Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
68,251 Commits 606 Branches 0 Tags 3.1 GiB
5e8b5a35e4
Commit Graph

224 Commits

Author SHA1 Message Date
itojun
5e8b5a35e4 make ipsec_strerror(3) to return const char *, not char *. sync with kame. 2000-07-30 02:38:35 +00:00
itojun
63de4c2cb9 nuke the following sysctl variables. "ppsratelimit" should work better. 
need to recompile sbin/sysctl after updating /usr/include.
	net.inet.tcp.rstratelimit
	net.inet.icmp.errratelimit
	net.inet6.icmp6.errratelimit
 2000-07-28 04:06:52 +00:00
itojun
73a29e35ff do not forward packet with :: in the source. 
this is not in the spec - we had rough consensus on it in ipngwg,
spec will get updated to include this behavior.
 2000-07-27 15:53:51 +00:00
itojun
fec624be3f wrap kernel function prototype by #ifdef _KERNEL. 2000-07-23 08:24:12 +00:00
itojun
411ff12b27 pre-compute and cache intermediate crypto key. suggestion from sommerfeld, 
sync with kame.

loopback, blowfish-cbc transport mode, 128bit key
before: 86588496 bytes received in 00:42 (1.94 MB/s)
after: 86588496 bytes received in 00:31 (2.58 MB/s)
 2000-07-23 05:23:04 +00:00
itojun
65d37eff7f correct RFC2367 PF_KEY conformance (SADB_[AE]ALG_xx values and namespaces). 
sync from kame.

WARNING: need recompilation of setkey(8) and pkgsrc/security/racoon.
(no ipsec-ready netbsd was released as official release)
 2000-07-18 14:56:42 +00:00
itojun
5f09b77987 s/IPSEC_IPV6FWD/IPSEC/. this should correct strange behavior on ipv6 
forwarding (even if policy asks for tunnel mode encryption, packets
go out in clear).  sync with kame.
 2000-07-16 07:57:55 +00:00
itojun
a2744a4cf8 do not pull sys/queue.h from netinet6/in6.h. PR10597. 
some sync with kame.
 2000-07-16 01:10:34 +00:00
itojun
20964b0c23 fatal bug fix from kame (rtentry refcnt goes negative if we play with IPv6 
address/routing table too much).

in6_ifloop_request()
  not to request rtrequest to return an rtentry except for the ADD
  operation, in order to avoid misdecreasing the refcnt (which might
  cause leak of rtentry)
 2000-07-13 09:56:20 +00:00
itojun
f5211e847a remove m_pulldown statistics code. it is highly experimental and belong 
to kame tree only (not for *bsd).
 2000-07-13 05:34:21 +00:00
itojun
d8a9a3cc7b add ppsratelimit(9), which does event-per-sec rate limitation. 
use it from icmp6 error rate limitation code.
XXX better name for the function?
 2000-07-09 06:44:57 +00:00
itojun
ec67eee51f sync with kame. 
introduce in6_{recover,embed}scope, for in-kernel scoped-address manipulation.
improve in6_pcbnotify.
 2000-07-07 15:54:16 +00:00
christos
2068dee670 elide lint cast type conversion warnings. 2000-07-06 17:42:55 +00:00
itojun
210a3e2f80 remove unnecessary #include <netkey/key_debug.h>. from kame. 2000-07-06 12:51:39 +00:00
itojun
0a1e211454 - do not use bitfield for router renumbering header. 
- add protection mechanism against ND cache corruption due to bad NUD hints.
- more stats
- icmp6 pps limitation.  TOOD: should implement ppsratecheck(9).
 2000-07-06 12:36:18 +00:00
itojun
6fff122160 drop packet to tentative/duplicated interface address earlier. sync w/kame 2000-07-02 09:56:39 +00:00
itojun
8ff902fca1 repair kernel faithd(8) support. there were two mistakes: 
(1) tcp6_input dropped packets for translation
(2) in6_pcblookup_connect was too strict
 2000-07-02 08:04:10 +00:00
itojun
3ade27131a suppress too noisy warning on forward-over-loopback case. from kame 2000-06-30 19:46:05 +00:00
mrg
cf594a3f4d <vm/vm.h> -> <uvm/uvm_extern.h> 2000-06-28 03:01:16 +00:00
kleink
d2787dad27 XNS5.2: define sa_family_t and use it where specified by the standard. 2000-06-26 15:48:19 +00:00
itojun
278184a8ab avoid possible mbuf leaks on ipsec policy violation.(sync with kame) 2000-06-20 02:24:42 +00:00
itojun
90ca25568b remove obsolete sysctl MIB net.inet.ipsec.inbound_call_ike. 
(sync with kame)
 2000-06-15 05:01:06 +00:00
thorpej
1b8ede9f7c Import IPsec ESP from netbsd-cryptosrc-intl. 2000-06-14 19:39:42 +00:00
itojun
dafb757588 add algorithm name into algorithm table. (commit to crypto-intl will follow) 2000-06-14 11:27:35 +00:00
itojun
af9d516560 signedness issue with char, take 2. confirmed with i386 cc -funsigned-char. 2000-06-13 17:31:37 +00:00
itojun
c6a8ca266b workaround to suppress warning on char == unsigned char arch. 2000-06-13 16:34:37 +00:00
itojun
0455eac327 do not use cached route if the route becomes !RTF_UP. 
make the validation for jumbo payload option more strict.
 2000-06-13 14:43:44 +00:00
itojun
36887242d7 add sanity check on in6_ifaddr. 2000-06-13 04:35:29 +00:00
itojun
fa24d1db9b make sure to link new in6_ifaddr to if_addrlist. 2000-06-13 02:54:11 +00:00
itojun
07098cd363 better conformance to draft-ietf-ipngwg-icmp-name-lookups-05. 
the old code was chimera of 03 and 05 draft.

