Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
141,609 Commits 606 Branches 0 Tags 3.1 GiB
Commit Graph

866 Commits

Author SHA1 Message Date
dsl c24781af04 Pass the current process structure to in_pcbconnect() so that it can 
pass it to in_pcbbind() so that can allocate a low numbered port
if setsockopt() has been used to set IP_PORTRANGE to IP_PORTRANGE_LOW.
While there, fail in_pcbconnect() if the in_pcbbind() fails - rather
than sending the request out from a port of zero.
This has been largely broken since the socket option was added in 1998.
 2005-11-15 18:39:46 +00:00
bouyer e148e671d8 mif6table is used by netstat, so don't declare it static. Fix netstat -g 
on Xen, whose ELF loader doesn't load local symbols in the symbol table.
 2005-10-21 18:00:45 +00:00
bouyer b3b0d23068 In icmp6_redirect_output(), sip6 is initialised to point to the data area of 
m0. But m0 may be freed later, so trying to use sip6 at the end of this
function is wrong. My guess is that we want to reference the data area
of m (the mbuf about to be send) instead at this point.
Fix a panic on Xen (where a data area of a mbuf may be unmapped when the
mbuf is freed), and probably potential data/pool corruption in other cases.
 2005-10-19 20:42:54 +00:00
rpaulo 8f596fb842 If we recieve a PIM register message when IPv6 PIM-SM routing is 
enabled avoid a crash when forwarding the packet to outgoing interfaces.

Taken from FreeBSD which obtained it from KAME.
 2005-10-17 15:56:43 +00:00
christos a9a78a7c79 change bcopy to memmove since this was supposed to be an ovbcopy (from kre) 2005-09-23 21:21:58 +00:00
christos 03d7777e5c PR/25658: Steve Woodford: Default value of net.inet.ipsec.dfbit breaks PMTU 
over IPsec tunnels.
I have changed the default to 2 [copy]. I've verified that this works with
all my IPSEC setups, and this change has also been discussed in tech-net.
 2005-09-09 15:38:05 +00:00
rpaulo 3bb81503bf Implement net.inet6.raw6.stats sysctl. 
Reviewed by Elad Efrat.
 2005-08-28 21:04:09 +00:00
rpaulo 5872b8775c Implement net.inet6.pim6.stats sysctl. 
Reviewed by Elad Efrat.
 2005-08-28 21:03:18 +00:00
rpaulo 3995141ceb Implement net.inet6.ip6.stats sysctl. 
Reviewed by Elad Efrat.
 2005-08-28 21:01:53 +00:00
rpaulo 151760f5d2 Implement net.inet6.udp6.stats. 
Reviewed by Elad Efrat.
 2005-08-28 21:01:02 +00:00
tron d66d9a8e3b Remove write-only variable "derived" in esp_cbc_encrypt(). 2005-08-18 07:54:09 +00:00
yamt 2e85eff671 - introduce M_MOVE_PKTHDR and use it where appropriate. 
intended to be mostly API compatible with openbsd/freebsd.
- remove a glue #define in netipsec/ipsec_osdep.h.
 2005-08-18 00:30:58 +00:00
yamt 0be9633956 re-implement ipv6 tx loopback checksum omission. 2005-08-10 13:08:11 +00:00
yamt f02551ec2d move {tcp,udp}_do_loopback_cksum back to tcp/udp 
so that they can be referenced by ipv6.
 2005-08-10 13:06:49 +00:00
yamt 40a140d919 ipv6 tx checksum offloading. reviewed by Jason Thorpe. 2005-08-10 12:58:37 +00:00
manu ae124933ca introduce ipsec_policy_t to help user programs with the change of 
ipsec_set_policy, ipsec_get_policylen and ipsec_dump_policy prototypes
(using void * instead of caddr_t)
 2005-08-07 08:34:32 +00:00
christos 49b19c5f09 PR/30821: SUZUKI, Shinsuike: IPsec-AH is always calculated using the same 
key in AES-XCBC-MAC
 2005-07-28 14:19:56 +00:00
tron d5da0b0c38 Remove unnecessary bzero() calls before calling the algorithm specific 
init function.
 2005-07-21 16:59:20 +00:00
gdt b0239c745e Add PR_PURGEIF flag for protocols to indicate that the protocol might 
store a struct ifnet *, and define it for udp/tcp/rawip for INET and
INET6.  When deleting a struct ifnet, invoke PRU_PURGEIF on all
protocols marked with PR_PURGEIF.  Closes PR kern/29580 (mine).
 2005-07-19 12:58:24 +00:00
tron 58b513c9f5 Defopt IPSEC_NAT_T. 2005-07-07 16:00:56 +00:00
christos 7642adc771 match the declarations in libipsec.h 2005-06-26 21:14:37 +00:00
mlelstv d23f1d6e16 expire cached route. Fixes PR 22792. 2005-06-26 10:39:21 +00:00
tron c86b2622dd Change the first argument of the encapsulation check function from 
"const struct mbuf *" to "struct mbuf *". Without this change the
actual implementation cannot even use m_copydata() on the mbuf chain
which is broken.
 2005-06-02 15:21:35 +00:00
tron 41dcb3a310 Remove type casts and lint directives which are now longer necessary 
because the first argument of m_copydata() is "const struct mbuf *" now.
 2005-06-02 10:54:58 +00:00
christos 2ab31527e2 - avoid shadowed variables 
- sprinkle const.
 2005-05-29 21:43:51 +00:00
christos 6dbf0e5b0a avoid silly static variables that even caused nesting issues, not to mention 
reentrancy concerns.
 2005-05-29 21:43:09 +00:00
seanb 40b52d3132 - Arithmetic error when calculating ticks to nd6_llinfo_settimer(). 
- Reviewed by christos.
 2005-05-27 22:26:25 +00:00
manu 7c6ffb8ab4 Use NAT-T ports for AH and IPcomp too. 2005-05-20 01:25:17 +00:00
christos 362a4a0bd5 Yes, it was a cool trick >20 years ago to use "0123456789abcdef"[a] to 
implement, xtoa(), but I think defining the samestring 50 times is a bit
too much. Defined HEXDIGITS and hexdigits in subr_prf.c and use it...
 2005-05-17 04:14:57 +00:00
christos 7d0b65d656 PR/30154: YAMAMOTO Takashi: tcp_close locking botch 
One more so_uid -> so_uidinfo change.
 2005-05-07 17:44:11 +00:00
yamt 34c3fec469 move decl of inetsw to its own header to avoid array of incomplete type. 
found by gcc4.  reported by Adam Ciarcinski.
 2005-04-29 10:39:09 +00:00
manu 455d55f55b Enhance IPSEC_NAT_T so that it can work with multiple machines behind the 
same NAT.
 2005-04-23 14:05:28 +00:00
yamt df9d0a0359 disable loopback checksum omission for udp6. 
i forgot to commit this with:
http://mail-index.NetBSD.org/source-changes/2005/04/18/0023.html
 2005-04-22 11:56:33 +00:00
itojun f1fe53f0ac AES counter mode uses 8byte IV, not 16 bytes. 
msa@burp.tkv.asdf.org, Juha.Leppilahti@iki.fi
 2005-04-22 02:43:39 +00:00
tron 6589458a53 Make sure that prefixes get purged. This fixes PR kern/21189, 
PR kern/25968 and PR kern/27873.
 2005-04-03 11:02:27 +00:00
atatat 5b8a6c916d Revert the change that made kern.file2 and net.*.*.pcblist into nodes 
instead of structs.  It had other deleterious side-effects that are
rather nasty.  Another solution must be found.
 2005-03-11 06:16:15 +00:00
atatat ca63da437a Change types of kern.file2 and net.*.*.pcblist to NODE 2005-03-10 05:43:25 +00:00
itojun b64c75b041 correct mistake reported by VANHULLEBUS Yvan 2005-03-09 14:17:13 +00:00
atatat 7c62c74d09 Add the following nodes to the sysctl tree: 
net.local.stream.pcblist
	net.local.dgram.pcblist
	net.inet.tcp.pcblist
	net.inet.udp.pcblist
	net.inet.raw.pcblist
	net.inet6.tcp6.pcblist
	net.inet6.udp6.pcblist
	net.inet6.raw6.pcblist

