Commit Graph

595 Commits

Author SHA1 Message Date
perry
4f27ab21b8 /*CONTCOND*/ while (0)'ed macros 2002-11-02 07:30:55 +00:00
itojun
ad337ee31a plug a memory leak. from sam leffler. sync w/kame 2002-10-31 17:36:16 +00:00
itojun
02a04fd9fc increase correct stat. KAME pr 445 2002-10-28 16:42:44 +00:00
itojun
5fc1c3b058 do not differentiate manually configured address from autoconfigured ones
wrt prefix management;
- always earn a reference to the prefix when an address is configured
 (by ioctl).
- always delete the prefix when an address that has the last referene
  is manually removed.

The change should solve the problem raised in KAME-snap 6989.

sync w/kame
2002-10-17 00:07:44 +00:00
thorpej
d9ae0a6eb1 IPSEC_ESP depends on the "des", "blowfish", "cast128", and "rijndael"
attributes.
2002-10-12 15:41:24 +00:00
thorpej
5b2b587c85 Move netinet, netinet6, ipsec, and ipfilter config defns to
netinet/files.ipfilter, etinet/files.netinet, netinet6/files.netinet6,
and netinet6/files.netipsec.

XXX There are still a few stragglers in conf/files, which are entangled
with other network protocols.
2002-10-10 22:45:45 +00:00
itojun
b15fea2610 suppress too noisy log by default (can be re-enabled by sysctl). sync w/kame 2002-10-09 20:22:16 +00:00
provos
0f09ed48a5 remove trailing \n in panic(). approved perry. 2002-09-27 15:35:29 +00:00
itojun
ce1bd42a2c length field on PADN option, before jumbo payload option was wrong.
sync w/kame
2002-09-23 13:28:55 +00:00
itojun
0a734b348e better fix to PR 18163 ("deprecated" flag manipulation). sync w/kame 2002-09-23 13:16:52 +00:00
simonb
4e3613273b Remove breaks after returns, unreachable returns and returns after
returns(!).
2002-09-23 05:51:10 +00:00
simonb
03d61a28e4 Remove an extern declaration for the "pim6stat" variable; the only other
occurance of this is a static variable in ip6_mroute.c.
2002-09-23 04:56:58 +00:00
itojun
d694b45f9d remove extra blank line 2002-09-15 01:18:59 +00:00
itojun
255121cf44 avoid from applying IPsec transport mode to the packets when the kernel
forwards the packets.
sync w/kame
2002-09-11 08:15:37 +00:00
itojun
8808abb7b8 correct pointer signedness mixups. sync w/kame 2002-09-11 03:45:44 +00:00
itojun
75e1911429 reduce diff w/kame 2002-09-11 03:23:24 +00:00
itojun
9401012487 KNF - return is not a function. sync w/kame. 2002-09-11 02:46:42 +00:00
itojun
6dedde045a correct signedness mixup in pointer passing. sync w/kame 2002-09-11 02:41:19 +00:00
itojun
37bd81ba1e allow "deprecated" bit to be manually set. PR 18163 2002-09-04 07:22:28 +00:00
itojun
c7b00b4ce4 pass proc * to in6_pcbsetport. PR 18073 2002-08-26 14:25:00 +00:00
itojun
967cf54a67 check packet length before fetching ESP crypto checksum. sync w/kame 2002-08-21 23:12:01 +00:00
itojun
e5df0242ce sync up use_deprecated handling with latest kame.
- bind(deprecated) is allowed, trusting userland app is doing the right thing
- use_deprecated default to 1
2002-08-20 22:06:04 +00:00
itojun
ddbeae9874 check error from copyout 2002-08-19 23:23:22 +00:00
itojun
bec19ac64c typo in comment 2002-08-19 23:21:11 +00:00
itojun
041c651838 fix copyout() logic. more proper fix to be done on kame tree. 2002-08-19 23:14:39 +00:00
itojun
8b2ed6900d copyout only if oldp is non-null 2002-08-19 07:23:22 +00:00
itojun
cc0fa7bc37 need explicit copyout(), apparently 2002-08-19 06:50:22 +00:00
itojun
e89be6a279 set default value for use_deprecated to 0, to avoid consequences with ftpd. 2002-08-17 22:15:58 +00:00
itojun
c00fa8dfd9 avoid swapping endian of ip_len and ip_off on mbuf, to meet with M_LEADINGSPACE
optimization made last year.  should solve PR 17867 and 10195.

