summaryrefslogtreecommitdiff
path: root/sys/netinet6
AgeCommit message (Collapse)Author
2014-12-08Do not use a "struct route" when a "struct rtentry" is enough.Martin Pieuchot
ok millert@, bluhm@
2014-12-08Do not take into account addresses configured in a different rdomainMartin Pieuchot
to decide whether or not to remove local routes. Prevent from having a NULL ifp pointer in the routing table when an address present in another rdomain is removed from an interface. ok bluhm@
2014-12-05Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.Martin Pieuchot
ok mikeb@, krw@, bluhm@, tedu@
2014-12-04replace md5 with sha512. ok deraadtTed Unangst
2014-11-24Rename rt_ifa_addloop() into rt_ifa_addlocal() and make it return anMartin Pieuchot
error code on failure (unchecked for the moment). ok mikeb@, jmc@
2014-11-20Rework the handling of interfaces and IPv6 addresses for local delivery.Martin Pieuchot
- Unicast packets sent to any local address will have their interface set to loobpack. - In order to differentiate traffic from interfaces having identical link-local addresses, provide the scoped addresses to pf(4). - Update the icmp6 state lookup logic to match scoped MLL addresses. - Remove a shortcut in ip6_input() that bypasses pf and always look for an RTF_LOCAL route. Packets sent to multicast addresses still retain their original interface due to the fact that local multicast packet delivering does not use if_output. This makes ping6 to link-local addresses work even with pf enabled and "set skip" on loopbacks, reported by Pieter Verberne. Debugged, analysed and tested with mikeb@. ok mikeb@, henning@, sthen@
2014-11-20In TCP and UDP layers do not (ab)use the receiving interface to checkMartin Pieuchot
for a multicast/broadcast destination address. These checks have already been done in the Ethernet and IP layers and the mbuf(9) should contain all the required information at this point. But since we cannot trust this spaghetti stack, be paranoid and make sure to set the flags in the IP input routines. Use explicit comments, requested by deraadt@. ok claudio@
2014-11-20What have no need for a variable that holds the maximum MTU size ofMartin Pieuchot
interfaces with an IPv6 address. ok henning@, mikeb@, deraadt@
2014-11-18Nuke yet more obvious #include duplications.Kenneth R Westerback
ok miod@
2014-11-18move arc4random prototype to systm.h. more appropriate for most codeTed Unangst
to include that than rdnvar.h. ok deraadt dlg
2014-11-10Do not pass an ifa pointer when we already have a DAD descriptor.Martin Pieuchot
Tweaks and ok florian@
2014-11-09To implement transparent relays for connectionless protocols, theAlexander Bluhm
pf the state has to vanish immediately when the relay closes the socket. To make this work reliably, the linkage between state and socket must be established with the first packet. This packet could be incomming or outgoing. Link the pf state in the socket layer earlier. This makes all tests in /usr/src/regress/sys/net/pf_divert pass. OK henning@
2014-11-01Rename rtalloc1() into rtalloc(9) and convert its flags to only enableMartin Pieuchot
functionnality instead of a mix of enable/disable. ok bluhm@, jca@
2014-10-22Introduce a special hack for carp during IPv6 source address selection:Stefan Sperling
If there is a tie then a carp interface is not allowed to win even if it has an address with a longer bitwise match. This allows reliable IPv6 communication between carp master and backup across a shared IPv6 subnet. Consider the carp address 2001:DB8:10::14, which is configured on firewall A (in carp master state) and firewall B (in carp backup state), each of which has another address in the same prefix on a non-carp interface (A has 2001:DB8:10::1 and B has 2001:DB8:10::11). In this setup, A would use 2001:DB8:10::14 as source address when sending neighbour solicitations to B. Since 2001:DB8:10::14 is a local address from B's point of view, B never replied to the neighbour solicitations sent by A. With this change A uses 2001:DB8:10::1 as source address instead. ok mpi@
2014-10-14Don't check for an empty list of interfaces. This is never true even ifMartin Pieuchot
you don't have a physical interface on your machine, so why rawip should be more clever^Wparanoid than the others? ok henning@, mikeb@
2014-10-14Use rtfree() instead of RTFREE(), NULLify some free'd route pointers andMartin Pieuchot
kill the macro. ok mikeb@, henning@
2014-10-07Do not protect the SIOCSIFADDR call by splnet(). Drivers alreadyMartin Pieuchot
raise it inside their ioctl handler (except for carp(4), what else?). In general, global structures manipulated in the softnet codepath only require a splsoftnet() protection when they are modified in process (ioctl) context. Also put some IPL_SOFNET asserts in functions accessing global structures. Previous version diff ok mikeb@, with inputs from and ok bluhm@
2014-09-27Kill rtalloc() and update rtalloc1() and rtalloc_mpath() to no longerMartin Pieuchot
rely on "struct route" that should die. ok claudio@
2014-09-09workqs were replaced with tasks in here, so dont need workq.h anymore.David Gwynne
2014-09-08Prevent addition of redundant IPv6 autoconf addresses.Stefan Sperling
Regression from r1.81 which switched from workq to taskq and incorrectly assumed duplicate addresses would be impossible with taskq. We ended up re-adding the SLAAC address whenever a privacy address expired. ok bluhm@
2014-09-08remove uneeded route.h includesJonathan Gray
ok miod@ mpi@
2014-08-31Make the in6addr constant declarations and definitions consistentAlexander Bluhm
in kernel and user land. OK florian@ mpi@
2014-08-27Nuke net.inet6.icmp6.rediraccept and allow redirects on interfacesFlorian Obser
with autoconf enabled. If one is doing SLAAC one does already trust link local icmp6 so the policy for icmp6 redirects should be the same. pointed out by & OK bluhm@; OK henning@
2014-08-26Do not hand-roll all routers link local address.Florian Obser
pointed out & OK bluhm@
2014-08-25Move sending of router solicitations to the kernel; receiving andFlorian Obser
processing of router advertisements was already in the kernel. With this rtsol{,d}(8) is no longer necessary. The kernel starts sending solicitations with # ifconfig $IF inet6 autoconf or inet6 autoconf in /etc/hostname.$IF. input stsp@ much help & OK mpi@ tweaks & OK bluhm@
2014-08-21Misleading comments about splnet().Martin Pieuchot
2014-08-19Keep pim code under #ifdef PIM to be coherent with what's in netinet/.Martin Pieuchot
2014-08-14No need for raw_cb.hMartin Pieuchot
2014-08-11Use the RTF_LOCAL flag instead of abusing the RTF_LLINFO flag whenMartin Pieuchot
adding local route entries. This hack made sense when we didn't have the RTF_LOCAL flag, but since some months it is set on every local route.
