![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / sys / netinet6
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.10 / (download) - annotate - [select for diffs], Wed Aug 21 15:32:18 2019 UTC (4 years, 9 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7,
OPENBSD_6_6_BASE,
OPENBSD_6_6,
HEAD
Changes since 1.9: +1 -2 lines
Diff to previous 1.9 (colored)
Remove support for semantically opace interface identifiers (RFC 7217)
for IPv6 link local addresses.
Some hosting and VM providers route customer IPv6 prefixes to link
local addresses derived from ethernet MAC addresses (RFC 2464). This
leads to hard to debug IPv6 connectivity problems and is probably not
worth the effort.
RFC 7721 lists 4 weaknesses:
3.1. Correlation of Activities over Time & 3.2. Location Tracking
These are still possible with RFC 7217 addresses for an adversary
connected to the same layer 2 network (think conference wifi). Since
the link local prefix stays the same (fe80::/64) the link local
addresses do not change between different networks.
An adversary on the same layer 2 network can probably track ethernet
MAC addresses via different means, too.
3.3. Address Scanning & 3.4. Device-Specific Vulnerability Exploitation
These now become possible, however, as noted above a layer 2 adversary
was probably able to do this via different means.
People concerned with these weaknesses are advised to use
ifconfig lladdr random.
OK benno
input & OK kn
Revision 1.9 / (download) - annotate - [select for diffs], Fri Oct 5 07:06:09 2018 UTC (5 years, 8 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE,
OPENBSD_6_5,
OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.8: +1 -2 lines
Diff to previous 1.8 (colored)
Do not join node information multicast group (RFC 4620). Benno removed code to answer ICMP queries over 4 years ago. Aham Brahmasmi (aham.brahmasmi AT gmx.com) points out that we still joined the group though. OK sthen, bluhm, kn
Revision 1.8 / (download) - annotate - [select for diffs], Sat Feb 10 05:52:08 2018 UTC (6 years, 4 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3
Changes since 1.7: +2 -1 lines
Diff to previous 1.7 (colored)
Implement RFC 7217: "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration." "An IPv6 address configured using this method is stable within each subnet, but the corresponding Interface Identifier changes when the host moves from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware addresses." OK naddy, sthen
Revision 1.7 / (download) - annotate - [select for diffs], Tue Jan 27 10:31:19 2015 UTC (9 years, 4 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2,
OPENBSD_6_1_BASE,
OPENBSD_6_1,
OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9,
OPENBSD_5_8_BASE,
OPENBSD_5_8,
OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.6: +2 -2 lines
Diff to previous 1.6 (colored)
Ensure that link-local addresses are correctly configured on loopback interfaces. When the kernel automagically configures IPv6 addresses on loopback interfaces, start by assigning a link-local address and then try to assign "::1". Only the first configured loopback interface per rdomain can have the "::1" address. But even if other loopback interfaces failed to get this address, because it is already taken, give them a chance to have a link-local address. While here change in6_ifattach() to return an error value and remove duplicated code. Fix a regression introduced by the NOINET6 flag removal. ok henning@, stsp@, florian@, benno@
Revision 1.6 / (download) - annotate - [select for diffs], Tue Jan 7 16:34:05 2014 UTC (10 years, 5 months ago) by stsp
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6,
OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.5: +3 -3 lines
Diff to previous 1.5 (colored)
Some follow-up fixes for IFID collision handling in IPv6CP. Really change the link-local address in the unlikely event of an IFID collision, instead of going into an infinite conf-nak loop with the peer. To make the netinet6 code use the IPv6CP IFID in a new link-local address, in6_ifattach_linklocal() must accept a provided IFID. Replace the unused 'altifp' parameter with a new 'ifid' parameter for this purpose. Always use the latest suggested address in IPv6CP replies, even if the task to update the interface's address hasn't run yet. Also, clear the ifindex (KAME hack) in addresses sent during IPv6CP. ok mpi
