Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
112,362 Commits 606 Branches 0 Tags 3.1 GiB
6f4441e278
Commit Graph

617 Commits

Author SHA1 Message Date
itojun
a11e34efc5 whitespace 2002-06-07 07:38:51 +00:00
itojun
e2ce1896bd whitespace 2002-06-07 07:35:39 +00:00
itojun
9b39e24802 minor KNF to sync w/kame 2002-06-07 04:30:40 +00:00
itojun
06ed16c31d typo 2002-06-07 04:18:11 +00:00
itojun
922b4012cc 'fall through' is not a valid LINT keyword. 2002-06-07 04:07:55 +00:00
itojun
83aff37a0f remove support for deprecated ioctls (EINVAL). sync w/kame 2002-06-07 04:03:53 +00:00
itojun
88a8e0dd9e cope with ndi->maxmtu == 0 case. sync w/kame 2002-06-07 03:05:18 +00:00
itojun
fb6078474d cope with cases when maxmtu == 0 (this shoulnd't happen!) 2002-06-07 02:31:04 +00:00
itojun
1eb402e813 be sure to use L3 MTU, not L2 MTU, when specified in spec (affects FDDI/ARCnet) 2002-06-05 01:10:54 +00:00
itojun
ad4cab117d whitespace at EOL 2002-06-03 02:09:37 +00:00
itojun
ed45b704ac do not hardcode if_mtu values in here, except for IFT_{ARC,FDDI} - 
they need special handling.  makes it possible to take advantage of 9k ether
frames.
 2002-06-03 00:51:47 +00:00
itojun
5625d3b849 do not mistakenly lock PMTUD route entry with RTV_MTU. 2002-05-31 04:26:19 +00:00
itojun
3449ca6d23 do not try to update rmx_mtu if rmx_mtu == 0 (obey ifmtu) 2002-05-31 03:18:54 +00:00
itojun
87fc46bce9 improve nd6_setmtu(), to warn too-small MTU on SIOCSIFMTU. sync w/kame 2002-05-30 05:06:28 +00:00
itojun
a3e4fbdf14 use M_READONLY where possible. minor cleanup/sync with kame. 2002-05-30 04:39:15 +00:00
christos
c7f67f1479 make this compile again. 2002-05-29 19:50:48 +00:00
itojun
cfc6c918de missing bzero 2002-05-29 13:56:14 +00:00
itojun
050c5b5b7c receivedra field is gone 2002-05-29 13:52:56 +00:00
itojun
913276174b "receivedra" field name is obsolete. 2002-05-29 09:32:01 +00:00
itojun
14dafa8f6a avoid unneeded malloc/free. sync w/kame 2002-05-29 09:05:18 +00:00
itojun
5c1df51d53 attach nd_ifinfo structure into if_afdata. 
split IPv6 link MTU (advertised by RA) from real link MTU.
sync with kame
 2002-05-29 07:53:39 +00:00
itojun
9ea1dc0d36 correct rmx_mtu value after PMTUD entry timeout (should be set to 0) 2002-05-29 06:55:48 +00:00
itojun
ede265fffd move per-interface ip6/icmp6 stat to ifnet->if_afdata. sync w/kame 2002-05-29 02:58:28 +00:00
itojun
a15e664f71 rm obsolete comment 2002-05-29 01:43:25 +00:00
itojun
3be26b82ef use arc4random 2002-05-28 11:19:17 +00:00
itojun
4121fa09fc correct in*_pcbrtentry. check cached value correctly. 2002-05-28 11:10:52 +00:00
