![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / sys / netinet6
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.291 / (download) - annotate - [select for diffs], Wed Apr 17 20:48:51 2024 UTC (7 weeks, 4 days ago) by bluhm
Branch: MAIN
CVS Tags: HEAD
Changes since 1.290: +11 -11 lines
Diff to previous 1.290 (colored)
Use struct ipsec_level within inpcb. Instead of passing around u_char[4], introduce struct ipsec_level that contains 4 ipsec levels. This provides better type safety. The embedding struct inpcb is globally visible for netstat(1), so put struct ipsec_level outside of #ifdef _KERNEL. OK deraadt@ mvs@
Revision 1.290 / (download) - annotate - [select for diffs], Tue Apr 16 12:56:39 2024 UTC (7 weeks, 6 days ago) by bluhm
Branch: MAIN
Changes since 1.289: +2 -2 lines
Diff to previous 1.289 (colored)
Use route cache function in IP input. Instaed of passing a struct rtentry from ip_input() to ip_forward() and then embed it into a struct route for ip_output(), start with struct route and pass it along. Then the route cache is used consistently. Also the route cache hit and missed counters should reflect reality after this commit. There is a small difference in the code. in_ouraddr() checks for NULL and not rtisvalid(). Previous discussion showed that the route RTF_UP flag should only be considered for multipath routing. Otherwise it does not mean anything. Especially the local and broadcast check in in_ouraddr() should not be affected by interface link status. When doing cache lookups, route must be valid, but after rtalloc_mpath() lookup, use any route that route_mpath() returns. OK claudio@
Revision 1.289 / (download) - annotate - [select for diffs], Tue Apr 9 11:05:05 2024 UTC (2 months ago) by bluhm
Branch: MAIN
Changes since 1.288: +5 -4 lines
Diff to previous 1.288 (colored)
Plug route leak in IP output. If no struct route is passed to ip_output() or ip6_output(), it uses its own iproute on the stack. In that case any route entry in the local route cache has to be freed. After pf decides to reroute, struct route is reset to NULL. Then the route reference counter has to be released. Call rtfree() without needless NULL check. OK mvs@
Revision 1.288 / (download) - annotate - [select for diffs], Wed Feb 28 10:57:20 2024 UTC (3 months, 1 week ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5
Changes since 1.287: +10 -12 lines
Diff to previous 1.287 (colored)
Cleanup IP input, forward, output. Before changing the routing code, get IPv4 and IPv6 input, forward, and output in a similar shape. Remove inconsistencies. OK claudio@
Revision 1.287 / (download) - annotate - [select for diffs], Thu Feb 22 14:25:58 2024 UTC (3 months, 2 weeks ago) by bluhm
Branch: MAIN
Changes since 1.286: +2 -2 lines
Diff to previous 1.286 (colored)
Make the route cache aware of multipath routing. Pass source address to route_cache() and store it in struct route. Cached multipath routes are only valid if source address matches. If sysctl multipath changes, increase route generation number. OK claudio@
Revision 1.286 / (download) - annotate - [select for diffs], Tue Feb 13 12:22:09 2024 UTC (3 months, 3 weeks ago) by bluhm
Branch: MAIN
Changes since 1.285: +12 -12 lines
Diff to previous 1.285 (colored)
Merge struct route and struct route_in6. Use a common struct route for both inet and inet6. Unfortunately struct sockaddr is shorter than sockaddr_in6, so netinet/in.h has to be exposed from net/route.h. Struct route has to be bsd visible for userland as netstat kvm code inspects inp_route. Internet PCB and TCP SYN cache can use a plain struct route now. All specific sockaddr types for inet and inet6 are embeded there. OK claudio@
Revision 1.285 / (download) - annotate - [select for diffs], Wed Feb 7 23:40:40 2024 UTC (4 months ago) by bluhm
Branch: MAIN
Changes since 1.284: +6 -11 lines
Diff to previous 1.284 (colored)
Use the route generation number also for IPv6. Implement route6_cache() to check whether the cached route is still valid and otherwise fill caching parameter of struct route_in6. Also count cache hits and misses in netstat. in_pcbrtentry() uses route cache now. OK claudio@
Revision 1.284 / (download) - annotate - [select for diffs], Wed Jan 31 12:27:57 2024 UTC (4 months, 1 week ago) by bluhm
Branch: MAIN
Changes since 1.283: +2 -2 lines
Diff to previous 1.283 (colored)
Split in_pcbrtentry() and in6_pcbrtentry() based on INP_IPV6. Splitting the IPv6 code into a separate function results in less #ifdef INET6. Also struct route_in6 *ro in in6_pcbrtentry() is of the correct type and in_pcbrtentry() does not rely on the fact that inp_route and inp_route6 are pointers to the same union. OK kn@ claudio@
Revision 1.283 / (download) - annotate - [select for diffs], Thu Jan 18 11:03:16 2024 UTC (4 months, 3 weeks ago) by claudio
Branch: MAIN
Changes since 1.282: +1 -6 lines
Diff to previous 1.282 (colored)
Move the rtable_exists() check into in_pcbset_rtableid(). OK bluhm@ mvs@
Revision 1.282 / (download) - annotate - [select for diffs], Fri Dec 1 15:30:47 2023 UTC (6 months, 1 week ago) by bluhm
Branch: MAIN
Changes since 1.281: +2 -7 lines
Diff to previous 1.281 (colored)
Set inp address, port and rtable together with inpcb hash. The inpcb hash table is protected by table->inpt_mtx. The hash is based on addresses, ports, and routing table. These fields were not sychronized with the hash. Put writes and hash update into the same critical section. Move the updates from ip_ctloutput(), ip6_ctloutput(), syn_cache_get(), tcp_connect(), udp_disconnect() to dedicated inpcb set functions. There they use the same table mutex as in_pcbrehash(). in_pcbbind(), in_pcbconnect(), and in6_pcbconnect() need more work and are not included yet. OK sashan@ mvs@
Revision 1.281 / (download) - annotate - [select for diffs], Tue Nov 28 13:23:20 2023 UTC (6 months, 1 week ago) by bluhm
Branch: MAIN
Changes since 1.280: +2 -2 lines
Diff to previous 1.280 (colored)
Remove struct inpcb from in6_embedscope() parameters. rip6_output() did modify inp_outputopts6 temporarily to provide different ip6_pktopts to in6_embedscope(). Better pass inp_outputopts6 and inp_moptions6 as separate arguments to in6_embedscope(). Simplify the code that deals with these options in in6_embedscope(). Doucument inp_moptions and inp_moptions6 as protected by net lock. OK kn@
Revision 1.280 / (download) - annotate - [select for diffs], Sun Nov 26 22:08:10 2023 UTC (6 months, 2 weeks ago) by bluhm
Branch: MAIN
Changes since 1.279: +7 -11 lines
Diff to previous 1.279 (colored)
Remove inp parameter from ip_output(). ip_output() received inp as parameter. This is only used to lookup the IPsec level of the socket. Reasoning about MP locking is much easier if only relevant data is passed around. Convert ip_output() to receive constant inp_seclevel as argument and mark it as protected by net lock. OK mvs@
Revision 1.279 / (download) - annotate - [select for diffs], Fri Jul 7 08:05:02 2023 UTC (11 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4
Changes since 1.278: +10 -13 lines
Diff to previous 1.278 (colored)
Fix path MTU discovery for TCP LRO/TSO when forwarding. When doing LRO (Large Receive Offload), the drivers, currently ix(4) and lo(4) only, record an upper bound of the size of the original packets in ph_mss. When sending, either stack or hardware must chop the packets with TSO (TCP Segmentation Offload) to that size. That means we have to call tcp_if_output_tso() before ifp->if_output(). Put that logic into if_output_tso() to avoid code duplication. As TCP packets on the wire do not get larger that way, path MTU discovery should still work. tested by and OK jan@
Revision 1.278 / (download) - annotate - [select for diffs], Tue Jun 13 19:34:12 2023 UTC (11 months, 4 weeks ago) by bluhm
Branch: MAIN
Changes since 1.277: +2 -2 lines
Diff to previous 1.277 (colored)
Fix a typo with TSO logic in ip6_output(). Of course compare ph_mss with if_mtu and not the packet checksum flags. ph_mss contains the size of the copped packets. OK jan@
Revision 1.277 / (download) - annotate - [select for diffs], Mon May 22 16:08:34 2023 UTC (12 months, 2 weeks ago) by bluhm
Branch: MAIN
Changes since 1.276: +3 -2 lines
Diff to previous 1.276 (colored)
Fix TSO for traffic to a local address on a physical interface. When sending TCP packets with software TSO to the local address of a physical interface, the TCP checksum was miscalculated. As the small MSS is taken from the physical interface, but the large MTU of the loopback interface is used, large TSO packets are generated, but sent directly to the loopback interface. There we need the regular pseudo header checksum and not the modified without packet length. To avoid this confusion, use the same decision for checksum generation in in_proto_cksum_out() as for using hardware TSO in tcp_if_output_tso(). bug reported and tested by robert@ bket@ Hrvoje Popovski OK claudio@ jan@
Revision 1.276 / (download) - annotate - [select for diffs], Mon May 15 16:34:57 2023 UTC (12 months, 3 weeks ago) by bluhm
Branch: MAIN
Changes since 1.275: +11 -11 lines
Diff to previous 1.275 (colored)
Implement the TCP/IP layer for hardware TCP segmentation offload. If the driver of a network interface claims to support TSO, do not chop the packet in software, but pass it down to the interface layer. Precalculate parts of the pseudo header checksum, but without the packet length. The length of all generated smaller packets is not known yet. Driver and hardware will use the mbuf packet header field ph_mss to calculate it and update checksum. Introduce separate flags IFCAP_TSOv4 and IFCAP_TSOv6 as hardware might support ony one protocol family. The old flag IFXF_TSO is only relevant for large receive offload. It is missnamed, but keep that for now. Note that drivers do not set TSO capabilites yet. Also the ifconfig flags and pseudo interfaces capabilities will be done separately. So this commit should not change behavior. heavily based on the work from jan@; OK sashan@
Revision 1.275 / (download) - annotate - [select for diffs], Wed May 10 12:07:17 2023 UTC (13 months ago) by bluhm
Branch: MAIN
Changes since 1.274: +50 -13 lines
Diff to previous 1.274 (colored)
Implement TCP send offloading, for now in software only. This is meant as a fallback if network hardware does not support TSO. Driver support is still work in progress. TCP output generates large packets. In IP output the packet is chopped to TCP maximum segment size. This reduces the CPU cycles used by pf. The regular output could be assisted by hardware later, but pf route-to and IPsec needs the software fallback in general. For performance comparison or to workaround possible bugs, sysctl net.inet.tcp.tso=0 disables the feature. netstat -s -p tcp shows TSO counter with chopped and generated packets. based on work from jan@ tested by jmc@ jan@ Hrvoje Popovski OK jan@ claudio@
Revision 1.274 / (download) - annotate - [select for diffs], Mon May 8 13:22:13 2023 UTC (13 months ago) by bluhm
Branch: MAIN
Changes since 1.273: +2 -3 lines
Diff to previous 1.273 (colored)
The call to in_proto_cksum_out() is only needed before the packet is passed to ifp->if_output(). The fragment code has its own checksum calculation and the other paths end in goto bad. OK claudio@
Revision 1.273 / (download) - annotate - [select for diffs], Sun May 7 16:23:24 2023 UTC (13 months ago) by bluhm
Branch: MAIN
Changes since 1.272: +13 -23 lines
Diff to previous 1.272 (colored)
I preparation for TSO in software, cleanup the fragment code. Use if_output_ml() to send mbuf lists to interfaces. This can be used for TSO, fragments, ARP and ND6. Rename variable fml to ml. In pf_route6() split the if else block. Put the safety check (hlen + firstlen < tlen) into ip_fragment(). It makes the code correct in case the packet is too short to be fragmented. This should not happen, but other functions also have this logic. No functional change. OK sashan@
Revision 1.272 / (download) - annotate - [select for diffs], Sat Nov 12 02:50:59 2022 UTC (18 months, 4 weeks ago) by kn
Branch: MAIN
CVS Tags: OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.271: +3 -4 lines
Diff to previous 1.271 (colored)
Zap comment about dead linkmtu
Removed in 2015 a923c8476c6771493ee2bc4f277a429c9ae3eaff
Remove linkmtu and maxmtu from struct nd_ifinfo.
Revision 1.271 / (download) - annotate - [select for diffs], Fri Aug 12 17:04:17 2022 UTC (21 months, 4 weeks ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.270: +24 -19 lines
Diff to previous 1.270 (colored)
Remove differences between ip_fragment() and ip6_fragment(). They do nearly the same thing, so they should look similar. OK sashan@
Revision 1.270 / (download) - annotate - [select for diffs], Mon Aug 8 23:00:51 2022 UTC (22 months ago) by bluhm
Branch: MAIN
Changes since 1.269: +7 -1 lines
Diff to previous 1.269 (colored)
If interface drivers had enabled transmit offloading of the payload checksum, IPv6 fragments contained invalid checksum. For fragments the protocol checksum has to be calculated before fragmentation. Hardware cannot do this as it is too late. Do it earlier in software. tested and OK mbuhl@
Revision 1.269 / (download) - annotate - [select for diffs], Wed Jun 29 22:45:24 2022 UTC (23 months, 1 week ago) by bluhm
Branch: MAIN
Changes since 1.268: +2 -2 lines
Diff to previous 1.268 (colored)
Pass a pointer to mbuf pointer further down into ip6_process_hopopts() and ip6_unknown_opt(). Instead of having dangling pointer in caller, use m_freemp() to set mbuf to NULL. OK sashan@
Revision 1.268 / (download) - annotate - [select for diffs], Tue Feb 22 01:35:41 2022 UTC (2 years, 3 months ago) by guenther
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.267: +1 -2 lines
Diff to previous 1.267 (colored)
Delete unnecessary #includes of <netinet6/ip6protosw.h>: some never needed it and some no longer need it after moving the externs from there to <sys/protosw.h> ok jsg@
Revision 1.267 / (download) - annotate - [select for diffs], Tue Jan 4 06:32:40 2022 UTC (2 years, 5 months ago) by yasuoka
Branch: MAIN
Changes since 1.266: +2 -2 lines
Diff to previous 1.266 (colored)
Add `ipsec_flows_mtx' mutex(9) to protect `ipsp_ids_*' list and trees. ipsp_ids_lookup() returns `ids' with bumped reference counter. original diff from mvs ok mvs
Revision 1.266 / (download) - annotate - [select for diffs], Sun Jan 2 22:36:04 2022 UTC (2 years, 5 months ago) by jsg
Branch: MAIN
Changes since 1.265: +2 -2 lines
Diff to previous 1.265 (colored)
spelling ok jmc@ reads ok tb@
Revision 1.265 / (download) - annotate - [select for diffs], Thu Dec 23 12:21:48 2021 UTC (2 years, 5 months ago) by bluhm
Branch: MAIN
Changes since 1.264: +3 -1 lines
Diff to previous 1.264 (colored)
IPsec is not MP safe yet. To allow forwarding in parallel without dirty hacks, it is better to protect IPsec input and output with kernel lock. Not much is lost as crypto needs the kernel lock anyway. From here we can refine the lock later. Note that there is no kernel lock in the SPD lockup path. Goal is to keep that lock free to allow fast forwarding with non IPsec traffic. tested by Hrvoje Popovski; OK tobhe@
Revision 1.264 / (download) - annotate - [select for diffs], Mon Dec 20 15:59:10 2021 UTC (2 years, 5 months ago) by mvs
Branch: MAIN
Changes since 1.263: +3 -3 lines
Diff to previous 1.263 (colored)
Use per-CPU counters for tunnel descriptor block (TDB) statistics. 'tdb_data' struct became unused and was removed. Tested by Hrvoje Popovski. ok bluhm@
Revision 1.263 / (download) - annotate - [select for diffs], Fri Dec 3 17:18:34 2021 UTC (2 years, 6 months ago) by bluhm
Branch: MAIN
Changes since 1.262: +8 -4 lines
Diff to previous 1.262 (colored)
Add TDB reference counting to ipsp_spd_lookup(). If an output pointer is passed to the function, it will return a refcounted TDB. The ref happens when ipsp_spd_inp() copies the pointer from ipo->ipo_tdb. The caller of ipsp_spd_lookup() has to unref after using it. tested by Hrvoje Popovski; OK mvs@ tobhe@
Revision 1.262 / (download) - annotate - [select for diffs], Wed Dec 1 12:51:09 2021 UTC (2 years, 6 months ago) by bluhm
Branch: MAIN
Changes since 1.261: +16 -12 lines
Diff to previous 1.261 (colored)
Let ipsp_spd_lookup() return an error instead of a TDB. The TDB is not always needed, but the error value is necessary for the caller. As TDB should be refcounted, it makes not sense to always return it. Pass an output pointer for the TDB which can be NULL. OK mvs@ tobhe@
Revision 1.261 / (download) - annotate - [select for diffs], Wed Nov 24 18:48:33 2021 UTC (2 years, 6 months ago) by bluhm
Branch: MAIN
Changes since 1.260: +65 -46 lines
Diff to previous 1.260 (colored)
When sending ICMP packets for IPsec path MTU discovery, the first ICMP packet could be wrong. The mtu was taken from the loopback interface as the tdb mtu was copied to the route too late. Without crypto task, ipsp_process_packet() returns the EMSGSIZE error earlier. Immediately update tdb and route mtu. IPv4 part from markus@; OK tobhe@
Revision 1.260 / (download) - annotate - [select for diffs], Tue Jul 27 17:13:03 2021 UTC (2 years, 10 months ago) by mvs
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.259: +2 -2 lines
Diff to previous 1.259 (colored)
Revert "Use per-CPU counters for tunnel descriptor block" diff. Panic reported by Hrvoje Popovski.
