +00:00
thorpej 308b6b91d5 Quiet a noisy diagnostic. 2000-03-04 02:39:58 +00:00
itojun d7e8edfdcd configure ::1 to loopback dstaddr.
honor ifa_refcnt when configuring loopback.
2000-03-02 09:45:01 +00:00
itojun 52c11b789a bump kame revision id 2000-03-02 07:15:39 +00:00
itojun 36649fea92 don't configure ifa_dstaddr for non-pointopoint interface,
so that we won't be returning them from routing socket manipulation.
2000-03-02 07:14:52 +00:00
itojun ded4e9540a properly handle notifies from icmp6, so that we can properly reflect
redirects/unreach to transport layer. (sync with latest kame)
2000-03-02 06:42:52 +00:00
itojun 04ac848d6f introduce m->m_pkthdr.aux to hold random data which needs to be passed
between protocol handlers.

ipsec socket pointers, ipsec decryption/auth information, tunnel
decapsulation information are in my mind - there can be several other usage.
at this moment, we use this for ipsec socket pointer passing.  this will
avoid reuse of m->m_pkthdr.rcvif in ipsec code.

due to the change, MHLEN will be decreased by sizeof(void *) - for example,
for i386, MHLEN was 100 bytes, but is now 96 bytes.
we may want to increase MSIZE from 128 to 256 for some of our architectures.

take caution if you use it for keeping some data item for long period
of time - use extra caution on M_PREPEND() or m_adj(), as they may result
in loss of m->m_pkthdr.aux pointer (and mbuf leak).

this will bump kernel version.

(as discussed in tech-net, tested in kame tree)
2000-03-01 12:49:27 +00:00
itojun 03f0ac370f make ICMPv6 redirect actually flush route cache in udp6/raw6 socket. 2000-02-28 16:10:52 +00:00
itojun d8dfd96b2c fix ICMPv6 redirect input. the bug can result in invalid ND entry. 2000-02-28 14:30:36 +00:00
itojun cdea88d700 support draft-ietf-ipngwg-icmp-name-lookups-05.txt, drop support for
draft-ietf-ipngwg-icmp-name-lookups-04.txt.

There are certain bitfield change in 04 draft to 05 draft, which makes
04 "ping6 -a" and 05 "ping6 -a" not interoperable.  sigh.
2000-02-28 13:48:50 +00:00
itojun bbe25244d0 remove some of cross-BSD portability #ifdef.
remove xxCTL_VARS, which is BSDI specific.
2000-02-28 12:08:21 +00:00
itojun 2c7ba046f0 with IPv4 AH, strip off AH from the packet. this is to make some
of IPv4 transport layer code work correctly (specifically, ICMPv4
will transmit wrong packet if we don't strip AH here)

this is just for m_pulldown case.  normal installations are not affected.
2000-02-26 11:49:44 +00:00
itojun 99d909fc98 implement rip6_ctlinput, to cope with routing changes correctly.
(IMHO we need rip_ctlinput as well)
2000-02-26 09:09:17 +00:00
itojun 9c484862a0 make it possible to throw IPv6 packet with proto=4/41.
(in normal case we don't do it, but this is how IPv4 in_proto is written)
2000-02-26 09:01:59 +00:00
itojun e40f8f1220 sync description on proxy NDP with latest KAME doc. 2000-02-26 08:49:49 +00:00
itojun 1450d6e643 bring in recent KAME changes (only important and stable ones, as usual).
- remove net.inet6.ip6.nd6_proxyall.  introduce proxy NDP code works
  just like "arp -s".
- revise source address selection.
  be more careful about use of yet-to-be-valid addresses as source.
- as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope
  packet forwarding attempt.
- path MTU discovery takes care of routing header properly.
- be more strict about mbuf chain parsing.
2000-02-26 08:39:18 +00:00
itojun de1fd6178d sync with latest KAME document.
- updates in I-D/RFC #
- scoped address syntax change
- remove ALTQ and other portion to avoid confusion
2000-02-25 07:29:47 +00:00
itojun 8f5a83e6e9 on SIOCS*_IN6, validate sockaddrs so that we never configure non-AF_INET6
addresses. (in_control has the same problem - I'll need to check it as well)

