| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
be consulted with KAME guys if you want a number.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
that should be better.
The old code counted references to mbuf clusters by using the offset
of the cluster from the start of memory allocated for mbufs and
clusters as an index into an array of chars, which did the reference
counting. If the external storage was not a cluster then reference
counting had to be done by the code using that external storage.
NetBSD's system of linked lists of mbufs was cosidered, but Alfred
felt it would have locking issues when the kernel was made more
SMP friendly.
The system implimented uses a pool of unions to track external
storage. The union contains an int for counting the references and
a pointer for forming a free list. The reference counts are
incremented and decremented atomically and so should be SMP friendly.
This system can track reference counts for any sort of external
storage.
Access to the reference counting stuff is now through macros defined
in mbuf.h, so it should be easier to make changes to the system in
the future.
The possibility of storing the reference count in one of the
referencing mbufs was considered, but was rejected 'cos it would
often leave extra mbufs allocated. Storing the reference count in
the cluster was also considered, but because the external storage
may not be a cluster this isn't an option.
The size of the pool of reference counters is available in the
stats provided by "netstat -m".
PR: 19866
Submitted by: Bosko Milekic <bmilekic@dsuper.net>
Reviewed by: alfred (glanced at by others on -net)
|
| |
|
|
| |
IPsec packet output. KAME PR 280.
|
| |
|
|
|
|
|
| |
Because I don't use ipfilter at all, this is not tested.
I don't know if ipfilter is work for IPv6.
Submitted by: yoshiaki@kt.rim.or.jp
|
| | |
|
| |
|
|
| |
sync with kame 1.46 -> 1.47.
|
| |
|
|
| |
PR: bin/20522
|
| |
|
|
|
| |
for the pfil hooks. The protosw and ip6protosw structures were out of
sync with each other. :-(
|
| | |
|
| |
|
|
|
| |
(even if you ask for tunnel-mode encryption packets will go out in clear)
sync with kame.
|
| |
|
|
| |
belong to *bsd-merged tree
|
| |
|
|
|
| |
if you reconfigure inet6 too much, the reference count can go
into negative by mistake. KAME in6.c 1.98 -> 1.99.
|
| |
|
|
| |
Approved-by: itojun
|
| | |
|
| |
|
|
| |
From: Andrzej Bialecki <abial@webgiro.com>
|
| |
|
|
| |
From: Ollivier Robert <roberto@keltia.freenix.fr>
|
| |
|
|
|
|
|
| |
API changes:
- additional IPv6 ioctls
- IPsec PF_KEY API was changed, it is mandatory to upgrade setkey(8).
(also syntax change)
|
| |
|
|
| |
Pointed out by: bde
|
| |
|
|
|
|
|
|
| |
Sanitize SYSCTL_HANDLER_ARGS so that simplistic tools can grog our
sources:
-sysctl_vm_zone SYSCTL_HANDLER_ARGS
+sysctl_vm_zone (SYSCTL_HANDLER_ARGS)
|
| |
|
|
|
|
|
| |
It seems that people find them too noisy.
(ND6_DEBUG will enable them)
Obtained from: KAME Project
|
| | |
|
| |
|
|
|
|
| |
It was not discussed and should probably not happen.
Requested by: msmith and others
|
| | |
|
| |
|
|
|
|
|
|
| |
the type argument to *_HEAD and *_ENTRY is a struct.
Suggested by: phk
Reviewed by: phk
Approved by: mdodd
|
| | |
|
| |
|
|
| |
Submitted by: n_hibma
|
| | |
|
| |
|
|
| |
Remove ~60 unneeded #include <sys/malloc.h>
|
| |
|
|
|
|
|
| |
unless the old status is probably reachable (i.e. the link-layer address
has already been resolved).
Obtained from: KAME Project
|
| |
|
|
| |
Submitted by: ume
|
| |
|
|
|
|
|
|
|
|
|
| |
Remove a bogus (redundant, just weird, etc.) key_freeso(so).
There are no consumers of it now, nor does it seem there
ever will be.
in6?_pcb.c:
Add an if (inp->in6?p_sp != NULL) before the call to
ipsec[46]_delete_pcbpolicy(inp). In low-memory conditions
this can cause a crash because in6?_sp can be NULL...
|
| |
|
|
| |
because this is now 5.0-current.
|
| |
|
|
|
|
|
| |
system with other platform and/or other version of FreeBSD, which is also
integrated KAME code based on another date.
Approved by: jkh
|
| |
|
|
|
|
|
|
|
|
| |
print an error message which say, "include netinet/ip6.h".
This is postponed to apply to avoid tcpdump compile error.
Now apply this because tcpdump has been already fixed.
Approved by: jkh
Obtained from: KAME project
|
| |
|
|
|
|
|
|
|
|
| |
icmp6 error statistics based on sending interface.
This also prevent kernel panic when rcvif is not initialized after M_PKTHDR().
