summaryrefslogtreecommitdiffstats
path: root/sys/netinet6/ip6_output.c
Commit message (Collapse)AuthorAgeFilesLines
...
* Get rid of the RANDOM_IP_ID option and make it a sysctl. NetBSDdwmalone2004-08-141-5/+0
| | | | | | | | | | | | | | | | | | | | | have already done this, so I have styled the patch on their work: 1) introduce a ip_newid() static inline function that checks the sysctl and then decides if it should return a sequential or random IP ID. 2) named the sysctl net.inet.ip.random_id 3) IPv6 flow IDs and fragment IDs are now always random. Flow IDs and frag IDs are significantly less common in the IPv6 world (ie. rarely generated per-packet), so there should be smaller performance concerns. The sysctl defaults to 0 (sequential IP IDs). Reviewed by: andre, silby, mlaier, ume Based on: NetBSD MFC after: 2 months
* Fix a bug which I discovered recently while doing IPv6 testing atwpaul2004-05-141-0/+12
| | | | | | | | | | | | | | | | | | | | | | | | Wind River. In the IPv4 output path, one of the tests in ip_output() checks how many slots are actually available in the interface output queue before attempting to send a packet. If, for example, we need to transmit a packet of 32K bytes over an interface with an MTU of 1500, we know it's going to take about 21 fragments to do it. If there's less than 21 slots left in the output queue, there's no point in transmitting anything at all: IP does not do retransmission, so sending only some of the fragments would just be a waste of bandwidth. (In an extreme case, if you're sending a heavy stream of fragmented packets, you might find yourself sending nothing by the first fragment of all your packets.) So if ip_output() notices there's not enough room in the output queue to send the frame, it just dumps the packet and returns ENOBUFS to the app. It turns out ip6_output() lacks this code. Consequently, this caused the netperf UDPIPV6_STREAM test to produce very poor results with large write sizes. This commit adds code to check the remaining space in the output queue and junk fragmented packets if they're too big to be sent, just like with IPv4. (I can't imagine anyone's running an NFS server using UDP over IPv6, but if they are, this will likely make them a lot happier. :)
* Remove advertising clause from University of California Regent'simp2004-04-071-4/+0
| | | | | | | license, per letter dated July 22, 1999 and email from Peter Wemm, Alan Cox and Robert Watson. Approved by: core, peter, alc, rwatson
* Validate IPv6 socket options more carefully to avoid a panic.ume2004-03-261-1/+37
| | | | | PR: kern/61513 Reviewed by: cperciva, nectar
* IPSEC and FAST_IPSEC have the same internal API now;ume2004-02-171-6/+2
| | | | | | so merge these (IPSEC has an extra ipsecstat) Submitted by: "Bjoern A. Zeeb" <bzeeb+freebsd@zabbadoz.net>
* - obey ip6po_minmtu.ume2004-02-081-3/+30
| | | | | | - notify a proper path MTU to applications. Obtained from: KAME
* pass pcb rather than so. it is expected that per socket policyume2004-02-031-7/+2
| | | | works again.
* Catch a few places where NULL (pointer) was used where 0 (integer) wasume2003-12-231-2/+2
| | | | expected (fix build).
* Catch a few places where NULL (pointer) was used where 0 (integer) waspeter2003-12-231-3/+3
| | | | expected.
