1
0
mirror of https://git.FreeBSD.org/src.git synced 2024-12-24 11:29:10 +00:00
Commit Graph

266 Commits

Author SHA1 Message Date
Andrew R. Reiter
d49d0ca7fb - Replace M_WAIT with M_TRYWAIT since the M_WAIT flag is deprecated.
Spotted by: bde
2001-12-09 17:48:08 +00:00
Hajimu UMEMOTO
c79ae091de fixed the cast128 calculation with a short cipher key length.
the memory was overridden when the key length was less than 16 bytes.

Obtained from:	KAME
MFC after:	1 week
2001-11-27 14:11:47 +00:00
Jonathan Lemon
be2ac88c59 Introduce a syncache, which enables FreeBSD to withstand a SYN flood
DoS in an improved fashion over the existing code.

Reviewed by: silby  (in a previous iteration)
Sponsored by: DARPA, NAI Labs
2001-11-22 04:50:44 +00:00
Matthew Dillon
b1e4abd246 Give struct socket structures a ref counting interface similar to
vnodes.  This will hopefully serve as a base from which we can
expand the MP code.  We currently do not attempt to obtain any
mutex or SX locks, but the door is open to add them when we nail
down exactly how that part of it is going to work.
2001-11-17 03:07:11 +00:00
Robert Watson
ce17880650 o Replace reference to 'struct proc' with 'struct thread' in 'struct
sysctl_req', which describes in-progress sysctl requests.  This permits
  sysctl handlers to have access to the current thread, permitting work
  on implementing td->td_ucred, migration of suser() to using struct
  thread to derive the appropriate ucred, and allowing struct thread to be
  passed down to other code, such as network code where td is not currently
  available (and curproc is used).

o Note: netncp and netsmb are not updated to reflect this change, as they
  are not currently KSE-adapted.

Reviewed by:		julian
Obtained from:	TrustedBSD Project
2001-11-08 02:13:18 +00:00
Hajimu UMEMOTO
e9d3164d29 Fixed the behavior when there is no inbound policy for the ipsec
tunneled packet.
When there is no suitable inbound policy for the packet of the ipsec
tunnel mode, the kernel never decapsulate the tunneled packet
as the ipsec tunnel mode even when the system wide policy is "none".
Then the kernel leaves the generic tunnel module to process this
packet.  If there is no rule of the generic tunnel, the packet
is rejected and the statistics will be counted up.

Obtained from:	KAME
MFC after:	1 week
2001-11-06 22:45:29 +00:00
Munechika SUMIKAWA
dc7f237356 Fix fragmented packet handling.
Obtained from:	KAME
MFC after:	3 weeks
2001-10-29 07:55:57 +00:00
Ruslan Ermilov
8071913df2 Pull post-4.4BSD change to sys/net/route.c from BSD/OS 4.2.
Have sys/net/route.c:rtrequest1(), which takes ``rt_addrinfo *''
as the argument.  Pass rt_addrinfo all the way down to rtrequest1
and ifa->ifa_rtrequest.  3rd argument of ifa->ifa_rtrequest is now
``rt_addrinfo *'' instead of ``sockaddr *'' (almost noone is
using it anyways).

Benefit: the following command now works.  Previously we needed
two route(8) invocations, "add" then "change".
# route add -inet6 default ::1 -ifp gif0

Remove unsafe typecast in rtrequest(), from ``rtentry *'' to
``sockaddr *''.  It was introduced by 4.3BSD-Reno and never
corrected.

Obtained from:	BSD/OS, NetBSD
MFC after:	1 month
PR:		kern/28360
2001-10-17 18:07:05 +00:00
Ruslan Ermilov
65ad7c437d Pull fix for memory leak in in6_losing() from netinet/in_pcb.c,v 1.85.
MFC after:	1 week
2001-10-17 17:42:23 +00:00
Hajimu UMEMOTO
ce5b9b31ca Fixed to process a IPv6 packet when ah transport after esp tunnel
should be applied.  the SA of AH transport could not be selected
from the SAD because of this bug.

Obtained from:	KAME
MFC after:	1 week
2001-10-17 13:03:37 +00:00
Darren Reed
3a4d67f769 catch forwarded ipv6 packets with pfil_hooks for outbound things too 2001-10-15 14:16:18 +00:00
Brooks Davis
9494d5968f Make faith loadable, unloadable, and clonable. 2001-09-25 18:40:52 +00:00
Munechika SUMIKAWA
55e89be995 Removed a wrong comment.
Obtained from:	KAME
MFC after:	1 week
2001-09-20 08:04:21 +00:00
Julian Elischer
b40ce4165d KSE Milestone 2
Note ALL MODULES MUST BE RECOMPILED
make the kernel aware that there are smaller units of scheduling than the
process. (but only allow one thread per process at this time).
This is functionally equivalent to teh previousl -current except
that there is a thread associated with each process.

Sorry john! (your next MFC will be a doosie!)

Reviewed by: peter@freebsd.org, dillon@freebsd.org

X-MFC after:    ha ha ha ha
2001-09-12 08:38:13 +00:00
Julian Elischer
ff265614c1 Patches from KAME to remove usage of Varargs in existing
IPV4 code. For now they will still have some in the developing stuff (IPv6)

Submitted by:	Keiichi SHIMA / <keiichi@iij.ad.jp>
Obtained from:	KAME
2001-09-07 07:19:12 +00:00
Jonathan Lemon
f9132cebdc Wrap array accesses in macros, which also happen to be lvalues:
ifnet_addrs[i - 1]  -> ifaddr_byindex(i)
        ifindex2ifnet[i]    -> ifnet_byindex(i)

This is intended to ease the conversion to SMPng.
2001-09-06 02:40:43 +00:00
Julian Elischer
f0ffb944d2 Patches from Keiichi SHIMA <keiichi@iij.ad.jp>
to make ip use the standard protosw structure again.

