1
0
mirror of https://git.FreeBSD.org/src.git synced 2025-01-12 14:29:28 +00:00
freebsd/sys/netinet6
Kris Kennaway 64dddc1872 Add ``options RANDOM_IP_ID'' which randomizes the ID field of IP packets.
This closes a minor information leak which allows a remote observer to
determine the rate at which the machine is generating packets, since the
default behaviour is to increment a counter for each packet sent.

Reviewed by:    -net
Obtained from:  OpenBSD
2001-06-01 10:02:28 +00:00
..
ah6.h sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
ah_core.c More IP option length validation. 2001-02-26 03:41:13 +00:00
ah_input.c Lock down the network interface queues. The queue mutex must be obtained 2000-11-25 07:35:38 +00:00
ah_output.c More IP option length validation. 2001-02-26 03:41:13 +00:00
ah.h sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
dest6.c More IP option length validation. 2001-02-26 03:41:13 +00:00
esp6.h sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
esp_core.c sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
esp_input.c Lock down the network interface queues. The queue mutex must be obtained 2000-11-25 07:35:38 +00:00
esp_output.c sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
esp.h sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
frag6.c Plug memoly leak in overlaps fragment cases. 2001-05-20 15:33:46 +00:00
icmp6.c Convert all users of fldoff() to offsetof(). fldoff() is bad 2000-10-27 11:45:49 +00:00
icmp6.h sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
in6_cksum.c add attrbute(packed) to union def with specific align constraitn. 2000-09-09 15:56:46 +00:00
in6_gif.c Convert all users of fldoff() to offsetof(). fldoff() is bad 2000-10-27 11:45:49 +00:00
in6_gif.h sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
in6_ifattach.c on in6_ifdetach(), do not remove default route mistakenly 2001-01-22 13:02:10 +00:00
in6_ifattach.h sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
in6_pcb.c First step towards an MP-safe zone allocator: 2001-01-21 22:23:11 +00:00
in6_pcb.h sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
in6_prefix.c do not touch ra_addr if it is NULL. from IIJ SEIL team 2001-01-02 15:17:19 +00:00
in6_prefix.h sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
in6_proto.c Back out jesper's 2001/05/31 14:58:11 PDT commit. It does not compile. 2001-06-01 09:51:14 +00:00
in6_rmx.c split net.inet6.ip6.rtexpire (and others) from net.inet.ip.*. 2000-07-05 01:40:29 +00:00
in6_src.c Yikes, these files bogusly #include "loop.h" but didn't use the value. 2001-01-29 11:28:20 +00:00
in6_var.h Convert if_multiaddrs from LIST to TAILQ so that it can be traversed 2001-02-06 10:12:15 +00:00
in6.c workaround; be sure to initialize nd6 interface information when IPv6 2001-01-18 06:07:53 +00:00
in6.h warn that setsockopt/sysctl # spaces are shared among *BSD, and should better 2000-08-27 00:58:13 +00:00
ip6_ecn.h sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
ip6_forward.c Make ip6fw as loadable module. 2000-09-23 18:50:59 +00:00
ip6_fw.c Fix the vulnerability with TCP ECE packets recently fixed in ipfw. 2001-01-23 21:11:28 +00:00
ip6_fw.h Fix the vulnerability with TCP ECE packets recently fixed in ipfw. 2001-01-23 21:11:28 +00:00
ip6_input.c M_COPY_PKTHDR has to be done before MCLGET. 2001-05-22 17:32:02 +00:00
ip6_mroute.c Fix typo: seperate -> separate. 2001-02-06 11:21:58 +00:00
ip6_mroute.h sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
ip6_output.c Fix memory leak. 2001-05-23 20:41:17 +00:00
ip6_var.h remove m_pulldown statistics, which is highly experimental and does not 2000-07-12 16:39:13 +00:00
ip6.h sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
ip6protosw.h make pr_type type meet with struct protosw. sync with kame 2000-10-03 13:39:49 +00:00
ipcomp6.h sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
ipcomp_core.c sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
ipcomp_input.c sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
ipcomp_output.c sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
ipcomp.h sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
ipsec6.h sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
ipsec.c Add ``options RANDOM_IP_ID'' which randomizes the ID field of IP packets. 2001-06-01 10:02:28 +00:00
ipsec.h sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
mld6_var.h sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
mld6.c Convert if_multiaddrs from LIST to TAILQ so that it can be traversed 2001-02-06 10:12:15 +00:00
nd6_nbr.c sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
nd6_rtr.c backout ND6_USE_RTSOCK change in previous 2000-08-11 12:29:04 +00:00
nd6.c Plug several mbuf leaks in error cases (in nd6) 2001-03-11 05:31:45 +00:00
nd6.h Fix typo: compatability -> compatibility. 2001-02-06 12:05:58 +00:00
pim6_var.h sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
pim6.h sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
raw_ip6.c * Rename M_WAIT mbuf subsystem flag to M_TRYWAIT. 2000-12-21 21:44:31 +00:00
README add list of KAME files - may not be 100% correct 2000-07-05 19:05:19 +00:00
route6.c repair type 0 routing header support. it was caused by RFC2292/2292bis 2000-09-03 13:43:13 +00:00
scope6_var.h sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
scope6.c sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
tcp6_var.h sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00
udp6_output.c Move suser() and suser_xxx() prototypes and a related #define from 2000-10-29 16:06:56 +00:00
udp6_usrreq.c Switch to using a struct xucred instead of a struct xucred when not 2001-02-18 13:30:20 +00:00
udp6_var.h sync with kame tree as of july00. tons of bug fixes/improvements. 2000-07-04 16:35:15 +00:00

