Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
129,277 Commits 606 Branches 0 Tags 3.1 GiB
Commit Graph

804 Commits

Author SHA1 Message Date
yamt 39dd3d0c5d run PFIL_IFADDR hooks on SIOCAIFADDR_IN6 and SIOCDIFADDR_IN6 as well. 
from Peter Postma, PR/26368.
ok'ed by itojun.
 2004-07-26 13:44:35 +00:00
yamt e08729e055 rip6_output: redo the previous (raw_ip6.c 1.66) 
with less assumptions about alignment.
 2004-07-23 09:53:10 +00:00
yamt 540e6d4640 rip6_output: make sure that the mbuf is writable 
before write a checksum into it.
otherwise "ping6 -s50000" causes a panic.

ok'ed by itojun.
 2004-07-22 05:26:46 +00:00
itojun 3f35f96f9a prevent mbuf leak on IPsec tunnel mode. from iij seil team 2004-07-16 01:12:02 +00:00
itojun 8da378abea - update ro_pmtu on IPsec tunnel encapsulation. ro != ro_pmtu is used as the 
sign for the existence of routing header.
- fragment to 1280 on IPv6-over-IPv6 encapsulation, as ICMPv6 too big may not
  give you enough information to update pmtu cache.

from iij seil team, via kame.
 2004-07-14 03:06:08 +00:00
minoura c3ed038115 Remove broken code for now: getsockopt(s, IPPROTO_IP, IP_IPSEC_POLICY,...). 
It returned EINVAL, now returns ENOPROTOOPT.
Ok'd by itojun.
 2004-07-06 04:30:27 +00:00
drochner 05da173d52 abstain from typecasting the LHS of an assignment; 
gcc-3.4.x doesn't like it
 2004-06-24 16:49:51 +00:00
itojun b791f5f740 error could be left uninitialized when we jump into "senderr" 2004-06-24 15:01:51 +00:00
itojun 0f18c4c945 multicast data management fix - previous fix was incorrect. jinmei@kame 2004-06-16 03:17:26 +00:00
itojun ec7ac551be insufficient paren in macro def. Patrick Latifi 2004-06-16 02:36:37 +00:00
itojun 2e60f85658 use macro and make it a bit more readable. 2004-06-14 08:07:29 +00:00
itojun 4d7b9596f6 check before joining multicast group. otherwise multiple in6_multi structure 
will be kept.  reported by patrick latifi
 2004-06-14 07:54:45 +00:00
itojun 501233726d implement IPV6_USE_MIN_MTU sockopt. needed by bind9 + EDNS0 + big receive buffer. 2004-06-11 04:10:10 +00:00
itojun 56e182b708 there's no use to check privs on curproc in the input path. jinmei@kame 2004-06-01 03:13:22 +00:00
atatat 4de3747b89 Sysctl descriptions under net subtree (net.key not done) 2004-05-25 04:33:59 +00:00
itojun 32e4b55076 do not loop on nd6_output() when transmission fails. from kame 2004-05-19 17:45:05 +00:00
jonathan f7abb16323 Fix per-PCB IPsec policy cache for FAST_IPSEC: 
The sys/netipsec policy-cache (added by Jason Thorpe as a rewrite of
the KAME per-PCB policy cache) assumes that policy-cacheable PCBs
always has a non-NULL inph_sp in the common PCB header.  So we must
do all the per-PCB policy cache calls when either (KAME) IPSEC, or
FAST_IPSEC is defined.  ``Make it so''.

We can now support non-IPsec'ed IPv6 traffic, when both
``options FAST_IPSEC'' and ``options INET6'' are configured.
 2004-04-26 01:53:59 +00:00
simonb b5d0e6bf06 Initialise (most) pools from a link set instead of explicit calls 
to pool_init.  Untouched pools are ones that either in arch-specific
code, or aren't initialiased during initial system startup.

