#
1.131 |
|
09-Feb-2024 |
andvar |
fix spelling mistakes, mainly in comments and log messages.
|
Revision tags: netbsd-10-0-RC4 netbsd-10-0-RC3 netbsd-10-0-RC2 thorpej-ifq-base thorpej-altq-separation-base netbsd-10-0-RC1 netbsd-10-base
|
#
1.130 |
|
24-Oct-2022 |
knakahara |
Fix PR kern/57037
Be able to change the behavior sending parameter changing routing messages. When set net.inet6.ip6.param_rt_msg=0, don't send parameter changing routing messages. When set net.inet6.ip6.param_rt_msg=1(default), send parameter changing routing messages by RTM_NEWADDR.
|
Revision tags: bouyer-sunxi-drm-base
|
#
1.129 |
|
03-Sep-2022 |
thorpej |
Garbage-collect everything related to struct domain::dom_ifqueues (except dom_ifqueues itself, until the next kernel version bump). It's no longer used now that nothing uses the legacy netisr mechanism.
|
Revision tags: thorpej-i2c-spi-conf2-base thorpej-futex2-base thorpej-cfargs2-base cjep_sun2x-base1 cjep_sun2x-base cjep_staticlib_x-base1 cjep_staticlib_x-base thorpej-i2c-spi-conf-base thorpej-cfargs-base thorpej-futex-base
|
#
1.128 |
|
12-Jun-2020 |
roy |
Remove in-kernel handling of Router Advertisements
This is much better handled by a user-land tool. Proposed on tech-net here: https://mail-index.netbsd.org/tech-net/2020/04/22/msg007766.html
Note that the ioctl SIOCGIFINFO_IN6 no longer sets flags. That now needs to be done using the pre-existing SIOCSIFINFO_FLAGS ioctl.
Compat is fully provided where it makes sense, but trying to turn on RA handling will obviously throw an error as it no longer exists.
Note that if you use IPv6 temporary addresses, this now needs to be turned on in dhcpcd.conf(5) rather than in sysctl.conf(5).
|
Revision tags: bouyer-xenpvh-base2
|
#
1.127 |
|
24-Apr-2020 |
jakllsch |
Fill in .pr_usrreqs for SOCK_SEQPACKET and SOCK_STREAM variants of SCTP too.
This should allow these socket types of SCTP to operate on IPv6 family sockets, as .pr_usrreqs must not be NULL for socreate() to succeed.
|
Revision tags: netbsd-9-3-RELEASE netbsd-9-2-RELEASE netbsd-9-1-RELEASE phil-wifi-20200421 bouyer-xenpvh-base1 phil-wifi-20200411 bouyer-xenpvh-base is-mlppp-base phil-wifi-20200406 ad-namecache-base3 netbsd-9-0-RELEASE netbsd-9-0-RC2 ad-namecache-base2 ad-namecache-base1 ad-namecache-base netbsd-9-0-RC1 phil-wifi-20191119 netbsd-9-base phil-wifi-20190609 isaki-audio2-base pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906
|
#
1.126 |
|
14-Aug-2018 |
maxv |
branches: 1.126.10; Retire EtherIP, we have L2TP instead.
|
Revision tags: pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521
|
#
1.125 |
|
11-May-2018 |
roy |
branches: 1.125.2; Increase the default size of some receive buffers from 8k to 16k. This mitigates recent reports of socket overflow errors and fixes PR bin/53247.
|
#
1.124 |
|
03-May-2018 |
maxv |
Remove now unused tcpip.h includes. Some were already unused before.
|
#
1.123 |
|
03-May-2018 |
maxv |
Remove net_osdep.h completely.
|
Revision tags: pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315
|
#
1.122 |
|
15-Mar-2018 |
maxv |
Add the PR_LASTHDR flag on the PFsync and CARP entries. Otherwise a "require" IPsec policy is not enforced on them, and unauthenticated packets will be accepted.
Tested with a require-AH configuration. Sent on tech-net@, no comment.
|
Revision tags: pgoyette-compat-base
|
#
1.121 |
|
07-Feb-2018 |
maxv |
branches: 1.121.2; Style, and localify IPV6FORWARDING. No functional change.
|
#
1.120 |
|
07-Feb-2018 |
maxv |
Change ip6_hdrnestlimit to be 15 instead of 50. I couldn't find any reference in RFCs about what a correct limit should be, but FreeBSD already uses 15.
If an IPv6 packet has 50 options, there is clearly something wrong with it.
|
Revision tags: tls-maxphys-base-20171202
|
#
1.119 |
|
27-Sep-2017 |
ozaki-r |
Take softnet_lock on pr_input properly if NET_MPSAFE
Currently softnet_lock is taken unnecessarily in some cases, e.g., icmp_input and encap4_input from ip_input, or not taken even if needed, e.g., udp_input and tcp_input from ipsec4_common_input_cb. Fix them.
