Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
146,670 Commits 606 Branches 0 Tags 3.1 GiB
ed0efbc5de
Commit Graph

898 Commits

Author SHA1 Message Date
gdt
b0239c745e Add PR_PURGEIF flag for protocols to indicate that the protocol might 
store a struct ifnet *, and define it for udp/tcp/rawip for INET and
INET6.  When deleting a struct ifnet, invoke PRU_PURGEIF on all
protocols marked with PR_PURGEIF.  Closes PR kern/29580 (mine).
 2005-07-19 12:58:24 +00:00
tron
58b513c9f5 Defopt IPSEC_NAT_T. 2005-07-07 16:00:56 +00:00
christos
7642adc771 match the declarations in libipsec.h 2005-06-26 21:14:37 +00:00
mlelstv
d23f1d6e16 expire cached route. Fixes PR 22792. 2005-06-26 10:39:21 +00:00
tron
c86b2622dd Change the first argument of the encapsulation check function from 
"const struct mbuf *" to "struct mbuf *". Without this change the
actual implementation cannot even use m_copydata() on the mbuf chain
which is broken.
 2005-06-02 15:21:35 +00:00
tron
41dcb3a310 Remove type casts and lint directives which are now longer necessary 
because the first argument of m_copydata() is "const struct mbuf *" now.
 2005-06-02 10:54:58 +00:00
christos
2ab31527e2 - avoid shadowed variables 
- sprinkle const.
 2005-05-29 21:43:51 +00:00
christos
6dbf0e5b0a avoid silly static variables that even caused nesting issues, not to mention 
reentrancy concerns.
 2005-05-29 21:43:09 +00:00
seanb
40b52d3132 - Arithmetic error when calculating ticks to nd6_llinfo_settimer(). 
- Reviewed by christos.
 2005-05-27 22:26:25 +00:00
manu
7c6ffb8ab4 Use NAT-T ports for AH and IPcomp too. 2005-05-20 01:25:17 +00:00
christos
362a4a0bd5 Yes, it was a cool trick >20 years ago to use "0123456789abcdef"[a] to 
implement, xtoa(), but I think defining the samestring 50 times is a bit
too much. Defined HEXDIGITS and hexdigits in subr_prf.c and use it...
 2005-05-17 04:14:57 +00:00
christos
7d0b65d656 PR/30154: YAMAMOTO Takashi: tcp_close locking botch 
One more so_uid -> so_uidinfo change.
 2005-05-07 17:44:11 +00:00
yamt
34c3fec469 move decl of inetsw to its own header to avoid array of incomplete type. 
found by gcc4.  reported by Adam Ciarcinski.
 2005-04-29 10:39:09 +00:00
manu
455d55f55b Enhance IPSEC_NAT_T so that it can work with multiple machines behind the 
same NAT.
 2005-04-23 14:05:28 +00:00
yamt
df9d0a0359 disable loopback checksum omission for udp6. 
i forgot to commit this with:
http://mail-index.NetBSD.org/source-changes/2005/04/18/0023.html
 2005-04-22 11:56:33 +00:00
itojun
f1fe53f0ac AES counter mode uses 8byte IV, not 16 bytes. 
msa@burp.tkv.asdf.org, Juha.Leppilahti@iki.fi
 2005-04-22 02:43:39 +00:00
tron
6589458a53 Make sure that prefixes get purged. This fixes PR kern/21189, 
PR kern/25968 and PR kern/27873.
 2005-04-03 11:02:27 +00:00
atatat
5b8a6c916d Revert the change that made kern.file2 and net.*.*.pcblist into nodes 
instead of structs.  It had other deleterious side-effects that are
rather nasty.  Another solution must be found.
 2005-03-11 06:16:15 +00:00
atatat
ca63da437a Change types of kern.file2 and net.*.*.pcblist to NODE 2005-03-10 05:43:25 +00:00
itojun
b64c75b041 correct mistake reported by VANHULLEBUS Yvan 2005-03-09 14:17:13 +00:00
atatat
7c62c74d09 Add the following nodes to the sysctl tree: 
net.local.stream.pcblist
	net.local.dgram.pcblist
	net.inet.tcp.pcblist
	net.inet.udp.pcblist
	net.inet.raw.pcblist
	net.inet6.tcp6.pcblist
	net.inet6.udp6.pcblist
	net.inet6.raw6.pcblist

