Commit Graph

674 Commits

Author SHA1 Message Date
Robert Watson
c2259ba44f Include priv.h to pick up suser(9) definitions, missed in an earlier
commit.

Warnings spotted by:	kris
2007-06-13 22:42:43 +00:00
Bruce M Simpson
71498f308b Import rewrite of IPv4 socket multicast layer to support source-specific
and protocol-independent host mode multicast. The code is written to
accomodate IPv6, IGMPv3 and MLDv2 with only a little additional work.

This change only pertains to FreeBSD's use as a multicast end-station and
does not concern multicast routing; for an IGMPv3/MLDv2 router
implementation, consider the XORP project.

The work is based on Wilbert de Graaf's IGMPv3 code drop for FreeBSD 4.6,
which is available at: http://www.kloosterhof.com/wilbert/igmpv3.html

Summary
 * IPv4 multicast socket processing is now moved out of ip_output.c
   into a new module, in_mcast.c.
 * The in_mcast.c module implements the IPv4 legacy any-source API in
   terms of the protocol-independent source-specific API.
 * Source filters are lazy allocated as the common case does not use them.
   They are part of per inpcb state and are covered by the inpcb lock.
 * struct ip_mreqn is now supported to allow applications to specify
   multicast joins by interface index in the legacy IPv4 any-source API.
 * In UDP, an incoming multicast datagram only requires that the source
   port matches the 4-tuple if the socket was already bound by source port.
   An unbound socket SHOULD be able to receive multicasts sent from an
   ephemeral source port.
 * The UDP socket multicast filter mode defaults to exclusive, that is,
   sources present in the per-socket list will be blocked from delivery.
 * The RFC 3678 userland functions have been added to libc: setsourcefilter,
   getsourcefilter, setipv4sourcefilter, getipv4sourcefilter.
 * Definitions for IGMPv3 are merged but not yet used.
 * struct sockaddr_storage is now referenced from <netinet/in.h>. It
   is therefore defined there if not already declared in the same way
   as for the C99 types.
 * The RFC 1724 hack (specify 0.0.0.0/8 addresses to IP_MULTICAST_IF
   which are then interpreted as interface indexes) is now deprecated.
 * A patch for the Rhyolite.com routed in the FreeBSD base system
   is available in the -net archives. This only affects individuals
   running RIPv1 or RIPv2 via point-to-point and/or unnumbered interfaces.
 * Make IPv6 detach path similar to IPv4's in code flow; functionally same.
 * Bump __FreeBSD_version to 700048; see UPDATING.

This work was financially supported by another FreeBSD committer.

Obtained from:  p4://bms_netdev
Submitted by:   Wilbert de Graaf (original work)
Reviewed by:    rwatson (locking), silence from fenner,
		net@ (but with encouragement)
2007-06-12 16:24:56 +00:00
Randall Stewart
35918f8571 - Restructure so bindx functions are not done inline to socket option
but are a seperate call that can be re-used if needed.
- 64 bit issues
  o re-arrange cookie so it is better 64 bit aligned
  o For wire level things we need the packed attribute.
2007-06-12 11:21:00 +00:00
Robert Watson
32f9753cfb Eliminate now-unused SUSER_ALLOWJAIL arguments to priv_check_cred(); in
some cases, move to priv_check() if it was an operation on a thread and
no other flags were present.

Eliminate caller-side jail exception checking (also now-unused); jail
privilege exception code now goes solely in kern_jail.c.

We can't yet eliminate suser() due to some cases in the KAME code where
a privilege check is performed and then used in many different deferred
paths.  Do, however, move those prototypes to priv.h.

Reviewed by:	csjp
Obtained from:	TrustedBSD Project
2007-06-12 00:12:01 +00:00
JINMEI Tatuya
5e9510e3b6 cleanup about the reassembly structures and routine:
- removed unused structure members
  - fixed a minor bug that the ECN code point may not be restored correctly

Approved by:	ume (mentor)
MFC after:	1 week
2007-06-04 06:06:35 +00:00
Randall Stewart
f4c93d2405 - fix initial pcb vrf setting when the initial vrf is not the
default_vrf_id
- Missing lock/unlock of inp added as well in the v6 side.
- IFN hash table moves to sctppcbinfo since indexes are
  unique across systems (including different VRFs) this makes it easier
  to do ifn lookups.
2007-06-02 11:05:08 +00:00
JINMEI Tatuya
09a52a5532 fixed memory leak for IPv6 multicast membership information associated
with interface addresses.

