Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
77,462 Commits 606 Branches 0 Tags 3.1 GiB
Commit Graph

358 Commits

Author SHA1 Message Date
itojun 27a0af5865 nd6_storelladdr() was not consistent about m_freem() policy. 
do not touch RTF_STATIC entries (static ND entries) on ND cache update.
couple of costmetic sync.  sync with kame
 2001-03-08 10:49:32 +00:00
itojun 7695280d34 more missing splx. from kame 2001-03-08 10:48:40 +00:00
itojun 912f42ecda remove bogus rtfree. sync with kame. inspired by openbsd PR 1706. 2001-03-08 00:19:03 +00:00
itojun 4e45315377 missing splx. from aaron@openbsd. sync with kame 2001-03-07 22:50:14 +00:00
itojun c9e08725bc avoid possible alignment issue. sync with kame 2001-03-04 16:49:17 +00:00
itojun dc3424f555 pass key to rijndael logic as binary, not hexadecimal string. 
sync with kame
 2001-03-02 15:42:39 +00:00
itojun f03176a0a8 have comment that refers to kame COVERAGE document. sync with kame 2001-03-02 04:55:40 +00:00
itojun 8c8c2f71a4 the date string in KAME version is getting very meaningless, remove. 2001-03-02 04:52:54 +00:00
itojun 2d6047cff9 make sure to enforce inbound ipsec policy checking, for any protocols on top 
of ip (check it when final header is visited).  sync with kame.
XXX kame team will need to re-check policy engine code
 2001-03-01 16:31:37 +00:00
itojun 233e3963ed make sure to validate packet against ipsec policy. 2001-02-26 07:20:44 +00:00
cgd 023e9f0649 C requires that labels be followed by statements. 2001-02-24 00:01:22 +00:00
itojun f2a66201fc garbage-collect stale ND entries (default: 1 day). 
RFC 2461 5.3.  sync with kame.
 2001-02-23 08:02:41 +00:00
itojun e1196a8f6e remove unnecessary state, ND6_LLINFO_WAITDELETE, from neighbor cache 
state machine.
no need for RTF_REJECT on neighbor cache entires, they are leftover from
ARP code.
sync with kame.
 2001-02-23 06:41:50 +00:00
itojun 2df943e652 correct handling of upper limitation to # of reass queue. 2001-02-22 05:04:42 +00:00
itojun 49889b3afd be more more picky about option length parsing. sync with kame 2001-02-22 01:40:25 +00:00
itojun e1e316562b make validation code more strict for ND6/dest6 variable length headers. 
check duplicated nd6_ifinfo table initialization in a better way.
sync with kame
 2001-02-21 17:23:09 +00:00
itojun 96413230d1 style, to make kame sync easier 2001-02-21 16:28:43 +00:00
itojun 52f2cece9f tighten AH IPv4 option chasing more. drop too short (< 2) option. 
sync with kame.
 2001-02-21 01:27:58 +00:00
itojun c9928e0ab1 need PR_ADDR|PR_ATOMIC for IPPROTO_EON. fix typo. from chopps, sync with kame 2001-02-21 00:11:53 +00:00
itojun da8a3f0179 add AF_ISO case to output. from chopps. 2001-02-20 10:41:47 +00:00
itojun 176db3e930 ISO over IPv4/v6 by EON encapsulation. from chopps, sync with kame. 2001-02-20 08:49:15 +00:00
itojun 5bc3f3ff96 correct IPv4 option handling. 2001-02-19 04:24:27 +00:00
itojun 26a76076be correct IPv4 option header chasing. the old code may overrun the buffer 
if the option header is truncated.  sync with kame
 2001-02-19 03:47:01 +00:00
itojun e6dbed9659 wording in comment. 
is contradict -> "is contradictory", or "contradicts".
 2001-02-16 15:13:40 +00:00
itojun f99a50f858 protect router list management by splsoftnet properly. sync with kame 2001-02-11 07:12:01 +00:00
itojun 1bc6ca28a1 make sure to clean ln_byhint on reachability confirmation. 2001-02-11 07:00:03 +00:00
itojun 1442c06fae wrap kernel-only #define (kame cross-bsd portability) into _KERNEL. 2001-02-11 06:50:59 +00:00
itojun bc5a6e2482 pull latest kame pcbnotify code. synchronizes ICMPv6 path mtu discovery 
behavior with other protocols (i.e. validation, use of hiwat/lowat).
 2001-02-11 06:49:49 +00:00
itojun 2390806e17 whitespace sync with kame 2001-02-11 05:25:04 +00:00
itojun 5318e0ee0f remove #ifdef __FreeBSD__. 2001-02-11 05:24:21 +00:00
itojun 37bb4bf58b set frag6_doing_reass properly (for frag6_drain). sync with kame. 2001-02-11 05:05:27 +00:00
itojun 7781d63a92 recover $NetBSD$ (removed by mistake) 2001-02-11 04:53:49 +00:00
itojun 9a9c998cc7 add missing IFAFREE() in error recovery case. 2001-02-11 04:29:30 +00:00
itojun e1f4f77960 to sync with kame better, (1) remove register declaration for variables, 
(2) sync whitespaces, (3) update comments. (4) bring in some of portability
and logging enhancements.  no functional changes here.
 2001-02-10 04:14:26 +00:00
itojun 4cd9449e34 initialize "mbz" member. kame 1.35 -> 1.36 2001-02-10 03:06:39 +00:00
itojun 7f548573d5 cosmetic changes to sync with kame. tabify and minor local variable renames 2001-02-10 02:19:57 +00:00
itojun 20e2452579 fix if_set for architectures with sizeof(long) != 4. IF_xxx behaved badly. 
(no fear of overrun, since index was mistakenly computed to too small value)
 2001-02-10 02:10:14 +00:00
itojun 6b9104e0f7 sync with kame better. cosmetic/stat changes only. 2001-02-08 18:43:17 +00:00
itojun ae819d9324 move udp6_output() to separate file. (sync better with kame) 2001-02-08 16:48:01 +00:00
itojun 109fcc5522 implement upper limit to icmp6 redirects (experimental, turned off) 
negative value to {mtudisc,redirect}_{hi,lo}wat will turn off the limitation.
sync with kame.
 2001-02-08 16:07:39 +00:00
itojun 179a7e0d7b send up dst_unreach_admin error to local node, if transport-mode 
ipsec key is not found.  rather experimental.  kame 1.83 -> 1.84

