Commit Graph

850 Commits

Author SHA1 Message Date
christos 49b19c5f09 PR/30821: SUZUKI, Shinsuike: IPsec-AH is always calculated using the same
key in AES-XCBC-MAC
2005-07-28 14:19:56 +00:00
tron d5da0b0c38 Remove unnecessary bzero() calls before calling the algorithm specific
init function.
2005-07-21 16:59:20 +00:00
gdt b0239c745e Add PR_PURGEIF flag for protocols to indicate that the protocol might
store a struct ifnet *, and define it for udp/tcp/rawip for INET and
INET6.  When deleting a struct ifnet, invoke PRU_PURGEIF on all
protocols marked with PR_PURGEIF.  Closes PR kern/29580 (mine).
2005-07-19 12:58:24 +00:00
tron 58b513c9f5 Defopt IPSEC_NAT_T. 2005-07-07 16:00:56 +00:00
christos 7642adc771 match the declarations in libipsec.h 2005-06-26 21:14:37 +00:00
mlelstv d23f1d6e16 expire cached route. Fixes PR 22792. 2005-06-26 10:39:21 +00:00
tron c86b2622dd Change the first argument of the encapsulation check function from
"const struct mbuf *" to "struct mbuf *". Without this change the
actual implementation cannot even use m_copydata() on the mbuf chain
which is broken.
2005-06-02 15:21:35 +00:00
tron 41dcb3a310 Remove type casts and lint directives which are now longer necessary
because the first argument of m_copydata() is "const struct mbuf *" now.
2005-06-02 10:54:58 +00:00
christos 2ab31527e2 - avoid shadowed variables
- sprinkle const.
2005-05-29 21:43:51 +00:00
christos 6dbf0e5b0a avoid silly static variables that even caused nesting issues, not to mention
reentrancy concerns.
2005-05-29 21:43:09 +00:00
seanb 40b52d3132 - Arithmetic error when calculating ticks to nd6_llinfo_settimer().
- Reviewed by christos.
2005-05-27 22:26:25 +00:00
manu 7c6ffb8ab4 Use NAT-T ports for AH and IPcomp too. 2005-05-20 01:25:17 +00:00
christos 362a4a0bd5 Yes, it was a cool trick >20 years ago to use "0123456789abcdef"[a] to
implement, xtoa(), but I think defining the samestring 50 times is a bit
too much. Defined HEXDIGITS and hexdigits in subr_prf.c and use it...
2005-05-17 04:14:57 +00:00
christos 7d0b65d656 PR/30154: YAMAMOTO Takashi: tcp_close locking botch
One more so_uid -> so_uidinfo change.
2005-05-07 17:44:11 +00:00
yamt 34c3fec469 move decl of inetsw to its own header to avoid array of incomplete type.
found by gcc4.  reported by Adam Ciarcinski.
2005-04-29 10:39:09 +00:00
manu 455d55f55b Enhance IPSEC_NAT_T so that it can work with multiple machines behind the
same NAT.
2005-04-23 14:05:28 +00:00
yamt df9d0a0359 disable loopback checksum omission for udp6.
i forgot to commit this with:
http://mail-index.NetBSD.org/source-changes/2005/04/18/0023.html
2005-04-22 11:56:33 +00:00
itojun f1fe53f0ac AES counter mode uses 8byte IV, not 16 bytes.
msa@burp.tkv.asdf.org, Juha.Leppilahti@iki.fi
2005-04-22 02:43:39 +00:00
tron 6589458a53 Make sure that prefixes get purged. This fixes PR kern/21189,
PR kern/25968 and PR kern/27873.
2005-04-03 11:02:27 +00:00
atatat 5b8a6c916d Revert the change that made kern.file2 and net.*.*.pcblist into nodes
instead of structs.  It had other deleterious side-effects that are
rather nasty.  Another solution must be found.
2005-03-11 06:16:15 +00:00
atatat ca63da437a Change types of kern.file2 and net.*.*.pcblist to NODE 2005-03-10 05:43:25 +00:00
itojun b64c75b041 correct mistake reported by VANHULLEBUS Yvan 2005-03-09 14:17:13 +00:00
atatat 7c62c74d09 Add the following nodes to the sysctl tree:
net.local.stream.pcblist
	net.local.dgram.pcblist
	net.inet.tcp.pcblist
	net.inet.udp.pcblist
	net.inet.raw.pcblist
	net.inet6.tcp6.pcblist
	net.inet6.udp6.pcblist
	net.inet6.raw6.pcblist

