Age | Commit message (Collapse) | Author |
|
restriction: if there's any extension header (except fragment)
and outbound packet matches tdb, we can't encrypt it.
packet will not go out of the node (dropped).
|
|
enforce type checking on IN6_ARE_ADDR_EQUAL.
|
|
use it from icmp6 code.
|
|
- allow setting raw socket icmp6 filter only if it is IPPROTO_ICMPV6 socket.
(cmetz may object about above two items...)
- add rip6_ctlinput, to flush cached router properly on redirects.
|
|
- remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works
just like "arp -s".
- revise source address selection.
be more careful about use of yet-to-be-valid addresses as source.
- as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope
packet forwarding attempt.
- path MTU discovery takes care of routing header properly.
- be more strict about mbuf chain parsing.
- nuke xxCTL_VARS #define, they are for BSDI.
- disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit
IPv6 model where multiple address on interface is normal.
(kernel side supports them for a while for backward compat,
the support will be nuked shortly)
- introduce "default outgoing interface" (for spec conformance in very
rare case)
|
|
|
|
for openbsd, this is integrated into rip6_ctloutput().
|
|
|
|
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support.
see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine
as well, but you'll need KAME userland tools to play with IPv6 (will be
bringed into soon).
|