obsolete the following two ioctls, they do not fit well against IPv6 addressing
model. (the kernel support them for some period of time, we'll remove them
in the near future)
	SIOCSIFDSTADDR_IN6
	SIOCSIFNETMASK_IN6
2000-02-25 05:13:05 +00:00
itojun eecf64392b remove unnecessary if - else clause.
(sync with kame)
2000-02-25 00:29:55 +00:00
itojun 1bb987a022 remove extra NULL check
typo in PULLDOWN_TEST case
note: the fixes does not affect normal configuration.
(sync with kame)
2000-02-25 00:29:00 +00:00
itojun 857bdcba78 make variable initialization safer.
(IP6_EXTHDR_CHECK can call m_pullup under rare condition)
2000-02-25 00:27:18 +00:00
itojun 3d97823234 remove never-referenced variable (in6_interfaces).
fix paren match for macro.
2000-02-24 12:59:12 +00:00
itojun 95db252b5c costmetic (remove space at EOL) 2000-02-24 12:43:49 +00:00
darrenr 4b3916780b pass "struct pfil_head *" to pfil_add_hook and pfil_remove hook rather
than "struct protosw *".
2000-02-20 00:56:33 +00:00
itojun db71aa588d s/u_char/u_int8_t/ for sin6_{family,len} 2000-02-19 17:32:07 +00:00
darrenr fd7edad6c3 Change the use of pfil hooks. There is no longer a single list of all
pfil information, instead, struct protosw now contains a structure
which caontains list heads, etc.  The per-protosw pfil struct is passed
to pfil_hook_get(), along with an in/out flag to get the head of the
relevant filter list.  This has been done for only IPv4 and IPv6, at
present, with these patches only enabling filtering for IPPROTO_IP and
IPPROTO_IPV6, although it is possible to have tcp/udp, etc, dedicated
filters now also.  The ipfilter code has been updated to only filter
IPv4 packets - next major release of ipfilter is required for ipv6.
2000-02-17 10:59:32 +00:00
thorpej d2bccc29d8 Fix a couple of brainos in the last. 2000-02-15 00:31:08 +00:00
thorpej 144759ef2b Use ratecheck() for ICMP6 rate limiting. 2000-02-14 19:45:50 +00:00
itojun 19e9558eaf sync with extended scoped address syntax change. 2000-02-09 12:27:03 +00:00
itojun 53e333c935 honor ifa reference counting. 2000-02-09 03:34:01 +00:00
itojun 59d74f3d21 to improve RFC2553/2292 compliance, and promote use of
RFC2553/2292-compliant header file path, now the following headers are
forbidden:
	netinet6/ip6.h
	netinet6/icmp6.h
	netinet6/in6.h

if you want netinet6/{ip6,icmp6}.h, use netinet/{ip6,icmp6}.h.

if you want netinet6/in6.h, you just need to include netinet/in.h.
it pulls it in.
(we may need to integrate them into netinet/in.h, but for cross-BSD code
sharing i'd like to keep it like this for now)
2000-02-09 00:54:55 +00:00
itojun 2687887f38 s/DIAGNOSTIC/DEBUG/ 2000-02-07 06:15:16 +00:00
itojun 85cdd5f08e remove IPv6 router renumbering prefix information in the kernel
when all the interface addresses are gone.
this should remove dangling structure when:
# ifconfig lo0 inet6 3ffe::1 prefixlen 64 alias
# ifconfig lo0 inet6 3ffe::1 -alias
is performed.
2000-02-07 05:48:11 +00:00
itojun 1148e4715f correct SIOCAIFADDR_IN6 failure recovery in point-to-point case. 2000-02-07 05:42:59 +00:00
itojun 49bed394bd add more sanity check against mbuf length.
use log() for DAD related kernel message.
2000-02-07 05:42:28 +00:00
itojun 45b89333e4 close comment.
From: Kazuto Ushioda <x-y-z@3si.co.jp>
2000-02-07 03:51:59 +00:00
itojun 90736ab608 fix include pathname for better rfc2292 compliance. 2000-02-06 12:49:37 +00:00
itojun 51219dabc9 to be more rfc2292 complient, move ip6.h and icmp6.h into netinet.
(netinet6/{ip6,icmp6}.h is non-standard path - these files should go away)