which allow retrieval of the pcbs in use for those protocols.  The
struct involved is 32/64 bit clean and incorporates parts of struct
inpcb, struct unpcb, a bit of struct tcpcb, and two socket addresses.
2005-03-09 05:07:19 +00:00
itojun 015b260743 make ip6_getpmtu back to static 2005-02-28 09:27:07 +00:00
perry f07677dd81 nuke trailing whitespace 2005-02-26 22:45:09 +00:00
manu 5c217c1a67 Add support for IPsec Network Address Translator traversal (NAT-T), as
described by RFC 3947 and 3948.
2005-02-12 12:31:07 +00:00
itojun 692c601c25 backout 1.54. heurestic code should never be used. if you experience DAD
failure, suspect your driver, not ND code.
2005-02-10 02:57:17 +00:00
drochner e1e8770b32 Give DAD a chance to succeed even if the network is "slightly broken"
(in my case it as a switch set to "monitor" mode):
If we see an NS request for the address we are just probing for, for
three times the number of DAD packets we are supposed to send (the
"ip6.dad_count" sysctl variable), assume that these are our own packets
and let DAD succeed.
The code for this was mostly there, commented out. Just needed some fixes.
The "three times" is heuristic of course.
Being here, reset the "dad_ns_tcount" variable on a successful send;
otherwise we get strange interdependencies with user-settable variables
(ever tried to set ip6.dad_count to something >15?).
2005-02-02 20:56:27 +00:00
drochner dc86361844 remove the unused in6_ifindex2scopeid()
if at all, it works with site-local addresses whose fate is uncertain
to say the least
2005-02-01 15:29:23 +00:00
drochner 5d0cfbc9bd sin6_scope_id maps to interface indices for link local addresses only!
(unlikely to be used with other scopes for now, but we should be
correct anyway)
2005-02-01 14:56:17 +00:00
matt d341be30f4 Change initialzie of domains to use link sets. Switch to using STAILQ.
Add a convenience macro DOMAIN_FOREACH to interate through the domain.
2005-01-23 18:41:56 +00:00
itojun 57fd095fdf shouldn't check code field on "packet too big" icmp6 message. 2005-01-17 10:16:07 +00:00
drochner e5653b8213 remove a redundant check for ifindex2ifnet[idx] != 0 2004-12-21 11:40:12 +00:00
drochner f44d9a5791 fix ifindex argument checks for IPV6_JOIN_GROUP,
IPV6_LEAVE_GROUP and IPV6_MULTICAST_IF -
0 is always legal
2004-12-21 11:37:47 +00:00
thorpej 7994b6f95e Don't perform checksums on loopback interfaces. They can be reenabled with
the net.inet.*.do_loopback_cksum sysctl.

Approved by: groo
2004-12-15 04:25:19 +00:00
peter 396b87b8c2 Convert lo(4) to a clonable device.
This also removes the loif array and changes all code to use the new
lo0ifp pointer which points to the lo0 ifnet structure.

Approved by christos.
2004-12-04 16:10:25 +00:00
christos 694d5b6a91 We don't need to include bpfilter.h 2004-11-28 02:37:38 +00:00
itojun 5bcaef8e92 wrong paren. Patrick Latifi 2004-11-17 03:20:53 +00:00
itojun bc559f51c6 remove extra code mistakenly committed 2004-10-27 23:16:56 +00:00
itojun 70fc307de9 missing break; Emmanuel Dreyfus 2004-10-27 22:26:50 +00:00
itojun 5e3841214f no need to call defrouter_select() here any more; jinmei 2004-10-26 07:03:29 +00:00
itojun 830e5a5fbf more cleanup on onlink assumption; jinmei 2004-10-26 06:54:53 +00:00
itojun b5f3688c67 remove onlink assumption behavior (consider destination on-link if default
router list is empty) based on recent IETF ipv6 discussion (RFC2461 5.2).

fix "ndp -I delete".
2004-10-26 06:08:00 +00:00
itojun 75259d166c ip6_flow_seq is no longer available. 2004-10-18 01:43:43 +00:00
yamt 056303b850 rip6_output: redo raw_ip6.c 1.67-1.67, using m_copyback_cow. 2004-09-06 10:05:14 +00:00
manu 6e3c639957 IPv4 PIM support, based on a submission from Pavlin Radoslavov posted on
tech-net@
2004-09-04 23:29:44 +00:00
yamt 39dd3d0c5d run PFIL_IFADDR hooks on SIOCAIFADDR_IN6 and SIOCDIFADDR_IN6 as well.
from Peter Postma, PR/26368.
ok'ed by itojun.
2004-07-26 13:44:35 +00:00
yamt e08729e055 rip6_output: redo the previous (raw_ip6.c 1.66)
with less assumptions about alignment.
2004-07-23 09:53:10 +00:00
yamt 540e6d4640 rip6_output: make sure that the mbuf is writable
before write a checksum into it.
otherwise "ping6 -s50000" causes a panic.

ok'ed by itojun.
2004-07-22 05:26:46 +00:00
itojun 3f35f96f9a prevent mbuf leak on IPsec tunnel mode. from iij seil team 2004-07-16 01:12:02 +00:00