| Age | Commit message (Collapse) | Author |
|---|
|
rtable 255 is a valid routing table or domain id that wasn't handled
by the ip[6]_mroute code or by snmpd. The arrays in the ip[6]_mroute
code where off by one and didn't allocate space for rtable 255; snmpd
simply ignored rtable 255. All other places in the tree seem to
handle RT_TABLEID_MAX correctly.
OK florian@ benno@ henning@ deraadt@
|
|
Benno removed code to answer ICMP queries over 4 years ago.
Aham Brahmasmi (aham.brahmasmi AT gmx.com) points out
that we still joined the group though.
OK sthen, bluhm, kn
|
|
in raw IP delivery and UDP broadcast loops. There inpcbtable_mtx
is held and sorwakeup() is called within the loop. As sowakeup()
grabs the kernel lock, we have a lock ordering problem.
found by Hrvoje Popovski; OK deraadt@ mpi@
|
|
for netstat -a. Introduce a global mutex that protects the tables
and hashes for the internet PCBs. To detect detached PCB, set its
inp_socket field to NULL. This has to be protected by a per PCB
mutex. The protocol pointer has to be protected by the mutex as
netstat uses it.
Always take the kernel lock in in_pcbnotifyall() and in6_pcbnotify()
before the table mutex to avoid lock ordering problems in the notify
functions.
OK visa@
|
|
start locking the socket. An inp can be referenced by the PCB queue
and hashes, by a pf mbuf header, or by a pf state key.
OK visa@
|
|
what FreeBSD does. Remove old #if 0 version of inet6ctlerrmap.
OK mpi@
|
|
in6_pcb.c consistent, to ease comparing the code. Move all inet6
functions to in6_. Bring functions in both source files in same
order. Cleanup the include section. Now in_pcb.c is a superset
of in6_pcb.c. The latter contains all the special implementations.
Just moving arround, no code change intended.
OK mpi@
|
|
put the algorithm into a new function m_calchdrlen(). Also set an
uninitialized m_len to 0 in NFS code.
OK claudio@
|
|
created. Add a new function m_removehdr() do convert packet header
mbufs within the chain to regular mbufs. Assert that the mbuf at
the beginning of the chain has a packet header.
found by Maxime Villard in NetBSD; from markus@; OK claudio@
|
|
|
|
userland.
Inputs from markus@, ok sthen@
|
|
Reported by and ok sthen@
|
|
icmp6_error() still probably needs the NET_LOCK, as the call chain
icmp6_error -> icmp6_reflect -> rt_match -> rt_clone -> rtrequest
is possible.
The fragment discard loop in frag6_slowtimo and the other
cleanup bits in frag6_freef do not require it however. So
push the lock down into frag6_freef around icmp6_error.
Prompted by mpi. Discussed with bluhm and kn. Regress test help
by bluhm. Additional testing by kn.
ok kn@ visa@ mpi@
|
|
otherwise nd6_llinfo_settimer() might wrongly assume that a timeout is
already scheduled earlier and not schedule one itself. This in turn
lead to the neighbor cache no longer updating because neighbor
solicitations were not send.
Observed by many.
OK kn
|
|
an attribute of an address is changed.
For now it's used when IPv6 duplicate address detection finishes.
With this slaacd(8) can find out if a configured address is not
duplicated without the need to poll.
OK phessler, benno, claudio
|
|
dropped packets in the output path.
While here fix a memory leak when compression is not needed w/ IPcomp.
ok markus@
|
|
magic constant to panic() calls.
ok benno@ henning@ tb@
|
|
these changes to the routing table have not been visible whereas the
RTM_DELETE of those routes have been. Remove this inconsistency.
Input and OK mpi@
OK henning@
|
|
failes and then later on a in in6_get_ifid() a layer 2 address is
"borrowed" from from another interface.
Do the "borrowing" in in6_get_soii_ifid(), too so that semantically
opaque interface identifiers work for these kind of interfaces, too.
OK phessler, benno
|
|
tries to "borrow" one from another interface.
But then it checks if the U bit is set int the generated EUI64
address and rejects it.
On the other hand for interfaces that do have a layer 2 address this
check is skipped, so relax it for the "borrowing" case, too.
With this one gets stable link local addresses on e.g. gre(4)
interfaces on certain virtualisation environments depending which mac
addresses get picked for the vio(4) interfaces while previously we
would end up with a random IP on every reboot.