Obtained from: Well, KAME I guess.
2001-09-03 20:03:55 +00:00
Jonathan Lemon
14b62f116d Add missing "opt_inet6.h" header. 2001-08-31 13:49:03 +00:00
Bill Fenner
fd374ac8a7 Fix fencepost error causing creation of 0-length mbufs when the boundary
between header and data fell on the boundary between two mbufs.
2001-08-20 17:58:46 +00:00
Hidetoshi Shimokawa
23cd8d58ac Fix unaligned access (fault) on alpha with ndp -p/-r and sysctl -a.
Discussed on users@jp.ipv6.org

MFC candidate.
2001-08-10 00:34:20 +00:00
Hajimu UMEMOTO
e43cc4ae36 When running aplication joined multicast address,
removing network card, and kill aplication.
imo_membership[].inm_ifp refer interface pointer
after removing interface.
When kill aplication, release socket,and imo_membership.
imo_membership use already not exist interface pointer.
Then, kernel panic.

PR:		29345
Submitted by:	Inoue Yuichi <inoue@nd.net.fujitsu.co.jp>
Obtained from:	KAME
MFC after:	3 days
2001-08-04 17:10:14 +00:00
Hajimu UMEMOTO
2a21da3022 When global anycast address was assigned to lo0, wrong source
address was selected.

Reported by:	Shingo WATANABE <nabe@nabechan.org>
Submitted by:	JINMEI Tatuya <jinmei@isl.rdc.toshiba.co.jp>
MFC after:	3 days
2001-08-03 19:10:31 +00:00
Hajimu UMEMOTO
13cf67f317 move ipsec security policy allocation into in_pcballoc, before
making pcbs available to the outside world.  otherwise, we will see
inpcb without ipsec security policy attached (-> panic() in ipsec.c).

Obtained from:	KAME
MFC after:	3 days
2001-07-26 19:19:49 +00:00
Hajimu UMEMOTO
09541513e6 do not M_WAITOK in in6_update_ifa(), since this function can be called
under splnet().  (some comment was added by KAME)

PR:		28927
MFC after:	1 week
2001-07-15 14:24:00 +00:00
Hajimu UMEMOTO
89349143ab soopt_mcopyout() frees mbuf if error occurs, and DOES NOT free it if it is
successful.
This part was lacked during merge.

Obtained from:	KAME
MFC after:	1 week
2001-07-08 18:06:03 +00:00
Hajimu UMEMOTO
3efe99eb71 The m_free call in the ip6_fw_ctl_ptr == NULL case apparently
tries to free uninitialized mbuf.
This was my mistake during recent KAME merge.  This part is for
*BSD other than FreeBSD.

Submitted by:	Alexander N. Kabaev <ak03@gte.com>
2001-07-07 19:58:45 +00:00
Hajimu UMEMOTO
554bf4aa86 When the link-layer address of a router changes, select the
best router again.  In particular, when the neighbor entry is newly
created, it might affect the selection policy.

Obtained from:	KAME
MFC after:	1 week
2001-07-04 11:27:24 +00:00
Hajimu UMEMOTO
67defad7a1 use TAILQ_FOREACH() in searching address list
Obtained from:	KAME
MFC after:	1 week
2001-07-03 11:54:07 +00:00
Brooks Davis
53dab5fe7b gif(4) and stf(4) modernization:
- Remove gif dependencies from stf.
 - Make gif and stf into modules
 - Make gif cloneable.

PR:		kern/27983
Reviewed by:	ru, ume
Obtained from:	NetBSD
MFC after:	1 week
2001-07-02 21:02:09 +00:00
Hajimu UMEMOTO
785d213d3f - create an entry of IPV6CTL_STATS sysctl.
- fix the problem that netstat doesn't show raw6 and icmp6 pcblist.
- make netstat use sysctl to retreive stats of ipv6 and icmpv6
  instead of kread.

Obtained from:	KAME
MFC after:	1 week
2001-06-28 18:06:15 +00:00
Jun Kuriyama
5b9eb1684e Fix typo (s/=/+=/) in previous commit. 2001-06-28 05:18:31 +00:00
Hajimu UMEMOTO
1026ccc41c refresh default router list on nd6_purge(), only if we are an
autoconfigured host.

Obtained from:	KAME
2001-06-27 17:56:17 +00:00
Jun Kuriyama
6ce2587d28 Merge from netinet/ip_fw.c (1.117 -> 1.118).
o Use syslog(3) interface for logging.

Reviewed by:	ume
MFC after:	10 days
2001-06-24 22:41:00 +00:00
Hajimu UMEMOTO
ead6be55b8 remove IN6_IS_ADDR_ANY macro (outside of standard, #if 0'ed for a long time)
Obtained from:	KAME
MFC after:	10 days
2001-06-24 20:43:01 +00:00
Hajimu UMEMOTO
0554093b72 disallow setsockopt(IPV6_V6ONLY) for already bound sockets.
Obtained from:	KAME
MFC after:	10 days
2001-06-24 20:25:38 +00:00
Hajimu UMEMOTO
610be6ce41 on icmp6 node information query (FQDN), do not return hostnames with
two dots (like "foo..bar").  0-length labels are not distinguishable
with multiple name replies.