* fixed a bug that IPv6 routing header does not work properly if specified ↵suz2003-12-221-1/+1
| | | | | | from userland application reviewed by: ume
* fixed an IPv6 path MTU discovery failure owing to a lack of initializationsuz2003-12-171-1/+1
| | | | | | Reviewed by: ume Approved by: re (scottl) MFC after: 1 day
* pktopt may be null.ume2003-11-241-0/+3
| | | | Approved by: re (rwatson)
* Introduce tcp_hostcache and remove the tcp specific metrics fromandre2003-11-201-7/+20
| | | | | | | | | | | | | | | | | | | | | | | the routing table. Move all usage and references in the tcp stack from the routing table metrics to the tcp hostcache. It caches measured parameters of past tcp sessions to provide better initial start values for following connections from or to the same source or destination. Depending on the network parameters to/from the remote host this can lead to significant speedups for new tcp connections after the first one because they inherit and shortcut the learning curve. tcp_hostcache is designed for multiple concurrent access in SMP environments with high contention and is hash indexed by remote ip address. It removes significant locking requirements from the tcp stack with regard to the routing table. Reviewed by: sam (mentor), bms Reviewed by: -net, -current, core@kame.net (IPv6 parts) Approved by: re (scottl)
* correct to look right interface.ume2003-11-171-1/+1
|
* replace explicit changes to rt_refcnt by RT_ADDREF and RT_REMREFsam2003-11-081-1/+1
| | | | | | | macros that expand to include assertions when the system is built with INVARIANTS Supported by: FreeBSD Foundation
* correct behavior when ipv6mr_interface is 0. Matthias Drochnerume2003-11-061-4/+4
| | | | | Notified by: itojun Obtained from: NetBSD
* - cleanup SP refcnt issue.ume2003-11-041-7/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - share policy-on-socket for listening socket. - don't copy policy-on-socket at all. secpolicy no longer contain spidx, which saves a lot of memory. - deep-copy pcb policy if it is an ipsec policy. assign ID field to all SPD entries. make it possible for racoon to grab SPD entry on pcb. - fixed the order of searching SA table for packets. - fixed to get a security association header. a mode is always needed to compare them. - fixed that the incorrect time was set to sadb_comb_{hard|soft}_usetime. - disallow port spec for tunnel mode policy (as we don't reassemble). - an user can define a policy-id. - clear enc/auth key before freeing. - fixed that the kernel crashed when key_spdacquire() was called because key_spdacquire() had been implemented imcopletely. - preparation for 64bit sequence number. - maintain ordered list of SA, based on SA id. - cleanup secasvar management; refcnt is key.c responsibility; alloc/free is keydb.c responsibility. - cleanup, avoid double-loop. - use hash for spi-based lookup. - mark persistent SP "persistent". XXX in theory refcnt should do the right thing, however, we have "spdflush" which would touch all SPs. another solution would be to de-register persistent SPs from sptree. - u_short -> u_int16_t - reduce kernel stack usage by auto variable secasindex. - clarify function name confusion. ipsec_*_policy -> ipsec_*_pcbpolicy. - avoid variable name confusion. (struct inpcbpolicy *)pcb_sp, spp (struct secpolicy **), sp (struct secpolicy *) - count number of ipsec encapsulations on ipsec4_output, so that we can tell ip_output() how to handle the packet further. - When the value of the ul_proto is ICMP or ICMPV6, the port field in "src" of the spidx specifies ICMP type, and the port field in "dst" of the spidx specifies ICMP code. - avoid from applying IPsec transport mode to the packets when the kernel forwards the packets. Tested by: nork Obtained from: KAME
* do not insert a dest option header (even specified by a user) thatume2003-10-311-1/+13
| | | | | | | should be placed before a routing header, unless a routing header really exists. Obtained from: KAME
* re-add wrongly disappered IPV6_CHECKSUM stuff by introducingume2003-10-261-0/+76
| | | | | | ip6_raw_ctloutput(). Obtained from: KAME
* remove the ip6r0_addr and ip6r0_slmap members from ip6_rthdr0{}ume2003-10-241-4/+6
| | | | | | according to rfc2292bis. Obtained from: KAME
* Switch Advanced Sockets API for IPv6 from RFC2292 to RFC3542ume2003-10-241-248/+987
| | | | | | | | | | (aka RFC2292bis). Though I believe this commit doesn't break backward compatibility againt existing binaries, it breaks backward compatibility of API. Now, the applications which use Advanced Sockets API such as telnet, ping6, mld6query and traceroute6 use RFC3542 API. Obtained from: KAME
* - change scope to zone.ume2003-10-211-5/+5
| | | | | | | | - change node-local to interface-local. - better error handling of address-to-scope mapping. - use in6_clearscope(). Obtained from: KAME
* correct linkmtu handling.ume2003-10-201-45/+68
| | | | Obtained from: KAME
* - add dom_if{attach,detach} framework.ume2003-10-171-2/+2
| | | | | | - transition to use ifp->if_afdata. Obtained from: KAME
* nuke SCOPEDROUTING. Though it was there for a long time,ume2003-10-101-9/+0
| | | | it was never enabled.
