Commit Graph

439 Commits

Author SHA1 Message Date
itojun
f8321e02a6 fix cast128 with shorter key length. sync with kame 2001-11-27 11:19:36 +00:00
itojun
c23ea6c341 update outgoing ifp, only if tunnel mode ipsec is used. this is to
honor IP_MULTICAST_IF setsockopt on ipsec-over-multicast.  sync with kame
2001-11-21 06:28:08 +00:00
perry
c8549493da (minor) delint 2001-11-17 18:55:11 +00:00
lukem
4f2ad95259 add RCSIDs 2001-11-13 00:56:55 +00:00
itojun
d54922c799 check offset overrun in ip6_nexthdr. 2001-11-02 08:05:48 +00:00
simonb
5f717f7c33 Don't need to include <uvm/uvm_extern.h> just to include <sys/sysctl.h>
anymore.
2001-10-29 07:02:30 +00:00
itojun
7b1918bdc8 always check extension header length. 2001-10-29 05:23:17 +00:00
itojun
eecba85f88 no tcp_fasttimo any more. PR 14333 2001-10-24 09:37:00 +00:00
itojun
73f4e5001f more whitespace sync with kame 2001-10-24 06:36:37 +00:00
itojun
c7e6405a34 remove unused codepath (unifdef -UUDP6) 2001-10-24 06:04:08 +00:00
itojun
68fbfa26e8 gather stats on raw ip6 socket. sync with kame 2001-10-18 09:12:13 +00:00
itojun
51a9c75998 simplify per-if stats. 2001-10-18 09:09:25 +00:00
itojun
ae5499819c reduce diffs with kame (mostly cosmetic).
move IPV6_CHECKSUM processing to sys/netinet6/raw_ip6.c.
constify a couple of places.
2001-10-18 07:44:33 +00:00
itojun
1990d680c4 do not change neighbor cache state on entry timeout,
if the cache entry is for outgoing router.

perform on-linkness check before default router (re-)seletion.

do not play with interface direct route on nd6_rtrequest.

sync a lot of cosmetic changes.  sync with kame
2001-10-17 10:55:09 +00:00
itojun
dfb1429789 unifdef OLDIP6OUTPUT 2001-10-17 08:23:05 +00:00
itojun
7dcf45fbd8 more whitespace/comment sync with kame 2001-10-16 06:24:44 +00:00
itojun
45c8a6a57e remove unused #define. sync whitespace/comment with kame. 2001-10-16 04:57:38 +00:00
itojun
9bff6fde4c reduce diff with kame. whitespace only 2001-10-16 04:17:54 +00:00
itojun
149aafe6ad sync with kame.
net.inet6.icmp6.nodeinfo is now a bitmap (2^0 = ping6 -w, 2^1 = ping6 -a).
give up local if there's mbuf alloc failures.
cope with ".." in hostname.
sync comments/whitespaces.
2001-10-15 11:12:44 +00:00
itojun
91498ffec5 implement IPV6_V6ONLY socket option from draft-ietf-ipngwg-rfc2553bis-03.txt.
IPV6_BINDV6ONLY (netbsd only) is deprecated, but still work just like before.
2001-10-15 09:51:15 +00:00
itojun
99d25b4e8a reduce diff with kame. whitespace changes only. 2001-10-15 03:55:37 +00:00
wiz
456dff6cb8 Spell 'occurred' with two 'r's. 2001-09-16 16:34:23 +00:00
itojun
bf45c09959 fix SA lookup when IPsec transport mode and tunnel mode over IPv6 is used
at the same time.  sync with kame
(like "IP AH ESP IP", policy = "esp/tunnel/a-b/use ah/transport//use")
2001-09-13 06:30:57 +00:00
itojun
080d73b4a3 minor style 2001-09-10 03:08:18 +00:00
tls
3d4146e21f Add asm versions of blowfish and des transforms for i386.
This also involved updating the in-kernel DES functions to correspond
to the versions in our in-tree OpenSSL, because the des_SPtrans table
has changed; the asm code will not work with the old permutation table!

C and i386 asm code for the DES, 3DES, and Blowfish CBC modes is also
included; it is not currently built as the ESP processing in esp_core.c
splits the CBC operation and the cipher transform apart.  Hopefully that
will be fixed as there is a substantial performance improvement to be had
from doing so.  It will remain necessary to use the C version of the
Blowfish CBC function on some i386 machines, however, as the asm version
uses bswapl, which ony 486 and later processors have.  The DES CBC code
doesn't have this problem.

