summaryrefslogtreecommitdiffstats
path: root/sys/netinet6/in6.h
Commit message (Collapse)AuthorAgeFilesLines
* MFC r272404:tuexen2014-10-061-0/+2
| | | | | | | | | Fix the checksum computation for UDPLite/IPv6. This requires the usage of a function computing the checksum only over a part of the function. Therefore introduce in6_cksum_partial() and implement in6_cksum() based on that. While there, ensure that the UDPLite packet contains at least enough bytes to contain the header.
* Merge r263091: fix mbuf flags clash that lead to failure of operationglebius2014-03-181-7/+12
| | | | | | | of IPSEC and packet filters. PR: kern/185876 PR: kern/186755
* - Use time_uptime instead of time_second in data structures forhrs2013-08-051-2/+2
| | | | | | | | | PF_INET6 in kernel. This fixes various malfunction when the wall time clock is changed. Bump __FreeBSD_version to 1000041. - Use clock_gettime(CLOCK_MONOTONIC_FAST) in userland utilities. MFC after: 1 month
* Remove __P.delphij2012-10-221-47/+47
| | | | | | Submitted by: kevlo Reviewed by: md5(1) MFC after: 2 months
* MFp4 bz_ipv6_fast:bz2012-05-241-0/+2
| | | | | | | | | | | | | | Introduce a (for now copied stripped down) in6_cksum_pseudo() function. We should be able to use this from in6_cksum() but we should also ponder possible MD specific improvements. It takes an extra csum argument to allow for easy checks as will be done by the upper layer protocol input paths. Sponsored by: The FreeBSD Foundation Sponsored by: iXsystems Reviewed by: gnn (as part of the whole) MFC After: 3 days
* Remove casts from inet6 address testing macros, thus preservingglebius2012-01-261-16/+16
| | | | | | | qualifier from original argument. Obtained from: NetBSD, r. 1.67 Submitted by: maxim
* Make KBI changes required for future MFCing of inpcb rtentry / llentry caching.kmacy2011-09-201-0/+2
| | | | | Reviewed by: rwatson, bz Approved by: re (kib)
* Add $ipv6_cpe_wanif to enable functionality required for IPv6 CPEhrs2011-09-131-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | (r225485). When setting an interface name to it, the following configurations will be enabled: 1. "no_radr" is set to all IPv6 interfaces automatically. 2. "-no_radr accept_rtadv" will be set only for $ipv6_cpe_wanif. This is done just before evaluating $ifconfig_IF_ipv6 in the rc.d scripts (this means you can manually supersede this configuration if necessary). 3. The node will add RA-sending routers to the default router list even if net.inet6.ip6.forwarding=1. This mode is added to conform to RFC 6204 (a router which connects the end-user network to a service provider network). To enable packet forwarding, you still need to set ipv6_gateway_enable=YES. Note that accepting router entries into the default router list when packet forwarding capability and a routing daemon are enabled can result in messing up the routing table. To minimize such unexpected behaviors, "no_radr" is set on all interfaces but $ipv6_cpe_wanif. Approved by: re (bz)
* Add an in6_localip() helper function as in6_localaddr() is not doing whatbz2011-08-201-0/+1
| | | | | | | | | people think: returning true for an address in any connected subnet, not necessarily on the local machine. Sponsored by: Sandvine Incorporated MFC after: 2 weeks Approved by: re (kib)
* - Accept Router Advertisement messages even when net.inet6.ip6.forwarding=1.hrs2011-06-061-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - A new per-interface knob IFF_ND6_NO_RADR and sysctl IPV6CTL_NO_RADR. This controls if accepting a route in an RA message as the default route. The default value for each interface can be set by net.inet6.ip6.no_radr. The system wide default value is 0. - A new sysctl: net.inet6.ip6.norbit_raif. This controls if setting R-bit in NA on RA accepting interfaces. The default is 0 (R-bit is set based on net.inet6.ip6.forwarding). Background: IPv6 host/router model suggests a router sends an RA and a host accepts it for router discovery. Because of that, KAME implementation does not allow accepting RAs when net.inet6.ip6.forwarding=1. Accepting RAs on a router can make the routing table confused since it can change the default router unintentionally. However, in practice there are cases where we cannot distinguish a host from a router clearly. For example, a customer edge router often works as a host against the ISP, and as a