Remove a bogus (redundant, just weird, etc.) key_freeso(so).
There are no consumers of it now, nor does it seem there
ever will be.
in6?_pcb.c:
Add an if (inp->in6?p_sp != NULL) before the call to
ipsec[46]_delete_pcbpolicy(inp). In low-memory conditions
this can cause a crash because in6?_sp can be NULL...
print an error message which say, "include netinet/ip6.h".
This is postponed to apply to avoid tcpdump compile error.
Now apply this because tcpdump has been already fixed.
Approved by: jkh
Obtained from: KAME project
icmp6 error statistics based on sending interface.
This also prevent kernel panic when rcvif is not initialized after M_PKTHDR().
(The initialization issue also need to be fixed in the future.)
Approved by: jkh
Submitted by: k-sugyou@kame.net
Without this, kernel will panic at getsockopt() of IPSEC_POLICY.
Also make compilable libipsec/test-policy.c which tries getsockopt() of
IPSEC_POLICY.
Approved by: jkh
Submitted by: sakane@kame.net
according to draft-ietf-ipngwg-icmp-name-lookups-04 to 05 change.
This is necessary before 4.0, because,
-This change is non backword compatible
-Other KAME derived platforms applied 05
-Author of the draft said he never do backword imcompatible changes
again.
Approved by: jkh
Obtained from: KAME project
Some of IPsec authentication related functions should have
'const' for its 2nd argument, but not now.
But if someone try to use them, and passed const data for
those functions, then much bogus compile warnings will be
generated.
So those funcs prototype should be modified.
Requested by: archie
Approved by: jkh
KAME put INET6 related stuff into sys/netinet6 dir, but IPv6
standard API(RFC2553) require following files to be under sys/netinet.
netinet/ip6.h
netinet/icmp6.h
Now those header files just include each following files.
netinet6/ip6.h
netinet6/icmp6.h
Also KAME has netinet6/in6.h for easy INET6 common defs
sharing between different BSDs, but RFC2553 requires only
netinet/in.h should be included from userland.
So netinet/in.h also includes netinet6/in6.h inside.
To keep apps portability, apps should not directly include
above files from netinet6 dir.
Ideally, all contents of,
netinet6/ip6.h
netinet6/icmp6.h
netinet6/in6.h
should be moved into
netinet/ip6.h
netinet/icmp6.h
netinet/in.h
but to avoid big changes in this stage, add some hack, that
-Put some special macro define into those files under neitnet
-Let files under netinet6 cause error if it is included
from some apps, and, if the specifal macro define is not
defined.
(which should have been defined if files under netinet is
included)
-And let them print an error message which tells the
correct name of the include file to be included.
Also fix apps which includes invalid header files.
Approved by: jkh
Obtained from: KAME project
(1)When all related IPv6 addresses are removed,
then remove the associated IPv6 prefix.
(2)When multiple IPv6 link local addrs exist for a same
interface , then let its IPv6 prefix have multiple
interface id, and create multiple IPv6 global addrs with same
interface id.
(3)When a new IPv6 link local addr is assigned for an
interface, then let its IPv6 prefix also have the
interface id of the new IPv6 link local addr, and
create new IPv6 global addrs with same interface id.
Approved by: jkh
KAME source addr selection rule had a problem to treat IPv6 site
local addr.
The rule is completely rewritten recently and the above problem
is also fixed, but rewriting same code part in freebsd4.0 is too
dangerous in this stage, so just add workaround to avoid
the problem. Just add code for IPv6 site local addresses into IPv6
source addr selection algorythm part.
Yes it is almost code freeze, but as the result of many thought, now I
think this should be added before 4.0...
make world check, kernel build check is done.
Reviewed by: green
Obtained from: KAME project
#Please forget the strange log message of the previous commit .
IPv6 multicast routing.
kernel IPv6 multicast routing support.
pim6 dense mode daemon
pim6 sparse mode daemon
netstat support of IPv6 multicast routing statistics
Merging to the current and testing with other existing multicast routers
is done by Tatsuya Jinmei <jinmei@kame.net>, who writes and maintainances
the base code in KAME distribution.
Make world check and kernel build check was also successful.
Obtained from: KAME project
kernel IPv6 multicast routing support.
pim6 dense mode daemon
pim6 sparse mode daemon
netstat support of IPv6 multicast routing statistics
Merging to the current and testing with other existing multicast routers
is done by Tatsuya Jinmei <jinmei@kame.net>, who writes and maintainances
the base code in KAME distribution.
Make world check and kernel build check was also successful.
(prefix related ioctl should only be called on router,
because host use dynamic address and prefix configuration mechanism,
and those prefix are managed separately with ones whih are assined
manually.)
include this in all kernels. Declare some const *intrq_present
variables that can be checked by a module prior to using *intrq
to queue data.
Make the if_tun module capable of processing atm, ip, ip6, ipx,
natm and netatalk packets when TUNSIFHEAD is ioctl()d on.
Review not required by: freebsd-hackers
This is probably due to twice rtfree() in in6_pcbdetach(),
one for inp->in6p_route.ro_rt, and another one for inp->inp_route.ro_rt.
But these 2 are actually shared in inpcb, so 2nd rtfree() is not necessary.
-opt_ipsec.h was missing on some tcp files (sorry for basic mistake)
-made buildable as above fix
-also added some missing IPv4 mapped IPv6 addr consideration into
ipsec4_getpolicybysock