| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2000-08-03 | typo in #define. ICMP6_NI_SUCESS -> SUCCESS. | Jun-ichiro itojun Hagino | |
| 2000-07-27 | do not forward packet with :: in the source. | Jun-ichiro itojun Hagino | |
| this is not in the spec - we had rough consensus on it in ipngwg, spec will get updated to include this behavior. | |||
| 2000-07-27 | raw6/udp6 sockets are okay with :: in src. | Jun-ichiro itojun Hagino | |
| 2000-07-27 | be proactive about unspecified IPv6 source address. pcb layer uses | Jun-ichiro itojun Hagino | |
| unspecified address (::) to mean "unbounded" or "unconnected", and can be confused by packets from outside. use of :: as source is not documented well in IPv6 specification. not sure if it presents a real threat. the worst case scenario is a DoS against TCP listening socket: - outsider transmit TCP SYN with :: as IPv6 source - receiving side creates TCP control block with: local address = my addres remote address = :: (meaning "unconnected") state = SYN_RCVD note that SYN ACK will not be sent due to ip6_output() filter. this stays until it timeouts. - the TCP control block prevents listening TCP control block from being contacted (DoS). | |||
| 2000-07-16 | don't pull sys/queue.h in. sync better with kame. | Jun-ichiro itojun Hagino | |
| 2000-07-13 | on openbsd, static symbols are not visible from the userland. | Jun-ichiro itojun Hagino | |
| make mif6table global variable. (sync with kame) | |||
| 2000-07-13 | enable setsockopt related to IPv6 multicast routing. | Jun-ichiro itojun Hagino | |
| 2000-07-12 | remove m_pulldown statistics, which is highly experimental | Jun-ichiro itojun Hagino | |
| 2000-07-12 | correct rtentry reference count in in6_ifloop_request(). | Jun-ichiro itojun Hagino | |
| if you reconfigure inet6 too much, the reference count can go into negative by mistake. KAME in6.c 1.98 -> 1.99. | |||
| 2000-07-06 | - more icmp6/ip6 stats. | Jun-ichiro itojun Hagino | |
| - protect IPv6 ND from being hosed (due to neighbor unreachability detection hint) by wrong tcp traffic. still not sure if there's real attack, but it is good to be cautious. - avoid bitfield for router renumbering header decl. - implement packet-per-sec limitation for icmp6 errors, turn interval limit off (it is not very useful due to unix timer resolution). | |||
| 2000-07-02 | drop packet to tentative/duplicated interface address earlier. sync w/kame | Jun-ichiro itojun Hagino | |
| 2000-06-30 | suppress too noisy warning on forward-over-loopback case. from kame | Jun-ichiro itojun Hagino | |
| 2000-06-25 | Fix typo; ds@ds.primasoft.bg | Aaron Campbell | |
| 2000-06-21 | fix KAME PR 261. | Jun-ichiro itojun Hagino | |
| 2000-06-21 | correct in6_recoverscope() for multicast loopback case. | Jun-ichiro itojun Hagino | |
| 2000-06-20 | confirmed interop of IPv6 AH with KAME (both global and scoped addr). | Jun-ichiro itojun Hagino | |
| remove restriction on scoped IPv6 address. TODO: confirm it with other IPv6 AH implementation. since we use very similar logic between KAME IPv6 AH and OpenBSD IPv6 AH, it is possible that both side is making the same mistake or whatever | |||
| 2000-06-20 | initialize hoplimit field properly on ipsec6 case | Jun-ichiro itojun Hagino | |
| 2000-06-19 | IPv6 IPsec, outbound direction. | Jun-ichiro itojun Hagino | |
| restriction: if there's any extension header (except fragment) and outbound packet matches tdb, we can't encrypt it. packet will not go out of the node (dropped). | |||
| 2000-06-18 | more mbuf sanity check | Jun-ichiro itojun Hagino | |
| 2000-06-18 | KNF | Jun-ichiro itojun Hagino | |
| 2000-06-18 | remove remains from NRL ipsec code | Jun-ichiro itojun Hagino | |
| 2000-06-18 | split long "if" case (cosmetic; preparation for KNF) | Jun-ichiro itojun Hagino | |
| 2000-06-18 | sync with more recent kame. | Jun-ichiro itojun Hagino | |
| updates scoped address handling and checksum option. | |||
| 2000-06-18 | KNF (sorry craig) | Jun-ichiro itojun Hagino | |
