Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
115,755 Commits 606 Branches 0 Tags 3.1 GiB
c07f47e182
Commit Graph

671 Commits

Author SHA1 Message Date
itojun
041c651838 fix copyout() logic. more proper fix to be done on kame tree. 2002-08-19 23:14:39 +00:00
itojun
8b2ed6900d copyout only if oldp is non-null 2002-08-19 07:23:22 +00:00
itojun
cc0fa7bc37 need explicit copyout(), apparently 2002-08-19 06:50:22 +00:00
itojun
e89be6a279 set default value for use_deprecated to 0, to avoid consequences with ftpd. 2002-08-17 22:15:58 +00:00
itojun
c00fa8dfd9 avoid swapping endian of ip_len and ip_off on mbuf, to meet with M_LEADINGSPACE 
optimization made last year.  should solve PR 17867 and 10195.

IP_HDRINCL behavior of raw ip socket is kept unchanged.  we may want to
provide IP_HDRINCL variant that does not swap endian.
 2002-08-14 00:23:27 +00:00
itojun
ed12d77e43 avoid hardcoded "16" for max AH sum size. use AH_MAXSUMSIZE. 2002-08-09 07:01:21 +00:00
itojun
68e52f0ace use correct padding boundary, to correctly estimate ESP header size. 
problem found by Arto Selonen <arto@selonen.org>
 2002-08-09 06:38:12 +00:00
itojun
bb92058a0f cut and paste error in comment. From: Arto Selonen <arto@selonen.org> 2002-08-09 06:29:01 +00:00
itojun
af8ad017f7 typo. From: Arto Selonen <arto@selonen.org>, sync w/kame 2002-08-01 05:17:47 +00:00
itojun
a919a4c628 no need to check NULL mbuf, as we touch it already. 
From: tedu <grendel@zeitbombe.org>
 2002-07-30 23:27:15 +00:00
itojun
d337ab206e no need to handle NULL argument in defrouter_delreq. 
From: tedu <grendel@zeitbombe.org>
 2002-07-30 23:24:21 +00:00
itojun
d08a33e8b1 correct multicast packet MTU check. sync w/kame 2002-07-25 12:41:51 +00:00
itojun
8b02a8b924 remove unneeded extern decl (commented out). sync w/kame 2002-07-20 21:11:55 +00:00
wiz
e00173a7f2 Spell 'should' correctly. 2002-07-18 11:59:06 +00:00
itojun
d67bce4593 no need to bzero() twice. from he@netbsd 2002-07-13 21:04:55 +00:00
itojun
51bd9285d5 correct ping6 -w result wth hostname with [A-Z]. PR 17540. sync w/kame 2002-07-10 05:05:01 +00:00
thorpej
10c252ba47 Changes to allow the IPv4 and IPv6 layers to align headers themseves, 
as necessary:
* Implement a new mbuf utility routine, m_copyup(), is is like
  m_pullup(), except that it always prepends and copies, rather
  than only doing so if the desired length is larger than m->m_len.
  m_copyup() also allows an offset into the destination mbuf, which
  allows space for packet headers, in the forwarding case.
* Add *_HDR_ALIGNED_P() macros for IP, IPv6, ICMP, and IGMP.  These
  macros expand to 1 if __NO_STRICT_ALIGNMENT is defined, so that
  architectures which do not have strict alignment constraints don't
  pay for the test or visit the new align-if-needed path.
* Use the new macros to check if a header needs to be aligned, or to
  assert that it already is, as appropriate.

