summaryrefslogtreecommitdiffstats
path: root/sys/netinet6
Commit message (Collapse)AuthorAgeFilesLines
* fix the change of interface in nd6_storelladdr for multicastluigi2004-04-261-5/+5
| | | | | | addresses too. Reported by: Jun Kuriyama
* This commit does two things:luigi2004-04-251-6/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 1. rt_check() cleanup: rt_check() is only necessary for some address families to gain access to the corresponding arp entry, so call it only in/near the *resolve() routines where it is actually used -- at the moment this is arpresolve(), nd6_storelladdr() (the call is embedded here), and atmresolve() (the call is just before atmresolve to reduce the number of changes). This change will make it a lot easier to decouple the arp table from the routing table. There is an extra call to rt_check() in if_iso88025subr.c to determine the routing info length. I have left it alone for the time being. The interface of arpresolve() and nd6_storelladdr() now changes slightly: + the 'rtentry' parameter (really a hint from the upper level layer) is now passed unchanged from *_output(), so it becomes the route to the final destination and not to the gateway. + the routines will return 0 if resolution is possible, non-zero otherwise. + arpresolve() returns EWOULDBLOCK in case the mbuf is being held waiting for an arp reply -- in this case the error code is masked in the caller so the upper layer protocol will not see a failure. 2. arpcom untangling Where possible, use 'struct ifnet' instead of 'struct arpcom' variables, and use the IFP2AC macro to access arpcom fields. This mostly affects the netatalk code. === Detailed changes: === net/if_arcsubr.c rt_check() cleanup, remove a useless variable net/if_atmsubr.c rt_check() cleanup net/if_ethersubr.c rt_check() cleanup, arpcom untangling net/if_fddisubr.c rt_check() cleanup, arpcom untangling net/if_iso88025subr.c rt_check() cleanup netatalk/aarp.c arpcom untangling, remove a block of duplicated code netatalk/at_extern.h arpcom untangling netinet/if_ether.c rt_check() cleanup (change arpresolve) netinet6/nd6.c rt_check() cleanup (change nd6_storelladdr)
* ifp has the same value as rt->rti_ifp so remove the dependencyluigi2004-04-191-2/+2
| | | | on the route entry to locate the necessary information.
* Remove a tail-recursive call in nd6_output.luigi2004-04-191-5/+8
| | | | | | This change is functionally identical to the original code, though I have no idea if that was correct in the first place (see comment in the commit).
* Replace Bcopy/Bzero with 'the real thing' as in the rest of the file.luigi2004-04-182-8/+8
|
* Remove advertising clause from University of California Regent'simp2004-04-0721-84/+0
| | | | | | | license, per letter dated July 22, 1999 and email from Peter Wemm, Alan Cox and Robert Watson. Approved by: core, peter, alc, rwatson
* UDP checksum is mandatory in IPv6 (RFC2460 p.28)suz2004-04-011-2/+4
| | | | Obtained from: KAME
* Reduce 'td' argument to 'cred' (struct ucred) argument in those functions:pjd2004-03-275-19/+22
| | | | | | | | | | | | | | - in_pcbbind(), - in_pcbbind_setup(), - in_pcbconnect(), - in_pcbconnect_setup(), - in6_pcbbind(), - in6_pcbconnect(), - in6_pcbsetport(). "It should simplify/clarify things a great deal." --rwatson Requested by: rwatson Reviewed by: rwatson, ume
* Remove unused argument.pjd2004-03-272-2/+2
| | | | Reviewed by: ume
* Remove unused prototype.pjd2004-03-271-1/+0
| | | | Reviewed by: ume
* Validate IPv6 socket options more carefully to avoid a panic.ume2004-03-261-1/+37
| | | | | PR: kern/61513 Reviewed by: cperciva, nectar
* Move the AH algorithm list from a static local function variable torwatson2004-03-101-37/+38
| | | | | | | | | a static const global variable in ah_core.c. This makes it more clear that this array does not require synchronization, as well as synchronizing the layout to the ESP algorithm list. This is the version of my patch that Itojun committed to the KAME tree. Obtained from: me, via KAME
* move in6_addmulti()/in6_delmulti() into mld6.cume2004-03-042-90/+93
| | | | Obtained from: KAME
* missing splx().ume2004-03-041-1/+3
| | | | | Obtained from: KAME MFC after: 3 days
* - stlye and commentsume2004-03-031-15/+16
| | | | | | | - variable name change (scopeid -> zoneid) - u_short -> u_int16_t, u_char -> u_int8_t Obtained from: KAME
* Move PFIL_HOOKS and ipfw past the scope checks to allow easy redirection tomlaier2004-03-021-32/+32
| | | | | | | | linklocal. Obtained from: OpenBSD Reviewed by: ume Approved by: bms(mentor)
* scope awareness of ff01:: is not merged, yet. So, clearume2004-03-021-0/+6
| | | | | | embeded form of scopeid for ff01:: for now. Pointed out by: mlaier
* - reject incoming packets to an interface-local multicast address fromume2004-03-011-10/+52
