Commit Graph

389 Commits

Author SHA1 Message Date
matt 5571e920d6 senderr needs only be declared when PFIL_HOOKS is defined 2001-06-12 17:55:52 +00:00
itojun bdbfdf946d run pfil_hooks for IPv6 forwarding path (note: ip6_forward() does not
call ip6_output()).
2001-06-12 15:12:33 +00:00
itojun 8b646a5273 remove IPV6FIREWALL case, which is never used 2001-06-11 13:49:18 +00:00
wiz 40ac848024 Fix various misspellings of compatible/compatibility. 2001-06-11 01:50:48 +00:00
mrg 6a536c0364 fix a IPNOPRIVPORTS unused variable botch. noted by proff. 2001-06-06 06:07:06 +00:00
thorpej ad9d3794b0 Implement support for IP/TCP/UDP checksum offloading provided by
network interfaces.  This works by pre-computing the pseudo-header
checksum and caching it, delaying the actual checksum to ip_output()
if the hardware cannot perform the sum for us.  In-bound checksums
can either be fully-checked by hardware, or summed up for final
verification by software.  This method was modeled after how this
is done in FreeBSD, although the code is significantly different in
most places.

We don't delay checksums for IPv6/TCP, but we do take advantage of the
cached pseudo-header checksum.

Note: hardware-assisted checksumming defaults to "off".  It is
enabled with ifconfig(8).  See the manual page for details.

Implement hardware-assisted checksumming on the DP83820 Gigabit Ethernet,
3c90xB/3c90xC 10/100 Ethernet, and Alteon Tigon/Tigon2 Gigabit Ethernet.
2001-06-02 16:17:09 +00:00
itojun 781f6920ab use default hoplimit when incoming interface is not given to icmp6_reflect.
sync with kame
2001-06-01 05:54:19 +00:00
mrg 67afbd6270 use _KERNEL_OPT 2001-05-30 11:57:16 +00:00
thorpej c973d6a0eb Skip the pseudo-header if nxt == 0. This is already documented
in in6_cksum(9) and is also the behavior of the i386 optimized
version.
2001-05-30 03:06:56 +00:00
itojun e91c2ce847 remove debug printfs, which can be too noisy. sync with kame. 2001-05-27 17:36:07 +00:00
itojun fc644273cd print more diag message on in6_addmulti() failures. 2001-05-24 08:17:22 +00:00
itojun a7596d1912 call icmp6_mtudisc_update(foo, 0) even if ICMPv6 messages are very short.
let icmp6 layer decide whether we take PMTUD routes or not.
2001-05-24 07:22:27 +00:00
itojun fc66251bda plug memory leak on invalid fragment packet. supress noisy log. from kame 2001-05-17 14:01:37 +00:00
itojun 498fdebcd7 drop multi destination mode (IFF_LINK0). 2001-05-14 13:35:20 +00:00
itojun f4d5905544 there's no need to #if NFAITH here. IN6P_FAITH can be set even on
NFAITH == 0 kernel, it is safer to always check the condition.
sync with kame.
2001-05-11 18:38:03 +00:00
itojun 63181d71c1 correct ecn consideration on tunnel encap/decap. sync with kame. 2001-05-10 01:37:42 +00:00
itojun 1bec764d78 correct faith prefix determination. use sys/netinet/if_faith.c:faithprefix()
to determine.  sync with kame.
(without this change, non-faith socket may mistakenly accept for-faith traffic)
2001-05-08 10:15:13 +00:00
itojun d1b6307b88 do not copy TTL field on ipsec tunnel mode encapsulation. sync with kame 2001-04-15 01:55:49 +00:00
thorpej bf2dcec4f5 Remove the use of splimp() from the NetBSD kernel. splnet()
and only splnet() is allowed for the protection of data structures
used by network devices.
2001-04-13 23:29:55 +00:00
itojun f4e4c674a7 disallow userland programs from specifying addresses with IPV6_PKTINFO
setsockopt, if:
- the address is not verified by DAD (= not ready)
- the address is an anycast address (= not permitted as source)
sync with kame
2001-04-11 04:57:53 +00:00
itojun 5ed8fd262b suppress RS/RA log messages (can be re-enabled by net.inet6.icmp6.nd6_debug),
as they may fill up /var.  sync with kame.
2001-04-04 06:28:41 +00:00
itojun 2abaa8eae5 make sure rcvif is sane on call to icmp6_reflect 2001-04-04 06:28:40 +00:00
itojun 92969654c0 enable FAKE_LOOPBACK_IF case by default.
now traffic on loopback interface will be presented to bpf as normal wire
format packet (without KAME scopeid in s6_addr16[1]).

fix KAME PR 250 (host mistakenly accepts packets to fe80::x%lo0).