Obtained from:	KAME
MFC after:	10 days
2001-06-24 14:59:34 +00:00
Hajimu UMEMOTO
3e617560d9 decrease warning
Obtained from:	KAME
MFC after:	10 days
2001-06-24 14:57:20 +00:00
Hajimu UMEMOTO
99fe1b3717 Nuke the comment about MIP6. We don't have MIP6 code, yet.
MFC after:	10 days
2001-06-24 14:55:18 +00:00
Munechika SUMIKAWA
05b6760d2a Add IFT_L2VLAN for supported NDP type. IPv6 over VLAN works now.
Obtained from:	KAME
MFC after:	2 weeks
2001-06-19 14:48:02 +00:00
Hajimu UMEMOTO
c3aacd9ec2 call pfxlist_onlink_check() at the end of in6_tmpifadd(), to make sure
a temporary address generated from a detached public one also detached.

Submitted by:	JINMEI Tatuya <jinmei@isl.rdc.toshiba.co.jp>
Obtained from:	KAME
2001-06-18 11:37:06 +00:00
Hajimu UMEMOTO
3384154590 Sync with recent KAME.
This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.

TODO:
  - The definitions of SADB_* in sys/net/pfkeyv2.h are still different
    from RFC2407/IANA assignment because of binary compatibility
    issue.  It should be fixed under 5-CURRENT.
  - ip6po_m member of struct ip6_pktopts is no longer used.  But, it
    is still there because of binary compatibility issue.  It should
    be removed under 5-CURRENT.

Reviewed by:	itojun
Obtained from:	KAME
MFC after:	3 weeks
2001-06-11 12:39:29 +00:00
Jesper Skriver
96c2b04290 Make the default value of net.inet.ip.maxfragpackets and
net.inet6.ip6.maxfragpackets dependent on nmbclusters,
defaulting to nmbclusters / 4

Reviewed by:	bde
MFC after:	1 week
2001-06-10 11:04:10 +00:00
Kris Kennaway
64dddc1872 Add ``options RANDOM_IP_ID'' which randomizes the ID field of IP packets.
This closes a minor information leak which allows a remote observer to
determine the rate at which the machine is generating packets, since the
default behaviour is to increment a counter for each packet sent.

Reviewed by:    -net
Obtained from:  OpenBSD
2001-06-01 10:02:28 +00:00
David E. O'Brien
240ef84277 Back out jesper's 2001/05/31 14:58:11 PDT commit. It does not compile. 2001-06-01 09:51:14 +00:00
Jesper Skriver
b32c091ac2 Change the default value of net.inet6.ip6.maxfragpackets from
200 to NMBCLUSTERS/4 to match the IPv4 case.

MFC after:	1 week
2001-05-31 21:57:53 +00:00
Hajimu UMEMOTO
12ae55c6f2 Fix memory leak.
Submitted by:	itojun
2001-05-23 20:41:17 +00:00
Hajimu UMEMOTO
8d67252492 M_COPY_PKTHDR has to be done before MCLGET.
Obtained from:	KAME
2001-05-22 17:32:02 +00:00
Munechika SUMIKAWA
2bf767799a Plug memoly leak in overlaps fragment cases.
Obtained from:	KAME
2001-05-20 15:33:46 +00:00
Hajimu UMEMOTO
d23d305519 Fix typo in previous commit.
Submitted by:	JINMEI Tatuya <jinmei@isl.rdc.toshiba.co.jp>
2001-04-20 08:43:20 +00:00
Hajimu UMEMOTO
8d64298407 - Fix to receive icmp6 echo reply within the host itself to ff02::1.
- Fix to receive icmp6 echo reply to link-local of itself.

Reported by:	Eriya Akasaka <eakasaka@rodfbs.org>
Submitted by:	JINMEI Tatuya <jinmei@isl.rdc.toshiba.co.jp>
2001-04-19 23:51:20 +00:00
Hajimu UMEMOTO
7b35f61ab7 - correct logic of per-address input packet counts for lo0
- reject packets to fe80::xxxx%lo0 (xxxx != 1)

Submitted by:	JINMEI Tatuya <jinmei@isl.rdc.toshiba.co.jp>
2001-04-05 19:45:02 +00:00
Hajimu UMEMOTO
9ec5413762 Make per-address input packet counts for lo0 work.
Reported by:	bmah
Submitted by:	Noriyasu KATO <noriyasu.kato@toshiba.co.jp> (via itojun)
2001-03-28 19:47:52 +00:00
Hajimu UMEMOTO
eb44ab84e0 nuke IPSEC_SRCSEL which does not do the right thing.
adjust state->ro if the tunnel endpoint is offlink.
KAME PR 233.

PR:		kern/21079
2001-03-16 17:52:48 +00:00
Jun Kuriyama
f13bb83292 Merge from kame (1.175 -> 1.176):
cope with freebsd4 bridge code.
2001-03-16 10:58:16 +00:00
Bosko Milekic
fef5fd2315 Plug several mbuf leaks in error cases (in nd6)
Submitted by: jhay
2001-03-11 05:31:45 +00:00
Kris Kennaway
19391949fb More IP option length validation.
Includes the following revisions from KAME (two of these were actually
committed previously but the CVS revisions weren't documented):

1.40      kame/kame/sys/netinet6/ah_core.c (committed in previous rev)
1.41      kame/kame/sys/netinet6/ah_core.c
1.28      kame/kame/sys/netinet6/ah_output.c (committed in previous rev)
1.29      kame/kame/sys/netinet6/ah_output.c
1.30      kame/kame/sys/netinet6/ah_output.c
1.129     kame/kame/sys/netinet6/nd6.c
1.130     kame/kame/sys/netinet6/nd6.c
1.24      kame/kame/sys/netinet6/dest6.c
1.25      kame/kame/sys/netinet6/dest6.c

Obtained from:	KAME
2001-02-26 03:41:13 +00:00
Hidetoshi Shimokawa
bf1c6fef38 Better detection of duplicated initialization.
Obtained from:	KAME
2001-02-20 10:23:25 +00:00
Kris Kennaway
504d8fd040 Correct IPv4 option processing.
Submitted by:	itojun
Obtained from:	KAME
2001-02-20 03:25:50 +00:00
Brian Feldman
c0511d3b58 Switch to using a struct xucred instead of a struct xucred when not
actually in the kernel.  This structure is a different size than
what is currently in -CURRENT, but should hopefully be the last time
any application breakage is caused there.  As soon as any major
inconveniences are removed, the definition of the in-kernel struct
ucred should be conditionalized upon defined(_KERNEL).