Note: This code is still somewhat experimental.  However, the new
code path won't be visited if individual device drivers continue
to guarantee that packets are delivered to layer 3 already properly
aligned (which are rules that are already in use).
 2002-06-30 22:40:32 +00:00
itojun
3973cdf049 typo in name 2002-06-29 12:33:33 +00:00
itojun
d7006267f3 reduce kernel stack usage by separating struct secasindex. sync w/kame 
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
 2002-06-27 12:12:49 +00:00
itojun
61f28217c4 move sanity check upwards. sync w/kame 
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
 2002-06-22 12:27:09 +00:00
itojun
cfb9a4a799 avoid listening socket from mistakenly use incorrect cached policy. 
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>  sync w/kame
 2002-06-22 12:04:07 +00:00
itojun
69d65da8c6 sizeof mistake in DIAGNOSTIC path. sync w/kame 
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
 2002-06-21 23:15:35 +00:00
itojun
3033187db0 previous commit cached pcb policy too much (when pcb points to 
SPD entry that is not ipsec - like "none").  back it out.  sync w/kame
 2002-06-16 16:28:36 +00:00
itojun
c1808f02bf cache pcb policy as much as possible. in fact, if policy is not 
IPSEC_POLICY_IPSEC we don't need to compare spidx.  sync w/kame
 2002-06-14 14:47:24 +00:00
itojun
813344bfbe remove redundant line 2002-06-14 14:17:55 +00:00
itojun
a8dde3fa57 free secpolicy on deepcopy failure 2002-06-13 05:10:13 +00:00
itojun
dc96111483 deep-copy pcb policy if it is an ipsec policy. assign ID field to all 
SPD entries.  make it possible for racoon to grab SPD entry on pcb
(racoon side needs some changes).  sync w/kame
 2002-06-12 17:56:45 +00:00
itojun
3489976392 do not copy policy-on-socket at all. avoid copying packet header value to 
struct spindex.  should reduce memory usage per socket/pcb, and should speedup
ipsec processing.  sync w/kame
 2002-06-12 01:47:34 +00:00
itojun
fa53d749ff share policy-on-pcb for listening socket. sync w/kame 
todo: share even more, avoid frequent updates of spidx
 2002-06-11 19:39:59 +00:00
itojun
2533e1f81f avoid variable name confusion. sync w/kame 2002-06-11 17:26:52 +00:00
itojun
9b2ae3537c silence some of log(), as the codepath will be visited for IPv6-non-capable 
interfaces too and can be annoying.  net.inet6.icmp6.nd6_debug will
re-enable them.
 2002-06-11 07:28:05 +00:00
itojun
b05ff066a7 whitespace cleanup 2002-06-09 14:43:10 +00:00
itojun
e55d3b6782 indent cleanup 2002-06-08 21:32:55 +00:00
itojun
7316bc595b KNF 2002-06-08 21:29:26 +00:00
itojun
2495e99fc7 gc 2002-06-08 21:28:18 +00:00
itojun
6d8d0d63d8 sync with latest KAME in6_ifaddr/prefix/default router manipulation. 
behavior changes:
- two iocts used by ndp(8) are now obsolete (backward compat provided).
  use sysctl path instead.
- lo0 does not get ::1 automatically.  it will get ::1 when lo0 comes up.
 2002-06-08 21:22:29 +00:00
itojun
fc5800e3fd whitespace cleanup 2002-06-08 20:06:44 +00:00
itojun
2f88f76db1 in6_len2mask is a duplicate of in6_prefixlen2mask. unify. sync w/kame 2002-06-08 00:07:00 +00:00
itojun
9736fd7f05 on SIOCAIFADDR_IN6 check if sin6_len is sane. sync w/kame 2002-06-08 00:01:30 +00:00
itojun
e4f39ff86f panic() if NULL is passed to ah_sumsiz_xx. suggested by sam leffler, sync w/kame 2002-06-07 23:42:41 +00:00
itojun
36f10d3196 some KNF 2002-06-07 22:08:41 +00:00
itojun
acf7dffae4 some KNF 2002-06-07 22:07:38 +00:00
itojun
0026ddd6dd no need for offsetof() 2002-06-07 22:06:48 +00:00
itojun
edcbce7c37 typo 2002-06-07 22:05:37 +00:00
itojun
a1e0f0f9a7 sync IPV6_CHECKSUM handling with kame. 2002-06-07 22:03:02 +00:00
fvdl
2aae9aee46 Fix mistakes in previous. 2002-06-07 18:19:30 +00:00
itojun
09342cdd61 typo 2002-06-07 18:19:05 +00:00
itojun
fc16676d8e If there has been no NS for the neighbor after entering the 
INCOMPLETE state, send the first solicitation in nd6_output(), regardless
of the timer value.
revised comments about rate-limiting accordingly.

