Commit Graph

609 Commits

Author SHA1 Message Date
itojun 8b02a8b924 remove unneeded extern decl (commented out). sync w/kame 2002-07-20 21:11:55 +00:00
wiz e00173a7f2 Spell 'should' correctly. 2002-07-18 11:59:06 +00:00
itojun d67bce4593 no need to bzero() twice. from he@netbsd 2002-07-13 21:04:55 +00:00
itojun 51bd9285d5 correct ping6 -w result wth hostname with [A-Z]. PR 17540. sync w/kame 2002-07-10 05:05:01 +00:00
thorpej 10c252ba47 Changes to allow the IPv4 and IPv6 layers to align headers themseves,
as necessary:
* Implement a new mbuf utility routine, m_copyup(), is is like
  m_pullup(), except that it always prepends and copies, rather
  than only doing so if the desired length is larger than m->m_len.
  m_copyup() also allows an offset into the destination mbuf, which
  allows space for packet headers, in the forwarding case.
* Add *_HDR_ALIGNED_P() macros for IP, IPv6, ICMP, and IGMP.  These
  macros expand to 1 if __NO_STRICT_ALIGNMENT is defined, so that
  architectures which do not have strict alignment constraints don't
  pay for the test or visit the new align-if-needed path.
* Use the new macros to check if a header needs to be aligned, or to
  assert that it already is, as appropriate.

Note: This code is still somewhat experimental.  However, the new
code path won't be visited if individual device drivers continue
to guarantee that packets are delivered to layer 3 already properly
aligned (which are rules that are already in use).
2002-06-30 22:40:32 +00:00
itojun 3973cdf049 typo in name 2002-06-29 12:33:33 +00:00
itojun d7006267f3 reduce kernel stack usage by separating struct secasindex. sync w/kame
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
2002-06-27 12:12:49 +00:00
itojun 61f28217c4 move sanity check upwards. sync w/kame
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
2002-06-22 12:27:09 +00:00
itojun cfb9a4a799 avoid listening socket from mistakenly use incorrect cached policy.
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>  sync w/kame
2002-06-22 12:04:07 +00:00
itojun 69d65da8c6 sizeof mistake in DIAGNOSTIC path. sync w/kame
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
2002-06-21 23:15:35 +00:00
itojun 3033187db0 previous commit cached pcb policy too much (when pcb points to
SPD entry that is not ipsec - like "none").  back it out.  sync w/kame
2002-06-16 16:28:36 +00:00
itojun c1808f02bf cache pcb policy as much as possible. in fact, if policy is not
IPSEC_POLICY_IPSEC we don't need to compare spidx.  sync w/kame
2002-06-14 14:47:24 +00:00
itojun 813344bfbe remove redundant line 2002-06-14 14:17:55 +00:00
itojun a8dde3fa57 free secpolicy on deepcopy failure 2002-06-13 05:10:13 +00:00
itojun dc96111483 deep-copy pcb policy if it is an ipsec policy. assign ID field to all
SPD entries.  make it possible for racoon to grab SPD entry on pcb
(racoon side needs some changes).  sync w/kame
2002-06-12 17:56:45 +00:00
itojun 3489976392 do not copy policy-on-socket at all. avoid copying packet header value to
struct spindex.  should reduce memory usage per socket/pcb, and should speedup
ipsec processing.  sync w/kame
2002-06-12 01:47:34 +00:00
itojun fa53d749ff share policy-on-pcb for listening socket. sync w/kame
todo: share even more, avoid frequent updates of spidx
2002-06-11 19:39:59 +00:00
itojun 2533e1f81f avoid variable name confusion. sync w/kame 2002-06-11 17:26:52 +00:00
itojun 9b2ae3537c silence some of log(), as the codepath will be visited for IPv6-non-capable
interfaces too and can be annoying.  net.inet6.icmp6.nd6_debug will
re-enable them.
2002-06-11 07:28:05 +00:00
itojun b05ff066a7 whitespace cleanup 2002-06-09 14:43:10 +00:00
itojun e55d3b6782 indent cleanup 2002-06-08 21:32:55 +00:00
itojun 7316bc595b KNF 2002-06-08 21:29:26 +00:00
itojun 2495e99fc7 gc 2002-06-08 21:28:18 +00:00
itojun 6d8d0d63d8 sync with latest KAME in6_ifaddr/prefix/default router manipulation.
behavior changes:
- two iocts used by ndp(8) are now obsolete (backward compat provided).
  use sysctl path instead.
- lo0 does not get ::1 automatically.  it will get ::1 when lo0 comes up.
2002-06-08 21:22:29 +00:00
itojun fc5800e3fd whitespace cleanup 2002-06-08 20:06:44 +00:00
itojun 2f88f76db1 in6_len2mask is a duplicate of in6_prefixlen2mask. unify. sync w/kame 2002-06-08 00:07:00 +00:00
itojun 9736fd7f05 on SIOCAIFADDR_IN6 check if sin6_len is sane. sync w/kame 2002-06-08 00:01:30 +00:00
itojun e4f39ff86f panic() if NULL is passed to ah_sumsiz_xx. suggested by sam leffler, sync w/kame 2002-06-07 23:42:41 +00:00
itojun 36f10d3196 some KNF 2002-06-07 22:08:41 +00:00
itojun acf7dffae4 some KNF 2002-06-07 22:07:38 +00:00
itojun 0026ddd6dd no need for offsetof() 2002-06-07 22:06:48 +00:00
itojun edcbce7c37 typo 2002-06-07 22:05:37 +00:00
itojun a1e0f0f9a7 sync IPV6_CHECKSUM handling with kame. 2002-06-07 22:03:02 +00:00
fvdl 2aae9aee46 Fix mistakes in previous. 2002-06-07 18:19:30 +00:00
itojun 09342cdd61 typo 2002-06-07 18:19:05 +00:00
itojun fc16676d8e If there has been no NS for the neighbor after entering the
INCOMPLETE state, send the first solicitation in nd6_output(), regardless
of the timer value.
revised comments about rate-limiting accordingly.