NFC if NET_MPSAFE is disabled (default).
|
#
1.118 |
|
21-Sep-2017 |
ozaki-r |
Invalidate rtcache based on a global generation counter
The change introduces a global generation counter that is incremented when any routes have been added or deleted. When a rtcache caches a rtentry into itself, it also stores a snapshot of the generation counter. If the snapshot equals to the global counter, the cache is still valid, otherwise invalidated.
One drawback of the change is that all rtcaches of all protocol families are invalidated when any routes of any protocol families are added or deleted. If that matters, we should have separate generation counters based on protocol families.
This change removes LIST_ENTRY from struct route, which fixes a part of PR kern/52515.
|
Revision tags: nick-nhusb-base-20170825 perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1
|
#
1.117 |
|
14-Apr-2017 |
ozaki-r |
branches: 1.117.4; Rumpify netipsec
Note that we should modularize netipsec and reduce reverse symbol references (referencing symbols of netipsec from net, netinet and netinet6) though, the task needs lots of code changes. Prior to doing so, rumpifying it and having ATF tests should be useful.
|
Revision tags: jdolecek-ncq-base pgoyette-localcount-20170320
|
#
1.116 |
|
16-Feb-2017 |
knakahara |
add l2tp(4) L2TPv3 interface.
originally implemented by IIJ SEIL team.
|
#
1.115 |
|
13-Feb-2017 |
ozaki-r |
Protect mtudisc and redirect stuffs of icmp/icmp6 with mutex
We have to run pr_init of icmp and icmp6 prior to tcp and tcp6 ones for mutex initialization.
|
Revision tags: nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107
|
#
1.114 |
|
13-Dec-2016 |
ozaki-r |
branches: 1.114.2; Remove unnecessary inclusions of nd6.h
|
Revision tags: nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907
|
#
1.113 |
|
06-Jul-2016 |
ozaki-r |
branches: 1.113.2; Move in6_ifaddr_list to a more proper place (from ip6_input.c to in6.c)
It's a similar place as the IPv4 address list, i.e., in.c.
More varibles will join together.
|
Revision tags: nick-nhusb-base-20160529
|
#
1.112 |
|
26-Apr-2016 |
ozaki-r |
Sweep unnecessary route.h inclusions
|
Revision tags: nick-nhusb-base-20160422
|
#
1.111 |
|
11-Apr-2016 |
ozaki-r |
Sweep unncessary radix.h inclusions
|
Revision tags: nick-nhusb-base-20160319
|
#
1.110 |
|
21-Jan-2016 |
riastradh |
Revert previous: ran cvs commit when I meant cvs diff. Sorry!
Hit up-arrow one too few times.
|
#
1.109 |
|
21-Jan-2016 |
riastradh |
Give proper prototype to ip_output.
|
#
1.108 |
|
20-Jan-2016 |
riastradh |
Eliminate struct protosw::pr_output.
You can't use this unless you know what it is a priori: the formal prototype is variadic, and the different instances (e.g., ip_output, route_output) have different real prototypes.
Convert the only user of it, raw_send in net/raw_cb.c, to take an explicit callback argument. Convert the only instances of it, route_output and key_output, to such explicit callbacks for raw_send. Use assertions to make sure the conversion to explicit callbacks is warranted.
Discussed on tech-net with no objections: https://mail-index.netbsd.org/tech-net/2016/01/16/msg005484.html
|
Revision tags: nick-nhusb-base-20151226
|
#
1.107 |
|
13-Oct-2015 |
rjs |
Add core networking support for SCTP.
|
Revision tags: nick-nhusb-base-20150921
|
#
1.106 |
|
24-Aug-2015 |
pooka |
sprinkle _KERNEL_OPT
|
Revision tags: nick-nhusb-base-20150606
|
#
1.105 |
|
22-Apr-2015 |
roy |
Move INET6 specific in6_if_{up,down}() and in6_if_link_{up,down}() into agnostic domain functions.
|
Revision tags: nick-nhusb-base-20150406
|
#
1.104 |
|
10-Feb-2015 |
rjs |
Add DCCP protocol support from KAME.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.103 |
|
05-Jun-2014 |
rmind |
branches: 1.103.4; - Implement pktqueue interface for lockless IP input queue. - Replace ipintrq and ip6intrq with the pktqueue mechanism. - Eliminate kernel-lock from ipintr() and ip6intr(). - Some preparation work to push softnet_lock out of ipintr().