-n by default, since IPv6 reverse lookup takes too much time.
use -H to enable reverse name lookup.
 2000-06-12 16:21:02 +00:00
itojun
8f26bbadf9 sync with latest kame tree (tiny update in IPv4 mapped issue) 2000-06-12 10:47:17 +00:00
itojun
92e64a4a0d sync with almost-latest KAME IPsec. full changelog would be too big 
to mention here.  notable changes are like below.

kernel:
- make PF_KEY kernel interface more robust against broken input stream.
  it includes complete internal structure change in sys/netkey/key.c.
- remove non-RFC compliant change in PF_KEY API, in particular,
  in struct sadb_msg.  we cannot just change these standard structs.
  sadb_x_sa2 is introduced instead.
- remove prototypes for pfkey_xx functions from /usr/include/net/pfkeyv2.h.
  these functions are not supplied in /usr/lib.

setkey(8):
- get/delete does not require "-m mode" (ignored with warning, if you
  specify it)
- spddelete takes direction specification
 2000-06-12 10:40:37 +00:00
itojun
90fb69b2b2 sync with latest kame document. 
- update 6to4 i-d #.
- update descr on source address selection.
 2000-06-10 08:21:11 +00:00
danw
f7d6ee345c Use _POSIX_SOURCE-safe type names 2000-06-08 19:01:44 +00:00
itojun
ffedfcb68d make sure not to overwrite sockaddr on PRU_SEND/PRU_CONNECT to 
link-local address.  From: frank
 2000-06-08 13:51:33 +00:00
itojun
8fe589a2ae fix anycast address determination. 
correct interface address addition when link-local is added (check if ifp
matches).
make diff to kame repository easier (breaks some KNF)

sync with kame.
 2000-06-07 06:27:43 +00:00
itojun
8183434ff7 s/PIMCTL/PIM6CTL/ to avoid future confusion. 2000-06-07 04:40:46 +00:00
itojun
af6b403d46 backout change to in6_pcbnotify(). the change seems premature 
(may cause trouble with advanced API in certain situation).
 2000-06-05 08:09:48 +00:00
itojun
8987054176 pass struct proc * down to udp6_output and in6_pcbbind. 2000-06-05 06:38:22 +00:00
itojun
93b2b4e693 remove include files in nonstandard path 
(has been #error for couple of months).
 2000-06-04 11:52:06 +00:00
itojun
d7e34999be sync with recent kame. 
avoid use of macros to manipulate sockaddrs (hides error case too much).
correct IPv4 packet handling when ip option is present.
preparations for ipsec policy engine upgrades.
 2000-06-03 16:14:02 +00:00
itojun
9d853e8a4f sync with kame. 
- use latest source address selection code - in6_src.c.
- correct frag header insertion.
- deep copy ip6 header portion in ip6_mloopback to avoid overwrite.
- do not bark when we forward packet to loopback.
- some cosmetics.
 2000-06-03 14:36:32 +00:00
itojun
e0b65589f1 sync with more recent kame. cope with malloc failure more gracefully 
some cosmetics.
 2000-06-02 18:20:15 +00:00
itojun
4308599c5a disallow bind(2) with IPv4 mapped address for now. port number check is 
insufficient at this moment and we can bind(2) two sockets listen on same
port number.

for real fix, we need to check inpcb table with in6pcb.  we can't
find inpcb chain from particular in6pcb chain (like finding tcbtable from tcb6)
luckily RFC2553 does not talk about bind(2) behavior for IPv4 mapped.
IPv4 mapped brings in too much complexities...
 2000-05-29 00:03:18 +00:00
itojun
c0ccb49681 sync with reality in netbsd-current. 
- pcb layer changes
- officially supported net interfaces
- minor typo
- draft # updates
 2000-05-28 23:44:30 +00:00
itojun
418a734f51 enforce parameter type check for IN6_ARE_ADDR_EQUAL(). (sync with kame) 2000-05-24 14:40:09 +00:00
itojun
fa2abf5727 make net.inet6.udp6.* sysctl name meet with IPv4 counterpart. 
XXX do we need to keep symbols mistakingly added (like UDP6CTL_SENDMAX)
for backward compatibility?  I believe not.
 2000-05-22 15:22:36 +00:00
itojun
5de72de121 disallow negative numbers for ratelimit interval (tcp, icmp, icmp6). 2000-05-22 12:08:43 +00:00
itojun
48c5048502 correct manipulation of link-local scoped address on loopback. 
now "telnet fe80::1%lo0" should work again.
(we have another bug near here - will attack it soon)
 2000-05-19 20:09:26 +00:00
itojun
41f4d3e2b6 correct MLD API. (binary backward compatibility is kept) 
commit to usr.sbin/pim6* will follow.
 2000-05-19 10:39:43 +00:00