summaryrefslogtreecommitdiff
path: root/sys/netinet6
AgeCommit message (Collapse)Author
2015-08-31Compute the checksum before looping back the copy of a multicast packet.Martin Pieuchot
Found while comparing IPv4 and IPv6 versions. ok naddy@
2015-08-31`encif' should only be used under #ifdef NPF.Martin Pieuchot
Reported by jsg@, ok deraadt@
2015-08-30Use a global table for domains instead of building a list at run time.Martin Pieuchot
As a side effect there's no need to run if_attachdomain() after the list of domains has been built. ok claudio@, reyk@
2015-08-24nd6_prefix_add() is no longer used and die.Martin Pieuchot
2015-08-24Start moving away from the global prefix list by limiting its usage toMartin Pieuchot
AUTOCONF'd addresses. This prevent the kernel from removing connected (/64) routes as soon as it configures an AUTOCONF'd address based on a RA. Tested by sebastia@, ok sthen@
2015-08-24Always increment the reference counter of the returned route entry inMartin Pieuchot
rtrequest1(9). This simplifies rtfree(9) dances and will prevent another CPU to free the entry before we're done with it as soon as routing functions can be executed in parallel. ok bluhm@, mikeb@
2015-08-24Rework the code to decide when to perform DAD to no longer rely on theMartin Pieuchot
IN6_IFF_NODAD pseudo-flag not being set. This was just a flag for spaghetti code that should not exist in the first place. Tested by sebastia@, ok sthen@
2015-08-24In kernel initialize struct sockaddr_in and sockaddr_in6 to zeroAlexander Bluhm
everywhere to avoid passing around pointers to uninitialized stack memory. While there, fix the call to in6_recoverscope() in fill_drlist(). OK deraadt@ mpi@
2015-08-23Use simple byte pointer arithmetic and memcpy from/to aligned stackChristian Weisgerber
variables to handle the "packed" binary format passed out to userland when querying the prefix/router list. From NetBSD (Martin Husemann). ok mpi@
2015-08-22Move to tame(int flags, char *paths[]) API/ABI.Theo de Raadt
The pathlist is a whitelist of dirs and files; anything else returns ENOENT. Recommendation is to use a narrowly defined list. Also add TAME_FATTR, which permits explicit change operations against "struct stat" fields. Some other TAME_ flags are refined slightly. Not cranking libc now, since nothing commited in base uses this and the timing is uncomfortable for others. Discussed with many; thanks for a few bug fixes from semarie, doug, guenther. ok guenther
2015-08-19Convert all calls to rtrequest1() and the following error checkAlexander Bluhm
into a common pattern. In the man page clarify the usage of the returned route. OK mpi@ mikeb@ jmc@
2015-08-19Remove some verbose logs in in6_update_ifa() now that errors areMartin Pieuchot
propagated.
2015-08-18Call rtfree(9) when we no longer need the route entry rather thanMartin Pieuchot
decrementing rt_refcnt just after rtrequest1(9). While here reduce the differences with rt_ifa_add(9). There's still an ambiguity about rtrequest1(9)'s return value, but bluhm@ will address that in a different diff. Discussed with and ok bluhm@
2015-08-18Check the error value returned by in6_ifattach().Martin Pieuchot
Prodded by and ok bluhm@
2015-08-17Remove anoying comment about in6_update_ifa().Martin Pieuchot
2015-08-17Use __func__ rather than the function name in log(9) calls to removeMartin Pieuchot
some grep output noise.
2015-08-12Remove backward compatibilify goos for IN6_IFF_DEPRECATED and insteadMartin Pieuchot
reject SIOCAIFADDR_IN6 ioctl(2) where it is set. ok jca@, bluhm@
2015-07-28Implement pf divert-reply for raw sockets. Note that an emptyAlexander Bluhm
divert->addr means that the rule has a divert-reply option. With divert-to the divert->addr is always set. The divert-reply rules should compare the original packet with the socket addresses. So skip the step that compares the inp->inp_laddr with the empty divert->addr. OK mikeb@
2015-07-28iDo not link an ICMP6 socket to the pf state. When multiple ICMPAlexander Bluhm
packets with a different ICMP ID are sent over the same raw socket, multiple states should be created. Put a similar check into rip6_output() like in the IPv4 case. OK mikeb@
2015-07-19tame(2) is a subsystem which restricts programs into a "reduced featureTheo de Raadt
operating model". This is the kernel component; various changes should proceed in-tree for a while before userland programs start using it. ok miod, discussions and help from many
2015-07-18Abstract the routing table internals behind an rtable_* API.Martin Pieuchot
Code abusing the radix internals for the routing table should now includes <net/rtable.h> and only deal with "struct rtentry". Code using a radix tree for another purpose can still include <net/radix.h>. Inputs from and ok claudio@, mikeb@
2015-07-18Merge two identical chunks to add new prefixes to the global dataMartin Pieuchot
structures into a function. ok florian@
2015-07-17Remove #if 0'ed code and update comment.Florian Obser
There is no need to handle managed/other flags for router advertisments in the kernel according to the rfcs. Remove stale todo comment; we do handle the on-link bit. OK mpi
2015-07-16Kill IP_ROUTETOETHER.Martin Pieuchot
This pseudo-option is a hack to support return-rst on bridge(4). It passes Ethernet information via a "struct route" through ip_output(). "struct route" is slowly dying... ok claudio@, benno@
2015-07-16Expand ancient NTOHL/NTOHS/HTONS/HTONL macros.Martin Pieuchot
ok guenther@, henning@
2015-07-16Properly layer Router Solicitation code.Martin Pieuchot
Tweak and ok florian@
2015-07-16Kill incorrect and never set ``dad_ignore_ns'' button.Martin Pieuchot
ok phessler@
