Commit Graph

65 Commits

Author SHA1 Message Date
thorpej 55cd2960c9 In the IP_HDRINCL case of rip_output(), if the mbuf is read-only
then copy the header into a new mbuf before modifying it.

Fixes PR 18809.  Thanks to Chuq Silvers for diagnosing it.
2002-11-07 17:49:08 +00:00
simonb ddac8bbac4 Oops, still need the call to va_arg() to advance the args pointer. 2002-10-22 02:44:34 +00:00
simonb da0d919807 "off" in rip_input() is set but not used, remove it.
static global "ripsrc" is never used, remove it.
2002-10-22 02:34:47 +00:00
itojun c00fa8dfd9 avoid swapping endian of ip_len and ip_off on mbuf, to meet with M_LEADINGSPACE
optimization made last year.  should solve PR 17867 and 10195.

IP_HDRINCL behavior of raw ip socket is kept unchanged.  we may want to
provide IP_HDRINCL variant that does not swap endian.
2002-08-14 00:23:27 +00:00
itojun f192b66b94 whitespace 2002-06-09 16:33:36 +00:00
itojun dde7f16c1c have rip_ctlinput to notify routing changes to raw sockets
(protosw change to be done).  sync with kame
2001-12-21 02:51:47 +00:00
lukem ea1cd7eb08 add RCSIDs 2001-11-13 00:32:34 +00:00
matt da5a70805c Convert netinet to not use the internal <sys/queue.h> field names
but instead the access macros.  Use the FOREACH macros where appropriate.
2001-11-04 20:55:25 +00:00
itojun fd5e7077a3 allocate ipsec policy buffer attached to pcb in in*_pcballoc, before
giving anyone accesses to pcb (do not reveal an inconsistent ones).
sync with kame
2001-07-25 23:28:02 +00:00
itojun 193167b1eb call in{,6}_pcbpurgeif0() before in{,6}_purgeif(). 2001-07-03 08:06:19 +00:00
itojun 233e3963ed make sure to validate packet against ipsec policy. 2001-02-26 07:20:44 +00:00
itojun 617b3fab7e - record IPsec packet history into m_aux structure.
- let ipfilter look at wire-format packet only (not the decapsulated ones),
  so that VPN setting can work with NAT/ipfilter settings.
sync with kame.

TODO: use header history for stricter inbound validation
2001-01-24 09:04:15 +00:00
augustss 8529438fe6 Remove register declarations. 2000-03-30 12:51:13 +00:00
itojun 04ac848d6f introduce m->m_pkthdr.aux to hold random data which needs to be passed
between protocol handlers.

ipsec socket pointers, ipsec decryption/auth information, tunnel
decapsulation information are in my mind - there can be several other usage.
at this moment, we use this for ipsec socket pointer passing.  this will
avoid reuse of m->m_pkthdr.rcvif in ipsec code.

due to the change, MHLEN will be decreased by sizeof(void *) - for example,
for i386, MHLEN was 100 bytes, but is now 96 bytes.
we may want to increase MSIZE from 128 to 256 for some of our architectures.

take caution if you use it for keeping some data item for long period
of time - use extra caution on M_PREPEND() or m_adj(), as they may result
in loss of m->m_pkthdr.aux pointer (and mbuf leak).

this will bump kernel version.

(as discussed in tech-net, tested in kame tree)
2000-03-01 12:49:27 +00:00
darrenr fd7edad6c3 Change the use of pfil hooks. There is no longer a single list of all
pfil information, instead, struct protosw now contains a structure
which caontains list heads, etc.  The per-protosw pfil struct is passed
to pfil_hook_get(), along with an in/out flag to get the head of the
relevant filter list.  This has been done for only IPv4 and IPv6, at
present, with these patches only enabling filtering for IPPROTO_IP and
IPPROTO_IPV6, although it is possible to have tcp/udp, etc, dedicated
filters now also.  The ipfilter code has been updated to only filter
IPv4 packets - next major release of ipfilter is required for ipv6.
2000-02-17 10:59:32 +00:00
thorpej c1185c1020 PRU_PURGEADDR -> PRU_PURGEIF, per a discussion w/ itojun. In the IPv4
and IPv6 code, also use this to traverse PCB tables, looking for cached
routes referencing the dying ifnet, forcing them to be refreshed.
2000-02-02 23:28:08 +00:00
thorpej d844a3ac41 First-draft if_detach() implementation, originally from Bill Studnemund,
although this version has been changed somewhat:
- reference counting on ifaddrs isn't as complete as Bill's original
  work was.  This is hard to get right, and we should attack one
  protocol at a time.
- This doesn't do reference counting or dynamic allocation of ifnets yet.
- This version introduces a new PRU -- PRU_PURGEADDR, which is used to
  purge an ifaddr from a protocol.  The old method Bill used didn't work
  on all protocols, and it only worked on some because it was Very Lucky.