Revision 1.259 / (download) - annotate - [select for diffs], Mon Jul 26 23:17:07 2021 UTC (2 years, 10 months ago) by mvs
Branch: MAIN
Changes since 1.258: +2 -2 lines
Diff to previous 1.258 (colored)
Use per-CPU counters for tunnel descriptor block (tdb) statistics. 'tdb_data' struct became unused and was removed. ok bluhm@
Revision 1.258 / (download) - annotate - [select for diffs], Thu Jul 8 15:13:14 2021 UTC (2 years, 11 months ago) by bluhm
Branch: MAIN
Changes since 1.257: +10 -5 lines
Diff to previous 1.257 (colored)
Debug printfs in encdebug were inconsistent, some missing newlines produced ugly output. Move the function name and the newline into the DPRINTF macro. This simplifies the debug statements. OK tobhe@
Revision 1.257 / (download) - annotate - [select for diffs], Wed May 12 08:09:33 2021 UTC (3 years, 1 month ago) by mvs
Branch: MAIN
Changes since 1.256: +5 -4 lines
Diff to previous 1.256 (colored)
Use local copy of `ps_rtableid' in ip{,6}_ctloutput() and mark
`ps_rtableid' as atomic. This allows us to unlock setrtable(2).
ok claudio@ mpi@
Revision 1.256 / (download) - annotate - [select for diffs], Wed Mar 10 10:21:49 2021 UTC (3 years, 3 months ago) by jsg
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.255: +2 -2 lines
Diff to previous 1.255 (colored)
spelling ok gnezdo@ semarie@ mpi@
Revision 1.255 / (download) - annotate - [select for diffs], Mon Mar 1 11:05:43 2021 UTC (3 years, 3 months ago) by bluhm
Branch: MAIN
Changes since 1.254: +70 -74 lines
Diff to previous 1.254 (colored)
Refactor ip_fragment() and ip6_fragment(). Use a mbuf list to simplify the handling of the fragment list. Now the functions ip_fragment() and ip6_fragment() always consume the mbuf. They free the mbuf and mbuf list in case of an error and take care about the counter. Adjust the code a bit to make v4 and v6 look similar. Fixes a potential mbuf leak when pf_route6() called pf_refragment6() and it failed. Now the mbuf is always freed by ip6_fragment(). OK dlg@ mvs@
Revision 1.254 / (download) - annotate - [select for diffs], Tue Feb 23 11:43:41 2021 UTC (3 years, 3 months ago) by mvs
Branch: MAIN
Changes since 1.253: +3 -3 lines
Diff to previous 1.253 (colored)
Use NULL instead of 0 in `m_nextpkt' assignment. ok deraadt@ dlg@
Revision 1.253 / (download) - annotate - [select for diffs], Tue Feb 2 17:55:12 2021 UTC (3 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.252: +5 -3 lines
Diff to previous 1.252 (colored)
As done for the AF_INET multicast case, ensure that passed interface via index is actually in the right rdomain for the socket. OK bluhm@ mvs@
Revision 1.252 / (download) - annotate - [select for diffs], Tue Feb 2 17:53:02 2021 UTC (3 years, 4 months ago) by claudio
Branch: MAIN
Changes since 1.251: +2 -3 lines
Diff to previous 1.251 (colored)
KNF, move { up to if () statement
Revision 1.251 / (download) - annotate - [select for diffs], Mon Feb 1 13:25:04 2021 UTC (3 years, 4 months ago) by bluhm
Branch: MAIN
Changes since 1.250: +8 -1 lines
Diff to previous 1.250 (colored)
Fix path MTU discovery for ESP tunneled in IPv6. We always want short TCP segments or fragments encapsulated in ESP instead of fragmented ESP packets. Pass the don't fragment flag down along the stack so that dynamic routes with MTU are created eventually. with and OK markus@; OK tobhe@
Revision 1.250 / (download) - annotate - [select for diffs], Mon Feb 1 12:08:50 2021 UTC (3 years, 4 months ago) by bluhm
Branch: MAIN
Changes since 1.249: +38 -41 lines
Diff to previous 1.249 (colored)
Fix white spaces and wrap long lines.
Revision 1.249 / (download) - annotate - [select for diffs], Mon Jan 11 13:28:54 2021 UTC (3 years, 4 months ago) by bluhm
Branch: MAIN
Changes since 1.248: +77 -4 lines
Diff to previous 1.248 (colored)
Create a path MTU host route for IPsec over IPv6. Basically the code is copied from IPv4 and adapted. Some things are changed in v4 to make it look similar. - ip6_forward increases the noroute error counter, do that in ip_forward, too. - Pass more specific sockaddr_in6 to icmp6_mtudisc_clone(). - IPv6 may also use reject routes for IPsec PMTU clones. - To pass a route_in6 to ip6_output_ipsec_send() introduce one in ip6_forward(). That is the same what IPv4 does. Note that dst and sin6 switch roles. - Copy comments from ip_output_ipsec_send() to ip6_output_ipsec_send() to make code similar. - Implement dynamic IPv6 IPsec PMTU routes. OK tobhe@
Revision 1.248 / (download) - annotate - [select for diffs], Tue Dec 22 13:37:48 2020 UTC (3 years, 5 months ago) by bluhm
Branch: MAIN
Changes since 1.247: +3 -3 lines
Diff to previous 1.247 (colored)
For a while the kerrnel reports EACCES to userland if pf blocks a packet. IPv6 still had the old EHOSTUNREACH code. Use the same errno for dropped IPv6 packets as in IPv4. OK kn@ phessler@ claudio@ florian@ sashan@
Revision 1.247 / (download) - annotate - [select for diffs], Fri Jul 17 15:21:36 2020 UTC (3 years, 10 months ago) by kn
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.246: +3 -3 lines
Diff to previous 1.246 (colored)
Copy the right value to fix getsockopt(2) for SO_RTABLE and IPV6_PIPEX r1.146 "Enable IPv6 routing domain support" adapted the mtod() line from the IPV6_PIPEX case which was bogus since introduction in r1.118. Issue found by florian, who came up with the same partial diff for SO_RTABLE while working on rdomain aware slaacd(8). Taken from sys/netinet/ip_output.c which does it correctly. OK florian millert
Revision 1.246 / (download) - annotate - [select for diffs], Mon Jun 22 11:30:23 2020 UTC (3 years, 11 months ago) by krw
Branch: MAIN
Changes since 1.245: +4 -4 lines
Diff to previous 1.245 (colored)
Don't pass a pointer to an uninitialized variable as plenp to ip6_hopopts(). The value is tested and non-zero values could cause a packet to be discarded. Initialize the pointed at variable to 0, tweaking variable names and associated comments. COVERITY 1453098 ok deraadt@ mpi@
Revision 1.245 / (download) - annotate - [select for diffs], Fri Nov 29 16:41:01 2019 UTC (4 years, 6 months ago) by nayden
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.244: +4 -4 lines
Diff to previous 1.244 (colored)
add __func__ to panic() and printf() calls in sys/netinet6/* ok benno@ mortimer@
Revision 1.244 / (download) - annotate - [select for diffs], Mon Jun 10 16:32:51 2019 UTC (5 years ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6
Changes since 1.243: +4 -6 lines
Diff to previous 1.243 (colored)
Use mallocarray(9) & put some free(9) sizes for M_IPMOPTS allocations. ok semarie@, visa@
Revision 1.241.2.1 / (download) - annotate - [select for diffs], Wed May 1 21:08:24 2019 UTC (5 years, 1 month ago) by bluhm
Branch: OPENBSD_6_5
Changes since 1.241: +7 -3 lines
Diff to previous 1.241 (colored) next main 1.242 (colored)
For raw IPv6 sockets userland may specify an offset where the checksum field is located. During rip6 input and output make sure that this field is within the packet. The offset my be -1 to disable the feature, otherwise it must be non-negative and aligned. Do a stricter check during setsockopt(2). from FreeBSD; OK claudio@ OpenBSD 6.5 errata 001
Revision 1.239.2.1 / (download) - annotate - [select for diffs], Wed May 1 21:07:27 2019 UTC (5 years, 1 month ago) by bluhm
Branch: OPENBSD_6_4
Changes since 1.239: +7 -3 lines
Diff to previous 1.239 (colored) next main 1.240 (colored)
For raw IPv6 sockets userland may specify an offset where the checksum field is located. During rip6 input and output make sure that this field is within the packet. The offset my be -1 to disable the feature, otherwise it must be non-negative and aligned. Do a stricter check during setsockopt(2). from FreeBSD; OK claudio@ OpenBSD 6.4 errata 017
Revision 1.236.2.1 / (download) - annotate - [select for diffs], Wed May 1 21:06:08 2019 UTC (5 years, 1 month ago) by bluhm
Branch: OPENBSD_6_3
Changes since 1.236: +7 -3 lines
Diff to previous 1.236 (colored) next main 1.237 (colored)
For raw IPv6 sockets userland may specify an offset where the checksum field is located. During rip6 input and output make sure that this field is within the packet. The offset my be -1 to disable the feature, otherwise it must be non-negative and aligned. Do a stricter check during setsockopt(2). from FreeBSD; OK claudio@ OpenBSD 6.3 errata 033
Revision 1.243 / (download) - annotate - [select for diffs], Sun Apr 28 22:15:58 2019 UTC (5 years, 1 month ago) by mpi
Branch: MAIN
Changes since 1.242: +3 -3 lines
Diff to previous 1.242 (colored)
Removes the KERNEL_LOCK() from bridge(4)'s output fast-path. This redefines the ifp <-> bridge relationship. No lock can be currently used across the multiples contexts where the bridge has tentacles to protect a pointer, use an interface index. Tested by various, ok dlg@, visa@
Revision 1.242 / (download) - annotate - [select for diffs], Tue Apr 23 11:01:54 2019 UTC (5 years, 1 month ago) by bluhm
Branch: MAIN
Changes since 1.241: +7 -3 lines
Diff to previous 1.241 (colored)
For raw IPv6 sockets userland may specify an offset where the checksum field is located. During rip6 input and output make sure that this field is within the packet. The offset my be -1 to disable the feature, otherwise it must be non-negative and aligned. Do a stricter check during setsockopt(2). from FreeBSD; OK claudio@
Revision 1.241 / (download) - annotate - [select for diffs], Mon Dec 3 17:25:22 2018 UTC (5 years, 6 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE
Branch point for: OPENBSD_6_5
Changes since 1.240: +3 -3 lines
Diff to previous 1.240 (colored)
Convert more MH_ALIGN() to m_align(). Also switch from m_gethdr/M_GETHDR calls to m_get/M_GET calls because M_MOVE_PKTHDR() is initialising the pkthdr and so it is not needed when allocation the header. OK bluhm@
Revision 1.240 / (download) - annotate - [select for diffs], Fri Nov 9 14:14:32 2018 UTC (5 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.239: +3 -3 lines
Diff to previous 1.239 (colored)
M_LEADINGSPACE() and M_TRAILINGSPACE() are just wrappers for m_leadingspace() and m_trailingspace(). Convert all callers to call directly the functions and remove the defines. OK krw@, mpi@
Revision 1.239 / (download) - annotate - [select for diffs], Tue Aug 28 15:15:02 2018 UTC (5 years, 9 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE
Branch point for: OPENBSD_6_4
Changes since 1.238: +4 -2 lines
Diff to previous 1.238 (colored)
Add per-TDB counters and a new SADB extension to export them to userland. Inputs from markus@, ok sthen@
Revision 1.238 / (download) - annotate - [select for diffs], Thu Jul 12 15:51:50 2018 UTC (5 years, 11 months ago) by mpi
Branch: MAIN
Changes since 1.237: +6 -2 lines
Diff to previous 1.237 (colored)
Introduce ipsec_output_cb() to merge duplicate code and account for dropped packets in the output path. While here fix a memory leak when compression is not needed w/ IPcomp. ok markus@
Revision 1.237 / (download) - annotate - [select for diffs], Tue Mar 27 15:03:52 2018 UTC (6 years, 2 months ago) by dhill
Branch: MAIN
Changes since 1.236: +3 -3 lines
Diff to previous 1.236 (colored)
Use memcpy instead of bcopy when the memory does not overlap. OK deraadt@ florian@
Revision 1.236 / (download) - annotate - [select for diffs], Wed Mar 21 14:42:41 2018 UTC (6 years, 2 months ago) by bluhm
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE
Branch point for: OPENBSD_6_3
Changes since 1.235: +12 -1 lines
Diff to previous 1.235 (colored)
In ip6_output() check that the interface of a route is valid. For IPv4 we do the same and there are races that triggers it. Increment the statistics counter for both. from markus@; OK mpi@
Revision 1.235 / (download) - annotate - [select for diffs], Fri Mar 16 12:31:09 2018 UTC (6 years, 2 months ago) by mpi
Branch: MAIN
Changes since 1.234: +2 -2 lines
Diff to previous 1.234 (colored)
Consistently spell "IPsec" in comments and debug outputs. From Raf Czlonka, ok sthen@
Revision 1.234 / (download) - annotate - [select for diffs], Mon Feb 19 08:59:53 2018 UTC (6 years, 3 months ago) by mpi
Branch: MAIN
Changes since 1.233: +8 -8 lines
Diff to previous 1.233 (colored)
Remove almost unused `flags' argument of suser(). The account flag `ASU' will no longer be set but that makes suser() mpsafe since it no longer mess with a per-process field. No objection from millert@, ok tedu@, bluhm@
Revision 1.233 / (download) - annotate - [select for diffs], Sun Feb 11 00:24:13 2018 UTC (6 years, 4 months ago) by dlg
Branch: MAIN
Changes since 1.232: +5 -2 lines
Diff to previous 1.232 (colored)
add an ipv6 "don't fragment" flag to mbufs for ip6_output to use. if you need to send an ipv6 packet with ip6_send(), there's no DF bit in an ipv6 packet and no way to pass the ip6 options to ip6_output to tell it to not allow fragmentation. this adds an M_IPV6_DF_OUT "checksum" flag so something creating ipv6 packets a long way from ip6_output can easily tell it to not allow fragmentation. grumbling and ok claudio@
Revision 1.232 / (download) - annotate - [select for diffs], Fri Sep 1 15:05:31 2017 UTC (6 years, 9 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_6_2_BASE,
OPENBSD_6_2
Changes since 1.231: +3 -13 lines
Diff to previous 1.231 (colored)
Change sosetopt() to no longer free the mbuf it receives and change all the callers to call m_freem(9). Support from deraadt@ and tedu@, ok visa@, bluhm@
Revision 1.231 / (download) - annotate - [select for diffs], Tue May 9 09:32:21 2017 UTC (7 years, 1 month ago) by mpi
Branch: MAIN
Changes since 1.230: +1 -10 lines
Diff to previous 1.230 (colored)
Kill commented out code referencing pfctlinput2() and a wrong comment about pfctlinput(PRC_HOSTDEAD). ok bluhm@