router against the LAN at the same time. Another example is a complex network configurations like an L2TP tunnel for IPv6 connection to Internet over an Ethernet link with another native IPv6 subnet. In this case, the physical interface for the native IPv6 subnet works as a host, and the pseudo-interface for L2TP works as the default IP forwarding route. Problem: Disabling processing RA messages when net.inet6.ip6.forwarding=1 and accepting them when net.inet6.ip6.forward=0 cause the following practical issues: - A router cannot perform SLAAC. It becomes a problem if a box has multiple interfaces and you want to use SLAAC on some of them, for example. A customer edge router for IPv6 Internet access service using an IPv6-over-IPv6 tunnel sometimes needs SLAAC on the physical interface for administration purpose; updating firmware and so on (link-local addresses can be used there, but GUAs by SLAAC are often used for scalability). - When a host has multiple IPv6 interfaces and it receives multiple RAs on them, controlling the default route is difficult. Router preferences defined in RFC 4191 works only when the routers on the links are under your control. Details of Implementation Changes: Router Advertisement messages will be accepted even when net.inet6.ip6.forwarding=1. More precisely, the conditions are as follow: (ACCEPT_RTADV && !NO_RADR && !ip6.forwarding) => Normal RA processing on that interface. (as IPv6 host) (ACCEPT_RTADV && (NO_RADR || ip6.forwarding)) => Accept RA but add the router to the defroute list with rtlifetime=0 unconditionally. This effectively prevents from setting the received router address as the box's default route. (!ACCEPT_RTADV) => No RA processing on that interface. ACCEPT_RTADV and NO_RADR are per-interface knob. In short, all interface are classified as "RA-accepting" or not. An RA-accepting interface always processes RA messages regardless of ip6.forwarding. The difference caused by NO_RADR or ip6.forwarding is whether the RA source address is considered as the default router or not. R-bit in NA on the RA accepting interfaces is set based on net.inet6.ip6.forwarding. While RFC 6204 W-1 rule (for CPE case) suggests a router should disable the R-bit completely even when the box has net.inet6.ip6.forwarding=1, I believe there is no technical reason with doing so. This behavior can be set by a new sysctl net.inet6.ip6.norbit_raif (the default is 0). Usage: # ifconfig fxp0 inet6 accept_rtadv => accept RA on fxp0 # ifconfig fxp0 inet6 accept_rtadv no_radr => accept RA on fxp0 but ignore default route information in it. # sysctl net.inet6.ip6.norbit_no_radr=1 => R-bit in NAs on RA accepting interfaces will always be set to 0.
* correct variable type name in commentticso2011-04-251-2/+2
|
* Fix typos - remove duplicate "the".brucec2011-02-211-1/+1
| | | | | | PR: bin/154928 Submitted by: Eitan Adler <lists at eitanadler.com> MFC after: 3 days
* - Rename IP_NONLOCALOK IP socket option to IP_BINDANY, to be more consistentpjd2009-06-011-0/+2
| | | | | | | | | | | | | with OpenBSD (and BSD/OS originally). We can't easly do it SOL_SOCKET option as there is no more space for more SOL_SOCKET options, but this option also fits better as an IP socket option, it seems. - Implement this functionality also for IPv6 and RAW IP sockets. - Always compile it in (don't use additional kernel options). - Remove sysctl to turn this functionality on and off. - Introduce new privilege - PRIV_NETINET_BINDANY, which allows to use this functionality (currently only unjail root can use it). Discussed with: julian, adrian, jhb, rwatson, kmacy
* Merge final round of MLD changes from p4:bms2009-05-271-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ip6_input.c, in6.h: * Add netinet6-specific mbuf flag M_RTALERT_MLD, shadowing M_PROTO6. * Always set this flag if HBH Router Alert option is present for MLD, even when not forwarding. icmp6.c: * In icmp6_input(), spell m->m_pkthdr.rcvif as ifp to be consistent. * Use scope ID for verifying input. Do not apply SSM filters here, no inpcb. * Check for M_RTALERT_MLD when validating MLD traffic, as we can't see IPv6 hop options outside of ip6_input(). in6_mcast.c: * Use KAME scope/zone ID in in6_multi. * Update net.inet6.ip6.mcast.filters implementation to use scope IDs for comparisons. * Fix scope ID treatment in multicast socket option processing. Scope IDs