Commit Graph

592 Commits

Author SHA1 Message Date
ume
506b261730 KNF
Obtained from:	KAME
2004-02-04 12:55:45 +00:00
ume
de3407d028 pass pcb rather than so. it is expected that per socket policy
works again.
2004-02-03 18:20:55 +00:00
ume
62d98ccd69 protect access to ifnet structure with mutex. 2004-01-28 15:01:39 +00:00
ume
fd42de41d6 call ipsec_pcbconn()/ipsec_pcbdisconn() from in6_pcbconnect().
Obtained from:	KAME
2004-01-13 10:45:02 +00:00
ume
1012c19191 correct spelling
Submitted by:	"Bjoern A. Zeeb" <bzeeb+freebsd@zabbadoz.net>
Reviewed by:	itojun
2004-01-13 05:39:07 +00:00
ume
fca4bcad4d fix potential 'cannot-happen' memory leak
Submitted by:	"Bjoern A. Zeeb" <bzeeb+freebsd@zabbadoz.net>
Reviewed by:	itojun
2004-01-13 05:32:12 +00:00
ume
c757933596 try rtinit() only when the route is not installed.
this allows, e.g., duplicated attempts of 'ifconfig lo0 ::1'
like for IPv4.

Obtained from:	KAME
MFC after:	1 week
2004-01-10 08:59:21 +00:00
truckman
12dea7eecf Don't execute the code in in6_ifdetach() that removes the link-local
allnodes multicast route if the routing table has not been initialized.
This avoids a panic during boot if an interface detaches before the
routing table is initialized.

Submitted by:	sam
2004-01-10 08:14:27 +00:00
ume
a48a902f6f in set{peer, sock}addr, do not convert the unspecified
address (::) to the mapped address form.

PR:		kern/22868
Obtained from:	KAME
MFC after:	3 days
2004-01-10 08:11:51 +00:00
dwmalone
836a4cbcdf When calculating the sequence number to use in an ip6fw reset, remember to
add one if the SYN flag was set in the original packet. This seems to make
ip6fw reset work correctly for new and in-progress connections. Update
the man page to reflect the fact it now seems to work.

Glanced at by:	ume
MFC after:	2 weeks
2003-12-25 23:39:44 +00:00
ume
11aa947d12 Catch a few places where NULL (pointer) was used where 0 (integer) was
expected (fix build).
2003-12-23 11:01:17 +00:00
peter
7cc77e03ae Catch a few places where NULL (pointer) was used where 0 (integer) was
expected.
2003-12-23 02:36:43 +00:00
suz
ed93d04274 fixed a bug that IPv6 routing header does not work properly if specified from userland application
reviewed by: ume
2003-12-22 03:12:13 +00:00
suz
3c416f8489 fixed an IPv6 path MTU discovery failure owing to a lack of initialization
Reviewed by: ume
Approved by: re (scottl)
MFC after: 1 day
2003-12-17 04:31:07 +00:00
ume
a18adda779 validate the argument for multicast routing socket options
correctly.

Obtained from:	KAME
MFC after:	3 days
2003-12-10 18:17:05 +00:00
ume
17ed5b2d23 - changed the logic in nd6_is_addr_neighbor(); check on-link prefixes
(not interface addresses) to see if a given address is on-link.
- skip offlink prefixes in neighbor determination in nd6_is_addr_neighbor.
- in nd6_is_addr_neighbor, regarded every address as on-link when the
  default router list is empty.  otherwise, we'd not be able make a neighbor
  cache for the address.
  this algorithm is applied to hosts only.
- in nd6_is_addr_neighbor, check if the default interface is equal to
  the interface in question in addition to check if the default router
  list is empty.

Obtained from:	KAME
2003-12-08 11:59:21 +00:00
sam
960b35f03a Split the "inp" mutex class into separate classes for each of divert,
raw, tcp, udp, raw6, and udp6 sockets to avoid spurious witness
complaints.

Reviewed by:	rwatson
Approved by:	re (rwatson)
2003-11-26 01:40:44 +00:00
ume
939be2da2f pktopt may be null.
Approved by:	re (rwatson)
2003-11-24 01:53:36 +00:00
andre
b79d63c178 Introduce tcp_hostcache and remove the tcp specific metrics from
the routing table.  Move all usage and references in the tcp stack
from the routing table metrics to the tcp hostcache.

It caches measured parameters of past tcp sessions to provide better
initial start values for following connections from or to the same
source or destination.  Depending on the network parameters to/from
the remote host this can lead to significant speedups for new tcp
connections after the first one because they inherit and shortcut
the learning curve.

tcp_hostcache is designed for multiple concurrent access in SMP
environments with high contention and is hash indexed by remote
ip address.

It removes significant locking requirements from the tcp stack with
regard to the routing table.

Reviewed by:	sam (mentor), bms
Reviewed by:	-net, -current, core@kame.net (IPv6 parts)
Approved by:	re (scottl)
2003-11-20 21:47:20 +00:00
andre
6164d7c280 Introduce tcp_hostcache and remove the tcp specific metrics from
the routing table.  Move all usage and references in the tcp stack
from the routing table metrics to the tcp hostcache.

It caches measured parameters of past tcp sessions to provide better
initial start values for following connections from or to the same
source or destination.  Depending on the network parameters to/from
the remote host this can lead to significant speedups for new tcp
connections after the first one because they inherit and shortcut
the learning curve.

tcp_hostcache is designed for multiple concurrent access in SMP
environments with high contention and is hash indexed by remote
ip address.

It removes significant locking requirements from the tcp stack with
regard to the routing table.

Reviewed by:	sam (mentor), bms
Reviewed by:	-net, -current, core@kame.net (IPv6 parts)
Approved by:	re (scottl)
2003-11-20 20:07:39 +00:00
andre
6dca20de07 Remove RTF_PRCLONING from routing table and adjust users of it
accordingly.  The define is left intact for ABI compatibility
with userland.

This is a pre-step for the introduction of tcp_hostcache.  The
network stack remains fully useable with this change.

Reviewed by:	sam (mentor), bms
Reviewed by:	-net, -current, core@kame.net (IPv6 parts)
Approved by:	re (scottl)
2003-11-20 19:47:31 +00:00
rwatson
9c969b771a Introduce a MAC label reference in 'struct inpcb', which caches
the   MAC label referenced from 'struct socket' in the IPv4 and
IPv6-based protocols.  This permits MAC labels to be checked during
network delivery operations without dereferencing inp->inp_socket
to get to so->so_label, which will eventually avoid our having to
grab the socket lock during delivery at the network layer.

This change introduces 'struct inpcb' as a labeled object to the
MAC Framework, along with the normal circus of entry points:
initialization, creation from socket, destruction, as well as a
delivery access control check.

For most policies, the inpcb label will simply be a cache of the
socket label, so a new protocol switch method is introduced,
pr_sosetlabel() to notify protocols that the socket layer label
has been updated so that the cache can be updated while holding
appropriate locks.  Most protocols implement this using
pru_sosetlabel_null(), but IPv4/IPv6 protocols using inpcbs use
the the worker function in_pcbsosetlabel(), which calls into the
MAC Framework to perform a cache update.

Biba, LOMAC, and MLS implement these entry points, as do the stub
policy, and test policy.

Reviewed by:	sam, bms
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2003-11-18 00:39:07 +00:00
ume
11df5d4f1a correct to look right interface. 2003-11-17 07:53:32 +00:00
ume
6e230b39ea - m_cat() may free the mbuf on 2nd arg, so m_pkthdr manipulation has
to happen before the call to m_cat().
- correct signedness mixups.
- remove variable that is only assigned too but not referenced.

Obtained from:	KAME
2003-11-15 06:18:09 +00:00
ume
aee91dcae0 oops, correct wrong change in previous commit. 2003-11-15 06:16:36 +00:00
ume
f9eff5347c increase AH_MAXSUMSIZE for hmac-sha2-512
Obtained from:	KAME
2003-11-15 06:02:09 +00:00
ume
7ab85b6918 preparation for 64bit sequence number.
Obtained from:	KAME
2003-11-15 05:41:41 +00:00
ume
6d87ae9b1e fixed a bug comparing sav->key_auth and SADB_AALG_NONE.
Obtained from:	KAME
2003-11-15 05:37:13 +00:00
ume
89a592a70c reflect ip6_pktopts and ip6_moptions into embeded scope of
destination address.  it makes `ping6 -I <if> <link-local>'
work again.  since we don't merge scope cleanup yet, we need
this for workaround.
2003-11-12 21:39:12 +00:00
ume
7755ea7d71 cleanup rijndael API.
since there are naming conflicts with opencrypto, #define was
added to rename functions intend to avoid conflicts.