it was not possible to use cvsmove in this case.
when you try to look at history, chase it toward netinet6/{ip6,icmp6}.h.
2000-02-06 11:11:29 +00:00
itojun 76064f5770 don't chase mbuf pointer when it is NULL. 2000-02-06 08:06:43 +00:00
itojun 9e9f3e15e4 need PRC_IF{UP,CHANGE}. 2000-02-05 18:11:41 +00:00
itojun 7604e315fb sync with reality.
- getipnodeby{name,addr} is now non-issue as RFC2553bis will be dropping it
- if_detach is mostly done
- add some items
2000-02-05 18:05:33 +00:00
itojun f91ee608a9 avoid calling in6_control(SIOCDIFADDR_IN6) from interrupt context.
it is not supposed to work.
logging fix: add "\n" to some of log() in in6_prefix.c.

improve in6_ifdetach().  now almost all structure depend on ifnet
will be cleared up.
possible loose ends:
- cached route_in6 in static varaiables needs to be cleared as well
- there are ifaddr manipulation without reference counting,
  which should be fixed
we still see panics after card removal, though...  not sure what is left.

(sync with kame)
2000-02-04 14:34:22 +00:00
itojun 10509171fb avoid some of typecasting from in6_ifaddr to ifaddr. 2000-02-04 08:54:04 +00:00
itojun ccba141601 add notice on site-locals. typo fix. (sync with kame) 2000-02-03 19:57:13 +00:00
itojun af14db5a91 - if_detach
- xx_control calls from interrupt thread should be removed
- LP64
2000-02-03 19:29:20 +00:00
itojun b89812ff7f - Don't reuse ip6 header portion as reassembly pointer, to be friendly
with LP64 arch.  (not tested on LP64, sorry)
- add comment on reass rule
- some other cleanups

NetBSD PR: 9340
From: iwamoto@sat.t.u-tokyo.ac.jp
(in sync with kame)
2000-02-03 18:13:01 +00:00
itojun 03993c84d3 use u_int16_t, not u_short, for port #. 2000-02-03 13:17:39 +00:00
itojun 54cb3be873 remove #if 0'ed code 2000-02-03 12:50:05 +00:00
itojun 8fdf90f0ff remove old #if 0'ed portion 2000-02-03 12:49:15 +00:00
itojun 323f8904e5 s/splnet/splsoftnet/ 2000-02-03 12:13:50 +00:00
thorpej c1185c1020 PRU_PURGEADDR -> PRU_PURGEIF, per a discussion w/ itojun. In the IPv4
and IPv6 code, also use this to traverse PCB tables, looking for cached
routes referencing the dying ifnet, forcing them to be refreshed.
2000-02-02 23:28:08 +00:00
itojun 8a6ced5516 make sure to nuke kludge entries, regardless from refcnt. 2000-02-02 17:54:07 +00:00
itojun f5fba17f1b implement in6_purgemkludge(). in6_ifdetach() calls it to avoid dangling
kludge entries.  the situation would occur if you take the following steps:
- join multicast groups (default ones like linklocal all-node is fine)
- remove all IPv6 addresses manually
- remove pcmcia card

to thorpej: pls call in6_ifdetach() when PRU_PURGEIF is raised (just before
removing ifnet).  it should do the right thing (unable to perform real test
though)
2000-02-02 16:58:10 +00:00
itojun 6f13dac00f remove route to link-local allnodes multicast address (ff02:/32),
when the last IPv6 address on an interface is get removed.
in6_ifattach() configures it and in6_ifdetach() removes it.

