Age | Commit message (Collapse) | Author |
|
PR1186 from "Robert Mooney" <rjmooney@atl.mediaone.net>.
(printf format change is not bringed in - i'm unsure about it)
|
|
(I mean, IPv4) do not try to use rmx_mtu on routing table.
this symptom was introduced by rmx_mtu initialization (necessary for IPv6
path MTU discovery) in net/route.c. now prior behavior is recovered.
From: Hugh Graham <hugh@openbsd.org>
there are several question about mssdflt semantics, though:
Question 1: with the current code, mssdflt does not override rmx_mtu value
(mssdflt overrides interface mtu only). should we override rmx_mtu by
mssdflt as well?
Question 2: with the current code, mssdflt overrides mss computed from
if mtu, only when the destination is IPv4 non-local. is it safe enough?
we may want to use mssdflt, whenever we are uncertain.
mss = if mtu - hdrsiz;
if (IPv4 non-local destination)
mss = min(mss, mssdflt);
|
|
the link layer can choose the right address.
|
|
This allows the redefinition of these constants in mk.conf,
for example. mep@netset.net
|
|
|
|
a bit. posted to ipf list by darrenr@pobox.com
|
|
by M_PREPEND.
|
|
|
|
should fix the crash problems with isic, reported last week.
|
|
|
|
in-kernel ftp proxy. See sbin/ipf/HISTORY for details.
|
|
|
|
is in use.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
round of commits).
|
|
|
|
by default. Read the ipsecadm(8) man page for more details on how to
specify ingress filters with manual keying. isakmpd has been doing
this for a while now.
|
|
encryption (not both). Problem noted by jason@openbsd.org
|
|
leakage, however, was too strict that they disallow multiple address
from same prefix to be assigned (when rtinit returns EEXIST).
we'll need to improve it.
|
|
closing pr #1150)
|
|
don't work yet anyhow, so there's no point compiling them in.
|
|
|
|
idea is to support various cryptographic hardware accelerators (which
may be (detachable) cards, secondary/tertiary/etc processors,
software crypto, etc). Supports session migration between crypto
devices. What it doesn't (yet) support:
- multiple instances of the same algorithm used in the same session
- use of multiple crypto drivers in the same session
- asymmetric crypto
No support for a userland device yet.
IPsec code path modified to allow for asynchronous cryptography
(callbacks used in both input and output processing). Some unrelated
code simplification done in the process (especially for AH).
Development of this code kindly supported by Network Security
Technologies (NSTI). The code was writen mostly in Greece, and is
being committed from Montreal.
|
|
changelog. Documentation changes are now way behind. Volunteers?
|
|
|
|
|
|
to be compliant with RFC2292.
From: Francis Dupont
|
|
|
|
NetBSD PR: 9412
Fix from: ho@crt.se
|
|
FreeBSD PR: 16914
|
|
|
|
draft-ietf-ipngwg-icmp-name-lookups-05.txt.
NOTE: 04 and 05 has no interoperability, in terms of "ping6 -a".
|
|
- remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works
just like "arp -s".
- revise source address selection.
be more careful about use of yet-to-be-valid addresses as source.
- as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope
packet forwarding attempt.
- path MTU discovery takes care of routing header properly.
- be more strict about mbuf chain parsing.
- nuke xxCTL_VARS #define, they are for BSDI.
- disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit
IPv6 model where multiple address on interface is normal.
(kernel side supports them for a while for backward compat,
the support will be nuked shortly)
- introduce "default outgoing interface" (for spec conformance in very
rare case)
|
|
|
|
- tcp_sack_adjust() was completely rewritten, since it was erroneously
referencing receiver side sequence numbers and comparing with sender
side sequence numbers (thanks to Arun Desai (adesai@cisco.com) who
discovered the problem)
- in tcp_output(), moved assignment of sendalot=0 to the piece of code
immediately following the search for sack-eligible retransmissions
(bug identified by Arun Desai).
- tcp_input() was not clearing t_dupacks if fewer than three dupacks arrived
between acks of new data. (bug identified by Gaurav Banga (gaurav@netapp.com))
|
|
|
|
only ipv6 tools (which touches ancillary data) are affected.
From: =?iso-8859-1?Q?G=F6ran_Bengtson?= <goeran@cdg.chalmers.se>
|
|
for details.
|
|
|
|
be included.
neitnet6/{ip6,icmp6}.h includes #error statements only - i'll remove them
couple of days later.
|
|
|
|
|
|
|
|
netinet6/{ip6,icmp6}.h will be nuked afterwards.
|
|
for details.
|