bb92058a0f
cut and paste error in comment. From: Arto Selonen <arto@selonen.org>
2002-08-09 06:29:01 +00:00
af8ad017f7
typo. From: Arto Selonen <arto@selonen.org>, sync w/kame
2002-08-01 05:17:47 +00:00
a919a4c628
no need to check NULL mbuf, as we touch it already.
...
From: tedu <grendel@zeitbombe.org>
2002-07-30 23:27:15 +00:00
d337ab206e
no need to handle NULL argument in defrouter_delreq.
...
From: tedu <grendel@zeitbombe.org>
2002-07-30 23:24:21 +00:00
d08a33e8b1
correct multicast packet MTU check. sync w/kame
2002-07-25 12:41:51 +00:00
8b02a8b924
remove unneeded extern decl (commented out). sync w/kame
2002-07-20 21:11:55 +00:00
e00173a7f2
Spell 'should' correctly.
2002-07-18 11:59:06 +00:00
d67bce4593
no need to bzero() twice. from he@netbsd
2002-07-13 21:04:55 +00:00
51bd9285d5
correct ping6 -w result wth hostname with [A-Z]. PR 17540. sync w/kame
2002-07-10 05:05:01 +00:00
10c252ba47
Changes to allow the IPv4 and IPv6 layers to align headers themseves,
...
as necessary:
* Implement a new mbuf utility routine, m_copyup(), is is like
m_pullup(), except that it always prepends and copies, rather
than only doing so if the desired length is larger than m->m_len.
m_copyup() also allows an offset into the destination mbuf, which
allows space for packet headers, in the forwarding case.
* Add *_HDR_ALIGNED_P() macros for IP, IPv6, ICMP, and IGMP. These
macros expand to 1 if __NO_STRICT_ALIGNMENT is defined, so that
architectures which do not have strict alignment constraints don't
pay for the test or visit the new align-if-needed path.
* Use the new macros to check if a header needs to be aligned, or to
assert that it already is, as appropriate.
Note: This code is still somewhat experimental. However, the new
code path won't be visited if individual device drivers continue
to guarantee that packets are delivered to layer 3 already properly
aligned (which are rules that are already in use).
2002-06-30 22:40:32 +00:00
3973cdf049
typo in name
2002-06-29 12:33:33 +00:00
d7006267f3
reduce kernel stack usage by separating struct secasindex. sync w/kame
...
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
2002-06-27 12:12:49 +00:00
61f28217c4
move sanity check upwards. sync w/kame
...
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
2002-06-22 12:27:09 +00:00
cfb9a4a799
avoid listening socket from mistakenly use incorrect cached policy.
...
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp> sync w/kame
2002-06-22 12:04:07 +00:00
69d65da8c6
sizeof mistake in DIAGNOSTIC path. sync w/kame
...
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
2002-06-21 23:15:35 +00:00
3033187db0
previous commit cached pcb policy too much (when pcb points to
...
SPD entry that is not ipsec - like "none"). back it out. sync w/kame
2002-06-16 16:28:36 +00:00
c1808f02bf
cache pcb policy as much as possible. in fact, if policy is not
...
IPSEC_POLICY_IPSEC we don't need to compare spidx. sync w/kame
2002-06-14 14:47:24 +00:00
813344bfbe
remove redundant line
2002-06-14 14:17:55 +00:00
a8dde3fa57
free secpolicy on deepcopy failure
2002-06-13 05:10:13 +00:00
dc96111483
deep-copy pcb policy if it is an ipsec policy. assign ID field to all
...
SPD entries. make it possible for racoon to grab SPD entry on pcb
(racoon side needs some changes). sync w/kame
2002-06-12 17:56:45 +00:00
3489976392
do not copy policy-on-socket at all. avoid copying packet header value to
...
struct spindex. should reduce memory usage per socket/pcb, and should speedup
ipsec processing. sync w/kame
2002-06-12 01:47:34 +00:00
fa53d749ff
share policy-on-pcb for listening socket. sync w/kame
...
todo: share even more, avoid frequent updates of spidx
2002-06-11 19:39:59 +00:00
2533e1f81f
avoid variable name confusion. sync w/kame
2002-06-11 17:26:52 +00:00
9b2ae3537c
silence some of log(), as the codepath will be visited for IPv6-non-capable
...
interfaces too and can be annoying. net.inet6.icmp6.nd6_debug will
re-enable them.
2002-06-11 07:28:05 +00:00
b05ff066a7
whitespace cleanup
2002-06-09 14:43:10 +00:00
e55d3b6782
indent cleanup
2002-06-08 21:32:55 +00:00
7316bc595b
KNF
2002-06-08 21:29:26 +00:00
2495e99fc7
gc
2002-06-08 21:28:18 +00:00
6d8d0d63d8
sync with latest KAME in6_ifaddr/prefix/default router manipulation.