Approved by:	gnn (mentor)
MFC after:	1 week
2007-06-02 08:02:36 +00:00
JINMEI Tatuya
99124467fc simplified the fix in rev. 1.69 by replacing RT_REMREF+RT_UNLOCK with
RTFREE_LOCKED.

Approved by:	gnn (mentor)
2007-06-02 07:27:02 +00:00
Randall Stewart
ad21a36485 - Take out the broken table-id concept. Panda Routers have a M-VRF
concept that is NOT well thought out for a multi-homed transport
  protocol. So the useless table-id entries passed around need to
  be removed.
- Add a event timer for the zero copy api.
- Fix a bug in sctp_timer.c when searching for an alternate
  with the largest ssthresh (the compare was wrong).
2007-06-01 11:19:54 +00:00
Randall Stewart
207304d4b7 - Fixes so we won't try to start a timer when we
hold a wq lock for the iterator. Panda uses a
  silly recursive lock they hold through the timer.
- Add poor mans wireshark compile option..
- Allocate and start using SCTP_M_XXX for all SCTP_MALLOC() calls.
- sysctl now will get back the refcnt for viewing by onlookers.

Reviewed by:	gnn
2007-05-29 09:29:03 +00:00
Randall Stewart
d61a0ae066 - fixed autclose to not allow setting on 1-2-1 model.
- bounded cookie-life to 1 second minimum in socket option set.
- Delayed_ack_time becomes delayed_ack per new socket api document.
- Improve port number selection, we now use low/high bounds and
  no chance of a endless loop. Only one call to random per bind
  as well.
- fixes so set_peer_primary pre-screens addresses to be
  valid to this host.
- maxseg did not allow setting on an assoc basis. We needed
  to thus track and use an association value instead of a inp value.
- Fixed ep get of HB status to report back properly.
- use settings flag to tell if assoc level hb is on off not
  the timer.. since the timer may still run if unconf address
  are present.
- check for crazy ENABLE/DISABLE conditions.
- set and get of pmtud (fixed path mtu) not always taking into account ovh.
- Getting PMTU info on stcb only needs to return PMTUD_ENABLED if
  any net is doing PMTU discovery.
- Panic or warning fixed to not do so when a valid ip frag is
  taking place.
- sndrcvinfo appearing in both inp and stcb was full size, instead
  of the non-pad version. This saves about 92 bytes from each struct
  by carefully converting to use the smaller version.
- one-2-one model get(maxseg) would always get ep value, never the
  tcb's value.
- The delayed ack time could be under a tick, this fixes so
  it bounds it to at least 1 tick for platforms whos tick
  is more than a ms.
- Fragment interleave level set to wrong default value.
- Fragment interleave could not set level 0.
- Defered stream reset was broken due to a guard check and ntohl issue.
- Found two lock order reversals and fixed.
- Tighten up address checking, if the user gives an address the sa_len
  had better be set properly.
- Get asoc by assoc-id would return a locked tcb when it was asked
  not to if the tcb was in the restart hash.
- sysctl to dig down and get more association details

Reviewed by:	gnn
2007-05-28 11:17:24 +00:00
JINMEI Tatuya
6abdc89958 do not directly call rtfree() to meet an assumption in the callee.
(this fix suppresses a warning message appearing in the boot time on
IPv6-enabled systems)

Approved by:	gnn (mentor)
2007-05-25 06:44:00 +00:00
Olivier Houchard
d10f3ce07f Force the alignment of the chars arrays, as they are casted later to
structs.
gcc 4.2 doesn't do it by default, and that results in unaligned access on
arm.