(The initialization issue also need to be fixed in the future.)
Approved by: jkh
Submitted by: k-sugyou@kame.net
|
| |
|
|
|
|
|
|
|
|
| |
Without this, kernel will panic at getsockopt() of IPSEC_POLICY.
Also make compilable libipsec/test-policy.c which tries getsockopt() of
IPSEC_POLICY.
Approved by: jkh
Submitted by: sakane@kame.net
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
according to draft-ietf-ipngwg-icmp-name-lookups-04 to 05 change.
This is necessary before 4.0, because,
-This change is non backword compatible
-Other KAME derived platforms applied 05
-Author of the draft said he never do backword imcompatible changes
again.
Approved by: jkh
Obtained from: KAME project
|
| |
|
|
|
|
|
| |
Approved by: jkh
Submitted by: Partly from tech@openbsd
Reviewed by: itojun
|
| |
|
|
|
|
| |
Approved by: jkh
Submitted by: fenner
|
| |
|
|
|
|
|
| |
#ifdefs. Clean out unused netisr's and leftover netisr linker set gunk.
Tested on x86 and alpha, including world.
Approved by: jkh
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Some of IPsec authentication related functions should have
'const' for its 2nd argument, but not now.
But if someone try to use them, and passed const data for
those functions, then much bogus compile warnings will be
generated.
So those funcs prototype should be modified.
Requested by: archie
Approved by: jkh
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
KAME put INET6 related stuff into sys/netinet6 dir, but IPv6
standard API(RFC2553) require following files to be under sys/netinet.
netinet/ip6.h
netinet/icmp6.h
Now those header files just include each following files.
netinet6/ip6.h
netinet6/icmp6.h
Also KAME has netinet6/in6.h for easy INET6 common defs
sharing between different BSDs, but RFC2553 requires only
netinet/in.h should be included from userland.
So netinet/in.h also includes netinet6/in6.h inside.
To keep apps portability, apps should not directly include
above files from netinet6 dir.
Ideally, all contents of,
netinet6/ip6.h
netinet6/icmp6.h
netinet6/in6.h
should be moved into
netinet/ip6.h
netinet/icmp6.h
netinet/in.h
but to avoid big changes in this stage, add some hack, that
-Put some special macro define into those files under neitnet
-Let files under netinet6 cause error if it is included
from some apps, and, if the specifal macro define is not
defined.
(which should have been defined if files under netinet is
included)
-And let them print an error message which tells the
correct name of the include file to be included.
Also fix apps which includes invalid header files.
Approved by: jkh
Obtained from: KAME project
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
(1)When all related IPv6 addresses are removed,
then remove the associated IPv6 prefix.
(2)When multiple IPv6 link local addrs exist for a same
interface , then let its IPv6 prefix have multiple
interface id, and create multiple IPv6 global addrs with same
interface id.
(3)When a new IPv6 link local addr is assigned for an
interface, then let its IPv6 prefix also have the
interface id of the new IPv6 link local addr, and
create new IPv6 global addrs with same interface id.
Approved by: jkh
|
| |
|
|
|
|
|
|
|
|
| |
KAME source addr selection rule had a problem to treat IPv6 site
local addr.
The rule is completely rewritten recently and the above problem
is also fixed, but rewriting same code part in freebsd4.0 is too
dangerous in this stage, so just add workaround to avoid
the problem. Just add code for IPv6 site local addresses into IPv6
source addr selection algorythm part.
|
| |
|
|
|
|
|
|
|
|
| |
Yes it is almost code freeze, but as the result of many thought, now I
think this should be added before 4.0...
make world check, kernel build check is done.
Reviewed by: green
Obtained from: KAME project
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
#Please forget the strange log message of the previous commit .
IPv6 multicast routing.
kernel IPv6 multicast routing support.
pim6 dense mode daemon
pim6 sparse mode daemon
netstat support of IPv6 multicast routing statistics
Merging to the current and testing with other existing multicast routers
is done by Tatsuya Jinmei <jinmei@kame.net>, who writes and maintainances
the base code in KAME distribution.
Make world check and kernel build check was also successful.
Obtained from: KAME project
|
| |
|
|
|
|
| |
(IPv6 multicast routing)
I think I mistakenly touched TAB and the last arg sys/netinet6 to
the cvs commit changed to sys/netinet6/in6_proto.c.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
kernel IPv6 multicast routing support.
pim6 dense mode daemon
pim6 sparse mode daemon
netstat support of IPv6 multicast routing statistics
Merging to the current and testing with other existing multicast routers
is done by Tatsuya Jinmei <jinmei@kame.net>, who writes and maintainances
the base code in KAME distribution.
Make world check and kernel build check was also successful.
|
| |
|
|
|
|
|
| |
(prefix related ioctl should only be called on router,
because host use dynamic address and prefix configuration mechanism,
and those prefix are managed separately with ones whih are assined
manually.)
|