Obtained from:	KAME
2003-11-11 18:58:54 +00:00
ume
13591e26f2 enable aes-xcbc-mac and aes-ctr, again. 2003-11-10 10:39:14 +00:00
sam
c997776d7c replace explicit changes to rt_refcnt by RT_ADDREF and RT_REMREF
macros that expand to include assertions when the system is built
with INVARIANTS

Supported by:	FreeBSD Foundation
2003-11-08 23:36:32 +00:00
sam
7f3b205cb8 o add a flags parameter to netisr_register that is used to specify
whether or not the isr needs to hold Giant when running; Giant-less
  operation is also controlled by the setting of debug_mpsafenet
o mark all netisr's except NETISR_IP as needing Giant
o add a GIANT_REQUIRED assertion to the top of netisr's that need Giant
o pickup Giant (when debug_mpsafenet is 1) inside ip_input before
  calling up with a packet
o change netisr handling so swi_net runs w/o Giant; instead we grab
  Giant before invoking handlers based on whether the handler needs Giant
o change netisr handling so that netisr's that are marked MPSAFE may
  have multiple instances active at a time
o add netisr statistics for packets dropped because the isr is inactive

Supported by:	FreeBSD Foundation
2003-11-08 22:28:40 +00:00
ume
ad8ba063dc nuke obsoleted ipsec_gethist(). it just did panic to notify user
that it was obsoleted.  it is better to fail than just hiding use
of ipsec_gethist() at build.

Sugessted by:	"Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
2003-11-07 20:38:45 +00:00
ume
bbea30a3ab correct behavior when ipv6mr_interface is 0. Matthias Drochner
Notified by:	itojun
Obtained from:	NetBSD
2003-11-06 16:42:59 +00:00
ume
d2486e878b byebye in6_ifawithscope(). it was a function for old source
address selection.

Obtained from:	KAME
2003-11-05 17:19:31 +00:00
ume
fa05f9d270 make sure to treat destrination address as KAME internal form
of embedscope.
2003-11-05 16:09:21 +00:00
ume
41930d5085 source address selection part of RFC3484.
TODO: since there is scope issue to be solved, multicast and
link-local address are treated as special for workaround for
now.

Obtained from:	KAME
2003-11-04 20:22:33 +00:00
ume
373abd9403 - cleanup SP refcnt issue.
- share policy-on-socket for listening socket.
- don't copy policy-on-socket at all.  secpolicy no longer contain
  spidx, which saves a lot of memory.
- deep-copy pcb policy if it is an ipsec policy.  assign ID field to
  all SPD entries.  make it possible for racoon to grab SPD entry on
  pcb.
- fixed the order of searching SA table for packets.
- fixed to get a security association header.  a mode is always needed
  to compare them.
- fixed that the incorrect time was set to
  sadb_comb_{hard|soft}_usetime.
- disallow port spec for tunnel mode policy (as we don't reassemble).
- an user can define a policy-id.
- clear enc/auth key before freeing.
- fixed that the kernel crashed when key_spdacquire() was called
  because key_spdacquire() had been implemented imcopletely.
- preparation for 64bit sequence number.
- maintain ordered list of SA, based on SA id.
- cleanup secasvar management; refcnt is key.c responsibility;
  alloc/free is keydb.c responsibility.
- cleanup, avoid double-loop.
- use hash for spi-based lookup.
- mark persistent SP "persistent".
  XXX in theory refcnt should do the right thing, however, we have
  "spdflush" which would touch all SPs.  another solution would be to
  de-register persistent SPs from sptree.
- u_short -> u_int16_t
- reduce kernel stack usage by auto variable secasindex.
- clarify function name confusion.  ipsec_*_policy ->
  ipsec_*_pcbpolicy.
- avoid variable name confusion.
  (struct inpcbpolicy *)pcb_sp, spp (struct secpolicy **), sp (struct
  secpolicy *)
- count number of ipsec encapsulations on ipsec4_output, so that we
  can tell ip_output() how to handle the packet further.
- When the value of the ul_proto is ICMP or ICMPV6, the port field in
  "src" of the spidx specifies ICMP type, and the port field in "dst"
  of the spidx specifies ICMP code.
- avoid from applying IPsec transport mode to the packets when the
  kernel forwards the packets.

Tested by:	nork
Obtained from:	KAME
2003-11-04 16:02:05 +00:00
ume
6c2d58b0b2 use nd6log().
Obtained from:	KAME
2003-11-04 14:09:37 +00:00
ume
665d96e2ec - update comments to refrect recent BSDs.
- nuke unused macro PSUEDO_SET().
- I believe our if_xname stuff is nothing strange against other BSDs.

Obtained from:	KAME
2003-11-04 14:08:31 +00:00
ume
87ef6506af rename variables.
Obtained from:	KAME
2003-11-02 19:09:29 +00:00
brooks
f1e94c6f29 Replace the if_name and if_unit members of struct ifnet with new members
if_xname, if_dname, and if_dunit. if_xname is the name of the interface
and if_dname/unit are the driver name and instance.

This change paves the way for interface renaming and enhanced pseudo
device creation and configuration symantics.

Approved By:	re (in principle)
Reviewed By:	njl, imp
Tested On:	i386, amd64, sparc64
Obtained From:	NetBSD (if_xname)
2003-10-31 18:32:15 +00:00
ume
448f2f0dfc correct stat to increment.
Obtained from:	KAME
2003-10-31 17:51:54 +00:00
ume
2ecf5196e3 do not insert a dest option header (even specified by a user) that
should be placed before a routing header, unless a routing header
really exists.

Obtained from:	KAME
2003-10-31 16:32:12 +00:00
ume
1b705657ea (icmp6_rip6_input) if the received data is small enough but in an
mbuf cluster, copy the data to a separate mbuf that do not use a
cluster.  this change will reduce the possiblity of packet loss
in the socket layer.

Obtained from:	KAME
2003-10-31 16:21:26 +00:00
ume
5b1d3ee076 rename MLD6_* to MLD_*.
Obtained from:	KAME
2003-10-31 16:07:15 +00:00
ume
2f50cbb708 use arc4random.
Obtained from:	KAME
2003-10-31 16:06:05 +00:00
ume
ae762ca5fe initialize in6_tmpaddrtimer_ch.
Obtained from:	KAME
2003-10-31 15:57:02 +00:00
ume
0034cbab05 nuku unused functions in6_nigroup_attach() and
in6_nigroup_detach().

Obtained from:	KAME
2003-10-31 15:51:28 +00:00
sam
9183d53dd7 Overhaul routing table entry cleanup by introducing a new rtexpunge
routine that takes a locked routing table reference and removes all
references to the entry in the various data structures. This
eliminates instances of recursive locking and also closes races
where the lock on the entry had to be dropped prior to calling
rtrequest(RTM_DELETE).  This also cleans up confusion where the
caller held a reference to an entry that might have been reclaimed
(and in some cases used that reference).

Supported by:	FreeBSD Foundation
2003-10-30 23:02:51 +00:00
sam
e6809a8b87 use a local variable to avoid holding a lock across a call out of view
Supported by:	FreeBSD Foundation
2003-10-30 22:56:13 +00:00
ume
bc68df01ed - unlock on error.
- don't call malloc with M_WAITOK within lock context.
2003-10-30 18:42:25 +00:00
ume
f06677c31d add management part of address selection policy described in
RFC3484.

Obtained from:	KAME
2003-10-30 15:29:17 +00:00
sam
f188fceee7 correct LOR by using a local variable to hold result
instead of holding a lock while calling out of view

Supported by:	FreeBSD Foundation
2003-10-29 22:59:12 +00:00
ume
b9fecc82d3 add ECN support in layer-3.
- implement the tunnel egress rule in ip_ecn_egress() in ip_ecn.c.
   make ip{,6}_ecn_egress() return integer to tell the caller that
   this packet should be dropped.
 - handle ECN at fragment reassembly in ip_input.c and frag6.c.

