ac03214470
whitespace
2002-06-07 14:48:56 +00:00
3e3b75590b
remove #if 0'ed portion
2002-06-07 14:43:11 +00:00
c889402ba0
style
2002-06-07 14:37:38 +00:00
3c11868be8
consistency
2002-06-07 14:35:55 +00:00
05f0c3e705
KNF a bit
2002-06-07 14:29:10 +00:00
a11e34efc5
whitespace
2002-06-07 07:38:51 +00:00
e2ce1896bd
whitespace
2002-06-07 07:35:39 +00:00
9b39e24802
minor KNF to sync w/kame
2002-06-07 04:30:40 +00:00
06ed16c31d
typo
2002-06-07 04:18:11 +00:00
922b4012cc
'fall through' is not a valid LINT keyword.
2002-06-07 04:07:55 +00:00
83aff37a0f
remove support for deprecated ioctls (EINVAL). sync w/kame
2002-06-07 04:03:53 +00:00
88a8e0dd9e
cope with ndi->maxmtu == 0 case. sync w/kame
2002-06-07 03:05:18 +00:00
fb6078474d
cope with cases when maxmtu == 0 (this shoulnd't happen!)
2002-06-07 02:31:04 +00:00
1eb402e813
be sure to use L3 MTU, not L2 MTU, when specified in spec (affects FDDI/ARCnet)
2002-06-05 01:10:54 +00:00
ad4cab117d
whitespace at EOL
2002-06-03 02:09:37 +00:00
ed45b704ac
do not hardcode if_mtu values in here, except for IFT_{ARC,FDDI} -
...
they need special handling. makes it possible to take advantage of 9k ether
frames.
2002-06-03 00:51:47 +00:00
5625d3b849
do not mistakenly lock PMTUD route entry with RTV_MTU.
2002-05-31 04:26:19 +00:00
3449ca6d23
do not try to update rmx_mtu if rmx_mtu == 0 (obey ifmtu)
2002-05-31 03:18:54 +00:00
87fc46bce9
improve nd6_setmtu(), to warn too-small MTU on SIOCSIFMTU. sync w/kame
2002-05-30 05:06:28 +00:00
a3e4fbdf14
use M_READONLY where possible. minor cleanup/sync with kame.
2002-05-30 04:39:15 +00:00
c7f67f1479
make this compile again.
2002-05-29 19:50:48 +00:00
cfc6c918de
missing bzero
2002-05-29 13:56:14 +00:00
050c5b5b7c
receivedra field is gone
2002-05-29 13:52:56 +00:00
913276174b
"receivedra" field name is obsolete.
2002-05-29 09:32:01 +00:00
14dafa8f6a
avoid unneeded malloc/free. sync w/kame
2002-05-29 09:05:18 +00:00
5c1df51d53
attach nd_ifinfo structure into if_afdata.
...
split IPv6 link MTU (advertised by RA) from real link MTU.
sync with kame
2002-05-29 07:53:39 +00:00
9ea1dc0d36
correct rmx_mtu value after PMTUD entry timeout (should be set to 0)
2002-05-29 06:55:48 +00:00
ede265fffd
move per-interface ip6/icmp6 stat to ifnet->if_afdata. sync w/kame
2002-05-29 02:58:28 +00:00
a15e664f71
rm obsolete comment
2002-05-29 01:43:25 +00:00
3be26b82ef
use arc4random
2002-05-28 11:19:17 +00:00
4121fa09fc
correct in*_pcbrtentry. check cached value correctly.
2002-05-28 11:10:52 +00:00
d208a22daa
use arc4random() where possible.
...
XXX is it necessary to do microtime() on tcp syn cache?
2002-05-28 10:11:49 +00:00
7410ea60ca
in in*_pcbrtentry(), check if route is still valid (RTF_UP),
...
and address family is still valid.
2002-05-28 10:07:51 +00:00
10c5914022
limit number of IPv6 fragments (not the fragment queue size) to
...
fight against lots-of-frags DoS attacks. sync w/kame
2002-05-28 03:04:05 +00:00
9a1a825873
we have no IFT_DUMMY. kame merge mistake
2002-05-25 22:18:49 +00:00
e3c4951b26
re-enable ipsec policy caching onto pcb. refcnt fix and workarounds based on ymmt-san.
2002-05-25 10:01:01 +00:00
6f589cb1b2
extra blank line
2002-05-24 09:21:30 +00:00
c3015f8b5d
make a strict check before sending FQDN node information reply. sync w/kame
2002-05-24 09:13:59 +00:00
7e7fcd1df4
remove wrong "break" statement
2002-05-23 06:53:13 +00:00
64a1cfbf83
no longer need IFT_PROPVIRTUAL "bridge[0-9]+" check.
2002-05-23 06:40:03 +00:00
970757edd8
simplify conditions to do DAD. sync w/kame
2002-05-23 06:35:18 +00:00
e1d17f512b
should perform DAD for IFT_GIF.
2002-05-23 06:28:25 +00:00
5a51285f02
do not have link-local address for IFT_BRIDGE
2002-05-23 06:25:25 +00:00
d2fd814987
in sp caching code, check if sp is still alive. sync w/kame
2002-05-19 00:46:40 +00:00
b5f1426ee0
rename: net.inet6.ip6.bindv6only -> net.inet6.ip6.v6only
...
sync w/kame.
2002-05-14 10:27:28 +00:00
0dc8ee943d
Eliminate more commons or redundant declarations.
