| Age | Commit message (Collapse) | Author |
|---|
|
in the base. Ports fixes to follow shortly for the two ports (gkrellm
and net-snmp) affected.
ok zhuk@ millert@
|
|
Instead of linking multicast records to the first configured address of
the corresponding protocol, making this address and its position in the
global list special, add them to a new list directly linked to the
interface descriptor.
This new multicast address list is similar to the address list, all its
elements contain a protocol agnostic part. This design allows us to
be able to join a multicast group without necessarily having a configured
address. That means IPv6 multicast kludges are no longer needed.
Another benefit is to be able to add and remove an IP address from an
interface without worrying about multicast records. That means that the
global IPv4 list is no longer needed since the first configured address
of an interface is no longer special.
This new list might also be extended in the future to contain the
link-layer addresses used to configure hardware filters.
Tested by sthen@ and weerd@, ok mikeb@
|
|
ok henning@, mikeb@
|
|
ok mikeb@, henning@, deraadt@, brad@, miod@
|
|
divert6_packet() from "pd" to "divert" to match the rest of the source.
I think "pd" was not a good name for a struct pf_divert because "pd"
usually refers to a pf_pdesc.
No object file change.
OK benno@ bluhm@ henning@
|
|
stack should still scan for IPv6 type 0 routing headers. There are
OpenBSD routers running without pf and there are plenty of legacy
implementations supporting RH0.
Bring back the function ip6_check_rh0hdr() that I removed a month
ago. As an improvement to the prevoius solution, only scan the
header chain in ip6_input() if the packet has not been inspected
by pf. Both implementations drop packets with RH0 anywhere in the
extension header chain.
OK mikeb@ henning@
|
|
"clean that little thingy up" deraadt@
|
|
is marked as NODAD.
Since we're not gonna do duplicate address detection for this address,
the TENTATIVE flag won't get cleared, rendering the address unusable.
The existing logic only checked whether DAD was enabled for the interface,
but DAD can be configured on a per-address basis.
ok sthen@ as part of a larger diff
|
|
network to presentation format to inet_ntop().
The few remaining functions will be soon converted.
ok mikeb@, deraadt@ and moral support from henning@
|
|
clone of fd_set for interfaces
tested in ports tree build by naddy
|
|
ports tree grep run by sthen
|
|
miod@ cannot find two boards using the same media.
With precious punctuation review from guenther@, thanks!
ok deraadt@, henning@
|
|
|
|
includes this.
|
|
(basically, if they are easier to compare visually for namespace
issues, they they are easier to compare .... period!)
|
|
|
|
global variables to in6.h.
ok deraadt@
|
|
One worrying bit is in icmp6.h where some htols() and htonl() are
added, which may affect compatibility down the line. This component
can be reverted if issues show up. Ports tree greps indicate no issue.
ok claudio mpi etc
|
|
stack (factoid: by a bunch of people in my living room), some compatibility
#define's were created to shim incompatible inpcb access methods. There
was an understanding they would eventually be removed. Since they are
error prone, and 1999 is a long time ago, now they die.
ok mikeb claudio mpi
|
|
the UDP stack. ok henning@
|
|
|
|
|
|
|
|
|
|
making the code the same as netinet4 along the way.
ok bluhm phessler
|
|
|
|
|
|
|
|
Started by claudio@ for IPv4, lots of heavy work by sperreault@
My part started at s2k11, continued at n2k12, g2k12, c2k12 and n2k13.
Lots of help and hints from claudio and bluhm
OK claudio@, bluhm@
|
|
Mostly mechanical, setting and passing the rdomain and rtable correctly.
Not yet enabled.
Lots of help and hints from claudio and bluhm
OK claudio@, bluhm@
|
|
cksum needs to be 0'd before, pf does that now (just like in the tcp/udp
case) and nothing else uses the icmp "offloading" yet.
with & ok bluhm
|
|
Still some important missing pieces, and this is not yet enabled.
OK bluhm@
|
|
type 0 and dropped the packet if it found one. RFC 5095 demands
to handle a routing header type 0 like an unrecognised routing type.
