5f09b77987
s/IPSEC_IPV6FWD/IPSEC/. this should correct strange behavior on ipv6
...
forwarding (even if policy asks for tunnel mode encryption, packets
go out in clear). sync with kame.
2000-07-16 07:57:55 +00:00
a2744a4cf8
do not pull sys/queue.h from netinet6/in6.h. PR10597.
...
some sync with kame.
2000-07-16 01:10:34 +00:00
20964b0c23
fatal bug fix from kame (rtentry refcnt goes negative if we play with IPv6
...
address/routing table too much).
in6_ifloop_request()
not to request rtrequest to return an rtentry except for the ADD
operation, in order to avoid misdecreasing the refcnt (which might
cause leak of rtentry)
2000-07-13 09:56:20 +00:00
f5211e847a
remove m_pulldown statistics code. it is highly experimental and belong
...
to kame tree only (not for *bsd).
2000-07-13 05:34:21 +00:00
d8a9a3cc7b
add ppsratelimit(9), which does event-per-sec rate limitation.
...
use it from icmp6 error rate limitation code.
XXX better name for the function?
2000-07-09 06:44:57 +00:00
ec67eee51f
sync with kame.
...
introduce in6_{recover,embed}scope, for in-kernel scoped-address manipulation.
improve in6_pcbnotify.
2000-07-07 15:54:16 +00:00
2068dee670
elide lint cast type conversion warnings.
2000-07-06 17:42:55 +00:00
210a3e2f80
remove unnecessary #include <netkey/key_debug.h>. from kame.
2000-07-06 12:51:39 +00:00
0a1e211454
- do not use bitfield for router renumbering header.
...
- add protection mechanism against ND cache corruption due to bad NUD hints.
- more stats
- icmp6 pps limitation. TOOD: should implement ppsratecheck(9).
2000-07-06 12:36:18 +00:00
6fff122160
drop packet to tentative/duplicated interface address earlier. sync w/kame
2000-07-02 09:56:39 +00:00
8ff902fca1
repair kernel faithd(8) support. there were two mistakes:
...
(1) tcp6_input dropped packets for translation
(2) in6_pcblookup_connect was too strict
2000-07-02 08:04:10 +00:00
3ade27131a
suppress too noisy warning on forward-over-loopback case. from kame
2000-06-30 19:46:05 +00:00
cf594a3f4d
<vm/vm.h> -> <uvm/uvm_extern.h>
2000-06-28 03:01:16 +00:00
d2787dad27
XNS5.2: define sa_family_t and use it where specified by the standard.
2000-06-26 15:48:19 +00:00
278184a8ab
avoid possible mbuf leaks on ipsec policy violation.(sync with kame)
2000-06-20 02:24:42 +00:00
90ca25568b
remove obsolete sysctl MIB net.inet.ipsec.inbound_call_ike.
...
(sync with kame)
2000-06-15 05:01:06 +00:00
1b8ede9f7c
Import IPsec ESP from netbsd-cryptosrc-intl.
2000-06-14 19:39:42 +00:00
dafb757588
add algorithm name into algorithm table. (commit to crypto-intl will follow)
2000-06-14 11:27:35 +00:00
af9d516560
signedness issue with char, take 2. confirmed with i386 cc -funsigned-char.
2000-06-13 17:31:37 +00:00
c6a8ca266b
workaround to suppress warning on char == unsigned char arch.
2000-06-13 16:34:37 +00:00
0455eac327
do not use cached route if the route becomes !RTF_UP.
...
make the validation for jumbo payload option more strict.
2000-06-13 14:43:44 +00:00
36887242d7
add sanity check on in6_ifaddr.
2000-06-13 04:35:29 +00:00
fa24d1db9b
make sure to link new in6_ifaddr to if_addrlist.
2000-06-13 02:54:11 +00:00
07098cd363
better conformance to draft-ietf-ipngwg-icmp-name-lookups-05.
...
the old code was chimera of 03 and 05 draft.
-n by default, since IPv6 reverse lookup takes too much time.
use -H to enable reverse name lookup.
2000-06-12 16:21:02 +00:00
8f26bbadf9
sync with latest kame tree (tiny update in IPv4 mapped issue)
2000-06-12 10:47:17 +00:00
92e64a4a0d
sync with almost-latest KAME IPsec. full changelog would be too big
...
to mention here. notable changes are like below.
kernel:
- make PF_KEY kernel interface more robust against broken input stream.
it includes complete internal structure change in sys/netkey/key.c.
- remove non-RFC compliant change in PF_KEY API, in particular,
in struct sadb_msg. we cannot just change these standard structs.
sadb_x_sa2 is introduced instead.