This also changes struct export_args to remove dependency on the
constantly-changing struct ucred, as well as limiting the bounds
of the size fields to the correct size.  This means: a) mountd and
friends won't break all the time, b) mountd and friends won't crash
the kernel all the time if they don't know what they're doing wrt
actual struct export_args layout.

Reviewed by:	bde
2001-02-18 13:30:20 +00:00
Jeroen Ruigrok van der Werven
2fa72ea7d4 Fix typo: compatability -> compatibility.
Compatability is not an existing english word.
2001-02-06 12:05:58 +00:00
Jeroen Ruigrok van der Werven
1a6e52d0e9 Fix typo: seperate -> separate.
Seperate does not exist in the english language.
2001-02-06 11:21:58 +00:00
Poul-Henning Kamp
6817526d14 Convert if_multiaddrs from LIST to TAILQ so that it can be traversed
backwards in the three drivers which want to do that.

Reviewed by:    mikeh
2001-02-06 10:12:15 +00:00
Peter Wemm
0634b4a7b2 Yikes, these files bogusly #include "loop.h" but didn't use the value.
My searching for NLOOP missed them. :-(
2001-01-29 11:28:20 +00:00
Kris Kennaway
1b2556e4a4 Fix the vulnerability with TCP ECE packets recently fixed in ipfw.
This is untested, but believed to work.
2001-01-23 21:11:28 +00:00
Hajimu UMEMOTO
e26aac8d24 avoid conflicting #define symbol (s/FW_IFNLEN/IP6&/).
Obtained from:	KAME
2001-01-22 19:20:06 +00:00
Hajimu UMEMOTO
e699b0ae53 on in6_ifdetach(), do not remove default route mistakenly
Obtained from:	KAME
2001-01-22 13:02:10 +00:00
Dag-Erling Smørgrav
a3ea6d41b9 First step towards an MP-safe zone allocator:
- have zalloc() and zfree() always lock the vm_zone.
 - remove zalloci() and zfreei(), which are now redundant.

Reviewed by:	bmilekic, jasone
2001-01-21 22:23:11 +00:00
Hajimu UMEMOTO
9c1c456c61 permit icmp6 type <= 256 (was 32).
Obtained from:	KAME
2001-01-21 16:07:08 +00:00
Hajimu UMEMOTO
6c0bea350e When ip6_fw_ctl() or soopt_mcopyout() return without success,
don't free mbuf.  It is already freed by these routins.

PR:		kern/24248
2001-01-20 22:37:24 +00:00
Jun-ichiro itojun Hagino
1723dbbbf6 workaround; be sure to initialize nd6 interface information when IPv6
interface address gets added.  this will avoid presenting EMSGSIZE when
outgoing interface is down (and never brought up).

sync with kame.
2001-01-18 06:07:53 +00:00
Hajimu UMEMOTO
41027e03dd do not touch ra_addr if it is NULL. from IIJ SEIL team
Obtained from:	KAME
2001-01-02 15:17:19 +00:00
Bosko Milekic
2a0c503e7a * Rename M_WAIT mbuf subsystem flag to M_TRYWAIT.
This is because calls with M_WAIT (now M_TRYWAIT) may not wait
  forever when nothing is available for allocation, and may end up
  returning NULL. Hopefully we now communicate more of the right thing
  to developers and make it very clear that it's necessary to check whether
  calls with M_(TRY)WAIT also resulted in a failed allocation.
  M_TRYWAIT basically means "try harder, block if necessary, but don't
  necessarily wait forever." The time spent blocking is tunable with
  the kern.ipc.mbuf_wait sysctl.
  M_WAIT is now deprecated but still defined for the next little while.

* Fix a typo in a comment in mbuf.h

* Fix some code that was actually passing the mbuf subsystem's M_WAIT to
  malloc(). Made it pass M_WAITOK instead. If we were ever to redefine the
  value of the M_WAIT flag, this could have became a big problem.
2000-12-21 21:44:31 +00:00
Poul-Henning Kamp
959b7375ed Staticize some malloc M_ instances. 2000-12-08 20:09:00 +00:00
Jonathan Lemon
df5e198723 Lock down the network interface queues. The queue mutex must be obtained
before adding/removing packets from the queue.  Also, the if_obytes and
if_omcasts fields should only be manipulated under protection of the mutex.

IF_ENQUEUE, IF_PREPEND, and IF_DEQUEUE perform all necessary locking on
the queue.  An IF_LOCK macro is provided, as well as the old (mutex-less)
versions of the macros in the form _IF_ENQUEUE, _IF_QFULL, for code which
needs them, but their use is discouraged.

Two new macros are introduced: IF_DRAIN() to drain a queue, and IF_HANDOFF,
which takes care of locking/enqueue, and also statistics updating/start
if necessary.
2000-11-25 07:35:38 +00:00
Bosko Milekic
15072affc8 Change check from mbuf->m_ext.ext_free to use the new ext_type in order
to determine whether the given mbuf has a cluster (or some other type of
external storage) attached to it.

Note: This code should eventually be made to use M_WRITABLE() to determine
whether or not a copy should be made.

Reviewed by: jlemon
2000-11-11 23:07:38 +00:00
Hajimu UMEMOTO
d80315aa1a backout my previous commit (KAME PR 296). foo != TUNNEL will
forbid "ANY" SA from being used for tnunel mode.

