Commit Graph

1287 Commits

Author SHA1 Message Date
christos
007db6ee9d convert from CIRCLEQ to TAILQ. 2013-11-23 14:20:21 +00:00
riz
5236eb3350 Revert previous and solve in a different way, using __unused. Fixes
building with MRT6DEBUG.

ok martin.
2013-11-21 21:55:13 +00:00
martin
d393a539e6 Mark a variable as used only in diagnostic kernels 2013-10-25 15:44:39 +00:00
christos
c7c7d1300b define constants for scopeid function flags. 2013-10-19 15:44:29 +00:00
christos
14a31944e9 add scopeid functions 2013-10-19 00:09:03 +00:00
mrg
16b81f3bcd convert a DIAGNOSTIC / panic into a KASSERTMSG(). 2013-10-18 02:20:15 +00:00
christos
191f4d1d8e check result of setscope, from logan. 2013-10-04 14:23:14 +00:00
christos
ff9d8f8219 check sockopt_get() error, from logan. 2013-10-03 20:27:55 +00:00
martin
107b587925 Remove unused variable 2013-09-14 21:08:35 +00:00
martin
3d10084754 Remove unused variable and ifdef some others like their use 2013-09-14 11:33:59 +00:00
christos
952f93f19e Include BRDADDR and NETMASK to the v4 ioctls we ban for v6; from FreeBSD.
Remove X25 stuff which has been GC'ed.
XXX: pullup-5,6
2013-09-11 23:15:47 +00:00
christos
d407b3e25b draft-gont-6man-ipv6-atomic-fragment-00 is now RFC 6949 (Loganaden Velvindron
logan at elandsys dot com)
2013-08-30 07:42:08 +00:00
rmind
f04a92b1d6 - Rewrite parts of pfil(9): use array to store hooks and thus be more cache
friendly (there are only few hooks in the system).  Make the structures
  opaque and the interface more strict.
- Remove PFIL_HOOKS option by making pfil(9) mandatory.
2013-06-29 21:06:57 +00:00
roy
3643d6b4fe Move the detaching and making tentative addresses out if in6_if_up
and into in6_if_link_up.

This fixes a possible panic where link is up but not the interface.
Note that a better solution would be to listen to the routing socket
in the kernel, but I don't know how to do that.

Reachable Router tests for IFF_UP as well.
2013-06-20 13:56:29 +00:00
roy
49e60b0459 When an interface link state changes to down, mark all attached IPv6
addresses as detached.
Likewise, when the link state changes to up, mark all detached IPv6
as tentative and start DAD on them.

Advertised router reachability now checks that link state is not down.
This means that when an interface link state changes, the default IPv6
router may change as well.
2013-06-11 12:08:29 +00:00
christos
27fe772ddc IPSEC has not come in two speeds for a long time now (IPSEC == kame,
FAST_IPSEC). Make everything refer to IPSEC to avoid confusion.
2013-06-05 19:01:26 +00:00
roy
cf9f00bd51 Generate RTM_NEWADDR when adding a pre-existing IPv6 address. 2013-05-29 12:07:58 +00:00
msaitoh
c259649f35 Clear mbuf's csum_flags in ip6flow_fastforward(). Fixes PR#47849. 2013-05-23 16:49:46 +00:00
roy
ad83294f6e Disable nd6_newaddrmsg debug 2013-05-21 09:54:12 +00:00
roy
a34d72845c For IPv6, emit RTM_NEWADDR once DAD completes and also when address flag
changes. Tentative addresses are not emitted.

Version bumped so userland can detect this behaviour change.
2013-05-21 08:37:27 +00:00
joerg
89a508fbb5 Systematically include sys/featuretest.h when _NETBSD_SOURCE is used.
Some are redundant, but make verification with grep much easier.
2013-04-27 21:35:24 +00:00
christos
f46fe92653 PR/47738: connect(2) to 239.x.y.z should return error but does not. 2013-04-12 21:30:40 +00:00
gdt
2431ad86cc Initialize variable used as (conditional) result parameter.
ip6_insertfraghdr either sets a result parameter or returns an error.
While the caller only uses the result parameter in the non-error case,
knowing that requires cross-module static analysis, and that's not
robust against distant code changes.  Therfore, set ip6f to NULL
before the function call that maybe sets it, avoiding a spuruious
warning and changing the future possible bug from an unitialized
dereference to a NULL deferrence.
2013-03-18 19:31:39 +00:00
joerg
e240adbd0b Retire OSI network stack. OK core@ 2013-03-01 18:25:13 +00:00
christos
906f8f1a0a PR/47576: Takahiro HAYASHI: Avoid crash destroying tap0 after deleting
it's link-local address.
2013-02-18 16:45:50 +00:00
joerg
7bdf666c57 Set the socket family for the network mask. 2013-01-28 17:57:34 +00:00
kefren
8550a3ecf3 don't return hlim when asked for multicast loop flag 2013-01-25 10:33:53 +00:00
joerg
5d7712e07c Use rt_getkey. 2013-01-24 14:23:09 +00:00
christos
0c1215940c PR/47408: Anthony Mallet: sendto(2) issue with IPv6 UDP datagrams
- don't connect when the local port is 0, just set the local port number.
- remove redundant assignment
XXX: pullup-6
2013-01-06 00:17:13 +00:00
christos
cbf1f72b20 Add a new sysctl to mark ports as reserved, so that they are not used in
the anonymous or reserved port allocation.
2012-11-29 02:07:20 +00:00
christos
202952fb98 PR/47058: Antti Kantee: If the ipv6 flow code modifies the mbuf, pass the
change up to the caller.
2012-10-11 20:05:50 +00:00
christos
dd9082089d Loganaden Velvindron:
From "http://tools.ietf.org/html/draft-ietf-6man-ipv6-atomic-fragments-00":