Revision 1.230 / (download) - annotate - [select for diffs], Mon May 8 13:51:10 2017 UTC (7 years, 1 month ago) by rzalamena
Branch: MAIN
Changes since 1.229: +1 -9 lines
Diff to previous 1.229 (colored)
Remove icmp6_reflect() micro optimization to simplify code and avoid a M_LOOP flag dance in ip6_output(). ok bluhm@, mpi@
Revision 1.229 / (download) - annotate - [select for diffs], Mon May 8 08:46:39 2017 UTC (7 years, 1 month ago) by rzalamena
Branch: MAIN
Changes since 1.228: +2 -2 lines
Diff to previous 1.228 (colored)
Added initial IPv6 multicast routing support for multiple rdomains: * don't share mifs (multicast interface) between rdomains * allow multiple routing sockets connected at the same time if they are in different rdomains. ok bluhm@
Revision 1.228 / (download) - annotate - [select for diffs], Wed May 3 08:35:55 2017 UTC (7 years, 1 month ago) by rzalamena
Branch: MAIN
Changes since 1.227: +6 -6 lines
Diff to previous 1.227 (colored)
Change the ip6_setmoptions() function to receive the rdomain as a new parameter. This makes the ip6_setmoptions() function look more like the ipv4 version and fixes a problem with IPV6_JOIN_GROUP when no interface is specified. ok bluhm@
Revision 1.227 / (download) - annotate - [select for diffs], Wed Apr 19 15:21:54 2017 UTC (7 years, 1 month ago) by bluhm
Branch: MAIN
Changes since 1.226: +6 -6 lines
Diff to previous 1.226 (colored)
Use the rt_rmx defines that hide the struct rt_kmetrics indirection. No binary change. OK mpi@
Revision 1.226 / (download) - annotate - [select for diffs], Tue Feb 21 15:33:52 2017 UTC (7 years, 3 months ago) by dhill
Branch: MAIN
CVS Tags: OPENBSD_6_1_BASE,
OPENBSD_6_1
Changes since 1.225: +434 -434 lines
Diff to previous 1.225 (colored)
In ip6_ctloutput, check for an invalid level early like the other *ctloutput functions. This also reduces a level of indentation. ok mpi@
Revision 1.225 / (download) - annotate - [select for diffs], Thu Feb 9 15:19:32 2017 UTC (7 years, 4 months ago) by jca
Branch: MAIN
Changes since 1.224: +2 -2 lines
Diff to previous 1.224 (colored)
percpu counters for TCP stats ok mpi@ bluhm@
Revision 1.224 / (download) - annotate - [select for diffs], Sun Feb 5 16:04:14 2017 UTC (7 years, 4 months ago) by jca
Branch: MAIN
Changes since 1.223: +9 -9 lines
Diff to previous 1.223 (colored)
Use percpu counters for ip6stat Try to follow the existing examples. Some notes: - don't implement counters_dec() yet, which could be used in two similar chunks of code. Let's see if there are more users first. - stop incrementing IPv6-specific mbuf stats, IPv4 has no equivalent. Input from mpi@, ok bluhm@ mpi@
Revision 1.223 / (download) - annotate - [select for diffs], Wed Feb 1 20:59:47 2017 UTC (7 years, 4 months ago) by dhill
Branch: MAIN
Changes since 1.222: +17 -31 lines
Diff to previous 1.222 (colored)
In sogetopt, preallocate an mbuf to avoid using sleeping mallocs with the netlock held. This also changes the prototypes of the *ctloutput functions to take an mbuf instead of an mbuf pointer. help, guidance from bluhm@ and mpi@ ok bluhm@
Revision 1.222 / (download) - annotate - [select for diffs], Fri Jan 27 02:55:36 2017 UTC (7 years, 4 months ago) by dhill
Branch: MAIN
Changes since 1.221: +7 -7 lines
Diff to previous 1.221 (colored)
copypktopts is only called by ip6_setpktopts using M_NOWAIT. Drop canwait as it is unneeded. ok mpi@
Revision 1.221 / (download) - annotate - [select for diffs], Thu Jan 19 14:49:19 2017 UTC (7 years, 4 months ago) by bluhm
Branch: MAIN
Changes since 1.220: +10 -33 lines
Diff to previous 1.220 (colored)
RFC 8021 "IPv6 Atomic Fragments Considered Harmful" deprecates generating atomic fragments. So remove the code that sends them. CVE-2016-10142 has been assigned to that issue. OK visa@ mpi@
Revision 1.220 / (download) - annotate - [select for diffs], Tue Jan 10 09:04:19 2017 UTC (7 years, 5 months ago) by mpi
Branch: MAIN
Changes since 1.219: +13 -19 lines
Diff to previous 1.219 (colored)
Do not use a 'struct route_in6' when there's no need to cache the result of rtalloc(9). ok benno@, lteo@
Revision 1.219 / (download) - annotate - [select for diffs], Tue Jan 10 09:01:18 2017 UTC (7 years, 5 months ago) by mpi
Branch: MAIN
Changes since 1.218: +2 -3 lines
Diff to previous 1.218 (colored)
Remove NULL checks before m_free(9), it deals with it. ok bluhm@, kettenis@
Revision 1.218 / (download) - annotate - [select for diffs], Fri Nov 18 02:53:47 2016 UTC (7 years, 6 months ago) by dlg
Branch: MAIN
Changes since 1.217: +2 -2 lines
Diff to previous 1.217 (colored)
turn ipstat into a set of percpu counters. each counter is identified by an enum value which correspond to the original members of the udpstat struct. udpstat_inc(udps_foo) replaces udpstat.udps_foo++ for the actual updates. udpstat_inc is a thin wrapper around counters_inc. counters are still returned to userland via the udpstat struct for now. ok mpi@ mikeb@ deraadt@
Revision 1.217 / (download) - annotate - [select for diffs], Mon Nov 14 10:32:46 2016 UTC (7 years, 6 months ago) by mpi
Branch: MAIN
Changes since 1.216: +2 -2 lines
Diff to previous 1.216 (colored)
Automatically create a default lo(4) interface per rdomain. In order to stop abusing lo0 for all rdomains, a new loopback interface will be created every time a rdomain is created. The unit number will be the same as the rdomain, i.e. lo1 will be attached to rdomain 1. If this loopback interface is already in use it wont be possible to create the corresponding rdomain. In order to know which lo(4) interface is attached to a rdomain, its index is stored in the rtable/rdomain map. This is a long overdue since the introduction of rtable/rdomain. It also fixes a recent regression due to resetting the rdomain of an incoming packet reported by semarie@, Andreas Bartelt and Nils Frohberg. ok claudio@
Revision 1.216 / (download) - annotate - [select for diffs], Mon Sep 19 18:09:09 2016 UTC (7 years, 8 months ago) by tedu
Branch: MAIN
Changes since 1.215: +10 -10 lines
Diff to previous 1.215 (colored)
convert bcopy to memcpy. from david hill. ok jca
Revision 1.215 / (download) - annotate - [select for diffs], Wed Sep 14 16:59:28 2016 UTC (7 years, 8 months ago) by jca
Branch: MAIN
Changes since 1.214: +1 -44 lines
Diff to previous 1.214 (colored)
Kill ip6_pcbopts, unused since the removal of IPV6_PKTOPTIONS ok mikeb@ mpi@
Revision 1.214 / (download) - annotate - [select for diffs], Wed Sep 14 15:26:05 2016 UTC (7 years, 8 months ago) by jca
Branch: MAIN
Changes since 1.213: +5 -33 lines
Diff to previous 1.213 (colored)
Delete dead code and useless parameter. ok vgross@ henning@
Revision 1.213 / (download) - annotate - [select for diffs], Thu Aug 25 12:30:16 2016 UTC (7 years, 9 months ago) by mpi
Branch: MAIN
Changes since 1.212: +24 -52 lines
Diff to previous 1.212 (colored)
Simplify ip6_getpmtu() to use a 'struct rtentry *' instead of two
'struct route_in6 *'.
This is another little step towards deprecating 'struct route{,_in6}'
Inputs from and ok bluhm@
Revision 1.212 / (download) - annotate - [select for diffs], Mon Aug 22 10:33:22 2016 UTC (7 years, 9 months ago) by mpi
Branch: MAIN
Changes since 1.211: +3 -3 lines
Diff to previous 1.211 (colored)
Sizes for free(9) from David Hill.
Revision 1.211 / (download) - annotate - [select for diffs], Fri Jul 1 18:18:57 2016 UTC (7 years, 11 months ago) by jca
Branch: MAIN
CVS Tags: OPENBSD_6_0_BASE,
OPENBSD_6_0
Changes since 1.210: +2 -1 lines
Diff to previous 1.210 (colored)
Unbreak getsockopt(IPV6_MINHOPCOUNT) ok bluhm@
Revision 1.210 / (download) - annotate - [select for diffs], Mon Jun 27 16:33:48 2016 UTC (7 years, 11 months ago) by jca
Branch: MAIN
Changes since 1.209: +14 -1 lines
Diff to previous 1.209 (colored)
Implement IPV6_MINHOPCOUNT support. Useful to implement GTSM support in daemons such as bgpd(8). Diff from 2013 revived by renato@. Input from bluhm@, ok bluhm@ deraadt@
Revision 1.209 / (download) - annotate - [select for diffs], Wed Jun 15 13:49:43 2016 UTC (7 years, 11 months ago) by florian
Branch: MAIN
Changes since 1.208: +15 -15 lines
Diff to previous 1.208 (colored)
With the introduction of ip6_output_ipsec_lookup() we didn't exit the loop when we worked out that no IPsec is needed which led to a NULL de-ref on the next iteration. Fix this by making the code more similar to the IPv4 case. Found the hard way by me, OK mpi@
Revision 1.208 / (download) - annotate - [select for diffs], Wed Jun 15 11:49:34 2016 UTC (7 years, 11 months ago) by mpi
Branch: MAIN
Changes since 1.207: +4 -3 lines
Diff to previous 1.207 (colored)
Kill nd6_output(), it doesn't do anything since the resolution logic has been moved to nd6_resolve(). ok visa@, millert@, florian@, sthen@
Revision 1.207 / (download) - annotate - [select for diffs], Thu May 19 11:34:40 2016 UTC (8 years ago) by jca
Branch: MAIN
Changes since 1.206: +6 -6 lines
Diff to previous 1.206 (colored)
Remove sysctl net.inet6.ip6.v6only This sysctl is a no-op, read-only since it was introduced. There are no plans to support IPv4-mapped addresses on OpenBSD, thus this sysctl is meaningless. Noticed by djm@, ok claudio@ mpi@ sthen@ henning@
Revision 1.206 / (download) - annotate - [select for diffs], Fri Apr 29 11:40:27 2016 UTC (8 years, 1 month ago) by bluhm
Branch: MAIN
Changes since 1.205: +6 -1 lines
Diff to previous 1.205 (colored)
Do not allow to change the routing table of a bound socket. This is not intended and will behave unexpectedly if the address is already used in another domain. It did not work anyway, as the PCB ended in the wrong hash bucket after changing the rtable. Fail with EBUSY if the socket is already bound and rehash the PCB if its rtable changes. input claudio@; OK mpi@
Revision 1.205 / (download) - annotate - [select for diffs], Wed Apr 27 21:14:29 2016 UTC (8 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.204: +76 -95 lines
Diff to previous 1.204 (colored)
factor out ipsec into ip6_output_ipsec_{lookup,send}(); ok mpi@, naddy@
Revision 1.204 / (download) - annotate - [select for diffs], Thu Jan 21 11:23:48 2016 UTC (8 years, 4 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.203: +3 -5 lines
Diff to previous 1.203 (colored)
Introduce in{,6}_hasmulti(), two functions to check in the hot path if
an interface joined a specific multicast group.
ok phessler@, visa@, dlg@
Revision 1.203 / (download) - annotate - [select for diffs], Wed Jan 13 09:38:37 2016 UTC (8 years, 4 months ago) by mpi
Branch: MAIN
Changes since 1.202: +2 -1 lines
Diff to previous 1.202 (colored)
Prevent a double if_put(). ok mikeb@, bluhm@
Revision 1.202 / (download) - annotate - [select for diffs], Thu Dec 3 10:34:24 2015 UTC (8 years, 6 months ago) by tedu
Branch: MAIN
Changes since 1.201: +1 -11 lines
Diff to previous 1.201 (colored)
rm unused kernel only IPV6_RECVRTHDRDSTOPTS sockopt. ok deraadt sthen
Revision 1.201 / (download) - annotate - [select for diffs], Wed Dec 2 13:29:26 2015 UTC (8 years, 6 months ago) by claudio
Branch: MAIN
Changes since 1.200: +3 -3 lines
Diff to previous 1.200 (colored)
Kill the RT_REPORT flag to rtalloc() and stop sending RTM_MISS messages for failed route lookups. This is something that was maybe useful in the 90is but in this modern times it is just annoying and nothing expect it anyway. OK mpi@, sthen@
Revision 1.200 / (download) - annotate - [select for diffs], Sun Nov 29 15:12:36 2015 UTC (8 years, 6 months ago) by mpi
Branch: MAIN
Changes since 1.199: +25 -14 lines
Diff to previous 1.199 (colored)
Use if_get() rather than dereferencing rt_ifp in ip6_getpmtu(). While here fix a NULL dereference introduced by the support for multiple rdomains. It seems that this code path is never run... With input from David Hill, ok florian@
Revision 1.199 / (download) - annotate - [select for diffs], Wed Nov 11 10:23:23 2015 UTC (8 years, 7 months ago) by mpi
Branch: MAIN
Changes since 1.198: +2 -2 lines
Diff to previous 1.198 (colored)
Store the index of the lo0 interface instead of a pointer to its descriptor. Allow to get rid of two if_ref() in the output paths. ok dlg@
Revision 1.198 / (download) - annotate - [select for diffs], Tue Nov 3 21:39:34 2015 UTC (8 years, 7 months ago) by chl
Branch: MAIN
Changes since 1.197: +1 -3 lines
Diff to previous 1.197 (colored)
Remove dead assignments. Found by LLVM/Clang Static Analyzer. ok bluhm@ mpi@
Revision 1.197 / (download) - annotate - [select for diffs], Tue Nov 3 21:11:48 2015 UTC (8 years, 7 months ago) by naddy
Branch: MAIN
Changes since 1.196: +5 -3 lines
Diff to previous 1.196 (colored)
Disable TCP/UDP TX hardware checksumming if an IPv4 packet contains IP options or if an IPv6 packet contains header extensions. Required by cnmac(4) and a sensible precautionary measure in general. ok visa@, mikeb@
Revision 1.196 / (download) - annotate - [select for diffs], Thu Oct 29 16:27:45 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.195: +4 -4 lines
Diff to previous 1.195 (colored)
a few redundant tests can be deleted now that switch cases are only for a single value
Revision 1.195 / (download) - annotate - [select for diffs], Thu Oct 29 16:22:45 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.194: +56 -1 lines
Diff to previous 1.194 (colored)
oops, one firebomb went off course. put back some code that's still used.
Revision 1.194 / (download) - annotate - [select for diffs], Thu Oct 29 16:04:10 2015 UTC (8 years, 7 months ago) by tedu
Branch: MAIN
Changes since 1.193: +1 -231 lines
Diff to previous 1.193 (colored)
RFC 2292 API support was removed 9 years ago, but left in a binary compat ABI form for the sake of existing programs. no programs from that era have been able to run for quite some time. Kill it all. ok deraadt florian millert mpi (I believe this is my first IPv6 diff. Future, here I come!)
