Age | Commit message (Collapse) | Author | |
---|---|---|---|
2004-08-24 | revert. itojun notes that 128 is ok because of bitlen check. | Ted Unangst | |
add a comment to this effect since many of us were confused. ok deraadt@ | |||
2004-08-23 | make sure we do not overwrite checksum field on shared mbuf. | Jun-ichiro itojun Hagino | |
markus, henning, deraadt, mcbride ok | |||
2004-08-21 | correct bounds checks. found at/by Coverity. | Ted Unangst | |
ok deraadt@ | |||
2004-07-14 | completely revert to r1.31, there were still problems on the forwarding | Daniel Hartmeier | |
path | |||
2004-07-12 | remove PF_FORWARD (which was introduced by ipv6 reass-on-scrub). | Jun-ichiro itojun Hagino | |
daniel found it. | |||
2004-06-25 | IPv6 reassembly on "scrub" directive. | Jun-ichiro itojun Hagino | |
caveats: (to be addressed soon) - "scrub in" should queue fragments back into ip6intrq again, but somehow it does not happen - the packet is kept inside reass queue. need investigation - ip6_forwarding path is not tested - does not use red-black tree. somehow red-black tree behaved badly and was not robust. performance issue, the above one is more important. good things: - "scrub out" is perfectly ok - i think now we can inspect upper-layer protocol fields (tcp port) even if ip6 packet is fragmented. - reass queue will be cleaned up properly by timeout (60sec). we might want to impose pool limit as well | |||
2004-06-24 | "error" could be left uninitialized | Jun-ichiro itojun Hagino | |
2004-06-21 | First step towards more sane time handling in the kernel -- this changes | Thorsten Lockert | |
things such that code that only need a second-resolution uptime or wall time, and used to get that from time.tv_secs or mono_time.tv_secs now get this from separate time_t globals time_second and time_uptime. ok art@ niklas@ nordin@ | |||
2004-06-21 | Get rid of pf_test_eh() wrapper. | Ryan Thomas McBride | |
ok cedric@ henning@ | |||
2004-06-17 | correct multicast handling for special groups (like solicited node multicast). | Jun-ichiro itojun Hagino | |
from jinmei@kame | |||
2004-06-16 | missing paren in macro def. Patrick Latifi | Jun-ichiro itojun Hagino | |
2004-06-15 | avoid creating multiple multicast filter entry for the same group. | Jun-ichiro itojun Hagino | |
notified from Patrick Latifi, deraadt ok | |||
2004-06-12 | support IPV6_USE_MIN_MTU, to make BIND9 better. | Jun-ichiro itojun Hagino | |
(sorry about the mess yesterday) | |||
2004-06-11 | back out tree breakage. Like, come on | Theo de Raadt | |
2004-06-11 | support IPV6_USE_MIN_MTU, which is needed to run BIND9 well. from kame | Jun-ichiro itojun Hagino | |
markus ok | |||
2004-06-01 | there's no use in checking curproc privilege in input path. | Jun-ichiro itojun Hagino | |
equivalent to http://orange.kame.net/dev/cvsweb2.cgi/kame/kame/sys/netinet6/ip6_input.c.diff?r1=1.344&r2=1.345. jinmei@kame | |||
2004-05-19 | do not loop on nd6_output() when transmission fails. from kame | Jun-ichiro itojun Hagino | |
2004-05-07 | Replace RSA-derived md5 code with code derived from Colin Plumb's PD version. | Todd C. Miller | |
This moves md5.c out of libkern and into sys/crypto where it belongs (as requested by markus@). Note that md5.c is still mandatory (dev/rnd.c uses it). Verified with IPsec + hmac-md5 and tcp md5sig. OK henning@ and hshoexer@ | |||
2004-04-25 | radix tree with multipath support. from kame. deraadt ok | Jun-ichiro itojun Hagino | |
user visible changes: - you can add multiple routes with same key (route add A B then route add A C) - you have to specify gateway address if there are multiple entries on the table (route delete A B, instead of route delete A) kernel change: - radix_node_head has an extra entry - rnh_deladdr takes extra argument TODO: - actually take advantage of multipath (rtalloc -> rtalloc_mpath) | |||
2004-04-22 | correct arg to in6_cksum. keiichi@kame | Jun-ichiro itojun Hagino | |
2004-03-25 | Don't use mbuf pointer in error case, when it has been set to NULL. | Daniel Hartmeier | |
From Patrick Latifi. ok markus@, henning@, deraadt@ | |||
