matt
5571e920d6
senderr needs only be declared when PFIL_HOOKS is defined
2001-06-12 17:55:52 +00:00
itojun
bdbfdf946d
run pfil_hooks for IPv6 forwarding path (note: ip6_forward() does not
...
call ip6_output()).
2001-06-12 15:12:33 +00:00
itojun
8b646a5273
remove IPV6FIREWALL case, which is never used
2001-06-11 13:49:18 +00:00
wiz
40ac848024
Fix various misspellings of compatible/compatibility.
2001-06-11 01:50:48 +00:00
mrg
6a536c0364
fix a IPNOPRIVPORTS unused variable botch. noted by proff.
2001-06-06 06:07:06 +00:00
thorpej
ad9d3794b0
Implement support for IP/TCP/UDP checksum offloading provided by
...
network interfaces. This works by pre-computing the pseudo-header
checksum and caching it, delaying the actual checksum to ip_output()
if the hardware cannot perform the sum for us. In-bound checksums
can either be fully-checked by hardware, or summed up for final
verification by software. This method was modeled after how this
is done in FreeBSD, although the code is significantly different in
most places.
We don't delay checksums for IPv6/TCP, but we do take advantage of the
cached pseudo-header checksum.
Note: hardware-assisted checksumming defaults to "off". It is
enabled with ifconfig(8). See the manual page for details.
Implement hardware-assisted checksumming on the DP83820 Gigabit Ethernet,
3c90xB/3c90xC 10/100 Ethernet, and Alteon Tigon/Tigon2 Gigabit Ethernet.
2001-06-02 16:17:09 +00:00
itojun
781f6920ab
use default hoplimit when incoming interface is not given to icmp6_reflect.
...
sync with kame
2001-06-01 05:54:19 +00:00
mrg
67afbd6270
use _KERNEL_OPT
2001-05-30 11:57:16 +00:00
thorpej
c973d6a0eb
Skip the pseudo-header if nxt == 0. This is already documented
...
in in6_cksum(9) and is also the behavior of the i386 optimized
version.
2001-05-30 03:06:56 +00:00
itojun
e91c2ce847
remove debug printfs, which can be too noisy. sync with kame.
2001-05-27 17:36:07 +00:00
itojun
fc644273cd
print more diag message on in6_addmulti() failures.
2001-05-24 08:17:22 +00:00
itojun
a7596d1912
call icmp6_mtudisc_update(foo, 0) even if ICMPv6 messages are very short.
...
let icmp6 layer decide whether we take PMTUD routes or not.
2001-05-24 07:22:27 +00:00
itojun
fc66251bda
plug memory leak on invalid fragment packet. supress noisy log. from kame
2001-05-17 14:01:37 +00:00
itojun
498fdebcd7
drop multi destination mode (IFF_LINK0).
2001-05-14 13:35:20 +00:00
itojun
f4d5905544
there's no need to #if NFAITH here. IN6P_FAITH can be set even on
...
NFAITH == 0 kernel, it is safer to always check the condition.
sync with kame.
2001-05-11 18:38:03 +00:00
itojun
63181d71c1
correct ecn consideration on tunnel encap/decap. sync with kame.
2001-05-10 01:37:42 +00:00
itojun
1bec764d78
correct faith prefix determination. use sys/netinet/if_faith.c:faithprefix()
...
to determine. sync with kame.
(without this change, non-faith socket may mistakenly accept for-faith traffic)
2001-05-08 10:15:13 +00:00
itojun
d1b6307b88
do not copy TTL field on ipsec tunnel mode encapsulation. sync with kame
2001-04-15 01:55:49 +00:00
thorpej
bf2dcec4f5
Remove the use of splimp() from the NetBSD kernel. splnet()
...
and only splnet() is allowed for the protection of data structures
used by network devices.
2001-04-13 23:29:55 +00:00
itojun
f4e4c674a7
disallow userland programs from specifying addresses with IPV6_PKTINFO
...
setsockopt, if:
- the address is not verified by DAD (= not ready)
- the address is an anycast address (= not permitted as source)
sync with kame
2001-04-11 04:57:53 +00:00
itojun
5ed8fd262b
suppress RS/RA log messages (can be re-enabled by net.inet6.icmp6.nd6_debug),
...
as they may fill up /var. sync with kame.
2001-04-04 06:28:41 +00:00
itojun
2abaa8eae5
make sure rcvif is sane on call to icmp6_reflect
2001-04-04 06:28:40 +00:00
itojun
92969654c0
enable FAKE_LOOPBACK_IF case by default.
...
now traffic on loopback interface will be presented to bpf as normal wire
format packet (without KAME scopeid in s6_addr16[1]).
fix KAME PR 250 (host mistakenly accepts packets to fe80::x%lo0).
sync with kame.
