Commit Graph

514 Commits

Author SHA1 Message Date
andre
02715a1de8 Use the correct mbuf type for MGET(). 2005-08-30 16:35:27 +00:00
suz
1dd6384f2b added a missing unlock (just do the same thing as in netinet/raw_ip.c)
Obtained from: KAME
MFC after: 3 days
2005-08-18 11:11:27 +00:00
ume
d73a48f4b8 - fix race condition using sx lock.
- use TAILQ_FOREACH() for readability.

Suggested by:	jhb
2005-08-17 16:46:55 +00:00
ume
0b8c72b90b avoid exclusive sleep mutex. 2005-08-16 19:49:10 +00:00
ume
08a5c349d1 added a knob to enable path MTU discovery for multicast packets.
(by default, it is disabled)

Submitted by:	suz
Obtained from:	KAME
2005-08-13 19:55:06 +00:00
ume
fe6f4a34b3 - fix typo in comment.
- nuke unused code.

Submitted by:	suz
Obtained from:	KAME
2005-08-12 15:27:25 +00:00
glebius
fa253399af o Make rt_check() function more strict:
- rt0 passed to rt_check() must not be NULL, assert this.
  - rt returned by rt_check() must be valid locked rtentry,
    if no error occured.
o Modify callers, so that they never pass NULL rt0
  to rt_check().

Reviewed by:	sam, ume (nd6.c)
2005-08-11 08:14:53 +00:00
ume
e0688f1293 create sysctl tree dynamically. it is required to share
net.inet6.ip6.fw with upcomming ipfw2 improvement for IPv6.

Requested by:	bz
2005-08-11 07:28:01 +00:00
ume
c9a2728833 removed RFC1885-related code. it was obsoleted by RFC2463, and the
code was #ifdef'ed out for a long time.

Submitted by:	suz
Obtained from:	KAME
2005-08-10 17:30:10 +00:00
suz
62a02b864f supports stealth forwarding in IPv6, as well as in IPv4
PR: kern/54625
MFC after: 1 week
2005-08-10 09:13:35 +00:00
obrien
d5d343a0fd Remove public declarations of variables that were forgotten when they were
made static.
2005-08-10 07:10:02 +00:00
obrien
d07b8d496e Style nit. 2005-08-10 06:38:46 +00:00
suz
57f686d55c fixed a kernel crash at the start-up time of an IPv6 multicast daemons o
(e.g. pim6dd, pim6sd)

MFC after: 3 days
2005-08-10 05:28:11 +00:00
ume
0b5fb77679 corrected the fourth argument to ni6_addrs(). 2005-08-09 12:24:11 +00:00
rwatson
5d770a09e8 Propagate rename of IFF_OACTIVE and IFF_RUNNING to IFF_DRV_OACTIVE and
IFF_DRV_RUNNING, as well as the move from ifnet.if_flags to
ifnet.if_drv_flags.  Device drivers are now responsible for
synchronizing access to these flags, as they are in if_drv_flags.  This
helps prevent races between the network stack and device driver in
maintaining the interface flags field.

Many __FreeBSD__ and __FreeBSD_version checks maintained and continued;
some less so.

Reviewed by:	pjd, bz
MFC after:	7 days
2005-08-09 10:20:02 +00:00
glebius
f2edd835a7 In preparation for fixing races in ARP (and probably in other
L2/L3 mappings) make rt_check() return a locked rtentry.
2005-08-09 08:39:56 +00:00
glebius
4d15123a5e - Use 'error' variable to store error value, instead of 'i'.
- Push 'i' into the only block where it is used.
- Remove redundant check for rt being NULL. If rt_check() hasn't
  returned an error, then rt is valid.

Reviewed by:	gnn
2005-08-09 08:37:28 +00:00
rwatson
efa13b9da9 Modify network protocol consumers of the ifnet multicast address lists
to lock if_addr_mtx.

Problem reported by:	Ed Maste <emaste at phaedrus dot sandvine dot ca>
MFC after:		1 week
2005-08-02 23:51:22 +00:00
ume
aef495bf52 simplied the fix to FreeBSD-SA-04:06.ipv6. The previous one worried
too much even though we actually validate the parameters.  This code
also is more compatible with other *BSDs, which do copyin within
setsockopt().