Reviewed by:	gnn, imp
2007-05-21 14:38:20 +00:00
JINMEI Tatuya
187069853c - Disabled responding to NI queries from a global address by default as
specified in RFC4620.  A new flag for icmp6_nodeinfo was added to enable the
  feature.
- Also cleaned up the code so that the semantics of the icmp6_nodeinfo
  flags is clearer (i.e., defined specific macro names instead of using
  hard-coded values).

Approved by:	gnn (mentor)
MFC after:	1 week
2007-05-17 21:20:24 +00:00
Randall Stewart
3c503c28da - Fixed 1-2-1 model to not worry about associd in sockopts
- Fixed RTOinfo for bounding.
- Fixed connect() to return ECONNREFUSED when an ABORT is received.
- Added comments to direct Static Analysis not to look at some things
  it does not understand (comments are /* sa_ignore XXXXX */)
- Bind when colliding was broken, missing not_found = 1 before
  checking to see if the port was in use caused endless bind loop.
- Cookie life needs to be in milliseconds to conform to socket api.
- Cookie life is not supposed to change if its 0, On the assoc
  level set we changed it to 0 opps.
- Two more static analysis issues identified by the cisco
  tool. Null checks needed.
- An issue for sendfile(). Need to validate the correct
  input argument.
- When sending failed due to a no route to host, we leaked
  the mbuf chain failing to call m_freem().
- Fix #ifdef issue for getting hash block len when HAVE_SHA2 is NOT defined
Reviewed by:	gnn
2007-05-17 12:16:24 +00:00
JINMEI Tatuya
7eefde2c0c handle IPv6 router alert option contained in an incoming packet per
option value so that unrecognized options are ignored as specified in RFC2711.
(packets containing an MLD router alert option are passed to the upper layer
as before).

Approved by: gnn (mentor), ume (mentor)
2007-05-14 17:56:13 +00:00
Robert Watson
54d642bbe5 Reduce network stack oddness: implement .pru_sockaddr and .pru_peeraddr
protocol entry points using functions named proto_getsockaddr and
proto_getpeeraddr rather than proto_setsockaddr and proto_setpeeraddr.
While it's true that sockaddrs are allocated and set, the net effect is
to retrieve (get) the socket address or peer address from a socket, not
set it, so align names to that intent.
2007-05-11 10:20:51 +00:00
Matt Jacob
b065259568 Need sys/cdevs.h for the macro FBSDID to work. 2007-05-09 23:19:55 +00:00
George V. Neville-Neil
559d3390d0 Integrate the Camellia Block Cipher. For more information see RFC 4132
and its bibliography.

Submitted by:   Tomoyuki Okazaki <okazaki at kick dot gr dot jp>
MFC after:      1 month
2007-05-09 19:37:02 +00:00
Randall Stewart
ad81507eed Two major items here:
- All printf that was surrounded by #ifdef SCTP_DEBUG moves to
  a macro that does all of this. This removes all printfs from
  the code and makes the code more portable and easier to
  read.
- Static Analysis (cisco) - found a few bugs, but mostly we
  add checks for NULL pointers and such to make the tool
  happy. We now pass the Cisco SA tools checks except for
  where it does not understand tailq/lists. We still need
  to look at the coverity tools output too (this is like
  the cisco SA tool) and see if it wants us to fix any other
  items. Hopefully this will be the last major churn in the
  code other than bug fixes.
2007-05-09 13:30:06 +00:00
George V. Neville-Neil
62c4e3f043 Reduce the default number of header options that the IPv6 protocol
stack will process from 50 to 15.  As this is a sysctl variable it
can be tuned up or down at the user/administrator's whim.

