Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
69,635 Commits 606 Branches 0 Tags 3.1 GiB
ae3a3247bb
Commit Graph

245 Commits

Author SHA1 Message Date
itojun
2192675fb1 move file static variable into auto variable, for better thread safety. 
(not really required for big lock MP).  sync with kame
 2000-09-09 16:15:47 +00:00
itojun
f8481d085e add attribute(packed). 
From: Alfred Perlstein <bright@wintelcom.net>
 2000-09-09 11:42:22 +00:00
itojun
dc23ec9971 add missing \n on log(). sync with kame 2000-08-31 07:35:44 +00:00
itojun
65fbdbe744 repair DES on LP64. past code did not interoperate with non-LP64, due to 
incorrect computed results.
remove unnecessary #ifdef/#define.  sync with kame.
 2000-08-31 07:33:04 +00:00
itojun
58c93e23cf LP64 fix (cast to u_long when printing size_t) 2000-08-30 14:58:33 +00:00
itojun
2af85c262b improve code sharing for esp_schedule(). add some diagnostics cases 
for esp_cbc_{en,de}crypt().  sync with kame.
 2000-08-29 11:32:21 +00:00
itojun
6fe60cce5f do not forward packets with unspecified source address (::). 
this is clarification recently made to RFC2460.  sync with kame.
 2000-08-29 09:19:43 +00:00
itojun
bb8d535cc5 use per-block cipher function + esp_cbc_{de,en}crypt. do not use 
cbc-over-mbuf functions in sys/crypto.

the change should make it much easier to switch crypto function to
machine-dependent ones (like assembly code under sys/arch/i386/crypto?).
also it should be much easier to import AES algorithms.

XXX: it looks that past blowfish-cbc code was buggy.  i ran some test pattern,
and new blowfish-cbc code looks more correct.  there's no interoperability
between the old code (before the commit) and the new code (after the commit).

XXX: need serious interop tests before move it into 1.5 branch
 2000-08-29 09:08:42 +00:00
itojun
3da9705446 add a warning on IPv6 setsockopt number space (*BSD shares the number space 
so consult KAME for number allocation)
 2000-08-27 01:02:48 +00:00
itojun
152da24bd9 implement net.inet6.ip6.{anon,low}port{min,max} sysctl variable. 2000-08-26 11:03:45 +00:00
itojun
4d40179399 add missing IPNOPRIVPORTS case 2000-08-26 10:40:03 +00:00
thorpej
5bd1b19b29 Don't use MALLOC() for variable-sized allocations. 2000-08-25 21:22:16 +00:00
itojun
cabceaa265 - icmp6 nodeinfo: remove possibility of unaligned pointer access. 
- jumbo payload output: fix incorrect mbuf manipulation
- pedant: align issues, mbuf assumption
(sync with kame)
 2000-08-19 08:15:53 +00:00
itojun
e6efb27c84 add missing splx, when outgoing interface queue is full on tunnelled 
ESP packet output.  KAME PR 280.
 2000-08-16 09:54:39 +00:00
thorpej
831a48fd0b Make this compile without INET6 again. 2000-08-15 21:43:57 +00:00
itojun
54aeb79d4c supress warning (LOG_ERR -> LOG_DEBUG) which occurs in the following situation: 
- manually configure an address from prefix P (like P::1)
- autoconfigure additional address from the same prefix P (like P::ifid).
- rtrequest fails due to P/plen already exists

more fundamental solution should appear later, when kame side stablizes it.
from thopej.
 2000-08-13 23:45:22 +00:00
itojun
5e868d1e49 clearifications in icmp6 node query support. 
XXX previous commit included "supported qtypes" icmp6 node query support.
sorry commit message was mistaken.
 2000-08-03 16:30:37 +00:00
itojun
afa5315364 correct typo in #define. ICMP6_NI_SUCESS -> SUCCESS (notice missing C). 
sync with kame.
 2000-08-03 14:31:04 +00:00
itojun
6574aa66e8 inhibit error code from rtinit(). this happens when we try to assign 
multiple addresses from same prefix, onto single interface.  PR 10427.


more info:
- 4.4BSD did not check return code from in_ifinit() at all.
  4.4BSD does not support multiple address from same prefix.
- past KAME change passed in{,6}_ifinit() to upwards, toward ifconfig(8).
  the behavior is filed as PR 10427.
- the commit inhibits EEXIST from rtinit(), hence partially recovers old
  4.4BSD behavior.
- the right thing to happen is to properly support multiple address assignment
  from the same prefix.  KAME tree has more extensive change, however, it needs
  much more time to get stabilized (rtentry refcnt change can cause serious
  issue, we really need to bake it before bring it to netbsd)
 2000-08-02 15:03:02 +00:00
itojun
32ef6bb0e7 sync comment with reality 2000-07-30 05:30:37 +00:00
itojun
0036ac92be clarify comment. from jhawk. sync with kame. 2000-07-30 04:33:34 +00:00
itojun
5e8b5a35e4 make ipsec_strerror(3) to return const char *, not char *. sync with kame. 2000-07-30 02:38:35 +00:00
itojun
63de4c2cb9 nuke the following sysctl variables. "ppsratelimit" should work better. 
need to recompile sbin/sysctl after updating /usr/include.
	net.inet.tcp.rstratelimit
	net.inet.icmp.errratelimit
	net.inet6.icmp6.errratelimit
 2000-07-28 04:06:52 +00:00
itojun
73a29e35ff do not forward packet with :: in the source. 
this is not in the spec - we had rough consensus on it in ipngwg,
spec will get updated to include this behavior.
 2000-07-27 15:53:51 +00:00
itojun
fec624be3f wrap kernel function prototype by #ifdef _KERNEL. 2000-07-23 08:24:12 +00:00
itojun
411ff12b27 pre-compute and cache intermediate crypto key. suggestion from sommerfeld, 
sync with kame.