Obtained from:	KAME
2003-10-29 15:07:04 +00:00
ume
36edae8e0d ip6_savecontrol() argument is redundant 2003-10-29 12:52:28 +00:00
ume
bde54b9152 hide m_tag, again.
Requested by:	sam
2003-10-29 12:49:12 +00:00
ume
8ff2243783 make sure to accept only IPv6 packet.
Obtained from:	KAME
2003-10-28 16:45:29 +00:00
ume
67fa4b4d82 cleanup use of m_tag.
Obtained from:	KAME
2003-10-28 16:29:26 +00:00
ume
d382f2f692 M_DONTWAIT was passed into malloc().
Submitted by:	Ian Dowse <iedowse@maths.tcd.ie>
2003-10-27 07:15:22 +00:00
ume
ecb479d77a re-add wrongly disappered IPV6_CHECKSUM stuff by introducing
ip6_raw_ctloutput().

Obtained from:	KAME
2003-10-26 18:17:01 +00:00
ume
4337476eb4 drop unused defines. 2003-10-26 15:15:36 +00:00
ume
dfe92b1d1c drop unused fields. 2003-10-26 15:06:06 +00:00
ume
a06a59838e use uint32_t instead of u_int32_t for newly introduced
struct definition.
2003-10-26 10:49:18 +00:00
ume
bbeee5f0f7 revert following unwanted changes:
- __packed to __attribute__((__packed__)
  -  uintN_t back to u_intN_t

Reported by:	bde
2003-10-25 10:57:08 +00:00
ume
b3c1e80175 correct namespace pollution.
Submitted by:	bde
2003-10-25 09:37:10 +00:00
ume
19c7c976c8 remove the ip6r0_addr and ip6r0_slmap members from ip6_rthdr0{}
according to rfc2292bis.

Obtained from:	KAME
2003-10-24 20:37:05 +00:00
ume
881c4fa391 Switch Advanced Sockets API for IPv6 from RFC2292 to RFC3542
(aka RFC2292bis).  Though I believe this commit doesn't break
backward compatibility againt existing binaries, it breaks
backward compatibility of API.
Now, the applications which use Advanced Sockets API such as
telnet, ping6, mld6query and traceroute6 use RFC3542 API.

Obtained from:	KAME
2003-10-24 18:26:30 +00:00
sam
090c7c6e67 check return result from rtalloc1 before invoking RTUNLOCK 2003-10-23 21:41:00 +00:00
ume
e0831e433f we have ppsratecheck(). 2003-10-22 19:23:51 +00:00
ume
caf3332c51 IP6Q_LOCK_CHECK -> IP6Q_LOCK_ASSERT.
Sugested by:	sam
2003-10-22 19:03:49 +00:00
ume
75025ec654 drop the code of HAVE_NRL_INPCB part. our system doesn't
use NRL style INPCB.
2003-10-22 18:52:57 +00:00
ume
b9e84a6697 pretect ip6 reassemble queue by use of mutex.
Submitted by:	rwatson (with modification)
2003-10-22 15:32:56 +00:00
ume
55ad7e749c - implement lock around IPv6 reassembly, to avoid panic due to
frag6_drain (mutex version will come later).
- limit number of fragments (not fragment queues) in kernel.

Obtained from:	KAME
2003-10-22 15:29:42 +00:00
ume
75c947372b protect sid_default and sid.
Submitted by:	rwatson (with modification)
2003-10-22 15:13:36 +00:00
ume
6018d9bfc9 reduce calling in6_addr2zoneid(). 2003-10-22 15:12:06 +00:00
suz
d11ff9f6a5 more strict sanity check for ESP tail
Obtained from: KAME
2003-10-22 10:44:59 +00:00
ume
5199c863f8 - change scope to zone.
- change node-local to interface-local.
- better error handling of address-to-scope mapping.
- use in6_clearscope().

Obtained from:	KAME
2003-10-21 20:05:32 +00:00
ume
1bfb498609 correct linkmtu handling.
Obtained from:	KAME
2003-10-20 15:27:48 +00:00
ume
8ff2c775d4 - revert to old rijndael code. new rijndael code broke gbde.
- since aes-xcbc-mac and aes-ctr require functions in new
  rijndael code, aes-xcbc-mac and aes-ctr are disabled for now.
2003-10-19 21:28:34 +00:00
ume
42120d22ea rtfree() must be called in lock context.
Reported by:	jhay
2003-10-18 17:46:23 +00:00
ume
31759c0525 nuke duplicate function and unused function.
Obtained from:	KAME
2003-10-17 17:50:09 +00:00
ume
89eb79f30b revert wrongly dropped null check by previous commit. 2003-10-17 17:34:31 +00:00
ume
babf2c3ec0 - add dom_if{attach,detach} framework.
- transition to use ifp->if_afdata.

Obtained from:	KAME
2003-10-17 15:46:31 +00:00
sam
81a0698b6a fix horribly botched MFp4 merge 2003-10-16 19:55:28 +00:00
sam
104396b82e pfil hooks can modify packet contents so check if the destination
address has been changed when PFIL_HOOKS is enabled and, if it has,
arrange for the proper action by ip*_forward.

Submitted by:	Pyun YongHyeon
Supported by:	FreeBSD Foundation
2003-10-16 18:57:45 +00:00
sam
5daf1cdd10 MFp4: correct locking issues in nd6_lookup
Supported by:	FreeBSD Foundation
2003-10-14 18:49:08 +00:00
ume
a89e9b5e91 use BF_ecb_encrypt().
Obtained from:	KAME
2003-10-13 19:26:08 +00:00
ume
fd41336ef5 - support AES counter mode for ESP.
- use size_t as return type of schedlen(), as there's no error
  check needed.
- clear key schedule buffer before freeing.

Obtained from:	KAME
2003-10-13 14:57:41 +00:00
ume
0650be79cb support AES XCBC MAC for AH.
Obtained from:	KAME
2003-10-13 04:56:04 +00:00
ume
de427fb9bf - support AES XCBC MAC for AH
- correct SADB_X_AALG_RIPEMD160HMAC to 8

Obtained from:	KAME
2003-10-13 04:54:51 +00:00
ume
510a7d2039 include opencrypto/rmd160.h 2003-10-12 18:33:30 +00:00
ume
087c5fbdfa remove unused variable.
Obtained from:	KAME
2003-10-12 15:14:33 +00:00
ume
2e96368ca1 - avoid hardcoded values.
- correct signedness mixups.
- log fix.
- preparation for 64bit sequence number.
  introduce SA id (unique ID for SA - SPI is useless as duplicated
  SPI is allowed)
- no need to malloc/free cksum buffer.

Obtained from:	KAME
2003-10-12 12:03:25 +00:00
ume
efae2cbb66 - always check for optlen overrun.
- panic if NULL is passed to ah_sumsiz (as we never do it,
  and callers do not properly check negative returns).

Obtained from:	KAME
2003-10-12 11:18:04 +00:00
ume
a6ff42e2be - correct signedness mixups.
- avoid assuming result buffer size

Obtained from:	KAME
2003-10-12 11:08:18 +00:00
ume
b586f811af avoid hardcoding MD5 result length (16)
Obtained from:	KAME
2003-10-12 09:51:32 +00:00
ume
2da6bcd326 - RIPEMD160 support
- pass size arg to ah->result (avoid assuming result buffer size)

Obtained from:	KAME
2003-10-12 09:41:42 +00:00
ume
d8181d09cf fixed an endian bug on fragment header scanning
Obtained from:	KAME
2003-10-10 19:49:52 +00:00
ume
a72f1bdb76 nuke SCOPEDROUTING. Though it was there for a long time,
it was never enabled.
2003-10-10 16:04:00 +00:00
ume
8df937af7e switch cast128 implementation to implementation by Steve Reid;
smaller footprint.

Obtained from:	KAME
2003-10-10 15:06:16 +00:00
ume
4ce3fa6f53 - typo. found by markus@openbsd
- correct signedness mixup in pointer passing.
- drop meaningless variable.

Obtained from:	KAME
2003-10-09 18:44:54 +00:00
ume
5f396e4dfe - typo in comment
- style
- ANSIfy
(there is no functional change.)

Obtained from:	KAME
2003-10-09 16:13:47 +00:00
ume
cb2c1545ab - fix typo in comments.
- style.
- NULL is not 0.
- some variables were renamed.
- nuke unused logic.
(there is no functional change.)