Submitted by:	itojun
MFC after:	1 day
2007-05-08 20:11:36 +00:00
Randall Stewart
b100636770 - Copyright change, cisco's silly tool wants it to say:
"Copyright (c) 2001-2007, by Cisco Systems,"
   instead of
       *Copyright (c) 2001-2007, Cisco Systems,"

-  Also fix a few straglers that were still in 2006.
2007-05-08 17:01:12 +00:00
Randall Stewart
b0552ae214 - Get rid of the sctp_inpcb_free() "magic numbers", now they
are sensible defines that tell what you are directing
   the function to do.
2007-05-08 15:53:03 +00:00
Randall Stewart
6e55db5445 - Static analyisis fixes for cisco's commit (this is equivilant
to the coverity tool.. may even be the same one.. not sure).
-  A bug in the way sctp_abort() and friends were
   setting the IP_CLOSE flag.. and NOT passing the
   last argument as a (,1)... so that things would
   get freed..
2007-05-08 14:32:53 +00:00
Randall Stewart
17205ecc85 - More macros for OS compatabilty
-  PR-SCTP would ignore FWD-TSN's above a rwnd's worth
   of TSN's (1 byte msgs).. this left the peer hopelessly
   out of sync.. or an attacker. So now we abort the assoc.
-  New IFN hash, also rename hashes to match addr/ifn now
   that the vrf has multiple.
-  Do not enable SCTP_PCB_FLAGS_RECVDATAIOEVNT per default
   as defined in the Socket API ID.
-  Export MTU information via sysctl.
-  Vrf's need table id's. This is default for
   BSD, but may be other things later when BSD
   fully supports VRFs.
-  Additional stream reset bug (caught by cisco dev-test).
-  Additional validations for the address in sending a message (socket api).
-------- and -----
-  Fix association notifications not to give the active open
   side false notifications.
-  Fix so sendfile and SENDALL will work properly (missing
   flag to say socket sender is done).
-  Fix Bug that prevented COOKIES from being retransmitted.
-  Break out connectx into helper sub-models so that iox routines can
   reuse the helpers.
-  When an address is added during system init (non-dynamic mode) make
   sure that the "defer use" flag is not set.
** its compiling on XR now :-D **

Reviewed by:	gnn
2007-05-08 00:21:05 +00:00
SUZUKI Shinsuke
8f34a8b84a some minor modification to the previous commit to sys/netinet6/nd6.c and nd6_nbr.c.
- added some clarification comments
- removed an unnecesary code

Obtained from: KAME
MFC after: 1 week
2007-05-05 04:24:01 +00:00
SUZUKI Shinsuke
8d290a593f fixed a memory leak in unresolved ND queue processing
Obtained from: KAME
MFC after: 1 week
2007-05-04 02:34:17 +00:00
Randall Stewart
d06c82f169 - Somehow the disable fragment option got lost. We could
set/clear it but would not do it. Now we will.
-  Moved to latest socket api for extended sndrcv info struct.
-  Moved to support all new levels of fragment interleave (0-2).
-  Codenomicon security test updates - length checks and such.
-  Bug in stream reset (2 actually).
-  setpeerprimary could unlock a null pointer, fixed.
-  Added a flag in the pcb so netstat can see if we are listening easier.

Obtained from:	(some of the Listen changes from Weongyo Jeong)
2007-05-02 12:50:13 +00:00
Robert Watson
84ca8aa609 Remove unused pcbinfo arguments to in_setsockaddr() and
in_setpeeraddr().
2007-05-01 16:31:02 +00:00
Robert Watson
712fc218a0 Rename some fields of struct inpcbinfo to have the ipi_ prefix,
consistent with the naming of other structure field members, and
reducing improper grep matches.  Clean up and comment structure
fields in structure definition.
2007-04-30 23:12:05 +00:00
George V. Neville-Neil
6486cbd7bb Turn off route header processing for now due to issues pointed out
by Philippe Biondi and Arnaud Ebalard.  This is a temporary fix
until more discussion can be had on the exact risks involved in
allowing source routing in IPv6

