| Age | Commit message (Collapse) | Author |
|---|
|
Interface Identifiers with IPv6 Stateless Address Autoconfiguration."
"An IPv6 address configured using this method is stable within each
subnet, but the corresponding Interface Identifier changes when the
host moves from one network to another. This method is meant to be an
alternative to generating Interface Identifiers based on hardware
addresses."
OK naddy, sthen
|
|
It was not guaranteed that the mbuf data was not somewhere else in
the chain. So return an offset and do a proper mbuf pulldown.
found by Maxime Villard; from NetBSD; with markus@; OK deraadt@
|
|
OK mpi
|
|
functions to pave way for more fine grained locking.
Suggested by, comments & OK mpi
|
|
OK bluhm@, mpi@
|
|
longer tracks prefixes or default routers from router advertisements.
Pointed out by jmc.
ports tree grepping sthen, who only found nsh
OK mpi, sthen
|
|
the inner IP packet into the internet queue. The IPv6 local delivery
code has a loop to deal with header chains. The idea is to use
this loop and avoid the queueing and rescheduling. The IPsec packet
will be processed in a single flow.
Merge the IP deliver loop from both IP versions into a single
ip_deliver() function that can handle both addresss families. This
allows to process an IP in IP header like a normal extension header.
If af != AF_UNSPEC, we are already in a deliver loop and have the
kernel look. Then we can just return the next protocol. Otherwise
we enqueue. The dequeue thread has the kernel lock and starts an
IP delivery loop.
OK mpi@
|
|
IPsec packets without additional enqueueing.
OK mpi@
|
|
IPv4 & IPv6 dispatch functions outside the KERNEL_LOCK().
We currently rely on the NET_LOCK() serializing access to most global
data structures for that. IP input queues are no longer used in the
forwarding case. They still exist as boundary between the network and
transport layers because TCP/UDP & friends still need the KERNEL_LOCK().
Since we do not want to grab the NET_LOCK() for every packet, the
softnet thread will do it once before processing a batch. That means
the L2 processing path, which is currently running without lock, will
now run with the NET_LOCK().
IPsec isn't ready to run without KERNEL_LOCK(), so the softnet thread
will grab the KERNEL_LOCK() as soon as ``ipsec_in_use'' is set.
Tested by Hrvoje Popovski.
ok visa@, bluhm@, henning@
|
|
as the pr_input functions. Add an assert that IPv4 delivery ends
in IP proto done to assure that IPv4 protocol functions work like
IPv6.
OK mpi@
|
|
* don't share mifs (multicast interface) between rdomains
* allow multiple routing sockets connected at the same time if they are
in different rdomains.
ok bluhm@
|
|
allows to simplify code used for both IPv4 and IPv6.
OK mikeb@ deraadt@
|
|
Attach is quite a different thing to the other PRU functions and
this should make locking a bit simpler. This also removes the ugly
hack on how proto was passed to the attach function.
OK bluhm@ and mpi@ on a previous version
|
|
fixed parameters.
OK mpi@ claudio@ dhill@
|
|
forwarding path.
Rename ip6_ours() in ip6_local() as this function dispatches packets
to the upper layer.
Introduce ip6_ours() and get rid of 'goto hbhcheck'. This function
will be later used to enqueue local packets.
As a bonus this reduces differences with IPv4.
Inputs and ok bluhm@
|
|
it in ipsec_common_input_cb() instead. The code that was copied
to ah6_input_cb() is now in ip6_ours() so we can call it directly.
OK mpi@
|
|
Try to follow the existing examples. Some notes:
- don't implement counters_dec() yet, which could be used in two
similar chunks of code. Let's see if there are more users first.
- stop incrementing IPv6-specific mbuf stats, IPv4 has no equivalent.
Input from mpi@, ok bluhm@ mpi@
|
|
the netlock held. This also changes the prototypes of the *ctloutput
functions to take an mbuf instead of an mbuf pointer.
help, guidance from bluhm@ and mpi@
ok bluhm@
|
|
Move the corresponding code in in6_pcbselsrc(). This reduces
differences with IPv4 and will help us to get rid of 'struct route*'.
ok vgross@
|
|
A single forwarding cache is not the answer. The answer is 42... err PF!
ok bluhm@
|
|
|
|
Reported by Heiko on bugs@.
ok stsp@, claudio@
|
|
convert in_selectsrc() prototype to match.
Ok bluhm@ mpi@.
|
|
We don't support Router Renumbering and there are no plans to change
that. ok mpi@
|
|
This sysctl is a no-op, read-only since it was introduced. There are no
plans to support IPv4-mapped addresses on OpenBSD, thus this sysctl is
meaningless.
Noticed by djm@, ok claudio@ mpi@ sthen@ henning@
|
|
|
|
this avoids current recursion to pf_test() function. the change also
switches icmp_error()/icmp6_error() to use ip_send()/ip6_send() so
they are safe for PF.
The idea comes from Markus Friedl. bluhm, mikeb and mpi helped me
a lot to get it into shape.
OK bluhm@, mpi@
|
|
a bad idea these days.
kill it mpi@
general agreement in the network hackers room at u2k15
|
|
The returned "struct rtentry" is either the cached one or the one passed
in options.
ok claudio@
|
|
ok claudio@
|
|
ok claudio@
|
|
ifpp - XXX: just for statistics
ifpp is always NULL in all callers so that statistic confirms ifpp is
dying
OK mpi@
|
|
Prodded by claudio@ and mikeb@
|
|
Output interface (port) selection for multicast traffic is not done via
route lookups. Instead the output ifp is registred when setsockopt(2)
is called with the IP{V6,}_MULTICAST_IF option. But since there is no
mechanism to invalidate such pointer stored in a pcb when an interface
is destroyed/removed, it might lead your kernel to fault.
Prevent a fault upon resume reported by frantisek holop, thanks!
ok mikeb@, claudio@
|
|
accept rtadvs on that interface. the global net.inet6.ip6.accept_rtadv
sysctl just doesn't cut it, even tho the spec wants that - but in their
little absurd world, a host just has one interface by definition anyway...
the sysctlgoes away.
lots of head scratching, brain cell elemination etc from bluhm benno stsp
florian, excitement from simon and todd, ok bluhm stsp benno florian
|
|
error code and pass the resulting source address back to the caller
through a pointer, as suggested by chrisz. This gives us more readable
code, and eases the deletion of useless checks in the callers' error path.
Add a bunch of "0 -> NULL" conversions, while here.
ok chrisz@ mpi@
|
|
making the code the same as netinet4 along the way.
ok bluhm phessler
|
|
OK claudio@
|
|
dhill.
ok krw@, mikeb@, tedu@ (implicit)
|
|
was already #if 0 and will never come back. Remove unused fragment
struct fields and sort the others.
ok henning@
|
|
ok henning@
|
|
I forgot the header file containing struct ip6q in the last commit.
|
|
ok mikeb
|
|
it reusable by pf.
ok claudio@
|
|
to make it reusable by pf. No functional change.
ok henning@, claudio@
|
|
OK mikeb@, henning@, deraadt@
|
|
ok stsp@ henning@ claudio@
|
|
ok fries, hshoexer, claudio
|
|
OK deraadt@, henning@
|
|
ok mpf naddy
|