Obtained from:	KAME
2003-10-08 18:26:08 +00:00
sam
5506d3b8f4 must lock route when the caller provided a route but not
an interface; otherwise the subsequent unlock blows up

Suffered by:	Marcel Moolenaar <marcel@xcllnt.net>
Supported by:	FreeBSD Foundation
2003-10-07 20:57:35 +00:00
ume
2a03d283e4 indent 2003-10-07 20:22:01 +00:00
ume
90f2ffba9c style and indent. no functional change.
Obtained from:	KAME
2003-10-07 19:51:22 +00:00
ume
399a4e7221 - fix typo in comment.
- style.

Obtained from:	KAME
2003-10-07 17:46:18 +00:00
ume
54458dd4e1 nuke unused CTL_IPV6PROTO_NAMES macro. 2003-10-07 17:42:31 +00:00
ume
6c1377b9ef return(code) -> return (code)
(reduce diffs against KAME)
2003-10-06 14:02:09 +00:00
sam
9d93fce265 Locking for updates to routing table entries. Each rtentry gets a mutex
that covers updates to the contents.  Note this is separate from holding
a reference and/or locking the routing table itself.

Other/related changes:

o rtredirect loses the final parameter by which an rtentry reference
  may be returned; this was never used and added unwarranted complexity
  for locking.
o minor style cleanups to routing code (e.g. ansi-fy function decls)
o remove the logic to bump the refcnt on the parent of cloned routes,
  we assume the parent will remain as long as the clone; doing this avoids
  a circularity in locking during delete
o convert some timeouts to MPSAFE callouts

Notes:

1. rt_mtx in struct rtentry is guarded by #ifdef _KERNEL as user-level
   applications cannot/do-no know about mutex's.  Doing this requires
   that the mutex be the last element in the structure.  A better solution
   is to introduce an externalized version of struct rtentry but this is
   a major task because of the intertwining of rtentry and other data
   structures that are visible to user applications.
2. There are known LOR's that are expected to go away with forthcoming
   work to eliminate many held references.  If not these will be resolved
   prior to release.
3. ATM changes are untested.

Sponsored by:	FreeBSD Foundation
Obtained from:	BSD/OS (partly)
2003-10-04 03:44:50 +00:00
ume
f89179cc1b add randomtab for ip6_randomflowlabel().
Obtained from:	KAME
2003-10-01 21:45:57 +00:00
ume
dff1ad31d5 randomize IPv6 flowlabel when RANDOM_IP_ID is defined.
Obtained from:	KAME
2003-10-01 21:24:28 +00:00
ume
1510816eb2 use arc4random() 2003-10-01 21:10:02 +00:00
ume
57a2e3592f - include opt_random_ip_id.h
- we don't need to obtain microtime when using ip6_randomid.
2003-10-01 20:24:20 +00:00
ume
f0203cacdc we don't need ip6_id when RANDOM_IP_ID is defined. 2003-10-01 18:23:27 +00:00
ume
a7837fa779 include opt_random_ip_id.h 2003-10-01 17:28:42 +00:00
ume
4d9c2d35dd Don't compiled ip6_randomid() in if RANDOM_IP_ID is not defined. 2003-10-01 16:22:58 +00:00
ume
59fe55cb24 Obey RANDOM_IP_ID.
Requested by:	sam
2003-10-01 16:00:12 +00:00
ume
7a9738e262 randomize IPv6 fragment ID.
Obtained from:	KAME
2003-10-01 15:13:29 +00:00
sam
d1d4c947ce Correct pfil_run_hooks return handling: if the return value is non-zero
then the mbuf has been consumed by a hook; otherwise beware of a null
mbuf return (gack).  In particular the bridge was doing the wrong thing.
While in the ipv6 code make it's handling of pfil_run_hooks identical
to netbsd.

Pointed out by:	Pyun YongHyeon <yongari@kt-is.co.kr>
2003-09-30 04:46:08 +00:00
sam
cd738e8574 o update PFIL_HOOKS support to current API used by netbsd
o revamp IPv4+IPv6+bridge usage to match API changes
o remove pfil_head instances from protosw entries (no longer used)
o add locking
o bump FreeBSD version for 3rd party modules

Heavy lifting by:	"Max Laier" <max@love2party.net>
Supported by:		FreeBSD Foundation
Obtained from:		NetBSD (bits of pfil.h and pfil.c)
2003-09-23 17:54:04 +00:00
mdodd
22256e113b Enable IPv6 for Token Ring. 2003-09-14 02:32:31 +00:00
wpaul
6170bf6a6a The in6_ifattach() routine contains the following code:
in6_pcbpurgeif0(LIST_FIRST(udbinfo.listhead), ifp);
        in6_pcbpurgeif0(LIST_FIRST(ripcbinfo.listhead), ifp);

The problem here is that udbinfo.listhead and ripcbinfo.listhead are
not initialized during the device probe/attach phase of the kernel
boot process. So if, for example, a network driver calls ether_ifattach()
in its foo_attach() routine and then decides that something is wrong
and calls ether_ifdetach() to reverse the process, we will panic trying
to dereference the uninitialized list head pointers. (Though the
same sequence of events performed after the kernel has come up works
file, i.e. doing kldload if_foo from multiuser.)

Change this to:

        if (udbinfo.listhead != NULL)
                in6_pcbpurgeif0(LIST_FIRST(udbinfo.listhead), ifp);
        if (ripcbinfo.listhead != NULL)
                in6_pcbpurgeif0(LIST_FIRST(ripcbinfo.listhead), ifp);

to avoid the NULL pointer dereferences.
2003-09-13 22:34:52 +00:00
ru
27c75c8f21 Fix a bunch of off-by-one errors in the range checking code. 2003-09-11 21:40:21 +00:00
ume
324045a3c2 introduced a flag bit "ND6_IFF_ACCEPT_RTADV" in the nd_ifinfo structure to
control whether to accept RAs per-interface basis.
the new stuff ensures the backward compatibility;
- the kernel does not accept RAs on any interfaces by default.
- since the default value of the flag bit is on, the kernel accepts RAs
  on all interfaces when net.inet6.ip6.accept_rtadv is 1.

Obtained from:	KAME
MFC after:	1 week
2003-08-05 14:57:11 +00:00
ume
2522fdb535 Cleanup useless break.
Submitted by:	JINMEI Tatuya <jinmei@isl.rdc.toshiba.co.jp>
2003-07-29 14:10:13 +00:00
ume
21fd4ebaa6 ip6fw does not handle ESP correctly
PR:		kern/54874
Submitted by:	JINMEI Tatuya <jinmei@shuttle.wide.toshiba.co.jp>
MFC after:	1 week
2003-07-27 16:21:10 +00:00
cognet
74ee61c2bb Do not attempt to access to inp_socket fields if the socket is in the TIME_WAIT
state, as inp_socket will then be NULL. This fixes a panic that occurs when one
tries to bind a port that was previously binded with remaining TIME_WAIT
sockets.
2003-06-17 00:31:30 +00:00
mdodd
7c250e7fe6 Add definitions for IN6ADDR_LINKLOCAL_ALLMDNS_INIT and INADDR_ALLMDNS_GROUP. 2003-04-29 22:03:46 +00:00
suz
050a9aad94 panic() doesn't need \n
Obtained from: KAME
MFC after: 2 days
2003-04-29 08:43:56 +00:00
suz
894378052a sync with the latest KAME (just a cosmetic change)
MFC after: 1 day
2003-04-28 08:21:57 +00:00
obrien
43cb95182e Explicitly declare 'int' parameters. 2003-04-21 16:27:46 +00:00
suz
98b3db7eca fixed a mbuf leak when an IP packet from ESP tunnel is redirected
obtained from:	KAME
2003-03-29 08:31:28 +00:00
ume
5fcb866f5f made sure to keep the current stored lifetime when it was not updated
by an RA.
(a detailed description of this issue is found at the following URL.)
http://www.tahi.org/report/freebsd/freebsd48-rc2-20030316/host/lcna-stateless-addrconf/38.html

Reported by:	Ozoe Nobumichi <ozoe@tahi.org>
		through a periodic TAHI test
Submitted by:	JINMEI Tatuya <jinmei@isl.rdc.toshiba.co.jp>
Obtained from:	KAME
2003-03-26 17:37:35 +00:00
sam
69e554e17f correct malloc flag argument
Reported by:	Kris Kennaway <kris@obsecurity.org>
2003-03-12 06:08:48 +00:00
jlemon
04e28d5a81 Update netisr handling; Each SWI now registers its queue, and all queue
drain routines are done by swi_net, which allows for better queue control
at some future point.  Packets may also be directly dispatched to a netisr
instead of queued, this may be of interest at some installations, but
currently defaults to off.