sync w/kame
 2002-06-07 17:15:12 +00:00
itojun
4e9401b698 comment 2002-06-07 17:13:56 +00:00
itojun
ac03214470 whitespace 2002-06-07 14:48:56 +00:00
itojun
3e3b75590b remove #if 0'ed portion 2002-06-07 14:43:11 +00:00
itojun
c889402ba0 style 2002-06-07 14:37:38 +00:00
itojun
3c11868be8 consistency 2002-06-07 14:35:55 +00:00
itojun
05f0c3e705 KNF a bit 2002-06-07 14:29:10 +00:00
itojun
a11e34efc5 whitespace 2002-06-07 07:38:51 +00:00
itojun
e2ce1896bd whitespace 2002-06-07 07:35:39 +00:00
itojun
9b39e24802 minor KNF to sync w/kame 2002-06-07 04:30:40 +00:00
itojun
06ed16c31d typo 2002-06-07 04:18:11 +00:00
itojun
922b4012cc 'fall through' is not a valid LINT keyword. 2002-06-07 04:07:55 +00:00
itojun
83aff37a0f remove support for deprecated ioctls (EINVAL). sync w/kame 2002-06-07 04:03:53 +00:00
itojun
88a8e0dd9e cope with ndi->maxmtu == 0 case. sync w/kame 2002-06-07 03:05:18 +00:00
itojun
fb6078474d cope with cases when maxmtu == 0 (this shoulnd't happen!) 2002-06-07 02:31:04 +00:00
itojun
1eb402e813 be sure to use L3 MTU, not L2 MTU, when specified in spec (affects FDDI/ARCnet) 2002-06-05 01:10:54 +00:00
itojun
ad4cab117d whitespace at EOL 2002-06-03 02:09:37 +00:00
itojun
ed45b704ac do not hardcode if_mtu values in here, except for IFT_{ARC,FDDI} - 
they need special handling.  makes it possible to take advantage of 9k ether
frames.
 2002-06-03 00:51:47 +00:00
itojun
5625d3b849 do not mistakenly lock PMTUD route entry with RTV_MTU. 2002-05-31 04:26:19 +00:00
itojun
3449ca6d23 do not try to update rmx_mtu if rmx_mtu == 0 (obey ifmtu) 2002-05-31 03:18:54 +00:00
itojun
87fc46bce9 improve nd6_setmtu(), to warn too-small MTU on SIOCSIFMTU. sync w/kame 2002-05-30 05:06:28 +00:00
itojun
a3e4fbdf14 use M_READONLY where possible. minor cleanup/sync with kame. 2002-05-30 04:39:15 +00:00
christos
c7f67f1479 make this compile again. 2002-05-29 19:50:48 +00:00
itojun
cfc6c918de missing bzero 2002-05-29 13:56:14 +00:00
itojun
050c5b5b7c receivedra field is gone 2002-05-29 13:52:56 +00:00
itojun
913276174b "receivedra" field name is obsolete. 2002-05-29 09:32:01 +00:00
itojun
14dafa8f6a avoid unneeded malloc/free. sync w/kame 2002-05-29 09:05:18 +00:00
itojun
5c1df51d53 attach nd_ifinfo structure into if_afdata. 
split IPv6 link MTU (advertised by RA) from real link MTU.
sync with kame
 2002-05-29 07:53:39 +00:00
itojun
9ea1dc0d36 correct rmx_mtu value after PMTUD entry timeout (should be set to 0) 2002-05-29 06:55:48 +00:00
itojun
ede265fffd move per-interface ip6/icmp6 stat to ifnet->if_afdata. sync w/kame 2002-05-29 02:58:28 +00:00
itojun
a15e664f71 rm obsolete comment 2002-05-29 01:43:25 +00:00
itojun
3be26b82ef use arc4random 2002-05-28 11:19:17 +00:00