Submitted by:	Keiichi SHIMA <keiichi__at__iijlab.net>
Reviewed by:	security-officer (nectar)
Obtained from:	KAME
2005-07-28 18:07:07 +00:00
cperciva
6393df51cc Correct a buffer overflow which can occur when decompressing a
carefully crafted deflated data stream. [1]

Correct problems in the AES-XCBC-MAC IPsec authentication algorithm. [2]

Submitted by:	suz [2]
Security:	FreeBSD-SA-05:18.zlib [1], FreeBSD-SA-05:19.ipsec [2]
2005-07-27 08:41:17 +00:00
ume
0c95d55c4d nuke duplicate inclusion of scope6_var.h. 2005-07-26 11:46:15 +00:00
ume
7d261b1b38 oops, make it compilable. i need sleep. X-( 2005-07-25 17:28:39 +00:00
ume
627296e11d restore locks which disappeared wrongly by my previous commit. 2005-07-25 17:05:37 +00:00
ume
da2cf62b28 scope cleanup. with this change
- most of the kernel code will not care about the actual encoding of
  scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
  scoped addresses as a special case.
- scope boundary check will be stricter.  For example, the current
  *BSD code allows a packet with src=::1 and dst=(some global IPv6
  address) to be sent outside of the node, if the application do:
    s = socket(AF_INET6);
    bind(s, "::1");
    sendto(s, some_global_IPv6_addr);
  This is clearly wrong, since ::1 is only meaningful within a single
  node, but the current implementation of the *BSD kernel cannot
  reject this attempt.

Submitted by:	JINMEI Tatuya <jinmei__at__isl.rdc.toshiba.co.jp>
Obtained from:	KAME
2005-07-25 12:31:43 +00:00
ume
5960d35ade always copy ip6_pktopt. remove needcopy and needfree
argument/structure member accordingly.

Submitted by:	Keiichi SHIMA <keiichi__at__iijlab.net>
Obtained from:	KAME
2005-07-21 16:39:23 +00:00
ume
2343049cfa simplified udp6_output() and rip6_output(): do not override
in6p_outputopts at the entrance of the functions.  this trick was
necessary when we passed an in6 pcb to in6_embedscope(), within which
the in6p_outputopts member was used, but we do not use this kind of
interface any more.

Submitted by:	Keiichi SHIMA <keiichi__at__iijlab.net>
Obtained from:	KAME
2005-07-21 16:32:50 +00:00
ume
166d271598 be consistent on naming advanced API functions; use ip6_XXXpktopt(s).
Submitted by:	Keiichi SHIMA <keiichi__at__iijlab.net>
Obtained from:	KAME
2005-07-21 15:06:32 +00:00
ume
8da52394ef NULL is not zero.
Submitted by:	Keiichi SHIMA <keiichi__at__iijlab.net>
Obtained from:	KAME
2005-07-21 14:57:53 +00:00
ume
c07c4936d7 do not hardcode if_mtu values in here, except for IFT_{ARC,FDDI} -
they need special handling.  makes it possible to take advantage of 9k ether
frames.

Obtained from:	NetBSD
2005-07-20 20:02:28 +00:00
ume
b8e17ef763 update comments:
- RFC2292bis -> RFC3542
  - typo fixes

Submitted by:	Keiichi SHIMA <keiichi__at__iijlab.net>
Obtained from:	KAME
2005-07-20 08:59:45 +00:00
thompsa
d7e928629d Check the alignment of the IP header before passing the packet up to the
packet filter. This would cause a panic on architectures that require strict
alignment such as sparc64 (tier1) and ia64/ppc (tier2).

This adds two new macros that check the alignment, these are compile time
dependent on __NO_STRICT_ALIGNMENT which is set for i386 and amd64 where
alignment isn't need so the cost is avoided.

 IP_HDR_ALIGNED_P()
 IP6_HDR_ALIGNED_P()

Move bridge_ip_checkbasic()/bridge_ip6_checkbasic() up so that the alignment
is checked for ipfw and dummynet too.

PR:		ia64/81284
Obtained from:	NetBSD
Approved by:	re (dwhite), mlaier (mentor)
2005-07-02 23:13:31 +00:00
ume
38dbaac82e fix IP(v4) over IPv6 tunneling most likely broken with ifnet changes.
Submitted by:	bz
Approved by:	re (dwhite)
2005-06-20 20:17:00 +00:00
brooks
547b8204c4 Fix IPv6 neighbor discovery by using IF_LLADDR to get the mac address
instead of a particularly ugly cast + pointer math hack.

