itojun
dc3424f555
pass key to rijndael logic as binary, not hexadecimal string.
...
sync with kame
2001-03-02 15:42:39 +00:00
itojun
f03176a0a8
have comment that refers to kame COVERAGE document. sync with kame
2001-03-02 04:55:40 +00:00
itojun
8c8c2f71a4
the date string in KAME version is getting very meaningless, remove.
2001-03-02 04:52:54 +00:00
itojun
2d6047cff9
make sure to enforce inbound ipsec policy checking, for any protocols on top
...
of ip (check it when final header is visited). sync with kame.
XXX kame team will need to re-check policy engine code
2001-03-01 16:31:37 +00:00
itojun
233e3963ed
make sure to validate packet against ipsec policy.
2001-02-26 07:20:44 +00:00
cgd
023e9f0649
C requires that labels be followed by statements.
2001-02-24 00:01:22 +00:00
itojun
f2a66201fc
garbage-collect stale ND entries (default: 1 day).
...
RFC 2461 5.3. sync with kame.
2001-02-23 08:02:41 +00:00
itojun
e1196a8f6e
remove unnecessary state, ND6_LLINFO_WAITDELETE, from neighbor cache
...
state machine.
no need for RTF_REJECT on neighbor cache entires, they are leftover from
ARP code.
sync with kame.
2001-02-23 06:41:50 +00:00
itojun
2df943e652
correct handling of upper limitation to # of reass queue.
2001-02-22 05:04:42 +00:00
itojun
49889b3afd
be more more picky about option length parsing. sync with kame
2001-02-22 01:40:25 +00:00
itojun
e1e316562b
make validation code more strict for ND6/dest6 variable length headers.
...
check duplicated nd6_ifinfo table initialization in a better way.
sync with kame
2001-02-21 17:23:09 +00:00
itojun
96413230d1
style, to make kame sync easier
2001-02-21 16:28:43 +00:00
itojun
52f2cece9f
tighten AH IPv4 option chasing more. drop too short (< 2) option.
...
sync with kame.
2001-02-21 01:27:58 +00:00
itojun
c9928e0ab1
need PR_ADDR|PR_ATOMIC for IPPROTO_EON. fix typo. from chopps, sync with kame
2001-02-21 00:11:53 +00:00
itojun
da8a3f0179
add AF_ISO case to output. from chopps.
2001-02-20 10:41:47 +00:00
itojun
176db3e930
ISO over IPv4/v6 by EON encapsulation. from chopps, sync with kame.
2001-02-20 08:49:15 +00:00
itojun
5bc3f3ff96
correct IPv4 option handling.
2001-02-19 04:24:27 +00:00
itojun
26a76076be
correct IPv4 option header chasing. the old code may overrun the buffer
...
if the option header is truncated. sync with kame
2001-02-19 03:47:01 +00:00
itojun
e6dbed9659
wording in comment.
...
is contradict -> "is contradictory", or "contradicts".
2001-02-16 15:13:40 +00:00
itojun
f99a50f858
protect router list management by splsoftnet properly. sync with kame
2001-02-11 07:12:01 +00:00
itojun
1bc6ca28a1
make sure to clean ln_byhint on reachability confirmation.
2001-02-11 07:00:03 +00:00
itojun
1442c06fae
wrap kernel-only #define (kame cross-bsd portability) into _KERNEL.
2001-02-11 06:50:59 +00:00
itojun
bc5a6e2482
pull latest kame pcbnotify code. synchronizes ICMPv6 path mtu discovery
...
behavior with other protocols (i.e. validation, use of hiwat/lowat).
2001-02-11 06:49:49 +00:00
itojun
2390806e17
whitespace sync with kame
2001-02-11 05:25:04 +00:00
itojun
5318e0ee0f
remove #ifdef __FreeBSD__.
2001-02-11 05:24:21 +00:00
itojun
37bb4bf58b
set frag6_doing_reass properly (for frag6_drain). sync with kame.
2001-02-11 05:05:27 +00:00
itojun
7781d63a92
recover $NetBSD$ (removed by mistake)
2001-02-11 04:53:49 +00:00
itojun
9a9c998cc7
add missing IFAFREE() in error recovery case.
2001-02-11 04:29:30 +00:00
itojun
e1f4f77960
to sync with kame better, (1) remove register declaration for variables,
...
(2) sync whitespaces, (3) update comments. (4) bring in some of portability
and logging enhancements. no functional changes here.
2001-02-10 04:14:26 +00:00
itojun
4cd9449e34
initialize "mbz" member. kame 1.35 -> 1.36
2001-02-10 03:06:39 +00:00
itojun
7f548573d5
cosmetic changes to sync with kame. tabify and minor local variable renames
2001-02-10 02:19:57 +00:00
itojun
20e2452579
fix if_set for architectures with sizeof(long) != 4. IF_xxx behaved badly.
