Commit Graph

506 Commits

Author SHA1 Message Date
Hajimu UMEMOTO
31c8e3fbec removed RFC1885-related code. it was obsoleted by RFC2463, and the
code was #ifdef'ed out for a long time.

Submitted by:	suz
Obtained from:	KAME
2005-08-10 17:30:10 +00:00
SUZUKI Shinsuke
f8a8f9ca5e supports stealth forwarding in IPv6, as well as in IPv4
PR: kern/54625
MFC after: 1 week
2005-08-10 09:13:35 +00:00
David E. O'Brien
c11ba30c9a Remove public declarations of variables that were forgotten when they were
made static.
2005-08-10 07:10:02 +00:00
David E. O'Brien
6ca6f60b07 Style nit. 2005-08-10 06:38:46 +00:00
SUZUKI Shinsuke
05b697ddcb fixed a kernel crash at the start-up time of an IPv6 multicast daemons o
(e.g. pim6dd, pim6sd)

MFC after: 3 days
2005-08-10 05:28:11 +00:00
Hajimu UMEMOTO
c66b5fea43 corrected the fourth argument to ni6_addrs(). 2005-08-09 12:24:11 +00:00
Robert Watson
13f4c340ae Propagate rename of IFF_OACTIVE and IFF_RUNNING to IFF_DRV_OACTIVE and
IFF_DRV_RUNNING, as well as the move from ifnet.if_flags to
ifnet.if_drv_flags.  Device drivers are now responsible for
synchronizing access to these flags, as they are in if_drv_flags.  This
helps prevent races between the network stack and device driver in
maintaining the interface flags field.

Many __FreeBSD__ and __FreeBSD_version checks maintained and continued;
some less so.

Reviewed by:	pjd, bz
MFC after:	7 days
2005-08-09 10:20:02 +00:00
Gleb Smirnoff
9bd8ca3014 In preparation for fixing races in ARP (and probably in other
L2/L3 mappings) make rt_check() return a locked rtentry.
2005-08-09 08:39:56 +00:00
Gleb Smirnoff
401df2f296 - Use 'error' variable to store error value, instead of 'i'.
- Push 'i' into the only block where it is used.
- Remove redundant check for rt being NULL. If rt_check() hasn't
  returned an error, then rt is valid.

Reviewed by:	gnn
2005-08-09 08:37:28 +00:00
Robert Watson
bccb41014a Modify network protocol consumers of the ifnet multicast address lists
to lock if_addr_mtx.

Problem reported by:	Ed Maste <emaste at phaedrus dot sandvine dot ca>
MFC after:		1 week
2005-08-02 23:51:22 +00:00
Hajimu UMEMOTO
e770771a78 simplied the fix to FreeBSD-SA-04:06.ipv6. The previous one worried
too much even though we actually validate the parameters.  This code
also is more compatible with other *BSDs, which do copyin within
setsockopt().

Submitted by:	Keiichi SHIMA <keiichi__at__iijlab.net>
Reviewed by:	security-officer (nectar)
Obtained from:	KAME
2005-07-28 18:07:07 +00:00
Colin Percival
1fcc990954 Correct a buffer overflow which can occur when decompressing a
carefully crafted deflated data stream. [1]

Correct problems in the AES-XCBC-MAC IPsec authentication algorithm. [2]

Submitted by:	suz [2]
Security:	FreeBSD-SA-05:18.zlib [1], FreeBSD-SA-05:19.ipsec [2]
2005-07-27 08:41:17 +00:00
Hajimu UMEMOTO
d6bb0cb7eb nuke duplicate inclusion of scope6_var.h. 2005-07-26 11:46:15 +00:00
Hajimu UMEMOTO
336a1a7b37 oops, make it compilable. i need sleep. X-( 2005-07-25 17:28:39 +00:00
Hajimu UMEMOTO
a7734b4bfd restore locks which disappeared wrongly by my previous commit. 2005-07-25 17:05:37 +00:00
Hajimu UMEMOTO
a1f7e5f8ee scope cleanup. with this change
- most of the kernel code will not care about the actual encoding of
  scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
  scoped addresses as a special case.
- scope boundary check will be stricter.  For example, the current
  *BSD code allows a packet with src=::1 and dst=(some global IPv6
  address) to be sent outside of the node, if the application do:
    s = socket(AF_INET6);
    bind(s, "::1");
    sendto(s, some_global_IPv6_addr);
  This is clearly wrong, since ::1 is only meaningful within a single
  node, but the current implementation of the *BSD kernel cannot
  reject this attempt.

Submitted by:	JINMEI Tatuya <jinmei__at__isl.rdc.toshiba.co.jp>
Obtained from:	KAME
2005-07-25 12:31:43 +00:00
Hajimu UMEMOTO
885adbfa81 always copy ip6_pktopt. remove needcopy and needfree
argument/structure member accordingly.