...
behavior changes:
- two iocts used by ndp(8) are now obsolete (backward compat provided).
use sysctl path instead.
- lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
2002-06-08 21:22:29 +00:00
fc5800e3fd
whitespace cleanup
2002-06-08 20:06:44 +00:00
2f88f76db1
in6_len2mask is a duplicate of in6_prefixlen2mask. unify. sync w/kame
2002-06-08 00:07:00 +00:00
9736fd7f05
on SIOCAIFADDR_IN6 check if sin6_len is sane. sync w/kame
2002-06-08 00:01:30 +00:00
e4f39ff86f
panic() if NULL is passed to ah_sumsiz_xx. suggested by sam leffler, sync w/kame
2002-06-07 23:42:41 +00:00
36f10d3196
some KNF
2002-06-07 22:08:41 +00:00
acf7dffae4
some KNF
2002-06-07 22:07:38 +00:00
0026ddd6dd
no need for offsetof()
2002-06-07 22:06:48 +00:00
edcbce7c37
typo
2002-06-07 22:05:37 +00:00
a1e0f0f9a7
sync IPV6_CHECKSUM handling with kame.
2002-06-07 22:03:02 +00:00
2aae9aee46
Fix mistakes in previous.
2002-06-07 18:19:30 +00:00
09342cdd61
typo
2002-06-07 18:19:05 +00:00
fc16676d8e
If there has been no NS for the neighbor after entering the
...
INCOMPLETE state, send the first solicitation in nd6_output(), regardless
of the timer value.
revised comments about rate-limiting accordingly.
sync w/kame
2002-06-07 17:15:12 +00:00
4e9401b698
comment
2002-06-07 17:13:56 +00:00
ac03214470
whitespace
2002-06-07 14:48:56 +00:00
3e3b75590b
remove #if 0'ed portion
2002-06-07 14:43:11 +00:00
c889402ba0
style
2002-06-07 14:37:38 +00:00
3c11868be8
consistency
2002-06-07 14:35:55 +00:00
05f0c3e705
KNF a bit
2002-06-07 14:29:10 +00:00
a11e34efc5
whitespace
2002-06-07 07:38:51 +00:00
e2ce1896bd
whitespace
2002-06-07 07:35:39 +00:00
9b39e24802
minor KNF to sync w/kame
2002-06-07 04:30:40 +00:00
06ed16c31d
typo
2002-06-07 04:18:11 +00:00
922b4012cc
'fall through' is not a valid LINT keyword.
2002-06-07 04:07:55 +00:00
83aff37a0f
remove support for deprecated ioctls (EINVAL). sync w/kame
2002-06-07 04:03:53 +00:00
88a8e0dd9e
cope with ndi->maxmtu == 0 case. sync w/kame
2002-06-07 03:05:18 +00:00
fb6078474d
cope with cases when maxmtu == 0 (this shoulnd't happen!)
2002-06-07 02:31:04 +00:00
1eb402e813
be sure to use L3 MTU, not L2 MTU, when specified in spec (affects FDDI/ARCnet)
2002-06-05 01:10:54 +00:00
ad4cab117d
whitespace at EOL
2002-06-03 02:09:37 +00:00
ed45b704ac
do not hardcode if_mtu values in here, except for IFT_{ARC,FDDI} -
...
they need special handling. makes it possible to take advantage of 9k ether
frames.
2002-06-03 00:51:47 +00:00
5625d3b849
do not mistakenly lock PMTUD route entry with RTV_MTU.
2002-05-31 04:26:19 +00:00
3449ca6d23
do not try to update rmx_mtu if rmx_mtu == 0 (obey ifmtu)
2002-05-31 03:18:54 +00:00
87fc46bce9
improve nd6_setmtu(), to warn too-small MTU on SIOCSIFMTU. sync w/kame
2002-05-30 05:06:28 +00:00
a3e4fbdf14
use M_READONLY where possible. minor cleanup/sync with kame.
2002-05-30 04:39:15 +00:00
c7f67f1479
make this compile again.
2002-05-29 19:50:48 +00:00
cfc6c918de
missing bzero
2002-05-29 13:56:14 +00:00
050c5b5b7c
receivedra field is gone
2002-05-29 13:52:56 +00:00
913276174b
"receivedra" field name is obsolete.
2002-05-29 09:32:01 +00:00
14dafa8f6a
avoid unneeded malloc/free. sync w/kame
2002-05-29 09:05:18 +00:00
5c1df51d53
attach nd_ifinfo structure into if_afdata.
