513 Commits

Author SHA1 Message Date
Hajimu UMEMOTO
31b3783c8d correct linkmtu handling.
Obtained from:	KAME
2003-10-20 15:27:48 +00:00
Hajimu UMEMOTO
9132d5071c - revert to old rijndael code. new rijndael code broke gbde.
- since aes-xcbc-mac and aes-ctr require functions in new
  rijndael code, aes-xcbc-mac and aes-ctr are disabled for now.
2003-10-19 21:28:34 +00:00
Hajimu UMEMOTO
2d0e1cf17a rtfree() must be called in lock context.
Reported by:	jhay
2003-10-18 17:46:23 +00:00
Hajimu UMEMOTO
ae360dddc7 nuke duplicate function and unused function.
Obtained from:	KAME
2003-10-17 17:50:09 +00:00
Hajimu UMEMOTO
e0cac38a6d revert wrongly dropped null check by previous commit. 2003-10-17 17:34:31 +00:00
Hajimu UMEMOTO
31b1bfe1b0 - add dom_if{attach,detach} framework.
- transition to use ifp->if_afdata.

Obtained from:	KAME
2003-10-17 15:46:31 +00:00
Sam Leffler
e312432731 fix horribly botched MFp4 merge 2003-10-16 19:55:28 +00:00
Sam Leffler
3c92002f24 pfil hooks can modify packet contents so check if the destination
address has been changed when PFIL_HOOKS is enabled and, if it has,
arrange for the proper action by ip*_forward.

Submitted by:	Pyun YongHyeon
Supported by:	FreeBSD Foundation
2003-10-16 18:57:45 +00:00
Sam Leffler
ba00f0096d MFp4: correct locking issues in nd6_lookup
Supported by:	FreeBSD Foundation
2003-10-14 18:49:08 +00:00
Hajimu UMEMOTO
66c7fe4056 use BF_ecb_encrypt().
Obtained from:	KAME
2003-10-13 19:26:08 +00:00
Hajimu UMEMOTO
b42ac57f4f - support AES counter mode for ESP.
- use size_t as return type of schedlen(), as there's no error
  check needed.
- clear key schedule buffer before freeing.

Obtained from:	KAME
2003-10-13 14:57:41 +00:00
Hajimu UMEMOTO
79203b9869 support AES XCBC MAC for AH.
Obtained from:	KAME
2003-10-13 04:56:04 +00:00
Hajimu UMEMOTO
c65ee7c758 - support AES XCBC MAC for AH
- correct SADB_X_AALG_RIPEMD160HMAC to 8

Obtained from:	KAME
2003-10-13 04:54:51 +00:00
Hajimu UMEMOTO
d5d49fe472 include opencrypto/rmd160.h 2003-10-12 18:33:30 +00:00
Hajimu UMEMOTO
faf228234c remove unused variable.
Obtained from:	KAME
2003-10-12 15:14:33 +00:00
Hajimu UMEMOTO
7128815095 - avoid hardcoded values.
- correct signedness mixups.
- log fix.
- preparation for 64bit sequence number.
  introduce SA id (unique ID for SA - SPI is useless as duplicated
  SPI is allowed)
- no need to malloc/free cksum buffer.

Obtained from:	KAME
2003-10-12 12:03:25 +00:00
Hajimu UMEMOTO
83ca448c94 - always check for optlen overrun.
- panic if NULL is passed to ah_sumsiz (as we never do it,
  and callers do not properly check negative returns).

Obtained from:	KAME
2003-10-12 11:18:04 +00:00
Hajimu UMEMOTO
00c62ed413 - correct signedness mixups.
- avoid assuming result buffer size

Obtained from:	KAME
2003-10-12 11:08:18 +00:00
Hajimu UMEMOTO
0c72771dea avoid hardcoding MD5 result length (16)
Obtained from:	KAME
2003-10-12 09:51:32 +00:00
Hajimu UMEMOTO
492528c051 - RIPEMD160 support
- pass size arg to ah->result (avoid assuming result buffer size)

Obtained from:	KAME
2003-10-12 09:41:42 +00:00
Hajimu UMEMOTO
020a816f9e fixed an endian bug on fragment header scanning
Obtained from:	KAME
2003-10-10 19:49:52 +00:00
Hajimu UMEMOTO
953ad2fb67 nuke SCOPEDROUTING. Though it was there for a long time,
it was never enabled.
2003-10-10 16:04:00 +00:00
Hajimu UMEMOTO
7aab01fa76 switch cast128 implementation to implementation by Steve Reid;
smaller footprint.