Submitted by:	Keiichi SHIMA <keiichi__at__iijlab.net>
Obtained from:	KAME
2005-07-21 16:39:23 +00:00
Hajimu UMEMOTO
e07db7aa57 simplified udp6_output() and rip6_output(): do not override
in6p_outputopts at the entrance of the functions.  this trick was
necessary when we passed an in6 pcb to in6_embedscope(), within which
the in6p_outputopts member was used, but we do not use this kind of
interface any more.

Submitted by:	Keiichi SHIMA <keiichi__at__iijlab.net>
Obtained from:	KAME
2005-07-21 16:32:50 +00:00
Hajimu UMEMOTO
d5e3406d06 be consistent on naming advanced API functions; use ip6_XXXpktopt(s).
Submitted by:	Keiichi SHIMA <keiichi__at__iijlab.net>
Obtained from:	KAME
2005-07-21 15:06:32 +00:00
Hajimu UMEMOTO
8507acb169 NULL is not zero.
Submitted by:	Keiichi SHIMA <keiichi__at__iijlab.net>
Obtained from:	KAME
2005-07-21 14:57:53 +00:00
Hajimu UMEMOTO
9727df0c09 do not hardcode if_mtu values in here, except for IFT_{ARC,FDDI} -
they need special handling.  makes it possible to take advantage of 9k ether
frames.

Obtained from:	NetBSD
2005-07-20 20:02:28 +00:00
Hajimu UMEMOTO
18b35df8fe update comments:
- RFC2292bis -> RFC3542
  - typo fixes

Submitted by:	Keiichi SHIMA <keiichi__at__iijlab.net>
Obtained from:	KAME
2005-07-20 08:59:45 +00:00
Andrew Thompson
2fcb030ad5 Check the alignment of the IP header before passing the packet up to the
packet filter. This would cause a panic on architectures that require strict
alignment such as sparc64 (tier1) and ia64/ppc (tier2).

This adds two new macros that check the alignment, these are compile time
dependent on __NO_STRICT_ALIGNMENT which is set for i386 and amd64 where
alignment isn't need so the cost is avoided.

 IP_HDR_ALIGNED_P()
 IP6_HDR_ALIGNED_P()

Move bridge_ip_checkbasic()/bridge_ip6_checkbasic() up so that the alignment
is checked for ipfw and dummynet too.

PR:		ia64/81284
Obtained from:	NetBSD
Approved by:	re (dwhite), mlaier (mentor)
2005-07-02 23:13:31 +00:00
Hajimu UMEMOTO
d098c2c166 fix IP(v4) over IPv6 tunneling most likely broken with ifnet changes.
Submitted by:	bz
Approved by:	re (dwhite)
2005-06-20 20:17:00 +00:00
Brooks Davis
be4889bb80 Fix IPv6 neighbor discovery by using IF_LLADDR to get the mac address
instead of a particularly ugly cast + pointer math hack.

Reported by:	kuriyama, kris
2005-06-12 00:45:24 +00:00
Brooks Davis
fc74a9f93a Stop embedding struct ifnet at the top of driver softcs. Instead the
struct ifnet or the layer 2 common structure it was embedded in have
been replaced with a struct ifnet pointer to be filled by a call to the
new function, if_alloc(). The layer 2 common structure is also allocated
via if_alloc() based on the interface type. It is hung off the new
struct ifnet member, if_l2com.

This change removes the size of these structures from the kernel ABI and
will allow us to better manage them as interfaces come and go.

Other changes of note:
 - Struct arpcom is no longer referenced in normal interface code.
   Instead the Ethernet address is accessed via the IFP2ENADDR() macro.
   To enforce this ac_enaddr has been renamed to _ac_enaddr.
 - The second argument to ether_ifattach is now always the mac address
   from driver private storage rather than sometimes being ac_enaddr.

Reviewed by:	sobomax, sam
2005-06-10 16:49:24 +00:00
Ian Dowse
ba5da2a06f Use IFF_LOCKGIANT/IFF_UNLOCKGIANT around calls to the interface
if_ioctl routine. This should fix a number of code paths through
soo_ioctl() that could call into Giant-locked network drivers without
first acquiring Giant.
2005-06-02 00:04:08 +00:00
Robert Watson
8a2aa63d7e Lock udbinfo and inp before calling in6_pcbdetach() from udp6_abort().
MFC after:	1 week
2005-06-01 11:38:19 +00:00
George V. Neville-Neil
403cbcf59f Fixes for various nits found by the Coverity tool.
In particular 2 missed return values and an inappropriate bcopy from
a possibly NULL pointer.