XXX last part of in6_purgeaddr looks very ugly, but there's no event for
"interface detach" (events are for "address detach").
2000-02-02 13:44:05 +00:00
thorpej d844a3ac41 First-draft if_detach() implementation, originally from Bill Studnemund,
although this version has been changed somewhat:
- reference counting on ifaddrs isn't as complete as Bill's original
  work was.  This is hard to get right, and we should attack one
  protocol at a time.
- This doesn't do reference counting or dynamic allocation of ifnets yet.
- This version introduces a new PRU -- PRU_PURGEADDR, which is used to
  purge an ifaddr from a protocol.  The old method Bill used didn't work
  on all protocols, and it only worked on some because it was Very Lucky.

This mostly works ... i.e. works for my USB Ethernet, except for a dangling
ifaddr reference left by the IPv6 code; have not yet tracked this down.
2000-02-01 22:52:04 +00:00
thorpej 33e8c5b1df Improve the readability of one small piece of code. 2000-02-01 00:18:29 +00:00
itojun ae788a8a43 sync with current code. now IMPLEMENTATION doc is almost identical
to the latest KAME one.
2000-02-01 00:15:22 +00:00
itojun 1a2a1e2b1f bring in latest KAME ipsec tree.
- interop issues in ipcomp is fixed
- padding type (after ESP) is configurable
- key database memory management (need more fixes)
- policy specification is revisited

XXX m->m_pkthdr.rcvif is still overloaded - hope to fix it soon
2000-01-31 14:18:52 +00:00
itojun 63fd2c0262 destination port == 0 is illegal based on RFC768.
(NetBSD PR: 9137 - I thought I committed this already but I wasn't)
2000-01-31 10:39:26 +00:00
itojun 9b7c3e737a be proactive about malicious packet on the wire. we fear that v4 mapped
address to be used as a tool to hose security filters (like bypassing
"local host only" filter by using ::ffff:127.0.0.1).
2000-01-31 10:33:22 +00:00
itojun 591ffe9e30 wrap "DAD start" message into #ifdef DIAGNOSTIC.
From: thorpej, "Soren S. Jorvang" <soren@wheel.dk>
2000-01-28 07:21:29 +00:00
itojun 49227347dc don't attach Adler32 checksum to ipcomp payload. 2000-01-26 17:08:41 +00:00
itojun cd5093498d make setsockopt(IPV6_PORTRANGE) work. obeys IPNOPRIVPORTS. 2000-01-26 17:06:36 +00:00
itojun 1061ba6b37 another possible PR9189 issue (panic on sparc). 2000-01-19 15:59:14 +00:00
itojun c521cdaa75 temporary workaround for PR9189 (panic on sparc). 2000-01-18 05:36:19 +00:00
itojun 08e76e0086 add missing ipcomp cases. 2000-01-16 18:06:03 +00:00
itojun 358b6d44ac fix interop issue in ip compression. for inbound, we need to use
default window size, in case the peer uses large window size
2000-01-16 17:56:46 +00:00
itohy d154d07506 Rename variable "prep" for PReP port. 2000-01-07 06:44:30 +00:00
itojun b1913eaa52 update tcp/udp v4 mapped addr issues. 2000-01-06 15:48:07 +00:00
itojun b3761abef8 remove extra portability #ifdef (like #ifdef __FreeBSD__) in KAME IPv6/IPsec
code, from netbsd-current repository.
#ifdef'ed version is always available from ftp.kame.net.

XXX please do not make too many diff-unfriendly changes, we'll need to take
bunch of diffs on upgrade...
2000-01-06 15:46:07 +00:00
itojun ec63b40402 remove too much portability code in KAME, to improve readability. 2000-01-06 07:31:07 +00:00
itojun 2e904aec57 make IPV6_BINDV6ONLY setsockopt available. it controls behavior of
AF_INET6 wildcard listening socket.  heavily documented in ip6(4).
net.inet6.ip6.bindv6only defines default value.  default is 1.