* - fix typo in comments.ume2003-10-081-63/+60
| | | | | | | | | | - style. - NULL is not 0. - some variables were renamed. - nuke unused logic. (there is no functional change.) Obtained from: KAME
* must lock route when the caller provided a route but notsam2003-10-071-2/+4
| | | | | | | an interface; otherwise the subsequent unlock blows up Suffered by: Marcel Moolenaar <marcel@xcllnt.net> Supported by: FreeBSD Foundation
* return(code) -> return (code)ume2003-10-061-52/+52
| | | | (reduce diffs against KAME)
* Locking for updates to routing table entries. Each rtentry gets a mutexsam2003-10-041-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | that covers updates to the contents. Note this is separate from holding a reference and/or locking the routing table itself. Other/related changes: o rtredirect loses the final parameter by which an rtentry reference may be returned; this was never used and added unwarranted complexity for locking. o minor style cleanups to routing code (e.g. ansi-fy function decls) o remove the logic to bump the refcnt on the parent of cloned routes, we assume the parent will remain as long as the clone; doing this avoids a circularity in locking during delete o convert some timeouts to MPSAFE callouts Notes: 1. rt_mtx in struct rtentry is guarded by #ifdef _KERNEL as user-level applications cannot/do-no know about mutex's. Doing this requires that the mutex be the last element in the structure. A better solution is to introduce an externalized version of struct rtentry but this is a major task because of the intertwining of rtentry and other data structures that are visible to user applications. 2. There are known LOR's that are expected to go away with forthcoming work to eliminate many held references. If not these will be resolved prior to release. 3. ATM changes are untested. Sponsored by: FreeBSD Foundation Obtained from: BSD/OS (partly)
* Obey RANDOM_IP_ID.ume2003-10-011-0/+5
| | | | Requested by: sam
* randomize IPv6 fragment ID.ume2003-10-011-1/+1
| | | | Obtained from: KAME
* Correct pfil_run_hooks return handling: if the return value is non-zerosam2003-09-301-5/+2
| | | | | | | | | then the mbuf has been consumed by a hook; otherwise beware of a null mbuf return (gack). In particular the bridge was doing the wrong thing. While in the ipv6 code make it's handling of pfil_run_hooks identical to netbsd. Pointed out by: Pyun YongHyeon <yongari@kt-is.co.kr>
* o update PFIL_HOOKS support to current API used by netbsdsam2003-09-231-19/+7
| | | | | | | | | | | o revamp IPv4+IPv6+bridge usage to match API changes o remove pfil_head instances from protosw entries (no longer used) o add locking o bump FreeBSD version for 3rd party modules Heavy lifting by: "Max Laier" <max@love2party.net> Supported by: FreeBSD Foundation Obtained from: NetBSD (bits of pfil.h and pfil.c)
* Remove unused variables in the IPSEC case.jlemon2003-02-201-1/+0
| | | | Submitted by: Lars Eggert <larse@ISI.EDU>
* Add a TCP TIMEWAIT state which uses less space than a fullblown TCPjlemon2003-02-191-2/+2
| | | | | | | | control block. Allow the socket and tcpcb structures to be freed earlier than inpcb. Update code to understand an inp w/o a socket. Reviewed by: hsu, silby, jayanth Sponsored by: DARPA, NAI Labs
* Back out M_* changes, per decision of the TRB.imp2003-02-191-20/+20
| | | | Approved by: trb
* Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0.alfred2003-01-211-20/+20
| | | | Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.