itojun
d208a22daa use arc4random() where possible. 
XXX is it necessary to do microtime() on tcp syn cache?
 2002-05-28 10:11:49 +00:00
itojun
7410ea60ca in in*_pcbrtentry(), check if route is still valid (RTF_UP), 
and address family is still valid.
 2002-05-28 10:07:51 +00:00
itojun
10c5914022 limit number of IPv6 fragments (not the fragment queue size) to 
fight against lots-of-frags DoS attacks.  sync w/kame
 2002-05-28 03:04:05 +00:00
itojun
9a1a825873 we have no IFT_DUMMY. kame merge mistake 2002-05-25 22:18:49 +00:00
itojun
e3c4951b26 re-enable ipsec policy caching onto pcb. refcnt fix and workarounds based on ymmt-san. 2002-05-25 10:01:01 +00:00
itojun
6f589cb1b2 extra blank line 2002-05-24 09:21:30 +00:00
itojun
c3015f8b5d make a strict check before sending FQDN node information reply. sync w/kame 2002-05-24 09:13:59 +00:00
itojun
7e7fcd1df4 remove wrong "break" statement 2002-05-23 06:53:13 +00:00
itojun
64a1cfbf83 no longer need IFT_PROPVIRTUAL "bridge[0-9]+" check. 2002-05-23 06:40:03 +00:00
itojun
970757edd8 simplify conditions to do DAD. sync w/kame 2002-05-23 06:35:18 +00:00
itojun
e1d17f512b should perform DAD for IFT_GIF. 2002-05-23 06:28:25 +00:00
itojun
5a51285f02 do not have link-local address for IFT_BRIDGE 2002-05-23 06:25:25 +00:00
itojun
d2fd814987 in sp caching code, check if sp is still alive. sync w/kame 2002-05-19 00:46:40 +00:00
itojun
b5f1426ee0 rename: net.inet6.ip6.bindv6only -> net.inet6.ip6.v6only 
sync w/kame.
 2002-05-14 10:27:28 +00:00
matt
0dc8ee943d Eliminate more commons or redundant declarations. 2002-05-14 02:58:32 +00:00
kleink
241f6932ee * Use uint{8,32}_t from <netinet/in.h> where applicable; use private 
fixed-width integer types otherwise.
* Protect RFC 2292 prototypes, which are not XNS5.2/POSIX-2001; also, define
  size_t for inet6_rthdr_space().
 2002-05-13 15:20:30 +00:00
kleink
0f1faf8e09 IPV6PORT_* aren't in the reserved namespace either. 2002-05-13 14:25:13 +00:00
kleink
d258299876 Check _POSIX_C_SOURCE as well. 2002-05-13 14:15:34 +00:00
kleink
a317e750c3 Update two comments. 2002-05-13 13:52:31 +00:00
kleink
602066c0d6 Provide local definitions of in_{addr,port}_t in <netinet/in.h> and use 
them where deemed appropriate by XNS5.2/POSIX-2001.
 2002-05-12 23:04:15 +00:00
matt
c03e11f081 Eliminate commons. 2002-05-12 20:33:50 +00:00
wiz
d30d25dc1a Spelling fixes, from Sergey Svishchev in kern/16650. 2002-05-12 15:48:36 +00:00
itojun
861dfdc294 disable ipsec policy caching on pcb, as it seems that there's some reference- 
counting mistake that causes panic - see PR 15953 and 13813.