sync w/kame
2002-06-07 17:15:12 +00:00
itojun 4e9401b698 comment 2002-06-07 17:13:56 +00:00
itojun ac03214470 whitespace 2002-06-07 14:48:56 +00:00
itojun 3e3b75590b remove #if 0'ed portion 2002-06-07 14:43:11 +00:00
itojun c889402ba0 style 2002-06-07 14:37:38 +00:00
itojun 3c11868be8 consistency 2002-06-07 14:35:55 +00:00
itojun 05f0c3e705 KNF a bit 2002-06-07 14:29:10 +00:00
itojun a11e34efc5 whitespace 2002-06-07 07:38:51 +00:00
itojun e2ce1896bd whitespace 2002-06-07 07:35:39 +00:00
itojun 9b39e24802 minor KNF to sync w/kame 2002-06-07 04:30:40 +00:00
itojun 06ed16c31d typo 2002-06-07 04:18:11 +00:00
itojun 922b4012cc 'fall through' is not a valid LINT keyword. 2002-06-07 04:07:55 +00:00
itojun 83aff37a0f remove support for deprecated ioctls (EINVAL). sync w/kame 2002-06-07 04:03:53 +00:00
itojun 88a8e0dd9e cope with ndi->maxmtu == 0 case. sync w/kame 2002-06-07 03:05:18 +00:00
itojun fb6078474d cope with cases when maxmtu == 0 (this shoulnd't happen!) 2002-06-07 02:31:04 +00:00
itojun 1eb402e813 be sure to use L3 MTU, not L2 MTU, when specified in spec (affects FDDI/ARCnet) 2002-06-05 01:10:54 +00:00
itojun ad4cab117d whitespace at EOL 2002-06-03 02:09:37 +00:00
itojun ed45b704ac do not hardcode if_mtu values in here, except for IFT_{ARC,FDDI} -
they need special handling.  makes it possible to take advantage of 9k ether
frames.
2002-06-03 00:51:47 +00:00
itojun 5625d3b849 do not mistakenly lock PMTUD route entry with RTV_MTU. 2002-05-31 04:26:19 +00:00
itojun 3449ca6d23 do not try to update rmx_mtu if rmx_mtu == 0 (obey ifmtu) 2002-05-31 03:18:54 +00:00
itojun 87fc46bce9 improve nd6_setmtu(), to warn too-small MTU on SIOCSIFMTU. sync w/kame 2002-05-30 05:06:28 +00:00
itojun a3e4fbdf14 use M_READONLY where possible. minor cleanup/sync with kame. 2002-05-30 04:39:15 +00:00
christos c7f67f1479 make this compile again. 2002-05-29 19:50:48 +00:00
itojun cfc6c918de missing bzero 2002-05-29 13:56:14 +00:00
itojun 050c5b5b7c receivedra field is gone 2002-05-29 13:52:56 +00:00
itojun 913276174b "receivedra" field name is obsolete. 2002-05-29 09:32:01 +00:00
itojun 14dafa8f6a avoid unneeded malloc/free. sync w/kame 2002-05-29 09:05:18 +00:00
itojun 5c1df51d53 attach nd_ifinfo structure into if_afdata.
split IPv6 link MTU (advertised by RA) from real link MTU.
sync with kame
2002-05-29 07:53:39 +00:00
itojun 9ea1dc0d36 correct rmx_mtu value after PMTUD entry timeout (should be set to 0) 2002-05-29 06:55:48 +00:00
itojun ede265fffd move per-interface ip6/icmp6 stat to ifnet->if_afdata. sync w/kame 2002-05-29 02:58:28 +00:00
itojun a15e664f71 rm obsolete comment 2002-05-29 01:43:25 +00:00
itojun 3be26b82ef use arc4random 2002-05-28 11:19:17 +00:00
itojun 4121fa09fc correct in*_pcbrtentry. check cached value correctly. 2002-05-28 11:10:52 +00:00
itojun d208a22daa use arc4random() where possible.
XXX is it necessary to do microtime() on tcp syn cache?
2002-05-28 10:11:49 +00:00
itojun 7410ea60ca in in*_pcbrtentry(), check if route is still valid (RTF_UP),
and address family is still valid.
2002-05-28 10:07:51 +00:00
itojun 10c5914022 limit number of IPv6 fragments (not the fragment queue size) to
fight against lots-of-frags DoS attacks.  sync w/kame
2002-05-28 03:04:05 +00:00
itojun 9a1a825873 we have no IFT_DUMMY. kame merge mistake 2002-05-25 22:18:49 +00:00
itojun e3c4951b26 re-enable ipsec policy caching onto pcb. refcnt fix and workarounds based on ymmt-san. 2002-05-25 10:01:01 +00:00
itojun 6f589cb1b2 extra blank line 2002-05-24 09:21:30 +00:00
itojun c3015f8b5d make a strict check before sending FQDN node information reply. sync w/kame 2002-05-24 09:13:59 +00:00
itojun 7e7fcd1df4 remove wrong "break" statement 2002-05-23 06:53:13 +00:00
itojun 64a1cfbf83 no longer need IFT_PROPVIRTUAL "bridge[0-9]+" check. 2002-05-23 06:40:03 +00:00
itojun 970757edd8 simplify conditions to do DAD. sync w/kame 2002-05-23 06:35:18 +00:00
itojun e1d17f512b should perform DAD for IFT_GIF. 2002-05-23 06:28:25 +00:00
itojun 5a51285f02 do not have link-local address for IFT_BRIDGE 2002-05-23 06:25:25 +00:00
itojun d2fd814987 in sp caching code, check if sp is still alive. sync w/kame 2002-05-19 00:46:40 +00:00
itojun b5f1426ee0 rename: net.inet6.ip6.bindv6only -> net.inet6.ip6.v6only
sync w/kame.
2002-05-14 10:27:28 +00:00
matt 0dc8ee943d Eliminate more commons or redundant declarations. 2002-05-14 02:58:32 +00:00
kleink 241f6932ee * Use uint{8,32}_t from <netinet/in.h> where applicable; use private
fixed-width integer types otherwise.
* Protect RFC 2292 prototypes, which are not XNS5.2/POSIX-2001; also, define
  size_t for inet6_rthdr_space().
2002-05-13 15:20:30 +00:00
kleink 0f1faf8e09 IPV6PORT_* aren't in the reserved namespace either. 2002-05-13 14:25:13 +00:00
kleink d258299876 Check _POSIX_C_SOURCE as well. 2002-05-13 14:15:34 +00:00
kleink a317e750c3 Update two comments. 2002-05-13 13:52:31 +00:00
kleink 602066c0d6 Provide local definitions of in_{addr,port}_t in <netinet/in.h> and use
them where deemed appropriate by XNS5.2/POSIX-2001.
2002-05-12 23:04:15 +00:00
matt c03e11f081 Eliminate commons. 2002-05-12 20:33:50 +00:00
wiz d30d25dc1a Spelling fixes, from Sergey Svishchev in kern/16650. 2002-05-12 15:48:36 +00:00
itojun 861dfdc294 disable ipsec policy caching on pcb, as it seems that there's some reference-
counting mistake that causes panic - see PR 15953 and 13813.