Reported by:	Chris Cason <casonc@netplex.aussie.org>
2000-11-09 17:55:17 +00:00
Hajimu UMEMOTO
f09a94dbe3 check whether the packet is tunnel mode. reported from <larse@ISI.EDU>
Obtained from:	KAME
2000-11-03 06:10:56 +00:00
Poul-Henning Kamp
cf9fa8e725 Move suser() and suser_xxx() prototypes and a related #define from
<sys/proc.h> to <sys/systm.h>.

Correctly document the #includes needed in the manpage.

Add one now needed #include of <sys/systm.h>.
Remove the consequent 48 unused #includes of <sys/proc.h>.
2000-10-29 16:06:56 +00:00
Josef Karthauser
fe93767490 Count per-address statistics for IP fragments.
Requested by:	ru
Obtained from:	BSD/OS
2000-10-29 01:05:09 +00:00
Poul-Henning Kamp
46aa3347cb Convert all users of fldoff() to offsetof(). fldoff() is bad
because it only takes a struct tag which makes it impossible to
use unions, typedefs etc.

Define __offsetof() in <machine/ansi.h>

Define offsetof() in terms of __offsetof() in <stddef.h> and <sys/types.h>

Remove myriad of local offsetof() definitions.

Remove includes of <stddef.h> in kernel code.

NB: Kernelcode should *never* include from /usr/include !

Make <sys/queue.h> include <machine/ansi.h> to avoid polluting the API.

Deprecate <struct.h> with a warning.  The warning turns into an error on
01-12-2000 and the file gets removed entirely on 01-01-2001.

Paritials reviews by:   various.
Significant brucifications by:  bde
2000-10-27 11:45:49 +00:00
Jun-ichiro itojun Hagino
d31944e6ec be careful on mbuf overrun on ctlinput.
short icmp6 packet may be able to panic the kernel.
sync with kame.
2000-10-23 07:11:01 +00:00
Jun-ichiro itojun Hagino
a91a9fde81 kame 1.32 -> 1.33
in add_m6fc(), set interface list for all cases.
in response to a report from Hoerdt Mickael.

kame 1.31 -> 1.32
discard PIM register if the version of the inner packet is incorrect (i.e. IPv6)
(according to clarfication of recent discussion in the IETF pim ML)
2000-10-23 07:07:33 +00:00
Josef Karthauser
5da9f8fa97 Augment the 'ifaddr' structure with a 'struct if_data' to keep
statistics on a per network address basis.

Teach the IPv4 and IPv6 input/output routines to log packets/bytes
against the network address connected to the flow.

Teach netstat to display the per-address stats for IP protocols
when 'netstat -i' is evoked, instead of displaying the per-interface
stats.
2000-10-19 23:15:54 +00:00
Archie Cobbs
8576ccb74b Fix broken const'ness in declaration of sha1_loop(). 2000-10-09 18:49:14 +00:00
Jun-ichiro itojun Hagino
c50aa2bcef make pr_type type meet with struct protosw. sync with kame 2000-10-03 13:39:49 +00:00
Jun-ichiro itojun Hagino
de9c893eeb add missing \n. sync with kame. 2000-10-01 10:59:02 +00:00
Hajimu UMEMOTO
20cb9f9efe Make ip6fw as loadable module. 2000-09-23 18:50:59 +00:00
Hajimu UMEMOTO
deebc91386 examined the gateway (from the routing table) only when the address
family of the gateway is AF_INET6.

Submitted by:	JINMEI Tatuya <jinmei@isl.rdc.toshiba.co.jp>
2000-09-15 17:21:35 +00:00
Ruslan Ermilov
e30177e024 Follow BSD/OS and NetBSD, keep the ip_id field in network order all the time.
Requested by:	wollman
2000-09-14 14:42:04 +00:00
Jun-ichiro itojun Hagino
29a3d1b0d2 add attrbute(packed) to union def with specific align constraitn.
move file static variable to auto variable, make in6_cksum() work better in
kernel-MP environment.  sync with kame.

From: Alfred Perlstein <bright@wintelcom.net>
2000-09-09 15:56:46 +00:00
Jun-ichiro itojun Hagino
ddf47c26f3 repair type 0 routing header support. it was caused by RFC2292/2292bis
difference.  from: jinmei@kame.net
2000-09-03 13:43:13 +00:00
Jun-ichiro itojun Hagino
06f879c7f2 warn that setsockopt/sysctl # spaces are shared among *BSD, and should better
be consulted with KAME guys if you want a number.
2000-08-27 00:58:13 +00:00
David Malone
a5c4836d39 Replace the mbuf external reference counting code with something
that should be better.

The old code counted references to mbuf clusters by using the offset
of the cluster from the start of memory allocated for mbufs and
clusters as an index into an array of chars, which did the reference
counting. If the external storage was not a cluster then reference
counting had to be done by the code using that external storage.

NetBSD's system of linked lists of mbufs was cosidered, but Alfred
felt it would have locking issues when the kernel was made more
SMP friendly.

The system implimented uses a pool of unions to track external
storage. The union contains an int for counting the references and
a pointer for forming a free list. The reference counts are
incremented and decremented atomically and so should be SMP friendly.
This system can track reference counts for any sort of external
storage.

Access to the reference counting stuff is now through macros defined
in mbuf.h, so it should be easier to make changes to the system in
the future.

The possibility of storing the reference count in one of the
referencing mbufs was considered, but was rejected 'cos it would
often leave extra mbufs allocated. Storing the reference count in
the cluster was also considered, but because the external storage
may not be a cluster this isn't an option.

The size of the pool of reference counters is available in the
stats provided by "netstat -m".