2001-03-30 11:08:56 +00:00
itojun
dbcd4b8d03
fix constness of IN6_{IS,ARE}_xx with RFC2553. sync with kame.
2001-03-30 05:53:52 +00:00
itojun
2fb1887b31
re-initialize mopt in ip6_insert_jumboopt(). sync with kame
...
From: csapuntz@stanford.edu
2001-03-25 09:58:43 +00:00
itojun
0c8d8ae7a0
couple of missing splx. sync with kame.
...
From: csapuntz@play-doh.stanford.edu (Constantine Sapuntzakis)
2001-03-25 09:06:03 +00:00
itojun
3e898c9239
in nd6_cache_lladdr(), set nd6_gctimer to ln_expire just after the state
...
transition to STALE. fixes tahi test breakage. sync with kame.
2001-03-21 21:56:29 +00:00
thorpej
20fe4e2d96
Add a protosw flag, PR_ABRTACPTDIS (Abort on Accept of Disconnected
...
Socket), and add it to the protocols that use that behavior (all
PR_LISTEN protocols except for PF_LOCAL stream sockets).
2001-03-21 19:22:27 +00:00
itojun
4ce63adb1e
do not inject packets to ipfilter, if the packet went through IPsec tunnel.
...
http://www.netbsd.org/Documentation/network/ipsec/#ipf-interaction
2001-03-21 19:12:56 +00:00
itojun
93b8b31feb
set rmx_mtu to L2 interface mtu, instead of 0, on mtudisc timeout.
...
ip6_output() change is for safety. sync with kame
2001-03-21 07:52:13 +00:00
itojun
e4ecd03f2a
drop packets with link-local addresses,
...
if (internally-used) interface ID portion is already filled. sync with kame
2001-03-16 12:22:34 +00:00
itojun
27a0af5865
nd6_storelladdr() was not consistent about m_freem() policy.
...
do not touch RTF_STATIC entries (static ND entries) on ND cache update.
couple of costmetic sync. sync with kame
2001-03-08 10:49:32 +00:00
itojun
7695280d34
more missing splx. from kame
2001-03-08 10:48:40 +00:00
itojun
912f42ecda
remove bogus rtfree. sync with kame. inspired by openbsd PR 1706.
2001-03-08 00:19:03 +00:00
itojun
4e45315377
missing splx. from aaron@openbsd. sync with kame
2001-03-07 22:50:14 +00:00
itojun
c9e08725bc
avoid possible alignment issue. sync with kame
2001-03-04 16:49:17 +00:00
itojun
dc3424f555
pass key to rijndael logic as binary, not hexadecimal string.
...
sync with kame
2001-03-02 15:42:39 +00:00
itojun
f03176a0a8
have comment that refers to kame COVERAGE document. sync with kame
2001-03-02 04:55:40 +00:00
itojun
8c8c2f71a4
the date string in KAME version is getting very meaningless, remove.
2001-03-02 04:52:54 +00:00
itojun
2d6047cff9
make sure to enforce inbound ipsec policy checking, for any protocols on top
...
of ip (check it when final header is visited). sync with kame.
XXX kame team will need to re-check policy engine code
2001-03-01 16:31:37 +00:00
itojun
233e3963ed
make sure to validate packet against ipsec policy.
2001-02-26 07:20:44 +00:00
cgd
023e9f0649
C requires that labels be followed by statements.
2001-02-24 00:01:22 +00:00
itojun
f2a66201fc
garbage-collect stale ND entries (default: 1 day).
...
RFC 2461 5.3. sync with kame.
2001-02-23 08:02:41 +00:00
itojun
e1196a8f6e
remove unnecessary state, ND6_LLINFO_WAITDELETE, from neighbor cache
...
state machine.
no need for RTF_REJECT on neighbor cache entires, they are leftover from
ARP code.
sync with kame.
2001-02-23 06:41:50 +00:00
itojun
2df943e652
correct handling of upper limitation to # of reass queue.
2001-02-22 05:04:42 +00:00
itojun
49889b3afd
be more more picky about option length parsing. sync with kame
2001-02-22 01:40:25 +00:00
itojun
e1e316562b
make validation code more strict for ND6/dest6 variable length headers.
...
check duplicated nd6_ifinfo table initialization in a better way.
sync with kame
2001-02-21 17:23:09 +00:00
itojun
96413230d1
style, to make kame sync easier
2001-02-21 16:28:43 +00:00
itojun
52f2cece9f
tighten AH IPv4 option chasing more. drop too short (< 2) option.
...
sync with kame.
2001-02-21 01:27:58 +00:00
itojun
c9928e0ab1
need PR_ADDR|PR_ATOMIC for IPPROTO_EON. fix typo. from chopps, sync with kame
2001-02-21 00:11:53 +00:00