Submitted by:	itojun
Reviewed by:	jinmei
MFC after:	1 day
2007-04-23 09:32:04 +00:00
Robert Watson
fea9ea0005 Teach netinet6 to use PRIV_NETINET_REUSEPORT. 2007-04-21 18:14:04 +00:00
Randall Stewart
c105859eee - fix source address selection when picking an acceptable address
- name change of prefered -> preferred
- CMT fast recover code added.
- Comment fixes in CMT.
- We were not giving a reason of cant_start_asoc per socket api
  if we failed to get init/or/cookie to bring up an assoc. Change
  so we don't just give a generic "comm lost" but look at actual
  states of dying assoc.
- change "crc32" arguments to "crc32c" to silence strict/noisy
  compiler warnings when crc32() is also declared
- A few minor tweaks to get the portable stuff truely portable
  for sctp6_usrreq.c :-D
- one-2-one style vrf match problem.
- window recovery would leave chks marked for retran
  during window probes on the sent queue. This would then
  cause an out-of-order problem and assure that the flight
  size "problem" would occur.
- Solves a flight size logging issue that caused rwnd
  overruns, flight size off as well as false retransmissions.g
- Macroize the up and down of flight size.
- Fix a ECNE bug in its counting.
- The strict_sacks options was causing aborts when window probing
  was active, fix to make strict sacks a bit smarter about what
  the next unsent TSN is.
- Fixes a one-2-one wakeup bug found by Martin Kulas.
- If-defed out form, Andre's copy routines pending his
  commit of at least m_last().. need to adjust for 6.2 as
  well.. since m_last won't exist.
Reviewed by:	gnn
2007-04-14 09:44:09 +00:00
Robert Watson
949da0d8f8 Remove obsolete comment about privileges: SUSER_ALLOWJAIL is no longer set
in this code.
2007-04-11 16:31:02 +00:00
Randall Stewart
bff64a4db3 - fixed several places where we did not release INP locks.
- fixed a refcount bug in the new ifa structures.
- use vrf's from default stcb or inp whenever possible.
- Address limits raised to account for a full IP fragmented
  packet (1000 addresses).
- flight size correcting updated to include one message only
  and to handle case where the peer does not cumack the
  next segment aka lists 1/1 in sack blocks..
- Various bad init/init-ack handling could cause a panic
  since we tried to unlock the destroyed mutex. Fixes
  so we properly exit when we need to destroy an assoc.
  (Found by Cisco DevTest team :D)
- name rename in src-addr-selection from pass to sifa.
- route structure typedef'd to allow different platforms
  and updated into sctp_os_bsd file.
- Max retransmissions a chunk can be made added.
Reviewed by:	gnn
2007-04-03 11:15:32 +00:00
John Baldwin
4e7f640dfb Optimize sx locks to use simple atomic operations for the common cases of
obtaining and releasing shared and exclusive locks.  The algorithms for
manipulating the lock cookie are very similar to that rwlocks.  This patch
also adds support for exclusive locks using the same algorithm as mutexes.

A new sx_init_flags() function has been added so that optional flags can be
specified to alter a given locks behavior.  The flags include SX_DUPOK,
SX_NOWITNESS, SX_NOPROFILE, and SX_QUITE which are all identical in nature
to the similar flags for mutexes.

Adaptive spinning on select locks may be enabled by enabling the
ADAPTIVE_SX kernel option.  Only locks initialized with the SX_ADAPTIVESPIN
flag via sx_init_flags() will adaptively spin.

The common cases for sx_slock(), sx_sunlock(), sx_xlock(), and sx_xunlock()
are now performed inline in non-debug kernels.  As a result, <sys/sx.h> now
requires <sys/lock.h> to be included prior to <sys/sx.h>.

The new kernel option SX_NOINLINE can be used to disable the aforementioned
inlining in non-debug kernels.

The size of struct sx has changed, so the kernel ABI is probably greatly
disturbed.

