This work was based on kame-20010528-freebsd43-snap.tgz and some
critical problem after the snap was out were fixed.
There are many many changes since last KAME merge.
TODO:
- The definitions of SADB_* in sys/net/pfkeyv2.h are still different
from RFC2407/IANA assignment because of binary compatibility
issue. It should be fixed under 5-CURRENT.
- ip6po_m member of struct ip6_pktopts is no longer used. But, it
is still there because of binary compatibility issue. It should
be removed under 5-CURRENT.
Reviewed by: itojun
Obtained from: KAME
MFC after: 3 weeks
peer out from sppp_lcp_open() to sppp_lcp_up(). For one, this makes
things look more symmetrical to sppp_lcp_close(), and somehow it also
just occurred to me that an Up event following the open caused the
value of the authentication option to be clobbered.
Fix a serious bug in sppp where anyone could obtain a successful PAP
authentication by supplying a null password. I've only stumpled across
the PR while browsing for all sppp-related PRs.
Should we also file a security advisory for this?
PR: 21592
Submitted by: <dli@3bc.de> Dirk Liebke
When we get an Open event in stopped state, experience shows that this
is usually means we've somehow missed a previous Down event. This has
occasionally bitten people for the IPCP layer with ISDN, apparently a
previously aborted IPCP negotiation must have caused this. As a
bandaid, we quickly pretent a Down event by advancing to starting
state; this effectively implements the `restart' option mentioned in
RFC 1663.
While i'm not yet fully convinced this is the best thing to do (and is
fully compliant with RFC 1661), i've seen a number of reports here on
the German mailing lists where people have been bitten by the previous
behaviour which usually causes quickly looping ISDN reconnects (thus
loss of money...), and where just this patch fixes the problem.
For this, i'd even like to see it MFC'd if possible.
Submitted by: Helmut Kreft <kreft@zeus.ai-lab.fh-furtwangen.de>
to negotiate from scratch. Make leased lines survive being put into
loopback mode. Bits and pieces and ideas taken from PRs 11238 and 21771.
Make it a module so that it can be kldloaded. Whitespace cleanup. (Can be
ignored with "cvs diff -b".)
PR: 11238 and 21771 (bits and pieces)
before adding/removing packets from the queue. Also, the if_obytes and
if_omcasts fields should only be manipulated under protection of the mutex.
IF_ENQUEUE, IF_PREPEND, and IF_DEQUEUE perform all necessary locking on
the queue. An IF_LOCK macro is provided, as well as the old (mutex-less)
versions of the macros in the form _IF_ENQUEUE, _IF_QFULL, for code which
needs them, but their use is discouraged.
Two new macros are introduced: IF_DRAIN() to drain a queue, and IF_HANDOFF,
which takes care of locking/enqueue, and also statistics updating/start
if necessary.
packet divert at kernel for IPv6/IPv4 translater daemon
This includes queue related patch submitted by jburkhol@home.com.
Submitted by: queue related patch from jburkhol@home.com
Reviewed by: freebsd-arch, cvs-committers
Obtained from: KAME project
go to REQ_SENT (and we probably should also log this since it should
only happen in a cross-linked connection).
Submitted by: Mark Tinguely <tinguely@plains.NoDak.edu>
in the first place.
Use 3sec timeout as recommended.
Reorder some debug messages.
Label som of the 0x%x in debug messages
Make sppp_print_bytes() use %*D and handle zero length.
If we don't have MAGIC numbers, don't yell loopback if 0 == 0
Not tested on the if_sr, if_cx and if_ar drivers, but
expected to work just the same as it used to.
Any users of these drivers (or even better: donors
of hardware for them) please contact phk@freebsd.org
so we can test the next batch of changes to if_sppp.
for possible buffer overflow problems. Replaced most sprintf()'s
with snprintf(); for others cases, added terminating NUL bytes where
appropriate, replaced constants like "16" with sizeof(), etc.
These changes include several bug fixes, but most changes are for
maintainability's sake. Any instance where it wasn't "immediately
obvious" that a buffer overflow could not occur was made safer.