Revision 1.193 / (download) - annotate - [select for diffs], Wed Oct 28 12:14:25 2015 UTC (8 years, 7 months ago) by florian
Branch: MAIN
Changes since 1.192: +6 -28 lines
Diff to previous 1.192 (colored)
Remove linkmtu and maxmtu from struct nd_ifinfo. IN6_LINKMTU can now die and ifp->if_mtu is the one true mtu. Suggested by and OK mpi@
Revision 1.192 / (download) - annotate - [select for diffs], Sun Oct 25 14:43:06 2015 UTC (8 years, 7 months ago) by florian
Branch: MAIN
Changes since 1.191: +4 -91 lines
Diff to previous 1.191 (colored)
Remove IPV6_NEXTHOP implementation. Source routing is considered to be a bad idea these days. kill it mpi@ general agreement in the network hackers room at u2k15
Revision 1.191 / (download) - annotate - [select for diffs], Sat Oct 24 12:33:16 2015 UTC (8 years, 7 months ago) by mpi
Branch: MAIN
Changes since 1.190: +3 -3 lines
Diff to previous 1.190 (colored)
Convert some if_ref() to if_get(). ok claudio@
Revision 1.190 / (download) - annotate - [select for diffs], Mon Oct 19 12:11:28 2015 UTC (8 years, 7 months ago) by mpi
Branch: MAIN
Changes since 1.189: +4 -4 lines
Diff to previous 1.189 (colored)
Stop checking for RTF_UP directly, call rtisvalid(9) instead. While here add two missing ``rtableid'' checks in in6_selectsrc(). ok bluhm@
Revision 1.189 / (download) - annotate - [select for diffs], Wed Sep 23 08:49:46 2015 UTC (8 years, 8 months ago) by mpi
Branch: MAIN
Changes since 1.188: +1 -7 lines
Diff to previous 1.188 (colored)
Always increment rt_use inside rtalloc(9) instead of doing it in some specific places. ok claudio@, benno@
Revision 1.188 / (download) - annotate - [select for diffs], Sun Sep 13 13:57:07 2015 UTC (8 years, 8 months ago) by mpi
Branch: MAIN
Changes since 1.187: +5 -2 lines
Diff to previous 1.187 (colored)
Get the default loopback interface pointer just after doing a route lookup to ensure pf_test() is called with the same interface in the input annd output path for local traffic. Fix a regression reported by Heiko Zimmermann on bugs@, thanks! ok mikeb@, claudio@
Revision 1.187 / (download) - annotate - [select for diffs], Sat Sep 12 20:26:07 2015 UTC (8 years, 9 months ago) by mpi
Branch: MAIN
Changes since 1.186: +2 -4 lines
Diff to previous 1.186 (colored)
Stop overwriting the rt_ifp pointer of RTF_LOCAL routes with lo0ifp. Use instead the RTF_LOCAL flag to loop local traffic back to the corresponding protocol queue. With this change rt_ifp is now always the same as rt_ifa->ifa_ifp. ok claudio@
Revision 1.186 / (download) - annotate - [select for diffs], Sat Sep 12 13:34:12 2015 UTC (8 years, 9 months ago) by mpi
Branch: MAIN
Changes since 1.185: +2 -2 lines
Diff to previous 1.185 (colored)
Introduce if_input_local() a function to feed local traffic back to the protocol queues. It basically does what looutput() was doing but having a generic function will allow us to get rid of the loopback hack overwwritting the rt_ifp field of RTF_LOCAL routes. ok mikeb@, dlg@, claudio@
Revision 1.185 / (download) - annotate - [select for diffs], Fri Sep 11 20:16:03 2015 UTC (8 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.184: +29 -15 lines
Diff to previous 1.184 (colored)
if_put after if_get for in6_src and ip6_output which got a lot easier after all the cleanup by mpi@ since we no longer overwrite ifps, etc. OK dlg@
Revision 1.184 / (download) - annotate - [select for diffs], Fri Sep 11 19:23:00 2015 UTC (8 years, 9 months ago) by mpi
Branch: MAIN
Changes since 1.183: +7 -10 lines
Diff to previous 1.183 (colored)
Rewrite in6_selectroute() to no longer return an ifp. The returned "struct rtentry" is either the cached one or the one passed in options. ok claudio@
Revision 1.183 / (download) - annotate - [select for diffs], Fri Sep 11 13:53:04 2015 UTC (8 years, 9 months ago) by mpi
Branch: MAIN
Changes since 1.182: +21 -11 lines
Diff to previous 1.182 (colored)
Move the multicast option parsing out of in6_selectroute(). ok claudio@
Revision 1.182 / (download) - annotate - [select for diffs], Fri Sep 11 09:58:33 2015 UTC (8 years, 9 months ago) by mpi
Branch: MAIN
Changes since 1.181: +2 -2 lines
Diff to previous 1.181 (colored)
Kill selectroute(). ok claudio@
Revision 1.181 / (download) - annotate - [select for diffs], Fri Sep 11 08:17:06 2015 UTC (8 years, 9 months ago) by claudio
Branch: MAIN
Changes since 1.180: +2 -12 lines
Diff to previous 1.180 (colored)
Kill yet another argument to functions in IPv6. This time ip6_output's ifpp - XXX: just for statistics ifpp is always NULL in all callers so that statistic confirms ifpp is dying OK mpi@
Revision 1.180 / (download) - annotate - [select for diffs], Thu Sep 10 09:11:11 2015 UTC (8 years, 9 months ago) by mpi
Branch: MAIN
Changes since 1.179: +2 -25 lines
Diff to previous 1.179 (colored)
Stop using in6_ifstat_inc(). ok dlg@, claudio@
Revision 1.179 / (download) - annotate - [select for diffs], Mon Aug 31 07:27:48 2015 UTC (8 years, 9 months ago) by mpi
Branch: MAIN
Changes since 1.178: +9 -4 lines
Diff to previous 1.178 (colored)
Compute the checksum before looping back the copy of a multicast packet. Found while comparing IPv4 and IPv6 versions. ok naddy@
Revision 1.178 / (download) - annotate - [select for diffs], Mon Aug 31 07:17:12 2015 UTC (8 years, 9 months ago) by mpi
Branch: MAIN
Changes since 1.177: +2 -3 lines
Diff to previous 1.177 (colored)
`encif' should only be used under #ifdef NPF. Reported by jsg@, ok deraadt@
Revision 1.177 / (download) - annotate - [select for diffs], Thu Jul 16 21:14:21 2015 UTC (8 years, 10 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.176: +3 -3 lines
Diff to previous 1.176 (colored)
Kill IP_ROUTETOETHER. This pseudo-option is a hack to support return-rst on bridge(4). It passes Ethernet information via a "struct route" through ip_output(). "struct route" is slowly dying... ok claudio@, benno@
Revision 1.176 / (download) - annotate - [select for diffs], Wed Jul 15 22:16:42 2015 UTC (8 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.175: +4 -4 lines
Diff to previous 1.175 (colored)
m_freem() can handle NULL, do not check for this condition beforehands. ok stsp mpi
Revision 1.175 / (download) - annotate - [select for diffs], Tue Jun 30 15:30:17 2015 UTC (8 years, 11 months ago) by mpi
Branch: MAIN
Changes since 1.174: +2 -2 lines
Diff to previous 1.174 (colored)
Get rid of the undocumented & temporary* m_copy() macro added for compatibility with 4.3BSD in September 1989. *Pick your own definition for "temporary". ok bluhm@, claudio@, dlg@
Revision 1.174 / (download) - annotate - [select for diffs], Tue Jun 16 11:09:40 2015 UTC (8 years, 11 months ago) by mpi
Branch: MAIN
Changes since 1.173: +3 -3 lines
Diff to previous 1.173 (colored)
Store a unique ID, an interface index, rather than a pointer to the receiving interface in the packet header of every mbuf. The interface pointer should now be retrieved when necessary with if_get(). If a NULL pointer is returned by if_get(), the interface has probably been destroy/removed and the mbuf should be freed. Such mechanism will simplify garbage collection of mbufs and limit problems with dangling ifp pointers. Tested by jmatthew@ and krw@, discussed with many. ok mikeb@, bluhm@, dlg@
Revision 1.173 / (download) - annotate - [select for diffs], Mon Jun 8 22:19:28 2015 UTC (9 years ago) by krw
Branch: MAIN
Changes since 1.172: +12 -12 lines
Diff to previous 1.172 (colored)
More damned eye searing whitespace. No change to .o files.
Revision 1.172 / (download) - annotate - [select for diffs], Sat May 23 12:52:59 2015 UTC (9 years ago) by markus
Branch: MAIN
Changes since 1.171: +3 -16 lines
Diff to previous 1.171 (colored)
remove PACKET_TAG_IPSEC_PENDING_TDB, it is never set; ok mikeb@
Revision 1.171 / (download) - annotate - [select for diffs], Wed May 13 10:42:47 2015 UTC (9 years, 1 month ago) by jsg
Branch: MAIN
Changes since 1.170: +5 -5 lines
Diff to previous 1.170 (colored)
test mbuf pointers against NULL not 0 ok krw@ miod@
Revision 1.170 / (download) - annotate - [select for diffs], Fri Apr 17 11:04:02 2015 UTC (9 years, 1 month ago) by mikeb
Branch: MAIN
Changes since 1.169: +2 -4 lines
Diff to previous 1.169 (colored)
Stubs and support code for NIC-enabled IPsec bite the dust. No objection from reyk@, OK markus, hshoexer
Revision 1.169 / (download) - annotate - [select for diffs], Thu Apr 16 19:24:13 2015 UTC (9 years, 1 month ago) by markus
Branch: MAIN
Changes since 1.168: +1 -43 lines
Diff to previous 1.168 (colored)
remove unfinished/unused support for socket-attached ipsec-policies ok mikeb
Revision 1.168 / (download) - annotate - [select for diffs], Sat Mar 14 03:38:52 2015 UTC (9 years, 3 months ago) by jsg
Branch: MAIN
Changes since 1.167: +1 -2 lines
Diff to previous 1.167 (colored)
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels. ok tedu@ deraadt@
Revision 1.167 / (download) - annotate - [select for diffs], Thu Feb 12 12:12:45 2015 UTC (9 years, 3 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.166: +1 -13 lines
Diff to previous 1.166 (colored)
Remove a chunk that should have been deleted in r1.166, this was safe because clearing fields twice is not a problem. Yeah, I suck at applying diff. ok henning@, claudio@
Revision 1.166 / (download) - annotate - [select for diffs], Thu Feb 5 01:10:57 2015 UTC (9 years, 4 months ago) by mpi
Branch: MAIN
Changes since 1.165: +29 -1 lines
Diff to previous 1.165 (colored)
Make sure pf(4) does not see embedded scopes. Packets destinated to link-local addresses are looped back with embedded scopes because we cannot restore them using the receiving interface (lo0). Embedded scopes are needed by the routing table to match RTF_LOCAL routes, but pf(4) never saw them and existing rules are likely to break without teaching the rule engine about them, found by dlg@ the hard way. So save and restore embedded scopes around pf_test() for packets going through loopback. ok dlg@, mikeb@
Revision 1.165 / (download) - annotate - [select for diffs], Wed Dec 17 09:57:13 2014 UTC (9 years, 5 months ago) by mpi
Branch: MAIN
Changes since 1.164: +12 -12 lines
Diff to previous 1.164 (colored)
Remove the "multicast_" prefix from the fields a multicast-only struct. Prodded by claudio@ and mikeb@
Revision 1.164 / (download) - annotate - [select for diffs], Wed Dec 17 09:45:59 2014 UTC (9 years, 5 months ago) by mpi
Branch: MAIN
Changes since 1.163: +6 -6 lines
Diff to previous 1.163 (colored)
Use an interface index instead of a pointer for multicast options.
Output interface (port) selection for multicast traffic is not done via
route lookups. Instead the output ifp is registred when setsockopt(2)
is called with the IP{V6,}_MULTICAST_IF option. But since there is no
mechanism to invalidate such pointer stored in a pcb when an interface
is destroyed/removed, it might lead your kernel to fault.
Prevent a fault upon resume reported by frantisek holop, thanks!
ok mikeb@, claudio@
Revision 1.163 / (download) - annotate - [select for diffs], Fri Dec 5 15:50:04 2014 UTC (9 years, 6 months ago) by mpi
Branch: MAIN
Changes since 1.162: +2 -1 lines
Diff to previous 1.162 (colored)
Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>. ok mikeb@, krw@, bluhm@, tedu@
Revision 1.162 / (download) - annotate - [select for diffs], Thu Nov 20 13:54:24 2014 UTC (9 years, 6 months ago) by mpi
Branch: MAIN
Changes since 1.161: +18 -61 lines
Diff to previous 1.161 (colored)
Rework the handling of interfaces and IPv6 addresses for local delivery. - Unicast packets sent to any local address will have their interface set to loobpack. - In order to differentiate traffic from interfaces having identical link-local addresses, provide the scoped addresses to pf(4). - Update the icmp6 state lookup logic to match scoped MLL addresses. - Remove a shortcut in ip6_input() that bypasses pf and always look for an RTF_LOCAL route. Packets sent to multicast addresses still retain their original interface due to the fact that local multicast packet delivering does not use if_output. This makes ping6 to link-local addresses work even with pf enabled and "set skip" on loopbacks, reported by Pieter Verberne. Debugged, analysed and tested with mikeb@. ok mikeb@, henning@, sthen@
Revision 1.161 / (download) - annotate - [select for diffs], Sat Nov 1 21:40:39 2014 UTC (9 years, 7 months ago) by mpi
Branch: MAIN
Changes since 1.160: +5 -5 lines
Diff to previous 1.160 (colored)
Rename rtalloc1() into rtalloc(9) and convert its flags to only enable functionnality instead of a mix of enable/disable. ok bluhm@, jca@
Revision 1.160 / (download) - annotate - [select for diffs], Tue Oct 14 09:52:26 2014 UTC (9 years, 7 months ago) by mpi
Branch: MAIN
Changes since 1.159: +7 -7 lines
Diff to previous 1.159 (colored)
Use rtfree() instead of RTFREE(), NULLify some free'd route pointers and kill the macro. ok mikeb@, henning@
Revision 1.159 / (download) - annotate - [select for diffs], Sat Sep 27 12:26:16 2014 UTC (9 years, 8 months ago) by mpi
Branch: MAIN
Changes since 1.158: +5 -3 lines
Diff to previous 1.158 (colored)
Kill rtalloc() and update rtalloc1() and rtalloc_mpath() to no longer rely on "struct route" that should die. ok claudio@
Revision 1.158 / (download) - annotate - [select for diffs], Tue Jul 22 11:06:10 2014 UTC (9 years, 10 months ago) by mpi
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6
Changes since 1.157: +1 -2 lines
Diff to previous 1.157 (colored)
Fewer <netinet/in_systm.h> !
Revision 1.157 / (download) - annotate - [select for diffs], Sat Jul 12 18:44:23 2014 UTC (9 years, 11 months ago) by tedu
Branch: MAIN
Changes since 1.156: +12 -12 lines
Diff to previous 1.156 (colored)
add a size argument to free. will be used soon, but for now default to 0. after discussions with beck deraadt kettenis.
Revision 1.156 / (download) - annotate - [select for diffs], Mon Apr 21 11:10:54 2014 UTC (10 years, 1 month ago) by henning
Branch: MAIN
Changes since 1.155: +2 -2 lines
Diff to previous 1.155 (colored)
we'll do fine without casting NULL to struct foo * / void * ok gcc & md5 (alas, no binary change)
Revision 1.155 / (download) - annotate - [select for diffs], Sun Apr 20 16:48:22 2014 UTC (10 years, 1 month ago) by naddy
Branch: MAIN
Changes since 1.154: +41 -1 lines
Diff to previous 1.154 (colored)
move in6_cksum_phdr from in6.h to ip6_output.c to mirror in_cksum_phdr ok henning@
Revision 1.154 / (download) - annotate - [select for diffs], Mon Apr 14 09:06:42 2014 UTC (10 years, 1 month ago) by mpi
Branch: MAIN
Changes since 1.153: +5 -5 lines
Diff to previous 1.153 (colored)
"struct pkthdr" holds a routing table ID, not a routing domain one. Avoid the confusion by using an appropriate name for the variable. Note that since routing domain IDs are a subset of the set of routing table IDs, the following idiom is correct: rtableid = rdomain But to get the routing domain ID corresponding to a given routing table ID, you must call rtable_l2(9). claudio@ likes it, ok mikeb@
Revision 1.153 / (download) - annotate - [select for diffs], Thu Jan 23 23:51:29 2014 UTC (10 years, 4 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_5_5_BASE,
OPENBSD_5_5
Changes since 1.152: +7 -0 lines
Diff to previous 1.152 (colored)
since the cksum rewrite the counters for hardware checksummed packets are are lie, since the software engine emulates hardware offloading and that is later indistinguishable. so kill the hw cksummed counters. introduce software checksummed packet counters instead. tcp/udp handles ip & ipvshit, ip cksum covered, 6 has no ip layer cksum. as before we still have a miscounting bug for inbound with pf on, to be fixed in the next step. found by, prodding & ok naddy
Revision 1.152 / (download) - annotate - [select for diffs], Thu Jan 23 01:10:42 2014 UTC (10 years, 4 months ago) by naddy
Branch: MAIN
Changes since 1.151: +1 -2 lines
Diff to previous 1.151 (colored)
put the in{,6}_delayed_cksum() and in{,6}_proto_cksum_out() prototypes
into consistent locations; ok henning@
Revision 1.151 / (download) - annotate - [select for diffs], Wed Jan 22 14:27:20 2014 UTC (10 years, 4 months ago) by naddy
Branch: MAIN
Changes since 1.150: +25 -2 lines
Diff to previous 1.150 (colored)
Split the checksum calculation for IPv6 like for IPv4: Always calculate the pseudo-header checksum. Complete the checksum if hardware offload is not available. Parts originally from NetBSD; ok henning@
Revision 1.150 / (download) - annotate - [select for diffs], Tue Jan 21 10:18:26 2014 UTC (10 years, 4 months ago) by mpi
Branch: MAIN
Changes since 1.149: +4 -3 lines
Diff to previous 1.149 (colored)
Do not clean the multicast records of an interface when it is destroyed (unplugged). Even if it makes no sense to keep them around if the interface is no more, we cannot safely remove them since pcb multicast options might keep a pointer to them. Fixes a user after free introduced by the multicast address linking rewrite and reported by Alexey Suslikov, thanks! ok claudio@
Revision 1.149 / (download) - annotate - [select for diffs], Mon Jan 13 23:03:52 2014 UTC (10 years, 4 months ago) by bluhm
Branch: MAIN
Changes since 1.148: +5 -5 lines
Diff to previous 1.148 (colored)
Call all local valiables of type struct in6_ifaddr "ia6". This is consistent with struct ifaddr "ifa" and struct in_ifaddr "ia". OK mpi@
Revision 1.148 / (download) - annotate - [select for diffs], Wed Oct 23 19:57:50 2013 UTC (10 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.147: +3 -3 lines
Diff to previous 1.147 (colored)
Back when some NRL code was merged into KAME to create the *BSD IPV6 stack (factoid: by a bunch of people in my living room), some compatibility #define's were created to shim incompatible inpcb access methods. There was an understanding they would eventually be removed. Since they are error prone, and 1999 is a long time ago, now they die. ok mikeb claudio mpi
Revision 1.147 / (download) - annotate - [select for diffs], Mon Oct 21 12:40:39 2013 UTC (10 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.146: +2 -4 lines
Diff to previous 1.146 (colored)
pretty up a disgusting chunk
Revision 1.146 / (download) - annotate - [select for diffs], Mon Oct 21 08:44:13 2013 UTC (10 years, 7 months ago) by phessler
Branch: MAIN
Changes since 1.145: +32 -2 lines
Diff to previous 1.145 (colored)
Enable IPv6 routing domain support Started by claudio@ for IPv4, lots of heavy work by sperreault@ My part started at s2k11, continued at n2k12, g2k12, c2k12 and n2k13. Lots of help and hints from claudio and bluhm OK claudio@, bluhm@
Revision 1.145 / (download) - annotate - [select for diffs], Sun Oct 20 13:44:24 2013 UTC (10 years, 7 months ago) by henning
Branch: MAIN
Changes since 1.144: +0 -7 lines
Diff to previous 1.144 (colored)
no need to make the icmp cksum "offloading" case special insofar that the cksum needs to be 0'd before, pf does that now (just like in the tcp/udp case) and nothing else uses the icmp "offloading" yet. with & ok bluhm
Revision 1.144 / (download) - annotate - [select for diffs], Thu Oct 17 16:27:46 2013 UTC (10 years, 7 months ago) by bluhm
Branch: MAIN
Changes since 1.143: +2 -2 lines
Diff to previous 1.143 (colored)
The header file netinet/in_var.h included netinet6/in6_var.h. This created a bunch of useless dependencies. Remove this implicit inclusion and do an explicit #include <netinet6/in6_var.h> when it is needed. OK mpi@ henning@
Revision 1.143 / (download) - annotate - [select for diffs], Wed Jul 31 15:41:52 2013 UTC (10 years, 10 months ago) by mikeb
Branch: MAIN
Changes since 1.142: +2 -20 lines
Diff to previous 1.142 (colored)
Move bridge_broadcast and subsequently all IPsec SPD lookup code out of the IPL_NET. pf_test should be no longer called under IPL_NET as well. The problem became evident after the related issue was brought up by David Hill <dhill at mindcry ! org>. With input from and OK mpi. Tested by David and me.