"options INET6_BINDV6ONLY" removes any code fragment that supports
IPV6_BINDV6ONLY == 0 case (not defopt'ed as use of this is rare).
2000-01-06 06:41:18 +00:00
itojun 2db2cab310 add missing net.inet6.ip6.rr_prune case. 2000-01-06 02:52:29 +00:00
itojun 751017ffff avoid panic on getsockopt(ICMPV6_FILTER). 2000-01-05 16:46:18 +00:00
itojun a60e59b349 better sync with reality. 2000-01-05 13:19:36 +00:00
itojun 07c2fe1cd9 add net.inet6.icmp6.nodeinfo sysctl.
this allows you to disable/enable ICMPv6 node information query/reply
processing (which tells remote end the gethostname(3) setting, interface
addresses on the node, and some other things - documented in
draft-ietf-ipngwg-icmp-name-lookup* or something alike).

to test it, try ping6 -w ::1 with nodeinfo=0 and nodeinfo=1.
(sync with kame change)
2000-01-02 16:31:17 +00:00
itojun cc6ad7e2cc synchronize in6pcb flags definition across kame/*bsd.
this would help us implement future COMPAT_{FREE,OPEN}BSD{,I}.

(sync with kame)
1999-12-27 06:38:47 +00:00
itojun dc0f1c0435 drop IPv6 packets with v4 mapped address on src/dst. they are illegal
and may be used to fool IPv6 implementations (by using ::ffff:127.0.0.1 as
source you may be able to pretend the packet is from local node)
1999-12-22 04:03:01 +00:00
itojun abddb5f851 do not overwrite traffic class field when we write IPv6 version field. 1999-12-15 06:28:43 +00:00
itojun 1d77886f1a synchronize list of IPv6 TODOs with reality. 1999-12-13 17:15:18 +00:00
itojun ea861f0183 sync IPv6 part with latest KAME tree. IPsec part is left unmodified
due to massive changes in KAME side.
- IPv6 output goes through nd6_output
- faith can capture IPv4 packets as well - you can run IPv4-to-IPv6 translator
  using heavily modified DNS servers
- per-interface statistics (required for IPv6 MIB)
- interface autoconfig is revisited
- udp input handling has a big change for mapped address support.
- introduce in4_cksum() for non-overwriting checksumming
- introduce m_pulldown()
- neighbor discovery cleanups/improvements
- netinet/in.h strictly conforms to RFC2553 (no extra defs visible to userland)
- IFA_STATS is fixed a bit (not tested)
- and more more more.

TODO:
- cleanup os-independency #ifdef
- avoid rcvif dual use (for IPsec) to help ifdetach

(sorry for jumbo commit, I can't separate this any more...)
1999-12-13 15:17:17 +00:00
itojun 486d64de0f add missing splx(). a critical bug fix from kame. 1999-12-10 17:56:13 +00:00
itojun f9495b711c fix comment (sync with KAME) 1999-12-02 05:25:59 +00:00
itojun 6df71cd35f use _KERNEL instead of KERNEL. (sync from KAME) 1999-12-02 05:25:47 +00:00
itojun 522e6d0296 avoid namespace polution ("#ifdef KERNEL" was mistakingly used) 1999-12-02 05:08:16 +00:00
itojun bbb8727584 bring in latest KAME (as of 19991130, KAME/NetBSD141) into kame branch
just for reference purposes.
This commit includes 1.4 -> 1.4.1 sync for kame branch.