2014-08-10Rename p_hdrlen to min_hdrlen to better reflect its purpose.Lawrence Teo
No object file change ok florian@ henning@
2014-07-22Fewer <netinet/in_systm.h> !Martin Pieuchot
2014-07-12Remove the redundant csum_flag variable and just set the checksum flagLawrence Teo
in the pkthdr directly. ok henning@
2014-07-12Protocol checksums have been recalculated on reinjection for a whileLawrence Teo
now, so there is no need to calculate them before sending them to userspace. ok henning@
2014-07-12add a size argument to free. will be used soon, but for now default to 0.Ted Unangst
after discussions with beck deraadt kettenis.
2014-07-12Implement checksum offload for divert(4): simply set the checksum flagLawrence Teo
and let the stack take care of the checksums for reinjected outbound packets. Reinjected inbound packets will continue to have their checksums calculated manually but we can now take advantage of in_proto_cksum_out and in6_proto_cksum_out to streamline the way their checksums are done. help from florian@ and henning@, feedback from naddy@ ok florian@ henning@
2014-07-11introduce the IFXF_AUTOCONF6 interface flag which controls wether weHenning Brauer
accept rtadvs on that interface. the global net.inet6.ip6.accept_rtadv sysctl just doesn't cut it, even tho the spec wants that - but in their little absurd world, a host just has one interface by definition anyway... the sysctlgoes away. lots of head scratching, brain cell elemination etc from bluhm benno stsp florian, excitement from simon and todd, ok bluhm stsp benno florian
2014-07-11move IPv6 prefix adding from workq to taskq; as a happy benefit, weBret Lambert
can delete 2 dozen or so lines that check to see if we've queued up a prefix addition multiple times. ok stsp@
2014-07-11Remove rfc 4620 Node Information Query support (from the kernel).Sebastian Benoit
ok henning@ stu@, Yay! weerd@
2014-07-10Simplify the way divert(4) sends packets to userspace: Instead ofLawrence Teo
unnecessarily allocating an mbuf tag to store the divert port, just pass the divert port directly to divert_packet() or divert6_packet() as an argument. includes a style fix pointed out by bluhm@ ok bluhm@ henning@ reyk@
2014-07-09Kill unused route storages.Martin Pieuchot
blambert@, henning@, lteo@
2014-07-09Set default of net.inet6.icmp6.nodeinfo to 0,Sebastian Benoit
disables responses to RFC4620 IPv6 Node Information Queries. ok florian henning bluhm
2014-07-08decouple struct uvmexp into a new file, so that uvm_extern.h and sysctl.hTheo de Raadt
don't need to be married. ok guenther miod beck jsing kettenis
2014-07-01When a carp interface is created with IFXF_NOINET6 flag, no link-localSebastian Benoit
address will be created when the vhid (and MAC) is set. Depending on the order of the configuration the interface can end up with a ipv6 address, but no v6 link-local and no working neigbor discovery. Removing this case statement will result in the link-local address being configured by "ifconfig up" if the inet6 address was configured before. If you are using inet6 on carp, put an "up" at the end of your hostname.if. I will work on a better solution at g2k14. ok henning, mpi
2014-06-26Calling in{6,}_purgeaddr() is not enough to remove an address fromMartin Pieuchot
an interface. Two other operations are performed when issuing a SIOCDIFADDR{_IN6,} ioctl: call the address hook and the per-driver ioctl function. Since carp(4) relies on an address hook to recalculate its hash, make sure to call this hook when IFXF_NOINET6 is set or when the rdomain is changed. ok henning@, mikeb@
2014-06-13Remove deprecated RFC2292 ancillary data convenience functions.Christopher Zimmermann
They are obsoleted by the RFC3542 api. ok mpi@
2014-06-07g/c unused IFT_L2VLAN, ok reyk bluhmHenning Brauer
the #define stays since it's userland visible and who knows what uses it
2014-06-03Do not include <sys/malloc.h> where it is not needed.Martin Pieuchot
2014-05-20Fix eui64 address generation, broken since the removal of the link-layerMartin Pieuchot
address from the per-ifp list. Found the hard way by weerd@, florian@ and stsp@, ok florian@
2014-05-15Do not use nd6_rtrequest() for addresses configured on loopbackMartin Pieuchot
interfaces. ok mikeb@
2014-05-13Remove some m->m_pkthdr.rcvif dereference to help for upcomingMartin Pieuchot
receiving pointer -> index conversion. No functional change. ok claudio@, mikeb@, lteo@