which allow retrieval of the pcbs in use for those protocols.  The
struct involved is 32/64 bit clean and incorporates parts of struct
inpcb, struct unpcb, a bit of struct tcpcb, and two socket addresses.
 2005-03-09 05:07:19 +00:00
itojun 015b260743 make ip6_getpmtu back to static 2005-02-28 09:27:07 +00:00
perry f07677dd81 nuke trailing whitespace 2005-02-26 22:45:09 +00:00
manu 5c217c1a67 Add support for IPsec Network Address Translator traversal (NAT-T), as 
described by RFC 3947 and 3948.
 2005-02-12 12:31:07 +00:00
itojun 692c601c25 backout 1.54. heurestic code should never be used. if you experience DAD 
failure, suspect your driver, not ND code.
 2005-02-10 02:57:17 +00:00
drochner e1e8770b32 Give DAD a chance to succeed even if the network is "slightly broken" 
(in my case it as a switch set to "monitor" mode):
If we see an NS request for the address we are just probing for, for
three times the number of DAD packets we are supposed to send (the
"ip6.dad_count" sysctl variable), assume that these are our own packets
and let DAD succeed.
The code for this was mostly there, commented out. Just needed some fixes.
The "three times" is heuristic of course.
Being here, reset the "dad_ns_tcount" variable on a successful send;
otherwise we get strange interdependencies with user-settable variables
(ever tried to set ip6.dad_count to something >15?).
 2005-02-02 20:56:27 +00:00
drochner dc86361844 remove the unused in6_ifindex2scopeid() 
if at all, it works with site-local addresses whose fate is uncertain
to say the least
 2005-02-01 15:29:23 +00:00
drochner 5d0cfbc9bd sin6_scope_id maps to interface indices for link local addresses only! 
(unlikely to be used with other scopes for now, but we should be
correct anyway)
 2005-02-01 14:56:17 +00:00
matt d341be30f4 Change initialzie of domains to use link sets. Switch to using STAILQ. 
Add a convenience macro DOMAIN_FOREACH to interate through the domain.
 2005-01-23 18:41:56 +00:00
itojun 57fd095fdf shouldn't check code field on "packet too big" icmp6 message. 2005-01-17 10:16:07 +00:00
drochner e5653b8213 remove a redundant check for ifindex2ifnet[idx] != 0 2004-12-21 11:40:12 +00:00
drochner f44d9a5791 fix ifindex argument checks for IPV6_JOIN_GROUP, 
IPV6_LEAVE_GROUP and IPV6_MULTICAST_IF -
0 is always legal
 2004-12-21 11:37:47 +00:00