i am unable to find the real cause of problem, so it is a shortterm workaround,
hopefully.
 2002-05-10 05:49:21 +00:00
itojun
d7669537a8 remove unneeded #ifdef __FreeBSD__ portion. 2002-05-10 05:38:29 +00:00
thorpej
dc12059c9e Use M_READONLY() rathern than testing to see if ext_free is set 
or MCLISREFERENCED().
 2002-04-28 00:54:41 +00:00
itojun
64109d267c make sure to check address family in route cache 
(I really hate IPv4 mapped address...)
 2002-03-28 01:33:50 +00:00
itojun
bb1e9bbcd8 double m_free() - niklas@openbsd 2002-03-24 20:46:56 +00:00
itojun
714618fb98 fix arg to bcmp() - need to compare 15 bytes, not 3 bytes. sync w/kame 2002-03-23 00:43:59 +00:00
itojun
8cbb556660 protect in6pcb queue operation by splnet, as pcb queue will be touched 
by in6_pcbpurgeif() under splnet.
 2002-03-21 02:11:39 +00:00
itojun
007db8b52a remove obsolete comment 2002-03-20 22:47:59 +00:00
itojun
d31217b639 check sa_len and sa_family strictly. (NOTE: rtsol/rtsold older than Nov2001 
will stop working, upgrade them first)
 2002-03-19 01:21:19 +00:00
itojun
f3279050b2 esp/ah_ctlinput: pass useful address to key_alloc. 2002-03-18 15:30:03 +00:00
itojun
766a6d874e have a real lock around IPv6 reassembly. 2002-03-15 10:44:07 +00:00
itojun
3faedc3f92 s/0/NULL/ as ln_hold is a pointer. sync w/ kame 2002-03-15 09:36:27 +00:00
itojun
38f3d28842 have tcp6_drain 2002-03-15 09:25:41 +00:00
itojun
4b327fb1f3 zlib 1.1.4 dislikes Z_FLUSH at the end of inflate(). 2002-03-14 05:18:10 +00:00
itojun
2246ec4a66 on redirect output, always try to attach target link layer address option. 2002-03-05 08:13:56 +00:00
sommerfeld
ef49bcac3c Nuke out-of-synch comment. 2002-03-04 15:18:32 +00:00
itojun
2ff9b43758 sync blowfish function prototype between i386 assembly and C. 
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
 2002-02-27 01:32:17 +00:00
itojun
ae1b9c29e9 make sure to check address family on route cache. with IPv4 mapped 
address we can see both AF_INET/INET6.
 2002-01-22 03:53:55 +00:00
itojun
b0e82d3005 do not log() in per-packet input path. sync w/kame 2002-01-08 04:37:32 +00:00
itojun
e6834b7b5c make it compile even if NGIF=0 2001-12-22 01:40:03 +00:00
itojun
a225c3930f whitespace/costmetic sync w/kame 2001-12-21 08:54:52 +00:00
itojun
1536628a1f call encap6_ctlinput on icmp6 against tunnelled packet. sync w/kame 2001-12-21 08:54:19 +00:00
itojun
df8adebac1 remove obsolete #if 0'ed section. sync w/kame 2001-12-21 07:16:58 +00:00
itojun
28922b9973 use radix table for inbound tunnel lookup (would increase performance 
for machines with a lot of tunnels).
update route cache for IPvX-over-IPv6 tunnel on path MTU discovery.
snyc with kame
 2001-12-21 06:30:43 +00:00
itojun
9aaffcfde8 move in6_gif_hlim decl to in6_gif.c. sync with kame 2001-12-21 03:58:15 +00:00
itojun
745e191850 move protosw fragment for gif/stf to their own source code. 
reduce #ifdef in stf code.  sync with kame
 2001-12-21 03:21:50 +00:00
itojun
ebb1c82ec5 centralize multicast group management (in6_join/leavegroup). 
have a flag for ip6_output() to fragment to minimum MTU.
sync with kame
 2001-12-20 07:26:36 +00:00
itojun
1cad8e6085 reduce white space/cosmetic diffs w/kame. 2001-12-18 03:04:02 +00:00
itojun
29064a3fdb remove obsolete #if 0'ed portion. 2001-12-18 01:42:04 +00:00
itojun
33429d0612 correct timing to increment icmp6 MIB variables. sync with kame 2001-12-07 10:10:43 +00:00
itojun
f8321e02a6 fix cast128 with shorter key length. sync with kame 2001-11-27 11:19:36 +00:00
itojun
c23ea6c341 update outgoing ifp, only if tunnel mode ipsec is used. this is to 
honor IP_MULTICAST_IF setsockopt on ipsec-over-multicast.  sync with kame
 2001-11-21 06:28:08 +00:00
perry
c8549493da (minor) delint 2001-11-17 18:55:11 +00:00
lukem
4f2ad95259 add RCSIDs 2001-11-13 00:56:55 +00:00
itojun
d54922c799 check offset overrun in ip6_nexthdr. 2001-11-02 08:05:48 +00:00
simonb
5f717f7c33 Don't need to include <uvm/uvm_extern.h> just to include <sys/sysctl.h> 
anymore.
 2001-10-29 07:02:30 +00:00
itojun
7b1918bdc8 always check extension header length. 2001-10-29 05:23:17 +00:00
itojun
eecba85f88 no tcp_fasttimo any more. PR 14333 2001-10-24 09:37:00 +00:00
itojun
73f4e5001f more whitespace sync with kame 2001-10-24 06:36:37 +00:00
itojun
c7e6405a34 remove unused codepath (unifdef -UUDP6) 2001-10-24 06:04:08 +00:00
itojun
68fbfa26e8 gather stats on raw ip6 socket. sync with kame 2001-10-18 09:12:13 +00:00
itojun
51a9c75998 simplify per-if stats. 2001-10-18 09:09:25 +00:00
itojun
ae5499819c reduce diffs with kame (mostly cosmetic). 
move IPV6_CHECKSUM processing to sys/netinet6/raw_ip6.c.
constify a couple of places.
 2001-10-18 07:44:33 +00:00
itojun
1990d680c4 do not change neighbor cache state on entry timeout, 
if the cache entry is for outgoing router.