Discussed on tech-net.
|
#
1.102 |
|
22-May-2014 |
rmind |
Move udp6_input(), udp6_sendup(), udp6_realinput() and udp6_input_checksum() from udp_usrreq.c to udp6_usrreq.c where they belong. No functional change.
|
Revision tags: rmind-smpnet-nbase rmind-smpnet-base
|
#
1.101 |
|
18-May-2014 |
rmind |
Add struct pr_usrreqs with a pr_generic function and prepare for the dismantling of pr_usrreq in the protocols; no functional change intended. PRU_ATTACH/PRU_DETACH changes will follow soon.
Bump for struct protosw. Welcome to 6.99.62!
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3
|
#
1.100 |
|
02-Jan-2014 |
pooka |
branches: 1.100.2; Allow kernels compiled with INET+INET6 to be booted as IPv4-only or IPv6-only.
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base
|
#
1.99 |
|
05-Jun-2013 |
christos |
branches: 1.99.2; IPSEC has not come in two speeds for a long time now (IPSEC == kame, FAST_IPSEC). Make everything refer to IPSEC to avoid confusion.
|
Revision tags: agc-symver-base
|
#
1.98 |
|
01-Mar-2013 |
joerg |
Retire OSI network stack. OK core@
|
Revision tags: yamt-pagecache-base8 yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.97 |
|
23-Jun-2012 |
christos |
branches: 1.97.2; 4 new sysctls to avoid ipv6 DoS attacks from OpenBSD
|
Revision tags: jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8
|
#
1.96 |
|
22-Mar-2012 |
drochner |
remove KAME IPSEC, replaced by FAST_IPSEC
|
Revision tags: netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 jmcneill-usbmp-base7 jmcneill-usbmp-base6 jmcneill-usbmp-base5 jmcneill-usbmp-base4 jmcneill-usbmp-base3 jmcneill-usbmp-base2 netbsd-6-base
|
#
1.95 |
|
31-Dec-2011 |
christos |
branches: 1.95.2; 1.95.6; 1.95.8; - fix offsetof usage, and redundant defines - kill pointer casts to 0
|
#
1.94 |
|
19-Dec-2011 |
drochner |
rename the IPSEC in-kernel CPP variable and config(8) option to KAME_IPSEC, and make IPSEC define it so that existing kernel config files work as before Now the default can be easily be changed to FAST_IPSEC just by setting the IPSEC alias to FAST_IPSEC.
|
Revision tags: jmcneill-usbmp-pre-base2 jmcneill-usbmp-base jmcneill-audiomp3-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base
|
#
1.93 |
|
24-Sep-2011 |
christos |
branches: 1.93.2; 1.93.6; Add inet6 part of the rfc6056 code contributed by Vlad Balan as part of Google SoC-2011
|
Revision tags: rmind-uvmplock-nbase cherry-xenmp-base rmind-uvmplock-base
|
#
1.92 |
|
24-May-2011 |
spz |
RA flood mitigation via a limit on accepted routes: - introduce a limit for the routes accepted via IPv6 Router Advertisement: a common 2 interface client will have 6, the default limit is 100 and can be adjusted via sysctl - report the current number of routes installed via RA via sysctl - count discarded route additions. Note that one RA message is two routes. This is at present only across all interfaces even though per-interface would be more useful, since the per-interface structure complies to RFC2466 - bump kernel version due to the previous change - adjust netstat to use the new value (with netstat -p icmp6)
|
#
1.91 |
|
03-May-2011 |
dyoung |
*_drain() routines may be called with locks held, so instead of doing any work in *_drain(), set a drain-needed flag. Do the work in the fasttimo handler.
Contributed by Coyote Point Systems, Inc.
|
#
1.90 |
|
31-Mar-2011 |
dyoung |
Hide the radix-trie implementation of the forwarding table so that we will have an easier time replacing it with something different, even if it is a second radix-trie implementation.
sys/net/route.c and sys/net/rtsock.c no longer operate directly on radix_nodes or radix_node_heads.
Hopefully this will reduce the temptation to implement multipath or source-based routing using grotty hacks to the grotty old radix-trie code, too. :-)
|
Revision tags: bouyer-quota2-nbase bouyer-quota2-base jruoho-x86intr-base matt-mips64-premerge-20101231 uebayasi-xip-base4 uebayasi-xip-base3 yamt-nfs-mp-base11
|
#
1.89 |
|
24-Aug-2010 |
jakllsch |
branches: 1.89.2; Make the EtherIP in IPv6 input path work. XXX: Figure out if we really need a separate protosw for IPv6.
|
Revision tags: uebayasi-xip-base2 yamt-nfs-mp-base10 uebayasi-xip-base1 yamt-nfs-mp-base9 uebayasi-xip-base
|
#
1.88 |
|
04-Feb-2010 |
joerg |
branches: 1.88.2; 1.88.4; Explicitly include opt_gateway.h when depending on GATEWAY.
|
Revision tags: matt-premerge-20091211 yamt-nfs-mp-base8 jym-xensuspend-nbase
|
#
1.87 |
|
11-Sep-2009 |
dyoung |
Make ifconfig(8) set and display preference numbers for IPv6 addresses. Make the kernel support SIOC[SG]IFADDRPREF for IPv6 interface addresses.
In in6ifa_ifpforlinklocal(), consult preference numbers before making an otherwise arbitrary choice of in6_ifaddr. Otherwise, preference numbers are *not* consulted by the kernel, but that will be rather easy for somebody with a little bit of free time to fix.
Please note that setting the preference number for a link-local IPv6 address does not work right, yet, but that ought to be fixed soon.
In support of the changes above,
1 Add a method to struct domain for "externalizing" a sockaddr, and provide an implementation for IPv6. Expect more work in this area: it may be more proper to say that the IPv6 implementation "internalizes" a sockaddr. Add sockaddr_externalize().
2 Add a subroutine, sofamily(), that returns a struct socket's address family or AF_UNSPEC.
3 Make a lot of IPv4-specific code generic, and move it from sys/netinet/ to sys/net/ for re-use by IPv6 parts of the kernel and ifconfig(8).
|
#
1.86 |
|
11-Sep-2009 |
dyoung |
Nothing uses sockaddr_in6_cmp() right now, and the generic sockaddr_cmp() is probably as fast or faster than calling sockaddr_in6_cmp() through a function pointer, so let's stop compiling it.
|
#
1.85 |
|
21-Aug-2009 |
tsutsui |
Fix error on kernels with options IPSEC without options IPSEC_ESP. Found on building evbppc/conf/PMPPC.
|
Revision tags: yamt-nfs-mp-base7 jymxensuspend-base yamt-nfs-mp-base6 yamt-nfs-mp-base5 yamt-nfs-mp-base4 yamt-nfs-mp-base3 nick-hppapmap-base4 nick-hppapmap-base3 jym-xensuspend-base nick-hppapmap-base
|
#
1.84 |
|
23-Mar-2009 |
liamjfoy |
Init ip6flow pool dynamically instead of using a linkset.
|
Revision tags: nick-hppapmap-base2 haad-dm-base2 haad-nbase2 ad-audiomp2-base haad-dm-base mjf-devfs2-base
|
#
1.83 |
|
25-Nov-2008 |
pooka |
branches: 1.83.4; Make dom_maxrtkey of inet/inet6domain the size of the ip_encap pack structures. This is far from optimal, but gets rid of iffy #ifdef INET in radix.c. The radix bonsai still needs lots of love before loading domains dynamically is possible...
|
Revision tags: netbsd-5-1-5-RELEASE netbsd-5-1-4-RELEASE netbsd-5-1-3-RELEASE netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE matt-nb5-mips64-premerge-20101231 netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 netbsd-5-base matt-mips64-base2 haad-dm-base1 wrstuden-revivesa-base-4 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 wrstuden-revivesa-base-1 simonb-wapbl-nbase yamt-pf42-base4 simonb-wapbl-base yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-base2 yamt-nfs-mp-base2 wrstuden-revivesa-base yamt-nfs-mp-base
|
#
1.82 |
|
24-Apr-2008 |
ad |
branches: 1.82.2; 1.82.8; 1.82.10; 1.82.12; Merge the socket locking patch:
- Socket layer becomes MP safe. - Unix protocols become MP safe. - Allows protocol processing interrupts to safely block on locks. - Fixes a number of race conditions.
With much feedback from matt@ and plunky@.
|
#
1.81 |
|
23-Apr-2008 |
thorpej |
Make IPSEC and FAST_IPSEC stats per-cpu. Use <net/net_stats.h> and netstat_sysctl().
|
Revision tags: yamt-pf42-baseX yamt-pf42-base
|
#
1.80 |
|
15-Apr-2008 |
thorpej |
branches: 1.80.2; Make pim6 stats per-cpu.
|
Revision tags: ad-socklock-base1 yamt-lazymbuf-base15 yamt-lazymbuf-base14 keiichi-mipv6-nbase nick-net80211-sync-base keiichi-mipv6-base bouyer-xeni386-merge1 vmlocking2-base3 bouyer-xeni386-nbase yamt-kmem-base3 cube-autoconf-base yamt-kmem-base2 bouyer-xeni386-base yamt-kmem-base vmlocking2-base2 reinoud-bufcleanup-nbase vmlocking2-base1 matt-armv6-nbase jmcneill-base mjf-devfs-base bouyer-xenamd64-base2 vmlocking-nbase yamt-x86pmap-base4 bouyer-xenamd64-base yamt-x86pmap-base3 yamt-x86pmap-base2 yamt-x86pmap-base matt-armv6-base jmcneill-pm-base hpcarm-cleanup-base reinoud-bufcleanup-base vmlocking-base
|
#
1.79 |
|
19-Sep-2007 |
dyoung |
branches: 1.79.16; 1.79.20; 1) Introduce a new socket option, (SOL_SOCKET, SO_NOHEADER), that tells a socket that it should both add a protocol header to tx'd datagrams and remove the header from rx'd datagrams:
int onoff = 1, s = socket(...); setsockopt(s, SOL_SOCKET, SO_NOHEADER, &onoff);
2) Add an implementation of (SOL_SOCKET, SO_NOHEADER) for raw IPv4 sockets.
3) Reorganize the protocols' pr_ctloutput implementations a bit. Consistently return ENOPROTOOPT when an option is unsupported, and EINVAL if a supported option's arguments are incorrect. Reorganize the flow of code so that it's more clear how/when options are passed down the stack until they are handled.
Shorten some pr_ctloutput staircases for readability.
4) Extract common mbuf code into subroutines, add new sockaddr methods, and introduce a new subroutine, fsocreate(), for reuse later; use it first in sys_socket():
struct mbuf *m_getsombuf(struct socket *so)
Create an mbuf and make its owner the socket `so'.
struct mbuf *m_intopt(struct socket *so, int val)
Create an mbuf, make its owner the socket `so', put the int `val' into it, and set its length to sizeof(int).
int fsocreate(..., int *fd)
Create a socket, a la socreate(9), put the socket into the given LWP's descriptor table, return the descriptor at `fd' on success.
void *sockaddr_addr(struct sockaddr *sa, socklen_t *slenp) const void *sockaddr_const_addr(const struct sockaddr *sa, socklen_t *slenp)
Extract a pointer to the address part of a sockaddr. Write the length of the address part at `slenp', if `slenp' is not NULL.
socklen_t sockaddr_getlen(const struct sockaddr *sa)
Return the length of a sockaddr. This just evaluates to sa->sa_len. I only add this for consistency with code that appears in a portable userland library that I am going to import.
const struct sockaddr *sockaddr_any(const struct sockaddr *sa)
Return the "don't care" sockaddr in the same family as `sa'. This is the address a client should sobind(9) if it does not care the source address and, if applicable, the port et cetera that it uses.
const void *sockaddr_anyaddr(const struct sockaddr *sa, socklen_t *slenp)
Return the "don't care" sockaddr in the same family as `sa'. This is the address a client should sobind(9) if it does not care the source address and, if applicable, the port et cetera that it uses.
|
Revision tags: nick-csl-alignment-base5
|
#
1.78 |
|
30-Aug-2007 |
dyoung |
Use malloc(9) for sockaddrs instead of pool(9), and remove dom_sa_pool and dom_sa_len members from struct domain. Pools of fixed-size objects are too rigid for sockaddr_dls, whose size can vary over a wide range.
Return sockaddr_dl to its "historical" size. Now that I'm using malloc(9) instead of pool(9) to allocate sockaddr_dl, I can create a sockaddr_dl of any size in the kernel, so expanding sockaddr_dl is useless.
Avoid using sizeof(struct sockaddr_dl) in the kernel.
Introduce sockaddr_dl_alloc() for allocating & initializing an arbitrary sockaddr_dl on the heap.
Add an argument, the sockaddr length, to sockaddr_alloc(), sockaddr_copy(), and sockaddr_dl_setaddr().
Constify: LLADDR() -> CLLADDR().
Where the kernel overwrites LLADDR(), use sockaddr_dl_setaddr(), instead. Used properly, sockaddr_dl_setaddr() will not overrun the end of the sockaddr.
|
Revision tags: matt-mips64-base nick-csl-alignment-base yamt-idlelwp-base8 mjf-ufs-trans-base
|
#
1.77 |
|
06-May-2007 |
dyoung |
branches: 1.77.2; 1.77.6; 1.77.8; In AppleTalk, IPv4, and IPv6 routing domains, help sockaddr_cmp() avoid an indirect function call by comparing the family, length, and bytes [dom->dom_sa_cmpofs, dom->dom_sa_cmpofs + dom->dom_sa_cmplen), corresponding to the the sockaddrs' "address" members.
For ISO, actually use sockaddr_iso_cmp, for a change. Thanks to yamt@ for pointing out my error.
|
#
1.76 |
|
02-May-2007 |
dyoung |
Eliminate address family-specific route caches (struct route, struct route_in6, struct route_iso), replacing all caches with a struct route.
The principle benefit of this change is that all of the protocol families can benefit from route cache-invalidation, which is necessary for correct routing. Route-cache invalidation fixes an ancient PR, kern/3508, at long last; it fixes various other PRs, also.
Discussions with and ideas from Joerg Sonnenberger influenced this work tremendously. Of course, all design oversights and bugs are mine.
DETAILS
1 I added to each address family a pool of sockaddrs. I have introduced routines for allocating, copying, and duplicating, and freeing sockaddrs:
struct sockaddr *sockaddr_alloc(sa_family_t af, int flags); struct sockaddr *sockaddr_copy(struct sockaddr *dst, const struct sockaddr *src); struct sockaddr *sockaddr_dup(const struct sockaddr *src, int flags); void sockaddr_free(struct sockaddr *sa);
sockaddr_alloc() returns either a sockaddr from the pool belonging to the specified family, or NULL if the pool is exhausted. The returned sockaddr has the right size for that family; sa_family and sa_len fields are initialized to the family and sockaddr length---e.g., sa_family = AF_INET and sa_len = sizeof(struct sockaddr_in). sockaddr_free() puts the given sockaddr back into its family's pool.
sockaddr_dup() and sockaddr_copy() work analogously to strdup() and strcpy(), respectively. sockaddr_copy() KASSERTs that the family of the destination and source sockaddrs are alike.
The 'flags' argumet for sockaddr_alloc() and sockaddr_dup() is passed directly to pool_get(9).
2 I added routines for initializing sockaddrs in each address family, sockaddr_in_init(), sockaddr_in6_init(), sockaddr_iso_init(), etc. They are fairly self-explanatory.
3 structs route_in6 and route_iso are no more. All protocol families use struct route. I have changed the route cache, 'struct route', so that it does not contain storage space for a sockaddr. Instead, struct route points to a sockaddr coming from the pool the sockaddr belongs to. I added a new method to struct route, rtcache_setdst(), for setting the cache destination:
int rtcache_setdst(struct route *, const struct sockaddr *);
rtcache_setdst() returns 0 on success, or ENOMEM if no memory is available to create the sockaddr storage.
It is now possible for rtcache_getdst() to return NULL if, say, rtcache_setdst() failed. I check the return value for NULL everywhere in the kernel.
4 Each routing domain (struct domain) has a list of live route caches, dom_rtcache. rtflushall(sa_family_t af) looks up the domain indicated by 'af', walks the domain's list of route caches and invalidates each one.
|
Revision tags: thorpej-atomic-base
|
#
1.75 |
|
07-Mar-2007 |
liamjfoy |
branches: 1.75.2; 1.75.4; Add IPv6 Fast Forward - the IPv4 counterpart:
If ip6_forward successfully forwards a packet, a cache, in this case a ip6flow struct entry, will be created. ether_input and friends will then be able to call ip6flow_fastforward with the packet which will then be passed to if_output (unless an issue is found - in that case the packet is passed back to ip6_input).
ok matt@ christos@ dyoung@ and joerg@
|
#
1.74 |
|
06-Mar-2007 |
liamjfoy |
Fix some style issues - no functional change
|
#
1.73 |
|
27-Feb-2007 |
degroote |
Initialize fast_ipsec entry in the protocol switch with structure initializers as other entries.
|
Revision tags: ad-audiomp-base
|
#
1.72 |
|
19-Feb-2007 |
dyoung |
Initialize protocol switch with structure initializers.
|
#
1.71 |
|
17-Feb-2007 |
dyoung |
0 -> NULL
|
#
1.70 |
|
10-Feb-2007 |
degroote |
branches: 1.70.2; Commit my SoC work Add ipv6 support for fast_ipsec Note that currently, packet with extensions headers are not correctly supported Change the ipcomp logic
|
Revision tags: post-newlock2-merge newlock2-nbase yamt-splraiseipl-base5 yamt-splraiseipl-base4 yamt-splraiseipl-base3 newlock2-base
|
#
1.69 |
|
09-Dec-2006 |
dyoung |
Here are various changes designed to protect against bad IPv4 routing caused by stale route caches (struct route). Route caches are sprinkled throughout PCBs, the IP fast-forwarding table, and IP tunnel interfaces (gre, gif, stf).
Stale IPv6 and ISO route caches will be treated by separate patches.
Thank you to Christoph Badura for suggesting the general approach to invalidating route caches that I take here.
Here are the details:
Add hooks to struct domain for tracking and for invalidating each domain's route caches: dom_rtcache, dom_rtflush, and dom_rtflushall.
Introduce helper subroutines, rtflush(ro) for invalidating a route cache, rtflushall(family) for invalidating all route caches in a routing domain, and rtcache(ro) for notifying the domain of a new cached route.
Chain together all IPv4 route caches where ro_rt != NULL. Provide in_rtcache() for adding a route to the chain. Provide in_rtflush() and in_rtflushall() for invalidating IPv4 route caches. In in_rtflush(), set ro_rt to NULL, and remove the route from the chain. In in_rtflushall(), walk the chain and remove every route cache.
In rtrequest1(), call rtflushall() to invalidate route caches when a route is added.
In gif(4), discard the workaround for stale caches that involves expiring them every so often.
Replace the pattern 'RTFREE(ro->ro_rt); ro->ro_rt = NULL;' with a call to rtflush(ro).
Update ipflow_fastforward() and all other users of route caches so that they expect a cached route, ro->ro_rt, to turn to NULL.
Take care when moving a 'struct route' to rtflush() the source and to rtcache() the destination.
In domain initializers, use .dom_xxx tags.
KNF here and there.
|
Revision tags: netbsd-4-base
|
#
1.68 |
|
23-Nov-2006 |
rpaulo |
branches: 1.68.2; 1.68.4; New EtherIP driver based on tap(4) and gif(4) by Hans Rosenfeld. Notable changes: * Fixes PR 34268. * Separates the code from gif(4) (which is more cleaner). * Allows the usage of STP (Spanning Tree Protocol). * Removed EtherIP implementation from gif(4)/tap(4).
Some input from Christos.
|
Revision tags: yamt-splraiseipl-base2
|
#
1.67 |
|
10-Oct-2006 |
dogcow |
change the MOWNER_INIT define to take two args; fix extant struct mowner decls to use it. Makes options MBUFTRACE compile again and not whinge about missing structure declarations. (Also makes initialization consistent.)
|
Revision tags: yamt-splraiseipl-base yamt-pdpolicy-base9 yamt-pdpolicy-base8 rpaulo-netinet-merge-pcb-base
|
#
1.66 |
|
30-Aug-2006 |
christos |
branches: 1.66.2; 1.66.4; add missing initializers
|
#
1.65 |
|
28-Aug-2006 |
christos |
remove extra members
|
#
1.64 |
|
25-Aug-2006 |
matt |
One step closer to loadable domains. Store pointers to a domain's soft interrupt queues so if_detach can remove packets to removed interfaces from them. This eliminates a lot of conditional ugly code in if.c
|
Revision tags: abandoned-netbsd-4-base yamt-pdpolicy-base7 yamt-pdpolicy-base6 chap-midi-nbase gdamore-uart-base yamt-pdpolicy-base5 chap-midi-base simonb-timecounters-base
|
#
1.63 |
|
18-May-2006 |
liamjfoy |
Integrate Common Address Redundancy Procotol (CARP) from OpenBSD
'pseudo-device carp'
Thanks to: joerg@ christos@ riz@ and others who tested Ok: core@
|
Revision tags: yamt-pdpolicy-base4 yamt-pdpolicy-base3 peter-altq-base yamt-pdpolicy-base2 elad-kernelauth-base
|
#
1.62 |
|
05-Mar-2006 |
rpaulo |
branches: 1.62.4; NDP-related improvements: RFC4191 - supports host-side router-preference
RFC3542 - if DAD fails on a interface, disables IPv6 operation on the interface - don't advertise MLD report before DAD finishes
Others - fixes integer overflow for valid and preferred lifetimes - improves timer granularity for MLD, using callout-timer. - reflects rtadvd's IPv6 host variable information into kernel (router only) - adds a sysctl option to enable/disable pMTUd for multicast packets - performs NUD on PPP/GRE interface by default - Redirect works regardless of ip6_accept_rtadv - removes RFC1885-related code
From the KAME project via SUZUKI Shinsuke. Reviewed by core.
|
Revision tags: yamt-pdpolicy-base yamt-uio_vmspace-base5
|
#
1.61 |
|
11-Dec-2005 |
christos |
branches: 1.61.4; 1.61.6; 1.61.8; merge ktrace-lwp.
|
Revision tags: yamt-readahead-base3 yamt-readahead-base2 yamt-readahead-pervnode yamt-readahead-perfile yamt-readahead-base yamt-vop-base3 yamt-vop-base2 thorpej-vnode-attr-base yamt-vop-base ktrace-lwp-base
|
#
1.60 |
|
19-Jul-2005 |
gdt |
Add PR_PURGEIF flag for protocols to indicate that the protocol might store a struct ifnet *, and define it for udp/tcp/rawip for INET and INET6. When deleting a struct ifnet, invoke PRU_PURGEIF on all protocols marked with PR_PURGEIF. Closes PR kern/29580 (mine).
|
#
1.59 |
|
29-May-2005 |
christos |
branches: 1.59.2; - avoid shadowed variables - sprinkle const.
