| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
API changes:
- additional IPv6 ioctls
- IPsec PF_KEY API was changed, it is mandatory to upgrade setkey(8).
(also syntax change)
|
|
|
|
| |
Pointed out by: bde
|
|
|
|
|
|
|
|
| |
Sanitize SYSCTL_HANDLER_ARGS so that simplistic tools can grog our
sources:
-sysctl_vm_zone SYSCTL_HANDLER_ARGS
+sysctl_vm_zone (SYSCTL_HANDLER_ARGS)
|
|
|
|
|
|
|
| |
It seems that people find them too noisy.
(ND6_DEBUG will enable them)
Obtained from: KAME Project
|
| |
|
|
|
|
|
|
| |
It was not discussed and should probably not happen.
Requested by: msmith and others
|
| |
|
|
|
|
|
|
|
|
| |
the type argument to *_HEAD and *_ENTRY is a struct.
Suggested by: phk
Reviewed by: phk
Approved by: mdodd
|
| |
|
|
|
|
| |
Submitted by: n_hibma
|
| |
|
|
|
|
| |
Remove ~60 unneeded #include <sys/malloc.h>
|
|
|
|
|
|
|
| |
unless the old status is probably reachable (i.e. the link-layer address
has already been resolved).
Obtained from: KAME Project
|
|
|
|
| |
Submitted by: ume
|
|
|
|
|
|
|
|
|
|
|
| |
Remove a bogus (redundant, just weird, etc.) key_freeso(so).
There are no consumers of it now, nor does it seem there
ever will be.
in6?_pcb.c:
Add an if (inp->in6?p_sp != NULL) before the call to
ipsec[46]_delete_pcbpolicy(inp). In low-memory conditions
this can cause a crash because in6?_sp can be NULL...
|
|
|
|
| |
because this is now 5.0-current.
|
|
|
|
|
|
|
| |
system with other platform and/or other version of FreeBSD, which is also
integrated KAME code based on another date.
Approved by: jkh
|
|
|
|
|
|
|
|
|
|
| |
print an error message which say, "include netinet/ip6.h".
This is postponed to apply to avoid tcpdump compile error.
Now apply this because tcpdump has been already fixed.
Approved by: jkh
Obtained from: KAME project
|
|
|
|
|
|
|
|
|
|
| |
icmp6 error statistics based on sending interface.
This also prevent kernel panic when rcvif is not initialized after M_PKTHDR().
(The initialization issue also need to be fixed in the future.)
Approved by: jkh
Submitted by: k-sugyou@kame.net
|
|
|
|
|
|
|
|
|
|
| |
Without this, kernel will panic at getsockopt() of IPSEC_POLICY.
Also make compilable libipsec/test-policy.c which tries getsockopt() of
IPSEC_POLICY.
Approved by: jkh
Submitted by: sakane@kame.net
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
according to draft-ietf-ipngwg-icmp-name-lookups-04 to 05 change.
This is necessary before 4.0, because,
-This change is non backword compatible
-Other KAME derived platforms applied 05
-Author of the draft said he never do backword imcompatible changes
again.
Approved by: jkh
Obtained from: KAME project
|
|
|
|
|
|
|
| |
Approved by: jkh
Submitted by: Partly from tech@openbsd
Reviewed by: itojun
|
|
|
|
|
|
| |
Approved by: jkh
Submitted by: fenner
|
|
|
|
|
|
|
| |
#ifdefs. Clean out unused netisr's and leftover netisr linker set gunk.
Tested on x86 and alpha, including world.
Approved by: jkh
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some of IPsec authentication related functions should have
'const' for its 2nd argument, but not now.
But if someone try to use them, and passed const data for
those functions, then much bogus compile warnings will be
generated.
So those funcs prototype should be modified.
Requested by: archie
Approved by: jkh
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
KAME put INET6 related stuff into sys/netinet6 dir, but IPv6
standard API(RFC2553) require following files to be under sys/netinet.
netinet/ip6.h
netinet/icmp6.h
Now those header files just include each following files.
netinet6/ip6.h
netinet6/icmp6.h
Also KAME has netinet6/in6.h for easy INET6 common defs
sharing between different BSDs, but RFC2553 requires only
netinet/in.h should be included from userland.
So netinet/in.h also includes netinet6/in6.h inside.
To keep apps portability, apps should not directly include
above files from netinet6 dir.
Ideally, all contents of,
netinet6/ip6.h
netinet6/icmp6.h
netinet6/in6.h
should be moved into
netinet/ip6.h
netinet/icmp6.h
netinet/in.h
but to avoid big changes in this stage, add some hack, that
-Put some special macro define into those files under neitnet
-Let files under netinet6 cause error if it is included
from some apps, and, if the specifal macro define is not
defined.
(which should have been defined if files under netinet is
included)
-And let them print an error message which tells the
correct name of the include file to be included.