passed in from userland will be ignored as other less ambiguous APIs exist for specifying the link. * Tighten userland input checks in IPv6 SSM delta and full-state ops. * Source filter embedded scope IDs need to be revisited, for now just clear them and ignore them on input. * Adapt KAME behaviour of looking up the scope ID in the default zone for multicast leaves, when the interface is ambiguous. mld6.c: * Tighten origin checks on MLD traffic as per RFC3810 Section 6.2: * ip6_src MAY be the unspecified address for MLDv1 reports. * ip6_src MAY have link-local address scope for MLDv1 reports, MLDv1 queries, and MLDv2 queries. * Perform address field validation *before* accepting queries. * Use KAME scope/zone ID in query/report processing. * Break const correctness for mld_v1_input_report(), mld_v1_input_query() as we temporarily modify the input mbuf chain. * Clear the scope ID before handoff to userland MLD daemon. * Fix MLDv1 old querier present timer processing. With the protocol defaults, hosts should revert to MLDv2 after 260s. * Add net.inet6.mld.v1enable sysctl, default to on. ifmcstat.c: * Use sysctl by default; -K requests kvm(3) if so compiled. mld.4: * Connect man page to build. Tested using PCS.
* Add IN6ADDR_LINKLOCAL_ALLV2ROUTERS_INIT, in6addr_linklocal_allv2routersbms2009-04-291-12/+19
| | | | | | | | for use by MLDv2. Add IPv6 SSM socket layer membership vector size constants and tree bounds. Remove unreferenced struct ipv6_mreq_source; SSM for IPv6 goes straight to the RFC 3678 socket options.
* add an llentry to struct route{_in6} to allow it to be passed around withkmacy2009-04-151-0/+1
| | | | the rtentry
* Default to ignoring potentially evil IPv6 Neighbor Solicitationcperciva2008-10-021-1/+3
| | | | | | | | | messages. Approved by: so (cperciva) Approved by: re (kensmith) Security: FreeBSD-SA-08:10.nd6 Thanks to: jinmei, bz
* Clean up VCS Ids.obrien2007-12-101-3/+3
|
* Restore behavior changed with rev. 1.46 and makebz2007-07-191-1/+1
| | | | | | | | | | IPV6_IPSEC_POLICY always visible again. This unbreaks some third party user space applications. PR: 114491 Reported by: sumikawa Reviewed by: sumikawa Approved by: re (hrs)
* Space cleanupdelphij2007-07-051-5/+5
| | | | Approved by: re (rwatson)
* ANSIfy[1] plus some style cleanup nearby.delphij2007-07-051-1/+0
| | | | | | Discussed with: gnn, rwatson Submitted by: Karl Sj?dahl - dunceor <dunceor gmail com> [1] Approved by: re (rwatson)
* Link pf 4.1 to the build:mlaier2007-07-031-0/+5
| | | | | | | | - move ftp-proxy from libexec to usr.sbin - add tftp-proxy - new altq mtag link Approved by: re (kensmith)
* Commit the change from FAST_IPSEC to IPSEC. The FAST_IPSECgnn2007-07-031-2/+2
| | | | | | | | option is now deprecated, as well as the KAME IPsec code. What was FAST_IPSEC is now IPSEC. Approved by: re Sponsored by: Secure Computing
* Commit IPv6 support for FAST_IPSEC to the tree.gnn2007-07-011-2/+3
| | | | | | | | | This commit includes only the kernel files, the rest of the files will follow in a second commit. Reviewed by: bz Approved by: re Supported by: Secure Computing
* Import rewrite of IPv4 socket multicast layer to support source-specificbms2007-06-121-0/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | and protocol-independent host mode multicast. The code is written to accomodate IPv6, IGMPv3 and MLDv2 with only a little additional work. This change only pertains to FreeBSD's use as a multicast end-station and does not concern multicast routing; for an IGMPv3/MLDv2 router implementation, consider the XORP project. The work is based on Wilbert de Graaf's IGMPv3 code drop for FreeBSD 4.6, which is available at: http://www.kloosterhof.com/wilbert/igmpv3.html Summary * IPv4 multicast socket processing is now moved out of ip_output.c into a new module, in_mcast.c. * The in_mcast.c module implements the IPv4 legacy any-source API in terms of the protocol-independent source-specific API. * Source filters are lazy allocated as the common case does not use them. They are part of per inpcb state and are covered by the inpcb lock. * struct ip_mreqn is now supported to allow applications to specify multicast joins by interface index in the legacy IPv4 any-source API. * In UDP, an incoming multicast datagram only requires that the source port matches the 4-tuple if the socket was already bound by source port. An