2004-02-23 | avoid touching out-of-bound memory if len == 128. | Jun-ichiro itojun Hagino | |
Ted Unangst via Colin Percival | |||
2004-02-15 | switch to sysctl_int_arr(); ok itojun, henning, miod, deraadt | Markus Friedl | |
2004-02-06 | permit IPv6-only operation (permit AF_INET6 bind(2) without IPv4 address). | Jun-ichiro itojun Hagino | |
found by todd fries. markus ok | |||
2004-02-05 | remove never-to-be-used codepath (IPv4 mapped address). ok mcbride | Jun-ichiro itojun Hagino | |
2004-02-04 | typo within comment, deilver -> deliver | Daniel Hartmeier | |
2004-02-04 | remove kludge now that proper IPV6_MMTU handling is in | Daniel Hartmeier | |
2004-02-04 | strictly follow RFC2460 section 5, last paragraph (sender behavior when | Jun-ichiro itojun Hagino | |
path MTU < 1280). bug found by Georgi Guninski. ok dhartmei | |||
2004-02-02 | make the stack compile if NPF=0. ok deraadt@ markus@ | Cedric Berger | |
2004-02-01 | ignore too small MTUs (below 296 octets), similar to IPv4. | Daniel Hartmeier | |
2004-01-15 | Provide explicit function argument declarations. | Miod Vallat | |
2004-01-13 | Expose in6_ifremloop() and in6_ifaddloop() so that they can be used by carp. | Ryan Thomas McBride | |
ok henning@ millert@ itojun@ | |||
2004-01-03 | put an mi wrapper around stdarg.h/varargs.h. gcc3 moved stdarg/varargs macros | Marc Espie | |
to built-ins, so eventually we will have one version of these files. Special adjustments for the kernel to cope: machine/stdarg.h -> sys/stdarg.h and machine/ansi.h needs to have a _BSD_VA_LIST_ for syslog* prototypes. okay millert@, drahn@, miod@. | |||
2003-12-21 | change in*_pcbnotify to return numbers of matches; ok itojun, mcbride, henning | Markus Friedl | |
2003-12-21 | use CIRCLEQ* for pcb's; ok deraadt, henning, mcbride, with help from canacar | Markus Friedl | |
2003-12-12 | niels kindly dropped clause 3/4 from the license. tnx! | Jun-ichiro itojun Hagino | |
2003-12-10 | validate set/getsockopt arg more strictly. local privileged user could cause | Jun-ichiro itojun Hagino | |
a kernel panic with previous code. from kame | |||
2003-12-10 | correct non-repetitive ID code, based on comments from niels provos. | Jun-ichiro itojun Hagino | |
- seed2 is necessary, but use it as "seed2 + x" not "seed2 ^ x". - skipping number is not needed, so disable it for 16bit generator (makes the repetition period to 30000) | |||
2003-12-10 | use if_indexlim (instead of if_index) and ifindex2ifnet[x] != NULL | Jun-ichiro itojun Hagino | |
to check if interface exists, as (1) if_index will have different meaning (2) ifindex2ifnet could become NULL when interface gets destroyed, when we introduce dynamically-created interfaces. markus ok | |||
2003-12-08 | move pf_test6() call below loopback (and mapped-ipv4) tests, so rdr -> ::1 | Daniel Hartmeier | |
works without additional route-to lo0, just like for ipv4. ok itojun@, henning@ | |||
2003-12-03 | add support for ifconfig clone/destroy; ok henning deraadt | Markus Friedl | |
2003-11-16 | convert __attribute__((__packed__)) to __packed so that parsers unaware | Anil Madhavapeddy | |
of gcc extensions have more of a chance. ok mcbride@, no objections from millert@, deraadt@ | |||
2003-11-07 | fix behavior when ipv6mr_interface is 0. reported on netbsd list | Jun-ichiro itojun Hagino | |
2003-11-04 | don't call in_pcbrehash twice; ok itojun@ | Markus Friedl | |
2003-10-31 | Add IPv6 support to CARP. | Ryan Thomas McBride | |
ok deraadt@ | |||
2003-10-15 | c++ friendly, sync w/kame. pvalchev ok | Jun-ichiro itojun Hagino | |
2003-10-14 | oops, i did not mean to commit this portion (IPSEC mod), sorry | Jun-ichiro itojun Hagino | |
2003-10-14 | IP6F_OFF_MASK is already endian-flipped; sync w/ kame | Jun-ichiro itojun Hagino | |
2003-10-01 | use random number generator to generate IPv6 fragment ID/flowlabel. | Jun-ichiro itojun Hagino | |
cleanup IPv6 flowlabel handling. deraadt ok | |||
2003-10-01 | correct m_cat misuse. i remember it was ok'ed by someone but don't remember ↵ | Jun-ichiro itojun Hagino | |
who... |