Also fix apps which includes invalid header files.
Approved by: jkh
Obtained from: KAME project
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(1)When all related IPv6 addresses are removed,
then remove the associated IPv6 prefix.
(2)When multiple IPv6 link local addrs exist for a same
interface , then let its IPv6 prefix have multiple
interface id, and create multiple IPv6 global addrs with same
interface id.
(3)When a new IPv6 link local addr is assigned for an
interface, then let its IPv6 prefix also have the
interface id of the new IPv6 link local addr, and
create new IPv6 global addrs with same interface id.
Approved by: jkh
|
|
|
|
|
|
|
|
|
|
| |
KAME source addr selection rule had a problem to treat IPv6 site
local addr.
The rule is completely rewritten recently and the above problem
is also fixed, but rewriting same code part in freebsd4.0 is too
dangerous in this stage, so just add workaround to avoid
the problem. Just add code for IPv6 site local addresses into IPv6
source addr selection algorythm part.
|
|
|
|
|
|
|
|
|
|
| |
Yes it is almost code freeze, but as the result of many thought, now I
think this should be added before 4.0...
make world check, kernel build check is done.
Reviewed by: green
Obtained from: KAME project
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
#Please forget the strange log message of the previous commit .
IPv6 multicast routing.
kernel IPv6 multicast routing support.
pim6 dense mode daemon
pim6 sparse mode daemon
netstat support of IPv6 multicast routing statistics
Merging to the current and testing with other existing multicast routers
is done by Tatsuya Jinmei <jinmei@kame.net>, who writes and maintainances
the base code in KAME distribution.
Make world check and kernel build check was also successful.
Obtained from: KAME project
|
|
|
|
|
|
| |
(IPv6 multicast routing)
I think I mistakenly touched TAB and the last arg sys/netinet6 to
the cvs commit changed to sys/netinet6/in6_proto.c.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
kernel IPv6 multicast routing support.
pim6 dense mode daemon
pim6 sparse mode daemon
netstat support of IPv6 multicast routing statistics
Merging to the current and testing with other existing multicast routers
is done by Tatsuya Jinmei <jinmei@kame.net>, who writes and maintainances
the base code in KAME distribution.
Make world check and kernel build check was also successful.
|
|
|
|
|
|
|
| |
(prefix related ioctl should only be called on router,
because host use dynamic address and prefix configuration mechanism,
and those prefix are managed separately with ones whih are assined
manually.)
|
|
|
|
|
|
|
|
|
|
|
| |
include this in all kernels. Declare some const *intrq_present
variables that can be checked by a module prior to using *intrq
to queue data.
Make the if_tun module capable of processing atm, ip, ip6, ipx,
natm and netatalk packets when TUNSIFHEAD is ioctl()d on.
Review not required by: freebsd-hackers
|
|
|
|
|
|
|
| |
at udp6_ctlinput().
There should be kernel panic at PCCARD suspend etc, before this bug fix.
Submitted by: Hajimu UMEMOTO <ume@mahoroba.org>
|
|
|
|
|
|
| |
This is probably due to twice rtfree() in in6_pcbdetach(),
one for inp->in6p_route.ro_rt, and another one for inp->inp_route.ro_rt.
But these 2 are actually shared in inpcb, so 2nd rtfree() is not necessary.
|
|
|
|
|
|
|
| |
-opt_ipsec.h was missing on some tcp files (sorry for basic mistake)
-made buildable as above fix
-also added some missing IPv4 mapped IPv6 addr consideration into
ipsec4_getpolicybysock
|
|
|
|
| |
Submitted by: bde
|
|
|
|
| |
Submitted by: bde
|
|
|
|
|
|
|
| |
Sorry for build failure. There was a mistake when I moved the patch
from my build check machine to commit machine.
Specified by: peter
|
|
|
|
|
|
|
|
|
|
|
|
| |
is very likely to become consensus as recent ietf/ipng mailing list
discussion. Also recent KAME repository and other KAME patched BSDs
also applied it.
s/__ss_family/ss_family/
s/__ss_len/ss_len/
Makeworld is confirmed, and no application should be affected by this change
yet.
|
|
|
|
| |
with IPv6 loopback addr for its dest or src addr as ours.
|
| |
|
| |
|
|
|
|
|
|
|
| |
also a small patch to sys/nfs/nfs_socket.c, as max_hdr size change.
Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project
|
|
|
|
|
|
| |
confirmed by: sanpei, joe
PR: kern/15742
|
|
|
|
|
|
| |
is an application space macro and the applications are supposed to be free
to use it as they please (but cannot). This is consistant with the other
BSD's who made this change quite some time ago. More commits to come.
|
|
|
|
|
|
|
| |
Several udp and raw apps IPv6 support.
Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project
|
|
|
|
|
|
|
|
| |
pr_input() routines prototype is also changed to support IPSEC and IPV6
chained protocol headers.
Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project
|