The branch does not compile at all (due to the lack of ALTQ and some other
source code).  Please do not try to modify the branch, this is just for
referenre purposes.

synchronization to latest KAME will take place on HEAD branch soon.
1999-11-30 13:34:47 +00:00
bouyer f86517a031 Update protocoles and interfaces stats counters to 64bit.
RTM_IFINFO is now 0xf, 0xe is RTM_OIFINFO which returns the old (if_msghdr14)
struct with 32bit counters (binary compat, conditioned on COMPAT_14).
Same for sysctl: node 3 is renamed NET_RT_OIFLIST, NET_RT_IFLIST is now node 4.
Change rt_msg1() to add an mbuf to the mbuf chain instead of just panic()
when the message is larger than MHLEN.
1999-11-19 10:41:41 +00:00
itojun e127ba2f0b fix well-known CPI handling bug. (sync with KAME code) 1999-11-05 14:57:00 +00:00
itojun 37ecccca6b decrease amount of history buffer to use for IPcomp.
the default setting of zlib allocates too much memory and of no use for
network packets (which are like < 2k).

From: Laine Stump <lainestump@rcn.com>
1999-11-05 14:56:26 +00:00
itojun 23c246780c consistent logging for icmp6 redirects
XXX should make logs 1-liner so that duplicated logs can be compressed
by syslog(8)?
1999-10-01 10:16:16 +00:00
itojun 97999826c8 sanity check against truncated extension headers. 1999-10-01 10:15:16 +00:00
is 1eb4d34bba Add missing "case IFT_ARCNET". 1999-09-26 20:08:15 +00:00
is 3a43ac11b5 Don't even pretend we can create a nonglobal EUI64 out of an ARCNET link
level address. Instead, create the link-local address directly.
1999-09-26 20:04:08 +00:00
is 1f417b8ca9 invert u bit to convert EUI64 to RFC2373 interface ID for ARCnet 1999-09-25 22:29:21 +00:00
itojun 62c568fac4 tiny fix to ARCnet IPv6 support.
- in in6_ifattach_getifid(), we can grab interface id source iff the source
  is universally (worldwide) unique.  ARCnet hardware address is of 8bit and
  does not satisfy the condition.
  (in6_ifattach_getifid() is for getting interface id usable for pseudo
  interfaces like gif*)
- xx_to_eui64() should return EUI64 format, not IPv6 interface id format.
  this may seem awkward so I wish to clean these things up.
- in nd6.c, change if clause into case clause to allow future addition
  of IFT_xxx easier.
1999-09-20 02:35:44 +00:00
is 072a96b17d fix mergo 1999-09-19 21:42:23 +00:00
is 6a793d8a47 Zeroth version of IPv6 support for ARCnet. Correct MTU handling still needs
to be done.
1999-09-19 21:31:33 +00:00
itojun b3d9b0130c eliminate unnecessary splnet(). 1999-09-17 12:26:04 +00:00
itojun 6b9bfc0691 - Call in{,6}_pcbdetach if ipsec initialization is failed during PRU_ATTACH.
This situation happens on severe memory shortage.  We may need more
  improvements here and there.
- Grab IEEE802 address from IFT_ETHER card, even if the card is
  inserted after bootup time.  Is there any other card that can be
  inserted afterwards?  pcmcia fddi card? :-P
- RFC2373 u bit handling suggests that we SHOULD NOT copy interface id from
  ethernet card to pseudo interface, when ethernet card has IEEE802/EUI64
  with u bit != 0 (this means that IEEE802/EUI64 is not universally unique).
  Do not use such address as, for example, interface id for gif interface.
  (I have such an ethernet card myself)
  This may change interface id for your gif interface.  be careful upgrading
  rc files.