- remove prototypes for pfkey_xx functions from /usr/include/net/pfkeyv2.h.
these functions are not supplied in /usr/lib.
setkey(8):
- get/delete does not require "-m mode" (ignored with warning, if you
specify it)
- spddelete takes direction specification
2000-06-12 10:40:37 +00:00
90fb69b2b2
sync with latest kame document.
...
- update 6to4 i-d #.
- update descr on source address selection.
2000-06-10 08:21:11 +00:00
f7d6ee345c
Use _POSIX_SOURCE-safe type names
2000-06-08 19:01:44 +00:00
ffedfcb68d
make sure not to overwrite sockaddr on PRU_SEND/PRU_CONNECT to
...
link-local address. From: frank
2000-06-08 13:51:33 +00:00
8fe589a2ae
fix anycast address determination.
...
correct interface address addition when link-local is added (check if ifp
matches).
make diff to kame repository easier (breaks some KNF)
sync with kame.
2000-06-07 06:27:43 +00:00
8183434ff7
s/PIMCTL/PIM6CTL/ to avoid future confusion.
2000-06-07 04:40:46 +00:00
af6b403d46
backout change to in6_pcbnotify(). the change seems premature
...
(may cause trouble with advanced API in certain situation).
2000-06-05 08:09:48 +00:00
8987054176
pass struct proc * down to udp6_output and in6_pcbbind.
2000-06-05 06:38:22 +00:00
93b2b4e693
remove include files in nonstandard path
...
(has been #error for couple of months).
2000-06-04 11:52:06 +00:00
d7e34999be
sync with recent kame.
...
avoid use of macros to manipulate sockaddrs (hides error case too much).
correct IPv4 packet handling when ip option is present.
preparations for ipsec policy engine upgrades.
2000-06-03 16:14:02 +00:00
9d853e8a4f
sync with kame.
...
- use latest source address selection code - in6_src.c.
- correct frag header insertion.
- deep copy ip6 header portion in ip6_mloopback to avoid overwrite.
- do not bark when we forward packet to loopback.
- some cosmetics.
2000-06-03 14:36:32 +00:00
e0b65589f1
sync with more recent kame. cope with malloc failure more gracefully
...
some cosmetics.
2000-06-02 18:20:15 +00:00
4308599c5a
disallow bind(2) with IPv4 mapped address for now. port number check is
...
insufficient at this moment and we can bind(2) two sockets listen on same
port number.
for real fix, we need to check inpcb table with in6pcb. we can't
find inpcb chain from particular in6pcb chain (like finding tcbtable from tcb6)
luckily RFC2553 does not talk about bind(2) behavior for IPv4 mapped.
IPv4 mapped brings in too much complexities...
2000-05-29 00:03:18 +00:00
c0ccb49681
sync with reality in netbsd-current.
...
- pcb layer changes
- officially supported net interfaces
- minor typo
- draft # updates
2000-05-28 23:44:30 +00:00
418a734f51
enforce parameter type check for IN6_ARE_ADDR_EQUAL(). (sync with kame)
2000-05-24 14:40:09 +00:00
fa2abf5727
make net.inet6.udp6.* sysctl name meet with IPv4 counterpart.
...
XXX do we need to keep symbols mistakingly added (like UDP6CTL_SENDMAX)
for backward compatibility? I believe not.
2000-05-22 15:22:36 +00:00
5de72de121
disallow negative numbers for ratelimit interval (tcp, icmp, icmp6).
2000-05-22 12:08:43 +00:00
48c5048502
correct manipulation of link-local scoped address on loopback.
...
now "telnet fe80::1%lo0" should work again.
(we have another bug near here - will attack it soon)
2000-05-19 20:09:26 +00:00
41f4d3e2b6
correct MLD API. (binary backward compatibility is kept)
...
commit to usr.sbin/pim6* will follow.
2000-05-19 10:39:43 +00:00
f636538446
NULL != 0
2000-05-19 04:34:39 +00:00
fa5c89d64a
do not mistakingly forward link-local scoped packet (the bug was added
...
with "beyondscope" icmp6 support).
"options FAKE_LOOPBACK_IF" will honor scope on loopback outputs. rcvif will
be real interface, not the loopback, just like when multicast loopback.
(sync with kame)
2000-05-19 01:40:18 +00:00
4f1c7f0bbe
do not try NUD unless the gateway is a real neighbor.
...
real fix to KAME PR 245 (workaround has been implemented).
2000-05-09 11:51:12 +00:00
e0d0cba239
Remove junk at the end of #undef.
2000-05-08 18:31:10 +00:00
b5393f9387
correct in6_ifdetach() (previous code touched dangling pointers).
...
actually the corrected portion was never visited.
2000-05-05 08:03:12 +00:00
57434b944b
misuse of free(ia) in #if 0'ed region.
...
From: Lennart Augustsson <lennart@augustsson.net>
2000-04-27 16:44:19 +00:00
itojun