summaryrefslogtreecommitdiff
path: root/sys/netinet6
AgeCommit message (Collapse)Author
2000-10-19kame 1.31 -> 1.32Jun-ichiro itojun Hagino
in add_m6fc(), set interface list for all cases. in response to a report from Hoerdt Mickael. kame 1.30 -> 1.31 discard PIM register if the version of the inner packet is incorrect (i.e. IPv6) (according to clarfication of recent discussion in the IETF pim ML)
2000-10-18don't try to configure IPv6 on bridge*. comment from deraadtJun-ichiro itojun Hagino
2000-10-17use __P() in prototype for non-ansi compilers.Jun-ichiro itojun Hagino
From: Michael Shalayeff <mickey@lucifier.remote.dti.net>
2000-10-15suppress warning on routing table overflow. sync with kameJun-ichiro itojun Hagino
2000-10-11nuke inp_flags bits for controlling IPv4 mapped address.Jun-ichiro itojun Hagino
we don't support IPv4 mapped address, and there are inconsistent bit manipulation code so it's safer to nuke them.
2000-10-10little bit of sync with kame ($KAME, s/u_char/u_int8_t/)Jun-ichiro itojun Hagino
2000-10-10bring in icmp rate limitation code.Jun-ichiro itojun Hagino
make icmp6 rate limitation to latest (uses ppsratecheck only). (sync with netbsd) TODO: tcp SYN rate limit?
2000-10-10do not call tcp_init twice on dualstack machineJun-ichiro itojun Hagino
2000-10-06remove now-obsolete SIOCSIFPHY* handling in in{6,}_control.Jun-ichiro itojun Hagino
sync with kame.
2000-10-02fix missing \n. from doug@freebsd (sync with kame)Jun-ichiro itojun Hagino
2000-10-02fix typo in routing header address validation. from francis dupontJun-ichiro itojun Hagino
2000-09-19Added files, and IPv6-IPsec update.Angelos D. Keromytis
2000-09-16repair IPv6 multicasting. INP_IPV6_MCAST is necessary.Jun-ichiro itojun Hagino
(i will try to remove this flag bit later)
2000-09-16kame sys/netinet6/icmp6.c 1.140 -> 1.144.Jun-ichiro itojun Hagino
> in the check for the incoming redirect message, examine the gateway > (from the routing table) only when the address family of the gateway is > AF_INET6.
2000-09-09add attribute(packed) for alignment constraint on a union.Jun-ichiro itojun Hagino
get rid of file static variable, make it an auto variable. (sync with kame)
2000-08-31add missing \n to log(). sync with kame.Jun-ichiro itojun Hagino
2000-08-29do not forward packets with unspecified source (::).Jun-ichiro itojun Hagino
this is clarification made to rfc2460 recently. sync with kame.
2000-08-27move IPv6 IPsec sysctl # downward, to avoid number conflict in *BSD.Jun-ichiro itojun Hagino
angelos ok
2000-08-19- upgrade icmp6 node information query support to 06 draft.Jun-ichiro itojun Hagino
- pedant: possible alignment issue in ALIGN > 8 arch (should be okay for now) (sync with kame)
2000-08-03typo in #define. ICMP6_NI_SUCESS -> SUCCESS.Jun-ichiro itojun Hagino
2000-07-27do not forward packet with :: in the source.Jun-ichiro itojun Hagino
this is not in the spec - we had rough consensus on it in ipngwg, spec will get updated to include this behavior.
2000-07-27raw6/udp6 sockets are okay with :: in src.Jun-ichiro itojun Hagino
2000-07-27be proactive about unspecified IPv6 source address. pcb layer usesJun-ichiro itojun Hagino
unspecified address (::) to mean "unbounded" or "unconnected", and can be confused by packets from outside. use of :: as source is not documented well in IPv6 specification. not sure if it presents a real threat. the worst case scenario is a DoS against TCP listening socket: - outsider transmit TCP SYN with :: as IPv6 source - receiving side creates TCP control block with: local address = my addres remote address = :: (meaning "unconnected") state = SYN_RCVD note that SYN ACK will not be sent due to ip6_output() filter. this stays until it timeouts. - the TCP control block prevents listening TCP control block from being contacted (DoS).
