summaryrefslogtreecommitdiffstats
path: root/sys/netinet6
Commit message (Collapse)AuthorAgeFilesLines
* Generate lle_event in the IPv6 neighbor discovery code too.np2013-01-262-0/+7
| | | | Reviewed by: bz@
* Avoid NULL dereference in nd6_storelladdr when no mbuf is provided. Itnp2013-01-251-1/+1
| | | | | | | is called this way from a couple of places in the OFED code. (toecore calls it too but that's going to change shortly). Reviewed by: bz@
* Simplify in6_setscope() function to get better performance.ae2013-01-101-46/+17
| | | | | | | | | | | | Currently we use interface indeces as zone IDs for link-local and interface-local scopes, and since we don't have any tool to configure zone IDs, there is no need to acquire the afdata lock several times per packet only to read if_index value. So, now in6_setscope reads zone IDs for interface-local, link-local and global scopes without a lock. Sponsored by: Yandex LLC MFC after: 2 weeks
* Remove unneeded variable.ae2013-01-091-6/+1
| | | | MFC after: 1 week
* Add no_prefer_iface option.ume2013-01-092-4/+7
| | | | | | | | | | It stops treating the address on the interface as special by source address selection rule even when the interface is outgoing interface. This is desired in some situation. Requested by: hrs Reviewed by: IHANet folks including hrs MFC after: 1 week
* The in6_setscope() function determines the scope zone id of an addressae2013-01-091-14/+15
| | | | | | | | | | | | and embeds it into address. Inside the kernel we keep addresses with embedded zone id only for two scopes: link-local and interface-local. For other scopes this function is nop in most cases. To reduce an overhead of locking, first check that address is capable for embedding. Also, handle the loopback address before acquire the lock. Sponsored by: Yandex LLC MFC after: 1 week
* Temporarily revert rev 244678. This is causing loopback problems withpeter2013-01-031-9/+0
| | | | the lo (loopback) interfaces.
* The SIOCSIFFLAGS ioctl handler runs if_up()/if_down() that notifyglebius2012-12-251-0/+9
| | | | | | | | | | | | | | | | | | all interested parties in case if interface flag IFF_UP has changed. However, not only SIOCSIFFLAGS can raise the flag, but SIOCAIFADDR and SIOCAIFADDR_IN6 can, too. The actual |= is done not in the protocol code, but in code of interface drivers. To fix this historical layering violation, we will check whether ifp->if_ioctl(SIOCSIFADDR) raised the IFF_UP flag, and if it did, run the if_up() handler. This fixes configuring an address under CARP control on an interface that was initially !IFF_UP. P.S. I intentionally omitted handling the IFF_SMART flag. This flag was never ever used in any driver since it was introduced, and since it means another layering violation, it should be garbage collected instead of pretended to be supported.
* When we have some address to forward (e.g. it was specified with ipfw fwd),ae2012-12-191-7/+9
| | | | | | | we should pass it as first argument into in6_selectroute_fib function to initiate new route lookup. MFC after: 1 week
* Make dst_sa initialization only when it is actually needed.ae2012-12-191-9/+12
| | | | MFC after: 1 week
* The selectroute functions does own account of EHOSTUNREACH errors,ae2012-12-191-8/+0
| | | | | | no need to do it twice. MFC after: 1 week
* Use M_PROTO7 flag for M_IP6_NEXTHOP, because M_PROTO2 was used forae2012-12-171-1/+1
| | | | | | | | M_AUTHIPHDR. Pointy hat to: ae Reported by: Vadim Goncharov MFC after: 3 days
* In additional to the tailq of IPv6 addresses add the hash table.ae2012-12-153-10/+40
| | | | | | | | | | For now use 256 buckets and fnv_hash function. Use xor'ed 32-bit s6_addr32 parts of in6_addr structure as a hash key. Update in6_localip and in6_is_addr_deprecated to use hash table for fastest lookup. Sponsored by: Yandex LLC Discussed with: dwmalone, glebius, bz
* Fix problem in r238990. The LLE_LINKED flag should be tested prior toglebius2012-12-131-2/+8
| | | | | | | | | entering llentry_free(), and in case if we lose the race, we should simply perform LLE_FREE_LOCKED(). Otherwise, if the race is lost by the thread performing arptimer(), it will remove two references from the lle instead of one. Reported by: Ian FREISLICH <ianf clue.co.za>
* - Move definition of V_deembed_scopeid to scope6_var.h.hrs2012-12-053-0/+16
| | | | | | - Deembed scope id in L3 address in in6_lltable_dump(). - Simplify scope id recovery in rtsock routines. - Remove embedded scope id handling in ndp(8) and route(8) completely.
* Mechanically substitute flags from historic mbuf allocator withglebius2012-12-0510-51/+51
| | | | | | | | | malloc(9) flags within sys. Exceptions: - sys/contrib not touched - sys/mbuf.h edited manually
* Remove opt_inet.h, it isn't required here.ae2012-11-201-1/+0
| | | | MFC after: 1 week
* Check if an extracted zoneid is equal to the non-zero sin6_scope_id only whenhrs2012-11-181-6/+8
| | | | it is link-local or MC interface-local.
