Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
120,940 Commits 606 Branches 0 Tags 3.1 GiB
ccd8c9e649
Commit Graph

744 Commits

Author SHA1 Message Date
jonathan
995c532c33 Revert the (default) ip_id algorithm to the pre-randomid algorithm, 
due to demonstrated low-period repeated IDs from the randomized IP_id
code.  Consensus is that the low-period repetition (much less than
2^15) is not suitable for general-purpose use.

Allocators of new IPv4 IDs should now call the function ip_newid().
Randomized IP_ids is now a config-time option, "options RANDOM_IP_ID".
ip_newid() can use ip_random-id()_IP_ID if and only if configured
with RANDOM_IP_ID. A sysctl knob should be  provided.

This API may be reworked in the near future to support linear ip_id
counters per (src,dst) IP-address pair.
 2003-11-17 21:34:27 +00:00
itojun
3107b5dcc0 implement net.inet6.ifq 2003-11-12 15:25:19 +00:00
itojun
ae3e6f6041 correct behavior when ipv6mr_interface is 0. Matthias Drochner 2003-11-06 06:10:51 +00:00
itojun
60dac07656 use hash table for in6_pcbbind(). similar to in_pcb 1.89 -> 1.90 2003-11-05 01:20:56 +00:00
briggs
07a0e27c44 Revert the change in default value of ipv6_v6only. Further discussion 
on this topic is required.  It should be reintroduced and pursued in
the IETF.
 2003-11-03 15:12:06 +00:00
simonb
a2facef339 Remove some assigned-to but otherwise unused variables. 2003-10-30 01:43:08 +00:00
mycroft
2dde0746b6 Do a jump optimization that eliminates some uninitialized variable warnings. 2003-10-29 10:12:43 +00:00
briggs
5a770ba2d8 Toggle the default value of ip6_v6only. Also provide a sample sysctl to 
retain the existing behavior.
 2003-10-28 06:31:28 +00:00
christos
59f2aab1ed fix uninitialized variables 2003-10-25 08:26:14 +00:00
itojun
ba71e93c60 backout previous (ENETREST special handlng) 2003-10-15 22:55:34 +00:00
itojun
90d92fe2d9 ignore ENETRESET on ADDMULTI 2003-10-15 22:16:35 +00:00
itojun
018cb094b4 ignore ENETRESET on ADDMULTI. 2003-10-15 22:15:25 +00:00
itojun
a8d71f892f define struct prf_ra outside of in6_prflags, to be c++ friendly. sync w/kame 2003-10-15 01:28:28 +00:00
itojun
40e6b63c60 fix endian bug in fragment header scanning. 2003-10-14 05:33:04 +00:00
itojun
b5b2092bce no need to clear mbuf flags here; sync w/kame 2003-10-03 22:08:26 +00:00
itojun
98d5598feb when dropping M_PKTHDR, need to free m_tag associated with it. 2003-10-03 20:56:11 +00:00
itojun
96fda496da use in6_{embed,recover}scope for scoped address manipulation 2003-10-03 08:46:15 +00:00
itojun
140276fde1 shouldn't check scope match when encapsulating packet into tunnel mode. 
iij seil team
 2003-10-03 04:30:31 +00:00
itojun
d451ef2606 do not deref state.ro if it is NULL 2003-10-02 19:32:41 +00:00
itojun
d83af104d4 correctly look at outer IPv6 header when forwarding packet into ipsec tunnel. 
iij seil team
 2003-10-02 12:13:44 +00:00
itojun
364f2d9e12 permit tunnel mode over link-local address. (outer header is link-local) 
iij seil team
 2003-10-02 10:01:11 +00:00
itojun
8184c3658f handle link-local address in ipsec6_tunnel_validate(). from iij seli team 2003-10-02 07:19:37 +00:00
christos
36b4e0b6e7 Fix off-by-one in PRC_NCMDS check. From FreeBSD via OpenBSD 2003-09-30 00:01:18 +00:00
mycroft
ca96c7c4ec Remove some code that breaks AH tunnels completely. The comment describing 
the purpose of this code appears to be on crack -- it's talking about
end-to-end authentication, but the purpose of an AH tunnel is NOT end-to-end
authentication; it's authentication of the tunnel endpoints.