loopback, blowfish-cbc transport mode, 128bit key
before: 86588496 bytes received in 00:42 (1.94 MB/s)
after: 86588496 bytes received in 00:31 (2.58 MB/s)
 2000-07-23 05:23:04 +00:00
itojun
65d37eff7f correct RFC2367 PF_KEY conformance (SADB_[AE]ALG_xx values and namespaces). 
sync from kame.

WARNING: need recompilation of setkey(8) and pkgsrc/security/racoon.
(no ipsec-ready netbsd was released as official release)
 2000-07-18 14:56:42 +00:00
itojun
5f09b77987 s/IPSEC_IPV6FWD/IPSEC/. this should correct strange behavior on ipv6 
forwarding (even if policy asks for tunnel mode encryption, packets
go out in clear).  sync with kame.
 2000-07-16 07:57:55 +00:00
itojun
a2744a4cf8 do not pull sys/queue.h from netinet6/in6.h. PR10597. 
some sync with kame.
 2000-07-16 01:10:34 +00:00
itojun
20964b0c23 fatal bug fix from kame (rtentry refcnt goes negative if we play with IPv6 
address/routing table too much).

in6_ifloop_request()
  not to request rtrequest to return an rtentry except for the ADD
  operation, in order to avoid misdecreasing the refcnt (which might
  cause leak of rtentry)
 2000-07-13 09:56:20 +00:00
itojun
f5211e847a remove m_pulldown statistics code. it is highly experimental and belong 
to kame tree only (not for *bsd).
 2000-07-13 05:34:21 +00:00
itojun
d8a9a3cc7b add ppsratelimit(9), which does event-per-sec rate limitation. 
use it from icmp6 error rate limitation code.
XXX better name for the function?
 2000-07-09 06:44:57 +00:00
itojun
ec67eee51f sync with kame. 
introduce in6_{recover,embed}scope, for in-kernel scoped-address manipulation.
improve in6_pcbnotify.
 2000-07-07 15:54:16 +00:00
christos
2068dee670 elide lint cast type conversion warnings. 2000-07-06 17:42:55 +00:00
itojun
210a3e2f80 remove unnecessary #include <netkey/key_debug.h>. from kame. 2000-07-06 12:51:39 +00:00
itojun
0a1e211454 - do not use bitfield for router renumbering header. 
- add protection mechanism against ND cache corruption due to bad NUD hints.
- more stats
- icmp6 pps limitation.  TOOD: should implement ppsratecheck(9).
 2000-07-06 12:36:18 +00:00
itojun
6fff122160 drop packet to tentative/duplicated interface address earlier. sync w/kame 2000-07-02 09:56:39 +00:00
itojun
8ff902fca1 repair kernel faithd(8) support. there were two mistakes: 
(1) tcp6_input dropped packets for translation
(2) in6_pcblookup_connect was too strict
 2000-07-02 08:04:10 +00:00
itojun
3ade27131a suppress too noisy warning on forward-over-loopback case. from kame 2000-06-30 19:46:05 +00:00
mrg
cf594a3f4d <vm/vm.h> -> <uvm/uvm_extern.h> 2000-06-28 03:01:16 +00:00
kleink
d2787dad27 XNS5.2: define sa_family_t and use it where specified by the standard. 2000-06-26 15:48:19 +00:00
itojun
278184a8ab avoid possible mbuf leaks on ipsec policy violation.(sync with kame) 2000-06-20 02:24:42 +00:00
itojun
90ca25568b remove obsolete sysctl MIB net.inet.ipsec.inbound_call_ike. 
(sync with kame)
 2000-06-15 05:01:06 +00:00
thorpej
1b8ede9f7c Import IPsec ESP from netbsd-cryptosrc-intl. 2000-06-14 19:39:42 +00:00
itojun
dafb757588 add algorithm name into algorithm table. (commit to crypto-intl will follow) 2000-06-14 11:27:35 +00:00
itojun
af9d516560 signedness issue with char, take 2. confirmed with i386 cc -funsigned-char. 2000-06-13 17:31:37 +00:00
itojun
c6a8ca266b workaround to suppress warning on char == unsigned char arch. 2000-06-13 16:34:37 +00:00
itojun
0455eac327 do not use cached route if the route becomes !RTF_UP. 
make the validation for jumbo payload option more strict.
 2000-06-13 14:43:44 +00:00
itojun
36887242d7 add sanity check on in6_ifaddr. 2000-06-13 04:35:29 +00:00
itojun
fa24d1db9b make sure to link new in6_ifaddr to if_addrlist. 2000-06-13 02:54:11 +00:00