* Add support for SCTP/UDP/IPV6.tuexen2012-11-172-2/+8
| | | | | | | This completes the support of http://tools.ietf.org/html/draft-ietf-tsvwg-sctp-udp-encaps MFC after: 1 week
* Reduce the overhead of locking, use IF_AFDATA_RLOCK() when we are doingae2012-11-165-18/+18
| | | | | | | simple lookups. Sponsored by: Yandex LLC MFC after: 1 week
* if_afdata lock was converted from mutex to rwlock a long ago, so we canae2012-11-141-14/+15
| | | | | | | replace IF_AFDATA_LOCK() macro depending to the access type. Sponsored by: Yandex LLC MFC after: 1 week
* SCOPE6_LOCK protects V_sid_default, no need to acquire it withoutae2012-11-141-9/+0
| | | | | | | any access to V_sid_default. Sponsored by: Yandex LLC MFC after: 1 week
* zoneid has unsigned type.ae2012-11-141-1/+1
| | | | MFC after: 1 week
* Use consistent style.obrien2012-11-131-3/+2
|
* Remove the recently added sysctl variable net.pfil.forward.ae2012-11-025-13/+12
| | | | | | | | | Instead, add protocol specific mbuf flags M_IP_NEXTHOP and M_IP6_NEXTHOP. Use them to indicate that the mbuf's chain contains the PACKET_TAG_IPFORWARD tag. And do a tag lookup only when this flag is set. Suggested by: andre
* Whitespace changes due to upstream integration of SCTP changes in thetuexen2012-10-291-14/+8
| | | | FreeBSD code base.
* Remove the IPFIREWALL_FORWARD kernel option and make possible to turnae2012-10-254-18/+10
| | | | | | | | | on the related functionality in the runtime via the sysctl variable net.pfil.forward. It is turned off by default. Sponsored by: Yandex LLC Discussed with: net@ MFC after: 2 weeks
* Remove __P.delphij2012-10-2218-285/+285
| | | | | | Submitted by: kevlo Reviewed by: md5(1) MFC after: 2 months
* Switch the entire IPv4 stack to keep the IP packet headerglebius2012-10-221-6/+0
| | | | | | | | | | | | | | | | | | | | | | | in network byte order. Any host byte order processing is done in local variables and host byte order values are never[1] written to a packet. After this change a packet processed by the stack isn't modified at all[2] except for TTL. After this change a network stack hacker doesn't need to scratch his head trying to figure out what is the byte order at the given place in the stack. [1] One exception still remains. The raw sockets convert host byte order before pass a packet to an application. Probably this would remain for ages for compatibility. [2] The ip_input() still subtructs header len from ip->ip_len, but this is planned to be fixed soon. Reviewed by: luigi, Maxim Dounin <mdounin mdounin.ru> Tested by: ray, Olivier Cochard-Labbe <olivier cochard.me>
* Eliminate code checking if found IPv6 rte is dynamic. IPv6 redirectsmelifaro2012-10-221-156/+0
| | | | | | | | | | | are using (different) ND-based approach described in RFC 4861. This change is similar to r241406 which conditionally skips the same check in IPv4. This change is part of bigger patch eliminating rte locking. Sponsored by: Yandex LLC. OK'd by: hrs MFC after: 2 weeks
* Mechanically remove the last stray remains of spl* calls from net*/*.andre2012-10-186-70/+10
| | | | They have been Noop's for a long time now.
* Cleanup documentation: cloning route support has been removed in r186119.melifaro2012-10-131-13/+0
| | | | MFC after: 2 weeks
* Revert previous commit...kevlo2012-10-103-3/+3
| | | | Pointyhat to: kevlo (myself)
* Prefer NULL over 0 for pointerskevlo2012-10-093-3/+3
|
* ip6_ipsec_output: fix a typo in r241344avg2012-10-081-1/+1
| | | | Acting as a remote drone of glebius.
* After r241245 it appeared that in_delayed_cksum(), which still expectsglebius2012-10-081-0/+6
| | | | | | | | | | | | | | host byte order, was sometimes called with net byte order. Since we are moving towards net byte order throughout the stack, the function was converted to expect net byte order, and its consumers fixed appropriately: - ip_output(), ipfilter(4) not changed, since already call in_delayed_cksum() with header in net byte order. - divert(4), ng_nat(4), ipfw_nat(4) now don't need to swap byte order there and back. - mrouting code and IPv6 ipsec now need to switch byte order there and back, but I hope, this is temporary solution. - In ipsec(4) shifted switch to net byte order prior to in_delayed_cksum(). - pf_route() catches up on r241245 changes to ip_output().
