summaryrefslogtreecommitdiff
path: root/sys/netinet6
AgeCommit message (Collapse)Author
2008-06-11From KAME, allow adjustable limits on NDP entries and discovered routes.Ryan Thomas McBride
ok mpf naddy
2008-06-09Introduce a facility to generate unpredictable 32 bit numbers withDamien Miller
near maximal (2^32) cycle times. These are useful for network IDs in cases where there are negative consequences to ID prediction and/or reuse. Use the idgen32() functions to generate IPv6 IDs and NFS client/server XIDs. Pseudorandom permutation code in crypto/idgen.c based on public domain skip32.c from Greg Rose. feedback & ok thib@ deraadt@
2008-05-24Remove {tcp/udp}6_usrreq(); Since the normal ones nowThordur I. Bjornsson
take a proc argument, theres no need for these, since they are just wrappers. OK claudio@
2008-05-23Deal with the situation when TCP nfs mounts timeout and processesThordur I. Bjornsson
get hung in nfs_reconnect() because they do not have the proper privilages to bind to a socket, by adding a struct proc * argument to sobind() (and the *_usrreq() routines, and finally in{6}_pcbbind) and do the sobind() with proc0 in nfs_connect. OK markus@, blambert@. "go ahead" deraadt@. Fixes an issue reported by bernd@ (Tested by bernd@). Fixes PR5135 too.
2008-05-19SO_BINDANY for ipv6; ok djm@Markus Friedl
2008-05-15divert for ipv6; ok henning, pyrMarkus Friedl
2008-05-11rtrequest to rtrequest1 conversion in inet6. With that no rtrequest shouldClaudio Jeker
be left over. OK henning@
2008-05-11Try harder to avoid corrupting the mbuf pool. Stuff any mbuf chain inKenneth R Westerback
ln_hold or la_hold into temporary storage and null ln_hold or la_hold before manually processing the mbuf chain. Discard the mbuf chain if it is put back in the hold area. ok claudio@ markus@
2008-05-07Implement routing priorities. Every route inserted has a priority assignedClaudio Jeker
and the one route with the lowest number wins. This will be used by the routing daemons to resolve the synchronisations issue in case of conflicts. The nasty bits of this are in the multipath code. If no priority is specified the kernel will choose an appropriate priority. Looked at by a few people at n2k8 code is much older
2008-05-06remove tcp_drain code since it's not longer used; ok henning, feedback thibMarkus Friedl
2008-04-24the softnet intr handlers check if the input queue has packets onDavid Gwynne
it by reading the queues head pointer. if that pointer is not null then it takes splnet and dequeues a packet for handling. this is bad because the ifqueue head is modified at splnet and the sofnet handlers read it without holding splnet. this removes that check of the head pointer and simply checks if the dequeue gave us a packet or not before proceeding. found while reading mpls code. discussed with norby@ and henning@ ok mcbride@ henning@
2008-04-18use arc4random_uniform() for random number requests that are not aDamien Miller
power of two. use arc4random_bytes() when requesting more than a word of PRNG output. ok deraadt@
2008-03-31strictly interpret msg_controllen to be the exact total length of theTheo de Raadt
cmsg's, including alignments, ie. the sum of CMSG_SPACE()'s. any other interpretation would be in violation of various unix specifications. RFC3542 section 20.2 is totally and completely wrong -- it is not allowed to over-ride the specification of msg_controllen, since the intent is that one could mix-and-match various types of cmsg's and an exact match is therefore required. ok kettenis, tested by many
2008-03-09use the right capitalization for platform namesIgor Sobrado
ok jsing@
2008-03-08allow a response to icmp6 node information queries where the localStuart Henderson
hostname starts with a digit. ok mcbride
2008-03-04fix use-after-free: pfxlist_onlink_check() might free rt_llinfo forMarkus Friedl
the current route, so make sure RTF_LLINFO is still set; fixes pr 5711; with krw@ and claudio@; ok jsing@
2008-02-24Correctly check that we have a complete rthdr before trying to do ↵Ryan Thomas McBride
m_copydata() on it. Bug report and fix from Todd Carson.
2008-02-05Move carp load balancing (ARP/IP) to a simpler configuration scheme.Marco Pfatschbacher
Instead of using the same IP on multiple interfaces, carp has to be configured with the new "carpnodes" and "balancing" options. # ifconfig carp0 carpnodes 1:0,2:100,3:100 balancing ip carpdev sis0 192.168.5.50 Please note, that this is a flag day for anyone using carp balancing. You'll need to adjust your configuration accordingly. Addititionally this diff adds IPv6 NDP balancing support. Tested and OK mcbride@, reyk@. Manpage help by jmc@.
2008-01-02return with ENOTTY instead of EINVAL for unknown ioctl requests.Brad Smith
ok claudio@ krw@ dlg@
2007-12-14add sysctl entry points into various network layers, in particular toTheo de Raadt
provide netstat(1) with data it needs; ok claudio reyk
2007-12-09take advantage of M_ZEROHans-Joerg Hoexer
ok claudio gilles
2007-11-27typos; ok jmc@Martynas Venckus
sys/dev/pci/pciide.c from naddy@
2007-11-26typos; ok jmc@Martynas Venckus
sys/netinet/in_pcb.c and sys/net/bridgestp.c ok henning@ sys/dev/pci/bktr/* ok jakemsr@
2007-10-29MALLOC/FREE -> malloc/freeCharles Longeau
ok krw@
2007-10-01Last of the really easy bzero() -> M_ZERO. Use 'p = malloc(sizeof(*p) ...'Kenneth R Westerback
where obvious.
