christos
49b19c5f09
PR/30821: SUZUKI, Shinsuike: IPsec-AH is always calculated using the same
...
key in AES-XCBC-MAC
2005-07-28 14:19:56 +00:00
tron
d5da0b0c38
Remove unnecessary bzero() calls before calling the algorithm specific
...
init function.
2005-07-21 16:59:20 +00:00
gdt
b0239c745e
Add PR_PURGEIF flag for protocols to indicate that the protocol might
...
store a struct ifnet *, and define it for udp/tcp/rawip for INET and
INET6. When deleting a struct ifnet, invoke PRU_PURGEIF on all
protocols marked with PR_PURGEIF. Closes PR kern/29580 (mine).
2005-07-19 12:58:24 +00:00
tron
58b513c9f5
Defopt IPSEC_NAT_T.
2005-07-07 16:00:56 +00:00
christos
7642adc771
match the declarations in libipsec.h
2005-06-26 21:14:37 +00:00
mlelstv
d23f1d6e16
expire cached route. Fixes PR 22792.
2005-06-26 10:39:21 +00:00
tron
c86b2622dd
Change the first argument of the encapsulation check function from
...
"const struct mbuf *" to "struct mbuf *". Without this change the
actual implementation cannot even use m_copydata() on the mbuf chain
which is broken.
2005-06-02 15:21:35 +00:00
tron
41dcb3a310
Remove type casts and lint directives which are now longer necessary
...
because the first argument of m_copydata() is "const struct mbuf *" now.
2005-06-02 10:54:58 +00:00
christos
2ab31527e2
- avoid shadowed variables
...
- sprinkle const.
2005-05-29 21:43:51 +00:00
christos
6dbf0e5b0a
avoid silly static variables that even caused nesting issues, not to mention
...
reentrancy concerns.
2005-05-29 21:43:09 +00:00
seanb
40b52d3132
- Arithmetic error when calculating ticks to nd6_llinfo_settimer().
...
- Reviewed by christos.
2005-05-27 22:26:25 +00:00
manu
7c6ffb8ab4
Use NAT-T ports for AH and IPcomp too.
2005-05-20 01:25:17 +00:00
christos
362a4a0bd5
Yes, it was a cool trick >20 years ago to use "0123456789abcdef"[a] to
...
implement, xtoa(), but I think defining the samestring 50 times is a bit
too much. Defined HEXDIGITS and hexdigits in subr_prf.c and use it...
2005-05-17 04:14:57 +00:00
christos
7d0b65d656
PR/30154: YAMAMOTO Takashi: tcp_close locking botch
...
One more so_uid -> so_uidinfo change.
2005-05-07 17:44:11 +00:00
yamt
34c3fec469
move decl of inetsw to its own header to avoid array of incomplete type.
...
found by gcc4. reported by Adam Ciarcinski.
2005-04-29 10:39:09 +00:00
manu
455d55f55b
Enhance IPSEC_NAT_T so that it can work with multiple machines behind the
...
same NAT.
2005-04-23 14:05:28 +00:00
yamt
df9d0a0359
disable loopback checksum omission for udp6.
...
i forgot to commit this with:
http://mail-index.NetBSD.org/source-changes/2005/04/18/0023.html
2005-04-22 11:56:33 +00:00
itojun
f1fe53f0ac
AES counter mode uses 8byte IV, not 16 bytes.
...
msa@burp.tkv.asdf.org , Juha.Leppilahti@iki.fi
2005-04-22 02:43:39 +00:00
tron
6589458a53
Make sure that prefixes get purged. This fixes PR kern/21189,
...
PR kern/25968 and PR kern/27873.
2005-04-03 11:02:27 +00:00
atatat
5b8a6c916d
Revert the change that made kern.file2 and net.*.*.pcblist into nodes
...
instead of structs. It had other deleterious side-effects that are
rather nasty. Another solution must be found.
2005-03-11 06:16:15 +00:00
atatat
ca63da437a
Change types of kern.file2 and net.*.*.pcblist to NODE
2005-03-10 05:43:25 +00:00
itojun
b64c75b041
correct mistake reported by VANHULLEBUS Yvan
2005-03-09 14:17:13 +00:00
atatat
7c62c74d09
Add the following nodes to the sysctl tree:
...
net.local.stream.pcblist
net.local.dgram.pcblist
net.inet.tcp.pcblist
net.inet.udp.pcblist
net.inet.raw.pcblist
net.inet6.tcp6.pcblist
net.inet6.udp6.pcblist
net.inet6.raw6.pcblist
which allow retrieval of the pcbs in use for those protocols. The
struct involved is 32/64 bit clean and incorporates parts of struct
inpcb, struct unpcb, a bit of struct tcpcb, and two socket addresses.
