Commit Graph

40 Commits

Author SHA1 Message Date
itojun
cdaa27b23a when ipsec tunnel mode is applied, we are originating packet (instead of
forwarding).  go to ip6_output() path for fragmentation and other processing.
from kame
2004-01-16 05:12:08 +00:00
mycroft
2dde0746b6 Do a jump optimization that eliminates some uninitialized variable warnings. 2003-10-29 10:12:43 +00:00
itojun
140276fde1 shouldn't check scope match when encapsulating packet into tunnel mode.
iij seil team
2003-10-03 04:30:31 +00:00
itojun
d451ef2606 do not deref state.ro if it is NULL 2003-10-02 19:32:41 +00:00
itojun
d83af104d4 correctly look at outer IPv6 header when forwarding packet into ipsec tunnel.
iij seil team
2003-10-02 12:13:44 +00:00
itojun
da53b9c28e make net.inet6.ip6.redirect actually work. from Tomoyuki Sahara via kame 2003-08-07 08:52:32 +00:00
itojun
022df20c75 minor KNF 2003-07-03 05:03:53 +00:00
itojun
842d3bee32 KNF 2003-06-30 03:30:50 +00:00
itojun
194f048bd9 use time.tv_sec directly 2003-06-24 07:39:24 +00:00
itojun
255121cf44 avoid from applying IPsec transport mode to the packets when the kernel
forwards the packets.
sync w/kame
2002-09-11 08:15:37 +00:00
itojun
6d8d0d63d8 sync with latest KAME in6_ifaddr/prefix/default router manipulation.
behavior changes:
- two iocts used by ndp(8) are now obsolete (backward compat provided).
  use sysctl path instead.
- lo0 does not get ::1 automatically.  it will get ::1 when lo0 comes up.
2002-06-08 21:22:29 +00:00
itojun
06ed16c31d typo 2002-06-07 04:18:11 +00:00
itojun
922b4012cc 'fall through' is not a valid LINT keyword. 2002-06-07 04:07:55 +00:00
itojun
5c1df51d53 attach nd_ifinfo structure into if_afdata.
split IPv6 link MTU (advertised by RA) from real link MTU.
sync with kame
2002-05-29 07:53:39 +00:00
itojun
1cad8e6085 reduce white space/cosmetic diffs w/kame. 2001-12-18 03:04:02 +00:00
lukem
4f2ad95259 add RCSIDs 2001-11-13 00:56:55 +00:00
itojun
73f4e5001f more whitespace sync with kame 2001-10-24 06:36:37 +00:00
itojun
dfb1429789 unifdef OLDIP6OUTPUT 2001-10-17 08:23:05 +00:00
itojun
fc35f336c7 sync with draft-ietf-ipngwg-p2p-pingpong-00.txt. apply special behavior
only if ip6_dst is "neighbor" within p2p prefix.  sync with kame
2001-07-18 09:24:26 +00:00
itojun
57d1913ebc do not forward packet back to point-to-point interface, if the packet
matches the ipv6 prefix assigned to the p2p interface (= redirect case).
this leads to pingpong, chews bandwidth.  bad thing is that bad guy from
remote can chew bandwidth.  (follows upcoming internet draft)
2001-06-22 12:33:05 +00:00
matt
5571e920d6 senderr needs only be declared when PFIL_HOOKS is defined 2001-06-12 17:55:52 +00:00
itojun
bdbfdf946d run pfil_hooks for IPv6 forwarding path (note: ip6_forward() does not
call ip6_output()).
2001-06-12 15:12:33 +00:00
itojun
92969654c0 enable FAKE_LOOPBACK_IF case by default.
now traffic on loopback interface will be presented to bpf as normal wire
format packet (without KAME scopeid in s6_addr16[1]).

fix KAME PR 250 (host mistakenly accepts packets to fe80::x%lo0).