Reviewed by: hsu, silby, jayanth, sam
Sponsored by: DARPA, NAI Labs
2003-03-04 23:19:55 +00:00
jlemon
5c4b278a9c Fix another case for timewait. 2003-02-24 02:06:50 +00:00
jlemon
26815368d4 Remove unused variables in the IPSEC case.
Submitted by:  Lars Eggert <larse@ISI.EDU>
2003-02-20 18:22:21 +00:00
jlemon
a8bc02dcb2 Add a TCP TIMEWAIT state which uses less space than a fullblown TCP
control block.  Allow the socket and tcpcb structures to be freed
earlier than inpcb.  Update code to understand an inp w/o a socket.

Reviewed by: hsu, silby, jayanth
Sponsored by: DARPA, NAI Labs
2003-02-19 22:32:43 +00:00
imp
cf874b345d Back out M_* changes, per decision of the TRB.
Approved by: trb
2003-02-19 05:47:46 +00:00
sam
536a9b63bc M_MOVE_PKTHDR must happen before any cluster is attached
Submitted by:	Harti Brandt <brandt@fokus.fraunhofer.de>
MFC after:	1 day
2003-02-18 06:20:16 +00:00
alfred
b5c0015ac9 Consolidate MIN/MAX macros into one place (param.h).
Submitted by: Hiten Pandya <hiten@unixdaemons.com>
2003-02-02 13:17:30 +00:00
alfred
bf8e8a6e8f Remove M_TRYWAIT/M_WAITOK/M_WAIT. Callers should use 0.
Merge M_NOWAIT/M_DONTWAIT into a single flag M_NOWAIT.
2003-01-21 08:56:16 +00:00
ume
fa20ded9d1 "struct route" is not sufficient. NetBSD PR 18751
Obtained from:	KAME
MFC after:	1 days
2003-01-08 17:59:24 +00:00
sam
01e5d3cdfd don't reference a pkthdr after M_MOVE_PKTHDR has "remove it"; instead
reference the pkthdr now in the destination of the move

Sponsored by:	Vernier Networks
2003-01-06 21:33:54 +00:00
sam
8a8e425d5f purge extraneous clears of M_PKTHDR since M_MOVE_PKTHDR does this already 2003-01-06 21:29:27 +00:00
mike
ff4487d8fc Bah, just use %zu for printing size_t. 2003-01-06 16:31:39 +00:00
mike
6a9f30910e Cast return values of sizeof() to int so they can be printed with %d.
The size of this struct is unlikely to ever grow beyond what an int
can represent.

Noticed by:	alpha tinderbox
2003-01-06 04:33:46 +00:00
sam
f49b27d477 correct pkthdr length calculation for ipv6 echo packets; after moving a packet
header with M_MOVE_PKTHDR one should not reference the packet header in the
original packet; in this case the code was assuming that m_adj would alter
m_pkthdr.len which stopped happening because M_MOVE_PKTHDR removes the
M_PKTHDR bit from m_flags

Submitted by:	Bill Fenner <fenner@research.att.com>
2003-01-05 22:37:36 +00:00
schweikh
d3367c5f5d Correct typos, mostly s/ a / an / where appropriate. Some whitespace cleanup,
especially in troff files.
2003-01-01 18:49:04 +00:00
schweikh
86f7487fb6 Fix typos, mostly s/ an / a / where appropriate and a few s/an/and/
Add FreeBSD Id tag where missing.
2002-12-30 21:18:15 +00:00
sam
b16cb0a948 Correct mbuf packet header propagation. Previously, packet headers
were sometimes propagated using M_COPY_PKTHDR which actually did
something between a "move" and a  "copy" operation.  This is replaced
by M_MOVE_PKTHDR (which copies the pkthdr contents and "removes" it
from the source mbuf) and m_dup_pkthdr which copies the packet
header contents including any m_tag chain.  This corrects numerous
problems whereby mbuf tags could be lost during packet manipulations.

These changes also introduce arguments to m_tag_copy and m_tag_copy_chain
to specify if the tag copy work should potentially block.  This
introduces an incompatibility with openbsd which we may want to revisit.

Note that move/dup of packet headers does not handle target mbufs
that have a cluster bound to them.  We may want to support this;
for now we watch for it with an assert.

Finally, M_COPYFLAGS was updated to include M_FIRSTFRAG|M_LASTFRAG.

Supported by:	Vernier Networks
Reviewed by:	Robert Watson <rwatson@FreeBSD.org>
2002-12-30 20:22:40 +00:00
ru
2719b5ea8c If the caller of rtrequest*(RTM_DELETE, ...) asked for a copy of
the entry being removed (ret_nrt != NULL), increment the entry's
rt_refcnt like we do it for RTM_ADD and RTM_RESOLVE, rather than
messing around with 1->0 transitions for rtfree() all over.
2002-12-25 10:21:02 +00:00
hsu
32436a25c0 SMP locking for radix nodes. 2002-12-24 03:03:39 +00:00
hsu
82e1e3bab0 SMP locking for ifnet list. 2002-12-22 05:35:03 +00:00
sam
a69a0ac712 define HAVE_PPSRATECHECK now that we have this stuff in the kernel
(probably belongs elsewhere; add it this way for now so the system
will build)
2002-12-20 23:57:22 +00:00
bmilekic
514c635ee6 o Untangle the confusion with the malloc flags {M_WAITOK, M_NOWAIT} and
the mbuf allocator flags {M_TRYWAIT, M_DONTWAIT}.
o Fix a bpf_compat issue where malloc() was defined to just call
  bpf_alloc() and pass the 'canwait' flag(s) along.  It's been changed
  to call bpf_alloc() but pass the corresponding M_TRYWAIT or M_DONTWAIT
  flag (and only one of those two).

Submitted by: Hiten Pandya <hiten@unixdaemons.com> (hiten->commit_count++)
2002-12-19 22:58:27 +00:00
hsu
c3153934cb Lock up ifaddr reference counts. 2002-12-18 11:46:59 +00:00
suz
bc79b3cffd fixed a bug that IPv6 multicast packet is not forwarded if its packet size is equal to the outgoing interface's MTU
Approved by: re
Obtained from: KAME
MFC after: 3 days
2002-12-16 01:41:07 +00:00
ume
e7761b68ee plugged memory leakage in some erroneous cases
Obtained from:	KAME
MFC after:	1 week
2002-10-31 19:45:48 +00:00
ume
ad75b06815 last arg of in6?_gif_output() is not used any more.
Obtained from:	KAME
MFC after:	3 weeks
2002-10-17 17:47:55 +00:00
ume
c3646a9ad4 use encapcheck.
Obtained from:	KAME
MFC after:	3 weeks
2002-10-16 20:16:49 +00:00
ume
2bb6ef9a3f - after gif_set_tunnel(), psrc/pdst may be null. set IFF_RUNNING accordingly.
- set IFF_UP on SIOCSIFADDR.  be consistent with others.
- set if_addrlen explicitly (just in case)
- multi destination mode is long gone.
- missing break statement
- add gif_set_tunnel(), so that we can set tunnel address from within the
  kernel at ease.
- encap_attach/detach dynamically on ioctls
- move encap_attach() to dedicated function in in*_gif.c

Obtained from:	KAME
MFC after:	3 weeks
2002-10-16 19:49:37 +00:00
sam
0ef6c52bbc Tie new "Fast IPsec" code into the build. This involves the usual
configuration stuff as well as conditional code in the IPv4 and IPv6
areas.  Everything is conditional on FAST_IPSEC which is mutually
exclusive with IPSEC (KAME IPsec implmentation).

As noted previously, don't use FAST_IPSEC with INET6 at the moment.