* purge extraneous clears of M_PKTHDR since M_MOVE_PKTHDR does this alreadysam2003-01-061-1/+0
|
* Correct mbuf packet header propagation. Previously, packet headerssam2002-12-301-1/+1
| | | | | | | | | | | | | | | | | | | | | | were sometimes propagated using M_COPY_PKTHDR which actually did something between a "move" and a "copy" operation. This is replaced by M_MOVE_PKTHDR (which copies the pkthdr contents and "removes" it from the source mbuf) and m_dup_pkthdr which copies the packet header contents including any m_tag chain. This corrects numerous problems whereby mbuf tags could be lost during packet manipulations. These changes also introduce arguments to m_tag_copy and m_tag_copy_chain to specify if the tag copy work should potentially block. This introduces an incompatibility with openbsd which we may want to revisit. Note that move/dup of packet headers does not handle target mbufs that have a cluster bound to them. We may want to support this; for now we watch for it with an assert. Finally, M_COPYFLAGS was updated to include M_FIRSTFRAG|M_LASTFRAG. Supported by: Vernier Networks Reviewed by: Robert Watson <rwatson@FreeBSD.org>
* plugged memory leakage in some erroneous casesume2002-10-311-5/+6
| | | | | Obtained from: KAME MFC after: 1 week
* Tie new "Fast IPsec" code into the build. This involves the usualsam2002-10-161-4/+63
| | | | | | | | | | | | configuration stuff as well as conditional code in the IPv4 and IPv6 areas. Everything is conditional on FAST_IPSEC which is mutually exclusive with IPSEC (KAME IPsec implmentation). As noted previously, don't use FAST_IPSEC with INET6 at the moment. Reviewed by: KAME, rwatson Approved by: silence Supported by: Vernier Networks
* Replace aux mbufs with packet tags:sam2002-10-161-5/+3
| | | | | | | | | | | | | | | | | | | o instead of a list of mbufs use a list of m_tag structures a la openbsd o for netgraph et. al. extend the stock openbsd m_tag to include a 32-bit ABI/module number cookie o for openbsd compatibility define a well-known cookie MTAG_ABI_COMPAT and use this in defining openbsd-compatible m_tag_find and m_tag_get routines o rewrite KAME use of aux mbufs in terms of packet tags o eliminate the most heavily used aux mbufs by adding an additional struct inpcb parameter to ip_output and ip6_output to allow the IPsec code to locate the security policy to apply to outbound packets o bump __FreeBSD_version so code can be conditionalized o fixup ipfilter's call to ip_output based on __FreeBSD_version Reviewed by: julian, luigi (silent), -arch, -net, darren Approved by: julian, silence from everyone else Obtained from: openbsd (mostly) MFC after: 1 month
* Replace (ab)uses of "NULL" where "0" is really meant.archie2002-08-221-5/+5
|
* make sure to set/unset INP_IPV4 according to a valueume2002-07-241-0/+4
| | | | | | of IN6P_IPV6_V6ONLY Reviewed by: Keiichi SHIMA <keiichi@iij.ad.jp>
* do not refer to IN6P_BINDV6ONLY anymore.ume2002-07-221-7/+1
| | | | | Obtained from: KAME MFC after: 1 week
* just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD.suz2002-04-191-11/+12
| | | | | | | (based on freebsd4-snap-20020128) Reviewed by: ume MFC after: 1 week
* Change the suser() API to take advantage of td_ucred as well as do ajhb2002-04-011-4/+4
| | | | | | | | | | | | general cleanup of the API. The entire API now consists of two functions similar to the pre-KSE API. The suser() function takes a thread pointer as its only argument. The td_ucred member of this thread must be valid so the only valid thread pointers are curthread and a few kernel threads such as thread0. The suser_cred() function takes a pointer to a struct ucred as its first argument and an integer flag as its second argument. The flag is currently only used for the PRISON_ROOT flag. Discussed on: smp@
* Fix cached route problem.ume2002-03-291-0/+1
| | | | | | Submitted by: Keiichi SHIMA <keiichi@iij.ad.jp> (KAME) Reviewed by: JINMEI Tatuya <jinmei@isl.rdc.toshiba.co.jp> (KAME) MFC after: 1 week
* Remove duplicate extern declarations to silence warnings.alfred2002-03-191-3/+0
|
* - Replace M_WAIT with M_TRYWAIT since the M_WAIT flag is deprecated.arr2001-12-091-1/+1
| | | | Spotted by: bde
OpenPOWER on IntegriCloud