1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-23 11:18:54 +00:00
Commit Graph

364 Commits

Author SHA1 Message Date
Hajimu UMEMOTO
f4dec803c9 reflect ip6_pktopts and ip6_moptions into embeded scope of
destination address.  it makes `ping6 -I <if> <link-local>'
work again.  since we don't merge scope cleanup yet, we need
this for workaround.
2003-11-12 21:39:12 +00:00
Hajimu UMEMOTO
34d78ec3f1 cleanup rijndael API.
since there are naming conflicts with opencrypto, #define was
added to rename functions intend to avoid conflicts.

Obtained from:	KAME
2003-11-11 18:58:54 +00:00
Hajimu UMEMOTO
db54001806 enable aes-xcbc-mac and aes-ctr, again. 2003-11-10 10:39:14 +00:00
Sam Leffler
7138d65c3f replace explicit changes to rt_refcnt by RT_ADDREF and RT_REMREF
macros that expand to include assertions when the system is built
with INVARIANTS

Supported by:	FreeBSD Foundation
2003-11-08 23:36:32 +00:00
Sam Leffler
7902224c6b o add a flags parameter to netisr_register that is used to specify
whether or not the isr needs to hold Giant when running; Giant-less
  operation is also controlled by the setting of debug_mpsafenet
o mark all netisr's except NETISR_IP as needing Giant
o add a GIANT_REQUIRED assertion to the top of netisr's that need Giant
o pickup Giant (when debug_mpsafenet is 1) inside ip_input before
  calling up with a packet
o change netisr handling so swi_net runs w/o Giant; instead we grab
  Giant before invoking handlers based on whether the handler needs Giant
o change netisr handling so that netisr's that are marked MPSAFE may
  have multiple instances active at a time
o add netisr statistics for packets dropped because the isr is inactive

Supported by:	FreeBSD Foundation
2003-11-08 22:28:40 +00:00
Hajimu UMEMOTO
ba3484d943 nuke obsoleted ipsec_gethist(). it just did panic to notify user
that it was obsoleted.  it is better to fail than just hiding use
of ipsec_gethist() at build.

Sugessted by:	"Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
2003-11-07 20:38:45 +00:00
Hajimu UMEMOTO
07027f9d23 correct behavior when ipv6mr_interface is 0. Matthias Drochner
Notified by:	itojun
Obtained from:	NetBSD
2003-11-06 16:42:59 +00:00
Hajimu UMEMOTO
4e2a2c6a2d byebye in6_ifawithscope(). it was a function for old source
address selection.

Obtained from:	KAME
2003-11-05 17:19:31 +00:00
Hajimu UMEMOTO
e6a2735045 make sure to treat destrination address as KAME internal form
of embedscope.
2003-11-05 16:09:21 +00:00
Hajimu UMEMOTO
d6385b1c0b source address selection part of RFC3484.
TODO: since there is scope issue to be solved, multicast and
link-local address are treated as special for workaround for
now.

Obtained from:	KAME
2003-11-04 20:22:33 +00:00
Hajimu UMEMOTO
0f9ade718d - cleanup SP refcnt issue.
- share policy-on-socket for listening socket.
- don't copy policy-on-socket at all.  secpolicy no longer contain
  spidx, which saves a lot of memory.
- deep-copy pcb policy if it is an ipsec policy.  assign ID field to
  all SPD entries.  make it possible for racoon to grab SPD entry on
  pcb.
- fixed the order of searching SA table for packets.
- fixed to get a security association header.  a mode is always needed
  to compare them.
- fixed that the incorrect time was set to
  sadb_comb_{hard|soft}_usetime.
- disallow port spec for tunnel mode policy (as we don't reassemble).
- an user can define a policy-id.
- clear enc/auth key before freeing.
- fixed that the kernel crashed when key_spdacquire() was called
  because key_spdacquire() had been implemented imcopletely.
- preparation for 64bit sequence number.
- maintain ordered list of SA, based on SA id.
- cleanup secasvar management; refcnt is key.c responsibility;
  alloc/free is keydb.c responsibility.
- cleanup, avoid double-loop.
- use hash for spi-based lookup.
- mark persistent SP "persistent".
  XXX in theory refcnt should do the right thing, however, we have
  "spdflush" which would touch all SPs.  another solution would be to
  de-register persistent SPs from sptree.
- u_short -> u_int16_t
- reduce kernel stack usage by auto variable secasindex.
- clarify function name confusion.  ipsec_*_policy ->
  ipsec_*_pcbpolicy.
- avoid variable name confusion.
  (struct inpcbpolicy *)pcb_sp, spp (struct secpolicy **), sp (struct
  secpolicy *)
- count number of ipsec encapsulations on ipsec4_output, so that we
  can tell ip_output() how to handle the packet further.
- When the value of the ul_proto is ICMP or ICMPV6, the port field in
  "src" of the spidx specifies ICMP type, and the port field in "dst"
  of the spidx specifies ICMP code.
- avoid from applying IPsec transport mode to the packets when the
  kernel forwards the packets.

