Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
119,565 Commits 606 Branches 0 Tags 3.1 GiB
Commit Graph

70 Commits

Author SHA1 Message Date
itojun 98d5598feb when dropping M_PKTHDR, need to free m_tag associated with it. 2003-10-03 20:56:11 +00:00
itojun 32e3deae21 randomize IPv4/v6 fragment ID and IPv6 flowlabel. avoids predictability 
of these fields.  ip_id.c is from openbsd.  ip6_id.c is adapted by kame.
 2003-09-06 03:36:30 +00:00
itojun a245b3dc6d u_short -> u_int16_t. sync w/ kame. 
don't set ip6_plen where unneeded (i.e. before calling ip6_output)
 2003-09-05 23:20:48 +00:00
itojun 19d8b9bfea don't use m_cat to mbuf of different types. KAME-PR-495 2003-09-04 03:07:33 +00:00
itojun ff512e5035 don't commit value into ip6_ptkopts until the validation is done. 
(note: the code will be updated with 2292bis definition soon, hopefully)
 2003-08-25 00:10:27 +00:00
itojun 11ede1ed88 remove ipsec_set/getsocket. now we explicitly pass socket * to ip{,6}_output. 2003-08-22 22:00:36 +00:00
itojun 82eb4ce914 change the additional arg to be passed to ip{,6}_output to struct socket *. 
this fixes KAME policy lookup which was broken by the previous commit.
 2003-08-22 21:53:01 +00:00
jonathan 9339ef0381 Change KAME code for ip_output()/ip6_output() to obtain struct socket* 
from the explicit inpcb*/in6pcb* argument.  set_socket() becomes redundant.
 2003-08-22 20:29:00 +00:00
jonathan 902669955f Replace the set_socket() method of passing an extra struct socket* 
argument to ip6_output() with a new explicit struct in6pcb* argument.
(The underlying socket can be obtained via in6pcb->inp6_socket.)

In preparation for fast-ipsec.  Reviewed by itojun.
 2003-08-22 20:20:09 +00:00
agc aad01611e7 Move UCB-licensed code from 4-clause to 3-clause licence. 
Patches provided by Joel Baker in PR 22364, verified by myself.
 2003-08-07 16:26:28 +00:00
itojun 7a5741651c - sync up MLD declaration with RFC3542 (s/MLD6/MLD/) 
- routing header declaration with RFC3542
  (note: sizeof(ip6_rthdr0) has changed!)
  also, sync up with RFC2460 routing header definition (no "strict" source
  routing mode any more)

part of advanced API update (RFC2292 -> 3542).
 2003-06-06 08:13:43 +00:00
perry 4f27ab21b8 /*CONTCOND*/ while (0)'ed macros 2002-11-02 07:30:55 +00:00
itojun ad337ee31a plug a memory leak. from sam leffler. sync w/kame 2002-10-31 17:36:16 +00:00
itojun ce1bd42a2c length field on PADN option, before jumbo payload option was wrong. 
sync w/kame
 2002-09-23 13:28:55 +00:00
itojun 9401012487 KNF - return is not a function. sync w/kame. 2002-09-11 02:46:42 +00:00
itojun 6dedde045a correct signedness mixup in pointer passing. sync w/kame 2002-09-11 02:41:19 +00:00
itojun b05ff066a7 whitespace cleanup 2002-06-09 14:43:10 +00:00
itojun 6d8d0d63d8 sync with latest KAME in6_ifaddr/prefix/default router manipulation. 
behavior changes:
- two iocts used by ndp(8) are now obsolete (backward compat provided).
  use sysctl path instead.
- lo0 does not get ::1 automatically.  it will get ::1 when lo0 comes up.
 2002-06-08 21:22:29 +00:00
itojun a1e0f0f9a7 sync IPV6_CHECKSUM handling with kame. 2002-06-07 22:03:02 +00:00
itojun 4e9401b698 comment 2002-06-07 17:13:56 +00:00
itojun ac03214470 whitespace 2002-06-07 14:48:56 +00:00
itojun 3e3b75590b remove #if 0'ed portion 2002-06-07 14:43:11 +00:00
itojun 05f0c3e705 KNF a bit 2002-06-07 14:29:10 +00:00
itojun 06ed16c31d typo 2002-06-07 04:18:11 +00:00
itojun 922b4012cc 'fall through' is not a valid LINT keyword. 2002-06-07 04:07:55 +00:00
itojun 3449ca6d23 do not try to update rmx_mtu if rmx_mtu == 0 (obey ifmtu) 2002-05-31 03:18:54 +00:00
itojun 5c1df51d53 attach nd_ifinfo structure into if_afdata. 
split IPv6 link MTU (advertised by RA) from real link MTU.
sync with kame
 2002-05-29 07:53:39 +00:00
itojun 64109d267c make sure to check address family in route cache 
(I really hate IPv4 mapped address...)
 2002-03-28 01:33:50 +00:00
itojun ebb1c82ec5 centralize multicast group management (in6_join/leavegroup). 
have a flag for ip6_output() to fragment to minimum MTU.
sync with kame
 2001-12-20 07:26:36 +00:00
itojun 1cad8e6085 reduce white space/cosmetic diffs w/kame. 2001-12-18 03:04:02 +00:00
lukem 4f2ad95259 add RCSIDs 2001-11-13 00:56:55 +00:00
itojun 73f4e5001f more whitespace sync with kame 2001-10-24 06:36:37 +00:00
itojun ae5499819c reduce diffs with kame (mostly cosmetic). 
move IPV6_CHECKSUM processing to sys/netinet6/raw_ip6.c.
constify a couple of places.
 2001-10-18 07:44:33 +00:00
itojun dfb1429789 unifdef OLDIP6OUTPUT 2001-10-17 08:23:05 +00:00
itojun 91498ffec5 implement IPV6_V6ONLY socket option from draft-ietf-ipngwg-rfc2553bis-03.txt. 
IPV6_BINDV6ONLY (netbsd only) is deprecated, but still work just like before.
 2001-10-15 09:51:15 +00:00
itojun 8b646a5273 remove IPV6FIREWALL case, which is never used 2001-06-11 13:49:18 +00:00
itojun f4e4c674a7 disallow userland programs from specifying addresses with IPV6_PKTINFO 
setsockopt, if:
- the address is not verified by DAD (= not ready)
- the address is an anycast address (= not permitted as source)
sync with kame
 2001-04-11 04:57:53 +00:00
itojun 92969654c0 enable FAKE_LOOPBACK_IF case by default. 
now traffic on loopback interface will be presented to bpf as normal wire
format packet (without KAME scopeid in s6_addr16[1]).