Revision 1.142 / (download) - annotate - [select for diffs], Thu Jul 4 19:10:41 2013 UTC (10 years, 11 months ago) by sf
Branch: MAIN
CVS Tags: OPENBSD_5_4_BASE,
OPENBSD_5_4
Changes since 1.141: +2 -2 lines
Diff to previous 1.141 (colored)
format string fixes: size_t and uint16_t ok bluhm@
Revision 1.141 / (download) - annotate - [select for diffs], Wed Jun 26 09:12:40 2013 UTC (10 years, 11 months ago) by henning
Branch: MAIN
Changes since 1.140: +70 -1 lines
Diff to previous 1.140 (colored)
put the cksum diff back, of course with the bug fixed where we could under some circumstances repair broken checksums on the way. ok ryan naddy mikeb . redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers.
Revision 1.140 / (download) - annotate - [select for diffs], Fri May 31 15:04:24 2013 UTC (11 years ago) by bluhm
Branch: MAIN
Changes since 1.139: +10 -10 lines
Diff to previous 1.139 (colored)
Remove a bunch of sockaddr_in6 pointer casts and replace others with sin6tosa() or satosin6() inline functions. This allows the compiler to check the types more strictly. OK mpi@
Revision 1.139 / (download) - annotate - [select for diffs], Thu Apr 11 12:06:25 2013 UTC (11 years, 2 months ago) by mpi
Branch: MAIN
Changes since 1.138: +1 -3 lines
Diff to previous 1.138 (colored)
Remove the extern keyword from function declarations, document sysctl declarations, move variables and functions used in only one place in their corresponding file. No functional change. No objection from markus@, ok mikeb@
Revision 1.138 / (download) - annotate - [select for diffs], Tue Apr 9 08:35:38 2013 UTC (11 years, 2 months ago) by mpi
Branch: MAIN
Changes since 1.137: +5 -10 lines
Diff to previous 1.137 (colored)
Remove read-only ipsec variables and directly use defines instead. ok mikeb@, markus@
Revision 1.137 / (download) - annotate - [select for diffs], Thu Mar 28 16:45:16 2013 UTC (11 years, 2 months ago) by tedu
Branch: MAIN
Changes since 1.136: +1 -2 lines
Diff to previous 1.136 (colored)
no need for a lot of code to include proc.h
Revision 1.136 / (download) - annotate - [select for diffs], Thu Mar 28 00:32:11 2013 UTC (11 years, 2 months ago) by bluhm
Branch: MAIN
Changes since 1.135: +1 -2 lines
Diff to previous 1.135 (colored)
Unfortunately the satosin, sintosa, ifatoia, satosin6, sin6tosa, ifatoia6 macros do not check the source type. They just cast anything. Remove needless casts and do not use those macros if the source type does not match. Remove duplicate defines. No binary change. OK kettenis@ krw@
Revision 1.135 / (download) - annotate - [select for diffs], Wed Mar 20 10:34:12 2013 UTC (11 years, 2 months ago) by mpi
Branch: MAIN
Changes since 1.134: +12 -25 lines
Diff to previous 1.134 (colored)
Introduce if_get() to retrieve an interface descriptor pointer given an interface index and replace all the redondant checks and accesses to a global array by a call to this function. With imputs from and ok bluhm@, mikeb@
Revision 1.134 / (download) - annotate - [select for diffs], Thu Mar 14 11:18:37 2013 UTC (11 years, 3 months ago) by mpi
Branch: MAIN
Changes since 1.133: +1 -11 lines
Diff to previous 1.133 (colored)
tedu faith(4), suggested by todd@ some weeks ago after a submission by dhill. ok krw@, mikeb@, tedu@ (implicit)
Revision 1.133 / (download) - annotate - [select for diffs], Mon Mar 4 14:42:25 2013 UTC (11 years, 3 months ago) by bluhm
Branch: MAIN
Changes since 1.132: +2 -2 lines
Diff to previous 1.132 (colored)
Replace the cast to struct in6_ifaddr pointer with the ifatoia6() macro. No binary change. OK claudio@
Revision 1.132 / (download) - annotate - [select for diffs], Tue Nov 6 12:32:42 2012 UTC (11 years, 7 months ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_5_3_BASE,
OPENBSD_5_3
Changes since 1.131: +1 -64 lines
Diff to previous 1.131 (colored)
backout csum diff for the moment, requested by theo
Revision 1.131 / (download) - annotate - [select for diffs], Mon Nov 5 21:49:15 2012 UTC (11 years, 7 months ago) by claudio
Branch: MAIN
Changes since 1.130: +3 -3 lines
Diff to previous 1.130 (colored)
Make sure that in[6]_proto_cksum_out() is called unconditinally and not inside the NPF block. Fixes checksum issues seen on ramdisk kernels. Initial diff by naddy@, tested and OK by many
Revision 1.130 / (download) - annotate - [select for diffs], Fri Nov 2 13:14:05 2012 UTC (11 years, 7 months ago) by henning
Branch: MAIN
Changes since 1.129: +3 -3 lines
Diff to previous 1.129 (colored)
unbreak ramdisks, we need to include tcp/udp.h unconditionally now and not dependent on ipsec. puzzled how this went by since I did run full mkrs... pbly lost in my forest of trees :( report Amit Kulkarni <amitkulz at gmail.com>, fix me, ok kettenis beck krw
Revision 1.129 / (download) - annotate - [select for diffs], Thu Nov 1 07:55:56 2012 UTC (11 years, 7 months ago) by henning
Branch: MAIN
Changes since 1.128: +63 -0 lines
Diff to previous 1.128 (colored)
redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers. ok camield sthen claudio, testing by many, thanks!
Revision 1.125.2.1 / (download) - annotate - [select for diffs], Wed Oct 17 11:37:05 2012 UTC (11 years, 7 months ago) by ajacoutot
Branch: OPENBSD_5_2
Changes since 1.125: +2 -2 lines
Diff to previous 1.125 (colored) next main 1.126 (colored)
MFC: As CMSG_ALIGN() can overflow the integer value, do the length check with and without alignment. Bug found by Clement Lecigne <clemun AT gmail DOT com> OK claudio@ prodded by bluhm@ ok jasper@ sthen@
Revision 1.123.2.1 / (download) - annotate - [select for diffs], Wed Oct 17 11:36:29 2012 UTC (11 years, 7 months ago) by ajacoutot
Branch: OPENBSD_5_1
Changes since 1.123: +2 -2 lines
Diff to previous 1.123 (colored) next main 1.124 (colored)
MFC: As CMSG_ALIGN() can overflow the integer value, do the length check with and without alignment. Bug found by Clement Lecigne <clemun AT gmail DOT com> OK claudio@ prodded by bluhm@ ok jasper@ sthen@
Revision 1.128 / (download) - annotate - [select for diffs], Tue Oct 16 08:09:09 2012 UTC (11 years, 7 months ago) by bluhm
Branch: MAIN
Changes since 1.127: +2 -2 lines
Diff to previous 1.127 (colored)
As CMSG_ALIGN() can overflow the integer value, do the length check with and without alignment. Bug found by Clement Lecigne <clemun AT gmail DOT com> OK claudio@
Revision 1.127 / (download) - annotate - [select for diffs], Thu Sep 20 10:25:03 2012 UTC (11 years, 8 months ago) by blambert
Branch: MAIN
Changes since 1.126: +4 -4 lines
Diff to previous 1.126 (colored)
spltdb() was really just #define'd to be splsoftnet(); replace the former with the latter no change in md5 checksum of generated files ok claudio@ henning@
Revision 1.126 / (download) - annotate - [select for diffs], Mon Sep 17 20:01:26 2012 UTC (11 years, 8 months ago) by yasuoka
Branch: MAIN
Changes since 1.125: +10 -1 lines
Diff to previous 1.125 (colored)
add IPV6_RECVDSTPORT socket option, which enables us to get original (= before divert) destination port of a UDP packet. The way to use this option is same as IP_RECVDSTPORT. from UMEZAWA Takeshi tweaks from jmc; ok henning bluhm
Revision 1.125 / (download) - annotate - [select for diffs], Mon Jul 16 18:05:36 2012 UTC (11 years, 10 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_5_2_BASE
Branch point for: OPENBSD_5_2
Changes since 1.124: +2 -2 lines
Diff to previous 1.124 (colored)
add IP_IPSECFLOWINFO option to sendmsg() and recvmsg(), so npppd(4) can use this to select the IPsec tunnel for sending L2TP packets. this fixes Windows (always binding to 1701) and Android clients (negotiating wildcard flows); feedback mpf@ and yasuoka@; ok henning@ and yasuoka@; ok jmc@ for the manpage
Revision 1.124 / (download) - annotate - [select for diffs], Fri Apr 13 09:38:32 2012 UTC (12 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.123: +2 -2 lines
Diff to previous 1.123 (colored)
unneccessary casts to unsigned; ok claudio
Revision 1.123 / (download) - annotate - [select for diffs], Thu Nov 24 17:39:55 2011 UTC (12 years, 6 months ago) by sperreault
Branch: MAIN
CVS Tags: OPENBSD_5_1_BASE
Branch point for: OPENBSD_5_1
Changes since 1.122: +2 -2 lines
Diff to previous 1.122 (colored)
rdomain support for IPv6 ok mikeb
Revision 1.122 / (download) - annotate - [select for diffs], Mon Jul 4 06:54:49 2011 UTC (12 years, 11 months ago) by claudio
Branch: MAIN
CVS Tags: OPENBSD_5_0_BASE,
OPENBSD_5_0
Changes since 1.121: +3 -3 lines
Diff to previous 1.121 (colored)
Bye bye pf_test6(). Only one pf_test function for both IPv4 and v6. The functions were 95% identical anyway. While there use struct pf_addr in struct pf_divert instead of some union which is the same. OK bluhm@ mcbride@ and most probably henning@ as well
Revision 1.121 / (download) - annotate - [select for diffs], Mon May 2 22:17:28 2011 UTC (13 years, 1 month ago) by chl
Branch: MAIN
Changes since 1.120: +3 -3 lines
Diff to previous 1.120 (colored)
Fix potential null dereference. Found by LLVM/Clang Static Analyzer. ok henning@ claudio@ krw@
Revision 1.120 / (download) - annotate - [select for diffs], Tue Apr 5 11:48:28 2011 UTC (13 years, 2 months ago) by blambert
Branch: MAIN
Changes since 1.119: +2 -2 lines
Diff to previous 1.119 (colored)
Passing M_WAITOK to mbuf functions is supposed to be a contract between the caller and the function that the function will not fail to allocate memory and return a NULL pointer. However, m_dup_pkthdr() violates this contract, making it possible for functions that pass M_WAITOK to be surprised in ways that hurt. Fix this by passing the wait flag all the way down the functions that actually do the allocation for m_dup_pkthdr() so that we won't be surprised. man page update forthcoming ok claudio@
Revision 1.119 / (download) - annotate - [select for diffs], Tue Mar 22 23:13:01 2011 UTC (13 years, 2 months ago) by bluhm
Branch: MAIN
Changes since 1.118: +77 -66 lines
Diff to previous 1.118 (colored)
Extract the new function ip6_fragment() from ip6_output() to make it reusable by pf. ok claudio@
Revision 1.118 / (download) - annotate - [select for diffs], Thu Sep 23 04:45:15 2010 UTC (13 years, 8 months ago) by yasuoka
Branch: MAIN
CVS Tags: OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.117: +12 -1 lines
Diff to previous 1.117 (colored)
add a new IP level socket option IP_PIPEX. This option is used for L2TP support by pipex. OK henning@, "Carry on" blambert@
Revision 1.117 / (download) - annotate - [select for diffs], Sat Aug 7 03:50:02 2010 UTC (13 years, 10 months ago) by krw
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8
Changes since 1.116: +2 -2 lines
Diff to previous 1.116 (colored)
No "\n" needed at the end of panic() strings. Bogus chunks pointed out by matthew@ and miod@. No cookies for marco@ and jasper@. ok deraadt@ miod@ matthew@ jasper@ macro@
Revision 1.116 / (download) - annotate - [select for diffs], Fri Jul 9 16:58:06 2010 UTC (13 years, 11 months ago) by reyk
Branch: MAIN
Changes since 1.115: +11 -6 lines
Diff to previous 1.115 (colored)
Add support for using IPsec in multiple rdomains. This allows to run isakmpd/iked/ipsecctl in multiple rdomains independently (with "route exec"); the kernel will pickup the rdomain from the process context of the pfkey socket and load the flows and SAs into the matching rdomain encap routing table. The network stack also needs to pass the rdomain to the ipsec stack to lookup the correct rdomain that belongs to an interface/mbuf/... You can now run individual IPsec configs per rdomain or create IPsec VPNs between multiple rdomains on the same machine ;). Note that a primary enc(4) in addition to enc0 interface is required per rdomain, eg. enc1 rdomain 1. Test by some people, mostly on existing "rdomain 0" setups. Was in snaps for some days and people didn't complain. ok claudio@ naddy@
Revision 1.115 / (download) - annotate - [select for diffs], Thu Jul 8 19:42:46 2010 UTC (13 years, 11 months ago) by jsg
Branch: MAIN
Changes since 1.114: +1 -24 lines
Diff to previous 1.114 (colored)
remove some unused netinet6 code ok stsp@ henning@ claudio@
Revision 1.114 / (download) - annotate - [select for diffs], Thu Jul 1 02:09:45 2010 UTC (13 years, 11 months ago) by reyk
Branch: MAIN
Changes since 1.113: +15 -14 lines
Diff to previous 1.113 (colored)
Allow to specify an alternative enc(4) interface for an SA. All traffic for this SA will appear on the specified enc interface instead of enc0 and can be filtered and monitored separately. This will allow to group individual ipsec policies to virtual interfaces and simplifies monitoring and pf filtering with many ipsec policies a lot. This diff includes the following changes: - Store the enc interface unit (default 0) in the TDB of an SA and pass it to the enc_getif() lookup when running the bpf or pf_test() handlers. - Add the pfkey SADB_X_EXT_TAP extension to communicate the encX interface unit for a specified SA between userland and kernel. - Update enc(4) again to use an allocate array instead of the TAILQ to lookup the matching enc interface in enc_getif() quickly. Discussed with many, tested by a few, will need more testing & review. ok deraadt@
Revision 1.113 / (download) - annotate - [select for diffs], Tue Jun 29 21:28:38 2010 UTC (13 years, 11 months ago) by reyk
Branch: MAIN
Changes since 1.112: +5 -1 lines
Diff to previous 1.112 (colored)
Replace enc(4) with a new implementation as a cloner device. We still create enc0 by default, but it is possible to add additional enc interfaces. This will be used later to allow alternative encs per policy or to have an enc per rdomain when IPsec becomes rdomain-aware. manpage bits ok jmc@ input from henning@ deraadt@ toby@ naddy@ ok henning@ claudio@
Revision 1.112 / (download) - annotate - [select for diffs], Fri May 7 13:33:17 2010 UTC (14 years, 1 month ago) by claudio
Branch: MAIN
Changes since 1.111: +3 -4 lines
Diff to previous 1.111 (colored)
Start cleaning up the mess called rtalloc*. Kill rtalloc2, make rtalloc1 accept flags for report and nocloning. Move the rtableid into struct route (with a minor twist for now) and make a few more codepathes rdomain aware. Appart from the pf.c and route.c bits the diff is mostly mechanical. More to come... OK michele, henning
Revision 1.111 / (download) - annotate - [select for diffs], Mon Feb 8 12:16:02 2010 UTC (14 years, 4 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_4_7_BASE,
OPENBSD_4_7
Changes since 1.110: +34 -35 lines
Diff to previous 1.110 (colored)
More destatic and ansification. ok claudio@ naddy@
Revision 1.110 / (download) - annotate - [select for diffs], Wed Nov 25 07:37:29 2009 UTC (14 years, 6 months ago) by mpf
Branch: MAIN
Changes since 1.109: +12 -11 lines
Diff to previous 1.109 (colored)
Small cleanup for setsockopt IPSEC6_OUTSA: No need to wrap input validation inside spltdb(). Simplify code by using a break instead of an else-block. OK guenther@
Revision 1.109 / (download) - annotate - [select for diffs], Fri Nov 20 09:02:21 2009 UTC (14 years, 6 months ago) by guenther
Branch: MAIN
Changes since 1.108: +10 -10 lines
Diff to previous 1.108 (colored)
NULL dereference in IPV6_PORTRANGE and IP_IPSEC_*, found by Clement LECIGNE, localhost DoS everywhere. To help minimize further issues, make the mbuf != NULL test explicit instead of implicit in a length test. Suggestions and initial work by mpf@ and miod@ ok henning@, mpf@, claudio@,
Revision 1.103.2.1 / (download) - annotate - [select for diffs], Wed Oct 28 21:20:39 2009 UTC (14 years, 7 months ago) by claudio
Branch: OPENBSD_4_4
Changes since 1.103: +2 -1 lines
Diff to previous 1.103 (colored) next main 1.104 (colored)