2002-05-14 02:58:32 +00:00
241f6932ee
* Use uint{8,32}_t from <netinet/in.h> where applicable; use private
...
fixed-width integer types otherwise.
* Protect RFC 2292 prototypes, which are not XNS5.2/POSIX-2001; also, define
size_t for inet6_rthdr_space().
2002-05-13 15:20:30 +00:00
0f1faf8e09
IPV6PORT_* aren't in the reserved namespace either.
2002-05-13 14:25:13 +00:00
d258299876
Check _POSIX_C_SOURCE as well.
2002-05-13 14:15:34 +00:00
a317e750c3
Update two comments.
2002-05-13 13:52:31 +00:00
602066c0d6
Provide local definitions of in_{addr,port}_t in <netinet/in.h> and use
...
them where deemed appropriate by XNS5.2/POSIX-2001.
2002-05-12 23:04:15 +00:00
c03e11f081
Eliminate commons.
2002-05-12 20:33:50 +00:00
d30d25dc1a
Spelling fixes, from Sergey Svishchev in kern/16650.
2002-05-12 15:48:36 +00:00
861dfdc294
disable ipsec policy caching on pcb, as it seems that there's some reference-
...
counting mistake that causes panic - see PR 15953 and 13813.
i am unable to find the real cause of problem, so it is a shortterm workaround,
hopefully.
2002-05-10 05:49:21 +00:00
d7669537a8
remove unneeded #ifdef __FreeBSD__ portion.
2002-05-10 05:38:29 +00:00
dc12059c9e
Use M_READONLY() rathern than testing to see if ext_free is set
...
or MCLISREFERENCED().
2002-04-28 00:54:41 +00:00
64109d267c
make sure to check address family in route cache
...
(I really hate IPv4 mapped address...)
2002-03-28 01:33:50 +00:00
bb1e9bbcd8
double m_free() - niklas@openbsd
2002-03-24 20:46:56 +00:00
714618fb98
fix arg to bcmp() - need to compare 15 bytes, not 3 bytes. sync w/kame
2002-03-23 00:43:59 +00:00
8cbb556660
protect in6pcb queue operation by splnet, as pcb queue will be touched
...
by in6_pcbpurgeif() under splnet.
2002-03-21 02:11:39 +00:00
007db8b52a
remove obsolete comment
2002-03-20 22:47:59 +00:00
d31217b639
check sa_len and sa_family strictly. (NOTE: rtsol/rtsold older than Nov2001
...
will stop working, upgrade them first)
2002-03-19 01:21:19 +00:00
f3279050b2
esp/ah_ctlinput: pass useful address to key_alloc.
2002-03-18 15:30:03 +00:00
766a6d874e
have a real lock around IPv6 reassembly.
2002-03-15 10:44:07 +00:00
3faedc3f92
s/0/NULL/ as ln_hold is a pointer. sync w/ kame
2002-03-15 09:36:27 +00:00
38f3d28842
have tcp6_drain
2002-03-15 09:25:41 +00:00
4b327fb1f3
zlib 1.1.4 dislikes Z_FLUSH at the end of inflate().
2002-03-14 05:18:10 +00:00
2246ec4a66
on redirect output, always try to attach target link layer address option.
2002-03-05 08:13:56 +00:00
ef49bcac3c
Nuke out-of-synch comment.
2002-03-04 15:18:32 +00:00
2ff9b43758
sync blowfish function prototype between i386 assembly and C.
...
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
2002-02-27 01:32:17 +00:00
ae1b9c29e9
make sure to check address family on route cache. with IPv4 mapped
...
address we can see both AF_INET/INET6.
2002-01-22 03:53:55 +00:00
b0e82d3005
do not log() in per-packet input path. sync w/kame
2002-01-08 04:37:32 +00:00
e6834b7b5c
make it compile even if NGIF=0
2001-12-22 01:40:03 +00:00
a225c3930f
whitespace/costmetic sync w/kame
2001-12-21 08:54:52 +00:00
1536628a1f
call encap6_ctlinput on icmp6 against tunnelled packet. sync w/kame
2001-12-21 08:54:19 +00:00
df8adebac1
remove obsolete #if 0'ed section. sync w/kame
2001-12-21 07:16:58 +00:00
28922b9973
use radix table for inbound tunnel lookup (would increase performance
...
for machines with a lot of tunnels).
update route cache for IPvX-over-IPv6 tunnel on path MTU discovery.
snyc with kame
2001-12-21 06:30:43 +00:00
9aaffcfde8
move in6_gif_hlim decl to in6_gif.c. sync with kame
2001-12-21 03:58:15 +00:00
745e191850
move protosw fragment for gif/stf to their own source code.
...
reduce #ifdef in stf code. sync with kame
2001-12-21 03:21:50 +00:00
ebb1c82ec5
centralize multicast group management (in6_join/leavegroup).
...
have a flag for ip6_output() to fragment to minimum MTU.
sync with kame
2001-12-20 07:26:36 +00:00
1cad8e6085
reduce white space/cosmetic diffs w/kame.
2001-12-18 03:04:02 +00:00
29064a3fdb
remove obsolete #if 0'ed portion.