PR:		19866
Submitted by:	Bosko Milekic <bmilekic@dsuper.net>
Reviewed by:	alfred (glanced at by others on -net)
2000-08-19 08:32:59 +00:00
Jun-ichiro itojun Hagino
0150f3ec9b add missing splx(), when outgoing interface queue is full on tunnelled
IPsec packet output.  KAME PR 280.
2000-08-16 09:56:45 +00:00
Hajimu UMEMOTO
1469c4346f Make compilable with -DIPFILTER.
Because I don't use ipfilter at all, this is not tested.
I don't know if ipfilter is work for IPv6.

Submitted by:	yoshiaki@kt.rim.or.jp
2000-08-12 18:14:13 +00:00
Jun-ichiro itojun Hagino
42915d02a3 backout ND6_USE_RTSOCK change in previous 2000-08-11 12:29:04 +00:00
Jun-ichiro itojun Hagino
2022007008 avoid duplicated rtfree() on default router list change (could cause panic).
sync with kame 1.46 -> 1.47.
2000-08-11 12:27:07 +00:00
Hajimu UMEMOTO
0f6b9b3fe2 Make ip6fw zero work.
PR:		bin/20522
2000-08-10 20:41:33 +00:00
Peter Wemm
b17ec36839 GRRR! Fix the 'panic: ip6_init' caused by darrenr's incomplete changes
for the pfil hooks.  The protosw and ip6protosw structures were out of
sync with each other. :-(
2000-08-02 01:02:42 +00:00
Darren Reed
c4ac87ea1c activate pfil_hooks and covert ipfilter to use it 2000-07-31 13:11:42 +00:00
Jun-ichiro itojun Hagino
059e468480 s/IPSEC_IPV6FWD/IPSEC/. this avoids unexpected behavior on ipv6 fowarding.
(even if you ask for tunnel-mode encryption packets will go out in clear)
sync with kame.
2000-07-16 07:56:54 +00:00
Jun-ichiro itojun Hagino
f38211642f remove m_pulldown statistics, which is highly experimental and does not
belong to *bsd-merged tree
2000-07-12 16:39:13 +00:00
Jun-ichiro itojun Hagino
07632cbf66 correct rtentry reference count in in6_ifloop_request().
if you reconfigure inet6 too much, the reference count can go
into negative by mistake.  KAME in6.c 1.98 -> 1.99.
2000-07-12 05:20:41 +00:00
Greg Lehey
45b65a5e33 Suppress a warning message about trigraphs.
Approved-by: itojun
2000-07-07 04:09:51 +00:00
Jun-ichiro itojun Hagino
b2874e0082 add list of KAME files - may not be 100% correct 2000-07-05 19:05:19 +00:00
Jun-ichiro itojun Hagino
7ee982bcac split net.inet6.ip6.rtexpire (and others) from net.inet.ip.*.
From: Andrzej Bialecki <abial@webgiro.com>
2000-07-05 01:40:29 +00:00
Jun-ichiro itojun Hagino
261216553f correct compilation with IPSEC_IPV6FWD.
From: Ollivier Robert <roberto@keltia.freenix.fr>
2000-07-05 01:14:45 +00:00
Jun-ichiro itojun Hagino
686cdd19b1 sync with kame tree as of july00. tons of bug fixes/improvements.
API changes:
- additional IPv6 ioctls
- IPsec PF_KEY API was changed, it is mandatory to upgrade setkey(8).
  (also syntax change)
2000-07-04 16:35:15 +00:00
Poul-Henning Kamp
77978ab8bc Previous commit changing SYSCTL_HANDLER_ARGS violated KNF.
Pointed out by:	bde
2000-07-04 11:25:35 +00:00
Poul-Henning Kamp
82d9ae4e32 Style police catches up with rev 1.26 of src/sys/sys/sysctl.h:
Sanitize SYSCTL_HANDLER_ARGS so that simplistic tools can grog our
sources:

        -sysctl_vm_zone SYSCTL_HANDLER_ARGS
        +sysctl_vm_zone (SYSCTL_HANDLER_ARGS)
2000-07-03 09:35:31 +00:00
Hajimu UMEMOTO
469759fc5c Inhibit successful DAD messages and "no default interface" messages.
It seems that people find them too noisy.
(ND6_DEBUG will enable them)

Obtained from:	KAME Project
2000-06-22 19:04:41 +00:00
Jun-ichiro itojun Hagino
a8ceb7b389 correct bad TTL with packets generated by v4 mapped udp. from kame 2000-06-22 16:48:59 +00:00
Jake Burkholder
e39756439c Back out the previous change to the queue(3) interface.
It was not discussed and should probably not happen.

Requested by:		msmith and others
2000-05-26 02:09:24 +00:00
Archie Cobbs
06a429a3c8 Just need to pass the address family to if_simloop(), not the whole sockaddr. 2000-05-24 21:16:56 +00:00
Jake Burkholder
740a1973a6 Change the way that the queue(3) structures are declared; don't assume that
the type argument to *_HEAD and *_ENTRY is a struct.

Suggested by:	phk
Reviewed by:	phk
Approved by:	mdodd
2000-05-23 20:41:01 +00:00
Bruce Evans
08db2b40dd Fixed missing prototype for inet6_rthdr_reverse(). 2000-05-11 16:57:45 +00:00
Paul Saab
88c7d46bdc Add missing include machine/in_cksum.h.
Submitted by:	n_hibma
2000-05-09 16:56:51 +00:00
Poul-Henning Kamp
eb95c536ad Remove unneeded #include <sys/kernel.h> 2000-04-29 15:36:14 +00:00
Poul-Henning Kamp
3389ae9350 Remove ~25 unneeded #include <sys/conf.h>
Remove ~60 unneeded #include <sys/malloc.h>
2000-04-19 14:58:28 +00:00
Munechika SUMIKAWA
ad8d5711fb even if nd6_nud_hint is called, do not change a neighbor's status
unless the old status is probably reachable (i.e. the link-layer address
has already been resolved).