perform on-linkness check before default router (re-)seletion.

do not play with interface direct route on nd6_rtrequest.

sync a lot of cosmetic changes.  sync with kame
 2001-10-17 10:55:09 +00:00
itojun
dfb1429789 unifdef OLDIP6OUTPUT 2001-10-17 08:23:05 +00:00
itojun
7dcf45fbd8 more whitespace/comment sync with kame 2001-10-16 06:24:44 +00:00
itojun
45c8a6a57e remove unused #define. sync whitespace/comment with kame. 2001-10-16 04:57:38 +00:00
itojun
9bff6fde4c reduce diff with kame. whitespace only 2001-10-16 04:17:54 +00:00
itojun
149aafe6ad sync with kame. 
net.inet6.icmp6.nodeinfo is now a bitmap (2^0 = ping6 -w, 2^1 = ping6 -a).
give up local if there's mbuf alloc failures.
cope with ".." in hostname.
sync comments/whitespaces.
 2001-10-15 11:12:44 +00:00
itojun
91498ffec5 implement IPV6_V6ONLY socket option from draft-ietf-ipngwg-rfc2553bis-03.txt. 
IPV6_BINDV6ONLY (netbsd only) is deprecated, but still work just like before.
 2001-10-15 09:51:15 +00:00
itojun
99d25b4e8a reduce diff with kame. whitespace changes only. 2001-10-15 03:55:37 +00:00
wiz
456dff6cb8 Spell 'occurred' with two 'r's. 2001-09-16 16:34:23 +00:00
itojun
bf45c09959 fix SA lookup when IPsec transport mode and tunnel mode over IPv6 is used 
at the same time.  sync with kame
(like "IP AH ESP IP", policy = "esp/tunnel/a-b/use ah/transport//use")
 2001-09-13 06:30:57 +00:00
itojun
080d73b4a3 minor style 2001-09-10 03:08:18 +00:00
tls
3d4146e21f Add asm versions of blowfish and des transforms for i386. 
This also involved updating the in-kernel DES functions to correspond
to the versions in our in-tree OpenSSL, because the des_SPtrans table
has changed; the asm code will not work with the old permutation table!

C and i386 asm code for the DES, 3DES, and Blowfish CBC modes is also
included; it is not currently built as the ESP processing in esp_core.c
splits the CBC operation and the cipher transform apart.  Hopefully that
will be fixed as there is a substantial performance improvement to be had
from doing so.  It will remain necessary to use the C version of the
Blowfish CBC function on some i386 machines, however, as the asm version
uses bswapl, which ony 486 and later processors have.  The DES CBC code
doesn't have this problem.

