| Age | Commit message (Collapse) | Author |
|---|
|
path
|
|
daniel found it.
|
|
caveats: (to be addressed soon)
- "scrub in" should queue fragments back into ip6intrq again, but
somehow it does not happen - the packet is kept inside reass queue.
need investigation
- ip6_forwarding path is not tested
- does not use red-black tree. somehow red-black tree behaved badly
and was not robust. performance issue, the above one is more
important.
good things:
- "scrub out" is perfectly ok
- i think now we can inspect upper-layer protocol fields (tcp port)
even if ip6 packet is fragmented.
- reass queue will be cleaned up properly by timeout (60sec). we might
want to impose pool limit as well
|
|
|
|
things such that code that only need a second-resolution uptime or wall
time, and used to get that from time.tv_secs or mono_time.tv_secs now get
this from separate time_t globals time_second and time_uptime.
ok art@ niklas@ nordin@
|
|
ok cedric@ henning@
|
|
|
|
|
|
|
|
closes pr 3231
|
|
|
|
behavior changes:
- two iocts used by ndp(8) are now obsolete (backward compat provided).
use sysctl path instead.
- lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
|
|
|
split IPv6 MTU (advertised by RA) from real link MTU.
sync with kame
|
|
|
|
|
|
ok dhartmei@, frantzen@
|
|
mcbride@countersiege.com
|
|
only if ip6_dst is "neighbor" within p2p prefix. sync with kame
|
|
destination address that matches the p2p interface. this would
lead us to pingpong (= chews bandwidth, can be attacked from remote).
|
|
|
|
now traffic on loopback interface will be presented to bpf as normal wire
format packet (without KAME scopeid in s6_addr16[1]).
fix KAME PR 250 (host mistakenly accepts packets to fe80::x%lo0).
sync with kame.
|
|
|
|
|
|
|
|
this is not in the spec - we had rough consensus on it in ipngwg,
spec will get updated to include this behavior.
|
|
|
|
to route packet to be rejected/dropped to loopback. (sync with kame)
|
|
|
|
experimental support for new loopback packet handling (with FAKE_LOOPBACK_IF,
rcvif will be set to real outgoing interface, not the loopback, to honor scope)
sync with kame.
|
|
- remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works
just like "arp -s".
- revise source address selection.
be more careful about use of yet-to-be-valid addresses as source.
- as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope
packet forwarding attempt.
- path MTU discovery takes care of routing header properly.
- be more strict about mbuf chain parsing.
- nuke xxCTL_VARS #define, they are for BSDI.
- disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit
IPv6 model where multiple address on interface is normal.
(kernel side supports them for a while for backward compat,
the support will be nuked shortly)
- introduce "default outgoing interface" (for spec conformance in very
rare case)
|
|
|
|
|
|
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support.
see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine
as well, but you'll need KAME userland tools to play with IPv6 (will be
bringed into soon).
|