2007-08-03curly brace issues:Jun-ichiro itojun Hagino
- if we have curly braces within #if directive, we will have problem with matching using vi "%" command - without curly braces it becomes ambiguous which statement is within which effect of which "if" statement ok mcbride@
2007-06-08kill arcnet leftovers, some pt out by Mike Belopuhov <mkb@crypt.org.ru>,Henning Brauer
some I found afterwards, ok dlg
2007-06-01apply the "skip ipsec if there are no flows" speedup diff to IPv6 too.Henning Brauer
we need a pointer to the inpcb to decide, which was not previously passed to ip6_output, so this diff is a little bigger. from itojun, ok ryan
2007-05-31Sync comment regarding rthdr0 w/ kame tree.Ryan Thomas McBride
from itojun@
2007-05-28typo slipped in, unbreak.Pierre-Yves Ritschard
2007-05-28avoid bypassing sys/queue.h in many places in the kernel.Pierre-Yves Ritschard
many assumptions were made about the way the various list types are implemented. lots of suggestions and help from otto and miod. ok otto@
2007-05-28double pf performance.Henning Brauer
boring details: pf used to use an mbuf tag to keep track of route-to etc, altq, tags, routing table IDs, packets redirected to localhost etc. so each and every packet going through pf got an mbuf tag. mbuf tags use malloc'd memory, and that is knda slow. instead, stuff the information into the mbuf header directly. bridging soekris with just "pass" as ruleset went from 29 MBit/s to 58 MBit/s with that (before ryan's randomness fix, now it is even betterer) thanks to chris for the test setup! ok ryan ryan ckuethe reyk
2007-05-08KILL all IPv6 packets with the rthdr0 extension header or multiple routingRyan Thomas McBride
headers, regardless of forwarding path. It's the sane thing to do. ip6_check_rthdr0() function from claudio@ ok deraadt@ claudio@ henning@
2007-05-03Reduce ip6_hdrnestlimit from 50 to 10. Normal IPv6 packets should not haveClaudio Jeker
more then 10 headers nested. OK deraadt@ henning@ mcbride@
2007-05-01framgent -> fragmentRay Lai
2007-04-21did you know that IPv6 packets are actually carried by turtles?Jun-ichiro itojun Hagino
because turtles are slow but reliable and trustworthy, packets stays on the net for a long period of time. bigger turtles can stay much longer. that is the hidden secret reason for the name of KAME project (i'm lying). j> some IETFers need to be sent to bondage/SM club and spanked/whipped j> by thousands of dominas and then chopped into million peaces by samurai j> swords. t> maybe that is what they actually want, and that is why they t> fucked RFC1883 and put rosemary's baby into RFC2460. j> I am king of IETF now, and tomorrow i may become beggar on the IETF venue j> hotel corridor. http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf ok by myself, deraadt@, <samurais at kame.net>
2007-03-18Add IP load balancing support for carp(4).Marco Pfatschbacher
This provides a similar functionality as ARP balancing, but also works for traffic that comes across routers. IPv6 is supported as well. The configuration scheme will change as soon we have sth better. Also add support for changing the MAC address on carp(4) interfaces. (code from mcbride) Tested by pyr@ and reyk@ OK mcbride@
2007-02-15Simplify the #if NBRIDGE case as in in_gif.c:1.33.Claudio Jeker
2007-02-14Consistently spell FALLTHROUGH to appease lint.Jonathan Gray
ok kettenis@ cloder@ tom@ henning@
2007-02-10Cleanup, kill dead code and unused arguments. Mostly stuff that is computedClaudio Jeker
and passed around but never used. OK mglocker@
2007-02-08- AH: when computing crypto checksum for output, massage source-routingJun-ichiro itojun Hagino
header. - ipsec_input: fix mistake in IPv6 next-header chasing. - ipsec_output: look for the position to insert AH more carefully. - ip6_output: enable use of AH with extension headers. avoid tunnellinng when source-routing header is present. ok by deraad, naddy, hshoexer
2007-01-22Fix KAME cvsweb urlsMiod Vallat
2007-01-16oops, previous commit was incorrect.Jun-ichiro itojun Hagino
2007-01-15fix infinite loop in case nip6 and nicmp6 are not on the same mbuf. NetBSD ↵Jun-ichiro itojun Hagino
PR 34994+35333
2006-12-28check if ifqueue has anything queued before doing the dance ofTheo de Raadt
splnet/IF_DEQUEUE/splx; ok various people
2006-12-27correct rhlen computation (if the "if" clause on the next line is taken,Jun-ichiro itojun Hagino
we will use rhlen uninitialized). checked with kame
2006-12-19reject (potentially malicious) packets from outside,Jun-ichiro itojun Hagino
with interface-local multicast addr in ip6_dst. by jinmei@kame
2006-12-11de-__P. noted by Dries SchellekensJun-ichiro itojun Hagino
2006-12-10In ip6_output(), make sure ia is initialized before it is used.Miod Vallat
2006-12-09switch IPv6 advanced API from RFC2292 to RFC3542 (2292 is superseded by 3542).Jun-ichiro itojun Hagino
the kernel still handles RFC2292 set/getsockopts, so that compiled binary has no trouble running. userland sees RFC3542 symbols only on header file so new code has to use RFC3542 API. bump libc shlib minor for function additions. tested on i386/amd64 by jmc, i386 by brad. checked by deraadt.