2005-03-09 05:07:19 +00:00
itojun
015b260743
make ip6_getpmtu back to static
2005-02-28 09:27:07 +00:00
perry
f07677dd81
nuke trailing whitespace
2005-02-26 22:45:09 +00:00
manu
5c217c1a67
Add support for IPsec Network Address Translator traversal (NAT-T), as
...
described by RFC 3947 and 3948.
2005-02-12 12:31:07 +00:00
itojun
692c601c25
backout 1.54. heurestic code should never be used. if you experience DAD
...
failure, suspect your driver, not ND code.
2005-02-10 02:57:17 +00:00
drochner
e1e8770b32
Give DAD a chance to succeed even if the network is "slightly broken"
...
(in my case it as a switch set to "monitor" mode):
If we see an NS request for the address we are just probing for, for
three times the number of DAD packets we are supposed to send (the
"ip6.dad_count" sysctl variable), assume that these are our own packets
and let DAD succeed.
The code for this was mostly there, commented out. Just needed some fixes.
The "three times" is heuristic of course.
Being here, reset the "dad_ns_tcount" variable on a successful send;
otherwise we get strange interdependencies with user-settable variables
(ever tried to set ip6.dad_count to something >15?).
2005-02-02 20:56:27 +00:00
drochner
dc86361844
remove the unused in6_ifindex2scopeid()
...
if at all, it works with site-local addresses whose fate is uncertain
to say the least
2005-02-01 15:29:23 +00:00
drochner
5d0cfbc9bd
sin6_scope_id maps to interface indices for link local addresses only!
...
(unlikely to be used with other scopes for now, but we should be
correct anyway)
2005-02-01 14:56:17 +00:00
matt
d341be30f4
Change initialzie of domains to use link sets. Switch to using STAILQ.
...
Add a convenience macro DOMAIN_FOREACH to interate through the domain.
2005-01-23 18:41:56 +00:00
itojun
57fd095fdf
shouldn't check code field on "packet too big" icmp6 message.
2005-01-17 10:16:07 +00:00
drochner
e5653b8213
remove a redundant check for ifindex2ifnet[idx] != 0
2004-12-21 11:40:12 +00:00
drochner
f44d9a5791
fix ifindex argument checks for IPV6_JOIN_GROUP,
...
IPV6_LEAVE_GROUP and IPV6_MULTICAST_IF -
0 is always legal
2004-12-21 11:37:47 +00:00
thorpej
7994b6f95e
Don't perform checksums on loopback interfaces. They can be reenabled with
...
the net.inet.*.do_loopback_cksum sysctl.
Approved by: groo
2004-12-15 04:25:19 +00:00
peter
396b87b8c2
Convert lo(4) to a clonable device.
...
This also removes the loif array and changes all code to use the new
lo0ifp pointer which points to the lo0 ifnet structure.
Approved by christos.
2004-12-04 16:10:25 +00:00
christos
694d5b6a91
We don't need to include bpfilter.h
2004-11-28 02:37:38 +00:00
itojun
5bcaef8e92
wrong paren. Patrick Latifi
2004-11-17 03:20:53 +00:00
itojun
bc559f51c6
remove extra code mistakenly committed
2004-10-27 23:16:56 +00:00
itojun
70fc307de9
missing break; Emmanuel Dreyfus
2004-10-27 22:26:50 +00:00
itojun
5e3841214f
no need to call defrouter_select() here any more; jinmei
2004-10-26 07:03:29 +00:00
itojun
830e5a5fbf
more cleanup on onlink assumption; jinmei
2004-10-26 06:54:53 +00:00
itojun
b5f3688c67
remove onlink assumption behavior (consider destination on-link if default
...
router list is empty) based on recent IETF ipv6 discussion (RFC2461 5.2).
fix "ndp -I delete".
2004-10-26 06:08:00 +00:00
itojun
75259d166c
ip6_flow_seq is no longer available.
2004-10-18 01:43:43 +00:00
yamt
056303b850
rip6_output: redo raw_ip6.c 1.67-1.67, using m_copyback_cow.
2004-09-06 10:05:14 +00:00
manu
6e3c639957
IPv4 PIM support, based on a submission from Pavlin Radoslavov posted on
...
tech-net@
2004-09-04 23:29:44 +00:00
yamt
39dd3d0c5d
run PFIL_IFADDR hooks on SIOCAIFADDR_IN6 and SIOCDIFADDR_IN6 as well.
...
from Peter Postma, PR/26368.
ok'ed by itojun.
2004-07-26 13:44:35 +00:00
yamt
e08729e055
rip6_output: redo the previous (raw_ip6.c 1.66)
...
with less assumptions about alignment.
2004-07-23 09:53:10 +00:00
yamt
540e6d4640
rip6_output: make sure that the mbuf is writable
...
before write a checksum into it.
otherwise "ping6 -s50000" causes a panic.
ok'ed by itojun.
2004-07-22 05:26:46 +00:00
itojun
3f35f96f9a
prevent mbuf leak on IPsec tunnel mode. from iij seil team
2004-07-16 01:12:02 +00:00