sync with kame.
2001-03-30 11:08:56 +00:00
itojun dbcd4b8d03 fix constness of IN6_{IS,ARE}_xx with RFC2553. sync with kame. 2001-03-30 05:53:52 +00:00
itojun 2fb1887b31 re-initialize mopt in ip6_insert_jumboopt(). sync with kame
From: csapuntz@stanford.edu
2001-03-25 09:58:43 +00:00
itojun 0c8d8ae7a0 couple of missing splx. sync with kame.
From: csapuntz@play-doh.stanford.edu (Constantine Sapuntzakis)
2001-03-25 09:06:03 +00:00
itojun 3e898c9239 in nd6_cache_lladdr(), set nd6_gctimer to ln_expire just after the state
transition to STALE.  fixes tahi test breakage.  sync with kame.
2001-03-21 21:56:29 +00:00
thorpej 20fe4e2d96 Add a protosw flag, PR_ABRTACPTDIS (Abort on Accept of Disconnected
Socket), and add it to the protocols that use that behavior (all
PR_LISTEN protocols except for PF_LOCAL stream sockets).
2001-03-21 19:22:27 +00:00
itojun 4ce63adb1e do not inject packets to ipfilter, if the packet went through IPsec tunnel.
http://www.netbsd.org/Documentation/network/ipsec/#ipf-interaction
2001-03-21 19:12:56 +00:00
itojun 93b8b31feb set rmx_mtu to L2 interface mtu, instead of 0, on mtudisc timeout.
ip6_output() change is for safety.  sync with kame
2001-03-21 07:52:13 +00:00
itojun e4ecd03f2a drop packets with link-local addresses,
if (internally-used) interface ID portion is already filled.  sync with kame
2001-03-16 12:22:34 +00:00
itojun 27a0af5865 nd6_storelladdr() was not consistent about m_freem() policy.
do not touch RTF_STATIC entries (static ND entries) on ND cache update.
couple of costmetic sync.  sync with kame
2001-03-08 10:49:32 +00:00
itojun 7695280d34 more missing splx. from kame 2001-03-08 10:48:40 +00:00
itojun 912f42ecda remove bogus rtfree. sync with kame. inspired by openbsd PR 1706. 2001-03-08 00:19:03 +00:00
itojun 4e45315377 missing splx. from aaron@openbsd. sync with kame 2001-03-07 22:50:14 +00:00
itojun c9e08725bc avoid possible alignment issue. sync with kame 2001-03-04 16:49:17 +00:00
itojun dc3424f555 pass key to rijndael logic as binary, not hexadecimal string.
sync with kame
2001-03-02 15:42:39 +00:00
itojun f03176a0a8 have comment that refers to kame COVERAGE document. sync with kame 2001-03-02 04:55:40 +00:00
itojun 8c8c2f71a4 the date string in KAME version is getting very meaningless, remove. 2001-03-02 04:52:54 +00:00
itojun 2d6047cff9 make sure to enforce inbound ipsec policy checking, for any protocols on top
of ip (check it when final header is visited).  sync with kame.
XXX kame team will need to re-check policy engine code
2001-03-01 16:31:37 +00:00
itojun 233e3963ed make sure to validate packet against ipsec policy. 2001-02-26 07:20:44 +00:00
cgd 023e9f0649 C requires that labels be followed by statements. 2001-02-24 00:01:22 +00:00
itojun f2a66201fc garbage-collect stale ND entries (default: 1 day).
RFC 2461 5.3.  sync with kame.
2001-02-23 08:02:41 +00:00
itojun e1196a8f6e remove unnecessary state, ND6_LLINFO_WAITDELETE, from neighbor cache
state machine.
no need for RTF_REJECT on neighbor cache entires, they are leftover from
ARP code.
sync with kame.
2001-02-23 06:41:50 +00:00
itojun 2df943e652 correct handling of upper limitation to # of reass queue. 2001-02-22 05:04:42 +00:00
itojun 49889b3afd be more more picky about option length parsing. sync with kame 2001-02-22 01:40:25 +00:00
itojun e1e316562b make validation code more strict for ND6/dest6 variable length headers.
check duplicated nd6_ifinfo table initialization in a better way.
sync with kame
2001-02-21 17:23:09 +00:00
itojun 96413230d1 style, to make kame sync easier 2001-02-21 16:28:43 +00:00
itojun 52f2cece9f tighten AH IPv4 option chasing more. drop too short (< 2) option.
sync with kame.
2001-02-21 01:27:58 +00:00
itojun c9928e0ab1 need PR_ADDR|PR_ATOMIC for IPPROTO_EON. fix typo. from chopps, sync with kame 2001-02-21 00:11:53 +00:00