| Age | Commit message (Collapse) | Author |
|---|
|
dhcpcd from ports uses SIOCGIFAFLAG_IN6 without setting sin6_len.
OK deraadt@ millert@
|
|
addresses. Implement in6_sa2sin6() to validate inet6 address family
and address length. The SIOCGIFDSTADDR_IN6, SIOCGIFNETMASK_IN6,
SIOCGIFAFLAG_IN6, SIOCGIFALIFETIME_IN6, and SIOCDIFADDR_IN6 ioctl(2)
are safe now.
OK visa@
|
|
this follows what's been done for detach and link state hooks, and
makes handling of hooks generally more robust.
address hooks are a bit different to detach/link state hooks in
that there's only a few things that register hooks (carp, pf, vxlan),
but a lot of places to run the hooks (lots of ipv4 and ipv6 address
configuration).
an address hook cookie was in struct pfi_kif, which is part of the
pf abi. rather than break pfctl -sI, this maintains the void * used
for the cookie and uses it to store a task, which is then used as
intended with the new api.
|
|
|
|
this allows mpls interfaces (mpe, mpw) to pass the rdomain they
wish the local label to be in, rather than have it implicitly forced
to 0 by these functions. right now they'll pass 0, but it will soon
be possible to have them rx packets in other rdomains.
previously the functions used ifp->if_rdomain for the rdomain.
everything other than mpls still passes ifp->if_rdomain.
ok mpi@
|
|
MPLS interfaces (ab)use rt_ifa_add for adding the local MPLS label
that they listen on for incoming packets, while every other use of
rt_ifa_add is for adding addresses on local interfaces. MPLS does
this cos the addresses involved are in basically the same shape as
ones used for setting up local addresses.
It is appropriate for interfaces to want RTF_MPATH on local addresses,
but in the MPLS case it means you can have multiple local things
listening on the same label, which doesn't actually work. mpe in
particular keeps track of in use labels to it can handle collisions,
however, mpw does not. It is currently possible to have multiple
mpw interfaces on the same local label, and sharing the same label
as mpe or possible normal forwarding labels.
Moving the RTF_MPATH flag out of rt_ifa_add means all the callers
that still want it need to pass it themselves. The mpe and mpw
callers are left alone without the flag, and will now get EEXIST
from rt_ifa_add when a label is already in use.
ok (and a huge amount of patience and help) mpi@
claudio@ is ok with the idea, but saw a much much earlier solution
to the problem
|
|
Benno removed code to answer ICMP queries over 4 years ago.
Aham Brahmasmi (aham.brahmasmi AT gmx.com) points out
that we still joined the group though.
OK sthen, bluhm, kn
|
|
scope check and clearing of the scope id into separate functions.
input & ok visa, mpi
|
|
OK tb
|
|
Hoist privilege check to the top and split out handling of
SIOCAIFADDR_IN6 and SIOCDIFADDR_IN6 into a separate function.
Merge tangled switches and simplify the code paths.
tested by hrvoje
ok visa
|
|
that only needs a read lock.
Tested by hrvoje
ok visa
|
|
for in_control(). Protect mrt6_ioctl() and nd6_ioctl() with a read
lock and in6_ioctl with the NET_LOCK() while establishing a single
exit point.
tested by kn
ok florian, mpi, visa
|
|
Found the hard way.
|
|
For the PRU_CONTROL bit the NET_LOCK surrounds in[6]_control() and
on the ENOTSUPP case we guard the driver if_ioctl functions.
OK mpi@
|
|
updated from userland that was marked duplicated or tentative.
Otherwise we would just lose the duplicated / tentative state and assume
that the address is now unique and usable.
OK kn
|
|
They have the same functionnality since friehm@ cleaned up
balancing code.
ok florian@, visa@, patrick@, bluhm@, jmatthew@
|
|
Instead return EOPNOTSUPP and call it from ifioctl(). This will help
getting per-driver ioctl routines outside of need the NET_LOCK().
While here always return ENXIO when ``ifp'' is NULL.
ok visa@, florian@
|
|
Also it does not change behaviour.
OK jca
|
|
ok florian@, sthen@, jsg@
|
|
if_attach() enforces it is properly defined.
|
|
ok florian@, claudio@, bluhm@
|
|
ok florian@, claudio@, visa@, bluhm@
|
|
- SIOCSIFPHYADDR
- SIOCSIFPHYADDR_IN6
- SIOCGIFPSRCADDR
- SIOCGIFPSRCADDR_IN6
- SIOCGIFPDSTADDR
- SIOCGIFPDSTADDR_IN6
ok bluhm@
|
|
sppp_update_ip6_addr() became the last user of n6_are_prefix_equal().