A host that receives an IPv6 packet which includes a Fragment
Header with the "Fragment Offset" equal to 0 and the "M" bit equal
to 0 MUST process such packet in isolation from any other packets/
fragments, even if such packets/fragments contain the same set
{IPV6 Source Address, IPv6 Destination Address, Fragment
Identification}.  That is, the Fragment Header of "atomic
fragments" should be removed by the receiving host, and the
resulting packet should be processed as a non-fragmented IPv6
datagram.  Additionally, any fragments already queued with the
same set {IPV6 Source Address, IPv6 Destination Address, Fragment
Identification} should not be discarded upon receipt of the
"colliding" IPv6 atomic fragment, since IPv6 atomic fragments do
not really interfere with "normal" fragmented traffic.
2012-09-27 23:10:00 +00:00
dholland
0fcc047588 Remove stray #undef, probably someone's debugging leftover from long ago. 2012-08-24 06:03:18 +00:00
gdt
b6bb903ff2 Add comments describing parameter handling for ip6_insertfraghdr.
Depending on compiler options, this code can be involved in an
(apparently) spurious compiler warning.  However, it was not
immediately obvious the the compiler was wrong.
2012-07-21 14:52:40 +00:00
rmind
b92d93cc0e Remove the wrapper of frag6_input(), restore the behaviour changed in r1.50.
Fix ip6_reass_packet() wrapper used by NPF.  Remove #if 0 code for handling
overlaping fragments - IPv6 desupported them anyway.  Convert to kmem(9).
2012-07-01 22:04:44 +00:00
abs
e14333f8c1 Some fun in trying to work out what was broken with gcc-4.1 to
trigger the following warning when gcc-4.5 was silent:
  nd6_rtr.c: In function 'nd6_ra_input':
  nd6_rtr.c:788: warning: 'ext' may be used uninitialized in this function
Eventually determined that it was not unreasonable for gcc-4.1 to
bleat in this case as there is a nasty 'goto insert' which could
indeed have resulted in an uninitialised variable use. Yay gcc 4.1.
2012-06-25 17:25:29 +00:00
christos
84f52095ad rename rfc6056 -> portalgo, requested by yamt 2012-06-25 15:28:38 +00:00
christos
443eb0a284 4 new sysctls to avoid ipv6 DoS attacks from OpenBSD 2012-06-23 03:13:41 +00:00
christos
40114b997c PR/46602: Move the rfc6056 port randomization to the IP layer. 2012-06-22 14:54:34 +00:00
drochner
364a06bb29 remove KAME IPSEC, replaced by FAST_IPSEC 2012-03-22 20:34:37 +00:00
elad
0c9d8d15c9 Replace the remaining KAUTH_GENERIC_ISSUSER authorization calls with
something meaningful. All relevant documentation has been updated or
written.

Most of these changes were brought up in the following messages:

    http://mail-index.netbsd.org/tech-kern/2012/01/18/msg012490.html
    http://mail-index.netbsd.org/tech-kern/2012/01/19/msg012502.html
    http://mail-index.netbsd.org/tech-kern/2012/02/17/msg012728.html

Thanks to christos, manu, njoly, and jmmv for input.

Huge thanks to pgoyette for spinning these changes through some build
cycles and ATF.
2012-03-13 18:40:26 +00:00
rmind
4ed932b4c4 ip6_output: check for rtcache_setdst() error, which may happen if running
out of memory.
2012-02-05 00:41:15 +00:00
christos
6a74395ce6 PR/45764, PR/45914
Part 1:
nd6_purge can be called after dom_ifdetach, and if_afdata[AF_INET6] is
going to be freed and point to garbage. Make sure we check for NULL, before
taking the pointer offset.
While I am here, add an M_ZERO.
2012-02-03 03:32:45 +00:00
christos
d647fec80c use FOREACH_SAFE. 2012-02-02 19:35:18 +00:00
liamjfoy
b723329891 Remove ip6f_start from ip6f struct 2012-01-19 13:19:34 +00:00
drochner
3ad69fe553 remove conditionals which can't succeed, and also shouldn't because
one would get a kernel NULL dereference immediately
2012-01-10 20:05:37 +00:00
drochner
cf21c579f1 add patch from Arnaud Degroote to handle IPv6 extended options with
(FAST_)IPSEC, tested lightly with a DSTOPTS header consisting
of PAD1
2012-01-10 20:01:56 +00:00
drochner
d107562abc Make FAST_IPSEC the default IPSEC implementation which is built
into the kernel if the "IPSEC" kernel option is given.
The old implementation is still available as KAME_IPSEC.
Do some minimal manpage adjustment -- kame_ipsec(4) is a copy
of the old ipsec(4) and the latter is now a copy of fast_ipsec(4).
2012-01-09 15:16:30 +00:00
drochner
47a381e15e more IPSEC header cleanup: don't install unneeded headers to userland,
and remove some differences berween KAME and FAST_IPSEC
2012-01-06 14:17:10 +00:00
drochner
3712f81ced -consistently use "char *" for the compiled policy buffer in the
ipsec_*_policy() functions, as it was documented and used by clients
-remove "ipsec_policy_t" which was undocumented and only present
 in the KAME version of the ipsec.h header
-misc cleanup of historical artefacts, and to remove unnecessary
 differences between KAME ans FAST_IPSEC
2012-01-04 15:55:35 +00:00