Tested by:	nork
Obtained from:	KAME
2003-11-04 16:02:05 +00:00
Hajimu UMEMOTO
4835e2c745 use nd6log().
Obtained from:	KAME
2003-11-04 14:09:37 +00:00
Hajimu UMEMOTO
4a201dfc18 - update comments to refrect recent BSDs.
- nuke unused macro PSUEDO_SET().
- I believe our if_xname stuff is nothing strange against other BSDs.

Obtained from:	KAME
2003-11-04 14:08:31 +00:00
Hajimu UMEMOTO
af12e09e86 rename variables.
Obtained from:	KAME
2003-11-02 19:09:29 +00:00
Brooks Davis
9bf40ede4a Replace the if_name and if_unit members of struct ifnet with new members
if_xname, if_dname, and if_dunit. if_xname is the name of the interface
and if_dname/unit are the driver name and instance.

This change paves the way for interface renaming and enhanced pseudo
device creation and configuration symantics.

Approved By:	re (in principle)
Reviewed By:	njl, imp
Tested On:	i386, amd64, sparc64
Obtained From:	NetBSD (if_xname)
2003-10-31 18:32:15 +00:00
Hajimu UMEMOTO
0a91356606 correct stat to increment.
Obtained from:	KAME
2003-10-31 17:51:54 +00:00
Hajimu UMEMOTO
29bc2c4833 do not insert a dest option header (even specified by a user) that
should be placed before a routing header, unless a routing header
really exists.

Obtained from:	KAME
2003-10-31 16:32:12 +00:00
Hajimu UMEMOTO
657db3c899 (icmp6_rip6_input) if the received data is small enough but in an
mbuf cluster, copy the data to a separate mbuf that do not use a
cluster.  this change will reduce the possiblity of packet loss
in the socket layer.

Obtained from:	KAME
2003-10-31 16:21:26 +00:00
Hajimu UMEMOTO
6bb73aea22 rename MLD6_* to MLD_*.
Obtained from:	KAME
2003-10-31 16:07:15 +00:00
Hajimu UMEMOTO
a02e1e2b41 use arc4random.
Obtained from:	KAME
2003-10-31 16:06:05 +00:00
Hajimu UMEMOTO
8d996f28d8 initialize in6_tmpaddrtimer_ch.
Obtained from:	KAME
2003-10-31 15:57:02 +00:00
Hajimu UMEMOTO
68795b9947 nuku unused functions in6_nigroup_attach() and
in6_nigroup_detach().

Obtained from:	KAME
2003-10-31 15:51:28 +00:00
Sam Leffler
9c63e9dbd7 Overhaul routing table entry cleanup by introducing a new rtexpunge
routine that takes a locked routing table reference and removes all
references to the entry in the various data structures. This
eliminates instances of recursive locking and also closes races
where the lock on the entry had to be dropped prior to calling
rtrequest(RTM_DELETE).  This also cleans up confusion where the
caller held a reference to an entry that might have been reclaimed
(and in some cases used that reference).

Supported by:	FreeBSD Foundation
2003-10-30 23:02:51 +00:00
Sam Leffler
457fc53d28 use a local variable to avoid holding a lock across a call out of view
Supported by:	FreeBSD Foundation
2003-10-30 22:56:13 +00:00
Hajimu UMEMOTO
349b668aab - unlock on error.
- don't call malloc with M_WAITOK within lock context.
2003-10-30 18:42:25 +00:00
Hajimu UMEMOTO
7fc91b3f1d add management part of address selection policy described in
RFC3484.

Obtained from:	KAME
2003-10-30 15:29:17 +00:00
Sam Leffler
2657cae39a correct LOR by using a local variable to hold result
instead of holding a lock while calling out of view

Supported by:	FreeBSD Foundation
2003-10-29 22:59:12 +00:00
Hajimu UMEMOTO
59dfcba4aa add ECN support in layer-3.
- implement the tunnel egress rule in ip_ecn_egress() in ip_ecn.c.
   make ip{,6}_ecn_egress() return integer to tell the caller that
   this packet should be dropped.
 - handle ECN at fragment reassembly in ip_input.c and frag6.c.