itojun
4121fa09fc correct in*_pcbrtentry. check cached value correctly. 2002-05-28 11:10:52 +00:00
itojun
d208a22daa use arc4random() where possible. 
XXX is it necessary to do microtime() on tcp syn cache?
 2002-05-28 10:11:49 +00:00
itojun
7410ea60ca in in*_pcbrtentry(), check if route is still valid (RTF_UP), 
and address family is still valid.
 2002-05-28 10:07:51 +00:00
itojun
10c5914022 limit number of IPv6 fragments (not the fragment queue size) to 
fight against lots-of-frags DoS attacks.  sync w/kame
 2002-05-28 03:04:05 +00:00
itojun
9a1a825873 we have no IFT_DUMMY. kame merge mistake 2002-05-25 22:18:49 +00:00
itojun
e3c4951b26 re-enable ipsec policy caching onto pcb. refcnt fix and workarounds based on ymmt-san. 2002-05-25 10:01:01 +00:00
itojun
6f589cb1b2 extra blank line 2002-05-24 09:21:30 +00:00
itojun
c3015f8b5d make a strict check before sending FQDN node information reply. sync w/kame 2002-05-24 09:13:59 +00:00
itojun
7e7fcd1df4 remove wrong "break" statement 2002-05-23 06:53:13 +00:00
itojun
64a1cfbf83 no longer need IFT_PROPVIRTUAL "bridge[0-9]+" check. 2002-05-23 06:40:03 +00:00
itojun
970757edd8 simplify conditions to do DAD. sync w/kame 2002-05-23 06:35:18 +00:00
itojun
e1d17f512b should perform DAD for IFT_GIF. 2002-05-23 06:28:25 +00:00
itojun
5a51285f02 do not have link-local address for IFT_BRIDGE 2002-05-23 06:25:25 +00:00
itojun
d2fd814987 in sp caching code, check if sp is still alive. sync w/kame 2002-05-19 00:46:40 +00:00
itojun
b5f1426ee0 rename: net.inet6.ip6.bindv6only -> net.inet6.ip6.v6only 
sync w/kame.
 2002-05-14 10:27:28 +00:00
matt
0dc8ee943d Eliminate more commons or redundant declarations. 2002-05-14 02:58:32 +00:00
kleink
241f6932ee * Use uint{8,32}_t from <netinet/in.h> where applicable; use private 
fixed-width integer types otherwise.
* Protect RFC 2292 prototypes, which are not XNS5.2/POSIX-2001; also, define
  size_t for inet6_rthdr_space().
 2002-05-13 15:20:30 +00:00
kleink
0f1faf8e09 IPV6PORT_* aren't in the reserved namespace either. 2002-05-13 14:25:13 +00:00
kleink
d258299876 Check _POSIX_C_SOURCE as well. 2002-05-13 14:15:34 +00:00
kleink
a317e750c3 Update two comments. 2002-05-13 13:52:31 +00:00
kleink
602066c0d6 Provide local definitions of in_{addr,port}_t in <netinet/in.h> and use 
them where deemed appropriate by XNS5.2/POSIX-2001.
 2002-05-12 23:04:15 +00:00
matt
c03e11f081 Eliminate commons. 2002-05-12 20:33:50 +00:00
wiz
d30d25dc1a Spelling fixes, from Sergey Svishchev in kern/16650. 2002-05-12 15:48:36 +00:00
itojun
861dfdc294 disable ipsec policy caching on pcb, as it seems that there's some reference- 
counting mistake that causes panic - see PR 15953 and 13813.