Finally, change esp_core.c to use the ecb3_encrypt function instead of
calling ecb_encrypt three times; this improves performance a bit, in
particular in the asm case.
2001-09-09 11:00:59 +00:00
itojun
4d1509970e do not try to bring IPv6 up on bridge*. 2001-08-23 02:58:24 +00:00
itojun
74ad87bc53 gif interface now uses generic software interrupt
(on archs that support it).  also, make gif ALTQ-capable on outgoing.
sync with kame, comments from thorpej.
2001-08-16 17:45:25 +00:00
itojun
57030e2f12 cache IPsec policy on in6?pcb. most of the lookup operations can be bypassed,
especially when it is a connected SOCK_STREAM in6?pcb.  sync with kame.
2001-08-06 10:25:00 +00:00
itojun
e3d077542f cosmetic (spacing near /* */). sync with kame 2001-08-05 22:20:44 +00:00
itojun
cad488d032 sync gif interface code with latest kame.
IFF_RUNNING is clearified.  attach/detach logic is more clearner.
the old code mistakenly set IFF_UP by itself, now the behavior is gone.
2001-07-29 05:08:32 +00:00
itojun
fd5e7077a3 allocate ipsec policy buffer attached to pcb in in*_pcballoc, before
giving anyone accesses to pcb (do not reveal an inconsistent ones).
sync with kame
2001-07-25 23:28:02 +00:00
itojun
a21ce80cd6 ifindex2ifnet could return NULL if if_detach() is used (pcmcia card
removal and such).
2001-07-25 09:23:46 +00:00
itojun
0cd424b3ce ifidex2ifnet could contain NULL after if_detach(). sync with kame 2001-07-25 06:59:51 +00:00
itojun
19392ee73b fix comment on setsockopt arg size. KAME PR 369 2001-07-24 00:44:36 +00:00
itojun
bee33e3d00 repair scoped address handling in PRU_BIND. sync with kame. 2001-07-23 19:29:53 +00:00
wiz
a9356936b4 seperate -> separate 2001-07-22 13:33:58 +00:00
itojun
7f070caa75 sync rt_ifp check with IPv4 counterpart (see sys/net/if_ethersubr.c 1.27).
sync with kame
2001-07-20 20:26:35 +00:00
itojun
8c9f492242 do not malloc() during interrupt context for IPv6 multicast kludge table.
malloc() during interface initialization.  sync with kame
2001-07-18 13:12:27 +00:00
itojun
fc35f336c7 sync with draft-ietf-ipngwg-p2p-pingpong-00.txt. apply special behavior
only if ip6_dst is "neighbor" within p2p prefix.  sync with kame
2001-07-18 09:24:26 +00:00
itojun
5e920039c6 have ovbcopy() macro, for cross-BSD compatibility only. 2001-07-07 14:45:46 +00:00
itojun
193167b1eb call in{,6}_pcbpurgeif0() before in{,6}_purgeif(). 2001-07-03 08:06:19 +00:00
itojun
1ff38f4d03 on interface removal, remove multicast groups joined from pcb, before
removing interface addresses.  without the change, we may deref
NULL pointer in in_pcbpurgeif().  from jinmei@kame, sync with kame
2001-07-02 15:25:34 +00:00
itojun
03927c60a5 call defrouter_select() only if it is autoconfigured host. 2001-06-29 16:01:47 +00:00
itojun
02c94ca414 refresh default router list on nd6_detach(), only if we are an
autoconfigured host.  bug was that, we will lose default route on
"ifconfig gif0 destroy" even if default is not pointing to gif0.
reported by ume@mahoroba.org.  sync with kame
2001-06-27 17:36:14 +00:00
itojun
9ccf08b3c5 netbsd; on interface removal, force pcbs to leave from multicast groups
pointing toward the interface about to be removed.  sync with kame
XXX still need more discussions on semantics.  the behavior should be safer
2001-06-27 15:53:14 +00:00
itojun
77a4124f7d the documents are out of sync with the latest situation. remove them. 2001-06-24 19:40:35 +00:00
itojun
885b74c2be select default router again, when L2 address of the router changes 2001-06-22 13:36:12 +00:00
itojun
0213b76857 remove RFC1885 compatibility code in #ifdef COMPAT_RFC1885, for icmp6
reply packet size consideration (obsolete, not used for a long time).
sync with kame
2001-06-22 13:01:49 +00:00
itojun
57d1913ebc do not forward packet back to point-to-point interface, if the packet
matches the ipv6 prefix assigned to the p2p interface (= redirect case).
this leads to pingpong, chews bandwidth.  bad thing is that bad guy from
remote can chew bandwidth.  (follows upcoming internet draft)
2001-06-22 12:33:05 +00:00
wiz
ccfe29f3cf Symmetric has one s and two m's. 2001-06-18 11:23:00 +00:00