| | | | | | | | the wire. - added a generic scope check, and removed checks for loopback src/dst addresses. Obtained from: KAME
* Bring eventhandler callbacks for pf.mlaier2004-02-261-0/+3
| | | | | | | | This enables pf to track dynamic address changes on interfaces (dailup) with the "on (<ifname>)"-syntax. This also brings hooks in anticipation of tracking cloned interfaces, which will be in future versions of pf. Approved by: bms(mentor)
* Tweak existing header and other build infrastructure to be able to buildmlaier2004-02-261-1/+3
| | | | | | | pf/pflog/pfsync as modules. Do not list them in NOTES or modules/Makefile (i.e. do not connect it to any (automatic) builds - yet). Approved by: bms(mentor)
* in icmp6_mtudisc_update(), use ND link mtu to detect if the path MTUume2004-02-241-1/+3
| | | | | | should be updated. Helped by: andre
* Fix array overflow: If len=128, don't access [16] of a 16-byte IPv6cperciva2004-02-241-1/+2
| | | | | | | | address, even if we subsequently ignore its value by applying a >>8 to it. Reported by: "Ted Unangst" <tedu@coverity.com> Approved by: rwatson (mentor), {ume, suz} (KAME)
* - call ip6_output() instead of nd6_output() when ipsec tunnelume2004-02-191-3/+21
| | | | | | | | | | | | mode is applied, since tunneled packets are considered to be generated packets from a tunnel encapsulating node. - tunnel mode may not be applied if SA mode is ANY and policy does not say "tunnel it". check if we have extra IPv6 header on the packet after ipsec6_output_tunnel() and call ip6_output() only if additional IPv6 header is added. - free the copyed packet before returning. Obtained from: KAME
* IPSEC and FAST_IPSEC have the same internal API now;ume2004-02-173-57/+20
| | | | | | so merge these (IPSEC has an extra ipsecstat) Submitted by: "Bjoern A. Zeeb" <bzeeb+freebsd@zabbadoz.net>
* correct function name in comment.ume2004-02-161-18/+18
| | | | Submitted by: "Bjoern A. Zeeb" <bzeeb+freebsd@zabbadoz.net>
* nuke unused functions.ume2004-02-163-53/+0
| | | | Submitted by: "Bjoern A. Zeeb" <bzeeb+freebsd@zabbadoz.net>
* we don't need to include ipsec.h.ume2004-02-161-8/+0
| | | | Submitted by: "Bjoern A. Zeeb" <bzeeb+freebsd@zabbadoz.net>
* - wrap mappedaddr block by #ifdef INET for IPv6-only kernel in future.ume2004-02-131-38/+42
| | | | | | | | | | | | - rejects IPv6 packet toward IPv4-mapped address if its source address is not an IPv4-mapped IPv6 address, since the converted IPv4 packets would have an unexpected IPv4 source address. - when V6ONLY socket option is set, discard packets destined to a v4/ipv4 mapped ipv6 address. - have PULLDOWN_TEST codepath. - get rid of in6_mcmatch(). Obtained from: KAME
* supported IPV6_RECVPATHMTU socket option.ume2004-02-135-6/+68
| | | | Obtained from: KAME
* Initial import of RFC 2385 (TCP-MD5) digest support.bms2004-02-111-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is the first of two commits; bringing in the kernel support first. This can be enabled by compiling a kernel with options TCP_SIGNATURE and FAST_IPSEC. For the uninitiated, this is a TCP option which provides for a means of authenticating TCP sessions which came into being before IPSEC. It is still relevant today, however, as it is used by many commercial router vendors, particularly with BGP, and as such has become a requirement for interconnect at many major Internet points of presence. Several parts of the TCP and IP headers, including the segment payload, are digested with MD5, including a shared secret. The PF_KEY interface is used to manage the secrets using security associations in the SADB. There is a limitation here in that as there is no way to map a TCP flow per-port back to an SPI without polluting tcpcb or using the SPD; the code to do the latter is unstable at this time. Therefore this code only supports per-host keying granularity. Whilst FAST_IPSEC is mutually exclusive with KAME IPSEC (and thus IPv6), TCP_SIGNATURE applies only to IPv4. For the vast majority of prospective users of this feature, this will not pose any problem. This implementation is output-only; that is, the option is honoured when responding to a host initiating a TCP session, but no effort is made [yet] to authenticate inbound traffic. This is, however, sufficient to interwork with Cisco equipment. Tested with a Cisco 2501 running IOS 12.0(27), and Quagga 0.96.4 with local patches. Patches for tcpdump to validate TCP-MD5 sessions are also available from me upon request. Sponsored by: sentex.net
* fix build with FAST_IPSEC.ume2004-02-091-2/+1
| | | | Reported by: cjc
* - obey ip6po_minmtu.ume2004-02-081-3/+30
| | | | | | - notify a proper path MTU to applications. Obtained from: KAME
* KNFume2004-02-041-8/+7
| | | | Obtained from: KAME
* pass pcb rather than so. it is expected that per socket policyume2004-02-039-133/+76
| | | | works again.