Reviewed by:	jake
Approved by:	rwatson
MFC after:	1 week
2005-05-15 02:28:30 +00:00
Brooks Davis
8195404bed Add IPv6 support to IPFW and Dummynet.
Submitted by:	Mariano Tortoriello and Raffaele De Lorenzo (via luigi)
2005-04-18 18:35:05 +00:00
George V. Neville-Neil
c543ec4e34 Remove dead code which would never execute.
i.e. checking to see if a cluster was every less than 48 bytes,
    a rather unlikely case.

Check return value of m_dup_pkthdr() calls.

Found by: Coverity
Reviewed by: rwatson (mentor), Keiichi Shima (for Kame)
Approved by: rwatson (mentor)
2005-04-14 11:41:23 +00:00
Sam Leffler
8a9d54df38 check for malloc failure (also move malloc up to simplify error recovery)
Noticed by:	Coverity Prevent analysis tool
Reviewed by:	gnn
2005-03-29 01:26:27 +00:00
Gleb Smirnoff
d4d2297060 ifma_protospec is a pointer. Use NULL when assigning or compating it. 2005-03-20 14:31:45 +00:00
Sam Leffler
6c011e4dc3 correct bounds check
Noticed by:	Coverity Prevent analysis tool
2005-03-16 05:11:11 +00:00
Hajimu UMEMOTO
9f65b10b0f refer opencrypto/cast.h directly. 2005-03-11 12:37:07 +00:00
Hajimu UMEMOTO
d34fd3c7e0 reported from VANHULLEBUS Yvan [remote kernel crash may result]
Submitted by:	itojun
Obtained from:	KAME
MFC after:	1 day
2005-03-09 14:39:48 +00:00
SUZUKI Shinsuke
da57b1caf8 ignores ICMPv6 code field in case of ICMPv6 Packet-Too-Big (as specified in RFC2463 and draft-ietf-ipngwg-icmp-v3-06.txt)
Obtained from: KAME
MFC after: 1 day
2005-03-02 05:14:15 +00:00
Hajimu UMEMOTO
9c0fda722d icmp6_notify_error uses IP6_EXTHDR_CHECK, which in turn calls
m_pullup.  icmp6_notify_error continued to use the old pointer,
which after the m_pullup is not suitable as a packet header any
longer (see m_move_pkthdr).
and this is what causes the kernel panic in sbappendaddr later on.

PR:		kern/77934
Submitted by:	Gerd Rausch <gerd@juniper.net>
MFC after:	2 days
2005-02-27 18:57:10 +00:00
Hajimu UMEMOTO
bee48028f0 fix typo.
MFC after:	2 days
2005-02-27 18:23:29 +00:00
Hajimu UMEMOTO
283f9f8a3c initialized the last arg to ip6_process_hopopts(), because the recent
code requires it to be 0 when a jumbo payload option is contained.

PR:		kern/77934
Submitted by:	Gerd Rausch <gerd@juniper.net>
Obtained from:	KAME
MFC after:	2 days
2005-02-27 18:07:18 +00:00
Sam Leffler
ba1a42195c remove dead code
Noticed by:	Coverity Prevent analysis tool
2005-02-25 22:58:25 +00:00
Sam Leffler
7f560471fe eliminate dead code
Noticed by:	Coverity Prevent analysis tool
2005-02-23 22:53:04 +00:00
Gleb Smirnoff
a97719482d Add CARP (Common Address Redundancy Protocol), which allows multiple
hosts to share an IP address, providing high availability and load
balancing.

Original work on CARP done by Michael Shalayeff, with many
additions by Marco Pfatschbacher and Ryan McBride.

FreeBSD port done solely by Max Laier.

Patch by:	mlaier
Obtained from:	OpenBSD (mickey, mcbride)
2005-02-22 13:04:05 +00:00
Robert Watson
da2ecc1aa6 Add missed merge of ripcbinfo extern. Given how widely used
ripcbinfo is, we should probably add it to an include file.

Spotted by:	mux
2005-02-09 01:12:43 +00:00
Robert Watson
62a2c81733 Lock raw IP socket pcb list and PCBs when processing input via
icmp6_rip6_input().

Reviewed by:	gnn
MFC after:	1 week
2005-02-08 22:16:26 +00:00
Robert Watson
8760934124 Remove a comment from the raw IPv6 output function regarding
M_TRYWAIT allocations: M_PREPEND() now uses M_DONTWAIT.

MFC after:	3 days
2005-02-06 21:43:55 +00:00
Hajimu UMEMOTO
5b8c5ac438 we don't need to make fake sockaddr_in6 to compare subject address.
MFC after:	1 week
2005-01-21 18:12:46 +00:00
Warner Losh
caf43b0208 /* -> /*- for license, minor formatting changes, separate for KAME 2005-01-07 02:30:35 +00:00
Gleb Smirnoff
5e5da86597 In certain cases ip_output() can free our route, so check
for its presence before RTFREE().

Noticed by:	ru
2004-12-10 07:51:14 +00:00
Gleb Smirnoff
34291a9efc style the last change 2004-12-09 09:52:58 +00:00