Finally, change esp_core.c to use the ecb3_encrypt function instead of
calling ecb_encrypt three times; this improves performance a bit, in
particular in the asm case.
 2001-09-09 11:00:59 +00:00
itojun
4d1509970e do not try to bring IPv6 up on bridge*. 2001-08-23 02:58:24 +00:00
itojun
74ad87bc53 gif interface now uses generic software interrupt 
(on archs that support it).  also, make gif ALTQ-capable on outgoing.
sync with kame, comments from thorpej.
 2001-08-16 17:45:25 +00:00
itojun
57030e2f12 cache IPsec policy on in6?pcb. most of the lookup operations can be bypassed, 
especially when it is a connected SOCK_STREAM in6?pcb.  sync with kame.
 2001-08-06 10:25:00 +00:00
itojun
e3d077542f cosmetic (spacing near /* */). sync with kame 2001-08-05 22:20:44 +00:00
itojun
cad488d032 sync gif interface code with latest kame. 
IFF_RUNNING is clearified.  attach/detach logic is more clearner.
the old code mistakenly set IFF_UP by itself, now the behavior is gone.
 2001-07-29 05:08:32 +00:00
itojun
fd5e7077a3 allocate ipsec policy buffer attached to pcb in in*_pcballoc, before 
giving anyone accesses to pcb (do not reveal an inconsistent ones).
sync with kame
 2001-07-25 23:28:02 +00:00
itojun
a21ce80cd6 ifindex2ifnet could return NULL if if_detach() is used (pcmcia card 
removal and such).
 2001-07-25 09:23:46 +00:00
itojun
0cd424b3ce ifidex2ifnet could contain NULL after if_detach(). sync with kame 2001-07-25 06:59:51 +00:00
itojun
19392ee73b fix comment on setsockopt arg size. KAME PR 369 2001-07-24 00:44:36 +00:00
itojun
bee33e3d00 repair scoped address handling in PRU_BIND. sync with kame. 2001-07-23 19:29:53 +00:00
wiz
a9356936b4 seperate -> separate 2001-07-22 13:33:58 +00:00
itojun
7f070caa75 sync rt_ifp check with IPv4 counterpart (see sys/net/if_ethersubr.c 1.27). 
sync with kame
 2001-07-20 20:26:35 +00:00
itojun
8c9f492242 do not malloc() during interrupt context for IPv6 multicast kludge table. 
malloc() during interface initialization.  sync with kame
 2001-07-18 13:12:27 +00:00
itojun
fc35f336c7 sync with draft-ietf-ipngwg-p2p-pingpong-00.txt. apply special behavior 
only if ip6_dst is "neighbor" within p2p prefix.  sync with kame
 2001-07-18 09:24:26 +00:00
itojun
5e920039c6 have ovbcopy() macro, for cross-BSD compatibility only. 2001-07-07 14:45:46 +00:00
itojun
193167b1eb call in{,6}_pcbpurgeif0() before in{,6}_purgeif(). 2001-07-03 08:06:19 +00:00
itojun
1ff38f4d03 on interface removal, remove multicast groups joined from pcb, before 
removing interface addresses.  without the change, we may deref
NULL pointer in in_pcbpurgeif().  from jinmei@kame, sync with kame
 2001-07-02 15:25:34 +00:00
itojun
03927c60a5 call defrouter_select() only if it is autoconfigured host. 2001-06-29 16:01:47 +00:00
itojun
02c94ca414 refresh default router list on nd6_detach(), only if we are an 
autoconfigured host.  bug was that, we will lose default route on
"ifconfig gif0 destroy" even if default is not pointing to gif0.
reported by ume@mahoroba.org.  sync with kame
 2001-06-27 17:36:14 +00:00
itojun
9ccf08b3c5 netbsd; on interface removal, force pcbs to leave from multicast groups 
pointing toward the interface about to be removed.  sync with kame
XXX still need more discussions on semantics.  the behavior should be safer
 2001-06-27 15:53:14 +00:00
itojun
77a4124f7d the documents are out of sync with the latest situation. remove them. 2001-06-24 19:40:35 +00:00
itojun
885b74c2be select default router again, when L2 address of the router changes 2001-06-22 13:36:12 +00:00
itojun
0213b76857 remove RFC1885 compatibility code in #ifdef COMPAT_RFC1885, for icmp6 
reply packet size consideration (obsolete, not used for a long time).
sync with kame
 2001-06-22 13:01:49 +00:00
itojun
57d1913ebc do not forward packet back to point-to-point interface, if the packet 
matches the ipv6 prefix assigned to the p2p interface (= redirect case).
this leads to pingpong, chews bandwidth.  bad thing is that bad guy from
remote can chew bandwidth.  (follows upcoming internet draft)
 2001-06-22 12:33:05 +00:00
wiz
ccfe29f3cf Symmetric has one s and two m's. 2001-06-18 11:23:00 +00:00
matt
5571e920d6 senderr needs only be declared when PFIL_HOOKS is defined 2001-06-12 17:55:52 +00:00
itojun
bdbfdf946d run pfil_hooks for IPv6 forwarding path (note: ip6_forward() does not 
call ip6_output()).
 2001-06-12 15:12:33 +00:00
itojun
8b646a5273 remove IPV6FIREWALL case, which is never used 2001-06-11 13:49:18 +00:00
wiz
40ac848024 Fix various misspellings of compatible/compatibility. 2001-06-11 01:50:48 +00:00
mrg
6a536c0364 fix a IPNOPRIVPORTS unused variable botch. noted by proff. 2001-06-06 06:07:06 +00:00
thorpej
ad9d3794b0 Implement support for IP/TCP/UDP checksum offloading provided by 
network interfaces.  This works by pre-computing the pseudo-header
checksum and caching it, delaying the actual checksum to ip_output()
if the hardware cannot perform the sum for us.  In-bound checksums
can either be fully-checked by hardware, or summed up for final
verification by software.  This method was modeled after how this
is done in FreeBSD, although the code is significantly different in
most places.