i am unable to find the real cause of problem, so it is a shortterm workaround,
hopefully.
 2002-05-10 05:49:21 +00:00
itojun
d7669537a8 remove unneeded #ifdef __FreeBSD__ portion. 2002-05-10 05:38:29 +00:00
thorpej
dc12059c9e Use M_READONLY() rathern than testing to see if ext_free is set 
or MCLISREFERENCED().
 2002-04-28 00:54:41 +00:00
itojun
64109d267c make sure to check address family in route cache 
(I really hate IPv4 mapped address...)
 2002-03-28 01:33:50 +00:00
itojun
bb1e9bbcd8 double m_free() - niklas@openbsd 2002-03-24 20:46:56 +00:00
itojun
714618fb98 fix arg to bcmp() - need to compare 15 bytes, not 3 bytes. sync w/kame 2002-03-23 00:43:59 +00:00
itojun
8cbb556660 protect in6pcb queue operation by splnet, as pcb queue will be touched 
by in6_pcbpurgeif() under splnet.
 2002-03-21 02:11:39 +00:00
itojun
007db8b52a remove obsolete comment 2002-03-20 22:47:59 +00:00
itojun
d31217b639 check sa_len and sa_family strictly. (NOTE: rtsol/rtsold older than Nov2001 
will stop working, upgrade them first)
 2002-03-19 01:21:19 +00:00
itojun
f3279050b2 esp/ah_ctlinput: pass useful address to key_alloc. 2002-03-18 15:30:03 +00:00
itojun
766a6d874e have a real lock around IPv6 reassembly. 2002-03-15 10:44:07 +00:00
itojun
3faedc3f92 s/0/NULL/ as ln_hold is a pointer. sync w/ kame 2002-03-15 09:36:27 +00:00
itojun
38f3d28842 have tcp6_drain 2002-03-15 09:25:41 +00:00
itojun
4b327fb1f3 zlib 1.1.4 dislikes Z_FLUSH at the end of inflate(). 2002-03-14 05:18:10 +00:00
itojun
2246ec4a66 on redirect output, always try to attach target link layer address option. 2002-03-05 08:13:56 +00:00
sommerfeld
ef49bcac3c Nuke out-of-synch comment. 2002-03-04 15:18:32 +00:00
itojun
2ff9b43758 sync blowfish function prototype between i386 assembly and C. 
From: YAMAMOTO Takashi <yamt@mwd.biglobe.ne.jp>
 2002-02-27 01:32:17 +00:00
itojun
ae1b9c29e9 make sure to check address family on route cache. with IPv4 mapped 
address we can see both AF_INET/INET6.
 2002-01-22 03:53:55 +00:00
itojun
b0e82d3005 do not log() in per-packet input path. sync w/kame 2002-01-08 04:37:32 +00:00
itojun
e6834b7b5c make it compile even if NGIF=0 2001-12-22 01:40:03 +00:00
itojun
a225c3930f whitespace/costmetic sync w/kame 2001-12-21 08:54:52 +00:00
itojun
1536628a1f call encap6_ctlinput on icmp6 against tunnelled packet. sync w/kame 2001-12-21 08:54:19 +00:00
itojun
df8adebac1 remove obsolete #if 0'ed section. sync w/kame 2001-12-21 07:16:58 +00:00
itojun
28922b9973 use radix table for inbound tunnel lookup (would increase performance 
for machines with a lot of tunnels).
update route cache for IPvX-over-IPv6 tunnel on path MTU discovery.
snyc with kame
 2001-12-21 06:30:43 +00:00
itojun
9aaffcfde8 move in6_gif_hlim decl to in6_gif.c. sync with kame 2001-12-21 03:58:15 +00:00
itojun
745e191850 move protosw fragment for gif/stf to their own source code. 
reduce #ifdef in stf code.  sync with kame
 2001-12-21 03:21:50 +00:00
itojun
ebb1c82ec5 centralize multicast group management (in6_join/leavegroup). 
have a flag for ip6_output() to fragment to minimum MTU.
sync with kame
 2001-12-20 07:26:36 +00:00
itojun
1cad8e6085 reduce white space/cosmetic diffs w/kame. 2001-12-18 03:04:02 +00:00
itojun
29064a3fdb remove obsolete #if 0'ed portion. 2001-12-18 01:42:04 +00:00
itojun
33429d0612 correct timing to increment icmp6 MIB variables. sync with kame 2001-12-07 10:10:43 +00:00
itojun
f8321e02a6 fix cast128 with shorter key length. sync with kame 2001-11-27 11:19:36 +00:00
itojun
c23ea6c341 update outgoing ifp, only if tunnel mode ipsec is used. this is to 
honor IP_MULTICAST_IF setsockopt on ipsec-over-multicast.  sync with kame
 2001-11-21 06:28:08 +00:00
perry
c8549493da (minor) delint 2001-11-17 18:55:11 +00:00
lukem
4f2ad95259 add RCSIDs 2001-11-13 00:56:55 +00:00
itojun
d54922c799 check offset overrun in ip6_nexthdr. 2001-11-02 08:05:48 +00:00
simonb
5f717f7c33 Don't need to include <uvm/uvm_extern.h> just to include <sys/sysctl.h> 
anymore.
 2001-10-29 07:02:30 +00:00
itojun
7b1918bdc8 always check extension header length. 2001-10-29 05:23:17 +00:00
itojun
eecba85f88 no tcp_fasttimo any more. PR 14333 2001-10-24 09:37:00 +00:00
itojun
73f4e5001f more whitespace sync with kame 2001-10-24 06:36:37 +00:00
itojun
c7e6405a34 remove unused codepath (unifdef -UUDP6) 2001-10-24 06:04:08 +00:00
itojun
68fbfa26e8 gather stats on raw ip6 socket. sync with kame 2001-10-18 09:12:13 +00:00
itojun
51a9c75998 simplify per-if stats. 2001-10-18 09:09:25 +00:00
itojun
ae5499819c reduce diffs with kame (mostly cosmetic). 
move IPV6_CHECKSUM processing to sys/netinet6/raw_ip6.c.
constify a couple of places.
 2001-10-18 07:44:33 +00:00
itojun
1990d680c4 do not change neighbor cache state on entry timeout, 
if the cache entry is for outgoing router.

perform on-linkness check before default router (re-)seletion.

do not play with interface direct route on nd6_rtrequest.

sync a lot of cosmetic changes.  sync with kame
 2001-10-17 10:55:09 +00:00
itojun
dfb1429789 unifdef OLDIP6OUTPUT 2001-10-17 08:23:05 +00:00
itojun
7dcf45fbd8 more whitespace/comment sync with kame 2001-10-16 06:24:44 +00:00
itojun
45c8a6a57e remove unused #define. sync whitespace/comment with kame. 2001-10-16 04:57:38 +00:00
itojun
9bff6fde4c reduce diff with kame. whitespace only 2001-10-16 04:17:54 +00:00