i am unable to find the real cause of problem, so it is a shortterm workaround,
hopefully.
2002-05-10 05:49:21 +00:00
itojun d7669537a8 remove unneeded #ifdef __FreeBSD__ portion. 2002-05-10 05:38:29 +00:00
thorpej dc12059c9e Use M_READONLY() rathern than testing to see if ext_free is set
or MCLISREFERENCED().
2002-04-28 00:54:41 +00:00
itojun 64109d267c make sure to check address family in route cache
(I really hate IPv4 mapped address...)
2002-03-28 01:33:50 +00:00
itojun bb1e9bbcd8 double m_free() - niklas@openbsd 2002-03-24 20:46:56 +00:00
itojun 714618fb98 fix arg to bcmp() - need to compare 15 bytes, not 3 bytes. sync w/kame 2002-03-23 00:43:59 +00:00
itojun 8cbb556660 protect in6pcb queue operation by splnet, as pcb queue will be touched
by in6_pcbpurgeif() under splnet.
2002-03-21 02:11:39 +00:00
itojun 007db8b52a remove obsolete comment 2002-03-20 22:47:59 +00:00
itojun d31217b639 check sa_len and sa_family strictly. (NOTE: rtsol/rtsold older than Nov2001
will stop working, upgrade them first)
2002-03-19 01:21:19 +00:00
itojun f3279050b2 esp/ah_ctlinput: pass useful address to key_alloc. 2002-03-18 15:30:03 +00:00