KAME/NetBSD integration TODOs $NetBSD: TODO,v 1.12 2000/02/05 18:11:41 itojun Exp $ Jun-ichiro itojun Hagino This file talks about issues/TODOs in KAME/NetBSD integration. For details about original KAME distribution, please refer to sys/netinet6/IMPLEMENTATION, or documents in KAME distribution. KERNEL ====== * net/if_types.h IFT_GIF and IFT_FAITH are not defined in IANA assignment, but we need to define these two (they are essential). If it is prohibited to define these, where should we check to get interface type? if_xname? * ATM PVC support in Adaptec/ENI ATM driver Is it MI enough? If not, would you like it to be removed from the tree? Actually this is quite useful (we use it in Japanese ATM PVC leased line service and is quite stable). * mbuf pullup consideration KAME IPv6 onion-peeling routine assumes that headers are contiguous on mbufs. For this we impose little restriction on drivers (namely, MINCLSIZE has been modified for this). From stats we gathered it has no impact on performance (maybe better due to less m_pullup), but some of you may not like this (you may hate deep-copy code in net/if_loop.c). We may need to implement safer way, something similar to m_pullup(). I have an idea but I still need some time for this. I'll test this in KAME tree and then will bring it to NetBSD. (NOTE: m_pullup is not very useful for IPv6 as the chained header length can easily exceed MHLEN. Remember, IPv6 header itself already occupies 40 bytes) KAME team is doing experiments with m_pulldown(). will migrate to m_pulldown() after stabilization. working nicely but need more tests and code reviews. * ipsec socket pointer We currently reuse m_pkthdr.rcvif for ipsec socket pointer, and ipf and other code does not like this. It is planned to add m->m_pkthdr.aux (pointer to mbuf chain) to carry around extra information for IPsec and other cases. * gre/ipip compatibility Hope I did not break any of these... Could someone check? * mbuf flags KAME code introduces 5 mbuf flags, which should be decreased. M_ANYCAST6 is local to IPv6 code so it should be M_PROTO0 or something like that. Others (IPsec items) are used across IPv4 and IPv6 so they cannot be in M_PROTO0 kind of thing. When we switch to full m->m_pkthdr.aux support, we don't need IPsec related flags in m->m_flags. * use of xx_control() from kernel xx_control() are designed to be called from userland process, not from within the kernel. Calling xx_control() from interrupt context would cause various problems, like M_WAIT/NOWAIT issue, spl issue and others. we need to clean it up. The right thing to happen is to split those necessary functions into (1) called-from-userland function, (2) called-from- interrupt function, and (3) common backend which shares as much code as possible. in6_prefix.c is the offending portion. * more LP64 friendliness checking * scoped address printing KAME implements extended format for link-local address printing, like "fe80::1@lo0". After long debate, IETF ipngwg will pick "lo0%fe80::1" as standard one (picked "%" for avoiding conflict with "user@host" notation). We'll need to update the support before the release. * PRC_IF{UP,CHANGE} We have some hook in sys/net/if.c for IPv6, for detecting (1) when interface bringed up, and (2) when interface MTU changes. These hooks should be removed by introducing PRC_IF{UP,CHANGE}. USERLAND ======== * pim6dd/pim6sd licensing pim6dd/pim6sd license issue should be clarified, just like we need clarification for mroute6d. * IPv6-support in resolvers and libraries Dual stack resolver code is from KAME. The change may not be compatible with future bind8 code, so we may have to merge future bind8 carefully. (or we should volunteer for bind8 improvements) At this moment IPv6 support in lib/libc/net/* is implemented in very conservative way so that it will not break existing codebase. * -DINET6, -DIPSEC Where should we define -DINET6? Should it be global option like EXPORTABLE_SYSTEM=1 (in /etc/mk.conf), or local option defined somewhere? (some people may need a binary tree with no IPv6 support at all, for smaller footprint) At this moment -DINET6 is placed in each of leaf directory Makefiles, and there's no global option for enabling/disabling userland IPv6/IPsec support. Since we ship single binary tree we want to ship them enabled by default. * more IPv6 support X11, NFS, RPC, whatever.