MFC rev. 1.108 of ip6_output.c by deraadt@: *NULL store in IP_AUTH_LEVEL, IP_ESP_TRANS_LEVEL, IP_ESP_NETWORK_LEVEL, IP_IPCOMP_LEVEL found by Clement LECIGNE, localhost root exploitable on userland/kernel shared vm machines (ie. i386, amd64, arm, sparc (but not sparc64), sh, ...) on OpenBSD 4.3 or older copy of the ipv4 bug, spotted by claudio
Revision 1.106.2.1 / (download) - annotate - [select for diffs], Wed Oct 28 21:20:16 2009 UTC (14 years, 7 months ago) by claudio
Branch: OPENBSD_4_5
Changes since 1.106: +2 -1 lines
Diff to previous 1.106 (colored) next main 1.107 (colored)
MFC rev. 1.108 of ip6_output.c by deraadt@: *NULL store in IP_AUTH_LEVEL, IP_ESP_TRANS_LEVEL, IP_ESP_NETWORK_LEVEL, IP_IPCOMP_LEVEL found by Clement LECIGNE, localhost root exploitable on userland/kernel shared vm machines (ie. i386, amd64, arm, sparc (but not sparc64), sh, ...) on OpenBSD 4.3 or older copy of the ipv4 bug, spotted by claudio
Revision 1.106.6.1 / (download) - annotate - [select for diffs], Wed Oct 28 21:19:18 2009 UTC (14 years, 7 months ago) by claudio
Branch: OPENBSD_4_6
Changes since 1.106: +2 -1 lines
Diff to previous 1.106 (colored) next main 1.107 (colored)
MFC rev. 1.108 of ip6_output.c by deraadt@: *NULL store in IP_AUTH_LEVEL, IP_ESP_TRANS_LEVEL, IP_ESP_NETWORK_LEVEL, IP_IPCOMP_LEVEL found by Clement LECIGNE, localhost root exploitable on userland/kernel shared vm machines (ie. i386, amd64, arm, sparc (but not sparc64), sh, ...) on OpenBSD 4.3 or older copy of the ipv4 bug, spotted by claudio
Revision 1.108 / (download) - annotate - [select for diffs], Wed Oct 28 21:03:17 2009 UTC (14 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.107: +2 -1 lines
Diff to previous 1.107 (colored)
*NULL store in IP_AUTH_LEVEL, IP_ESP_TRANS_LEVEL, IP_ESP_NETWORK_LEVEL, IP_IPCOMP_LEVEL found by Clement LECIGNE, localhost root exploitable on userland/kernel shared vm machines (ie. i386, amd64, arm, sparc (but not sparc64), sh, ...) on OpenBSD 4.3 or older copy of the ipv4 bug, spotted by claudio
Revision 1.107 / (download) - annotate - [select for diffs], Tue Oct 6 21:21:48 2009 UTC (14 years, 8 months ago) by claudio
Branch: MAIN
Changes since 1.106: +23 -2 lines
Diff to previous 1.106 (colored)
Redo the route lookup in the output (and IPv6 forwarding) path if the destination of a packet was changed by pf. This allows for some evil games with rdr-to or nat-to but is mostly needed for better rdomain/rtable support. This is a first step and more work and cleanup is needed. Here a list of what works and what does not (needs a patched pfctl): pass out rdr-to: from local rdr-to local addr works (if state tracking on lo0 is done) from remote rdr-to local addr does NOT work from local rdr-to remote works from remote rdr-to remote works pass in nat-to: from remote nat-to local addr does NOT work from remote nat-to non-local addr works non-local is an IP that is routed to the FW but is not assigned on the FW. The non working cases need some magic to correctly rewrite the incomming packet since the rewriting would happen outbound which is too late. "time to get it in" deraadt@
Revision 1.106 / (download) - annotate - [select for diffs], Wed Oct 22 14:36:08 2008 UTC (15 years, 7 months ago) by markus
Branch: MAIN
CVS Tags: OPENBSD_4_6_BASE,
OPENBSD_4_5_BASE
Branch point for: OPENBSD_4_6,
OPENBSD_4_5
Changes since 1.105: +15 -1 lines
Diff to previous 1.105 (colored)
filter ipv6 ipsec packets on enc0 (in and out), similar to ipv4; ok bluhm, fries, mpf; fixes pr 4188
Revision 1.105 / (download) - annotate - [select for diffs], Wed Sep 3 08:41:57 2008 UTC (15 years, 9 months ago) by mpf
Branch: MAIN
Changes since 1.104: +1 -20 lines
Diff to previous 1.104 (colored)
Remove dead code: ip6_copypktopts() is not used anywhere. OK deraadt@, henning@
Revision 1.104 / (download) - annotate - [select for diffs], Fri Aug 8 17:49:21 2008 UTC (15 years, 10 months ago) by bluhm
Branch: MAIN
Changes since 1.103: +1 -5 lines
Diff to previous 1.103 (colored)
Do not latch the IPSec tdb to the inpcb unconditionally. This has been moved to the protocol layer from ip_output at 2002/05/31. The IPv6 part has been forgotten so packets could get encrypted unintentionally. ok hshoexer markus
Revision 1.103 / (download) - annotate - [select for diffs], Wed Jul 30 15:07:40 2008 UTC (15 years, 10 months ago) by canacar
Branch: MAIN
CVS Tags: OPENBSD_4_4_BASE
Branch point for: OPENBSD_4_4
Changes since 1.102: +2 -8 lines
Diff to previous 1.102 (colored)
Call ip6_clearpktopts() on error in copypktopts() instead of freeing every field individually. ok claudio@ markus@ henning@ deraadt@
Revision 1.102 / (download) - annotate - [select for diffs], Wed Jun 11 19:00:50 2008 UTC (16 years ago) by mcbride
Branch: MAIN
Changes since 1.101: +36 -89 lines
Diff to previous 1.101 (colored)
ANSIfy to sync with KAME. From Karl Sjodahl <dunceor@gmail.com>. ok todd deraadt naddy bluhm
Revision 1.101 / (download) - annotate - [select for diffs], Mon Jun 9 22:47:42 2008 UTC (16 years ago) by djm
Branch: MAIN
Changes since 1.100: +19 -1 lines
Diff to previous 1.100 (colored)
Introduce a facility to generate unpredictable 32 bit numbers with near maximal (2^32) cycle times. These are useful for network IDs in cases where there are negative consequences to ID prediction and/or reuse. Use the idgen32() functions to generate IPv6 IDs and NFS client/server XIDs. Pseudorandom permutation code in crypto/idgen.c based on public domain skip32.c from Greg Rose. feedback & ok thib@ deraadt@
Revision 1.100 / (download) - annotate - [select for diffs], Mon Mar 31 21:15:20 2008 UTC (16 years, 2 months ago) by deraadt
Branch: MAIN
Changes since 1.99: +20 -16 lines
Diff to previous 1.99 (colored)
strictly interpret msg_controllen to be the exact total length of the cmsg's, including alignments, ie. the sum of CMSG_SPACE()'s. any other interpretation would be in violation of various unix specifications. RFC3542 section 20.2 is totally and completely wrong -- it is not allowed to over-ride the specification of msg_controllen, since the intent is that one could mix-and-match various types of cmsg's and an exact match is therefore required. ok kettenis, tested by many
Revision 1.99 / (download) - annotate - [select for diffs], Fri Jun 1 00:52:38 2007 UTC (17 years ago) by henning
Branch: MAIN
CVS Tags: OPENBSD_4_3_BASE,
OPENBSD_4_3,
OPENBSD_4_2_BASE,
OPENBSD_4_2
Changes since 1.98: +6 -4 lines
Diff to previous 1.98 (colored)
apply the "skip ipsec if there are no flows" speedup diff to IPv6 too. we need a pointer to the inpcb to decide, which was not previously passed to ip6_output, so this diff is a little bigger. from itojun, ok ryan
Revision 1.98 / (download) - annotate - [select for diffs], Thu Feb 8 15:25:30 2007 UTC (17 years, 4 months ago) by itojun
Branch: MAIN
CVS Tags: OPENBSD_4_1_BASE,
OPENBSD_4_1
Changes since 1.97: +8 -11 lines
Diff to previous 1.97 (colored)
- AH: when computing crypto checksum for output, massage source-routing header. - ipsec_input: fix mistake in IPv6 next-header chasing. - ipsec_output: look for the position to insert AH more carefully. - ip6_output: enable use of AH with extension headers. avoid tunnellinng when source-routing header is present. ok by deraad, naddy, hshoexer
Revision 1.97 / (download) - annotate - [select for diffs], Sun Dec 10 10:16:12 2006 UTC (17 years, 6 months ago) by miod
Branch: MAIN
Changes since 1.96: +2 -2 lines
Diff to previous 1.96 (colored)
In ip6_output(), make sure ia is initialized before it is used.
Revision 1.96 / (download) - annotate - [select for diffs], Sat Dec 9 01:12:28 2006 UTC (17 years, 6 months ago) by itojun
Branch: MAIN
Changes since 1.95: +1139 -349 lines
Diff to previous 1.95 (colored)
switch IPv6 advanced API from RFC2292 to RFC3542 (2292 is superseded by 3542). the kernel still handles RFC2292 set/getsockopts, so that compiled binary has no trouble running. userland sees RFC3542 symbols only on header file so new code has to use RFC3542 API. bump libc shlib minor for function additions. tested on i386/amd64 by jmc, i386 by brad. checked by deraadt.
Revision 1.95 / (download) - annotate - [select for diffs], Fri Dec 8 21:32:12 2006 UTC (17 years, 6 months ago) by itojun
Branch: MAIN
Changes since 1.94: +8 -4 lines
Diff to previous 1.94 (colored)
leftover from interface-local multicast change.
Revision 1.94 / (download) - annotate - [select for diffs], Fri Nov 17 01:11:23 2006 UTC (17 years, 6 months ago) by itojun
Branch: MAIN
Changes since 1.93: +22 -47 lines
Diff to previous 1.93 (colored)
change semantics of ff01::/16 to interface local multicast (to sync up with more recent IPv6 spec) ok from: deraadt mcbride
Revision 1.93 / (download) - annotate - [select for diffs], Sun Jun 18 11:47:46 2006 UTC (17 years, 11 months ago) by pascoe
Branch: MAIN
CVS Tags: OPENBSD_4_0_BASE,
OPENBSD_4_0
Changes since 1.92: +2 -2 lines
Diff to previous 1.92 (colored)
Add support for equal-cost multipath IP. To minimise path disruptions, this implements recommendations made in RFC2992 - the hash-threshold mechanism to select paths based on source/destination IP address pairs, and inserts multipath routes in the middle of the route table. To enable multipath distribution, use: sysctl net.inet.ip.multipath=1 and/or: sysctl net.inet6.ip6.multipath=1 testing norby@ ok claudio@ henning@ hshoexer@
Revision 1.92 / (download) - annotate - [select for diffs], Fri Jun 16 16:49:40 2006 UTC (17 years, 11 months ago) by henning
Branch: MAIN
Changes since 1.91: +2 -2 lines
Diff to previous 1.91 (colored)
adjust functions dealing with the routing table to take a table ID as parameter so they can work on alternate tables. table 0 hardcoded for many callers yet, that will be adapted step by step. input + ok claudio norby hshoexer
Revision 1.91 / (download) - annotate - [select for diffs], Fri Jun 16 15:31:08 2006 UTC (17 years, 11 months ago) by pascoe
Branch: MAIN
Changes since 1.90: +3 -3 lines
Diff to previous 1.90 (colored)
More spelling fixes.
Revision 1.90 / (download) - annotate - [select for diffs], Fri Jun 16 15:16:41 2006 UTC (17 years, 11 months ago) by pascoe
Branch: MAIN
Changes since 1.89: +2 -2 lines
Diff to previous 1.89 (colored)
Spelling.
Revision 1.89 / (download) - annotate - [select for diffs], Sat May 27 23:40:27 2006 UTC (18 years ago) by claudio
Branch: MAIN
Changes since 1.88: +5 -2 lines
Diff to previous 1.88 (colored)
Do the same thing as for IPv4. Use a sysctl to enable/disable mfrowarding and additionaly make the code part of the MROUTING option. Put it in deraadt@
Revision 1.88 / (download) - annotate - [select for diffs], Sun Mar 5 21:48:57 2006 UTC (18 years, 3 months ago) by miod
Branch: MAIN
Changes since 1.87: +6 -7 lines
Diff to previous 1.87 (colored)
Use more queue macros rather than doing it by hand; ok otto@ krw@
Revision 1.87 / (download) - annotate - [select for diffs], Tue Jan 11 08:57:24 2005 UTC (19 years, 5 months ago) by djm
Branch: MAIN
CVS Tags: OPENBSD_3_9_BASE,
OPENBSD_3_9,
OPENBSD_3_8_BASE,
OPENBSD_3_8,
OPENBSD_3_7_BASE,
OPENBSD_3_7
Changes since 1.86: +37 -26 lines
Diff to previous 1.86 (colored)
correctly deal with unspecified (zero) interface number in IPV6_MULTICAST_IF,
IPV6_{JOIN,LEAVE}_GROUP ioctls; ok itojun@
Revision 1.86 / (download) - annotate - [select for diffs], Mon Jun 21 19:26:02 2004 UTC (19 years, 11 months ago) by mcbride
Branch: MAIN
CVS Tags: OPENBSD_3_6_BASE,
OPENBSD_3_6
Changes since 1.85: +2 -2 lines
Diff to previous 1.85 (colored)
Get rid of pf_test_eh() wrapper. ok cedric@ henning@
Revision 1.4.2.11 / (download) - annotate - [select for diffs], Sun Jun 13 08:50:18 2004 UTC (20 years ago) by niklas
Branch: SMP
Changes since 1.4.2.10: +10 -0 lines
Diff to previous 1.4.2.10 (colored) to branchpoint 1.4 (colored) next main 1.5 (colored)
sync to HEAD
Revision 1.85 / (download) - annotate - [select for diffs], Sat Jun 12 04:58:48 2004 UTC (20 years ago) by itojun
Branch: MAIN
CVS Tags: SMP_SYNC_A
Changes since 1.84: +11 -1 lines
Diff to previous 1.84 (colored)
support IPV6_USE_MIN_MTU, to make BIND9 better. (sorry about the mess yesterday)
Revision 1.84 / (download) - annotate - [select for diffs], Fri Jun 11 14:27:13 2004 UTC (20 years ago) by deraadt
Branch: MAIN
Changes since 1.83: +0 -10 lines
Diff to previous 1.83 (colored)
back out tree breakage. Like, come on
Revision 1.83 / (download) - annotate - [select for diffs], Fri Jun 11 08:09:29 2004 UTC (20 years ago) by itojun
Branch: MAIN
Changes since 1.82: +11 -1 lines
Diff to previous 1.82 (colored)
support IPV6_USE_MIN_MTU, which is needed to run BIND9 well. from kame markus ok
Revision 1.4.2.10 / (download) - annotate - [select for diffs], Sat Jun 5 23:11:26 2004 UTC (20 years ago) by niklas
Branch: SMP
Changes since 1.4.2.9: +99 -17 lines
Diff to previous 1.4.2.9 (colored) to branchpoint 1.4 (colored)
Merge with the trunk
Revision 1.4.2.9 / (download) - annotate - [select for diffs], Thu Feb 19 10:57:25 2004 UTC (20 years, 3 months ago) by niklas
Branch: SMP
Changes since 1.4.2.8: +38 -25 lines
Diff to previous 1.4.2.8 (colored) to branchpoint 1.4 (colored)
Merge of current from two weeks agointo the SMP branch
Revision 1.73.2.1 / (download) - annotate - [select for diffs], Sat Feb 7 22:11:34 2004 UTC (20 years, 4 months ago) by brad
Branch: OPENBSD_3_3
Changes since 1.73: +75 -18 lines
Diff to previous 1.73 (colored) next main 1.74 (colored)
MFC: Fix by itojun@ strictly follow RFC2460 section 5, last paragraph (sender behavior when path MTU < 1280). bug found by Georgi Guninski. ok deraadt@ dhartmei@
Revision 1.76.2.1 / (download) - annotate - [select for diffs], Sat Feb 7 22:08:00 2004 UTC (20 years, 4 months ago) by brad
Branch: OPENBSD_3_4
Changes since 1.76: +75 -18 lines
Diff to previous 1.76 (colored) next main 1.77 (colored)
MFC: Fix by itojun@ strictly follow RFC2460 section 5, last paragraph (sender behavior when path MTU < 1280). bug found by Georgi Guninski. ok deraadt@ dhartmei@
Revision 1.82 / (download) - annotate - [select for diffs], Wed Feb 4 08:47:41 2004 UTC (20 years, 4 months ago) by itojun
Branch: MAIN
CVS Tags: SMP_SYNC_B,
OPENBSD_3_5_BASE,
OPENBSD_3_5
Changes since 1.81: +100 -18 lines
Diff to previous 1.81 (colored)
strictly follow RFC2460 section 5, last paragraph (sender behavior when path MTU < 1280). bug found by Georgi Guninski. ok dhartmei
Revision 1.81 / (download) - annotate - [select for diffs], Mon Feb 2 20:13:01 2004 UTC (20 years, 4 months ago) by cedric
Branch: MAIN
Changes since 1.80: +2 -1 lines
Diff to previous 1.80 (colored)
make the stack compile if NPF=0. ok deraadt@ markus@
Revision 1.80 / (download) - annotate - [select for diffs], Wed Dec 10 03:30:21 2003 UTC (20 years, 6 months ago) by itojun
Branch: MAIN
Changes since 1.79: +17 -10 lines
Diff to previous 1.79 (colored)
use if_indexlim (instead of if_index) and ifindex2ifnet[x] != NULL to check if interface exists, as (1) if_index will have different meaning (2) ifindex2ifnet could become NULL when interface gets destroyed, when we introduce dynamically-created interfaces. markus ok
Revision 1.79 / (download) - annotate - [select for diffs], Fri Nov 7 22:32:47 2003 UTC (20 years, 7 months ago) by itojun
Branch: MAIN
Changes since 1.78: +4 -4 lines
Diff to previous 1.78 (colored)
fix behavior when ipv6mr_interface is 0. reported on netbsd list
Revision 1.78 / (download) - annotate - [select for diffs], Wed Oct 1 21:41:05 2003 UTC (20 years, 8 months ago) by itojun
Branch: MAIN
Changes since 1.77: +2 -2 lines
Diff to previous 1.77 (colored)
use random number generator to generate IPv6 fragment ID/flowlabel. cleanup IPv6 flowlabel handling. deraadt ok
Revision 1.77 / (download) - annotate - [select for diffs], Wed Oct 1 21:35:50 2003 UTC (20 years, 8 months ago) by itojun
Branch: MAIN
Changes since 1.76: +6 -2 lines
Diff to previous 1.76 (colored)
correct m_cat misuse. i remember it was ok'ed by someone but don't remember who...