MFC after:	1 month
Submitted by:	attilio
Tested by:	kris, pjd
2007-03-31 23:23:42 +00:00
Randall Stewart
5e54f665f0 - Found bug in min split point bundling which caused
incorrect, non-bundlable fragmentation.
- Added min residual to better control split points for
  both how big a msg must be as well as how much needs
  to be left over.
- With our new algo in place, we need to implicitly
  set "end of msg" on the sp-> structure otherwise we
  end up with "hung" associations.
- Room reserved up front in IP header by pushing IP
  header to back of mbuf.
- Fix so FR's peg count of retransmissions needed.
- Fix so an unlucky chunk that never gets across
  will kill the assoc via the kill timer and send an
  abort too.
- Fix bug in sctp_input which can result in a crash.
- Do not strip off IP options anymore.
- Clean up sctp_calculate_rto().
- Get rid of unused sysctl.
- Fixed so we discard all M-Cast
- Fixed so port check done AFTER checksum
- Fixed bug in fragmentation code that prevented
  us from fragmenting a small complete message when
  we needed to.
- Window probes were not marked back to unsent and
  flight adjusted when a sack came in with no
  window change or accepting of the probe data.
  We now fix this with having a mark on the net and
  the chunk so we can clear it out when the sack arrives
  forcing it to retran just like it was "new" this
  improves the handling of window probes, which were
  dropped by the receiver.
- Tighten AUTH protocol error checks during INIT/INIT-ACK exchange
2007-03-31 11:47:30 +00:00
Bruce M Simpson
ec002fee99 Implement reference counting for ifmultiaddr, in_multi, and in6_multi
structures. Detect when ifnet instances are detached from the network
stack and perform appropriate cleanup to prevent memory leaks.

This has been implemented in such a way as to be backwards ABI compatible.
Kernel consumers are changed to use if_delmulti_ifma(); in_delmulti()
is unable to detect interface removal by design, as it performs searches
on structures which are removed with the interface.

With this architectural change, the panics FreeBSD users have experienced
with carp and pfsync should be resolved.

Obtained from:	p4 branch bms_netdev
Reviewed by:	andre
Sponsored by:	Garance A Drosehn
Idea from:	NetBSD
MFC after:	1 month
2007-03-20 00:36:10 +00:00
Randall Stewart
132dea7d5a - errno -> becomes error in sctp_output.c and sctputil.c
- SB_CLEAR macro defined and used for sb clearing.
- Fix for CMT express_sack_handling did not do proper
  pseudo-cumack updates.
- Get rid of extraneous function that was never used ip_2_ip6_hdr()
- Fixed source address selection bug (initialization problem).
- Source address selection debug added.
2007-03-19 06:53:02 +00:00
Randall Stewart
42551e993f - Sysctl's move to seperate file
- moved away from ifn/ifa access to sctp_ifa/sctp_ifn
  built and managed by the add-ip code.
- cleaned up add-ip code to use the iterator
- made iterator be a thread, which enables auto-asconf now.
- rewrote and cleaned up source address selection (also
  made it use new structures).
- Fixed a couple of memory leaks.
- DACK now settable as to how many packets to delay as
  well as time.
- connectx() to latest socket API, new associd arg.
- Fixed issue with revoking and loosing potential to
  send when we inflate the flight size. We now inflate
  the cwnd too and deflate it later when the revoked
  chunk is sent or acked.
- Got rid of some temp debug code
- src addr selection moved to a common file (sctp_output.c)
- Support for simple VRF's (we have support for multi-vfr
  via compile switch that is scrubbed from BSD but we won't
  need multi-vrf until we first get VRF :-D)
- Rest of mib work for address information now done
- Limit number of addresses in INIT/INIT-ACK to
  a #def (30).

Reviewed by:	gnn
2007-03-15 11:27:14 +00:00
Bruce M Simpson
00cf3f55fb Add comments about common idioms for cleanup pass at a later date. 2007-02-28 21:58:37 +00:00
Bruce M Simpson
cd88c37218 Remove code which would never be used, viz a viz Quality-of-Service;
the token bucket filter got killed in netinet, so it gets killed here
too. Correct comments.
2007-02-28 20:32:25 +00:00
Bruce M Simpson
430fc8f211 Add a comment about a struct which needs to be global.
Remove an unused global variable.
Staticize variables which do not need to be global.
2007-02-28 20:29:20 +00:00
Bruce M Simpson
1291e2a0eb Fix tinderbox. ip6_mrouter should be defined in raw_ip6.c as it is
tested to determine if the userland socket is open; this, in turn, is
used to determine if the module has been loaded.