 Convert struct session, ucred and lockf to pools.
 2004-04-25 16:42:40 +00:00
itojun cb0651e44a correct parameter to in6_cksum. keiichi@kame 2004-04-22 17:58:59 +00:00
matt e50668c7fa Constify protosw arrays. This can reduce the kernel .data section by 
over 4K (if all the network protocols) are loaded.
 2004-04-22 01:01:40 +00:00
itojun 5da9234d88 remove duplicated #include. PR 25234 2004-04-20 17:12:03 +00:00
atatat 83b193a052 Make these compile without INET. tcp_input probably needs a lot more 
work...
 2004-03-29 04:59:02 +00:00
christos d6939c86f1 no need for splsoftnet, because the caller does it already. 2004-03-28 08:28:50 +00:00
christos 03766c2d10 PR/23335: Christos Zoulas: Removing interfaces trashes free memory when 
ipv6 is used because multicast group memberships contain dangling references
to the multicast group deleted.
 2004-03-28 08:28:06 +00:00
itojun e050c8a03d do not touch m->m_pkthdr.rcvif after m becomes invalid. Patrick Latifi 2004-03-26 03:35:02 +00:00
atatat 19af35fd0d Tango on sysctl_createv() and flags. The flags have all been renamed, 
and sysctl_createv() now uses more arguments.
 2004-03-24 15:34:46 +00:00
martti c3f78782b9 Make ip6_getpmtu() globally visible. This is needed by IPFilter 4.x. 2004-03-23 18:21:38 +00:00
itojun 3811eef49d typo 2004-03-23 05:31:54 +00:00
itojun 721292cf12 constify AH algorithm function table. suggested by robert watson 2004-03-10 03:45:04 +00:00
thorpej 2803ff0955 Use the new IPSEC_PCB_SKIP_IPSEC() to bypass a socket policy lookup 
when possible.  This shaves several cycles from the output path for
non-IPsec connections, even if the policy is cached in the PCB.
 2004-03-02 02:28:28 +00:00
thorpej db4fcd885b Augment the PCB cache with a "hint" that can be used to short-circuit 
IPsec processing in other places.  The hint has 3 values: MAYBE, YES,
and NO.  Hints are initialized to MAYBE, and MAYBE is always used for
unconnected sockets (since the spidx may change for every packet
that is output).  For connected sockets, NONE and BYPASS policies cause
the hint to be set to NO, and all other policies to YES.

Also shuffle the PCB cache data structure, turning 3 arrays into a
single array of a struct.
 2004-03-02 02:17:38 +00:00
itojun 581091043b knf 2004-03-01 22:32:35 +00:00
wiz f05e6f1a3a occured -> occurred. From Peter Postma. 2004-02-24 15:12:51 +00:00
itojun aaa4bd9a6c avoid out-of-bound memory access if len == 128. 
from Ted Unangst via Colin Percival
 2004-02-23 05:01:04 +00:00
wiz d20841bb64 Uppercase CPU, plural is CPUs. 2004-02-13 11:36:08 +00:00
itojun d93f7028c1 we have IFT_BRIDGE already, no need for #ifdef 2004-02-11 20:51:24 +00:00
christos bcdf1b194a We don't have IFT_{PFLOG,PFSYNC} (yet). 2004-02-11 17:36:33 +00:00
itojun abd93ec67b minor KNF 2004-02-11 10:54:29 +00:00
itojun 5d3b18b4a4 KNF 2004-02-11 10:47:28 +00:00
itojun 57cbd26e09 missing bzero 2004-02-11 10:42:24 +00:00
itojun 6c8714a95e avoid ugly typecast 2004-02-11 10:37:33 +00:00
itojun e2d302c40d reduce useless variables 2004-02-10 20:57:20 +00:00
itojun c5cb8d59c0 remove unneeded #ifdef 2004-02-06 08:07:55 +00:00
tron d23ecc0dca Remove outdated prototype for ip6_getpmtu(). The function has a different 
signature now and is statically declared in "ip6_output.c".
 2004-02-04 10:31:27 +00:00
itojun 70e51fdcf0 strictly follow RFC2460 section 5 last paragraph 
(sending rule when PMTU < 1280).  pointed out by guninski at guninski.com
 2004-02-04 05:17:28 +00:00
darrenr 5915fd3874 make ip6_getpmtu() externally visible 2004-01-24 13:02:41 +00:00
itojun 092e41da38 do not lookup security policy if IPV6_FORWARDING. 
avoids possible infinite ipsec encapsulation on
        ip6_input -> ip6_forward -(tunnel mode)-> ip6_output
case.  from kame
 2004-01-19 05:14:58 +00:00
itojun cdaa27b23a when ipsec tunnel mode is applied, we are originating packet (instead of 
forwarding).  go to ip6_output() path for fragmentation and other processing.
from kame
 2004-01-16 05:12:08 +00:00
itojun 8dcc7f31aa typo. 
http://sources.zabbadoz.net/freebsd/patchset/108-ipsec-spelling.diff
 2004-01-13 23:02:00 +00:00
itojun 1101ef17d0 plug memory leak on failure. 
http://sources.zabbadoz.net/freebsd/patchset/109-ipsec-memleak.diff
 2004-01-13 23:01:08 +00:00