Reported by:	kuriyama, kris
2005-06-12 00:45:24 +00:00
brooks
567ba9b00a Stop embedding struct ifnet at the top of driver softcs. Instead the
struct ifnet or the layer 2 common structure it was embedded in have
been replaced with a struct ifnet pointer to be filled by a call to the
new function, if_alloc(). The layer 2 common structure is also allocated
via if_alloc() based on the interface type. It is hung off the new
struct ifnet member, if_l2com.

This change removes the size of these structures from the kernel ABI and
will allow us to better manage them as interfaces come and go.

Other changes of note:
 - Struct arpcom is no longer referenced in normal interface code.
   Instead the Ethernet address is accessed via the IFP2ENADDR() macro.
   To enforce this ac_enaddr has been renamed to _ac_enaddr.
 - The second argument to ether_ifattach is now always the mac address
   from driver private storage rather than sometimes being ac_enaddr.

Reviewed by:	sobomax, sam
2005-06-10 16:49:24 +00:00
iedowse
7de9a3957f Use IFF_LOCKGIANT/IFF_UNLOCKGIANT around calls to the interface
if_ioctl routine. This should fix a number of code paths through
soo_ioctl() that could call into Giant-locked network drivers without
first acquiring Giant.
2005-06-02 00:04:08 +00:00
rwatson
d32144e2d4 Lock udbinfo and inp before calling in6_pcbdetach() from udp6_abort().
MFC after:	1 week
2005-06-01 11:38:19 +00:00
gnn
c853caca3e Fixes for various nits found by the Coverity tool.
In particular 2 missed return values and an inappropriate bcopy from
a possibly NULL pointer.

Reviewed by:	jake
Approved by:	rwatson
MFC after:	1 week
2005-05-15 02:28:30 +00:00
brooks
f3ecaa630b Add IPv6 support to IPFW and Dummynet.
Submitted by:	Mariano Tortoriello and Raffaele De Lorenzo (via luigi)
2005-04-18 18:35:05 +00:00
gnn
8006d90653 Remove dead code which would never execute.
i.e. checking to see if a cluster was every less than 48 bytes,
    a rather unlikely case.

Check return value of m_dup_pkthdr() calls.

Found by: Coverity
Reviewed by: rwatson (mentor), Keiichi Shima (for Kame)
Approved by: rwatson (mentor)
2005-04-14 11:41:23 +00:00
sam
a2c73279e6 check for malloc failure (also move malloc up to simplify error recovery)
Noticed by:	Coverity Prevent analysis tool
Reviewed by:	gnn
2005-03-29 01:26:27 +00:00
glebius
d2dabbb47c ifma_protospec is a pointer. Use NULL when assigning or compating it. 2005-03-20 14:31:45 +00:00
sam
bf58395732 correct bounds check
Noticed by:	Coverity Prevent analysis tool
2005-03-16 05:11:11 +00:00
ume
4319b5fb5e refer opencrypto/cast.h directly. 2005-03-11 12:37:07 +00:00
ume
6cc5b893d5 reported from VANHULLEBUS Yvan [remote kernel crash may result]
Submitted by:	itojun
Obtained from:	KAME
MFC after:	1 day
2005-03-09 14:39:48 +00:00
suz
081ad05e6e ignores ICMPv6 code field in case of ICMPv6 Packet-Too-Big (as specified in RFC2463 and draft-ietf-ipngwg-icmp-v3-06.txt)
Obtained from: KAME
MFC after: 1 day
2005-03-02 05:14:15 +00:00
ume
06a3f4ae0c icmp6_notify_error uses IP6_EXTHDR_CHECK, which in turn calls
m_pullup.  icmp6_notify_error continued to use the old pointer,
which after the m_pullup is not suitable as a packet header any
longer (see m_move_pkthdr).
and this is what causes the kernel panic in sbappendaddr later on.

PR:		kern/77934
Submitted by:	Gerd Rausch <gerd@juniper.net>
MFC after:	2 days
2005-02-27 18:57:10 +00:00
ume
d5860f9733 fix typo.
MFC after:	2 days
2005-02-27 18:23:29 +00:00
ume
8a485418ea initialized the last arg to ip6_process_hopopts(), because the recent
code requires it to be 0 when a jumbo payload option is contained.

PR:		kern/77934
Submitted by:	Gerd Rausch <gerd@juniper.net>
Obtained from:	KAME
MFC after:	2 days
2005-02-27 18:07:18 +00:00
sam
513e3c0122 remove dead code
Noticed by:	Coverity Prevent analysis tool
2005-02-25 22:58:25 +00:00
sam
87ad220d1b eliminate dead code
Noticed by:	Coverity Prevent analysis tool
2005-02-23 22:53:04 +00:00