unbound socket SHOULD be able to receive multicasts sent from an ephemeral source port. * The UDP socket multicast filter mode defaults to exclusive, that is, sources present in the per-socket list will be blocked from delivery. * The RFC 3678 userland functions have been added to libc: setsourcefilter, getsourcefilter, setipv4sourcefilter, getipv4sourcefilter. * Definitions for IGMPv3 are merged but not yet used. * struct sockaddr_storage is now referenced from <netinet/in.h>. It is therefore defined there if not already declared in the same way as for the C99 types. * The RFC 1724 hack (specify 0.0.0.0/8 addresses to IP_MULTICAST_IF which are then interpreted as interface indexes) is now deprecated. * A patch for the Rhyolite.com routed in the FreeBSD base system is available in the -net archives. This only affects individuals running RIPv1 or RIPv2 via point-to-point and/or unnumbered interfaces. * Make IPv6 detach path similar to IPv4's in code flow; functionally same. * Bump __FreeBSD_version to 700048; see UPDATING. This work was financially supported by another FreeBSD committer. Obtained from: p4://bms_netdev Submitted by: Wilbert de Graaf (original work) Reviewed by: rwatson (locking), silence from fenner, net@ (but with encouragement)
* This comment on various IPPORT_ defines was copied from in.h anddwmalone2006-03-281-25/+3
| | | | | | | | probably never fully applied to IPv6. Over time it has become more stale, so replace it with something more up to date. Reviewed by: ume MFC after: 1 month
* updates net.inet6.ip6.kame_version as the proof of the latest KAME mergesuz2006-03-191-1/+1
| | | | | Reviewed by: KAME MFC after: 2 days
* sync with KAME regarding NDPsuz2005-10-211-4/+6
| | | | | | | | | | | | - introduced fine-grain-timer to manage ND-caches and IPv6 Multicast-Listeners - supports Router-Preference <draft-ietf-ipv6-router-selection-07.txt> - better prefix lifetime management - more spec-comformant DAD advertisement - updated RFC/internet-draft revisions Obtained from: KAME Reviewed by: ume, gnn MFC after: 2 month
* sync with KAME (removed a unnecesary non-standard macro)suz2005-10-191-8/+0
| | | | | Obtained from: KAME Reviewd by: ume, gnn
* added a knob to enable path MTU discovery for multicast packets.ume2005-08-131-1/+5
| | | | | | | (by default, it is disabled) Submitted by: suz Obtained from: KAME
* supports stealth forwarding in IPv6, as well as in IPv4suz2005-08-101-1/+3
| | | | | PR: kern/54625 MFC after: 1 week
* scope cleanup. with this changeume2005-07-251-0/+1
| | | | | | | | | | | | | | | | | | | - most of the kernel code will not care about the actual encoding of scope zone IDs and won't touch "s6_addr16[1]" directly. - similarly, most of the kernel code will not care about link-local scoped addresses as a special case. - scope boundary check will be stricter. For example, the current *BSD code allows a packet with src=::1 and dst=(some global IPv6 address) to be sent outside of the node, if the application do: s = socket(AF_INET6); bind(s, "::1"); sendto(s, some_global_IPv6_addr); This is clearly wrong, since ::1 is only meaningful within a single node, but the current implementation of the *BSD kernel cannot reject this attempt. Submitted by: JINMEI Tatuya <jinmei__at__isl.rdc.toshiba.co.jp> Obtained from: KAME
* update comments:ume2005-07-201-3/+3
| | | | | | | | - RFC2292bis -> RFC3542 - typo fixes Submitted by: Keiichi SHIMA <keiichi__at__iijlab.net> Obtained from: KAME
* /* -> /*- for license, minor formatting changes, separate for KAMEimp2005-01-071-2/+2
|
* Remove advertising clause from University of California Regent'simp2004-04-071-4/+0
| | | | | | | license, per letter dated July 22, 1999 and email from Peter Wemm, Alan Cox and Robert Watson. Approved by: core, peter, alc, rwatson
* byebye in6_ifawithscope(). it was a function for old sourceume2003-11-051-1/+0
| | | | | | address selection. Obtained from: KAME
* source address selection part of RFC3484.ume2003-11-041-1/+1
| | | | | | | | TODO: since there is scope issue to be solved, multicast and link-local address are treated as special for workaround for now. Obtained from: KAME
* add management part of address selection policy described inume2003-10-301-0/+3
| | | | | | RFC3484. Obtained from: KAME
* use uint32_t instead of u_int32_t for newly introducedume2003-10-261-1/+1
| | | | struct definition.