2000-07-16don't pull sys/queue.h in. sync better with kame.Jun-ichiro itojun Hagino
2000-07-13on openbsd, static symbols are not visible from the userland.Jun-ichiro itojun Hagino
make mif6table global variable. (sync with kame)
2000-07-13enable setsockopt related to IPv6 multicast routing.Jun-ichiro itojun Hagino
2000-07-12remove m_pulldown statistics, which is highly experimentalJun-ichiro itojun Hagino
2000-07-12correct rtentry reference count in in6_ifloop_request().Jun-ichiro itojun Hagino
if you reconfigure inet6 too much, the reference count can go into negative by mistake. KAME in6.c 1.98 -> 1.99.
2000-07-06- more icmp6/ip6 stats.Jun-ichiro itojun Hagino
- protect IPv6 ND from being hosed (due to neighbor unreachability detection hint) by wrong tcp traffic. still not sure if there's real attack, but it is good to be cautious. - avoid bitfield for router renumbering header decl. - implement packet-per-sec limitation for icmp6 errors, turn interval limit off (it is not very useful due to unix timer resolution).
2000-07-02drop packet to tentative/duplicated interface address earlier. sync w/kameJun-ichiro itojun Hagino
2000-06-30suppress too noisy warning on forward-over-loopback case. from kameJun-ichiro itojun Hagino
2000-06-25Fix typo; ds@ds.primasoft.bgAaron Campbell
2000-06-21fix KAME PR 261.Jun-ichiro itojun Hagino
2000-06-21correct in6_recoverscope() for multicast loopback case.Jun-ichiro itojun Hagino
2000-06-20confirmed interop of IPv6 AH with KAME (both global and scoped addr).Jun-ichiro itojun Hagino
remove restriction on scoped IPv6 address. TODO: confirm it with other IPv6 AH implementation. since we use very similar logic between KAME IPv6 AH and OpenBSD IPv6 AH, it is possible that both side is making the same mistake or whatever
2000-06-20initialize hoplimit field properly on ipsec6 caseJun-ichiro itojun Hagino
2000-06-19IPv6 IPsec, outbound direction.Jun-ichiro itojun Hagino
restriction: if there's any extension header (except fragment) and outbound packet matches tdb, we can't encrypt it. packet will not go out of the node (dropped).
2000-06-18more mbuf sanity checkJun-ichiro itojun Hagino
2000-06-18KNFJun-ichiro itojun Hagino
2000-06-18remove remains from NRL ipsec codeJun-ichiro itojun Hagino
2000-06-18split long "if" case (cosmetic; preparation for KNF)Jun-ichiro itojun Hagino
2000-06-18sync with more recent kame.Jun-ichiro itojun Hagino
updates scoped address handling and checksum option.
2000-06-18KNF (sorry craig)Jun-ichiro itojun Hagino
2000-06-18remove now-unnecessary statement due to "for" logic clarfication.Jun-ichiro itojun Hagino
2000-06-18correct logic mistake in in6_pcbnotify, due to indentation.Jun-ichiro itojun Hagino
will KNF it soon.
2000-06-18sync with KAME udp6_output(). udp output logic is very different betweenJun-ichiro itojun Hagino
IPv4/v6 so the separation should make more sense. TODO: remove IPv6 case from udp_output() TODO: remove/comment out/#if 0 IPv4 mapped address cases
2000-06-18allow IPsec-related get/setsockopt on IPv6 socket. due to number conflictJun-ichiro itojun Hagino
they must be IPV6_xx instead of IP_xx. actually, since in_ctloutput() does not check address family of inpcb, getsockopt(IPPROTO_IP, IP_xx) may work - never tested this.
2000-06-18use in6_recoverscopeJun-ichiro itojun Hagino
2000-06-18lookup routing table for multicast too, to allow scoped IPv6 multicastJun-ichiro itojun Hagino
to go out of the node. "ping6 ff02::1%wi0" will work fine with this (and should correct route6d behavior too) this is major issue for IPv6. i think this needs to become an erratta entry. sorry about this.
2000-06-18try to avoid useless m_pullup2Jun-ichiro itojun Hagino
generated by cgit v1.2.3 (git 2.25.1) at 2024-12-11 13:39:46 +0000