Obtained from:	KAME Project
2000-04-17 20:24:06 +00:00
Yoshinobu Inoue
fdaf052eb3 Support per socket based IPv4 mapped IPv6 addr enable/disable control.
Submitted by: ume
2000-04-01 22:35:47 +00:00
Brian Feldman
333aa64d05 in6_pcb.c:
Remove a bogus (redundant, just weird, etc.) key_freeso(so).
	There are no consumers of it now, nor does it seem there
	ever will be.

in6?_pcb.c:
	Add an if (inp->in6?p_sp != NULL) before the call to
	ipsec[46]_delete_pcbpolicy(inp).  In low-memory conditions
	this can cause a crash because in6?_sp can be NULL...
2000-03-22 02:27:30 +00:00
Yoshinobu Inoue
3f30603cfb Backout the previous change to __KAME_VERSION (FreeBSD4.x addition),
because this is now 5.0-current.
2000-03-13 10:07:30 +00:00
Yoshinobu Inoue
eb7006c008 Change __KAME_VERSION value. Added the word "FreeBSD4.x" to identify the
system with other platform and/or other version of FreeBSD, which is also
integrated KAME code based on another date.

Approved by: jkh
2000-03-12 20:27:26 +00:00
Yoshinobu Inoue
dd251c3820 Forbid include of netinet6/ip6.h from user-land, and if included,
print an error message which say, "include netinet/ip6.h".
This is postponed to apply to avoid tcpdump compile error.
Now apply this because tcpdump has been already fixed.

Approved by: jkh

Obtained from: KAME project
2000-03-11 20:44:53 +00:00
Yoshinobu Inoue
8fca8c97c6 Replace m_pkthdr.rcvif with oif when oif is not NULL, to count
icmp6 error statistics based on sending interface.
This also prevent kernel panic when rcvif is not initialized after M_PKTHDR().
(The initialization issue also need to be fixed in the future.)

Approved by: jkh

Submitted by: k-sugyou@kame.net
2000-03-11 20:03:22 +00:00
Yoshinobu Inoue
f63e7634ac Initialize mbuf pointer at getting ipsec policy.
Without this, kernel will panic at getsockopt() of IPSEC_POLICY.
Also make compilable libipsec/test-policy.c which tries getsockopt() of
IPSEC_POLICY.

Approved by: jkh

Submitted by: sakane@kame.net
2000-03-09 14:57:16 +00:00
Yoshinobu Inoue
690a43db7e Update icmp node info query message bit order of query types,
according to draft-ietf-ipngwg-icmp-name-lookups-04 to 05 change.
This is necessary before 4.0, because,
  -This change is non backword compatible
  -Other KAME derived platforms applied 05
  -Author of the draft said he never do backword imcompatible changes
   again.

Approved by: jkh

Obtained from: KAME project
2000-03-09 14:47:21 +00:00
Yoshinobu Inoue
7d0d8dc306 CMSG_XXX macros alignment fixes to follow RFC2292.
Approved by: jkh

Submitted by: Partly from tech@openbsd
Reviewed by: itojun
2000-03-03 11:13:12 +00:00
Yoshinobu Inoue
e7e3ecb6c3 At detaching IPv6 raw socket, also finish IPv6 multicast router.
Approved by: jkh

Submitted by: fenner
2000-02-27 18:35:10 +00:00
Peter Wemm
242c5536ea Clean up some loose ends in the network code, including the X.25 and ISO
#ifdefs.  Clean out unused netisr's and leftover netisr linker set gunk.
Tested on x86 and alpha, including world.

Approved by:	jkh
2000-02-13 03:32:07 +00:00
Yoshinobu Inoue
f7d7fca7fd Prototype fix for IPsec authentication related functions
Some of IPsec authentication related functions should have
  'const' for its 2nd argument, but not now.
  But if someone try to use them, and passed const data for
  those functions, then much bogus compile warnings will be
  generated.
  So those funcs prototype should be modified.

Requested by: archie
Approved by: jkh
2000-02-10 19:35:53 +00:00
Yoshinobu Inoue
1aa540eb03 Forbid include of soem inet6 header files from wrong place
KAME put INET6 related stuff into sys/netinet6 dir, but IPv6
  standard API(RFC2553) require following files to be under sys/netinet.
    netinet/ip6.h
    netinet/icmp6.h
  Now those header files just include each following files.
    netinet6/ip6.h
    netinet6/icmp6.h

  Also KAME has netinet6/in6.h for easy INET6 common defs
  sharing between different BSDs, but RFC2553 requires only
  netinet/in.h should be included from userland.
  So netinet/in.h also includes netinet6/in6.h inside.

  To keep apps portability, apps should not directly include
  above files from netinet6 dir.
  Ideally, all contents of,
    netinet6/ip6.h
    netinet6/icmp6.h
    netinet6/in6.h
  should be moved into
    netinet/ip6.h
    netinet/icmp6.h
    netinet/in.h
  but to avoid big changes in this stage, add some hack, that
    -Put some special macro define into those files under neitnet
    -Let files under netinet6 cause error if it is included
     from some apps, and, if the specifal macro define is not
     defined.
     (which should have been defined if files under netinet is
     included)
    -And let them print an error message which tells the
     correct name of the include file to be included.

  Also fix apps which includes invalid header files.

Approved by: jkh

Obtained from: KAME project
2000-02-10 19:33:58 +00:00
Yoshinobu Inoue
648c4d3822 IPv6 prefix assignment bug fixes.
(1)When all related IPv6 addresses are removed,
       then remove the associated IPv6 prefix.
    (2)When multiple IPv6 link local addrs exist for a same
       interface , then let its IPv6 prefix have multiple
       interface id, and create multiple IPv6 global addrs with same
       interface id.
    (3)When a new IPv6 link local addr is assigned for an
       interface, then let its IPv6 prefix also have the
       interface id of the new IPv6 link local addr, and
       create new IPv6 global addrs with same interface id.