Reported by Aaron A. Glenn via phessler.
OK phessler, benno
|
|
with sendmsg(2) and MSG_OOB. Sync the code in udp, rip, and
rip6_usrreq. Add an inp NULL check in rip6_usrreq for consistency.
OK benno@ mpi@
|
|
rip{6,}_usrreq() since soreceive() will free it.
ok bluhm@
|
|
in_pcbconnect() to avoid the address family maze in syn_cache_get().
input claudio@; OK mpi@
|
|
ok visa@, tb@
|
|
OK tb@ visa@
|
|
functions.
discussed with and OK mpi@ visa@
|
|
OK visa@ mpi@
|
|
in_pcb.h header file.
OK mpi@ visa@
|
|
It does not make sense to call if_get() again, just pass ifp as
parameter. Move the IFT_CARP check into the function instead of
doing it everywhere. Replace the inverted match variable logic
with simple returns.
OK mpi@ friehm@
|
|
scope check and clearing of the scope id into separate functions.
input & ok visa, mpi
|
|
OK tb
|
|
Hoist privilege check to the top and split out handling of
SIOCAIFADDR_IN6 and SIOCDIFADDR_IN6 into a separate function.
Merge tangled switches and simplify the code paths.
tested by hrvoje
ok visa
|
|
that only needs a read lock.
Tested by hrvoje
ok visa
|
|
for in_control(). Protect mrt6_ioctl() and nd6_ioctl() with a read
lock and in6_ioctl with the NET_LOCK() while establishing a single
exit point.
tested by kn
ok florian, mpi, visa
|
|
Found the hard way.
|
|
For the PRU_CONTROL bit the NET_LOCK surrounds in[6]_control() and
on the ENOTSUPP case we guard the driver if_ioctl functions.
OK mpi@
|
|
updated from userland that was marked duplicated or tentative.
Otherwise we would just lose the duplicated / tentative state and assume
that the address is now unique and usable.
OK kn
|
|
OK deraadt@ florian@
|
|
IPv4 we do the same and there are races that triggers it. Increment
the statistics counter for both.
from markus@; OK mpi@
|
|
From Raf Czlonka, ok sthen@
|
|
slaacd(8).
RFC 7217 states (section 5, page 9):
| The Interface Identifier is finally obtained by taking as many
| bits from the RID value (computed in the previous step) as
| necessary, starting from the least significant bit.
Problem in slaacd pointed out by semarie@.
OK sthen, phessler
|
|
The account flag `ASU' will no longer be set but that makes suser()
mpsafe since it no longer mess with a per-process field.
No objection from millert@, ok tedu@, bluhm@
|
|
from semarie@, ok benno@
|
|
if you need to send an ipv6 packet with ip6_send(), there's no DF
bit in an ipv6 packet and no way to pass the ip6 options to ip6_output
to tell it to not allow fragmentation. this adds an M_IPV6_DF_OUT
"checksum" flag so something creating ipv6 packets a long way from
ip6_output can easily tell it to not allow fragmentation.
grumbling and ok claudio@
|
|
while here, give us support for mpls in gif on ipv6.
this moves all the gif handling into if_gif, eg, the mpls handling
is no longer in ip_etherip.c.
ok claudio@
|
|
Interface Identifiers with IPv6 Stateless Address Autoconfiguration."
"An IPv6 address configured using this method is stable within each
subnet, but the corresponding Interface Identifier changes when the
host moves from one network to another. This method is meant to be an
alternative to generating Interface Identifiers based on hardware
addresses."
OK naddy, sthen
|
|
the main new feature is gre keys, supported by the vnetid ioctls.
this also adds support for gre over ipv6, the use of hfsc, and
allows tx mitigation in the future.
this diff removes keepalive support, but i promised claudio@ and
patrick@ i would put it back after this goes in.
ok claudio@
|
|
It was not guaranteed that the mbuf data was not somewhere else in
the chain. So return an offset and do a proper mbuf pulldown.
found by Maxime Villard; from NetBSD; with markus@; OK deraadt@
|
|
packet through ip6_input() or from the routing table. In both cases
the KAME hack has added the embeded scope to the address, so it is
not necessary to fill the scope id again in rt6_flush(). Assert
that it is already there.
OK mpi@
|
|
ARP or ND timeout could delete local routes. Put an assert into
arptfree() and nd6_free() so this cannot happen again.
OK mpi@
|