Tested with:	LINT
2007-02-24 21:09:35 +00:00
Bruce M Simpson
6be2e366d6 Make IPv6 multicast forwarding dynamically loadable from a GENERIC kernel.
It is built in the same module as IPv4 multicast forwarding, i.e. ip_mroute.ko,
if and only if IPv6 support is enabled for loadable modules.
Export IPv6 forwarding structs to userland netstat(1) via sysctl(9).
2007-02-24 11:38:47 +00:00
Robert Watson
afdb42748d Rename two identically named log_in_vain variables: tcp_input.c's static
log_in_vain to tcp_log_in_vain, and udp_usrreq's global log_in_vain to
udp_log_in_vain.

MFC after:	1 week
2007-02-20 10:20:03 +00:00
Randall Stewart
f42a358a6f - Copyright updates (aka 2007)
- ZONE get now also take a type cast so it does the
  cast like mtod does.
- New macro SCTP_LIST_EMPTY, which in bsd is just
  LIST_EMPTY
- Removal of const in some of the static hmac functions
  (not needed)
- Store length changes to allow for new fields in auth
- Auth code updated to current draft (this should be the
  RFC version we think).
- use uint8_t instead of u_char in LOOPBACK address comparison
- Some u_int32_t converted to uint32_t (in crc code)
- A bug was found in the mib counts for ordered/unordered
  count, this was fixed (was referencing a freed mbuf).
- SCTP_ASOCLOG_OF_TSNS added (code will probably disappear
  after my testing completes. It allows us to keep a
  small log on each assoc of the last 40 TSN's in/out and
  stream assignment. It is NOT in options and so is only
  good for private builds.
- Some CMT changes in prep for Jana fixing his problem
  with reneging when CMT is enabled (Concurrent Multipath
  Transfer = CMT).
- Some missing mib stats added.
- Correction to number of open assoc's count in mib
- Correction to os_bsd.h to get right sha2 macros
- Add of special AUTH_04 flags so you can compile the code
  with the old format (in case the peer does not yet support
  the latest auth code).
- Nonce sum was incorrectly being set in when ecn_nonce was
  NOT on.
- LOR in listen with implicit bind found and fixed.
- Moved away from using mbuf's for socket options to using
  just data pointers. The mbufs were used to harmonize
  NetBSD code since both Net and Open used this method. We
  have decided to move away from that and more conform to
  FreeBSD style (which makes more sense).
- Very very nasty bug found in some of my "debug" code. The
  cookie_how collision case tracking had an endless loop in
  it if you got a second retransmission of a cookie collision
  case. This would lock up  a CPU .. ugly..
- auth function goes to using size_t instead of int which
  conforms to socketapi better
- Found the nasty bug that happens after 9 days of testing.. you
  get the data chunk, deliver it and due to the reference to a ch->
  that every now and then has been deleted (depending on the postion
  in the mbuf) you have an invalid ch->ch.flags.. and thus you don't
  advance the stream sequence number.. so you block the stream
  permanently. The fix is to make local variables of these guys
  and set them up before you have any chance of trimming the
  mbuf.
- style fix in sctp_util.h, not sure how this got bad maybe in
  the last patch? (aka it may not be in the real source).
- Found interesting bug when using the extended snd/rcv info where
  we would get an error on receiving with this. Thats because
  it was NOT padded to the same size as the snd_rcv info. We
  increase (add the pad) so the two structs are the same size
  in sctp_uio.h
- In sctp_usrreq.c one of the most common things we did for
  socket options was to cast the pointer and validate the size.
  This as been macro-ized to help make the code more readable.
- in sctputil.c two things, the socketapi class found a missing
  flag type (the next msg is a notification) and a missing
  scope recovery was also fixed.

Reviewed by:	gnn
2007-02-12 23:24:31 +00:00
Bruce M Simpson
31a9460383 In the ICMP6 path to handle FQDN 'who-are-you' queries, check that the
packet header mbuf is non-NULL before trying to create a duplicate of it.

PR:		95957
Reviewed by:	ume
MFC after:	3 days
2007-02-10 12:25:19 +00:00
Bruce M Simpson
6ede684320 MFC after: 3 days 2007-02-05 11:05:41 +00:00
Hajimu UMEMOTO
c57086ced7 ng_iface requiers neighbor cache as well.
MFC after:	3 days
2007-02-03 09:34:36 +00:00