which allow retrieval of the pcbs in use for those protocols.  The
struct involved is 32/64 bit clean and incorporates parts of struct
inpcb, struct unpcb, a bit of struct tcpcb, and two socket addresses.
 2005-03-09 05:07:19 +00:00
itojun
015b260743 make ip6_getpmtu back to static 2005-02-28 09:27:07 +00:00
perry
f07677dd81 nuke trailing whitespace 2005-02-26 22:45:09 +00:00
manu
5c217c1a67 Add support for IPsec Network Address Translator traversal (NAT-T), as 
described by RFC 3947 and 3948.
 2005-02-12 12:31:07 +00:00
itojun
692c601c25 backout 1.54. heurestic code should never be used. if you experience DAD 
failure, suspect your driver, not ND code.
 2005-02-10 02:57:17 +00:00
drochner
e1e8770b32 Give DAD a chance to succeed even if the network is "slightly broken" 
(in my case it as a switch set to "monitor" mode):
If we see an NS request for the address we are just probing for, for
three times the number of DAD packets we are supposed to send (the
"ip6.dad_count" sysctl variable), assume that these are our own packets
and let DAD succeed.
The code for this was mostly there, commented out. Just needed some fixes.
The "three times" is heuristic of course.
Being here, reset the "dad_ns_tcount" variable on a successful send;
otherwise we get strange interdependencies with user-settable variables
(ever tried to set ip6.dad_count to something >15?).
 2005-02-02 20:56:27 +00:00
drochner
dc86361844 remove the unused in6_ifindex2scopeid() 
if at all, it works with site-local addresses whose fate is uncertain
to say the least
 2005-02-01 15:29:23 +00:00
drochner
5d0cfbc9bd sin6_scope_id maps to interface indices for link local addresses only! 
(unlikely to be used with other scopes for now, but we should be
correct anyway)
 2005-02-01 14:56:17 +00:00
matt
d341be30f4 Change initialzie of domains to use link sets. Switch to using STAILQ. 
Add a convenience macro DOMAIN_FOREACH to interate through the domain.
 2005-01-23 18:41:56 +00:00
itojun
57fd095fdf shouldn't check code field on "packet too big" icmp6 message. 2005-01-17 10:16:07 +00:00
drochner
e5653b8213 remove a redundant check for ifindex2ifnet[idx] != 0 2004-12-21 11:40:12 +00:00
drochner
f44d9a5791 fix ifindex argument checks for IPV6_JOIN_GROUP, 
IPV6_LEAVE_GROUP and IPV6_MULTICAST_IF -
0 is always legal
 2004-12-21 11:37:47 +00:00
thorpej
7994b6f95e Don't perform checksums on loopback interfaces. They can be reenabled with 
the net.inet.*.do_loopback_cksum sysctl.

Approved by: groo
 2004-12-15 04:25:19 +00:00
peter
396b87b8c2 Convert lo(4) to a clonable device. 
This also removes the loif array and changes all code to use the new
lo0ifp pointer which points to the lo0 ifnet structure.

Approved by christos.
 2004-12-04 16:10:25 +00:00
christos
694d5b6a91 We don't need to include bpfilter.h 2004-11-28 02:37:38 +00:00
itojun
5bcaef8e92 wrong paren. Patrick Latifi 2004-11-17 03:20:53 +00:00
itojun
bc559f51c6 remove extra code mistakenly committed 2004-10-27 23:16:56 +00:00
itojun
70fc307de9 missing break; Emmanuel Dreyfus 2004-10-27 22:26:50 +00:00
itojun
5e3841214f no need to call defrouter_select() here any more; jinmei 2004-10-26 07:03:29 +00:00
itojun
830e5a5fbf more cleanup on onlink assumption; jinmei 2004-10-26 06:54:53 +00:00
itojun
b5f3688c67 remove onlink assumption behavior (consider destination on-link if default 
router list is empty) based on recent IETF ipv6 discussion (RFC2461 5.2).

fix "ndp -I delete".
 2004-10-26 06:08:00 +00:00
itojun
75259d166c ip6_flow_seq is no longer available. 2004-10-18 01:43:43 +00:00
yamt
056303b850 rip6_output: redo raw_ip6.c 1.67-1.67, using m_copyback_cow. 2004-09-06 10:05:14 +00:00
manu
6e3c639957 IPv4 PIM support, based on a submission from Pavlin Radoslavov posted on 
tech-net@
 2004-09-04 23:29:44 +00:00
yamt
39dd3d0c5d run PFIL_IFADDR hooks on SIOCAIFADDR_IN6 and SIOCDIFADDR_IN6 as well. 
from Peter Postma, PR/26368.
ok'ed by itojun.
 2004-07-26 13:44:35 +00:00
yamt
e08729e055 rip6_output: redo the previous (raw_ip6.c 1.66) 
with less assumptions about alignment.
 2004-07-23 09:53:10 +00:00
yamt
540e6d4640 rip6_output: make sure that the mbuf is writable 
before write a checksum into it.
otherwise "ping6 -s50000" causes a panic.