2001-12-18 01:42:04 +00:00
33429d0612
correct timing to increment icmp6 MIB variables. sync with kame
2001-12-07 10:10:43 +00:00
f8321e02a6
fix cast128 with shorter key length. sync with kame
2001-11-27 11:19:36 +00:00
c23ea6c341
update outgoing ifp, only if tunnel mode ipsec is used. this is to
...
honor IP_MULTICAST_IF setsockopt on ipsec-over-multicast. sync with kame
2001-11-21 06:28:08 +00:00
c8549493da
(minor) delint
2001-11-17 18:55:11 +00:00
4f2ad95259
add RCSIDs
2001-11-13 00:56:55 +00:00
d54922c799
check offset overrun in ip6_nexthdr.
2001-11-02 08:05:48 +00:00
5f717f7c33
Don't need to include <uvm/uvm_extern.h> just to include <sys/sysctl.h>
...
anymore.
2001-10-29 07:02:30 +00:00
7b1918bdc8
always check extension header length.
2001-10-29 05:23:17 +00:00
eecba85f88
no tcp_fasttimo any more. PR 14333
2001-10-24 09:37:00 +00:00
73f4e5001f
more whitespace sync with kame
2001-10-24 06:36:37 +00:00
c7e6405a34
remove unused codepath (unifdef -UUDP6)
2001-10-24 06:04:08 +00:00
68fbfa26e8
gather stats on raw ip6 socket. sync with kame
2001-10-18 09:12:13 +00:00
51a9c75998
simplify per-if stats.
2001-10-18 09:09:25 +00:00
ae5499819c
reduce diffs with kame (mostly cosmetic).
...
move IPV6_CHECKSUM processing to sys/netinet6/raw_ip6.c.
constify a couple of places.
2001-10-18 07:44:33 +00:00
1990d680c4
do not change neighbor cache state on entry timeout,
...
if the cache entry is for outgoing router.
perform on-linkness check before default router (re-)seletion.
do not play with interface direct route on nd6_rtrequest.
sync a lot of cosmetic changes. sync with kame
2001-10-17 10:55:09 +00:00
dfb1429789
unifdef OLDIP6OUTPUT
2001-10-17 08:23:05 +00:00
7dcf45fbd8
more whitespace/comment sync with kame
2001-10-16 06:24:44 +00:00
45c8a6a57e
remove unused #define. sync whitespace/comment with kame.
2001-10-16 04:57:38 +00:00
9bff6fde4c
reduce diff with kame. whitespace only
2001-10-16 04:17:54 +00:00
149aafe6ad
sync with kame.
...
net.inet6.icmp6.nodeinfo is now a bitmap (2^0 = ping6 -w, 2^1 = ping6 -a).
give up local if there's mbuf alloc failures.
cope with ".." in hostname.
sync comments/whitespaces.
2001-10-15 11:12:44 +00:00
91498ffec5
implement IPV6_V6ONLY socket option from draft-ietf-ipngwg-rfc2553bis-03.txt.
...
IPV6_BINDV6ONLY (netbsd only) is deprecated, but still work just like before.
2001-10-15 09:51:15 +00:00
99d25b4e8a
reduce diff with kame. whitespace changes only.
2001-10-15 03:55:37 +00:00
456dff6cb8
Spell 'occurred' with two 'r's.
2001-09-16 16:34:23 +00:00
bf45c09959
fix SA lookup when IPsec transport mode and tunnel mode over IPv6 is used
...
at the same time. sync with kame
(like "IP AH ESP IP", policy = "esp/tunnel/a-b/use ah/transport//use")
2001-09-13 06:30:57 +00:00
080d73b4a3
minor style
2001-09-10 03:08:18 +00:00
3d4146e21f
Add asm versions of blowfish and des transforms for i386.
...
This also involved updating the in-kernel DES functions to correspond
to the versions in our in-tree OpenSSL, because the des_SPtrans table
has changed; the asm code will not work with the old permutation table!
C and i386 asm code for the DES, 3DES, and Blowfish CBC modes is also
included; it is not currently built as the ESP processing in esp_core.c
splits the CBC operation and the cipher transform apart. Hopefully that
will be fixed as there is a substantial performance improvement to be had
from doing so. It will remain necessary to use the C version of the
Blowfish CBC function on some i386 machines, however, as the asm version
uses bswapl, which ony 486 and later processors have. The DES CBC code
doesn't have this problem.
Finally, change esp_core.c to use the ecb3_encrypt function instead of
calling ecb_encrypt three times; this improves performance a bit, in
particular in the asm case.
2001-09-09 11:00:59 +00:00
4d1509970e
do not try to bring IPv6 up on bridge*.
2001-08-23 02:58:24 +00:00
74ad87bc53
gif interface now uses generic software interrupt
...
(on archs that support it). also, make gif ALTQ-capable on outgoing.
sync with kame, comments from thorpej.
2001-08-16 17:45:25 +00:00
57030e2f12
cache IPsec policy on in6?pcb. most of the lookup operations can be bypassed,
...
especially when it is a connected SOCK_STREAM in6?pcb. sync with kame.
2001-08-06 10:25:00 +00:00
e3d077542f
cosmetic (spacing near /* */). sync with kame
2001-08-05 22:20:44 +00:00
cad488d032
sync gif interface code with latest kame.
...
IFF_RUNNING is clearified. attach/detach logic is more clearner.
the old code mistakenly set IFF_UP by itself, now the behavior is gone.