* revert following unwanted changes:ume2003-10-251-7/+7
| | | | | | | - __packed to __attribute__((__packed__) - uintN_t back to u_intN_t Reported by: bde
* correct namespace pollution.ume2003-10-251-0/+5
| | | | Submitted by: bde
* Switch Advanced Sockets API for IPv6 from RFC2292 to RFC3542ume2003-10-241-33/+90
| | | | | | | | | | (aka RFC2292bis). Though I believe this commit doesn't break backward compatibility againt existing binaries, it breaks backward compatibility of API. Now, the applications which use Advanced Sockets API such as telnet, ping6, mld6query and traceroute6 use RFC3542 API. Obtained from: KAME
* - implement lock around IPv6 reassembly, to avoid panic due toume2003-10-221-1/+3
| | | | | | | frag6_drain (mutex version will come later). - limit number of fragments (not fragment queues) in kernel. Obtained from: KAME
* - change scope to zone.ume2003-10-211-3/+8
| | | | | | | | - change node-local to interface-local. - better error handling of address-to-scope mapping. - use in6_clearscope(). Obtained from: KAME
* nuke unused CTL_IPV6PROTO_NAMES macro.ume2003-10-071-47/+0
|
* Add definitions for IN6ADDR_LINKLOCAL_ALLMDNS_INIT and INADDR_ALLMDNS_GROUP.mdodd2003-04-291-0/+3
|
* o Merge <machine/ansi.h> and <machine/types.h> into a new headermike2002-08-211-3/+3
| | | | | | | | | | | | | | | | | | | | | called <machine/_types.h>. o <machine/ansi.h> will continue to live so it can define MD clock macros, which are only MD because of gratuitous differences between architectures. o Change all headers to make use of this. This mainly involves changing: #ifdef _BSD_FOO_T_ typedef _BSD_FOO_T_ foo_t; #undef _BSD_FOO_T_ #endif to: #ifndef _FOO_T_DECLARED typedef __foo_t foo_t; #define _FOO_T_DECLARED #endif Concept by: bde Reviewed by: jake, obrien
* correct comment for setsockopt arg size.ume2002-07-251-3/+3
| | | | | | Reported by: Martin Laabs <martin@martin.erfurt.thur.de> Obtained from: KAME MFC after: 1 week
* sin6_len is not an address family. I believe this doesn'tume2002-07-221-1/+1
| | | | break compatibility with POSIX.1-2001.
* o Conditionalize sections for POSIX.1-2001 compatibility.mike2002-05-231-31/+49
| | | | | | | | | | o Use POSIX spelling for types, where possible. o Define size_t in the __BSD_VISIBLE case (this isn't really needed for standards conformance, but follows the tradition of not requiring <sys/types.h> as a prerequisite). o Use _BYTE_ORDER and friends instead of BYTE_ORDER and friends, since there may not be enough pollution in order for the latter to work. o Add an XXX note about the missing IPPROTO_IPV6 macro.
OpenPOWER on IntegriCloud