fix KAME PR 250 (host mistakenly accepts packets to fe80::x%lo0).

sync with kame.
 2001-03-30 11:08:56 +00:00
itojun 2fb1887b31 re-initialize mopt in ip6_insert_jumboopt(). sync with kame 
From: csapuntz@stanford.edu
 2001-03-25 09:58:43 +00:00
itojun 93b8b31feb set rmx_mtu to L2 interface mtu, instead of 0, on mtudisc timeout. 
ip6_output() change is for safety.  sync with kame
 2001-03-21 07:52:13 +00:00
itojun e1f4f77960 to sync with kame better, (1) remove register declaration for variables, 
(2) sync whitespaces, (3) update comments. (4) bring in some of portability
and logging enhancements.  no functional changes here.
 2001-02-10 04:14:26 +00:00
itojun 172e802b90 bad semicolon after "if" conditional. sync with kame 2001-02-06 01:27:29 +00:00
itojun d17dfd2fc0 avoid panic when a packet with nonexistent link-local address is issued. 
kame 1.151 -> 1.152.
 2001-02-02 15:54:56 +00:00
itojun 617b3fab7e - record IPsec packet history into m_aux structure. 
- let ipfilter look at wire-format packet only (not the decapsulated ones),
  so that VPN setting can work with NAT/ipfilter settings.
sync with kame.

TODO: use header history for stricter inbound validation
 2001-01-24 09:04:15 +00:00
thorpej 65fd25ea82 Restructure the PFIL_HOOKS mechanism a bit: 
- All packets are passed to PFIL_HOOKS as they come off the wire, i.e.
  fields in protocol headers in network order, etc.
- Allow for multiple hooks to be registered, using a "key" and a "dlt".
  The "dlt" is a BPF data link type, indicating what type of header is
  present.
- INET and INET6 register with key == AF_INET or AF_INET6, and
  dlt == DLT_RAW.
- PFIL_HOOKS now take an argument for the filter hook, and mbuf **,
  an ifnet *, and a direction (PFIL_IN or PFIL_OUT), thus making them
  less IP (really, IP Filter) centric.

Maintain compatibility with IP Filter by adding wrapper functions for
IP Filter.
 2000-11-11 00:52:36 +00:00
itojun cb1745c4f9 make IFA_STATS really work on IPv6. 2000-10-23 03:45:25 +00:00
itojun cabceaa265 - icmp6 nodeinfo: remove possibility of unaligned pointer access. 
- jumbo payload output: fix incorrect mbuf manipulation
- pedant: align issues, mbuf assumption
(sync with kame)
 2000-08-19 08:15:53 +00:00
itojun 210a3e2f80 remove unnecessary #include <netkey/key_debug.h>. from kame. 2000-07-06 12:51:39 +00:00
itojun 278184a8ab avoid possible mbuf leaks on ipsec policy violation.(sync with kame) 2000-06-20 02:24:42 +00:00
itojun 9d853e8a4f sync with kame. 
- use latest source address selection code - in6_src.c.
- correct frag header insertion.
- deep copy ip6 header portion in ip6_mloopback to avoid overwrite.
- do not bark when we forward packet to loopback.
- some cosmetics.
 2000-06-03 14:36:32 +00:00