2015-07-15m_freem() can handle NULL, do not check for this condition beforehands.Theo de Raadt
ok stsp mpi
2015-07-15Recognize CARP interfaces when sending packet to a multicast address.Martin Pieuchot
Fix a regression introduced when carp(4) left ether_output() found the hardway by florian@ and phessler@. ok benno@
2015-07-15rename mbuf ** parameter from m to mp, to match other similar codeTheo de Raadt
2015-07-09Remove unused arguments and the associated code from nd6_nud_hint().Martin Pieuchot
ok claudio@
2015-07-08Pass an interface index instead of a pointer to in6_addr2scopeid().Martin Pieuchot
ok millert@
2015-07-08Use a new RTF_CONNECTED flag for interface (connected) routes.Martin Pieuchot
Recent changes to support multiple interface routes broke the assumption made by all our userland routing daemons concerning interface routes. Historically such routes had a "gateway" sockaddr of type AF_LINK. But to be able to support multiple interface routes as any other multipath routes, they now have a unique "gateway" sockaddr containing their corresponding IP address. This self-describing flag should avoid ambiguity when dealing with interface routes. Issue reported by <mxb AT alumni DOT chalmers DOT se> and benno@ ok claudio@, benno@
2015-07-08unifdef IN6_IFSTAT_STRICT.Martin Pieuchot
ok deraadt@, millert@
2015-06-30Get rid of the undocumented & temporary* m_copy() macro added forMartin Pieuchot
compatibility with 4.3BSD in September 1989. *Pick your own definition for "temporary". ok bluhm@, claudio@, dlg@
2015-06-16Store a unique ID, an interface index, rather than a pointer to theMartin Pieuchot
receiving interface in the packet header of every mbuf. The interface pointer should now be retrieved when necessary with if_get(). If a NULL pointer is returned by if_get(), the interface has probably been destroy/removed and the mbuf should be freed. Such mechanism will simplify garbage collection of mbufs and limit problems with dangling ifp pointers. Tested by jmatthew@ and krw@, discussed with many. ok mikeb@, bluhm@, dlg@
2015-06-08More damned eye searing whitespace. No change to .o files.Kenneth R Westerback
2015-06-06Put the link-layer address back into the gateway field of RTF_LOCALMartin Pieuchot
routes. Since such routes are also flagged with RTF_LLINFO various code path assume correctly that they contain valid ARP or ND information. This fixes the "arpresolve: unresolved and rt_expire == 0" issue reported on tech@ by mxb <mxb AT alumni DOT chalmers DOT se>. ok claudio@, phessler@
2015-06-04Remove unused sa_dl.Martin Pieuchot
2015-05-26Store the IP address of the corresponding ifa in the rt_gateway fieldMartin Pieuchot
of RTF_CLONING and RTF_BROASCAST routes to not create MPATH conflicts when IP address aliases are used. This change makes it possible to have multiple RTF_CLONING routes with the same priority. Note that any of the existing RTF_CLONING route might be used by the kernel to create a RTF_CLONED route which should not be a problem with aliases since they are attached to the same ifp. This unbreak address aliases since the kernel supports multiple connected routes for a subnet. Found the hardway by djm@, ok claudio@
2015-05-23remove PACKET_TAG_IPSEC_PENDING_TDB, it is never set; ok mikeb@Markus Friedl
2015-05-15Allow multiple connected/interface routes to exist at the same time.Claudio Jeker
Use the existing multipath code. Switch away from using the ifa address when making the cloning route and instead put a dummy sockaddr_dl route in. With this it is possible to use the same network on multiple interfaces at the same time. So if wireless and ethernet share the same network the system will use the wired connection as long as there is link. Still missing is builtin proxy-arp for the other interface IPs to allow hitless failover. OK mpi@
2015-05-13test mbuf pointers against NULL not 0Jonathan Gray
ok krw@ miod@
2015-05-12MPLS also needs a definition for etherip_output(), fix build withoutMartin Pieuchot
bridge.
2015-04-27Do not call nd6_purge() before purging the IPv6 addresses of a detachedMartin Pieuchot
interface. Fix a use after free introduced in r1.98 of netinet6/in6.c and recently exposed by a crazy pool/malloc damage finder being currently refined by dlg@ and deraadt@. ok mikeb@, henning@
2015-04-20Do not treat loopback interfaces as p2p interfaces and create onlyMartin Pieuchot
one route to "::1". Due to a clever BSD trick, the `ifa_dstaddr` field of addresses on IFF_LOOPBACK ifps is set to the same value that `ifa_addr`. That's why filtering for broadcast addresses is so complicated, because guess what, `ifa_broadaddr` is the same as `ifa_dstaddr`! Sadly our IPv6 code was "only" checking for `ifa_dstaddr` without looking if the ifa was attached to a IFF_POINTOTPOINT interface. So it always tried to create two routes to "::1" and, with the recent RTF_LOCAL work, succeed. You should now have only one local route to "::1". ::1 ::1 UHl 14 0 32768 1 lo0 -::1 ::1 UH 0 0 32768 4 lo0 ok henning@
2015-04-20Always call rt_ifa_dellocal(9) when removing an IPv6 address.Martin Pieuchot
The routing layer already check for the correct ifa when asked to delete a local route, so do not try to be clever here. This change also prevent having a NULL ifp pointer in your routing table when you delete loopback interfaces having the same address. ok henning@
2015-04-17Stubs and support code for NIC-enabled IPsec bite the dust.Mike Belopuhov
No objection from reyk@, OK markus, hshoexer
2015-04-16remove unfinished/unused support for socket-attached ipsec-policiesMarkus Friedl
ok mikeb
2015-04-14ip6_sprintf is long gone; noticed by blambertMike Belopuhov