Commit Graph

35 Commits

Author SHA1 Message Date
itojun
82eb4ce914 change the additional arg to be passed to ip{,6}_output to struct socket *.
this fixes KAME policy lookup which was broken by the previous commit.
2003-08-22 21:53:01 +00:00
jonathan
28b5f5dfab (fast-ipsec): Add hooks to pass IPv4 IPsec traffic into fast-ipsec, if
configured with ``options FAST_IPSEC''.  Kernels with KAME IPsec or
with no IPsec should work as before.

All calls to ip_output() now always pass an additional compulsory
argument: the inpcb associated with the packet being sent,
or 0 if no inpcb is available.

Fast-ipsec tested with ICMP or UDP over ESP. TCP doesn't work, yet.
2003-08-15 03:42:00 +00:00
itojun
5576ac2656 bpf_mtap() does not care about M_PKTHDR at the top. M_COPY_PKTHDR has some
consequences, so avoid it.  if we need to attach dummy headers, we should
use M_PREPEND instead.
2003-05-01 07:52:58 +00:00
itojun
e34d5a243d more pickier packet validation, based on
draft-savola-v6ops-6to4-security-00.txt.  sync w/kame
2002-11-17 19:29:31 +00:00
itojun
ce04d2f721 fix comment, sync with kame 2002-09-17 06:32:49 +00:00
itojun
cf50f0c768 reject SIOCAIFADDR if embedded address is in private address range. sync w/kame 2002-09-17 05:56:37 +00:00
itojun
c00fa8dfd9 avoid swapping endian of ip_len and ip_off on mbuf, to meet with M_LEADINGSPACE
optimization made last year.  should solve PR 17867 and 10195.

IP_HDRINCL behavior of raw ip socket is kept unchanged.  we may want to
provide IP_HDRINCL variant that does not swap endian.
2002-08-14 00:23:27 +00:00
itojun
cf8807954f backout previous. i was looking at the wrong RFC. 2002-08-06 04:58:57 +00:00
itojun
fa5ffb82e4 based on RFC2529, stf(4) should have 1480 as MTU, not 1280.
tron found it, sync w/kame
2002-08-05 23:37:48 +00:00
tron
e5e66e171b Increase interface output error count in case of a failure. 2002-07-23 06:59:51 +00:00
tron
5126e6107d Increase interface output counter for every encapsulated packet sent to IP. 2002-07-23 06:44:53 +00:00
itojun
a10b39ecad reject packets with IPv4 private address range. sync w/kame 2002-06-20 07:43:39 +00:00
itojun
745e191850 move protosw fragment for gif/stf to their own source code.
reduce #ifdef in stf code.  sync with kame
2001-12-21 03:21:50 +00:00
lukem
64a432d965 remove unnecessary #if NFOO > 0 .... #endif wrappers 2001-11-13 00:49:35 +00:00
lukem
34d65a3414 add RCSIDs 2001-11-12 23:49:33 +00:00
itojun
087b694325 too many curly brace. 2001-11-06 08:14:27 +00:00
matt
b26f63f404 Fix pr#14481 2001-11-06 06:26:34 +00:00
matt
b5e785f38d Switch to using queue access macros instead of refering to the member
fields explicitly.
2001-11-05 18:02:15 +00:00
thorpej
cbf41a143a bzero -> memset 2001-07-18 16:43:09 +00:00
itojun
7f6ce64273 inject outgoing packet to bpf. KAME PR 358. 2001-06-08 00:17:05 +00:00
itojun
63181d71c1 correct ecn consideration on tunnel encap/decap. sync with kame. 2001-05-10 01:37:42 +00:00
itojun
fce23b0ae4 correct outbound outer IPv4 destination address selection.
IFF_LINK0 disables inbound path, removes security worries.
more examples in manpage.
2001-04-29 03:56:06 +00:00
thorpej
bf2dcec4f5 Remove the use of splimp() from the NetBSD kernel. splnet()
and only splnet() is allowed for the protection of data structures
used by network devices.
2001-04-13 23:29:55 +00:00
itojun
ffc12ee678 explicitly use u_int32_t for DLT_NULL encapsulation.
correct gif address family.  from chopps, sync with kame.
2001-02-20 07:58:16 +00:00
itojun
9df62246e7 update comment to meet 6to4 RFC. sync with kame 2001-02-17 04:29:59 +00:00
itojun
a836499e32 make it possible to turn off ingress filter on gif/stf tunnel egress,
by using IFF_LINK2.  (part of) PR 11163 from Ken Raeburn.
2001-01-22 07:51:01 +00:00
itojun
df9784d749 pull post-4.4BSD change to sys/net/route.c from BSD/OS 4.2 (UCB copyrighted).
have sys/net/route.c:rtrequest1(), which takes rt_addrinfo * as the argument.
pass rt_addrinfo all the way down to rtrequest, and ifa->ifa_rtrequest.
3rd arg of ifa->ifa_rtrequest is now rt_addrinfo * instead of sockaddr *
(almost noone is using it anyways).