NB: This does not fix the fact that IPsec leaks "packet tags."
 2003-09-28 04:45:14 +00:00
wiz
cff5e477ad Process has only one c. From miod@openbsd. 2003-09-26 22:23:58 +00:00
itojun
cd71ebe2f7 mark security policy that should persist in the system "persistent". 
this should prevent recently-reported kernel panic when "spdflush" is issued.
 2003-09-22 04:47:43 +00:00
itojun
7fda10aea9 separate netkey/key* and netipsec/key* 2003-09-20 05:14:41 +00:00
itojun
ca549eaf98 exp is a reserved name under posix 2003-09-16 00:31:23 +00:00
itojun
94da0d16ac avoid overflow during multiply. David Laight 2003-09-15 23:38:20 +00:00
itojun
71c96a2bb4 correct ru_a/ru_b setup for 20bit case 2003-09-13 21:32:59 +00:00
itojun
8ee5969c3b change confusing filename 2003-09-12 11:21:36 +00:00
itojun
9f2c0659cd remove extra blank line 2003-09-12 07:58:25 +00:00
itojun
a84539ea9e make synchronization w/ PF tag support code easier 2003-09-12 07:53:29 +00:00
itojun
6371ddf557 make it possible to SADB_DUMP via sysctl. request by mrg 2003-09-12 07:38:10 +00:00
itojun
5125995b51 record socket * associated with secpolicy 2003-09-10 22:29:27 +00:00
itojun
494fe70198 lint 2003-09-09 11:39:14 +00:00
itojun
800fe5d178 - prepare for RFC2401bis 64bit sequence number (no behavior change yet) 
- use hash for SPI-based SAD entry lookup (should be faster, i hope)
- cleanup keydb.c and key.c.  key.c is responsible for refcounting secasvar,
  keydb.c is responsible for alloc/free.
 2003-09-07 15:59:36 +00:00
itojun
bfa3dccfd7 prototype should have no variable name 2003-09-07 15:50:43 +00:00
itojun
5c9706bb41 correct seed generation. sync w/ kame 2003-09-06 13:47:09 +00:00
itojun
37c3c44062 fix comment, from kame 2003-09-06 13:30:40 +00:00
itojun
680540f194 committed by mistake, sorry 2003-09-06 04:20:57 +00:00
itojun
bce24b4a3e correct comment 2003-09-06 04:13:50 +00:00
itojun
b0b5b07f8a fix msb handling. from kame 2003-09-06 03:55:35 +00:00
itojun
32e3deae21 randomize IPv4/v6 fragment ID and IPv6 flowlabel. avoids predictability 
of these fields.  ip_id.c is from openbsd.  ip6_id.c is adapted by kame.
 2003-09-06 03:36:30 +00:00
itojun
175c9afa3f clarify flowlabel handling 2003-09-06 03:12:51 +00:00
itojun
a245b3dc6d u_short -> u_int16_t. sync w/ kame. 
don't set ip6_plen where unneeded (i.e. before calling ip6_output)
 2003-09-05 23:20:48 +00:00
itojun
95b95dbc37 call tcp_drain() if IPv4-less kernel 2003-09-05 01:35:08 +00:00
itojun
495906ca8e revamp inpcb/in6pcb so that they are more aligned with each other. 
in6pcb lookup now uses hash(9).
 2003-09-04 09:16:57 +00:00
itojun
19d8b9bfea don't use m_cat to mbuf of different types. KAME-PR-495 2003-09-04 03:07:33 +00:00
itojun
725b73043b simplify rijndael.c API - always schedule encrypt/decrypt key. 
reviewed by thorpej
 2003-08-27 14:23:25 +00:00