a note to committers about KAME tree
$FreeBSD$
KAME project


FreeBSD IPv6/IPsec tree is from KAMEproject (http://www.kame.net/).
To synchronize KAME tree and FreeBSD better today and in the future,
please understand the following:

- DO NOT MAKE COSTMETIC CHANGES.
  "Cosmetic changes" here includes tabify, untabify, removal of space at EOL,
  minor KNF items, and whatever adds more output lines on "diff freebsd kame".
  To make future synchronization easier. it is critical to preserve certain
  statements in the code.  Also, as KAME tree supports all 4 BSDs (Free, Open,
  Net, BSD/OS) in single shared tree, it is not always possible to backport
  FreeBSD changes into KAME tree.  So again, please do not make cosmetic
  changes.  Even if you think it a right thing, that will bite KAME guys badly
  during upgrade attempts, and prevent us from synchronizing two trees.
  (you don't usually make cosmetic changes against third-party code, do you?)

- REPORT CHANGES/BUGS TO KAME GUYS.
  It is not always possible for KAME guys to watch all the freebsd mailing
  list traffic, as the traffic is HUGE.  So if possible, please, inform
  kame guys of changes you made in IPv6/IPsec related portion.  Contact
  path would be snap-users@kame.net or KAME PR database on www.kame.net.
  (or to core@kame.net if it is necessary to make it confidential)

Thank you for your cooperation and have a happy IPv6 life!


Note: KAME-origin code is in the following locations.
The above notice applies to corresponding manpages too.
The list may not be complete.  If you see $KAME$ in the code, it is from
KAME distribution.  If you see some file that is IPv6/IPsec related, it is
highly possible that the file is from KAME distribution.

include/ifaddrs.h
lib/libc/net
lib/libc/net/getaddrinfo.c
lib/libc/net/getifaddrs.c
lib/libc/net/getnameinfo.c
lib/libc/net/ifname.c
lib/libc/net/ip6opt.c
lib/libc/net/map_v4v6.c
lib/libc/net/name6.c
lib/libftpio
lib/libipsec
sbin/ip6fw
sbin/ping6
sbin/rtsol
share/doc/IPv6
share/man/man4/ip6.4
share/man/man4/inet6.4
sys/crypto (except sys/crypto/rc4)
sys/kern/uipc_mbuf2.c
sys/net/if_faith.[ch]
sys/net/if_gif.[ch]
sys/net/if_stf.[ch]
sys/net/pfkeyv2.h
sys/netinet/icmp6.h
sys/netinet/in_gif.[ch]
sys/netinet/ip6.h
sys/netinet/ip_encap.[ch]
sys/netinet6
sys/netkey
usr.sbin/faithd
usr.sbin/gifconfig
usr.sbin/ifmcstat
usr.sbin/mld6query
usr.sbin/ndp
usr.sbin/pim6dd
usr.sbin/pim6sd
usr.sbin/prefix
usr.sbin/rip6query
usr.sbin/route6d
usr.sbin/rrenumd
usr.sbin/rtadvd
usr.sbin/rtsold
usr.sbin/scope6config
usr.sbin/setkey
usr.sbin/traceroute6