Obtained from:	KAME
2003-10-29 15:07:04 +00:00
Hajimu UMEMOTO
11de19f44d ip6_savecontrol() argument is redundant 2003-10-29 12:52:28 +00:00
Hajimu UMEMOTO
1410779a4f hide m_tag, again.
Requested by:	sam
2003-10-29 12:49:12 +00:00
Hajimu UMEMOTO
b266757652 make sure to accept only IPv6 packet.
Obtained from:	KAME
2003-10-28 16:45:29 +00:00
Hajimu UMEMOTO
2a5aafce0e cleanup use of m_tag.
Obtained from:	KAME
2003-10-28 16:29:26 +00:00
Hajimu UMEMOTO
8c0dd0e438 M_DONTWAIT was passed into malloc().
Submitted by:	Ian Dowse <iedowse@maths.tcd.ie>
2003-10-27 07:15:22 +00:00
Hajimu UMEMOTO
02b9a2066e re-add wrongly disappered IPV6_CHECKSUM stuff by introducing
ip6_raw_ctloutput().

Obtained from:	KAME
2003-10-26 18:17:01 +00:00
Hajimu UMEMOTO
862e960f61 drop unused defines. 2003-10-26 15:15:36 +00:00
Hajimu UMEMOTO
fe01034af8 drop unused fields. 2003-10-26 15:06:06 +00:00
Hajimu UMEMOTO
0021a48500 use uint32_t instead of u_int32_t for newly introduced
struct definition.
2003-10-26 10:49:18 +00:00
Hajimu UMEMOTO
618d51bbdc revert following unwanted changes:
- __packed to __attribute__((__packed__)
  -  uintN_t back to u_intN_t

Reported by:	bde
2003-10-25 10:57:08 +00:00
Hajimu UMEMOTO
16cd67e933 correct namespace pollution.
Submitted by:	bde
2003-10-25 09:37:10 +00:00
Hajimu UMEMOTO
c302f5bc07 remove the ip6r0_addr and ip6r0_slmap members from ip6_rthdr0{}
according to rfc2292bis.

Obtained from:	KAME
2003-10-24 20:37:05 +00:00
Hajimu UMEMOTO
f95d46333d Switch Advanced Sockets API for IPv6 from RFC2292 to RFC3542
(aka RFC2292bis).  Though I believe this commit doesn't break
backward compatibility againt existing binaries, it breaks
backward compatibility of API.
Now, the applications which use Advanced Sockets API such as
telnet, ping6, mld6query and traceroute6 use RFC3542 API.

Obtained from:	KAME
2003-10-24 18:26:30 +00:00
Sam Leffler
37bdc2803f check return result from rtalloc1 before invoking RTUNLOCK 2003-10-23 21:41:00 +00:00
Hajimu UMEMOTO
86b51224d4 we have ppsratecheck(). 2003-10-22 19:23:51 +00:00
Hajimu UMEMOTO
9bcf770ca8 IP6Q_LOCK_CHECK -> IP6Q_LOCK_ASSERT.
Sugested by:	sam
2003-10-22 19:03:49 +00:00
Hajimu UMEMOTO
66bb118edd drop the code of HAVE_NRL_INPCB part. our system doesn't
use NRL style INPCB.
2003-10-22 18:52:57 +00:00
Hajimu UMEMOTO
31e8f7e530 pretect ip6 reassemble queue by use of mutex.
Submitted by:	rwatson (with modification)
2003-10-22 15:32:56 +00:00
Hajimu UMEMOTO
9888c40195 - implement lock around IPv6 reassembly, to avoid panic due to
frag6_drain (mutex version will come later).
- limit number of fragments (not fragment queues) in kernel.

Obtained from:	KAME
2003-10-22 15:29:42 +00:00
Hajimu UMEMOTO
1ab976cb03 protect sid_default and sid.
Submitted by:	rwatson (with modification)
2003-10-22 15:13:36 +00:00
Hajimu UMEMOTO
65b01ff848 reduce calling in6_addr2zoneid(). 2003-10-22 15:12:06 +00:00
SUZUKI Shinsuke
b18521ee3b more strict sanity check for ESP tail
Obtained from: KAME
2003-10-22 10:44:59 +00:00