| Age | Commit message (Collapse) | Author |
|---|
|
was enabled by default. Add AFATTACH/AFDETACH ioctls which enable/disable
an address family for an interface (currently used for IPv6 only).
New kernel needs new ifconfig for IPv6 configuration (address assignment
still works with old ifconfig making this easy to cross over).
Committing on behalf of henning@ who is currently lebensmittelvergiftet.
ok stsp, benno, mpi
|
|
splsoftnet().
|
|
|
|
long live the one true internet.
ok henning mikeb
|
|
Prodded by claudio@ and mikeb@
|
|
Output interface (port) selection for multicast traffic is not done via
route lookups. Instead the output ifp is registred when setsockopt(2)
is called with the IP{V6,}_MULTICAST_IF option. But since there is no
mechanism to invalidate such pointer stored in a pcb when an interface
is destroyed/removed, it might lead your kernel to fault.
Prevent a fault upon resume reported by frantisek holop, thanks!
ok mikeb@, claudio@
|
|
ok millert@, bluhm@
|
|
to decide whether or not to remove local routes.
Prevent from having a NULL ifp pointer in the routing table when an
address present in another rdomain is removed from an interface.
ok bluhm@
|
|
ok mikeb@, krw@, bluhm@, tedu@
|
|
|
|
error code on failure (unchecked for the moment).
ok mikeb@, jmc@
|
|
- Unicast packets sent to any local address will have their interface
set to loobpack.
- In order to differentiate traffic from interfaces having identical
link-local addresses, provide the scoped addresses to pf(4).
- Update the icmp6 state lookup logic to match scoped MLL addresses.
- Remove a shortcut in ip6_input() that bypasses pf and always look
for an RTF_LOCAL route.
Packets sent to multicast addresses still retain their original
interface due to the fact that local multicast packet delivering
does not use if_output.
This makes ping6 to link-local addresses work even with pf enabled
and "set skip" on loopbacks, reported by Pieter Verberne.
Debugged, analysed and tested with mikeb@.
ok mikeb@, henning@, sthen@
|
|
for a multicast/broadcast destination address.
These checks have already been done in the Ethernet and IP layers and
the mbuf(9) should contain all the required information at this point.
But since we cannot trust this spaghetti stack, be paranoid and make
sure to set the flags in the IP input routines.
Use explicit comments, requested by deraadt@. ok claudio@
|
|
interfaces with an IPv6 address.
ok henning@, mikeb@, deraadt@
|
|
ok miod@
|
|
to include that than rdnvar.h. ok deraadt dlg
|
|
Tweaks and ok florian@
|
|
pf the state has to vanish immediately when the relay closes the
socket. To make this work reliably, the linkage between state and
socket must be established with the first packet. This packet could
be incomming or outgoing.
Link the pf state in the socket layer earlier. This makes all tests
in /usr/src/regress/sys/net/pf_divert pass.
OK henning@
|
|
functionnality instead of a mix of enable/disable.
ok bluhm@, jca@
|
|
If there is a tie then a carp interface is not allowed to win even if
it has an address with a longer bitwise match. This allows reliable IPv6
communication between carp master and backup across a shared IPv6 subnet.
Consider the carp address 2001:DB8:10::14, which is configured on firewall A
(in carp master state) and firewall B (in carp backup state), each of which
has another address in the same prefix on a non-carp interface (A has
2001:DB8:10::1 and B has 2001:DB8:10::11). In this setup, A would use
2001:DB8:10::14 as source address when sending neighbour solicitations to B.
Since 2001:DB8:10::14 is a local address from B's point of view, B never
replied to the neighbour solicitations sent by A.
With this change A uses 2001:DB8:10::1 as source address instead.
ok mpi@
|
|
you don't have a physical interface on your machine, so why rawip should
be more clever^Wparanoid than the others?
ok henning@, mikeb@
|
|
kill the macro.
ok mikeb@, henning@
|
|
raise it inside their ioctl handler (except for carp(4), what else?).
In general, global structures manipulated in the softnet codepath only
require a splsoftnet() protection when they are modified in process
(ioctl) context.
Also put some IPL_SOFNET asserts in functions accessing global structures.
Previous version diff ok mikeb@, with inputs from and ok bluhm@
|
|
rely on "struct route" that should die.
ok claudio@
|
|
|
|
Regression from r1.81 which switched from workq to taskq and incorrectly
assumed duplicate addresses would be impossible with taskq. We ended
up re-adding the SLAAC address whenever a privacy address expired.
ok bluhm@
|
|
ok miod@ mpi@
|
|
in kernel and user land.
OK florian@ mpi@
|
|
with autoconf enabled.
If one is doing SLAAC one does already trust link local icmp6 so the
policy for icmp6 redirects should be the same.
pointed out by & OK bluhm@; OK henning@
|
|
pointed out & OK bluhm@
|
|
processing of router advertisements was already in the kernel.
With this rtsol{,d}(8) is no longer necessary.
The kernel starts sending solicitations with
# ifconfig $IF inet6 autoconf
or
inet6 autoconf
in /etc/hostname.$IF.
input stsp@
much help & OK mpi@
tweaks & OK bluhm@
|
|
|
|
|
|
|
|
adding local route entries.
This hack made sense when we didn't have the RTF_LOCAL flag, but since
some months it is set on every local route.
|
|
No object file change
ok florian@ henning@
|
|
|
|
in the pkthdr directly.
ok henning@
|
|
now, so there is no need to calculate them before sending them to
userspace.
ok henning@
|
|
after discussions with beck deraadt kettenis.
|
|
and let the stack take care of the checksums for reinjected outbound
packets.
Reinjected inbound packets will continue to have their checksums
calculated manually but we can now take advantage of in_proto_cksum_out
and in6_proto_cksum_out to streamline the way their checksums are done.
help from florian@ and henning@, feedback from naddy@
ok florian@ henning@
|
|
accept rtadvs on that interface. the global net.inet6.ip6.accept_rtadv
sysctl just doesn't cut it, even tho the spec wants that - but in their
little absurd world, a host just has one interface by definition anyway...
the sysctlgoes away.
lots of head scratching, brain cell elemination etc from bluhm benno stsp
florian, excitement from simon and todd, ok bluhm stsp benno florian
|
|
can delete 2 dozen or so lines that check to see if we've queued
up a prefix addition multiple times.
ok stsp@
|
|
ok henning@ stu@, Yay! weerd@
|
|
unnecessarily allocating an mbuf tag to store the divert port, just pass
the divert port directly to divert_packet() or divert6_packet() as an
argument.
includes a style fix pointed out by bluhm@
ok bluhm@ henning@ reyk@
|
|
blambert@, henning@, lteo@
|
|
disables responses to RFC4620 IPv6 Node Information Queries.
ok florian henning bluhm
|
|
don't need to be married.
ok guenther miod beck jsing kettenis
|
|
address will be created when the vhid (and MAC) is set. Depending on
the order of the configuration the interface can end up with a ipv6
address, but no v6 link-local and no working neigbor discovery.
Removing this case statement will result in the link-local address
being configured by "ifconfig up" if the inet6 address was configured
before. If you are using inet6 on carp, put an "up" at the end of your
hostname.if. I will work on a better solution at g2k14.
ok henning, mpi
|
|
an interface. Two other operations are performed when issuing a
SIOCDIFADDR{_IN6,} ioctl: call the address hook and the per-driver
ioctl function.
Since carp(4) relies on an address hook to recalculate its hash, make
sure to call this hook when IFXF_NOINET6 is set or when the rdomain is
changed.
ok henning@, mikeb@
|