(sync with recent KAME)
1999-09-13 12:15:54 +00:00
itojun 770a224d1e fix ipcomp behavior against -R to meet documentation.
From: Laine Stump <lainestump@rcn.com>
1999-09-10 02:05:24 +00:00
itojun a00c3d5ea1 fix u bit in interface identifier for ether and p2p-802 interfacde. 1999-09-08 00:50:15 +00:00
itojun 45538437d9 - invert u bit on interface id for pseudo interfaces, as suggested in RFC2373.
- do not perform IPv6 initialization for faith* interface, as they become
  mistakingly IFF_UP.  we are wondering if we should nuke in6_ifattach_p2p().
(sync with recent kame)
1999-09-05 01:57:10 +00:00
itojun 5a219342f2 sync with kame; typo in comment. 1999-08-26 11:11:51 +00:00
itojun 0647902fc8 fix IPv6 fragment ID initialization - random() does not return
random value when frag6_init() is called, so use microtime() to stir
the value better.
1999-08-26 11:10:49 +00:00
itojun 4e69e908fe fix AH computation for HbB options. 1999-08-25 17:47:47 +00:00
itojun ad853adad7 sync with recent kame: fix source address selection on IPv6 tunnel ipsec. 1999-08-25 12:56:38 +00:00
itojun d48c55f4f0 ctlinput handling must look at ip6_src, not ip6_dst.
(this makes path mtu handling wrong)
1999-08-25 12:38:14 +00:00
itojun 00cf8638cb do not capture packets by gif, when gif interface is down. 1999-08-20 10:07:40 +00:00
itojun b0ad0eaf51 typo fix (from koji@dti.ad.jp).
remove things that are already done.
1999-08-14 19:17:19 +00:00
itojun 8dba61e664 fix multicast demux.
From: Matthias Drochner <drochner@zel459.zel.kfa-juelich.de>
1999-08-13 10:57:05 +00:00
itojun a9b7fe4621 return with doing nothing from xx_ctlinput(), when sa->sa_family
is not the expected one.

I see PRC_REDIRECT_HOST with sa->sa_family == AF_UNIX coming to
{tcp,udp}_ctlinput() when I use dhclient, and I feel like adding
more sanity checks, without logging - if we log it it is too noisy.
1999-08-09 10:55:29 +00:00
itojun 7a60aa28c2 log() needs "\n" at the end. 1999-08-09 02:24:52 +00:00
itojun e5d7b92a94 remove invalid initialization if in6_iflladdr. 1999-08-07 12:33:04 +00:00
itojun 6d8996ba49 import recent kAME fixes.
- initialize hoplimit for raw6 socket properly.
- respect SO_TIMESTAMP on udp6.
- more sanity checks.
1999-08-05 16:01:07 +00:00
itojun 6f3fbf1ce6 remove sys/netinet6/in6_systm.h, as it is very empty.
crypto-us IPSEC build will be broken.
could someone please update?
1999-08-02 11:04:38 +00:00
itojun 70ada0957e sync with recent KAME.
- loosen ipsec restriction on packet diredtion.
- revise icmp6 redirect handling on IsRouter bit.
- tcp/udp notification processing (link-local address case)
- cosmetic fixes (better code share across *BSD).
1999-07-31 18:41:15 +00:00
itojun 06c350054d remove reference to in6_systm.h (file itself will be removed afterwords) 1999-07-30 10:35:34 +00:00
explorer ed3b6d5791 Fix a problem where tcp_slowtimo was called twice, once for ipv4 tcp and
once for ipv6.  This patch makes the ipv6 case pass NULLs in for fast
and slow timeouts iff defined(INET) and passes in the right function
if !defined(INET).

Reveiwed by itojun@iijlab.net.
1999-07-27 06:23:57 +00:00
itojun 86ef461e35 avoid u_long and hardcoded numbers. 1999-07-22 15:46:13 +00:00
itojun 7fee35f579 - implement IPv6 pmtud, which is necessary for TCP6.
- fix memory leak on SO_DEBUG over TCP.
1999-07-22 12:56:56 +00:00
itojun 76fc599a8d change unnecessary u_long/long into u_int32_t or something relevant.
more fixes should follow.
1999-07-22 03:59:42 +00:00
itojun 869f140395 fix IPV6_CHECKSUM socket option (length computation was wrong). 1999-07-19 18:37:19 +00:00
itojun c74f79d16f fix faith interface support. need testing.
(i understand this is a dirty hack, of course)
1999-07-17 07:07:08 +00:00
itojun 4502752019 fix compilation/runtime problem on alpha.
PR: 7952, 7953
From: Dave Huang <khym@bga.com>
1999-07-11 17:45:11 +00:00
thorpej 011b02e348 Clean up some printfs(), and mark a few for possible later nuking,
since they appear to be for debugging purposes only.
1999-07-10 19:46:10 +00:00
thorpej 267920eb1a defopt INET6, and put it in opt_inet.h (most places already include this
file, which is why the file list is so short).
1999-07-09 23:41:16 +00:00
thorpej f9a7668b3f defopt IPSEC and IPSEC_ESP (both into opt_ipsec.h). 1999-07-09 22:57:15 +00:00
itojun dcc13cdd33 sync with KAME/NetBSD 1.4, SNAP kit 19990705.
key changes are:
- icmp6 redirect fix (dst check)
- revised ip6 multicast check for loopback i/f
- several RCS ID cleanups
1999-07-06 12:23:19 +00:00
itojun 6ea6ccf105 checked build on alpha and i386, with GENERIC.v6.
fixed several sizeof(void *) and sizeof(size_t) issues on alpha.