...
split IPv6 link MTU (advertised by RA) from real link MTU.
sync with kame
2002-05-29 07:53:39 +00:00
9ea1dc0d36
correct rmx_mtu value after PMTUD entry timeout (should be set to 0)
2002-05-29 06:55:48 +00:00
ede265fffd
move per-interface ip6/icmp6 stat to ifnet->if_afdata. sync w/kame
2002-05-29 02:58:28 +00:00
a15e664f71
rm obsolete comment
2002-05-29 01:43:25 +00:00
3be26b82ef
use arc4random
2002-05-28 11:19:17 +00:00
4121fa09fc
correct in*_pcbrtentry. check cached value correctly.
2002-05-28 11:10:52 +00:00
d208a22daa
use arc4random() where possible.
...
XXX is it necessary to do microtime() on tcp syn cache?
2002-05-28 10:11:49 +00:00
7410ea60ca
in in*_pcbrtentry(), check if route is still valid (RTF_UP),
...
and address family is still valid.
2002-05-28 10:07:51 +00:00
10c5914022
limit number of IPv6 fragments (not the fragment queue size) to
...
fight against lots-of-frags DoS attacks. sync w/kame
2002-05-28 03:04:05 +00:00
9a1a825873
we have no IFT_DUMMY. kame merge mistake
2002-05-25 22:18:49 +00:00
e3c4951b26
re-enable ipsec policy caching onto pcb. refcnt fix and workarounds based on ymmt-san.
2002-05-25 10:01:01 +00:00
6f589cb1b2
extra blank line
2002-05-24 09:21:30 +00:00
c3015f8b5d
make a strict check before sending FQDN node information reply. sync w/kame
2002-05-24 09:13:59 +00:00
7e7fcd1df4
remove wrong "break" statement
2002-05-23 06:53:13 +00:00
64a1cfbf83
no longer need IFT_PROPVIRTUAL "bridge[0-9]+" check.
2002-05-23 06:40:03 +00:00
970757edd8
simplify conditions to do DAD. sync w/kame
2002-05-23 06:35:18 +00:00
e1d17f512b
should perform DAD for IFT_GIF.
2002-05-23 06:28:25 +00:00
5a51285f02
do not have link-local address for IFT_BRIDGE
2002-05-23 06:25:25 +00:00
d2fd814987
in sp caching code, check if sp is still alive. sync w/kame
2002-05-19 00:46:40 +00:00
b5f1426ee0
rename: net.inet6.ip6.bindv6only -> net.inet6.ip6.v6only
...
sync w/kame.
2002-05-14 10:27:28 +00:00
0dc8ee943d
Eliminate more commons or redundant declarations.
2002-05-14 02:58:32 +00:00
241f6932ee
* Use uint{8,32}_t from <netinet/in.h> where applicable; use private
...
fixed-width integer types otherwise.
* Protect RFC 2292 prototypes, which are not XNS5.2/POSIX-2001; also, define
size_t for inet6_rthdr_space().
2002-05-13 15:20:30 +00:00
0f1faf8e09
IPV6PORT_* aren't in the reserved namespace either.
2002-05-13 14:25:13 +00:00
d258299876
Check _POSIX_C_SOURCE as well.
2002-05-13 14:15:34 +00:00
a317e750c3
Update two comments.
2002-05-13 13:52:31 +00:00
602066c0d6
Provide local definitions of in_{addr,port}_t in <netinet/in.h> and use
...
them where deemed appropriate by XNS5.2/POSIX-2001.
2002-05-12 23:04:15 +00:00
c03e11f081
Eliminate commons.
2002-05-12 20:33:50 +00:00
d30d25dc1a
Spelling fixes, from Sergey Svishchev in kern/16650.
2002-05-12 15:48:36 +00:00
861dfdc294
disable ipsec policy caching on pcb, as it seems that there's some reference-
...
counting mistake that causes panic - see PR 15953 and 13813.
i am unable to find the real cause of problem, so it is a shortterm workaround,
hopefully.
2002-05-10 05:49:21 +00:00
d7669537a8
remove unneeded #ifdef __FreeBSD__ portion.
2002-05-10 05:38:29 +00:00
dc12059c9e
Use M_READONLY() rathern than testing to see if ext_free is set
...
or MCLISREFERENCED().
2002-04-28 00:54:41 +00:00
64109d267c
make sure to check address family in route cache
...
(I really hate IPv4 mapped address...)
2002-03-28 01:33:50 +00:00
bb1e9bbcd8
double m_free() - niklas@openbsd
2002-03-24 20:46:56 +00:00
itojun