| 2000-06-18 | remove now-unnecessary statement due to "for" logic clarfication. | Jun-ichiro itojun Hagino | |
| 2000-06-18 | correct logic mistake in in6_pcbnotify, due to indentation. | Jun-ichiro itojun Hagino | |
| will KNF it soon. | |||
| 2000-06-18 | sync with KAME udp6_output(). udp output logic is very different between | Jun-ichiro itojun Hagino | |
| IPv4/v6 so the separation should make more sense. TODO: remove IPv6 case from udp_output() TODO: remove/comment out/#if 0 IPv4 mapped address cases | |||
| 2000-06-18 | allow IPsec-related get/setsockopt on IPv6 socket. due to number conflict | Jun-ichiro itojun Hagino | |
| they must be IPV6_xx instead of IP_xx. actually, since in_ctloutput() does not check address family of inpcb, getsockopt(IPPROTO_IP, IP_xx) may work - never tested this. | |||
| 2000-06-18 | use in6_recoverscope | Jun-ichiro itojun Hagino | |
| 2000-06-18 | lookup routing table for multicast too, to allow scoped IPv6 multicast | Jun-ichiro itojun Hagino | |
| to go out of the node. "ping6 ff02::1%wi0" will work fine with this (and should correct route6d behavior too) this is major issue for IPv6. i think this needs to become an erratta entry. sorry about this. | |||
| 2000-06-18 | try to avoid useless m_pullup2 | Jun-ichiro itojun Hagino | |
| 2000-06-18 | move m_pullup2() equivalent for KAME requirement into ip6_input(). | Jun-ichiro itojun Hagino | |
| it was in looutput() to make KAME ipsec4 happy. however, since we don't have KAME ipsec4 in openbsd, we don't need it in looutput(). | |||
| 2000-06-18 | don't panic even if in6p == NULL. | Jun-ichiro itojun Hagino | |
| (this should have been there with tcp_ident change... sorry) | |||
| 2000-06-18 | less mbuf alignment change in extension header processing. | Jun-ichiro itojun Hagino | |
| (so that we can be more PULLDONW_TEST friendly) | |||
| 2000-06-18 | correct indentation for IPV6_PORTRANGE | Jun-ichiro itojun Hagino | |
| 2000-06-16 | take MIN/MAX from param.h, okay theo@ | Niels Provos | |
| 2000-06-13 | the last commit was not enough. s/(int)/(signed char)/. | Jun-ichiro itojun Hagino | |
| 2000-06-13 | workaround for arch with char == unsigned char (suppress warning). | Jun-ichiro itojun Hagino | |
| 2000-06-13 | do not use cached route if it goes !RTF_UP. | Jun-ichiro itojun Hagino | |
| make validation of jumbo payload more strict. | |||
| 2000-06-13 | comment out flowinfo manipulation on inbound. the spec is not very clear. | Jun-ichiro itojun Hagino | |
| 2000-06-13 | allow link-local IPv6 addres in in6_pcbbind. | Jun-ichiro itojun Hagino | |
| 2000-06-13 | make sure to attach new in6_ifaddr into ifp->if_addrlist. | Jun-ichiro itojun Hagino | |
| 2000-06-12 | update icmp6 name lookup code to conform to 05 draft. previous code | Jun-ichiro itojun Hagino | |
| was 03/05 chimera. ping6: -n by default due to too many false error report due to too long reverse query delay. | |||
| 2000-06-12 | sync with latest KAME doc. talk more about IPv4 mapped address issue. | Jun-ichiro itojun Hagino | |
| 2000-06-07 | fix anycast address determination. | Jun-ichiro itojun Hagino | |
| correct interface address addition when link-local is added (check if ifp matches). make diff to kame repository easier (breaks some KNF) sync with kame. | |||
| 2000-06-07 | s/PIMCTL/PIM6CTL/ for less confusion. | Jun-ichiro itojun Hagino | |
| 2000-06-04 | nuke non-standard include files (has been #error only for a long time | Jun-ichiro itojun Hagino | |
| so there should be no sideeffect) | |||
| 2000-06-03 | sync with latest kame doc. pcb issues and net interface issues are updated | Jun-ichiro itojun Hagino | |
| 2000-06-03 | deep-copy ip6 header on ip6_mloopback, to avoid overwriting cluster mbuf. | Jun-ichiro itojun Hagino | |
| correct frag header append operation. some cosmetic (like do {} while (0) to multiline macro) (sync with kame) | |||
| 2000-06-03 | do not bark even if forwarding to loopback, since it is common | Jun-ichiro itojun Hagino | |
| to route packet to be rejected/dropped to loopback. (sync with kame) | |||
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |