Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
119,565 Commits 606 Branches 0 Tags 3.1 GiB
Commit Graph

59 Commits

Author SHA1 Message Date
christos 36b4e0b6e7 Fix off-by-one in PRC_NCMDS check. From FreeBSD via OpenBSD 2003-09-30 00:01:18 +00:00
itojun 32e3deae21 randomize IPv4/v6 fragment ID and IPv6 flowlabel. avoids predictability 
of these fields.  ip_id.c is from openbsd.  ip6_id.c is adapted by kame.
 2003-09-06 03:36:30 +00:00
itojun 175c9afa3f clarify flowlabel handling 2003-09-06 03:12:51 +00:00
itojun 495906ca8e revamp inpcb/in6pcb so that they are more aligned with each other. 
in6pcb lookup now uses hash(9).
 2003-09-04 09:16:57 +00:00
itojun 4d754cb259 in6_pcbrtentry() now returns IPv4 rtentry if in6pcb is connected to IPv4 mapped 
address.  PR kern/22431 from Andreas Gustafsson
 2003-08-13 04:59:34 +00:00
agc aad01611e7 Move UCB-licensed code from 4-clause to 3-clause licence. 
Patches provided by Joel Baker in PR 22364, verified by myself.
 2003-08-07 16:26:28 +00:00
perry eab4bb9593 include opt_inet.h -- found by David Laight 2002-11-05 21:46:42 +00:00
itojun 9401012487 KNF - return is not a function. sync w/kame. 2002-09-11 02:46:42 +00:00
itojun c7b00b4ce4 pass proc * to in6_pcbsetport. PR 18073 2002-08-26 14:25:00 +00:00
itojun e5df0242ce sync up use_deprecated handling with latest kame. 
- bind(deprecated) is allowed, trusting userland app is doing the right thing
- use_deprecated default to 1
 2002-08-20 22:06:04 +00:00
itojun fa53d749ff share policy-on-pcb for listening socket. sync w/kame 
todo: share even more, avoid frequent updates of spidx
 2002-06-11 19:39:59 +00:00
itojun 4121fa09fc correct in*_pcbrtentry. check cached value correctly. 2002-05-28 11:10:52 +00:00
itojun 7410ea60ca in in*_pcbrtentry(), check if route is still valid (RTF_UP), 
and address family is still valid.
 2002-05-28 10:07:51 +00:00
itojun 8cbb556660 protect in6pcb queue operation by splnet, as pcb queue will be touched 
by in6_pcbpurgeif() under splnet.
 2002-03-21 02:11:39 +00:00
itojun a225c3930f whitespace/costmetic sync w/kame 2001-12-21 08:54:52 +00:00
lukem 4f2ad95259 add RCSIDs 2001-11-13 00:56:55 +00:00
itojun 73f4e5001f more whitespace sync with kame 2001-10-24 06:36:37 +00:00
itojun 45c8a6a57e remove unused #define. sync whitespace/comment with kame. 2001-10-16 04:57:38 +00:00
itojun 91498ffec5 implement IPV6_V6ONLY socket option from draft-ietf-ipngwg-rfc2553bis-03.txt. 
IPV6_BINDV6ONLY (netbsd only) is deprecated, but still work just like before.
 2001-10-15 09:51:15 +00:00
itojun 57030e2f12 cache IPsec policy on in6?pcb. most of the lookup operations can be bypassed, 
especially when it is a connected SOCK_STREAM in6?pcb.  sync with kame.
 2001-08-06 10:25:00 +00:00
itojun fd5e7077a3 allocate ipsec policy buffer attached to pcb in in*_pcballoc, before 
giving anyone accesses to pcb (do not reveal an inconsistent ones).
sync with kame
 2001-07-25 23:28:02 +00:00
itojun 1ff38f4d03 on interface removal, remove multicast groups joined from pcb, before 
removing interface addresses.  without the change, we may deref
NULL pointer in in_pcbpurgeif().  from jinmei@kame, sync with kame
 2001-07-02 15:25:34 +00:00
itojun 9ccf08b3c5 netbsd; on interface removal, force pcbs to leave from multicast groups 
pointing toward the interface about to be removed.  sync with kame
XXX still need more discussions on semantics.  the behavior should be safer
 2001-06-27 15:53:14 +00:00
itojun f4d5905544 there's no need to #if NFAITH here. IN6P_FAITH can be set even on 
NFAITH == 0 kernel, it is safer to always check the condition.
sync with kame.
 2001-05-11 18:38:03 +00:00
itojun bc5a6e2482 pull latest kame pcbnotify code. synchronizes ICMPv6 path mtu discovery 
behavior with other protocols (i.e. validation, use of hiwat/lowat).
 2001-02-11 06:49:49 +00:00
itojun e1f4f77960 to sync with kame better, (1) remove register declaration for variables, 
(2) sync whitespaces, (3) update comments. (4) bring in some of portability
and logging enhancements.  no functional changes here.
 2001-02-10 04:14:26 +00:00
itojun b05acc70f8 make sure we notify of routing changes, even if we have net route pointed 
to by inpcb.
 2000-12-21 00:46:20 +00:00
itojun 9183e2dc4e remove #ifdef TCP6. it is not likely for us to bring in sys/netinet6/tcp6*.c 
(separate TCP/IPv6 stack) into netbsd-current.
 2000-10-19 20:22:59 +00:00
itojun dcfe05e7c1 fix compilation without INET. fix confusion between ipsecstat and ipsec6stat. 
sync with kame.
 2000-10-02 03:55:41 +00:00
itojun 152da24bd9 implement net.inet6.ip6.{anon,low}port{min,max} sysctl variable. 2000-08-26 11:03:45 +00:00
itojun ec67eee51f sync with kame. 
introduce in6_{recover,embed}scope, for in-kernel scoped-address manipulation.
improve in6_pcbnotify.
 2000-07-07 15:54:16 +00:00
itojun 210a3e2f80 remove unnecessary #include <netkey/key_debug.h>. from kame. 2000-07-06 12:51:39 +00:00
itojun 8ff902fca1 repair kernel faithd(8) support. there were two mistakes: 
(1) tcp6_input dropped packets for translation
(2) in6_pcblookup_connect was too strict
 2000-07-02 08:04:10 +00:00
itojun ffedfcb68d make sure not to overwrite sockaddr on PRU_SEND/PRU_CONNECT to 
link-local address.  From: frank
 2000-06-08 13:51:33 +00:00
itojun af6b403d46 backout change to in6_pcbnotify(). the change seems premature 
(may cause trouble with advanced API in certain situation).
 2000-06-05 08:09:48 +00:00
itojun 8987054176 pass struct proc * down to udp6_output and in6_pcbbind. 2000-06-05 06:38:22 +00:00
itojun 9d853e8a4f sync with kame. 
- use latest source address selection code - in6_src.c.
- correct frag header insertion.
- deep copy ip6 header portion in ip6_mloopback to avoid overwrite.
- do not bark when we forward packet to loopback.
- some cosmetics.
 2000-06-03 14:36:32 +00:00
itojun 4308599c5a disallow bind(2) with IPv4 mapped address for now. port number check is 
insufficient at this moment and we can bind(2) two sockets listen on same
port number.