We don't delay checksums for IPv6/TCP, but we do take advantage of the
cached pseudo-header checksum.

Note: hardware-assisted checksumming defaults to "off".  It is
enabled with ifconfig(8).  See the manual page for details.

Implement hardware-assisted checksumming on the DP83820 Gigabit Ethernet,
3c90xB/3c90xC 10/100 Ethernet, and Alteon Tigon/Tigon2 Gigabit Ethernet.
 2001-06-02 16:17:09 +00:00
itojun
781f6920ab use default hoplimit when incoming interface is not given to icmp6_reflect. 
sync with kame
 2001-06-01 05:54:19 +00:00
mrg
67afbd6270 use _KERNEL_OPT 2001-05-30 11:57:16 +00:00
thorpej
c973d6a0eb Skip the pseudo-header if nxt == 0. This is already documented 
in in6_cksum(9) and is also the behavior of the i386 optimized
version.
 2001-05-30 03:06:56 +00:00
itojun
e91c2ce847 remove debug printfs, which can be too noisy. sync with kame. 2001-05-27 17:36:07 +00:00
itojun
fc644273cd print more diag message on in6_addmulti() failures. 2001-05-24 08:17:22 +00:00
itojun
a7596d1912 call icmp6_mtudisc_update(foo, 0) even if ICMPv6 messages are very short. 
let icmp6 layer decide whether we take PMTUD routes or not.
 2001-05-24 07:22:27 +00:00
itojun
fc66251bda plug memory leak on invalid fragment packet. supress noisy log. from kame 2001-05-17 14:01:37 +00:00
itojun
498fdebcd7 drop multi destination mode (IFF_LINK0). 2001-05-14 13:35:20 +00:00
itojun
f4d5905544 there's no need to #if NFAITH here. IN6P_FAITH can be set even on 
NFAITH == 0 kernel, it is safer to always check the condition.
sync with kame.
 2001-05-11 18:38:03 +00:00
itojun
63181d71c1 correct ecn consideration on tunnel encap/decap. sync with kame. 2001-05-10 01:37:42 +00:00
itojun
1bec764d78 correct faith prefix determination. use sys/netinet/if_faith.c:faithprefix() 
to determine.  sync with kame.
(without this change, non-faith socket may mistakenly accept for-faith traffic)
 2001-05-08 10:15:13 +00:00
itojun
d1b6307b88 do not copy TTL field on ipsec tunnel mode encapsulation. sync with kame 2001-04-15 01:55:49 +00:00
thorpej
bf2dcec4f5 Remove the use of splimp() from the NetBSD kernel. splnet() 
and only splnet() is allowed for the protection of data structures
used by network devices.
 2001-04-13 23:29:55 +00:00
itojun
f4e4c674a7 disallow userland programs from specifying addresses with IPV6_PKTINFO 
setsockopt, if:
- the address is not verified by DAD (= not ready)
- the address is an anycast address (= not permitted as source)
sync with kame
 2001-04-11 04:57:53 +00:00
itojun
5ed8fd262b suppress RS/RA log messages (can be re-enabled by net.inet6.icmp6.nd6_debug), 
as they may fill up /var.  sync with kame.
 2001-04-04 06:28:41 +00:00
itojun
2abaa8eae5 make sure rcvif is sane on call to icmp6_reflect 2001-04-04 06:28:40 +00:00