ok'ed by itojun.
 2004-07-22 05:26:46 +00:00
itojun
3f35f96f9a prevent mbuf leak on IPsec tunnel mode. from iij seil team 2004-07-16 01:12:02 +00:00
itojun
8da378abea - update ro_pmtu on IPsec tunnel encapsulation. ro != ro_pmtu is used as the 
sign for the existence of routing header.
- fragment to 1280 on IPv6-over-IPv6 encapsulation, as ICMPv6 too big may not
  give you enough information to update pmtu cache.

from iij seil team, via kame.
 2004-07-14 03:06:08 +00:00
minoura
c3ed038115 Remove broken code for now: getsockopt(s, IPPROTO_IP, IP_IPSEC_POLICY,...). 
It returned EINVAL, now returns ENOPROTOOPT.
Ok'd by itojun.
 2004-07-06 04:30:27 +00:00
drochner
05da173d52 abstain from typecasting the LHS of an assignment; 
gcc-3.4.x doesn't like it
 2004-06-24 16:49:51 +00:00
itojun
b791f5f740 error could be left uninitialized when we jump into "senderr" 2004-06-24 15:01:51 +00:00
itojun
0f18c4c945 multicast data management fix - previous fix was incorrect. jinmei@kame 2004-06-16 03:17:26 +00:00
itojun
ec7ac551be insufficient paren in macro def. Patrick Latifi 2004-06-16 02:36:37 +00:00
itojun
2e60f85658 use macro and make it a bit more readable. 2004-06-14 08:07:29 +00:00
itojun
4d7b9596f6 check before joining multicast group. otherwise multiple in6_multi structure 
will be kept.  reported by patrick latifi
 2004-06-14 07:54:45 +00:00
itojun
501233726d implement IPV6_USE_MIN_MTU sockopt. needed by bind9 + EDNS0 + big receive buffer. 2004-06-11 04:10:10 +00:00
itojun
56e182b708 there's no use to check privs on curproc in the input path. jinmei@kame 2004-06-01 03:13:22 +00:00
atatat
4de3747b89 Sysctl descriptions under net subtree (net.key not done) 2004-05-25 04:33:59 +00:00
itojun
32e4b55076 do not loop on nd6_output() when transmission fails. from kame 2004-05-19 17:45:05 +00:00
jonathan
f7abb16323 Fix per-PCB IPsec policy cache for FAST_IPSEC: 
The sys/netipsec policy-cache (added by Jason Thorpe as a rewrite of
the KAME per-PCB policy cache) assumes that policy-cacheable PCBs
always has a non-NULL inph_sp in the common PCB header.  So we must
do all the per-PCB policy cache calls when either (KAME) IPSEC, or
FAST_IPSEC is defined.  ``Make it so''.

We can now support non-IPsec'ed IPv6 traffic, when both
``options FAST_IPSEC'' and ``options INET6'' are configured.
 2004-04-26 01:53:59 +00:00
simonb
b5d0e6bf06 Initialise (most) pools from a link set instead of explicit calls 
to pool_init.  Untouched pools are ones that either in arch-specific
code, or aren't initialiased during initial system startup.

 Convert struct session, ucred and lockf to pools.
 2004-04-25 16:42:40 +00:00
itojun
cb0651e44a correct parameter to in6_cksum. keiichi@kame 2004-04-22 17:58:59 +00:00
matt
e50668c7fa Constify protosw arrays. This can reduce the kernel .data section by 
over 4K (if all the network protocols) are loaded.
 2004-04-22 01:01:40 +00:00
itojun
5da9234d88 remove duplicated #include. PR 25234 2004-04-20 17:12:03 +00:00
atatat
83b193a052 Make these compile without INET. tcp_input probably needs a lot more 
work...
 2004-03-29 04:59:02 +00:00
christos
d6939c86f1 no need for splsoftnet, because the caller does it already. 2004-03-28 08:28:50 +00:00
christos
03766c2d10 PR/23335: Christos Zoulas: Removing interfaces trashes free memory when 
ipv6 is used because multicast group memberships contain dangling references
to the multicast group deleted.
 2004-03-28 08:28:06 +00:00
itojun
e050c8a03d do not touch m->m_pkthdr.rcvif after m becomes invalid. Patrick Latifi 2004-03-26 03:35:02 +00:00
atatat
19af35fd0d Tango on sysctl_createv() and flags. The flags have all been renamed, 
and sysctl_createv() now uses more arguments.
 2004-03-24 15:34:46 +00:00
martti
c3f78782b9 Make ip6_getpmtu() globally visible. This is needed by IPFilter 4.x. 2004-03-23 18:21:38 +00:00
itojun
3811eef49d typo 2004-03-23 05:31:54 +00:00
itojun
721292cf12 constify AH algorithm function table. suggested by robert watson 2004-03-10 03:45:04 +00:00
thorpej
2803ff0955 Use the new IPSEC_PCB_SKIP_IPSEC() to bypass a socket policy lookup 
when possible.  This shaves several cycles from the output path for
non-IPsec connections, even if the policy is cached in the PCB.
 2004-03-02 02:28:28 +00:00
thorpej
db4fcd885b Augment the PCB cache with a "hint" that can be used to short-circuit 
IPsec processing in other places.  The hint has 3 values: MAYBE, YES,
and NO.  Hints are initialized to MAYBE, and MAYBE is always used for
unconnected sockets (since the spidx may change for every packet
that is output).  For connected sockets, NONE and BYPASS policies cause
the hint to be set to NO, and all other policies to YES.