2001-07-29 05:08:32 +00:00
fd5e7077a3
allocate ipsec policy buffer attached to pcb in in*_pcballoc, before
...
giving anyone accesses to pcb (do not reveal an inconsistent ones).
sync with kame
2001-07-25 23:28:02 +00:00
a21ce80cd6
ifindex2ifnet could return NULL if if_detach() is used (pcmcia card
...
removal and such).
2001-07-25 09:23:46 +00:00
0cd424b3ce
ifidex2ifnet could contain NULL after if_detach(). sync with kame
2001-07-25 06:59:51 +00:00
19392ee73b
fix comment on setsockopt arg size. KAME PR 369
2001-07-24 00:44:36 +00:00
bee33e3d00
repair scoped address handling in PRU_BIND. sync with kame.
2001-07-23 19:29:53 +00:00
a9356936b4
seperate -> separate
2001-07-22 13:33:58 +00:00
7f070caa75
sync rt_ifp check with IPv4 counterpart (see sys/net/if_ethersubr.c 1.27).
...
sync with kame
2001-07-20 20:26:35 +00:00
8c9f492242
do not malloc() during interrupt context for IPv6 multicast kludge table.
...
malloc() during interface initialization. sync with kame
2001-07-18 13:12:27 +00:00
fc35f336c7
sync with draft-ietf-ipngwg-p2p-pingpong-00.txt. apply special behavior
...
only if ip6_dst is "neighbor" within p2p prefix. sync with kame
2001-07-18 09:24:26 +00:00
5e920039c6
have ovbcopy() macro, for cross-BSD compatibility only.
2001-07-07 14:45:46 +00:00
193167b1eb
call in{,6}_pcbpurgeif0() before in{,6}_purgeif().
2001-07-03 08:06:19 +00:00
1ff38f4d03
on interface removal, remove multicast groups joined from pcb, before
...
removing interface addresses. without the change, we may deref
NULL pointer in in_pcbpurgeif(). from jinmei@kame, sync with kame
2001-07-02 15:25:34 +00:00
03927c60a5
call defrouter_select() only if it is autoconfigured host.
2001-06-29 16:01:47 +00:00
02c94ca414
refresh default router list on nd6_detach(), only if we are an
...
autoconfigured host. bug was that, we will lose default route on
"ifconfig gif0 destroy" even if default is not pointing to gif0.
reported by ume@mahoroba.org . sync with kame
2001-06-27 17:36:14 +00:00
9ccf08b3c5
netbsd; on interface removal, force pcbs to leave from multicast groups
...
pointing toward the interface about to be removed. sync with kame
XXX still need more discussions on semantics. the behavior should be safer
2001-06-27 15:53:14 +00:00
77a4124f7d
the documents are out of sync with the latest situation. remove them.
2001-06-24 19:40:35 +00:00
885b74c2be
select default router again, when L2 address of the router changes
2001-06-22 13:36:12 +00:00
0213b76857
remove RFC1885 compatibility code in #ifdef COMPAT_RFC1885, for icmp6
...
reply packet size consideration (obsolete, not used for a long time).
sync with kame
2001-06-22 13:01:49 +00:00
57d1913ebc
do not forward packet back to point-to-point interface, if the packet
...
matches the ipv6 prefix assigned to the p2p interface (= redirect case).
this leads to pingpong, chews bandwidth. bad thing is that bad guy from
remote can chew bandwidth. (follows upcoming internet draft)
2001-06-22 12:33:05 +00:00
ccfe29f3cf
Symmetric has one s and two m's.
2001-06-18 11:23:00 +00:00
5571e920d6
senderr needs only be declared when PFIL_HOOKS is defined
2001-06-12 17:55:52 +00:00
bdbfdf946d
run pfil_hooks for IPv6 forwarding path (note: ip6_forward() does not
...
call ip6_output()).
2001-06-12 15:12:33 +00:00
8b646a5273
remove IPV6FIREWALL case, which is never used
2001-06-11 13:49:18 +00:00
40ac848024
Fix various misspellings of compatible/compatibility.
2001-06-11 01:50:48 +00:00
6a536c0364
fix a IPNOPRIVPORTS unused variable botch. noted by proff.
2001-06-06 06:07:06 +00:00
ad9d3794b0
Implement support for IP/TCP/UDP checksum offloading provided by
...
network interfaces. This works by pre-computing the pseudo-header
checksum and caching it, delaying the actual checksum to ip_output()
if the hardware cannot perform the sum for us. In-bound checksums
can either be fully-checked by hardware, or summed up for final
verification by software. This method was modeled after how this
is done in FreeBSD, although the code is significantly different in
most places.
We don't delay checksums for IPv6/TCP, but we do take advantage of the
cached pseudo-header checksum.
Note: hardware-assisted checksumming defaults to "off". It is
enabled with ifconfig(8). See the manual page for details.
Implement hardware-assisted checksumming on the DP83820 Gigabit Ethernet,
3c90xB/3c90xC 10/100 Ethernet, and Alteon Tigon/Tigon2 Gigabit Ethernet.
2001-06-02 16:17:09 +00:00
781f6920ab
use default hoplimit when incoming interface is not given to icmp6_reflect.
...
sync with kame
2001-06-01 05:54:19 +00:00
67afbd6270
use _KERNEL_OPT
2001-05-30 11:57:16 +00:00
c973d6a0eb
Skip the pseudo-header if nxt == 0. This is already documented
...
in in6_cksum(9) and is also the behavior of the i386 optimized
version.