Revision 1.5 / (download) - annotate - [select for diffs], Thu Aug 31 12:37:31 2006 UTC (17 years, 9 months ago) by mcbride
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4,
OPENBSD_5_3_BASE,
OPENBSD_5_3,
OPENBSD_5_2_BASE,
OPENBSD_5_2,
OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0,
OPENBSD_4_9_BASE,
OPENBSD_4_9,
OPENBSD_4_8_BASE,
OPENBSD_4_8,
OPENBSD_4_7_BASE,
OPENBSD_4_7,
OPENBSD_4_6_BASE,
OPENBSD_4_6,
OPENBSD_4_5_BASE,
OPENBSD_4_5,
OPENBSD_4_4_BASE,
OPENBSD_4_4,
OPENBSD_4_3_BASE,
OPENBSD_4_3,
OPENBSD_4_2_BASE,
OPENBSD_4_2,
OPENBSD_4_1_BASE,
OPENBSD_4_1,
OPENBSD_4_0_BASE,
OPENBSD_4_0
Changes since 1.4: +2 -1 lines
Diff to previous 1.4 (colored)
Automatically add a IPv6 link-local address to carp interfaces when the virtual MAC address is set. Among other things, this makes route6d work correctly on systems with carp interfaces. In order to ensure backwards compatibility, we do not include IPv6 link-local addresses in generating the HMAC, but we accept HMACs with AND without the link-local addresses. They will be added to the HMAC in a future release. In short: this change should only affect backwards compatibility for IPv6 users who are manually adding link-local addresses on carp interfaces. testing mtu@ todd@ ok mpf@ henning@ deraadt@
Revision 1.1.2.3 / (download) - annotate - [select for diffs], Fri Mar 28 00:41:29 2003 UTC (21 years, 2 months ago) by niklas
Branch: SMP
Changes since 1.1.2.2: +1 -0 lines
Diff to previous 1.1.2.2 (colored) to branchpoint 1.1 (colored) next main 1.2 (colored)
Sync the SMP branch with 3.3
Revision 1.2.10.1 / (download) - annotate - [select for diffs], Tue Jun 11 03:31:37 2002 UTC (22 years ago) by art
Branch: UBC
Changes since 1.2: +4 -3 lines
Diff to previous 1.2 (colored) next main 1.3 (colored)
Sync UBC branch to -current
Revision 1.4 / (download) - annotate - [select for diffs], Sat Jun 8 21:22:02 2002 UTC (22 years ago) by itojun
Branch: MAIN
CVS Tags: UBC_SYNC_B,
UBC_SYNC_A,
SMP_SYNC_B,
SMP_SYNC_A,
OPENBSD_3_9_BASE,
OPENBSD_3_9,
OPENBSD_3_8_BASE,
OPENBSD_3_8,
OPENBSD_3_7_BASE,
OPENBSD_3_7,
OPENBSD_3_6_BASE,
OPENBSD_3_6,
OPENBSD_3_5_BASE,
OPENBSD_3_5,
OPENBSD_3_4_BASE,
OPENBSD_3_4,
OPENBSD_3_3_BASE,
OPENBSD_3_3,
OPENBSD_3_2_BASE,
OPENBSD_3_2
Changes since 1.3: +2 -1 lines
Diff to previous 1.3 (colored)
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
Revision 1.1.2.2 / (download) - annotate - [select for diffs], Thu Mar 28 14:56:46 2002 UTC (22 years, 2 months ago) by niklas
Branch: SMP
Changes since 1.1.2.1: +3 -3 lines
Diff to previous 1.1.2.1 (colored) to branchpoint 1.1 (colored)
Merge in -current from roughly a week ago
Revision 1.3 / (download) - annotate - [select for diffs], Thu Mar 14 01:27:12 2002 UTC (22 years, 3 months ago) by millert
Branch: MAIN
CVS Tags: OPENBSD_3_1_BASE,
OPENBSD_3_1
Changes since 1.2: +3 -3 lines
Diff to previous 1.2 (colored)
First round of __P removal in sys
Revision 1.1.2.1 / (download) - annotate - [select for diffs], Mon May 14 22:40:17 2001 UTC (23 years, 1 month ago) by niklas
Branch: SMP
Changes since 1.1: +5 -14 lines
Diff to previous 1.1 (colored)
merge in approximately 2.9 into SMP branch
Revision 1.2 / (download) - annotate - [select for diffs], Mon Apr 17 04:44:50 2000 UTC (24 years, 1 month ago) by itojun
Branch: MAIN
CVS Tags: UBC_BASE,
OPENBSD_3_0_BASE,
OPENBSD_3_0,
OPENBSD_2_9_BASE,
OPENBSD_2_9,
OPENBSD_2_8_BASE,
OPENBSD_2_8,
OPENBSD_2_7_BASE,
OPENBSD_2_7
Branch point for: UBC
Changes since 1.1: +5 -14 lines
Diff to previous 1.1 (colored)
revisit in6_ifattach(). (1) make it more persistent about initializaing an interface (2) cleanup interface id selection. run NUD on p2p interface (required by spec for bidir p2p interface). add "ndp -i interface" (can tweak per-interface ND flag). (sync with more recent kame)
Revision 1.1 / (download) - annotate - [select for diffs], Wed Dec 8 06:50:21 1999 UTC (24 years, 6 months ago) by itojun
Branch: MAIN
CVS Tags: kame_19991208,
SMP_BASE
Branch point for: SMP
bring in KAME IPv6 code, dated 19991208.
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support.
see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine
as well, but you'll need KAME userland tools to play with IPv6 (will be
bringed into soon).