Reviewed by:	KAME, rwatson
Approved by:	silence
Supported by:	Vernier Networks
2002-10-16 02:25:05 +00:00
sam
2a86be217a Replace aux mbufs with packet tags:
o instead of a list of mbufs use a list of m_tag structures a la openbsd
o for netgraph et. al. extend the stock openbsd m_tag to include a 32-bit
  ABI/module number cookie
o for openbsd compatibility define a well-known cookie MTAG_ABI_COMPAT and
  use this in defining openbsd-compatible m_tag_find and m_tag_get routines
o rewrite KAME use of aux mbufs in terms of packet tags
o eliminate the most heavily used aux mbufs by adding an additional struct
  inpcb parameter to ip_output and ip6_output to allow the IPsec code to
  locate the security policy to apply to outbound packets
o bump __FreeBSD_version so code can be conditionalized
o fixup ipfilter's call to ip_output based on __FreeBSD_version

Reviewed by:	julian, luigi (silent), -arch, -net, darren
Approved by:	julian, silence from everyone else
Obtained from:	openbsd (mostly)
MFC after:	1 month
2002-10-16 01:54:46 +00:00
alfred
9bda36d997 s/__attribute__((__packed__))/__packed/g 2002-09-23 06:25:08 +00:00
cjc
dd7bfe512b Lock the sysctl(8) knobs that turn ip{,6}fw(8) firewalling and
firewall logging on and off when at elevated securelevel(8). It would
be nice to be able to only lock these at securelevel >= 3, like rules
are, but there is no such functionality at present. I don't see reason
to be adding features to securelevel(8) with MAC being merged into 5.0.

PR:		kern/39396
Reviewed by:	luigi
MFC after:	1 week
2002-08-25 03:50:29 +00:00
ume
a37394066b check packet length before fetching ESP crypto checksum.
Obtained from:	KAME
MFC after:	2 days
2002-08-24 04:48:13 +00:00
archie
7a233d4c9f Replace (ab)uses of "NULL" where "0" is really meant. 2002-08-22 21:24:01 +00:00
mike
9e6f796b0d o Merge <machine/ansi.h> and <machine/types.h> into a new header
called <machine/_types.h>.
o <machine/ansi.h> will continue to live so it can define MD clock
  macros, which are only MD because of gratuitous differences between
  architectures.
o Change all headers to make use of this.  This mainly involves
  changing:
    #ifdef _BSD_FOO_T_
    typedef	_BSD_FOO_T_	foo_t;
    #undef _BSD_FOO_T_
    #endif
  to:
    #ifndef _FOO_T_DECLARED
    typedef	__foo_t	foo_t;
    #define	_FOO_T_DECLARED
    #endif

Concept by:	bde
Reviewed by:	jake, obrien
2002-08-21 16:20:02 +00:00
truckman
7199888e8f Create new functions in_sockaddr(), in6_sockaddr(), and
in6_v4mapsin6_sockaddr() which allocate the appropriate sockaddr_in*
structure and initialize it with the address and port information passed
as arguments.  Use calls to these new functions to replace code that is
replicated multiple times in in_setsockaddr(), in_setpeeraddr(),
in6_setsockaddr(), in6_setpeeraddr(), in6_mapped_sockaddr(), and
in6_mapped_peeraddr().  Inline COMMON_END in tcp_usr_accept() so that
we can call in_sockaddr() with temporary copies of the address and port
after the PCB is unlocked.

Fix the lock violation in tcp6_usr_accept() (caused by calling MALLOC()
inside in6_mapped_peeraddr() while the PCB is locked) by changing
the implementation of tcp6_usr_accept() to match tcp_usr_accept().

Reviewed by:	suz
2002-08-21 11:57:12 +00:00
jmallett
af73db292e Enclose IPv6 addresses in brackets when they are displayed printable with a
TCP/UDP port seperated by a colon.  This is for the log_in_vain facility.

Pointed out by:	Edward J. M. Brocklesby
Reviewed by:	ume
MFC after:	2 weeks
2002-08-19 19:47:13 +00:00
sobomax
f6cebc0606 Increase size of ifnet.if_flags from 16 bits (short) to 32 bits (int). To avoid
breaking application ABI use unused ifreq.ifru_flags[1] for upper 16 bits in
SIOCSIFFLAGS and SIOCGIFFLAGS ioctl's.

Reviewed by:	-hackers, -net
2002-08-18 07:05:00 +00:00
rwatson
1bd16d78e2 Introduce support for Mandatory Access Control and extensible
kernel access control.

When generating nd6 output on an interface, label the packet
appropriately.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs
2002-08-02 20:49:14 +00:00
ume
39f0e5c176 correct comment for setsockopt arg size.
Reported by:	Martin Laabs <martin@martin.erfurt.thur.de>
Obtained from:	KAME
MFC after:	1 week
2002-07-25 20:40:09 +00:00
ume
e96d7f2205 cleanup usage of ip6_mapped_addr_on and ip6_v6only. now,
ip6_mapped_addr_on is unified into ip6_v6only.

MFC after:	1 week
2002-07-25 17:40:45 +00:00
ume
afcf651cf8 Change the default setting of an IPv4-mapped IPv6 address to off.
Requested by:	many people
2002-07-25 15:44:01 +00:00
ume
ed0d6e9ce4 make sure to set/unset INP_IPV4 according to a value
of IN6P_IPV6_V6ONLY

Reviewed by:	Keiichi SHIMA <keiichi@iij.ad.jp>
2002-07-24 19:19:53 +00:00
ume
cd3f29ae66 do not refer to IN6P_BINDV6ONLY anymore.
Obtained from:	KAME
MFC after:	1 week
2002-07-22 15:51:02 +00:00
ume
881112a66c sin6_len is not an address family. I believe this doesn't
break compatibility with POSIX.1-2001.
2002-07-22 15:13:55 +00:00
ume
68bf681e90 fixed to make mbuf chain.
Obtained from:	KAME
MFC after:	1 week
2002-07-18 04:18:56 +00:00
ume
fd0b2bb03e - fixed a bug that we can't send a packet to ipv4mapped ipv6 address
using a udp6 socket without bind(2)ing.
- fbsd4/430 reported from the FreeBSD team.
- this fix is different from the fix reported in the above PR.  i think
  this better, but we need some test.

Obtained from:	KAME
MFC after:	3 weeks
2002-07-15 19:25:46 +00:00
hsu
abda76de0b Notify functions can destroy the pcb, so they have to return an
indication of whether this happenned so the calling function
knows whether or not to unlock the pcb.

Submitted by:	Jennifer Yang (yangjihui@yahoo.com)
Bug reported by:  Sid Carter (sidcarter@symonds.net)
2002-06-14 08:35:21 +00:00
hsu
561391ed94 As a stop-gap measure, add one INP_LOCK_DESTROY() to in6_pcbdetach() to
get kernel compiled with INET6 to boot.
2002-06-12 06:01:22 +00:00
hsu
cd25d4648f Lock up inpcb.
Submitted by:	Jennifer Yang <yangjihui@yahoo.com>
2002-06-10 20:05:46 +00:00
ume
21239aacf9 __FreeBSD__ is not a compiler constant. We must use
__FreeBSD_version here.

Submitted by:	rwatson
2002-05-31 17:56:45 +00:00
tanimura
e6fa9b9e92 Back out my lats commit of locking down a socket, it conflicts with hsu's work.
Requested by:	hsu
2002-05-31 11:52:35 +00:00
mike
b0b9b58ef8 o Conditionalize sections for POSIX.1-2001 compatibility.
o Use POSIX spelling for types, where possible.
o Define size_t in the __BSD_VISIBLE case (this isn't really needed
  for standards conformance, but follows the tradition of not
  requiring <sys/types.h> as a prerequisite).
o Use _BYTE_ORDER and friends instead of BYTE_ORDER and friends, since
  there may not be enough pollution in order for the latter to work.
o Add an XXX note about the missing IPPROTO_IPV6 macro.
2002-05-23 18:48:27 +00:00
tanimura
92d8381dd5 Lock down a socket, milestone 1.
o Add a mutex (sb_mtx) to struct sockbuf. This protects the data in a
  socket buffer. The mutex in the receive buffer also protects the data
  in struct socket.

o Determine the lock strategy for each members in struct socket.

o Lock down the following members:

  - so_count
  - so_options
  - so_linger
  - so_state

o Remove *_locked() socket APIs.  Make the following socket APIs
  touching the members above now require a locked socket:

 - sodisconnect()
 - soisconnected()
 - soisconnecting()
 - soisdisconnected()
 - soisdisconnecting()
 - sofree()
 - soref()
 - sorele()
 - sorwakeup()
 - sotryfree()
 - sowakeup()
 - sowwakeup()

Reviewed by:	alfred
2002-05-20 05:41:09 +00:00
ume
231bd65333 Recent zlib does not like Z_FLUSH at the end of inflate().
Reported by:	quak@mydiax.ch
Obtained from:	KAME
MFC after:	2 days
		and approved by re
2002-05-12 14:12:30 +00:00
ume
0dc033806b Revised MLD-related definitions
- Used mld_xxx and MLD_xxx instead of mld6_xxx and MLD6_xxx according
  to the official defintions in rfc2292bis
  (macro definitions for backward compatibility were provided)
- Changed the first member of mld_hdr{} from mld_hdr to mld_icmp6_hdr
  to avoid name space conflict in C++

This change makes ports/net/pchar compilable again under -CURRENT.