Reviewed by: Bruce Evans <bde@zeta.org.au>
Reviewed by: Matthew Dillon <dillon@apollo.backplane.com>
Reviewed by: Mike Spengler <mks@networkcs.com>
FreeBSD repository version of this file and the isdn4bsd version,
adopt those changes from the i4b version that make this file
BSD-version independent. I attempted to avoid uglifying this file too
much, thus deviated a little from the i4b version (and hope they will
adopt the changes, too).
The diffs mostly concentrate on:
. #include differences between the systems
. different callout handling between FreeBSD vs. Net/OpenBSD
. interface naming (Net/OpenBSD store the ASCII name including the
unit # in struct ifnet, FreeBSD only the name)
. use of random() in FreeBSD vs. time-based pseudo-randomization in
Net/OpenBSD (for loopback detection ad CHAP challenges -- i
assume at least OpenBSD could also benefit from random(), but that's
the way i've got this file)
. interface address list elements are named a little differently
between FreeBSD and Net/OpenBSD
I attempted to segregate those compat fixes from other code fixes and
enhancements.
Obtained from: The isdn4bsd project
* Figure out UTC relative to boottime. Four new functions provide
time relative to boottime.
* move "runtime" into struct proc. This helps fix the calcru()
problem in SMP.
* kill mono_time.
* add timespec{add|sub|cmp} macros to time.h. (XXX: These may change!)
* nanosleep, select & poll takes long sleeps one day at a time
Reviewed by: bde
Tested by: ache and others
"time" wasn't a atomic variable, so splfoo() protection were needed
around any access to it, unless you just wanted the seconds part.
Most uses of time.tv_sec now uses the new variable time_second instead.
gettime() changed to getmicrotime(0.
Remove a couple of unneeded splfoo() protections, the new getmicrotime()
is atomic, (until Bruce sets a breakpoint in it).
A couple of places needed random data, so use read_random() instead
of mucking about with time which isn't random.
Add a new nfs_curusec() function.
Mark a couple of bogosities involving the now disappeard time variable.
Update ffs_update() to avoid the weird "== &time" checks, by fixing the
one remaining call that passwd &time as args.
Change profiling in ncr.c to use ticks instead of time. Resolution is
the same.
Add new function "tvtohz()" to avoid the bogus "splfoo(), add time, call
hzto() which subtracts time" sequences.
Reviewed by: bde
This will not make any of object files that LINT create change; there
might be differences with INET disabled, but hardly anything compiled
before without INET anyway. Now the 'obvious' things will give a
proper error if compiled without inet - ipx_ip, ipfw, tcp_debug. The
only thing that _should_ work (but can't be made to compile reasonably
easily) is sppp :-(
This commit move struct arpcom from <netinet/if_ether.h> to
<net/if_arp.h>.
In sppp_chap_input:
1) in the CHAP_CHALLENGE case don't output the peer's name if it is not
what we expected (DEBUG) since it will be printed out in the course
of events anyway.
2) in the CHAP_SUCCESS case test whether the peer is required to
authenticate himself [(sp->lcp.opts & (1 << LCP_OPT_AUTH_PROTO))],
otherwise the state machine may never switch into the network state.
I saw this case against 2 different ISPs; they never bothered to
authenticate themselves to me.
In sppp_pap_input:
in the PAP_ACK case do the same as in 2) above for the same reason.
The #ifdef IPXIP in netipx/ipx_if.h is OK (used from ipx_usrreq.c and
ifconfig.c only).
I also fixed a typo IPXTUNNEL -> IPTUNNEL (and #ifdef'ed out the code
inside, as it never could have compiled - doh.)
returning ICMP_TIMXCEED)
use CISCO_UNICAST instead of CISCO_MULTICAST to send normal packets.
this is needed for packets to get processed by a cisco router,
but doesn't matter if a packet is just forwarded.
Reviewed by:itojun@itojun.org
than max_failures attempts, we are going to REJ it, to prevent endless
NAK loops.
(This is actually part of a larger local set of modifications i'm
running with, but the remainder (PAP & CHAP) ain't ready for prime-
time yet.)