summaryrefslogtreecommitdiff
path: root/sys/netinet6
AgeCommit message (Collapse)Author
2008-10-22filter ipv6 ipsec packets on enc0 (in and out), similar to ipv4;Markus Friedl
ok bluhm, fries, mpf; fixes pr 4188
2008-10-15Second pass of simple timeout_add -> timeout_add_sec conversionsBret Lambert
This should take care of the simpler ones (i.e., timeout values of integer multiples of hz). ok krw@, art@
2008-10-02Fix PF state key mismatches that occur when callers of icmp6_reflect()Joel Sing
recycle mbufs. Based on an initial diff by henning@, also tested by todd@. ok henning@
2008-10-01If a neighbor solictation isn't from the unspecified address, make sureClaudio Jeker
that the source address matches one of the interfaces address prefixes. From NetBSD, tested by todd@ and naddy@
2008-09-28Clear the PF state key before an IP packet exits a gif(4) tunnel, in orderJoel Sing
to prevent state key mismatches. ok henning@
2008-09-17remove dead stores and newly created unused variables.Charles Longeau
Found by LLVM/Clang Static Analyzer. ok henning@ mpf@
2008-09-12just like v4 icmp, icmp6 recycles mbufs so we need to callHenning Brauer
pf_pkt_addr_changed to clear the recorded pf state information in the hdr claudio ok
2008-09-03Remove dead code: ip6_copypktopts() is not used anywhere.Marco Pfatschbacher
OK deraadt@, henning@
2008-08-08Do not latch the IPSec tdb to the inpcb unconditionally. This hasAlexander Bluhm
been moved to the protocol layer from ip_output at 2002/05/31. The IPv6 part has been forgotten so packets could get encrypted unintentionally. ok hshoexer markus
2008-07-30Call ip6_clearpktopts() on error in copypktopts() instead of freeingCan Erkin Acar
every field individually. ok claudio@ markus@ henning@ deraadt@
2008-07-13Do not specify the gateway on RTM_DELETE -- similar fix was done in the arpClaudio Jeker
code. This fixes in6_ifloop_request warnings seen on carp interfaces. OK henning@, found and tested by david@
2008-06-11ANSIfy to sync with KAME. From Karl Sjodahl <dunceor@gmail.com>.Ryan Thomas McBride
ok todd deraadt naddy bluhm
2008-06-11From KAME, allow adjustable limits on NDP entries and discovered routes.Ryan Thomas McBride
ok mpf naddy
2008-06-09Introduce a facility to generate unpredictable 32 bit numbers withDamien Miller
near maximal (2^32) cycle times. These are useful for network IDs in cases where there are negative consequences to ID prediction and/or reuse. Use the idgen32() functions to generate IPv6 IDs and NFS client/server XIDs. Pseudorandom permutation code in crypto/idgen.c based on public domain skip32.c from Greg Rose. feedback & ok thib@ deraadt@
2008-05-24Remove {tcp/udp}6_usrreq(); Since the normal ones nowThordur I. Bjornsson
take a proc argument, theres no need for these, since they are just wrappers. OK claudio@
2008-05-23Deal with the situation when TCP nfs mounts timeout and processesThordur I. Bjornsson
get hung in nfs_reconnect() because they do not have the proper privilages to bind to a socket, by adding a struct proc * argument to sobind() (and the *_usrreq() routines, and finally in{6}_pcbbind) and do the sobind() with proc0 in nfs_connect. OK markus@, blambert@. "go ahead" deraadt@. Fixes an issue reported by bernd@ (Tested by bernd@). Fixes PR5135 too.
2008-05-19SO_BINDANY for ipv6; ok djm@Markus Friedl
2008-05-15divert for ipv6; ok henning, pyrMarkus Friedl
2008-05-11rtrequest to rtrequest1 conversion in inet6. With that no rtrequest shouldClaudio Jeker
be left over. OK henning@
2008-05-11Try harder to avoid corrupting the mbuf pool. Stuff any mbuf chain inKenneth R Westerback
ln_hold or la_hold into temporary storage and null ln_hold or la_hold before manually processing the mbuf chain. Discard the mbuf chain if it is put back in the hold area. ok claudio@ markus@
2008-05-07Implement routing priorities. Every route inserted has a priority assignedClaudio Jeker
and the one route with the lowest number wins. This will be used by the routing daemons to resolve the synchronisations issue in case of conflicts. The nasty bits of this are in the multipath code. If no priority is specified the kernel will choose an appropriate priority. Looked at by a few people at n2k8 code is much older
2008-05-06remove tcp_drain code since it's not longer used; ok henning, feedback thibMarkus Friedl
2008-04-24the softnet intr handlers check if the input queue has packets onDavid Gwynne
it by reading the queues head pointer. if that pointer is not null then it takes splnet and dequeues a packet for handling. this is bad because the ifqueue head is modified at splnet and the sofnet handlers read it without holding splnet. this removes that check of the head pointer and simply checks if the dequeue gave us a packet or not before proceeding. found while reading mpls code. discussed with norby@ and henning@ ok mcbride@ henning@
2008-04-18use arc4random_uniform() for random number requests that are not aDamien Miller
power of two. use arc4random_bytes() when requesting more than a word of PRNG output. ok deraadt@
2008-03-31strictly interpret msg_controllen to be the exact total length of theTheo de Raadt
cmsg's, including alignments, ie. the sum of CMSG_SPACE()'s. any other interpretation would be in violation of various unix specifications. RFC3542 section 20.2 is totally and completely wrong -- it is not allowed to over-ride the specification of msg_controllen, since the intent is that one could mix-and-match various types of cmsg's and an exact match is therefore required. ok kettenis, tested by many
2008-03-09use the right capitalization for platform namesIgor Sobrado
ok jsing@
2008-03-08allow a response to icmp6 node information queries where the localStuart Henderson
hostname starts with a digit. ok mcbride
2008-03-04fix use-after-free: pfxlist_onlink_check() might free rt_llinfo forMarkus Friedl
the current route, so make sure RTF_LLINFO is still set; fixes pr 5711; with krw@ and claudio@; ok jsing@
2008-02-24Correctly check that we have a complete rthdr before trying to do ↵Ryan Thomas McBride
m_copydata() on it. Bug report and fix from Todd Carson.