benefit: the follwoing command now works.  previously we need two route(8)
invocations, "add" then "change".
# route add -inet6 default ::1 -ifp gif0

remove unsafe typecast in rtrequest(), from rtentry * to sockaddr *.  it was
introduced by 4.3BSD-reno and never corrected.

XXX is eon_rtrequest() change correct regarding to 3rd arg?
eon_rtrequest() and rtrequest() were incorrect since 4.3BSD-reno,
so i do not have correct answer in the source code.
someone with more clue about netiso-over-ip, please help.
2001-01-17 04:05:41 +00:00
thorpej
fc5dafc79b Fix a rather annoying problem where the sockaddr_dl which holds
the link level name for the interface (ifp->if_sadl) is allocated
before ifp->if_addrlen is initialized, which could lead to allocating
too little space for the link level address.

Do this by splitting allocation of the link level name out of
if_attach() and into if_alloc_sadl(), which is normally called
by functions like ether_ifattach().  Network interfaces which
don't have a link-specific attach routine must call if_alloc_sadl()
themselves (example: gif).

Link level names are freed by if_free_sadl(), which can be called
from e.g. ether_ifdetach().  Drivers never need call if_free_sadl()
themselves as if_detach() will do it if it is not already done.

While here, add the ability to pass an AF_LINK address to
SIOCSIFADDR in ether_ioctl() (this is what caused me to notice
the problem that the above fixes).
2001-01-17 00:30:49 +00:00
thorpej
ed7695a765 Fill in if_dlt. 2000-12-18 19:44:33 +00:00
thorpej
c5293456da Adapt to bpfattach() changes, and further centralize the bpfattach()
and bpfdetach() calls into link-type subroutines where possible.
2000-12-12 18:00:22 +00:00
thorpej
7f86d18846 stf(4) is now a cloning network interface (although, only one is allowed
to be created).
2000-07-05 17:08:18 +00:00
itojun
3fff705c2a update i-d #. (sync with kame) 2000-06-10 08:02:20 +00:00
itojun
2e9df64fa3 sync IPv4 rogue address filter with RFC1122. (sync with kame) 2000-05-14 03:44:02 +00:00
itojun
eaeb53372e update comment (analysis on 04 draft) 2000-04-21 02:40:53 +00:00
itojun
3909133548 introduce sys/netinet/ip_encap.c, to dispatch inbound packets
to protocol handlers, based on src/dst (for ip proto #4/41).
see comment in ip_encap.c for details of the problem we have.
there are too many protocol specs for ip proto #4/41.
backward compatibility with MROUTING case is now provided in ip_encap.c.

fix ipip to work with gif (using ip_encap.c).  sorry for breakage.

gif now uses ip_encap.c.

introduce stf pseudo interface (implements 6to4, another IPv6-over-IPv4 code
with ip proto #41).
2000-04-19 06:30:51 +00:00