IP_HDRINCL behavior of raw ip socket is kept unchanged.  we may want to
provide IP_HDRINCL variant that does not swap endian.
2002-08-14 00:23:27 +00:00
itojun
ed12d77e43 avoid hardcoded "16" for max AH sum size. use AH_MAXSUMSIZE. 2002-08-09 07:01:21 +00:00
itojun
68e52f0ace use correct padding boundary, to correctly estimate ESP header size.
problem found by Arto Selonen <arto@selonen.org>
2002-08-09 06:38:12 +00:00
itojun
bb92058a0f cut and paste error in comment. From: Arto Selonen <arto@selonen.org> 2002-08-09 06:29:01 +00:00
itojun
af8ad017f7 typo. From: Arto Selonen <arto@selonen.org>, sync w/kame 2002-08-01 05:17:47 +00:00
itojun
a919a4c628 no need to check NULL mbuf, as we touch it already.
From: tedu <grendel@zeitbombe.org>
2002-07-30 23:27:15 +00:00
itojun
d337ab206e no need to handle NULL argument in defrouter_delreq.
From: tedu <grendel@zeitbombe.org>
2002-07-30 23:24:21 +00:00
itojun
d08a33e8b1 correct multicast packet MTU check. sync w/kame 2002-07-25 12:41:51 +00:00
itojun
8b02a8b924 remove unneeded extern decl (commented out). sync w/kame 2002-07-20 21:11:55 +00:00
wiz
e00173a7f2 Spell 'should' correctly. 2002-07-18 11:59:06 +00:00
itojun
d67bce4593 no need to bzero() twice. from he@netbsd 2002-07-13 21:04:55 +00:00
itojun
51bd9285d5 correct ping6 -w result wth hostname with [A-Z]. PR 17540. sync w/kame 2002-07-10 05:05:01 +00:00
thorpej
10c252ba47 Changes to allow the IPv4 and IPv6 layers to align headers themseves,
as necessary:
* Implement a new mbuf utility routine, m_copyup(), is is like
  m_pullup(), except that it always prepends and copies, rather
  than only doing so if the desired length is larger than m->m_len.
  m_copyup() also allows an offset into the destination mbuf, which
  allows space for packet headers, in the forwarding case.
* Add *_HDR_ALIGNED_P() macros for IP, IPv6, ICMP, and IGMP.  These
  macros expand to 1 if __NO_STRICT_ALIGNMENT is defined, so that
  architectures which do not have strict alignment constraints don't
  pay for the test or visit the new align-if-needed path.
* Use the new macros to check if a header needs to be aligned, or to
  assert that it already is, as appropriate.

Note: This code is still somewhat experimental.  However, the new
code path won't be visited if individual device drivers continue
to guarantee that packets are delivered to layer 3 already properly
aligned (which are rules that are already in use).
2002-06-30 22:40:32 +00:00
itojun
3973cdf049 typo in name 2002-06-29 12:33:33 +00:00
itojun
d7006267f3 reduce kernel stack usage by separating struct secasindex. sync w/kame
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
2002-06-27 12:12:49 +00:00
itojun
61f28217c4 move sanity check upwards. sync w/kame
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
2002-06-22 12:27:09 +00:00
itojun
cfb9a4a799 avoid listening socket from mistakenly use incorrect cached policy.
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>  sync w/kame
2002-06-22 12:04:07 +00:00
itojun
69d65da8c6 sizeof mistake in DIAGNOSTIC path. sync w/kame
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
2002-06-21 23:15:35 +00:00
itojun
3033187db0 previous commit cached pcb policy too much (when pcb points to
SPD entry that is not ipsec - like "none").  back it out.  sync w/kame
2002-06-16 16:28:36 +00:00
itojun
c1808f02bf cache pcb policy as much as possible. in fact, if policy is not
IPSEC_POLICY_IPSEC we don't need to compare spidx.  sync w/kame
2002-06-14 14:47:24 +00:00
itojun
813344bfbe remove redundant line 2002-06-14 14:17:55 +00:00
itojun
a8dde3fa57 free secpolicy on deepcopy failure 2002-06-13 05:10:13 +00:00