Revision 1.76 / (download) - annotate - [select for diffs], Fri Aug 15 20:32:20 2003 UTC (20 years, 10 months ago) by tedu
Branch: MAIN
CVS Tags: OPENBSD_3_4_BASE
Branch point for: OPENBSD_3_4
Changes since 1.75: +8 -8 lines
Diff to previous 1.75 (colored)
change arguments to suser. suser now takes the process, and a flags argument. old cred only calls user suser_ucred. this will allow future work to more flexibly implement the idea of a root process. looks like something i saw in freebsd, but a little different. use of suser_ucred vs suser in file system code should be looked at again, for the moment semantics remain unchanged. review and input from art@ testing and further review miod@
Revision 1.75 / (download) - annotate - [select for diffs], Wed Jun 11 02:54:02 2003 UTC (21 years ago) by itojun
Branch: MAIN
Changes since 1.74: +6 -5 lines
Diff to previous 1.74 (colored)
- sync up MLD declaration with RFC3542 (s/MLD6/MLD/) - routing header declaration with RFC3542 (note: sizeof(ip6_rthdr0) has changed!) also, sync up with RFC2460 routing header definition (no "strict" source routing mode any more) part of advanced API update (RFC2292 -> 3542). markus, todd, millert, henning ok
Revision 1.4.2.8 / (download) - annotate - [select for diffs], Sat Jun 7 11:06:09 2003 UTC (21 years ago) by ho
Branch: SMP
Changes since 1.4.2.7: +2 -6 lines
Diff to previous 1.4.2.7 (colored) to branchpoint 1.4 (colored)
Sync SMP branch to -current
Revision 1.74 / (download) - annotate - [select for diffs], Mon Jun 2 23:28:15 2003 UTC (21 years ago) by millert
Branch: MAIN
Changes since 1.73: +2 -6 lines
Diff to previous 1.73 (colored)
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
Revision 1.56.2.4 / (download) - annotate - [select for diffs], Mon May 19 22:27:25 2003 UTC (21 years ago) by tedu
Branch: UBC
Changes since 1.56.2.3: +3 -3 lines
Diff to previous 1.56.2.3 (colored) to branchpoint 1.56 (colored) next main 1.57 (colored)
sync
Revision 1.4.2.7 / (download) - annotate - [select for diffs], Fri Mar 28 00:41:29 2003 UTC (21 years, 2 months ago) by niklas
Branch: SMP
Changes since 1.4.2.6: +350 -287 lines
Diff to previous 1.4.2.6 (colored) to branchpoint 1.4 (colored)
Sync the SMP branch with 3.3
Revision 1.73 / (download) - annotate - [select for diffs], Thu Oct 31 18:02:27 2002 UTC (21 years, 7 months ago) by itojun
Branch: MAIN
CVS Tags: UBC_SYNC_A,
OPENBSD_3_3_BASE
Branch point for: OPENBSD_3_3
Changes since 1.72: +3 -3 lines
Diff to previous 1.72 (colored)
plug memory leak. from sam leffler. sync w/kame
Revision 1.56.2.3 / (download) - annotate - [select for diffs], Tue Oct 29 00:36:48 2002 UTC (21 years, 7 months ago) by art
Branch: UBC
Changes since 1.56.2.2: +60 -60 lines
Diff to previous 1.56.2.2 (colored) to branchpoint 1.56 (colored)
sync to -current
Revision 1.72 / (download) - annotate - [select for diffs], Mon Sep 23 23:03:31 2002 UTC (21 years, 8 months ago) by itojun
Branch: MAIN
CVS Tags: UBC_SYNC_B,
OPENBSD_3_2_BASE,
OPENBSD_3_2
Changes since 1.71: +2 -2 lines
Diff to previous 1.71 (colored)
correct length of PADN option before jumbo payload option. sync w/kame deraadt ok
Revision 1.71 / (download) - annotate - [select for diffs], Wed Sep 11 03:27:30 2002 UTC (21 years, 9 months ago) by itojun
Branch: MAIN
Changes since 1.70: +5 -5 lines
Diff to previous 1.70 (colored)
fix pointer signedness mixup. sync w/kame
Revision 1.70 / (download) - annotate - [select for diffs], Wed Sep 11 03:15:36 2002 UTC (21 years, 9 months ago) by itojun
Branch: MAIN
Changes since 1.69: +50 -50 lines
Diff to previous 1.69 (colored)
KNF - return is not a function. sync w/kame
Revision 1.56.2.2 / (download) - annotate - [select for diffs], Tue Jun 11 03:31:37 2002 UTC (22 years ago) by art
Branch: UBC
Changes since 1.56.2.1: +302 -239 lines
Diff to previous 1.56.2.1 (colored) to branchpoint 1.56 (colored)
Sync UBC branch to -current
Revision 1.69 / (download) - annotate - [select for diffs], Sun Jun 9 14:38:39 2002 UTC (22 years ago) by itojun
Branch: MAIN
Changes since 1.68: +6 -6 lines
Diff to previous 1.68 (colored)
whitespace cleanup
Revision 1.68 / (download) - annotate - [select for diffs], Sat Jun 8 21:52:07 2002 UTC (22 years ago) by itojun
Branch: MAIN
Changes since 1.67: +4 -4 lines
Diff to previous 1.67 (colored)
use splnet for ipsec
Revision 1.67 / (download) - annotate - [select for diffs], Sat Jun 8 21:51:08 2002 UTC (22 years ago) by itojun
Branch: MAIN
Changes since 1.66: +4 -4 lines
Diff to previous 1.66 (colored)
splnet -> splsoftnet where appropriate
Revision 1.66 / (download) - annotate - [select for diffs], Sat Jun 8 21:22:03 2002 UTC (22 years ago) by itojun
Branch: MAIN
Changes since 1.65: +2 -2 lines
Diff to previous 1.65 (colored)
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
Revision 1.65 / (download) - annotate - [select for diffs], Fri Jun 7 21:47:44 2002 UTC (22 years ago) by itojun
Branch: MAIN
Changes since 1.64: +84 -22 lines
Diff to previous 1.64 (colored)
move IPV6_CHECKSUM processing to ip6_raw_ctloutput(). bunch of KNFs. rip6 stats. sync w/kame
Revision 1.64 / (download) - annotate - [select for diffs], Fri Jun 7 15:27:58 2002 UTC (22 years ago) by itojun
Branch: MAIN
Changes since 1.63: +18 -11 lines
Diff to previous 1.63 (colored)
just for consistency/compatibility, have net.inet6.ip6.v6only sysctl MIB, as well as set/getsockopt(IPV6_V6ONLY).
Revision 1.63 / (download) - annotate - [select for diffs], Fri Jun 7 15:00:55 2002 UTC (22 years ago) by itojun
Branch: MAIN
Changes since 1.62: +121 -159 lines
Diff to previous 1.62 (colored)
style
Revision 1.62 / (download) - annotate - [select for diffs], Fri Jun 7 04:13:10 2002 UTC (22 years ago) by itojun
Branch: MAIN
Changes since 1.61: +4 -4 lines
Diff to previous 1.61 (colored)
'fall through' is not a valid LINT keyword.
Revision 1.61 / (download) - annotate - [select for diffs], Fri May 31 03:20:01 2002 UTC (22 years ago) by itojun
Branch: MAIN
Changes since 1.60: +5 -5 lines
Diff to previous 1.60 (colored)
do not try to update rmx_mtu if rmx_mtu == 0 (obey ifmtu)
Revision 1.60 / (download) - annotate - [select for diffs], Wed May 29 23:38:58 2002 UTC (22 years ago) by itojun
Branch: MAIN
Changes since 1.59: +1 -3 lines
Diff to previous 1.59 (colored)
force fragment to minimum link MTU (1280) when needed (when PMTUD does not take effect) - like icmp6 responses or foo-over-IPv6 tunnel.
Revision 1.59 / (download) - annotate - [select for diffs], Wed May 29 07:54:59 2002 UTC (22 years ago) by itojun
Branch: MAIN
Changes since 1.58: +77 -43 lines
Diff to previous 1.58 (colored)
attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
Revision 1.4.2.6 / (download) - annotate - [select for diffs], Thu Mar 28 14:56:46 2002 UTC (22 years, 2 months ago) by niklas
Branch: SMP
Changes since 1.4.2.5: +10 -10 lines
Diff to previous 1.4.2.5 (colored) to branchpoint 1.4 (colored)
Merge in -current from roughly a week ago
Revision 1.58 / (download) - annotate - [select for diffs], Thu Mar 14 01:27:12 2002 UTC (22 years, 3 months ago) by millert
Branch: MAIN
CVS Tags: OPENBSD_3_1_BASE,
OPENBSD_3_1
Changes since 1.57: +11 -11 lines
Diff to previous 1.57 (colored)
First round of __P removal in sys
Revision 1.4.2.5 / (download) - annotate - [select for diffs], Wed Mar 6 02:15:08 2002 UTC (22 years, 3 months ago) by niklas
Branch: SMP
Changes since 1.4.2.4: +9 -89 lines
Diff to previous 1.4.2.4 (colored) to branchpoint 1.4 (colored)
Merge in trunk
Revision 1.56.2.1 / (download) - annotate - [select for diffs], Thu Jan 31 22:55:46 2002 UTC (22 years, 4 months ago) by niklas
Branch: UBC
Changes since 1.56: +1 -83 lines
Diff to previous 1.56 (colored)
Merge in -current, builds on i386, otherwise untested
Revision 1.57 / (download) - annotate - [select for diffs], Mon Jan 21 05:33:14 2002 UTC (22 years, 4 months ago) by itojun
Branch: MAIN
Changes since 1.56: +1 -83 lines
Diff to previous 1.56 (colored)
remove couple of #if 0'ed portion we will never use
Revision 1.56 / (download) - annotate - [select for diffs], Fri Dec 7 09:16:07 2001 UTC (22 years, 6 months ago) by itojun
Branch: MAIN
CVS Tags: UBC_BASE
Branch point for: UBC
Changes since 1.55: +10 -8 lines
Diff to previous 1.55 (colored)
whitespace/comment sync with kame
Revision 1.4.2.4 / (download) - annotate - [select for diffs], Wed Dec 5 01:02:40 2001 UTC (22 years, 6 months ago) by niklas
Branch: SMP
Changes since 1.4.2.3: +11 -20 lines
Diff to previous 1.4.2.3 (colored) to branchpoint 1.4 (colored)
Merge in -current
Revision 1.55 / (download) - annotate - [select for diffs], Fri Nov 30 07:59:17 2001 UTC (22 years, 6 months ago) by itojun
Branch: MAIN
Changes since 1.54: +1 -12 lines
Diff to previous 1.54 (colored)
unifdef OLDIP6OUTPUT
Revision 1.54 / (download) - annotate - [select for diffs], Wed Nov 28 10:48:13 2001 UTC (22 years, 6 months ago) by itojun
Branch: MAIN
Changes since 1.53: +5 -5 lines
Diff to previous 1.53 (colored)
typo in sockopt level name (ipsec6 related)
Revision 1.53 / (download) - annotate - [select for diffs], Mon Nov 26 16:50:26 2001 UTC (22 years, 6 months ago) by jasoni
Branch: MAIN
Changes since 1.52: +7 -5 lines
Diff to previous 1.52 (colored)
add fastroute options similar to what is found in ipf ok dhartmei@, frantzen@
Revision 1.4.2.3 / (download) - annotate - [select for diffs], Wed Oct 31 03:29:04 2001 UTC (22 years, 7 months ago) by nate
Branch: SMP
Changes since 1.4.2.2: +35 -20 lines
Diff to previous 1.4.2.2 (colored) to branchpoint 1.4 (colored)
Sync the SMP branch to something just after 3.0
Revision 1.52 / (download) - annotate - [select for diffs], Mon Oct 1 16:03:09 2001 UTC (22 years, 8 months ago) by jasoni
Branch: MAIN
CVS Tags: OPENBSD_3_0_BASE,
OPENBSD_3_0
Changes since 1.51: +2 -1 lines
Diff to previous 1.51 (colored)
reinitialize ip6_hdr pointer after pf_test; ok dhartmei@ (noticed after discussion with itojun on ip6_forward)
Revision 1.51 / (download) - annotate - [select for diffs], Tue Sep 25 14:54:31 2001 UTC (22 years, 8 months ago) by jasoni
Branch: MAIN
Changes since 1.50: +2 -1 lines
Diff to previous 1.50 (colored)
free mbuf when dropping a packet. ok dhartmei@ (also checked by mcbride@countersiege.com)
Revision 1.50 / (download) - annotate - [select for diffs], Sat Sep 15 03:54:40 2001 UTC (22 years, 9 months ago) by frantzen
Branch: MAIN
Changes since 1.49: +14 -1 lines
Diff to previous 1.49 (colored)
IPv6 support from Ryan McBride (mcbride@countersiege.com)
Revision 1.49 / (download) - annotate - [select for diffs], Wed Aug 22 14:18:36 2001 UTC (22 years, 9 months ago) by niklas
Branch: MAIN
Changes since 1.48: +6 -1 lines
Diff to previous 1.48 (colored)
IPCOMP policy stuff missed the last time round
Revision 1.48 / (download) - annotate - [select for diffs], Wed Aug 22 06:52:01 2001 UTC (22 years, 9 months ago) by niklas
Branch: MAIN
Changes since 1.47: +15 -4 lines
Diff to previous 1.47 (colored)
Add IPCOMP setsockopt policy controls. While here fix the other policies too
Revision 1.47 / (download) - annotate - [select for diffs], Tue Aug 21 06:53:36 2001 UTC (22 years, 9 months ago) by angelos
Branch: MAIN
Changes since 1.46: +1 -17 lines
Diff to previous 1.46 (colored)
Don't check for BYPASS options in PCB on ip_output/ip6_output --- this is already done in ip_spd_lookup()
Revision 1.4.2.2 / (download) - annotate - [select for diffs], Wed Jul 4 10:55:23 2001 UTC (22 years, 11 months ago) by niklas
Branch: SMP
Changes since 1.4.2.1: +49 -77 lines
Diff to previous 1.4.2.1 (colored) to branchpoint 1.4 (colored)
Merge in -current from two days ago in the SMP branch. As usual with merges, they do not indicate progress, so do not hold your breath for working SMP, and do not mail me and ask about the state of it. It has not changed. There is work ongoing, but very, very slowly. The commit is done in parts as to not lock up the tree in too big chunks at a time.