Obtained from:	KAME
2002-05-06 16:28:25 +00:00
tanimura
89ec521d91 Revert the change of #includes in sys/filedesc.h and sys/socketvar.h.
Requested by:	bde

Since locking sigio_lock is usually followed by calling pgsigio(),
move the declaration of sigio_lock and the definitions of SIGIO_*() to
sys/signalvar.h.

While I am here, sort include files alphabetically, where possible.
2002-04-30 01:54:54 +00:00
ume
d2b734fd1e Correct timer management (deprecated) in nd6_timer.
Obtained from:	KAME
MFC after:	3 days
2002-04-24 19:09:48 +00:00
suz
553226e8e1 just merged cosmetic changes from KAME to ease sync between KAME and FreeBSD.
(based on freebsd4-snap-20020128)

Reviewed by:	ume
MFC after:	1 week
2002-04-19 04:46:24 +00:00
mike
4100d7ad0f Unconditionalize the definition of INET_ADDRSTRLEN and
INET6_ADDRSTRLEN.  Doing this helps expose bogus redefinitions in 3rd
party software.
2002-04-10 11:59:02 +00:00
mdodd
ec999f8323 Use <net/fddi.h> rather than <netinet/if_fddi.h>. 2002-04-06 03:21:46 +00:00
jhb
db9aa81e23 Change callers of mtx_init() to pass in an appropriate lock type name. In
most cases NULL is passed, but in some cases such as network driver locks
(which use the MTX_NETWORK_LOCK macro) and UMA zone locks, a name is used.

Tested on:	i386, alpha, sparc64
2002-04-04 21:03:38 +00:00
jhb
dc2e474f79 Change the suser() API to take advantage of td_ucred as well as do a
general cleanup of the API.  The entire API now consists of two functions
similar to the pre-KSE API.  The suser() function takes a thread pointer
as its only argument.  The td_ucred member of this thread must be valid
so the only valid thread pointers are curthread and a few kernel threads
such as thread0.  The suser_cred() function takes a pointer to a struct
ucred as its first argument and an integer flag as its second argument.
The flag is currently only used for the PRISON_ROOT flag.

Discussed on:	smp@
2002-04-01 21:31:13 +00:00
ume
4d5783c847 In nd6_lookup(), check if rt_llinfo is non-NULL to avoid returning an
entry that has the LLINFO flag but is not a neighbor cache entry.

Obtained from:	KAME
MFC after:	1 week
2002-04-01 15:15:05 +00:00
ume
1787e9ff8d Fix cached route problem.
Submitted by:	Keiichi SHIMA <keiichi@iij.ad.jp> (KAME)
Reviewed by:	JINMEI Tatuya <jinmei@isl.rdc.toshiba.co.jp> (KAME)
MFC after:	1 week
2002-03-29 15:42:44 +00:00
ume
3154e5831a double m_free() - not critical. from niklas@openbsd
Obtained from:	KAME
MFC after:	1 week
2002-03-29 05:14:58 +00:00
ume
31c9c349f8 Corrected arguments to key_allocsa called from
{esp6, ah6}_ctlinput.  Previous ones were uninitialized
auto variables, which were completely bogus.

Obtained from:	KAME
MFC after:	1 week
2002-03-25 10:46:24 +00:00
ume
37ae60983d 3rd arg to bcmp() was wrong. From: David Wang <dsw@juniper.net>
Obtained from:	KAME
MFC after:	1 week
2002-03-25 10:12:51 +00:00
jeff
3a6f53adc7 Remove references to vm_zone.h and switch over to the new uma API. 2002-03-20 08:03:54 +00:00
peter
5a70574f9c Pacify gcc-3.1. 2002-03-19 23:26:37 +00:00
alfred
f7f2a5dc47 Remove duplicate extern declarations to silence warnings. 2002-03-19 19:45:41 +00:00
darrenr
e8d1f239b7 put an extern for ip6_protox in here where it is only used for kernel compiling 2002-03-19 15:01:21 +00:00
darrenr
5d8547e590 put an extern for inet6sw in here and make it active only for kernel compiling 2002-03-19 14:56:59 +00:00
mike
b9910027dd o Add INET_ADDRSTRLEN and INET6_ADDRSTRLEN defines to <arpa/inet.h>
for POSIX.1-2001 conformance.
o Add magic to <netinet/in.h> and <netinet6/in6.h> to prevent
  redefining INET_ADDRSTRLEN and INET6_ADDRSTRLEN.
o Add a note about missing typedefs in <arpa/inet.h>.
2002-03-10 06:42:27 +00:00
ume
981ea9e4ae - use des_ecb3_encrypt().
- style: added spaces after /* and before */

Obtained from:	KAME
MFC after:	2 weeks
2002-03-05 21:12:41 +00:00
ume
e0782fc24b Oops, now, encription and decription are separate function.
MFC after:	2 weeks
2002-03-05 20:32:49 +00:00
ume
92361f6aad - Speedup 3DES by using assembly code for i386.
- Sync des/blowfish to more recent openssl.

Obtained from:	KAME/NetBSD
MFC after:	2 weeks
2002-03-05 09:19:02 +00:00
ume
7bf004382f - In nd6_rtrequest(), ignored a route when it is created by cloning and
is not a neighbor.  see comments for the detailed reason.

- Rejected the process of nd6_rtrequest() when the request is RESOLVE and
the interface does not need neighbor caches.

Obtained from:	KAME
MFC After:	1 week
2002-02-28 17:05:46 +00:00
peter
dfc212c6f1 Fix another boatload of warnings (missing include) and a cosmetic
-Wuninitialized warning.
2002-02-28 00:14:04 +00:00
dd
c8a6bd9922 Introduce a version field to `struct xucred' in place of one of the
spares (the size of the field was changed from u_short to u_int to
reflect what it really ends up being).  Accordingly, change users of
xucred to set and check this field as appropriate.  In the kernel,
this is being done inside the new cru2x() routine which takes a
`struct ucred' and fills out a `struct xucred' according to the
former.  This also has the pleasant sideaffect of removing some
duplicate code.

Reviewed by:	rwatson
2002-02-27 04:45:37 +00:00
alfred
9da4687481 Fix warnings caused by discarding const.
Hairy Eyeball At: peter
2002-02-27 02:44:45 +00:00
brooks
1187176183 Fix warnings in the gif(4) driver so it compiles with -Werror. 2002-02-26 20:11:33 +00:00
mike
bcee06d42c o Move NTOHL() and associated macros into <sys/param.h>. These are
deprecated in favor of the POSIX-defined lowercase variants.
o Change all occurrences of NTOHL() and associated marcros in the
  source tree to use the lowercase function variants.
o Add missing license bits to sparc64's <machine/endian.h>.
  Approved by: jake
o Clean up <machine/endian.h> files.
o Remove unused __uint16_swap_uint32() from i386's <machine/endian.h>.
o Remove prototypes for non-existent bswapXX() functions.
o Include <machine/endian.h> in <arpa/inet.h> to define the
  POSIX-required ntohl() family of functions.
o Do similar things to expose the ntohl() family in libstand, <netinet/in.h>,
  and <sys/param.h>.
o Prepend underscores to the ntohl() family to help deal with
  complexities associated with having MD (asm and inline) versions, and
  having to prevent exposure of these functions in other headers that
  happen to make use of endian-specific defines.
o Create weak aliases to the canonical function name to help deal with
  third-party software forgetting to include an appropriate header.
o Remove some now unneeded pollution from <sys/types.h>.
o Add missing <arpa/inet.h> includes in userland.