Approved by: jkh
2000-02-07 01:45:30 +00:00
Yoshinobu Inoue
836b116ab0 Permit site local addr in IPv6 source address selection rule.
KAME source addr selection rule had a problem to treat IPv6 site
  local addr.
  The rule is completely rewritten recently and the above problem
  is also fixed, but rewriting same code part in freebsd4.0 is too
  dangerous in this stage, so just add workaround to avoid
  the problem. Just add code for IPv6 site local addresses into IPv6
  source addr selection algorythm part.
2000-02-07 01:32:41 +00:00
Yoshinobu Inoue
210d0432a3 Add ip6fw.
Yes it is almost code freeze, but as the result of many thought, now I
think this should be added before 4.0...

make world check, kernel build check is done.

Reviewed by: green
Obtained from: KAME project
2000-01-29 13:54:44 +00:00
Yoshinobu Inoue
67e394e034 Backout diffs which should not be included. 2000-01-28 13:16:34 +00:00
Yoshinobu Inoue
577a30ee41 #This is a null commit to give correct description for the previous change.
#Please forget the strange log message of the previous commit .

IPv6 multicast routing.
  kernel IPv6 multicast routing support.
  pim6 dense mode daemon
  pim6 sparse mode daemon
  netstat support of IPv6 multicast routing statistics

  Merging to the current and testing with other existing multicast routers
  is done by Tatsuya Jinmei <jinmei@kame.net>, who writes and maintainances
  the base code in KAME distribution.

  Make world check and kernel build check was also successful.

Obtained from: KAME project
2000-01-28 12:17:49 +00:00
Yoshinobu Inoue
91ec0a1e84 Sorry I didn't commit these files at the commit just a few minutes before.
(IPv6 multicast routing)
I think I mistakenly touched TAB and the last arg sys/netinet6 to
the cvs commit changed to sys/netinet6/in6_proto.c.
2000-01-28 05:27:14 +00:00
Yoshinobu Inoue
0fea3d5165 IPv6 multicast routing.
kernel IPv6 multicast routing support.
  pim6 dense mode daemon
  pim6 sparse mode daemon
  netstat support of IPv6 multicast routing statistics

  Merging to the current and testing with other existing multicast routers
  is done by Tatsuya Jinmei <jinmei@kame.net>, who writes and maintainances
  the base code in KAME distribution.

  Make world check and kernel build check was also successful.
2000-01-28 05:10:56 +00:00
Yoshinobu Inoue
9c275a58b3 Added ip6_forwarding check when prefix related ioctl is called.
(prefix related ioctl should only be called on router,
because host use dynamic address and prefix configuration mechanism,
and those prefix are managed separately with ones whih are assined
manually.)
2000-01-27 10:04:28 +00:00
Brian Somers
367d34f853 Move the *intrq variables into net/intrq.c and unconditionally
include this in all kernels.  Declare some const *intrq_present
variables that can be checked by a module prior to using *intrq
to queue data.

Make the if_tun module capable of processing atm, ip, ip6, ipx,
natm and netatalk packets when TUNSIFHEAD is ioctl()d on.

Review not required by: freebsd-hackers
2000-01-24 20:39:02 +00:00
Yoshinobu Inoue
714dabb963 Merge a bug fix from freebsd-current; check m != NULL before touching it,
at udp6_ctlinput().
  There should be kernel panic at PCCARD suspend etc, before this bug fix.

Submitted by:  Hajimu UMEMOTO <ume@mahoroba.org>
2000-01-18 09:02:19 +00:00
Yoshinobu Inoue
42ae04d936 fix kernel panic at rtfree() in INET6 enabled envrionment.
This is probably due to twice rtfree() in in6_pcbdetach(),
  one for inp->in6p_route.ro_rt, and another one for inp->inp_route.ro_rt.
  But these 2 are actually shared in inpcb, so 2nd rtfree() is not necessary.
2000-01-16 18:00:06 +00:00
Yoshinobu Inoue
3a2a9f7976 Fixed the problem that IPsec connection hangs when bigger data is sent.
-opt_ipsec.h was missing on some tcp files (sorry for basic mistake)
  -made buildable as above fix
  -also added some missing IPv4 mapped IPv6 addr consideration into
   ipsec4_getpolicybysock
2000-01-15 14:56:38 +00:00
Yoshinobu Inoue
79c361bc79 wrapped prototype declarations by __P(())
Submitted by: bde
2000-01-15 05:30:15 +00:00
Yoshinobu Inoue
bb913f0f78 add forward declarations, and small cosmetic changes.
Submitted by: bde
2000-01-15 05:20:40 +00:00
Yoshinobu Inoue
ba9b06509a fix wrong name which is hidden by wrong ifdef.
Sorry for build failure. There was a mistake when I moved the patch
from my build check machine to commit machine.

Specified by: peter
2000-01-13 15:27:50 +00:00
Yoshinobu Inoue
5d60ed0e69 Change struct sockaddr_storage member name, because following change
is very likely to become consensus as recent ietf/ipng mailing list
discussion. Also recent KAME repository and other KAME patched BSDs
also applied it.

  s/__ss_family/ss_family/
  s/__ss_len/ss_len/

Makeworld is confirmed, and no application should be affected by this change
yet.
2000-01-13 14:52:53 +00:00
Yoshinobu Inoue
23ecf4b562 removed an ours case which think a packet destined to loopback interface
with IPv6 loopback addr for its dest or src addr as ours.
2000-01-13 05:12:48 +00:00