sync with kame.
2001-03-30 11:08:56 +00:00
itojun
e1f4f77960 to sync with kame better, (1) remove register declaration for variables,
(2) sync whitespaces, (3) update comments. (4) bring in some of portability
and logging enhancements.  no functional changes here.
2001-02-10 04:14:26 +00:00
itojun
e0bb769d4e on ipsec policy lookup, do not try to lookup port numbers for forwarded packet.
sync with kame.
2000-09-22 05:50:23 +00:00
itojun
73a29e35ff do not forward packet with :: in the source.
this is not in the spec - we had rough consensus on it in ipngwg,
spec will get updated to include this behavior.
2000-07-27 15:53:51 +00:00
itojun
5f09b77987 s/IPSEC_IPV6FWD/IPSEC/. this should correct strange behavior on ipv6
forwarding (even if policy asks for tunnel mode encryption, packets
go out in clear).  sync with kame.
2000-07-16 07:57:55 +00:00
itojun
210a3e2f80 remove unnecessary #include <netkey/key_debug.h>. from kame. 2000-07-06 12:51:39 +00:00
itojun
3ade27131a suppress too noisy warning on forward-over-loopback case. from kame 2000-06-30 19:46:05 +00:00
itojun
9d853e8a4f sync with kame.
- use latest source address selection code - in6_src.c.
- correct frag header insertion.
- deep copy ip6 header portion in ip6_mloopback to avoid overwrite.
- do not bark when we forward packet to loopback.
- some cosmetics.
2000-06-03 14:36:32 +00:00
itojun
48c5048502 correct manipulation of link-local scoped address on loopback.
now "telnet fe80::1%lo0" should work again.
(we have another bug near here - will attack it soon)
2000-05-19 20:09:26 +00:00
itojun
fa5c89d64a do not mistakingly forward link-local scoped packet (the bug was added
with "beyondscope" icmp6 support).
"options FAKE_LOOPBACK_IF" will honor scope on loopback outputs.  rcvif will
be real interface, not the loopback, just like when multicast loopback.

(sync with kame)
2000-05-19 01:40:18 +00:00
itojun
1450d6e643 bring in recent KAME changes (only important and stable ones, as usual).
- remove net.inet6.ip6.nd6_proxyall.  introduce proxy NDP code works
  just like "arp -s".
- revise source address selection.
  be more careful about use of yet-to-be-valid addresses as source.
- as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope
  packet forwarding attempt.
- path MTU discovery takes care of routing header properly.
- be more strict about mbuf chain parsing.
2000-02-26 08:39:18 +00:00
itojun
90736ab608 fix include pathname for better rfc2292 compliance. 2000-02-06 12:49:37 +00:00
itojun
1a2a1e2b1f bring in latest KAME ipsec tree.
- interop issues in ipcomp is fixed
- padding type (after ESP) is configurable
- key database memory management (need more fixes)
- policy specification is revisited

XXX m->m_pkthdr.rcvif is still overloaded - hope to fix it soon
2000-01-31 14:18:52 +00:00
itojun
b3761abef8 remove extra portability #ifdef (like #ifdef __FreeBSD__) in KAME IPv6/IPsec
code, from netbsd-current repository.
#ifdef'ed version is always available from ftp.kame.net.

XXX please do not make too many diff-unfriendly changes, we'll need to take
bunch of diffs on upgrade...
2000-01-06 15:46:07 +00:00
itojun
ea861f0183 sync IPv6 part with latest KAME tree. IPsec part is left unmodified
due to massive changes in KAME side.
- IPv6 output goes through nd6_output
- faith can capture IPv4 packets as well - you can run IPv4-to-IPv6 translator
  using heavily modified DNS servers
- per-interface statistics (required for IPv6 MIB)
- interface autoconfig is revisited
- udp input handling has a big change for mapped address support.
- introduce in4_cksum() for non-overwriting checksumming
- introduce m_pulldown()
- neighbor discovery cleanups/improvements
- netinet/in.h strictly conforms to RFC2553 (no extra defs visible to userland)
- IFA_STATS is fixed a bit (not tested)
- and more more more.

TODO:
- cleanup os-independency #ifdef
- avoid rcvif dual use (for IPsec) to help ifdetach

(sorry for jumbo commit, I can't separate this any more...)
1999-12-13 15:17:17 +00:00
itojun
06c350054d remove reference to in6_systm.h (file itself will be removed afterwords) 1999-07-30 10:35:34 +00:00
thorpej
cd3a345ea0 RCS ID police. 1999-07-03 21:24:45 +00:00
itojun
74d3c214ec KAME/NetBSD 1.4 SNAP kit, dated 19990628.
NOTE: this branch (kame) is used just for refernce.  this may not compile
due to multiple reasons.
1999-06-28 06:36:47 +00:00