for real fix, we need to check inpcb table with in6pcb.  we can't
find inpcb chain from particular in6pcb chain (like finding tcbtable from tcb6)
luckily RFC2553 does not talk about bind(2) behavior for IPv4 mapped.
IPv4 mapped brings in too much complexities...
 2000-05-29 00:03:18 +00:00
itojun 52c11b789a bump kame revision id 2000-03-02 07:15:39 +00:00
itojun ded4e9540a properly handle notifies from icmp6, so that we can properly reflect 
redirects/unreach to transport layer. (sync with latest kame)
 2000-03-02 06:42:52 +00:00
itojun 90736ab608 fix include pathname for better rfc2292 compliance. 2000-02-06 12:49:37 +00:00
itojun 03993c84d3 use u_int16_t, not u_short, for port #. 2000-02-03 13:17:39 +00:00
itojun 54cb3be873 remove #if 0'ed code 2000-02-03 12:50:05 +00:00
thorpej c1185c1020 PRU_PURGEADDR -> PRU_PURGEIF, per a discussion w/ itojun. In the IPv4 
and IPv6 code, also use this to traverse PCB tables, looking for cached
routes referencing the dying ifnet, forcing them to be refreshed.
 2000-02-02 23:28:08 +00:00
thorpej 33e8c5b1df Improve the readability of one small piece of code. 2000-02-01 00:18:29 +00:00
itojun 1a2a1e2b1f bring in latest KAME ipsec tree. 
- interop issues in ipcomp is fixed
- padding type (after ESP) is configurable
- key database memory management (need more fixes)
- policy specification is revisited

XXX m->m_pkthdr.rcvif is still overloaded - hope to fix it soon
 2000-01-31 14:18:52 +00:00
itojun cd5093498d make setsockopt(IPV6_PORTRANGE) work. obeys IPNOPRIVPORTS. 2000-01-26 17:06:36 +00:00
itojun b3761abef8 remove extra portability #ifdef (like #ifdef __FreeBSD__) in KAME IPv6/IPsec 
code, from netbsd-current repository.
#ifdef'ed version is always available from ftp.kame.net.

XXX please do not make too many diff-unfriendly changes, we'll need to take
bunch of diffs on upgrade...
 2000-01-06 15:46:07 +00:00
itojun 2e904aec57 make IPV6_BINDV6ONLY setsockopt available. it controls behavior of 
AF_INET6 wildcard listening socket.  heavily documented in ip6(4).
net.inet6.ip6.bindv6only defines default value.  default is 1.

"options INET6_BINDV6ONLY" removes any code fragment that supports
IPV6_BINDV6ONLY == 0 case (not defopt'ed as use of this is rare).
 2000-01-06 06:41:18 +00:00
itojun ea861f0183 sync IPv6 part with latest KAME tree. IPsec part is left unmodified 
due to massive changes in KAME side.
- IPv6 output goes through nd6_output
- faith can capture IPv4 packets as well - you can run IPv4-to-IPv6 translator
  using heavily modified DNS servers
- per-interface statistics (required for IPv6 MIB)
- interface autoconfig is revisited
- udp input handling has a big change for mapped address support.
- introduce in4_cksum() for non-overwriting checksumming
- introduce m_pulldown()
- neighbor discovery cleanups/improvements
- netinet/in.h strictly conforms to RFC2553 (no extra defs visible to userland)
- IFA_STATS is fixed a bit (not tested)
- and more more more.

TODO:
- cleanup os-independency #ifdef
- avoid rcvif dual use (for IPsec) to help ifdetach

(sorry for jumbo commit, I can't separate this any more...)
 1999-12-13 15:17:17 +00:00