* Merge the projects/pf/head branch, that was worked on for last six months,glebius2012-09-082-6/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | into head. The most significant achievements in the new code: o Fine grained locking, thus much better performance. o Fixes to many problems in pf, that were specific to FreeBSD port. New code doesn't have that many ifdefs and much less OpenBSDisms, thus is more attractive to our developers. Those interested in details, can browse through SVN log of the projects/pf/head branch. And for reference, here is exact list of revisions merged: r232043, r232044, r232062, r232148, r232149, r232150, r232298, r232330, r232332, r232340, r232386, r232390, r232391, r232605, r232655, r232656, r232661, r232662, r232663, r232664, r232673, r232691, r233309, r233782, r233829, r233830, r233834, r233835, r233836, r233865, r233866, r233868, r233873, r234056, r234096, r234100, r234108, r234175, r234187, r234223, r234271, r234272, r234282, r234307, r234309, r234382, r234384, r234456, r234486, r234606, r234640, r234641, r234642, r234644, r234651, r235505, r235506, r235535, r235605, r235606, r235826, r235991, r235993, r236168, r236173, r236179, r236180, r236181, r236186, r236223, r236227, r236230, r236252, r236254, r236298, r236299, r236300, r236301, r236397, r236398, r236399, r236499, r236512, r236513, r236525, r236526, r236545, r236548, r236553, r236554, r236556, r236557, r236561, r236570, r236630, r236672, r236673, r236679, r236706, r236710, r236718, r237154, r237155, r237169, r237314, r237363, r237364, r237368, r237369, r237376, r237440, r237442, r237751, r237783, r237784, r237785, r237788, r237791, r238421, r238522, r238523, r238524, r238525, r239173, r239186, r239644, r239652, r239661, r239773, r240125, r240130, r240131, r240136, r240186, r240196, r240212. I'd like to thank people who participated in early testing: Tested by: Florian Smeets <flo freebsd.org> Tested by: Chekaluk Vitaly <artemrts ukr.net> Tested by: Ben Wilber <ben desync.com> Tested by: Ian FREISLICH <ianf cloudseed.co.za>
* In ip6_ctloutput() guard inp_flags modifications with INP_WLOCK.trociny2012-08-191-0/+6
| | | | MFC after: 2 weeks
* Fix races between in_lltable_prefix_free(), lla_lookup(),glebius2012-08-021-9/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | llentry_free() and arptimer(): o Use callout_init_rw() for lle timeout, this allows us safely disestablish them. - This allows us to simplify the arptimer() and make it race safe. o Consistently use ifp->if_afdata_lock to lock access to linked lists in the lle hashes. o Introduce new lle flag LLE_LINKED, which marks an entry that is attached to the hash. - Use LLE_LINKED to avoid double unlinking via consequent calls to llentry_free(). - Mark lle with LLE_DELETED via |= operation istead of =, so that other flags won't be lost. o Make LLE_ADDREF(), LLE_REMREF() and LLE_FREE_LOCKED() more consistent and provide more informative KASSERTs. The patch is a collaborative work of all submitters and myself. PR: kern/165863 Submitted by: Andrey Zonov <andrey zonov.org> Submitted by: Ryan Stone <rysto32 gmail.com> Submitted by: Eric van Gyzen <eric_van_gyzen dell.com>
* Some more whitespace cleanup.glebius2012-08-011-3/+3
|
* In case of IPsec he have to do delayed checksum calculations beforebz2012-07-311-0/+14
| | | | | | | | | adding any extension header, or rather before calling into IPsec processing as we may send the packet and not return to IPv6 output processing here. PR: kern/170116 MFC After: 3 days
* Some style(9) and whitespace changes.glebius2012-07-311-43/+40
| | | | Together with: Andrey Zonov <andrey zonov.org>
* Properly apply #ifdef INET and leave a comment that we are (will) applybz2012-07-311-3/+3
| | | | | | | delayed IPv6 checksum processing in ip6_output.c when doing IPsec. PR: kern/170116 MFC after: 3 days
* Improve the should-never-hit printf to ease debugging in case we'd ever hitbz2012-07-311-2/+3
| | | | | | it again when doing the delayed IPv6 checksum calculations. MFC after: 3 days
* For consistency put the IPsec comment iside the #fidef section.bz2012-07-291-1/+1
| | | | MFC after: 3 days
* Fix a comment that we do not have an SA yet but need to acquire one.bz2012-07-291-1/+1
| | | | MFC after: 3 days
* Changes which improve compilation if neither INET nor INET6 is defined.tuexen2012-07-151-0/+3
| | | | MFC after: 3 days
* #ifdef INET and INET6 consistently. This also fixes a bug, wheretuexen2012-07-151-2/+2
| | | | | | it was done wrong. MFC after: 3 days
* Remove "prefer_source" address selection option. FreeBSD has had anhrs2012-07-091-1/+1
| | | | | implementation of RFC 3484 for this purpose for a long time and "prefer_source" was never implemented actually. ND6_IFF_PREFER_SOURCE macro is left intact.
* Implement handling of "atomic fragements" as outlined inbz2012-07-081-0/+13
| | | | | | | draft-gont-6man-ipv6-atomic-fragments to mitigate one class of possible fragmentation-based attacks. MFC after: 5 days
OpenPOWER on IntegriCloud