Thanks to: Dave Huang and Tim Rightnour
1999-07-06 08:55:56 +00:00
itojun f3c72d8503 fix IPSEC (but not INET6) build.
PR: 7921, 7922, 7924
From: rafal@mediaone.net
1999-07-06 05:09:22 +00:00
itojun 9b74747370 s/splnet/splsoftnet/ in IPv6/IPsec part.
hope I made no mistake (the kernel works fine but I need a regress test)

Suggested by: thorpej
1999-07-04 02:01:15 +00:00
thorpej cd3a345ea0 RCS ID police. 1999-07-03 21:24:45 +00:00
kleink dd24133620 Take a stab at namespace protection. For now, only the obvious problems are
addressed, the culprit being the lack of a namespace definition for an IPv6-
extended <netinet/in.h> in XNS5.2 D2.0; I'll try to work something out and
submit it to the review WG.
1999-07-03 14:04:57 +00:00
itojun af58d5709d try to get a non-conflicting port # when bind(2) to port number 0
is called.
1999-07-02 19:57:05 +00:00
itojun 243585320c expand insque/remque (quick hack). fundamental fix should be done
while clarifying relationship between inpcb and in6pcb.

PR: 7891
1999-07-02 12:43:42 +00:00
itojun f8346292af move ipsec sysctl index to IPPROTO_AH (instead of IPPROTO_ESP),
so that you can perform sysctl operation when ESP is not compiled in.
1999-07-02 08:46:47 +00:00
itojun 932ab72aee remove TIME_WAIT issue, it was false. 1999-07-02 07:36:33 +00:00
itojun 8ebf9f7039 add tcp6 port # oddity.
add splnet/splsoftnet issue.
1999-07-02 07:16:29 +00:00
itojun c74aeb8363 document issues in libc extensions. 1999-07-01 18:28:55 +00:00
itojun 118d2b1d4f IPv6 kernel code, based on KAME/NetBSD 1.4, SNAP kit 19990628.
(Sorry for a big commit, I can't separate this into several pieces...)
Pls check sys/netinet6/TODO and sys/netinet6/IMPLEMENTATION for details.

- sys/kern: do not assume single mbuf, accept chained mbuf on passing
  data from userland to kernel (or other way round).
- "midway" ATM card: ATM PVC pseudo device support, like those done in ALTQ
  package (ftp://ftp.csl.sony.co.jp/pub/kjc/).
- sys/netinet/tcp*: IPv4/v6 dual stack tcp support.
- sys/netinet/{ip6,icmp6}.h, sys/net/pfkeyv2.h: IETF document assumes those
  file to be there so we patch it up.
- sys/netinet: IPsec additions are here and there.
- sys/netinet6/*: most of IPv6 code sits here.
- sys/netkey: IPsec key management code
- dev/pci/pcidevs: regen

In my understanding no code here is subject to export control so it
should be safe.
1999-07-01 08:12:45 +00:00
itojun 74d3c214ec KAME/NetBSD 1.4 SNAP kit, dated 19990628.
NOTE: this branch (kame) is used just for refernce.  this may not compile
due to multiple reasons.
1999-06-28 06:36:47 +00:00