Since it compares /128 prefixes it doesn't need all the bells and
whistles and can be converted to a memcmp. Remove the now unused
n6_are_prefix_equal().
OK bluhm, mpi
|
|
in common checks for unix, inet, inet6 instead of partial checks
here and there. Some checks are already done at a higher layer,
but better be paranoid with user input.
OK claudio@ millert@
|
|
We know when pltime or vltime decrease to zero. Run nd6_expire then.
Input & OK mpi, bluhm
|
|
|
|
shall all be cleansed.
Remove sending of router solicitations and processing of router
advertisements from the kernel. It's handled by slaacd(8) these days.
Input & OK bluhm@, mpi@
|
|
OK naddy
|
|
ok visa@
|
|
* don't share mifs (multicast interface) between rdomains
* allow multiple routing sockets connected at the same time if they are
in different rdomains.
ok bluhm@
|
|
inline function instead of casting it to sockaddr. While there,
use inline instead of __inline for all these conversions. Some
struct sockaddr casts can be avoided completely.
OK dhill@ mpi@
|
|
vio ioctl(2). Otherwise ifconfig shows the wrong times since
vltime/pltime are calculated from this value on export.
The handling of router advertisements does the right thing.
OK bluhm
|
|
pltime conversion was missing from rev 1.193 which did the vltime
conversion only.
OK mpi
|
|
ok bluhm@
|
|
This is most likely to be the cause of the deadlock seen by port builders
since it's the only changed that happened after a2k17.
Instead bring back pirofti@ original hack to release the NET_LOCK() inside
iwm(4) and iwn(4).
This fixes some splassert reported by bluhm@
Deadlock reported by naddy@ and rpe@ and ajacoutot@ confirmed the deadlock
has been introduced post a2k17.
Tested by and ok tb@
|
|
This prevents a deadlock with the X server and some wireless drivers.
The real fix is to take unix domain socket code out of the NET_LOCK().
Issue reported by pirofti@ and ajacoutot@
ok tb@, stsp@, pirofti@
|
|
Try to follow the existing examples. Some notes:
- don't implement counters_dec() yet, which could be used in two
similar chunks of code. Let's see if there are more users first.
- stop incrementing IPv6-specific mbuf stats, IPv4 has no equivalent.
Input from mpi@, ok bluhm@ mpi@
|
|
ok bluhm@
|
|
This will allow to strengthen checks when userland adds a route.
ok phessler@, bluhm@
|
|
There's no need to insert an RTF_LOCAL route if it is already there, not
if a route with the same destination exist.
This fixes a KASSERT() triggered by adding an alias for an address already
present in the ARP cache as reported by weerd@ and Peter J. Philipp.
This should also fix a KASSERT() triggered by a NDP change reported by
Sebastien Marie.
ok bluhm@
|
|
time_second is unix time so it can be affected by clock changes.
time_uptime is monotonic so it isnt affected by clock changes. that
in turn means route expiries wont jump with clock changes if set
against time_uptime.
the expiry is translated into unix time for export to userland though.
Should fix mismatch between route timers that were already converted
and ND default routers that were still using time_second.
Tested by matthieu@ and sthen@
ok sthen@, dlg@
|
|
This is done to stop using stale ifa attached to routes, which is
the easiest way to make rtisvalid(9) MP-safe.
sthen@ and henning@ like it, ok claudio@
|
|
|
|
This matches what IPv4 is doing and unbreak carp(4) when the same
address is set twice, for example when running netstart(8) multiple
times.
Issue reported by and fix from Simon Mages.
|
|
instead of abusing RTF_CLONING.
Fix a leak reporeted by Aaron Riekenberg on misc@, ok sthen@
|
|
|
|
in{,6}_ioctl() that do not deal with sockets.
This will allow to automagically configure interface addresses in
the kernel without too many layer violations.
Required by upcoming umb(4).
|
|
Router renumbering was never supported, prefix ioctls were deprecated
~15 years ago. Move some items in netinet6/nd6.h where they are still
used.
ok mikeb@ mpi@
|
|
Those ioctls never made sense, IPv6 was designed right from the start
with support for multiple addresses by interface.
ok mikeb@ mpi@
|