...
(no fear of overrun, since index was mistakenly computed to too small value)
2001-02-10 02:10:14 +00:00
itojun
6b9104e0f7
sync with kame better. cosmetic/stat changes only.
2001-02-08 18:43:17 +00:00
itojun
ae819d9324
move udp6_output() to separate file. (sync better with kame)
2001-02-08 16:48:01 +00:00
itojun
109fcc5522
implement upper limit to icmp6 redirects (experimental, turned off)
...
negative value to {mtudisc,redirect}_{hi,lo}wat will turn off the limitation.
sync with kame.
2001-02-08 16:07:39 +00:00
itojun
179a7e0d7b
send up dst_unreach_admin error to local node, if transport-mode
...
ipsec key is not found. rather experimental. kame 1.83 -> 1.84
nuke IPSEC_SRCSEL which does not do the right thing.
adjust state->ro if the tunnel endpoint is offlink. KAME PR 233.
kame 1.84 -> 1.85
2001-02-08 15:04:26 +00:00
itojun
574214f10a
amove in6_{embed,recover}scope prototypes to in6_var.h (kernel only).
...
add in6_clearscope. sync with kame
2001-02-08 14:56:15 +00:00
itojun
a1d89972c7
when chasing nd6_llinfo chain, make sure we do not touch dangling
...
pointer (due to RTM_DELETE during default router list management).
from kame
2001-02-08 12:57:54 +00:00
itojun
c8e86cc06a
remove bogus DIAGNOSTIC. sync with kame
2001-02-07 10:56:38 +00:00
itojun
22b473e0f6
during ip6/icmp6 inbound packet processing, do not call log() nor printf() in
...
normal operation (/var can get filled up by flodding bogus packets).
sysctl net.inet6.icmp6.nd6_debug will turn on diagnostic messages.
(#define ND6_DEBUG will turn it on by default)
improve stats in ND6 code.
lots of synchronziation with kame (including comments and cometic ones).
2001-02-07 08:59:47 +00:00
itojun
172e802b90
bad semicolon after "if" conditional. sync with kame
2001-02-06 01:27:29 +00:00
chs
09cb38f22b
expose the definitions of MIN() and MAX() in sys/param.h to the kernel
...
and use those in favor of a dozen copies scattered around the source tree.
2001-02-05 10:42:40 +00:00
itojun
d17dfd2fc0
avoid panic when a packet with nonexistent link-local address is issued.
...
kame 1.151 -> 1.152.
2001-02-02 15:54:56 +00:00
itojun
617b3fab7e
- record IPsec packet history into m_aux structure.
...
- let ipfilter look at wire-format packet only (not the decapsulated ones),
so that VPN setting can work with NAT/ipfilter settings.
sync with kame.
TODO: use header history for stricter inbound validation
2001-01-24 09:04:15 +00:00
itojun
8b3234d2f2
minimize diff with the latest kame tree.
2001-01-23 05:21:23 +00:00
itojun
a836499e32
make it possible to turn off ingress filter on gif/stf tunnel egress,
...
by using IFF_LINK2. (part of) PR 11163 from Ken Raeburn.
2001-01-22 07:51:01 +00:00
itojun
60240f3ab9
workaround to avoid EMSGSIZE when ND6 table for the outgoing interface
...
is not initialized (should result in "interface down").
2001-01-18 06:50:12 +00:00
itojun
43950f6d05
on interface removal (ifconfig destroy) do not remove default route by mistake
2001-01-18 06:49:11 +00:00
itojun
4dbe2a5a97
wrap noisy ND6 debugging messages with ND6_DEBUG. sync with kame
2001-01-17 11:26:52 +00:00
itojun
df9784d749
pull post-4.4BSD change to sys/net/route.c from BSD/OS 4.2 (UCB copyrighted).
...
have sys/net/route.c:rtrequest1(), which takes rt_addrinfo * as the argument.
pass rt_addrinfo all the way down to rtrequest, and ifa->ifa_rtrequest.
3rd arg of ifa->ifa_rtrequest is now rt_addrinfo * instead of sockaddr *
(almost noone is using it anyways).
benefit: the follwoing command now works. previously we need two route(8)
invocations, "add" then "change".
# route add -inet6 default ::1 -ifp gif0
remove unsafe typecast in rtrequest(), from rtentry * to sockaddr *. it was
introduced by 4.3BSD-reno and never corrected.
XXX is eon_rtrequest() change correct regarding to 3rd arg?
eon_rtrequest() and rtrequest() were incorrect since 4.3BSD-reno,
so i do not have correct answer in the source code.
someone with more clue about netiso-over-ip, please help.
2001-01-17 04:05:41 +00:00