This is enough to protect the own machine.
To protect a network as a firewall, we have pf which does the same
full scan in pf_walk_header6(). As pf is enabled by default, nothing
changes for most users. If you turn off pf on your router, you
should not expect extra protection.
Get rid of the double scanning in ip6_input() and and the older
disabled code in route6_input(). No more special treatment of
routing header type 0 in the IPv6 stack.
OK henning@ mikeb@
|
|
created a bunch of useless dependencies. Remove this implicit
inclusion and do an explicit #include <netinet6/in6_var.h> when it
is needed.
OK mpi@ henning@
|
|
interface to not depend on the global list of addresses.
For IPv4 the IP_TO_IA() macro still depends on the global list of
addresses because we want to be sure to grab the first configured
address of an interface, where the records are linked.
Tested by sthen@, ok henning@
|
|
ok claudio@, henning@
|
|
driver when using an AF_INET6 socket without checking for permission.
From Loganaden Velvindron, ok bluhm@
|
|
ok krw@, mikeb@
|
|
it since bluhm@ implemented it in 2012.
From Loganaden Velvindron, ok claudio@
|
|
OSIOCGIFINFO_IN6 anymore. Remove them together with the structs
in6_drlist, in6_oprlist, in6_prlist, in6_ondireq and the kernel
implementation.
OK mikeb@ henning@
|
|
members to 64bit types. Assign new syscall numbers for (almost
all) the syscalls that involve the affected types, including anything
with time_t, timeval, itimerval, timespec, rusage, dirent, stat,
or kevent arguments. Add a d_off member to struct dirent and replace
getdirentries() with getdents(), thus immensely simplifying and
accelerating telldir/seekdir. Build perl with -DBIG_TIME.
Bump the major on every single base library: the compat bits included
here are only good enough to make the transition; the T32 compat
option will be burned as soon as we've reached the new world are
are happy with the snapshots for all architectures.
DANGER: ABI incompatibility. Updating to this kernel requires extra
work or you won't be able to login: install a snapshot instead.
Much assistance in fixing userland issues from deraadt@ and tedu@
and build assistance from todd@ and otto@
|
|
routers, the kernel and ndp use a bunch of expire fields. Before
they were int or u_long, convert expire to time_t in all structs.
Move vltime and pltime to u_int32_t everywhere. Sort struct fields
by size. Struct inet6_ndpr_msghdr is not used at all, so remove
it.
Binary compatibility of rtsold and ndp break with this change as
rtsold uses in6_drlist and ndp uses in6_defrouter and in6_prefix
to interact with the kernel.
OK mpi@
|
|
of the IPL_NET. pf_test should be no longer called under IPL_NET as
well. The problem became evident after the related issue was brought
up by David Hill <dhill at mindcry ! org>.
With input from and OK mpi. Tested by David and me.
|
|
ok bluhm@
|
|
No binary change.
OK mikeb@ mpi@
|
|
No binary change.
OK mikeb@ mpi@
|
|
under some circumstances repair broken checksums on the way.
ok ryan naddy mikeb
.
redo most of the protocol (tcp/udp/...) checksum handling
-assume we have hardware checksum offloading. stop mucking with the
checksum in most of the stack
-stop checksum mucking in pf, just set a "needs checksumming" flag if needed
-in all output pathes, very late, if we figure out the outbound interface
doesn't have hw cksum offloading, do the cksum in software. this especially
makes the bridge path behave like a regular output path
-little special casing for bridge still required until the broadcast path
loses its disgusting shortcut hacks, but at least it's in one place now
and not all over the stack
in6_proto_cksum_out mostly written by krw@
started at k2k11 in iceland more than 1.5 years ago - yes it took that
long, this stuff is everything but easy.
this happens to fix the infamous pf rdr bug that made us turn off proto
cksum offloading on almost all interface drivers.
|
|
Reported by naddy@
|
|
structure rather than doing various M_WAITOK allocations during
the *attach() functions, we always rely on them anyway.
ok mikeb@, uebayasi@
|
|
length is always calculated on demand from ia_prefixmask.
OK claudio@ mpi@ henning@
|