This mostly works ... i.e. works for my USB Ethernet, except for a dangling
ifaddr reference left by the IPv6 code; have not yet tracked this down.
2000-02-01 22:52:04 +00:00
itojun 1a2a1e2b1f bring in latest KAME ipsec tree.
- interop issues in ipcomp is fixed
- padding type (after ESP) is configurable
- key database memory management (need more fixes)
- policy specification is revisited

XXX m->m_pkthdr.rcvif is still overloaded - hope to fix it soon
2000-01-31 14:18:52 +00:00
itojun ea861f0183 sync IPv6 part with latest KAME tree. IPsec part is left unmodified
due to massive changes in KAME side.
- IPv6 output goes through nd6_output
- faith can capture IPv4 packets as well - you can run IPv4-to-IPv6 translator
  using heavily modified DNS servers
- per-interface statistics (required for IPv6 MIB)
- interface autoconfig is revisited
- udp input handling has a big change for mapped address support.
- introduce in4_cksum() for non-overwriting checksumming
- introduce m_pulldown()
- neighbor discovery cleanups/improvements
- netinet/in.h strictly conforms to RFC2553 (no extra defs visible to userland)
- IFA_STATS is fixed a bit (not tested)
- and more more more.

TODO:
- cleanup os-independency #ifdef
- avoid rcvif dual use (for IPsec) to help ifdetach

(sorry for jumbo commit, I can't separate this any more...)
1999-12-13 15:17:17 +00:00
itojun 6b9bfc0691 - Call in{,6}_pcbdetach if ipsec initialization is failed during PRU_ATTACH.
This situation happens on severe memory shortage.  We may need more
  improvements here and there.
- Grab IEEE802 address from IFT_ETHER card, even if the card is
  inserted after bootup time.  Is there any other card that can be
  inserted afterwards?  pcmcia fddi card? :-P
- RFC2373 u bit handling suggests that we SHOULD NOT copy interface id from
  ethernet card to pseudo interface, when ethernet card has IEEE802/EUI64
  with u bit != 0 (this means that IEEE802/EUI64 is not universally unique).
  Do not use such address as, for example, interface id for gif interface.
  (I have such an ethernet card myself)
  This may change interface id for your gif interface.  be careful upgrading
  rc files.

(sync with recent KAME)
1999-09-13 12:15:54 +00:00
thorpej f9a7668b3f defopt IPSEC and IPSEC_ESP (both into opt_ipsec.h). 1999-07-09 22:57:15 +00:00
darrenr a47ffec442 Call icmp_error() at the bottom of rip_input IFF rip_input is the handler
for the protocol in the specified packet.
Fix statistic gathering to not make bogus increments of ips_delivered and
ips_noproto for cases where rip_input() is called by a protocol handler
(such as icmp_input or igmp_input) which has already processed the packet.
1999-07-05 07:24:38 +00:00
itojun 118d2b1d4f IPv6 kernel code, based on KAME/NetBSD 1.4, SNAP kit 19990628.
(Sorry for a big commit, I can't separate this into several pieces...)
Pls check sys/netinet6/TODO and sys/netinet6/IMPLEMENTATION for details.

- sys/kern: do not assume single mbuf, accept chained mbuf on passing
  data from userland to kernel (or other way round).
- "midway" ATM card: ATM PVC pseudo device support, like those done in ALTQ
  package (ftp://ftp.csl.sony.co.jp/pub/kjc/).
- sys/netinet/tcp*: IPv4/v6 dual stack tcp support.
- sys/netinet/{ip6,icmp6}.h, sys/net/pfkeyv2.h: IETF document assumes those
  file to be there so we patch it up.
- sys/netinet: IPsec additions are here and there.
- sys/netinet6/*: most of IPv6 code sits here.
- sys/netkey: IPsec key management code
- dev/pci/pcidevs: regen

In my understanding no code here is subject to export control so it
should be safe.
1999-07-01 08:12:45 +00:00
thorpej a22cfcf3d4 Make programs that use raw IP work again; trim the header length from ip_len
before handing the packet off to the socket.
1999-01-30 21:43:16 +00:00
thorpej 30fcf99ef8 Fix a bug which would cause a panic in soreceive() if multiple raw
receivers ask for ancillary data.

Noted by Francis Dupont <Francis.Dupont@inria.fr> on tech-net.
1998-04-03 07:49:16 +00:00
scottr 54ea074777 Use option header file for MROUTING 1998-01-12 03:02:48 +00:00
thorpej e5e283e02d Finishing merging 4.4BSD-Lite2 netinet. At this point, the only changes
left were SCCS IDs and Copyright dates.
1998-01-05 10:31:44 +00:00
mycroft 466fb6d0db On output, if the packet length doesn't match the length in the IP header,
drop the packet with EINVAL.
1997-11-16 20:58:18 +00:00
matt 8c42ff649b Add support for returning maximum supported MTU when ip_output fails with
EMSGSIZE.
1997-10-14 00:52:39 +00:00
thorpej 9df1988ac8 Implement the IP_RECVIF socket option: supply a datagram packet's incoming
interface using a sockaddr_dl in a control mbuf.

Implement SO_TIMESTAMP for IP datagrams.

Move packet information option processing into a generic function
so that they work with multicast UDP and raw IP as well as unicast UDP.

Contributed by Bill Fenner <fenner@parc.xerox.com>.
1997-01-11 05:21:07 +00:00
thorpej 59bbc2199e In rip_output(), sanity check the length of the packet to be transmitted.
If it's larger than IP_MAXPACKET, return an error condition.
Based on a patch from Bill Fenner <fenner@parc.xerox.com>
1996-10-25 06:33:36 +00:00
mycroft 457b1b1333 Make sure the sin_zero fields are filled. 1996-09-16 17:45:17 +00:00
mycroft 9bfa240a98 Hash unconnected PCBs. 1996-09-15 18:11:06 +00:00
mycroft 62a6cce9ca Add in_nullhost() and in_hosteq() macros, to hide some protocol
details.  Also, fix a bug in TCP wrt SYN+URG packets.
1996-09-09 14:51:07 +00:00
mycroft 865bfae299 Return ENOPROTOOPT rather than picking pseudo-random error values.
Don't allow SIOCGET{VIF,SG}CNT from sockets other than the multicast router.
Restructure rip_ctloutput() like ip_ctloutput(), and fix memory leaks.
1996-06-23 12:12:44 +00:00
pk ecbb3b2eb2 Prototype new rip_*() functions. 1996-05-28 23:27:04 +00:00
mycroft 91ac291d97 Move some code into a separate rip_bind() function. 1996-05-24 19:03:13 +00:00
mycroft f399db63a4 Make sure the control mbufs are freed in all cases. 1996-05-23 17:03:27 +00:00
mycroft aee4be7a7f Minor changes to make this more like other protocols. Also, fix some return
values.
1996-05-23 16:12:15 +00:00
mycroft 49d52c9b1c Pass a proc pointer down to the usrreq and pcbbind functions for PRU_ATTACH, PRU_BIND and
PRU_CONTROL.  The usrreq interface really needs to be split up, but this will have to wait.
Remove SS_PRIV completely.
1996-05-22 13:54:55 +00:00
christos b2cc81b8fe Fix PR/2095 options MROUTING did not compile. 1996-02-18 18:58:32 +00:00
christos 14d9cd33af netinet prototypes 1996-02-13 23:40:59 +00:00
mycroft 67e78477db Build a hash table of PCBs. Hash function needs tweaking. 1996-01-31 03:49:23 +00:00
pk c069674663 Handle PRU_CONTROL (David Maltz; PR#1664). 1995-11-30 16:42:18 +00:00
cgd f90cf78fba convert pcb lists to CIRCLEQs, so that the end can be looked at more
easily, and so that the original (insque/remque) logic can be effectively
mimiced.  (This fixes a bug in the previous set of list changes.)
also (since terminator is no longer null) reinstate uninitted list checks,
but mark them XXX.
1995-06-18 20:01:08 +00:00
mycroft 6897f39ae9 Various cleanup, including:
* Convert several data structures to use queue.h.
* Split in_pcbnotify() into two parts; one for notifying a specific PCB, and
one for notifying all PCBs for a particular foreign address.
1995-06-12 00:46:47 +00:00
mycroft 0a99592372 Clean up many more casts. 1995-06-04 05:06:49 +00:00
mycroft ba9883ec57 Integrate multicast 3.5 distribution, with several bugs fixed and general
cleanup.  This is a (working) snapshot of work in progress.
1995-05-31 21:50:34 +00:00
cgd 80929f8527 be a bit more careful and explicit with types. (basically a large no-op.) 1995-04-13 06:35:38 +00:00
glass 14e57cebfa Fix for two bad tests in the raw IP socket input code. Only affected
raw sockets that were bound to a local address and/or connected to a
foreign address.   Fix from Dan McDonald <danmcd@itd.nrl.navy.mil>
1995-03-02 09:33:40 +00:00