2008-02-05Move carp load balancing (ARP/IP) to a simpler configuration scheme.Marco Pfatschbacher
Instead of using the same IP on multiple interfaces, carp has to be configured with the new "carpnodes" and "balancing" options. # ifconfig carp0 carpnodes 1:0,2:100,3:100 balancing ip carpdev sis0 192.168.5.50 Please note, that this is a flag day for anyone using carp balancing. You'll need to adjust your configuration accordingly. Addititionally this diff adds IPv6 NDP balancing support. Tested and OK mcbride@, reyk@. Manpage help by jmc@.
2008-01-02return with ENOTTY instead of EINVAL for unknown ioctl requests.Brad Smith
ok claudio@ krw@ dlg@
2007-12-14add sysctl entry points into various network layers, in particular toTheo de Raadt
provide netstat(1) with data it needs; ok claudio reyk
2007-12-09take advantage of M_ZEROHans-Joerg Hoexer
ok claudio gilles
2007-11-27typos; ok jmc@Martynas Venckus
sys/dev/pci/pciide.c from naddy@
2007-11-26typos; ok jmc@Martynas Venckus
sys/netinet/in_pcb.c and sys/net/bridgestp.c ok henning@ sys/dev/pci/bktr/* ok jakemsr@
2007-10-29MALLOC/FREE -> malloc/freeCharles Longeau
ok krw@
2007-10-01Last of the really easy bzero() -> M_ZERO. Use 'p = malloc(sizeof(*p) ...'Kenneth R Westerback
where obvious.
2007-08-03curly brace issues:Jun-ichiro itojun Hagino
- if we have curly braces within #if directive, we will have problem with matching using vi "%" command - without curly braces it becomes ambiguous which statement is within which effect of which "if" statement ok mcbride@
2007-06-08kill arcnet leftovers, some pt out by Mike Belopuhov <mkb@crypt.org.ru>,Henning Brauer
some I found afterwards, ok dlg
2007-06-01apply the "skip ipsec if there are no flows" speedup diff to IPv6 too.Henning Brauer
we need a pointer to the inpcb to decide, which was not previously passed to ip6_output, so this diff is a little bigger. from itojun, ok ryan
2007-05-31Sync comment regarding rthdr0 w/ kame tree.Ryan Thomas McBride
from itojun@
2007-05-28typo slipped in, unbreak.Pierre-Yves Ritschard
2007-05-28avoid bypassing sys/queue.h in many places in the kernel.Pierre-Yves Ritschard
many assumptions were made about the way the various list types are implemented. lots of suggestions and help from otto and miod. ok otto@
2007-05-28double pf performance.Henning Brauer
boring details: pf used to use an mbuf tag to keep track of route-to etc, altq, tags, routing table IDs, packets redirected to localhost etc. so each and every packet going through pf got an mbuf tag. mbuf tags use malloc'd memory, and that is knda slow. instead, stuff the information into the mbuf header directly. bridging soekris with just "pass" as ruleset went from 29 MBit/s to 58 MBit/s with that (before ryan's randomness fix, now it is even betterer) thanks to chris for the test setup! ok ryan ryan ckuethe reyk
2007-05-08KILL all IPv6 packets with the rthdr0 extension header or multiple routingRyan Thomas McBride
headers, regardless of forwarding path. It's the sane thing to do. ip6_check_rthdr0() function from claudio@ ok deraadt@ claudio@ henning@
2007-05-03Reduce ip6_hdrnestlimit from 50 to 10. Normal IPv6 packets should not haveClaudio Jeker
more then 10 headers nested. OK deraadt@ henning@ mcbride@
2007-05-01framgent -> fragmentRay Lai
2007-04-21did you know that IPv6 packets are actually carried by turtles?Jun-ichiro itojun Hagino
because turtles are slow but reliable and trustworthy, packets stays on the net for a long period of time. bigger turtles can stay much longer. that is the hidden secret reason for the name of KAME project (i'm lying). j> some IETFers need to be sent to bondage/SM club and spanked/whipped j> by thousands of dominas and then chopped into million peaces by samurai j> swords. t> maybe that is what they actually want, and that is why they t> fucked RFC1883 and put rosemary's baby into RFC2460. j> I am king of IETF now, and tomorrow i may become beggar on the IETF venue j> hotel corridor. http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf ok by myself, deraadt@, <samurais at kame.net>
2007-03-18Add IP load balancing support for carp(4).Marco Pfatschbacher
This provides a similar functionality as ARP balancing, but also works for traffic that comes across routers. IPv6 is supported as well. The configuration scheme will change as soon we have sth better. Also add support for changing the MAC address on carp(4) interfaces. (code from mcbride) Tested by pyr@ and reyk@ OK mcbride@
2007-02-15Simplify the #if NBRIDGE case as in in_gif.c:1.33.Claudio Jeker