2001-05-30 03:06:56 +00:00
e91c2ce847
remove debug printfs, which can be too noisy. sync with kame.
2001-05-27 17:36:07 +00:00
fc644273cd
print more diag message on in6_addmulti() failures.
2001-05-24 08:17:22 +00:00
a7596d1912
call icmp6_mtudisc_update(foo, 0) even if ICMPv6 messages are very short.
...
let icmp6 layer decide whether we take PMTUD routes or not.
2001-05-24 07:22:27 +00:00
fc66251bda
plug memory leak on invalid fragment packet. supress noisy log. from kame
2001-05-17 14:01:37 +00:00
498fdebcd7
drop multi destination mode (IFF_LINK0).
2001-05-14 13:35:20 +00:00
f4d5905544
there's no need to #if NFAITH here. IN6P_FAITH can be set even on
...
NFAITH == 0 kernel, it is safer to always check the condition.
sync with kame.
2001-05-11 18:38:03 +00:00
63181d71c1
correct ecn consideration on tunnel encap/decap. sync with kame.
2001-05-10 01:37:42 +00:00
1bec764d78
correct faith prefix determination. use sys/netinet/if_faith.c:faithprefix()
...
to determine. sync with kame.
(without this change, non-faith socket may mistakenly accept for-faith traffic)
2001-05-08 10:15:13 +00:00
d1b6307b88
do not copy TTL field on ipsec tunnel mode encapsulation. sync with kame
2001-04-15 01:55:49 +00:00
bf2dcec4f5
Remove the use of splimp() from the NetBSD kernel. splnet()
...
and only splnet() is allowed for the protection of data structures
used by network devices.
2001-04-13 23:29:55 +00:00
f4e4c674a7
disallow userland programs from specifying addresses with IPV6_PKTINFO
...
setsockopt, if:
- the address is not verified by DAD (= not ready)
- the address is an anycast address (= not permitted as source)
sync with kame
2001-04-11 04:57:53 +00:00
5ed8fd262b
suppress RS/RA log messages (can be re-enabled by net.inet6.icmp6.nd6_debug),
...
as they may fill up /var. sync with kame.
2001-04-04 06:28:41 +00:00
2abaa8eae5
make sure rcvif is sane on call to icmp6_reflect
2001-04-04 06:28:40 +00:00
92969654c0
enable FAKE_LOOPBACK_IF case by default.
...
now traffic on loopback interface will be presented to bpf as normal wire
format packet (without KAME scopeid in s6_addr16[1]).
fix KAME PR 250 (host mistakenly accepts packets to fe80::x%lo0).
sync with kame.
2001-03-30 11:08:56 +00:00
dbcd4b8d03
fix constness of IN6_{IS,ARE}_xx with RFC2553. sync with kame.
2001-03-30 05:53:52 +00:00
2fb1887b31
re-initialize mopt in ip6_insert_jumboopt(). sync with kame
...
From: csapuntz@stanford.edu
2001-03-25 09:58:43 +00:00
0c8d8ae7a0
couple of missing splx. sync with kame.
...
From: csapuntz@play-doh.stanford.edu (Constantine Sapuntzakis)
2001-03-25 09:06:03 +00:00
3e898c9239
in nd6_cache_lladdr(), set nd6_gctimer to ln_expire just after the state
...
transition to STALE. fixes tahi test breakage. sync with kame.
2001-03-21 21:56:29 +00:00
20fe4e2d96
Add a protosw flag, PR_ABRTACPTDIS (Abort on Accept of Disconnected
...
Socket), and add it to the protocols that use that behavior (all
PR_LISTEN protocols except for PF_LOCAL stream sockets).
2001-03-21 19:22:27 +00:00
4ce63adb1e
do not inject packets to ipfilter, if the packet went through IPsec tunnel.
...
http://www.netbsd.org/Documentation/network/ipsec/#ipf-interaction
2001-03-21 19:12:56 +00:00
93b8b31feb
set rmx_mtu to L2 interface mtu, instead of 0, on mtudisc timeout.
...
ip6_output() change is for safety. sync with kame
2001-03-21 07:52:13 +00:00
e4ecd03f2a
drop packets with link-local addresses,
...
if (internally-used) interface ID portion is already filled. sync with kame
2001-03-16 12:22:34 +00:00
27a0af5865
nd6_storelladdr() was not consistent about m_freem() policy.
...
do not touch RTF_STATIC entries (static ND entries) on ND cache update.
couple of costmetic sync. sync with kame
2001-03-08 10:49:32 +00:00
7695280d34
more missing splx. from kame
2001-03-08 10:48:40 +00:00
912f42ecda
remove bogus rtfree. sync with kame. inspired by openbsd PR 1706.
2001-03-08 00:19:03 +00:00
4e45315377
missing splx. from aaron@openbsd. sync with kame
2001-03-07 22:50:14 +00:00
c9e08725bc
avoid possible alignment issue. sync with kame
2001-03-04 16:49:17 +00:00
dc3424f555
pass key to rijndael logic as binary, not hexadecimal string.
...
sync with kame
2001-03-02 15:42:39 +00:00
f03176a0a8
have comment that refers to kame COVERAGE document. sync with kame
2001-03-02 04:55:40 +00:00
8c8c2f71a4
the date string in KAME version is getting very meaningless, remove.
2001-03-02 04:52:54 +00:00
2d6047cff9
make sure to enforce inbound ipsec policy checking, for any protocols on top
...
of ip (check it when final header is visited). sync with kame.
XXX kame team will need to re-check policy engine code
2001-03-01 16:31:37 +00:00
233e3963ed
make sure to validate packet against ipsec policy.
2001-02-26 07:20:44 +00:00
023e9f0649
C requires that labels be followed by statements.
2001-02-24 00:01:22 +00:00
f2a66201fc
garbage-collect stale ND entries (default: 1 day).
...
RFC 2461 5.3. sync with kame.
2001-02-23 08:02:41 +00:00
e1196a8f6e
remove unnecessary state, ND6_LLINFO_WAITDELETE, from neighbor cache
...
state machine.
no need for RTF_REJECT on neighbor cache entires, they are leftover from
ARP code.
sync with kame.
2001-02-23 06:41:50 +00:00
2df943e652
correct handling of upper limitation to # of reass queue.
2001-02-22 05:04:42 +00:00
49889b3afd
be more more picky about option length parsing. sync with kame
2001-02-22 01:40:25 +00:00
e1e316562b
make validation code more strict for ND6/dest6 variable length headers.
...
check duplicated nd6_ifinfo table initialization in a better way.
sync with kame
2001-02-21 17:23:09 +00:00
96413230d1
style, to make kame sync easier
2001-02-21 16:28:43 +00:00
52f2cece9f
tighten AH IPv4 option chasing more. drop too short (< 2) option.
...
sync with kame.
2001-02-21 01:27:58 +00:00
c9928e0ab1
need PR_ADDR|PR_ATOMIC for IPPROTO_EON. fix typo. from chopps, sync with kame
2001-02-21 00:11:53 +00:00
da8a3f0179
add AF_ISO case to output. from chopps.
2001-02-20 10:41:47 +00:00
176db3e930
ISO over IPv4/v6 by EON encapsulation. from chopps, sync with kame.
2001-02-20 08:49:15 +00:00
5bc3f3ff96
correct IPv4 option handling.
2001-02-19 04:24:27 +00:00
26a76076be
correct IPv4 option header chasing. the old code may overrun the buffer
...
if the option header is truncated. sync with kame
2001-02-19 03:47:01 +00:00
e6dbed9659
wording in comment.
...
is contradict -> "is contradictory", or "contradicts".
2001-02-16 15:13:40 +00:00
f99a50f858
protect router list management by splsoftnet properly. sync with kame
2001-02-11 07:12:01 +00:00
1bc6ca28a1
make sure to clean ln_byhint on reachability confirmation.
2001-02-11 07:00:03 +00:00
1442c06fae
wrap kernel-only #define (kame cross-bsd portability) into _KERNEL.
2001-02-11 06:50:59 +00:00
bc5a6e2482
pull latest kame pcbnotify code. synchronizes ICMPv6 path mtu discovery
...
behavior with other protocols (i.e. validation, use of hiwat/lowat).
2001-02-11 06:49:49 +00:00
2390806e17
whitespace sync with kame
2001-02-11 05:25:04 +00:00
5318e0ee0f
remove #ifdef __FreeBSD__.
2001-02-11 05:24:21 +00:00
37bb4bf58b
set frag6_doing_reass properly (for frag6_drain). sync with kame.
2001-02-11 05:05:27 +00:00
7781d63a92
recover $NetBSD$ (removed by mistake)
2001-02-11 04:53:49 +00:00
9a9c998cc7
add missing IFAFREE() in error recovery case.
2001-02-11 04:29:30 +00:00
e1f4f77960
to sync with kame better, (1) remove register declaration for variables,
...
(2) sync whitespaces, (3) update comments. (4) bring in some of portability
and logging enhancements. no functional changes here.
2001-02-10 04:14:26 +00:00
4cd9449e34
initialize "mbz" member. kame 1.35 -> 1.36
2001-02-10 03:06:39 +00:00
7f548573d5
cosmetic changes to sync with kame. tabify and minor local variable renames
2001-02-10 02:19:57 +00:00
20e2452579
fix if_set for architectures with sizeof(long) != 4. IF_xxx behaved badly.
...
(no fear of overrun, since index was mistakenly computed to too small value)
2001-02-10 02:10:14 +00:00
6b9104e0f7
sync with kame better. cosmetic/stat changes only.
2001-02-08 18:43:17 +00:00
ae819d9324
move udp6_output() to separate file. (sync better with kame)
2001-02-08 16:48:01 +00:00
109fcc5522
implement upper limit to icmp6 redirects (experimental, turned off)
...
negative value to {mtudisc,redirect}_{hi,lo}wat will turn off the limitation.
sync with kame.
2001-02-08 16:07:39 +00:00
179a7e0d7b
send up dst_unreach_admin error to local node, if transport-mode
...
ipsec key is not found. rather experimental. kame 1.83 -> 1.84
nuke IPSEC_SRCSEL which does not do the right thing.
adjust state->ro if the tunnel endpoint is offlink. KAME PR 233.
kame 1.84 -> 1.85
2001-02-08 15:04:26 +00:00
574214f10a
amove in6_{embed,recover}scope prototypes to in6_var.h (kernel only).
...
add in6_clearscope. sync with kame
2001-02-08 14:56:15 +00:00
a1d89972c7
when chasing nd6_llinfo chain, make sure we do not touch dangling
...
pointer (due to RTM_DELETE during default router list management).
from kame
2001-02-08 12:57:54 +00:00
c8e86cc06a
remove bogus DIAGNOSTIC. sync with kame
2001-02-07 10:56:38 +00:00
22b473e0f6
during ip6/icmp6 inbound packet processing, do not call log() nor printf() in
...
normal operation (/var can get filled up by flodding bogus packets).
sysctl net.inet6.icmp6.nd6_debug will turn on diagnostic messages.
(#define ND6_DEBUG will turn it on by default)
improve stats in ND6 code.
lots of synchronziation with kame (including comments and cometic ones).
2001-02-07 08:59:47 +00:00
172e802b90
bad semicolon after "if" conditional. sync with kame
2001-02-06 01:27:29 +00:00
09cb38f22b
expose the definitions of MIN() and MAX() in sys/param.h to the kernel
...
and use those in favor of a dozen copies scattered around the source tree.
2001-02-05 10:42:40 +00:00
d17dfd2fc0
avoid panic when a packet with nonexistent link-local address is issued.
...
kame 1.151 -> 1.152.
2001-02-02 15:54:56 +00:00
617b3fab7e
- record IPsec packet history into m_aux structure.
...
- let ipfilter look at wire-format packet only (not the decapsulated ones),
so that VPN setting can work with NAT/ipfilter settings.
sync with kame.
TODO: use header history for stricter inbound validation
2001-01-24 09:04:15 +00:00
8b3234d2f2
minimize diff with the latest kame tree.
2001-01-23 05:21:23 +00:00
a836499e32
make it possible to turn off ingress filter on gif/stf tunnel egress,
...
by using IFF_LINK2. (part of) PR 11163 from Ken Raeburn.
2001-01-22 07:51:01 +00:00
60240f3ab9
workaround to avoid EMSGSIZE when ND6 table for the outgoing interface
...
is not initialized (should result in "interface down").
2001-01-18 06:50:12 +00:00
43950f6d05
on interface removal (ifconfig destroy) do not remove default route by mistake
2001-01-18 06:49:11 +00:00
4dbe2a5a97
wrap noisy ND6 debugging messages with ND6_DEBUG. sync with kame
2001-01-17 11:26:52 +00:00
df9784d749
pull post-4.4BSD change to sys/net/route.c from BSD/OS 4.2 (UCB copyrighted).
...
have sys/net/route.c:rtrequest1(), which takes rt_addrinfo * as the argument.
pass rt_addrinfo all the way down to rtrequest, and ifa->ifa_rtrequest.
3rd arg of ifa->ifa_rtrequest is now rt_addrinfo * instead of sockaddr *
(almost noone is using it anyways).
benefit: the follwoing command now works. previously we need two route(8)
invocations, "add" then "change".
# route add -inet6 default ::1 -ifp gif0
remove unsafe typecast in rtrequest(), from rtentry * to sockaddr *. it was
introduced by 4.3BSD-reno and never corrected.
XXX is eon_rtrequest() change correct regarding to 3rd arg?
eon_rtrequest() and rtrequest() were incorrect since 4.3BSD-reno,
so i do not have correct answer in the source code.
someone with more clue about netiso-over-ip, please help.
2001-01-17 04:05:41 +00:00
039777e3c8
s/ND6DEBUG/ND6_DEBUG/ to meet other places
2001-01-16 06:16:37 +00:00
9f119cbf91
wrap icmp6 checksum error printf() into #ifdef ND6DEBUG.
...
sync with kame, NetBSD PR 11911.
2001-01-08 06:12:46 +00:00
6562709f3a
typo fix. PR 11889
2001-01-04 11:48:44 +00:00
ad5b855ef0
Back out the sledgehammer damage applied by wiz while I was out for
...
the holiday.
2000-12-28 21:40:59 +00:00
8b9fb822b0
do not touch ra_addr if it is NULL. from IIJ SEIL team
2000-12-28 21:23:00 +00:00
32e20d8993
Back out previous change. It causes NAT to fail, and was CLEARLY
...
NOT TESTED before it was committed.
2000-12-25 02:00:46 +00:00
d0357bdb4f
Slight adjustment to how pfil_head's are registered. Instead of a
...
"key" and a "dlt", use a "type" (PFIL_TYPE_{AF,IFNET} for now) and
a val/ptr appropriate for that type. This allows for more future
flexibility with the pfil_hook mechanism.
2000-12-22 20:01:17 +00:00
b05acc70f8
make sure we notify of routing changes, even if we have net route pointed
...
to by inpcb.
2000-12-21 00:46:20 +00:00
d9a9544a2f
Add ALTQ glue. XXX Temporary until ALTQ is changed to use a pfil hook.
2000-12-14 17:36:44 +00:00
1101f217b5
no need to rtalloc1() twice in pmtud. from kame
2000-12-11 19:28:47 +00:00
5eae50d991
update icmp6 too big validation. the change is necessary since pmtud is
...
mandatory for IPv6 (so we can't just validate by using connected pcb - we need
to allow traffic from unconnected pcb to do pmtud).
- if the traffic is validated by xx_ctlinput, allow up to "hiwat" pmtud
route entries.
- if the traffic was not validated by xx_ctlinput, allow up to "lowat" pmtud
route entries (there's upper limit, so bad guys cannot blow up our routing
table).
sync with kame
XXX need to think again about default hiwat/lowat value.
XXX victim selection to help starvation case
2000-12-09 01:29:45 +00:00
fe5bd7125e
make sure we don't touch uninitialized pointer. from: fvdl
2000-12-04 12:11:49 +00:00
65fd25ea82
Restructure the PFIL_HOOKS mechanism a bit:
...