* protect access to ifnet structure with mutex.ume2004-01-281-0/+2
|
* call ipsec_pcbconn()/ipsec_pcbdisconn() from in6_pcbconnect().ume2004-01-131-0/+7
| | | | Obtained from: KAME
* correct spellingume2004-01-131-7/+7
| | | | | Submitted by: "Bjoern A. Zeeb" <bzeeb+freebsd@zabbadoz.net> Reviewed by: itojun
* fix potential 'cannot-happen' memory leakume2004-01-131-1/+4
| | | | | Submitted by: "Bjoern A. Zeeb" <bzeeb+freebsd@zabbadoz.net> Reviewed by: itojun
* try rtinit() only when the route is not installed.ume2004-01-101-2/+5
| | | | | | | | this allows, e.g., duplicated attempts of 'ifconfig lo0 ::1' like for IPv4. Obtained from: KAME MFC after: 1 week
* Don't execute the code in in6_ifdetach() that removes the link-localtruckman2004-01-101-7/+9
| | | | | | | | allnodes multicast route if the routing table has not been initialized. This avoids a panic during boot if an interface detaches before the routing table is initialized. Submitted by: sam
* in set{peer, sock}addr, do not convert the unspecifiedume2004-01-101-2/+2
| | | | | | | | address (::) to the mapped address form. PR: kern/22868 Obtained from: KAME MFC after: 3 days
* When calculating the sequence number to use in an ip6fw reset, remember todwmalone2003-12-251-0/+2
| | | | | | | | | add one if the SYN flag was set in the original packet. This seems to make ip6fw reset work correctly for new and in-progress connections. Update the man page to reflect the fact it now seems to work. Glanced at by: ume MFC after: 2 weeks
* Catch a few places where NULL (pointer) was used where 0 (integer) wasume2003-12-231-2/+2
| | | | expected (fix build).
* Catch a few places where NULL (pointer) was used where 0 (integer) waspeter2003-12-233-5/+5
| | | | expected.
* fixed a bug that IPv6 routing header does not work properly if specified ↵suz2003-12-221-1/+1
| | | | | | from userland application reviewed by: ume
* fixed an IPv6 path MTU discovery failure owing to a lack of initializationsuz2003-12-171-1/+1
| | | | | | Reviewed by: ume Approved by: re (scottl) MFC after: 1 day
* validate the argument for multicast routing socket optionsume2003-12-101-27/+38
| | | | | | | correctly. Obtained from: KAME MFC after: 3 days
* - changed the logic in nd6_is_addr_neighbor(); check on-link prefixesume2003-12-081-17/+23
| | | | | | | | | | | | | | (not interface addresses) to see if a given address is on-link. - skip offlink prefixes in neighbor determination in nd6_is_addr_neighbor. - in nd6_is_addr_neighbor, regarded every address as on-link when the default router list is empty. otherwise, we'd not be able make a neighbor cache for the address. this algorithm is applied to hosts only. - in nd6_is_addr_neighbor, check if the default interface is equal to the interface in question in addition to check if the default router list is empty. Obtained from: KAME
* Split the "inp" mutex class into separate classes for each of divert,sam2003-11-262-2/+2
| | | | | | | | raw, tcp, udp, raw6, and udp6 sockets to avoid spurious witness complaints. Reviewed by: rwatson Approved by: re (rwatson)
* pktopt may be null.ume2003-11-241-0/+3
| | | | Approved by: re (rwatson)
OpenPOWER on IntegriCloud