Tested on:	alpha, i386
Reviewed by:	bde, jake, tmm
2002-02-18 20:35:27 +00:00
ume
4c31b56dc6 Corrected an argument to in6_pcbnotify().
Obtained from:	KAME
MFC after:	1 week
2002-02-04 17:40:36 +00:00
ume
ab65ed6b0b - Check the address family of a cached destination, in case of
sharing the cache with IPv4.
- Check if the cached route is up in in6_selectsrc().

Obtained from:	KAME
2002-01-21 20:02:36 +00:00
msmith
ea9c5a8d4c Initialise the intrq_present fields at runtime, not link time. This allows
us to load protocols at runtime, and avoids the use of common variables.

Also fix the ip6_intrq assignment so that it works at all.
2002-01-08 10:34:03 +00:00
msmith
2b4f430bb7 Staticise the fw chain. 2002-01-08 10:30:55 +00:00
sumikawa
21cf34e4e5 Back out cometic changes. This is for easily syncing with KAME in other BSDs. 2001-12-17 18:13:12 +00:00
obrien
7fd9a6a23a Update to C99, s/__FUNCTION__/__func__/,
also don't use ANSI string concatenation.
2001-12-10 08:09:49 +00:00
arr
915c6a9163 - Replace M_WAIT with M_TRYWAIT since the M_WAIT flag is deprecated.
Spotted by: bde
2001-12-09 17:48:08 +00:00
ume
8ee8d7c8d6 fixed the cast128 calculation with a short cipher key length.
the memory was overridden when the key length was less than 16 bytes.

Obtained from:	KAME
MFC after:	1 week
2001-11-27 14:11:47 +00:00
jlemon
a3c1c9fdb4 Introduce a syncache, which enables FreeBSD to withstand a SYN flood
DoS in an improved fashion over the existing code.

Reviewed by: silby  (in a previous iteration)
Sponsored by: DARPA, NAI Labs
2001-11-22 04:50:44 +00:00
dillon
86ed17d675 Give struct socket structures a ref counting interface similar to
vnodes.  This will hopefully serve as a base from which we can
expand the MP code.  We currently do not attempt to obtain any
mutex or SX locks, but the door is open to add them when we nail
down exactly how that part of it is going to work.
2001-11-17 03:07:11 +00:00
rwatson
8cf42b482a o Replace reference to 'struct proc' with 'struct thread' in 'struct
sysctl_req', which describes in-progress sysctl requests.  This permits
  sysctl handlers to have access to the current thread, permitting work
  on implementing td->td_ucred, migration of suser() to using struct
  thread to derive the appropriate ucred, and allowing struct thread to be
  passed down to other code, such as network code where td is not currently
  available (and curproc is used).

o Note: netncp and netsmb are not updated to reflect this change, as they
  are not currently KSE-adapted.

Reviewed by:		julian
Obtained from:	TrustedBSD Project
2001-11-08 02:13:18 +00:00
ume
a58314c120 Fixed the behavior when there is no inbound policy for the ipsec
tunneled packet.
When there is no suitable inbound policy for the packet of the ipsec
tunnel mode, the kernel never decapsulate the tunneled packet
as the ipsec tunnel mode even when the system wide policy is "none".
Then the kernel leaves the generic tunnel module to process this
packet.  If there is no rule of the generic tunnel, the packet
is rejected and the statistics will be counted up.

Obtained from:	KAME
MFC after:	1 week
2001-11-06 22:45:29 +00:00
sumikawa
6a5252c5e1 Fix fragmented packet handling.
Obtained from:	KAME
MFC after:	3 weeks
2001-10-29 07:55:57 +00:00
ru
ecb4d3d05f Pull post-4.4BSD change to sys/net/route.c from BSD/OS 4.2.
Have sys/net/route.c:rtrequest1(), which takes ``rt_addrinfo *''
as the argument.  Pass rt_addrinfo all the way down to rtrequest1
and ifa->ifa_rtrequest.  3rd argument of ifa->ifa_rtrequest is now
``rt_addrinfo *'' instead of ``sockaddr *'' (almost noone is
using it anyways).

Benefit: the following command now works.  Previously we needed
two route(8) invocations, "add" then "change".
# route add -inet6 default ::1 -ifp gif0

Remove unsafe typecast in rtrequest(), from ``rtentry *'' to
``sockaddr *''.  It was introduced by 4.3BSD-Reno and never
corrected.

Obtained from:	BSD/OS, NetBSD
MFC after:	1 month
PR:		kern/28360
2001-10-17 18:07:05 +00:00
ru
927ee0e1ed Pull fix for memory leak in in6_losing() from netinet/in_pcb.c,v 1.85.
MFC after:	1 week
2001-10-17 17:42:23 +00:00
ume
737d8ec150 Fixed to process a IPv6 packet when ah transport after esp tunnel
should be applied.  the SA of AH transport could not be selected
from the SAD because of this bug.

Obtained from:	KAME
MFC after:	1 week
2001-10-17 13:03:37 +00:00
darrenr
f9de0abc76 catch forwarded ipv6 packets with pfil_hooks for outbound things too 2001-10-15 14:16:18 +00:00
brooks
74063dd723 Make faith loadable, unloadable, and clonable. 2001-09-25 18:40:52 +00:00
sumikawa
232702cb5f Removed a wrong comment.
Obtained from:	KAME
MFC after:	1 week
2001-09-20 08:04:21 +00:00
julian
5596676e6c KSE Milestone 2
Note ALL MODULES MUST BE RECOMPILED
make the kernel aware that there are smaller units of scheduling than the
process. (but only allow one thread per process at this time).
This is functionally equivalent to teh previousl -current except
that there is a thread associated with each process.

Sorry john! (your next MFC will be a doosie!)

Reviewed by: peter@freebsd.org, dillon@freebsd.org

X-MFC after:    ha ha ha ha
2001-09-12 08:38:13 +00:00
julian
3cc9960fd1 Patches from KAME to remove usage of Varargs in existing
IPV4 code. For now they will still have some in the developing stuff (IPv6)

Submitted by:	Keiichi SHIMA / <keiichi@iij.ad.jp>
Obtained from:	KAME
2001-09-07 07:19:12 +00:00
jlemon
f729fe0a4a Wrap array accesses in macros, which also happen to be lvalues:
ifnet_addrs[i - 1]  -> ifaddr_byindex(i)
        ifindex2ifnet[i]    -> ifnet_byindex(i)

This is intended to ease the conversion to SMPng.
2001-09-06 02:40:43 +00:00
julian
071f86f9f1 Patches from Keiichi SHIMA <keiichi@iij.ad.jp>
to make ip use the standard protosw structure again.

Obtained from: Well, KAME I guess.
2001-09-03 20:03:55 +00:00
jlemon
d4e4fe55ba Add missing "opt_inet6.h" header. 2001-08-31 13:49:03 +00:00
fenner
1a9e5ae59a Fix fencepost error causing creation of 0-length mbufs when the boundary
between header and data fell on the boundary between two mbufs.
2001-08-20 17:58:46 +00:00
simokawa
4725d9a069 Fix unaligned access (fault) on alpha with ndp -p/-r and sysctl -a.
Discussed on users@jp.ipv6.org

MFC candidate.
2001-08-10 00:34:20 +00:00
ume
215c0c107e When running aplication joined multicast address,
removing network card, and kill aplication.
imo_membership[].inm_ifp refer interface pointer
after removing interface.
When kill aplication, release socket,and imo_membership.
imo_membership use already not exist interface pointer.
Then, kernel panic.

PR:		29345
Submitted by:	Inoue Yuichi <inoue@nd.net.fujitsu.co.jp>
Obtained from:	KAME
MFC after:	3 days
2001-08-04 17:10:14 +00:00
ume
f62663bb06 When global anycast address was assigned to lo0, wrong source
address was selected.

Reported by:	Shingo WATANABE <nabe@nabechan.org>
Submitted by:	JINMEI Tatuya <jinmei@isl.rdc.toshiba.co.jp>
MFC after:	3 days
2001-08-03 19:10:31 +00:00
ume
e8ae8d1bf4 move ipsec security policy allocation into in_pcballoc, before
making pcbs available to the outside world.  otherwise, we will see
inpcb without ipsec security policy attached (-> panic() in ipsec.c).

Obtained from:	KAME
MFC after:	3 days
2001-07-26 19:19:49 +00:00
ume
e5aac591c6 do not M_WAITOK in in6_update_ifa(), since this function can be called
under splnet().  (some comment was added by KAME)

PR:		28927
MFC after:	1 week
2001-07-15 14:24:00 +00:00