- All packets are passed to PFIL_HOOKS as they come off the wire, i.e.
fields in protocol headers in network order, etc.
- Allow for multiple hooks to be registered, using a "key" and a "dlt".
The "dlt" is a BPF data link type, indicating what type of header is
present.
- INET and INET6 register with key == AF_INET or AF_INET6, and
dlt == DLT_RAW.
- PFIL_HOOKS now take an argument for the filter hook, and mbuf **,
an ifnet *, and a direction (PFIL_IN or PFIL_OUT), thus making them
less IP (really, IP Filter) centric.
Maintain compatibility with IP Filter by adding wrapper functions for
IP Filter.
2000-11-11 00:52:36 +00:00
a21e536042
improve spec conformance of node information query (07).
...
sync with kame.
2000-11-11 00:46:36 +00:00
970a75f808
fix KAME PR 296 again, for transport-mode SA only
...
(shortterm workaround - need revisit for ANY SA)
2000-11-10 01:10:36 +00:00
8c411160ec
backout KAME PR 296. "any" mode SA should be able to be used for tunnel mode.
2000-11-09 17:36:11 +00:00
e452bf6c6b
save a little bit of CPU time (avoid computing CBC IV we do not use).
...
sync with kame.
2000-11-08 04:57:57 +00:00
47bce75f00
check IPsec SA type (tunnel/transport/any) when we try to decapsulate IPsec
...
tunnel mode packet. decapsulate only if we got a tunnel mode SA.
KAME PR 296.
2000-11-06 00:58:34 +00:00
ef8a34f5c3
fix IPv4 TTL selection with AF_INET6 API. sync with kame. From: jdc
2000-11-06 00:50:12 +00:00
e83458422f
First Prototype implementation of network interface part for IEEE1394 (if_fw).
...
Current status:
Only OHCI chip is supported (fwohci).
ping (IPv4) works with Sony's implementation (SmartConnect) on Win98.
sometimes works but not stable.
Not implemented yet:
IRM (Isochronous Resource Manager) functionality.
Link layer fragmentation.
Topology map.
More to do:
clean ups
MCAP
charactor device part
dhcp
There is no entry in GENERIC config file yet.
Follow sys/dev/ieee1394/IMPLEMENTATION to enable if_fw.
2000-11-05 17:17:12 +00:00
731744bcc2
avoid possible align issue
2000-11-02 12:28:45 +00:00
9b55c15642
[13]des fix for big endian machines. from: shigeru@iij.ad.jp
2000-11-02 12:25:01 +00:00
73b4766cf2
do not panic on "ifconfig inet6 fe80::1 -alias". from Todd Fries.
...
KAME PR 295.
2000-10-28 03:46:21 +00:00
cb1745c4f9
make IFA_STATS really work on IPv6.
2000-10-23 03:45:25 +00:00
9183e2dc4e
remove #ifdef TCP6. it is not likely for us to bring in sys/netinet6/tcp6*.c
...
(separate TCP/IPv6 stack) into netbsd-current.
2000-10-19 20:22:59 +00:00
d11a1f9bae
kame 1.32 -> 1.33
...
in add_m6fc(), set interface list for all cases.
in response to a report from Hoerdt Mickael.
kame 1.31 -> 1.32
discard PIM register if the version of the inner packet is incorrect (i.e. IPv6)
(according to clarfication of recent discussion in the IETF pim ML)
2000-10-19 03:15:48 +00:00
edd876a35d
validate ICMPv6 too big message.
...
XXX too restrictive given frequent uses of sendto(2)
2000-10-19 01:14:13 +00:00
9288750911
memcpy -> bcopy, for sync with kame tree
2000-10-19 00:40:44 +00:00
23a03329ef
verify ICMPv6 too big messages based on TCP pcbs, and/or IPsec SA.
...
TODO: udp6, and sendto consideration. as pmtud is mandatory for IPv6,
it is rather important for us to support those cases.
TODO: more testing
TODO: kame sync
2000-10-18 21:14:12 +00:00
ea9b5a9106
Restructure the Path MTU Discovery code somewhat to avoid
...
entering rtentry's for hosts we're not actually communicating
with.
Do this by invoking the ctlinput for the protocol, which is
responsible for validating the ICMP message:
* TCP -- Lookup the connection based on the address/port
pairs in the ICMP message.
* AH/ESP -- Lookup the SA based on the SPI in the ICMP message.
If validation succeeds, ctlinput is responsible for calling
icmp_mtudisc(). icmp_mtudisc() then invokes callbacks registered
by protocols (such as TCP) which want to take some sort of special
action when a path's MTU changes. For TCP, this is where we now
refresh cached routes and re-enter slow-start.
As a side-effect, this fixes the problem where TCP would not be
notified when a path's MTU changed if AH/ESP were being used.
XXX Note, this is only a fix for the IPv4 case. For the IPv6
XXX case, we need to wait for the KAME folks.
Reviewed by sommerfeld@netbsd.org and itojun@netbsd.org .
2000-10-18 17:09:14 +00:00
3fe32f0197
use __P() in prototype for non-ansi compilers.
...
From: Michael Shalayeff <mickey@lucifier.remote.dti.net>
(we don't ansify it for kame code sharing)
2000-10-17 21:46:42 +00:00
itojun