nuke IPSEC_SRCSEL which does not do the right thing.
adjust state->ro if the tunnel endpoint is offlink.  KAME PR 233.
kame 1.84 -> 1.85
 2001-02-08 15:04:26 +00:00
itojun 574214f10a amove in6_{embed,recover}scope prototypes to in6_var.h (kernel only). 
add in6_clearscope.  sync with kame
 2001-02-08 14:56:15 +00:00
itojun a1d89972c7 when chasing nd6_llinfo chain, make sure we do not touch dangling 
pointer (due to RTM_DELETE during default router list management).
from kame
 2001-02-08 12:57:54 +00:00
itojun c8e86cc06a remove bogus DIAGNOSTIC. sync with kame 2001-02-07 10:56:38 +00:00
itojun 22b473e0f6 during ip6/icmp6 inbound packet processing, do not call log() nor printf() in 
normal operation (/var can get filled up by flodding bogus packets).
sysctl net.inet6.icmp6.nd6_debug will turn on diagnostic messages.
(#define ND6_DEBUG will turn it on by default)

improve stats in ND6 code.

lots of synchronziation with kame (including comments and cometic ones).
 2001-02-07 08:59:47 +00:00
itojun 172e802b90 bad semicolon after "if" conditional. sync with kame 2001-02-06 01:27:29 +00:00
chs 09cb38f22b expose the definitions of MIN() and MAX() in sys/param.h to the kernel 
and use those in favor of a dozen copies scattered around the source tree.
 2001-02-05 10:42:40 +00:00
itojun d17dfd2fc0 avoid panic when a packet with nonexistent link-local address is issued. 
kame 1.151 -> 1.152.
 2001-02-02 15:54:56 +00:00
itojun 617b3fab7e - record IPsec packet history into m_aux structure. 
- let ipfilter look at wire-format packet only (not the decapsulated ones),
  so that VPN setting can work with NAT/ipfilter settings.
sync with kame.

TODO: use header history for stricter inbound validation
 2001-01-24 09:04:15 +00:00
itojun 8b3234d2f2 minimize diff with the latest kame tree. 2001-01-23 05:21:23 +00:00