Obtained from:	KAME
2003-10-10 15:06:16 +00:00
Hajimu UMEMOTO
0606da6241 - typo. found by markus@openbsd
- correct signedness mixup in pointer passing.
- drop meaningless variable.

Obtained from:	KAME
2003-10-09 18:44:54 +00:00
Hajimu UMEMOTO
07eb299520 - typo in comment
- style
- ANSIfy
(there is no functional change.)

Obtained from:	KAME
2003-10-09 16:13:47 +00:00
Hajimu UMEMOTO
7efe5d92ab - fix typo in comments.
- style.
- NULL is not 0.
- some variables were renamed.
- nuke unused logic.
(there is no functional change.)

Obtained from:	KAME
2003-10-08 18:26:08 +00:00
Sam Leffler
68974f2940 must lock route when the caller provided a route but not
an interface; otherwise the subsequent unlock blows up

Suffered by:	Marcel Moolenaar <marcel@xcllnt.net>
Supported by:	FreeBSD Foundation
2003-10-07 20:57:35 +00:00
Hajimu UMEMOTO
aa15ec9156 indent 2003-10-07 20:22:01 +00:00
Hajimu UMEMOTO
0527d33302 style and indent. no functional change.
Obtained from:	KAME
2003-10-07 19:51:22 +00:00
Hajimu UMEMOTO
06cd0a3f97 - fix typo in comment.
- style.

Obtained from:	KAME
2003-10-07 17:46:18 +00:00
Hajimu UMEMOTO
00165f8e92 nuke unused CTL_IPV6PROTO_NAMES macro. 2003-10-07 17:42:31 +00:00
Hajimu UMEMOTO
40e39bbb67 return(code) -> return (code)
(reduce diffs against KAME)
2003-10-06 14:02:09 +00:00
Sam Leffler
d1dd20be6e Locking for updates to routing table entries. Each rtentry gets a mutex
that covers updates to the contents.  Note this is separate from holding
a reference and/or locking the routing table itself.

Other/related changes:

o rtredirect loses the final parameter by which an rtentry reference
  may be returned; this was never used and added unwarranted complexity
  for locking.
o minor style cleanups to routing code (e.g. ansi-fy function decls)
o remove the logic to bump the refcnt on the parent of cloned routes,
  we assume the parent will remain as long as the clone; doing this avoids
  a circularity in locking during delete
o convert some timeouts to MPSAFE callouts

Notes:

1. rt_mtx in struct rtentry is guarded by #ifdef _KERNEL as user-level
   applications cannot/do-no know about mutex's.  Doing this requires
   that the mutex be the last element in the structure.  A better solution
   is to introduce an externalized version of struct rtentry but this is
   a major task because of the intertwining of rtentry and other data
   structures that are visible to user applications.
2. There are known LOR's that are expected to go away with forthcoming
   work to eliminate many held references.  If not these will be resolved
   prior to release.
3. ATM changes are untested.

Sponsored by:	FreeBSD Foundation
Obtained from:	BSD/OS (partly)
2003-10-04 03:44:50 +00:00
Hajimu UMEMOTO
5d40536819 add randomtab for ip6_randomflowlabel().
Obtained from:	KAME
2003-10-01 21:45:57 +00:00
Hajimu UMEMOTO
b79274ba41 randomize IPv6 flowlabel when RANDOM_IP_ID is defined.
Obtained from:	KAME
2003-10-01 21:24:28 +00:00
Hajimu UMEMOTO
18193b6f63 use arc4random() 2003-10-01 21:10:02 +00:00
Hajimu UMEMOTO
de27a78aca - include opt_random_ip_id.h
- we don't need to obtain microtime when using ip6_randomid.
2003-10-01 20:24:20 +00:00
Hajimu UMEMOTO
8513854d16 we don't need ip6_id when RANDOM_IP_ID is defined. 2003-10-01 18:23:27 +00:00
Hajimu UMEMOTO
01e22dc51b include opt_random_ip_id.h 2003-10-01 17:28:42 +00:00
Hajimu UMEMOTO
672467eb28 Don't compiled ip6_randomid() in if RANDOM_IP_ID is not defined. 2003-10-01 16:22:58 +00:00
Hajimu UMEMOTO
2923494300 Obey RANDOM_IP_ID.
Requested by:	sam
2003-10-01 16:00:12 +00:00
Hajimu UMEMOTO
8373d51d4b randomize IPv6 fragment ID.
Obtained from:	KAME
2003-10-01 15:13:29 +00:00
Sam Leffler
b140bc1fc8 Correct pfil_run_hooks return handling: if the return value is non-zero
then the mbuf has been consumed by a hook; otherwise beware of a null
mbuf return (gack).  In particular the bridge was doing the wrong thing.
While in the ipv6 code make it's handling of pfil_run_hooks identical
to netbsd.

Pointed out by:	Pyun YongHyeon <yongari@kt-is.co.kr>
2003-09-30 04:46:08 +00:00
Sam Leffler
134ea22494 o update PFIL_HOOKS support to current API used by netbsd
o revamp IPv4+IPv6+bridge usage to match API changes
o remove pfil_head instances from protosw entries (no longer used)
o add locking
o bump FreeBSD version for 3rd party modules

Heavy lifting by:	"Max Laier" <max@love2party.net>
Supported by:		FreeBSD Foundation
Obtained from:		NetBSD (bits of pfil.h and pfil.c)
2003-09-23 17:54:04 +00:00
Matthew N. Dodd
2049fdeefd Enable IPv6 for Token Ring. 2003-09-14 02:32:31 +00:00
Bill Paul
dcdc6667ce The in6_ifattach() routine contains the following code:
in6_pcbpurgeif0(LIST_FIRST(udbinfo.listhead), ifp);
        in6_pcbpurgeif0(LIST_FIRST(ripcbinfo.listhead), ifp);

The problem here is that udbinfo.listhead and ripcbinfo.listhead are
not initialized during the device probe/attach phase of the kernel
boot process. So if, for example, a network driver calls ether_ifattach()
in its foo_attach() routine and then decides that something is wrong
and calls ether_ifdetach() to reverse the process, we will panic trying
to dereference the uninitialized list head pointers. (Though the
same sequence of events performed after the kernel has come up works
file, i.e. doing kldload if_foo from multiuser.)

Change this to:

        if (udbinfo.listhead != NULL)
                in6_pcbpurgeif0(LIST_FIRST(udbinfo.listhead), ifp);
        if (ripcbinfo.listhead != NULL)
                in6_pcbpurgeif0(LIST_FIRST(ripcbinfo.listhead), ifp);

to avoid the NULL pointer dereferences.
2003-09-13 22:34:52 +00:00
Ruslan Ermilov
78f94aa951 Fix a bunch of off-by-one errors in the range checking code. 2003-09-11 21:40:21 +00:00
Hajimu UMEMOTO
07cf047d5a introduced a flag bit "ND6_IFF_ACCEPT_RTADV" in the nd_ifinfo structure to
control whether to accept RAs per-interface basis.
the new stuff ensures the backward compatibility;
- the kernel does not accept RAs on any interfaces by default.
- since the default value of the flag bit is on, the kernel accepts RAs
  on all interfaces when net.inet6.ip6.accept_rtadv is 1.

Obtained from:	KAME
MFC after:	1 week
2003-08-05 14:57:11 +00:00
Hajimu UMEMOTO
6a2a90b794 Cleanup useless break.
Submitted by:	JINMEI Tatuya <jinmei@isl.rdc.toshiba.co.jp>
2003-07-29 14:10:13 +00:00
Hajimu UMEMOTO
c2ada8f1de ip6fw does not handle ESP correctly
PR:		kern/54874
Submitted by:	JINMEI Tatuya <jinmei@shuttle.wide.toshiba.co.jp>
MFC after:	1 week
2003-07-27 16:21:10 +00:00