Revision 1.46 / (download) - annotate - [select for diffs], Wed Jun 27 03:49:54 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.45: +2 -2 lines
Diff to previous 1.45 (colored)
Get rid of M_COPY_* macros; either use M_MOVE_* or M_DUP_*, depending on how macros should be treated. Code by fgsch@, ok by me and itojun@
Revision 1.45 / (download) - annotate - [select for diffs], Wed Jun 27 01:36:02 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.44: +16 -24 lines
Diff to previous 1.44 (colored)
Don't check cached TDBs on the PCB -- always call ipsp_spd_lookup(); this simplifies the logic a bit.
Revision 1.44 / (download) - annotate - [select for diffs], Mon Jun 25 17:16:27 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.43: +3 -1 lines
Diff to previous 1.43 (colored)
If a PENDING_TDB tag is attached but no TDB is found, drop the packet.
Revision 1.43 / (download) - annotate - [select for diffs], Mon Jun 25 06:14:18 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.42: +18 -3 lines
Diff to previous 1.42 (colored)
PENDING_TDB tag handling (same as ip_output)
Revision 1.42 / (download) - annotate - [select for diffs], Mon Jun 25 02:59:02 2001 UTC (22 years, 11 months ago) by angelos
Branch: MAIN
Changes since 1.41: +1 -3 lines
Diff to previous 1.41 (colored)
Don't double-clear M_PKTHDR/tags.
Revision 1.41 / (download) - annotate - [select for diffs], Sat Jun 9 06:43:38 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.40: +1 -3 lines
Diff to previous 1.40 (colored)
No need for net/net_osdep.h
Revision 1.40 / (download) - annotate - [select for diffs], Wed May 30 12:31:09 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.39: +2 -3 lines
Diff to previous 1.39 (colored)
Update for new prototypes.
Revision 1.39 / (download) - annotate - [select for diffs], Mon May 28 06:45:32 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.38: +3 -45 lines
Diff to previous 1.38 (colored)
Remove unused code.
Revision 1.38 / (download) - annotate - [select for diffs], Mon May 28 05:28:22 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.37: +1 -5 lines
Diff to previous 1.37 (colored)
Don't check for IPV6_ENCAPSULATED, no longer needed since we have the tags.
Revision 1.37 / (download) - annotate - [select for diffs], Mon May 28 05:27:30 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.36: +1 -2 lines
Diff to previous 1.36 (colored)
Missed a DPRINTF().
Revision 1.36 / (download) - annotate - [select for diffs], Mon May 28 05:26:53 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.35: +29 -9 lines
Diff to previous 1.35 (colored)
Use packet tags to detect loops, same as ip_output()
Revision 1.35 / (download) - annotate - [select for diffs], Sat May 26 06:57:20 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.34: +2 -2 lines
Diff to previous 1.34 (colored)
Use m_tag_init() to initialize new mbuf m_pkthdr fields, rather than having to change it every time.
Revision 1.34 / (download) - annotate - [select for diffs], Sun May 20 08:36:01 2001 UTC (23 years ago) by angelos
Branch: MAIN
Changes since 1.33: +2 -2 lines
Diff to previous 1.33 (colored)
Convert from tdbi to packet tags.
Revision 1.33 / (download) - annotate - [select for diffs], Wed May 16 12:53:36 2001 UTC (23 years, 1 month ago) by ho
Branch: MAIN
Changes since 1.32: +2 -7 lines
Diff to previous 1.32 (colored)
No need to check M_WAIT/M_WAITOK malloc return values. (art@ ok)
Revision 1.4.2.1 / (download) - annotate - [select for diffs], Mon May 14 22:40:19 2001 UTC (23 years, 1 month ago) by niklas
Branch: SMP
Changes since 1.4: +465 -206 lines
Diff to previous 1.4 (colored)
merge in approximately 2.9 into SMP branch
Revision 1.32 / (download) - annotate - [select for diffs], Sat Apr 14 00:30:59 2001 UTC (23 years, 2 months ago) by angelos
Branch: MAIN
CVS Tags: OPENBSD_2_9_BASE,
OPENBSD_2_9
Changes since 1.31: +3 -2 lines
Diff to previous 1.31 (colored)
Minor changes, preparing for real socket-attached TDBs; also, more information will be stored in the TDB. ok ho@ provos@
Revision 1.31 / (download) - annotate - [select for diffs], Wed Apr 11 04:49:23 2001 UTC (23 years, 2 months ago) by itojun
Branch: MAIN
Changes since 1.30: +9 -2 lines
Diff to previous 1.30 (colored)
disallow userland programs from specifying addresses with IPV6_PKTINFO setsockopt, if: - the address is not verified by DAD (= not ready) - the address is an anycast address (= not permitted as source) sync with kame
Revision 1.30 / (download) - annotate - [select for diffs], Fri Mar 30 11:09:02 2001 UTC (23 years, 2 months ago) by itojun
Branch: MAIN
Changes since 1.29: +10 -24 lines
Diff to previous 1.29 (colored)
enable FAKE_LOOPBACK_IF case by default. now traffic on loopback interface will be presented to bpf as normal wire format packet (without KAME scopeid in s6_addr16[1]). fix KAME PR 250 (host mistakenly accepts packets to fe80::x%lo0). sync with kame.
Revision 1.29 / (download) - annotate - [select for diffs], Wed Mar 28 20:03:08 2001 UTC (23 years, 2 months ago) by angelos
Branch: MAIN
Changes since 1.28: +16 -11 lines
Diff to previous 1.28 (colored)
Allow tdbi's to appear in mbufs throughout the stack; this allows security properties of the packets to be pushed up to the application (not done yet). Eventually, this will be turned into a packet attributes framework. Make sure tdbi's are free'd/cleared properly whenever drivers (or NFS) does weird things with mbufs.
Revision 1.28 / (download) - annotate - [select for diffs], Sun Mar 25 09:56:00 2001 UTC (23 years, 2 months ago) by itojun
Branch: MAIN
Changes since 1.27: +3 -3 lines
Diff to previous 1.27 (colored)
re-initialize mopt in ip6_insert_jumboopt(). sync with kame From: csapuntz@stanford.edu
Revision 1.27 / (download) - annotate - [select for diffs], Wed Mar 21 15:01:09 2001 UTC (23 years, 2 months ago) by itojun
Branch: MAIN
Changes since 1.26: +6 -3 lines
Diff to previous 1.26 (colored)
set rmx_mtu to L2 interface mtu, instead of 0, on mtudisc timeout. ip6_output() change is for safety. sync with kame
Revision 1.26 / (download) - annotate - [select for diffs], Tue Mar 13 03:35:15 2001 UTC (23 years, 3 months ago) by itojun
Branch: MAIN
Changes since 1.25: +4 -3 lines
Diff to previous 1.25 (colored)
add/clearify spl for ipsec6. sync with kame. reviewed by angelos.
Revision 1.25 / (download) - annotate - [select for diffs], Fri Feb 16 16:38:15 2001 UTC (23 years, 3 months ago) by itojun
Branch: MAIN
Changes since 1.24: +1 -53 lines
Diff to previous 1.24 (colored)
get rid of #ifdef IPV6FIREWALL (never used, will never be used)
Revision 1.24 / (download) - annotate - [select for diffs], Fri Feb 16 14:58:13 2001 UTC (23 years, 3 months ago) by itojun
Branch: MAIN
Changes since 1.23: +2 -3 lines
Diff to previous 1.23 (colored)
cosmetic/comment sync with kame
Revision 1.23 / (download) - annotate - [select for diffs], Fri Feb 16 08:48:06 2001 UTC (23 years, 3 months ago) by itojun
Branch: MAIN
Changes since 1.22: +5 -1 lines
Diff to previous 1.22 (colored)
sync whitespace/comment with kame. to help merge tasks
Revision 1.22 / (download) - annotate - [select for diffs], Fri Feb 16 08:22:06 2001 UTC (23 years, 3 months ago) by itojun
Branch: MAIN
Changes since 1.21: +11 -11 lines
Diff to previous 1.21 (colored)
kill register declarations. to sync with kame better.
Revision 1.21 / (download) - annotate - [select for diffs], Thu Feb 8 18:46:23 2001 UTC (23 years, 4 months ago) by itojun
Branch: MAIN
Changes since 1.20: +3 -3 lines
Diff to previous 1.20 (colored)
witch raw ip6 socket code from NRL to kame. makes upgrades/code sharing much easier.
Revision 1.20 / (download) - annotate - [select for diffs], Tue Feb 6 01:26:58 2001 UTC (23 years, 4 months ago) by itojun
Branch: MAIN
Changes since 1.19: +2 -2 lines
Diff to previous 1.19 (colored)
bad semicolon after "if" conditional.
Revision 1.19 / (download) - annotate - [select for diffs], Tue Feb 6 00:22:23 2001 UTC (23 years, 4 months ago) by mickey
Branch: MAIN
Changes since 1.18: +4 -8 lines
Diff to previous 1.18 (colored)
allow changing number of loopbacks in ukc. change rest of the code to use lo0ifp pointing to the corresponding struct ifnet. itojun@ and niklas@ ok
Revision 1.18 / (download) - annotate - [select for diffs], Fri Feb 2 15:55:18 2001 UTC (23 years, 4 months ago) by itojun
Branch: MAIN
Changes since 1.17: +16 -3 lines
Diff to previous 1.17 (colored)
avoid panic when packet to nonexistent link-local address is issued. kame 1.151 -> 1.152.
Revision 1.17 / (download) - annotate - [select for diffs], Wed Oct 11 09:14:15 2000 UTC (23 years, 8 months ago) by itojun
Branch: MAIN
CVS Tags: OPENBSD_2_8_BASE,
OPENBSD_2_8
Changes since 1.16: +1 -12 lines
Diff to previous 1.16 (colored)
nuke inp_flags bits for controlling IPv4 mapped address. we don't support IPv4 mapped address, and there are inconsistent bit manipulation code so it's safer to nuke them.
Revision 1.16 / (download) - annotate - [select for diffs], Tue Sep 19 03:23:16 2000 UTC (23 years, 8 months ago) by angelos
Branch: MAIN
Changes since 1.15: +4 -20 lines
Diff to previous 1.15 (colored)
Added files, and IPv6-IPsec update.
Revision 1.4.4.1 / (download) - annotate - [select for diffs], Mon Sep 18 16:45:18 2000 UTC (23 years, 8 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.4: +12 -1 lines
Diff to previous 1.4 (colored) next main 1.5 (colored)
Pull in patch from current: Fix (itojun): repair IPv6 multicasting. INP_IPV6_MCAST is necessary. (i will try to remove this flag bit later)
Revision 1.15 / (download) - annotate - [select for diffs], Sat Sep 16 13:58:23 2000 UTC (23 years, 8 months ago) by itojun
Branch: MAIN
Changes since 1.14: +12 -1 lines
Diff to previous 1.14 (colored)
repair IPv6 multicasting. INP_IPV6_MCAST is necessary. (i will try to remove this flag bit later)
Revision 1.14 / (download) - annotate - [select for diffs], Sat Aug 19 09:17:36 2000 UTC (23 years, 9 months ago) by itojun
Branch: MAIN
Changes since 1.13: +37 -11 lines
Diff to previous 1.13 (colored)
- upgrade icmp6 node information query support to 06 draft. - pedant: possible alignment issue in ALIGN > 8 arch (should be okay for now) (sync with kame)
Revision 1.13 / (download) - annotate - [select for diffs], Tue Jun 20 20:51:26 2000 UTC (23 years, 11 months ago) by itojun
Branch: MAIN
Changes since 1.12: +1 -8 lines
Diff to previous 1.12 (colored)
confirmed interop of IPv6 AH with KAME (both global and scoped addr). remove restriction on scoped IPv6 address. TODO: confirm it with other IPv6 AH implementation. since we use very similar logic between KAME IPv6 AH and OpenBSD IPv6 AH, it is possible that both side is making the same mistake or whatever
Revision 1.12 / (download) - annotate - [select for diffs], Tue Jun 20 01:27:24 2000 UTC (23 years, 11 months ago) by itojun
Branch: MAIN
Changes since 1.11: +26 -1 lines
Diff to previous 1.11 (colored)
initialize hoplimit field properly on ipsec6 case
Revision 1.11 / (download) - annotate - [select for diffs], Mon Jun 19 03:43:17 2000 UTC (23 years, 11 months ago) by itojun
Branch: MAIN
Changes since 1.10: +99 -51 lines
Diff to previous 1.10 (colored)
IPv6 IPsec, outbound direction. restriction: if there's any extension header (except fragment) and outbound packet matches tdb, we can't encrypt it. packet will not go out of the node (dropped).
Revision 1.10 / (download) - annotate - [select for diffs], Sun Jun 18 17:31:14 2000 UTC (23 years, 11 months ago) by itojun
Branch: MAIN
Changes since 1.9: +183 -26 lines
Diff to previous 1.9 (colored)
allow IPsec-related get/setsockopt on IPv6 socket. due to number conflict they must be IPV6_xx instead of IP_xx. actually, since in_ctloutput() does not check address family of inpcb, getsockopt(IPPROTO_IP, IP_xx) may work - never tested this.
Revision 1.9 / (download) - annotate - [select for diffs], Sun Jun 18 02:00:20 2000 UTC (23 years, 11 months ago) by itojun
Branch: MAIN
Changes since 1.8: +22 -22 lines
Diff to previous 1.8 (colored)
correct indentation for IPV6_PORTRANGE
Revision 1.8 / (download) - annotate - [select for diffs], Sat Jun 3 13:43:45 2000 UTC (24 years ago) by itojun
Branch: MAIN
Changes since 1.7: +47 -12 lines
Diff to previous 1.7 (colored)
deep-copy ip6 header on ip6_mloopback, to avoid overwriting cluster mbuf.
correct frag header append operation.
some cosmetic (like do {} while (0) to multiline macro)
(sync with kame)
Revision 1.7 / (download) - annotate - [select for diffs], Fri May 19 20:12:10 2000 UTC (24 years ago) by itojun
Branch: MAIN
Changes since 1.6: +3 -3 lines
Diff to previous 1.6 (colored)
correct "telnet fe80::1%lo0".
Revision 1.6 / (download) - annotate - [select for diffs], Fri May 19 13:55:17 2000 UTC (24 years ago) by itojun
Branch: MAIN
Changes since 1.5: +63 -35 lines
Diff to previous 1.5 (colored)
never forward packet with link-local address. experimental support for new loopback packet handling (with FAKE_LOOPBACK_IF, rcvif will be set to real outgoing interface, not the loopback, to honor scope) sync with kame.
Revision 1.5 / (download) - annotate - [select for diffs], Fri May 19 05:14:45 2000 UTC (24 years ago) by itojun
Branch: MAIN
Changes since 1.4: +2 -2 lines
Diff to previous 1.4 (colored)
NULL != 0. from netbsd-current.
Revision 1.4 / (download) - annotate - [select for diffs], Mon Feb 7 06:09:10 2000 UTC (24 years, 4 months ago) by itojun
Branch: MAIN
CVS Tags: SMP_BASE,
OPENBSD_2_7_BASE
Branch point for: SMP,
OPENBSD_2_7
Changes since 1.3: +3 -3 lines
Diff to previous 1.3 (colored)
fix include file path related to ip6.
Revision 1.3 / (download) - annotate - [select for diffs], Mon Dec 20 07:49:06 1999 UTC (24 years, 5 months ago) by itojun
Branch: MAIN
Changes since 1.2: +2 -1 lines
Diff to previous 1.2 (colored)
add missing IPV6_PORTRANGE case.
Revision 1.2 / (download) - annotate - [select for diffs], Fri Dec 10 10:04:28 1999 UTC (24 years, 6 months ago) by angelos
Branch: MAIN
Changes since 1.1: +8 -422 lines
Diff to previous 1.1 (colored)
Remove remaining unnecessary ifdefs (itojun will hate me for this :-)
Revision 1.1 / (download) - annotate - [select for diffs], Wed Dec 8 06:50:21 1999 UTC (24 years, 6 months ago) by itojun
Branch: MAIN
CVS Tags: kame_19991208
bring in KAME IPv6 code, dated 19991208.
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support.
see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine
as well, but you'll need KAME userland tools to play with IPv6 (will be
bringed into soon).