Commit Graph

16 Commits

Author SHA1 Message Date
itojun
5a4703fbfe revert revision 1.15 (on ingress, DF bit copied from inner to outer).
since we do not have feedback mechanism from path MTU to tunnel MTU
(not sure if we should), and inner packet source will not get informed of
outer PMTUD (we shouldn't do this), 1.15 behavior can lead us to
blackhole behavior.

configurable behavior (as suggested in RFC2401 6.1) would be nice to have,
however, reusing net.inet.ipsec.dfbit would be hairy.
2001-01-22 07:57:34 +00:00
itojun
a836499e32 make it possible to turn off ingress filter on gif/stf tunnel egress,
by using IFF_LINK2.  (part of) PR 11163 from Ken Raeburn.
2001-01-22 07:51:01 +00:00
thorpej
4348603862 RFCs 1853, 2003, 2401 -- copy the DF bit. 2000-07-05 21:01:38 +00:00
itojun
3075a916cc sync with more recent kame. defer inclusion of net/if_gif.h. 2000-04-26 05:36:41 +00:00
enami
c63f06acd3 IN_MULTICAST() takes in_addr.s_addr as argument, not pointer to it. 2000-04-20 01:59:22 +00:00
itojun
3909133548 introduce sys/netinet/ip_encap.c, to dispatch inbound packets
to protocol handlers, based on src/dst (for ip proto #4/41).
see comment in ip_encap.c for details of the problem we have.
there are too many protocol specs for ip proto #4/41.
backward compatibility with MROUTING case is now provided in ip_encap.c.

fix ipip to work with gif (using ip_encap.c).  sorry for breakage.

gif now uses ip_encap.c.

introduce stf pseudo interface (implements 6to4, another IPv6-over-IPv4 code
with ip proto #41).
2000-04-19 06:30:51 +00:00
augustss
8529438fe6 Remove register declarations. 2000-03-30 12:51:13 +00:00
itojun
04ac848d6f introduce m->m_pkthdr.aux to hold random data which needs to be passed
between protocol handlers.

ipsec socket pointers, ipsec decryption/auth information, tunnel
decapsulation information are in my mind - there can be several other usage.
at this moment, we use this for ipsec socket pointer passing.  this will
avoid reuse of m->m_pkthdr.rcvif in ipsec code.

due to the change, MHLEN will be decreased by sizeof(void *) - for example,
for i386, MHLEN was 100 bytes, but is now 96 bytes.
we may want to increase MSIZE from 128 to 256 for some of our architectures.

take caution if you use it for keeping some data item for long period
of time - use extra caution on M_PREPEND() or m_adj(), as they may result
in loss of m->m_pkthdr.aux pointer (and mbuf leak).

this will bump kernel version.

(as discussed in tech-net, tested in kame tree)
2000-03-01 12:49:27 +00:00
itojun
2687887f38 s/DIAGNOSTIC/DEBUG/ 2000-02-07 06:15:16 +00:00
itojun
ec63b40402 remove too much portability code in KAME, to improve readability. 2000-01-06 07:31:07 +00:00
itojun
ea861f0183 sync IPv6 part with latest KAME tree. IPsec part is left unmodified
due to massive changes in KAME side.
- IPv6 output goes through nd6_output
- faith can capture IPv4 packets as well - you can run IPv4-to-IPv6 translator
  using heavily modified DNS servers
- per-interface statistics (required for IPv6 MIB)
- interface autoconfig is revisited
- udp input handling has a big change for mapped address support.
- introduce in4_cksum() for non-overwriting checksumming
- introduce m_pulldown()
- neighbor discovery cleanups/improvements
- netinet/in.h strictly conforms to RFC2553 (no extra defs visible to userland)
- IFA_STATS is fixed a bit (not tested)
- and more more more.

TODO:
- cleanup os-independency #ifdef
- avoid rcvif dual use (for IPsec) to help ifdetach

(sorry for jumbo commit, I can't separate this any more...)
1999-12-13 15:17:17 +00:00
itojun
00cf8638cb do not capture packets by gif, when gif interface is down. 1999-08-20 10:07:40 +00:00
thorpej
f9a7668b3f defopt IPSEC and IPSEC_ESP (both into opt_ipsec.h). 1999-07-09 22:57:15 +00:00
itojun
dcc13cdd33 sync with KAME/NetBSD 1.4, SNAP kit 19990705.
key changes are:
- icmp6 redirect fix (dst check)
- revised ip6 multicast check for loopback i/f
- several RCS ID cleanups
1999-07-06 12:23:19 +00:00
thorpej
cd3a345ea0 RCS ID police. 1999-07-03 21:24:45 +00:00
itojun
74d3c214ec KAME/NetBSD 1.4 SNAP kit, dated 19990628.
NOTE: this branch (kame) is used just for refernce.  this may not compile
due to multiple reasons.
1999-06-28 06:36:47 +00:00