Commit Graph

22 Commits

Author SHA1 Message Date
itojun 4308599c5a disallow bind(2) with IPv4 mapped address for now. port number check is
insufficient at this moment and we can bind(2) two sockets listen on same
port number.

for real fix, we need to check inpcb table with in6pcb.  we can't
find inpcb chain from particular in6pcb chain (like finding tcbtable from tcb6)
luckily RFC2553 does not talk about bind(2) behavior for IPv4 mapped.
IPv4 mapped brings in too much complexities...
2000-05-29 00:03:18 +00:00
itojun 52c11b789a bump kame revision id 2000-03-02 07:15:39 +00:00
itojun ded4e9540a properly handle notifies from icmp6, so that we can properly reflect
redirects/unreach to transport layer. (sync with latest kame)
2000-03-02 06:42:52 +00:00
itojun 90736ab608 fix include pathname for better rfc2292 compliance. 2000-02-06 12:49:37 +00:00
itojun 03993c84d3 use u_int16_t, not u_short, for port #. 2000-02-03 13:17:39 +00:00
itojun 54cb3be873 remove #if 0'ed code 2000-02-03 12:50:05 +00:00
thorpej c1185c1020 PRU_PURGEADDR -> PRU_PURGEIF, per a discussion w/ itojun. In the IPv4
and IPv6 code, also use this to traverse PCB tables, looking for cached
routes referencing the dying ifnet, forcing them to be refreshed.
2000-02-02 23:28:08 +00:00
thorpej 33e8c5b1df Improve the readability of one small piece of code. 2000-02-01 00:18:29 +00:00
itojun 1a2a1e2b1f bring in latest KAME ipsec tree.
- interop issues in ipcomp is fixed
- padding type (after ESP) is configurable
- key database memory management (need more fixes)
- policy specification is revisited

XXX m->m_pkthdr.rcvif is still overloaded - hope to fix it soon
2000-01-31 14:18:52 +00:00
itojun cd5093498d make setsockopt(IPV6_PORTRANGE) work. obeys IPNOPRIVPORTS. 2000-01-26 17:06:36 +00:00
itojun b3761abef8 remove extra portability #ifdef (like #ifdef __FreeBSD__) in KAME IPv6/IPsec
code, from netbsd-current repository.
#ifdef'ed version is always available from ftp.kame.net.

XXX please do not make too many diff-unfriendly changes, we'll need to take
bunch of diffs on upgrade...
2000-01-06 15:46:07 +00:00
itojun 2e904aec57 make IPV6_BINDV6ONLY setsockopt available. it controls behavior of
AF_INET6 wildcard listening socket.  heavily documented in ip6(4).
net.inet6.ip6.bindv6only defines default value.  default is 1.

"options INET6_BINDV6ONLY" removes any code fragment that supports
IPV6_BINDV6ONLY == 0 case (not defopt'ed as use of this is rare).
2000-01-06 06:41:18 +00:00
itojun ea861f0183 sync IPv6 part with latest KAME tree. IPsec part is left unmodified
due to massive changes in KAME side.
- IPv6 output goes through nd6_output
- faith can capture IPv4 packets as well - you can run IPv4-to-IPv6 translator
  using heavily modified DNS servers
- per-interface statistics (required for IPv6 MIB)
- interface autoconfig is revisited
- udp input handling has a big change for mapped address support.
- introduce in4_cksum() for non-overwriting checksumming
- introduce m_pulldown()
- neighbor discovery cleanups/improvements
- netinet/in.h strictly conforms to RFC2553 (no extra defs visible to userland)
- IFA_STATS is fixed a bit (not tested)
- and more more more.

TODO:
- cleanup os-independency #ifdef
- avoid rcvif dual use (for IPsec) to help ifdetach

(sorry for jumbo commit, I can't separate this any more...)
1999-12-13 15:17:17 +00:00
itojun 70ada0957e sync with recent KAME.
- loosen ipsec restriction on packet diredtion.
- revise icmp6 redirect handling on IsRouter bit.
- tcp/udp notification processing (link-local address case)
- cosmetic fixes (better code share across *BSD).
1999-07-31 18:41:15 +00:00
itojun c74f79d16f fix faith interface support. need testing.
(i understand this is a dirty hack, of course)
1999-07-17 07:07:08 +00:00
thorpej f9a7668b3f defopt IPSEC and IPSEC_ESP (both into opt_ipsec.h). 1999-07-09 22:57:15 +00:00
itojun 9b74747370 s/splnet/splsoftnet/ in IPv6/IPsec part.
hope I made no mistake (the kernel works fine but I need a regress test)

Suggested by: thorpej
1999-07-04 02:01:15 +00:00
thorpej cd3a345ea0 RCS ID police. 1999-07-03 21:24:45 +00:00
itojun af58d5709d try to get a non-conflicting port # when bind(2) to port number 0
is called.
1999-07-02 19:57:05 +00:00
itojun 243585320c expand insque/remque (quick hack). fundamental fix should be done
while clarifying relationship between inpcb and in6pcb.

PR: 7891
1999-07-02 12:43:42 +00:00
itojun 118d2b1d4f IPv6 kernel code, based on KAME/NetBSD 1.4, SNAP kit 19990628.
(Sorry for a big commit, I can't separate this into several pieces...)
Pls check sys/netinet6/TODO and sys/netinet6/IMPLEMENTATION for details.

- sys/kern: do not assume single mbuf, accept chained mbuf on passing
  data from userland to kernel (or other way round).
- "midway" ATM card: ATM PVC pseudo device support, like those done in ALTQ
  package (ftp://ftp.csl.sony.co.jp/pub/kjc/).
- sys/netinet/tcp*: IPv4/v6 dual stack tcp support.
- sys/netinet/{ip6,icmp6}.h, sys/net/pfkeyv2.h: IETF document assumes those
  file to be there so we patch it up.
- sys/netinet: IPsec additions are here and there.
- sys/netinet6/*: most of IPv6 code sits here.
- sys/netkey: IPsec key management code
- dev/pci/pcidevs: regen

In my understanding no code here is subject to export control so it
should be safe.
1999-07-01 08:12:45 +00:00
itojun 74d3c214ec KAME/NetBSD 1.4 SNAP kit, dated 19990628.
NOTE: this branch (kame) is used just for refernce.  this may not compile
due to multiple reasons.
1999-06-28 06:36:47 +00:00