Also shuffle the PCB cache data structure, turning 3 arrays into a
single array of a struct.
 2004-03-02 02:17:38 +00:00
itojun
581091043b knf 2004-03-01 22:32:35 +00:00
wiz
f05e6f1a3a occured -> occurred. From Peter Postma. 2004-02-24 15:12:51 +00:00
itojun
aaa4bd9a6c avoid out-of-bound memory access if len == 128. 
from Ted Unangst via Colin Percival
 2004-02-23 05:01:04 +00:00
wiz
d20841bb64 Uppercase CPU, plural is CPUs. 2004-02-13 11:36:08 +00:00
itojun
d93f7028c1 we have IFT_BRIDGE already, no need for #ifdef 2004-02-11 20:51:24 +00:00
christos
bcdf1b194a We don't have IFT_{PFLOG,PFSYNC} (yet). 2004-02-11 17:36:33 +00:00
itojun
abd93ec67b minor KNF 2004-02-11 10:54:29 +00:00
itojun
5d3b18b4a4 KNF 2004-02-11 10:47:28 +00:00
itojun
57cbd26e09 missing bzero 2004-02-11 10:42:24 +00:00
itojun
6c8714a95e avoid ugly typecast 2004-02-11 10:37:33 +00:00
itojun
e2d302c40d reduce useless variables 2004-02-10 20:57:20 +00:00
itojun
c5cb8d59c0 remove unneeded #ifdef 2004-02-06 08:07:55 +00:00
tron
d23ecc0dca Remove outdated prototype for ip6_getpmtu(). The function has a different 
signature now and is statically declared in "ip6_output.c".
 2004-02-04 10:31:27 +00:00
itojun
70e51fdcf0 strictly follow RFC2460 section 5 last paragraph 
(sending rule when PMTU < 1280).  pointed out by guninski at guninski.com
 2004-02-04 05:17:28 +00:00
darrenr
5915fd3874 make ip6_getpmtu() externally visible 2004-01-24 13:02:41 +00:00
itojun
092e41da38 do not lookup security policy if IPV6_FORWARDING. 
avoids possible infinite ipsec encapsulation on
        ip6_input -> ip6_forward -(tunnel mode)-> ip6_output
case.  from kame
 2004-01-19 05:14:58 +00:00
itojun
cdaa27b23a when ipsec tunnel mode is applied, we are originating packet (instead of 
forwarding).  go to ip6_output() path for fragmentation and other processing.
from kame
 2004-01-16 05:12:08 +00:00
itojun
8dcc7f31aa typo. 
http://sources.zabbadoz.net/freebsd/patchset/108-ipsec-spelling.diff
 2004-01-13 23:02:00 +00:00
itojun
1101ef17d0 plug memory leak on failure. 
http://sources.zabbadoz.net/freebsd/patchset/109-ipsec-memleak.diff
 2004-01-13 23:01:08 +00:00
itojun
3ffdb9507a avoid deref-after-free. 
http://sources.zabbadoz.net/freebsd/patchset/106-ipsec-pcb-discon.diff
 2004-01-13 06:17:14 +00:00
wiz
d46bc94200 Niels Provos kindly agreed to drop clauses 3 and 4 from the 
license -- thanks.
Based on OpenBSD commit and hints by itojun.
 2003-12-26 19:04:55 +00:00
lha
2b1cb68e2f Fix ICMPV6CTL_ND6_[DP]RLIST, they broke with new sysctl. 
Makes ndp -r/ndp -p work again, patch from atatat
 2003-12-17 18:49:38 +00:00
itojun
d8ac1c6007 fix cases where pktinfo specifies outgoing interface of "0". 2003-12-10 22:35:35 +00:00
itojun
aa8a6718f0 use if_indexlim (instead of if_index) and ifindex2ifnet[x] != NULL 
to check if interface exists, as (1) if_index has different meaning
(2) ifindex2ifnet could become NULL when interface gets destroyed,
since when we have introduced dynamically-created interfaces.  from kame
 2003-12-10 11:46:33 +00:00
itojun
561720b19b validate set/getsockopt arg more strictly. with previous code privileged 
user can cause kernel crash.
 2003-12-10 09:28:38 +00:00