|
Revision tags: yamt-km-base4 yamt-km-base3 netbsd-3-base yamt-km-base2 yamt-km-base kent-audio2-base
|
#
1.58 |
|
23-Jan-2005 |
matt |
branches: 1.58.6; Change initialzie of domains to use link sets. Switch to using STAILQ. Add a convenience macro DOMAIN_FOREACH to interate through the domain.
|
Revision tags: kent-audio1-beforemerge kent-audio1-base
|
#
1.57 |
|
22-Apr-2004 |
matt |
branches: 1.57.4; Constify protosw arrays. This can reduce the kernel .data section by over 4K (if all the network protocols) are loaded.
|
Revision tags: netbsd-2-0-3-RELEASE netbsd-2-1-RELEASE netbsd-2-1-RC6 netbsd-2-1-RC5 netbsd-2-1-RC4 netbsd-2-1-RC3 netbsd-2-1-RC2 netbsd-2-1-RC1 netbsd-2-0-2-RELEASE netbsd-2-0-1-RELEASE netbsd-2-base netbsd-2-0-RELEASE netbsd-2-0-RC5 netbsd-2-0-RC4 netbsd-2-0-RC3 netbsd-2-0-RC2 netbsd-2-0-RC1 netbsd-2-0-base
|
#
1.56 |
|
04-Dec-2003 |
atatat |
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(), vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all nodes are registered with the tree, and nodes can be added (or removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to number (and back again) can now be discovered, instead of having to be hard coded. Adding new nodes to the tree is likewise much simpler -- the new infrastructure handles almost all the work for simple types, and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking), so all existing consumers of sysctl information should notice no difference.
PS - I'm sorry, but there's a distinct lack of documentation at the moment. I'm working on sysctl(3/8/9) right now, and I promise to watch out for buses.
|
#
1.55 |
|
03-Nov-2003 |
briggs |
Revert the change in default value of ipv6_v6only. Further discussion on this topic is required. It should be reintroduced and pursued in the IETF.
|
#
1.54 |
|
28-Oct-2003 |
briggs |
Toggle the default value of ip6_v6only. Also provide a sample sysctl to retain the existing behavior.
|
#
1.53 |
|
06-Sep-2003 |
itojun |
randomize IPv4/v6 fragment ID and IPv6 flowlabel. avoids predictability of these fields. ip_id.c is from openbsd. ip6_id.c is adapted by kame.
|
#
1.52 |
|
05-Sep-2003 |
itojun |
call tcp_drain() if IPv4-less kernel
|
#
1.51 |
|
04-Sep-2003 |
itojun |
revamp inpcb/in6pcb so that they are more aligned with each other. in6pcb lookup now uses hash(9).
|
#
1.50 |
|
14-Aug-2003 |
itojun |
enforce ipsec policy on raw wildcard.
|
#
1.49 |
|
07-Aug-2003 |
agc |
Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22364, verified by myself.
|
#
1.48 |
|
07-Aug-2003 |
itojun |
make net.inet6.ip6.redirect actually work. from Tomoyuki Sahara via kame
|
#
1.47 |
|
17-Apr-2003 |
thorpej |
branches: 1.47.2; Protect the definition of offsetof().
|
Revision tags: nathanw_sa_before_merge fvdl_fs64_base gmcgarry_ctxsw_base gmcgarry_ucred_base nathanw_sa_base
|
#
1.46 |
|
11-Nov-2002 |
itojun |
pmtu_probe is not used anywhere (it is used in KAME TCP6-only code). From: Krister Walfridsson <cato@df.lth.se>
|
Revision tags: kqueue-aftermerge kqueue-beforemerge gehenna-devsw-base kqueue-base
|
#
1.45 |
|
20-Aug-2002 |
itojun |
sync up use_deprecated handling with latest kame. - bind(deprecated) is allowed, trusting userland app is doing the right thing - use_deprecated default to 1
|
#
1.44 |
|
17-Aug-2002 |
itojun |
set default value for use_deprecated to 0, to avoid consequences with ftpd.
|
#
1.43 |
|
09-Jun-2002 |
itojun |
whitespace cleanup
|
#
1.42 |
|
08-Jun-2002 |
itojun |
whitespace cleanup
|
#
1.41 |
|
29-May-2002 |
itojun |
move per-interface ip6/icmp6 stat to ifnet->if_afdata. sync w/kame
|
#
1.40 |
|
28-May-2002 |
itojun |
limit number of IPv6 fragments (not the fragment queue size) to fight against lots-of-frags DoS attacks. sync w/kame
|
Revision tags: netbsd-1-6-RC1 netbsd-1-6-base eeh-devprop-base
|
#
1.39 |
|
15-Mar-2002 |
itojun |
branches: 1.39.4; 1.39.6; have tcp6_drain
|
Revision tags: newlock-base ifpoll-base
|
#
1.38 |
|
21-Dec-2001 |
itojun |
call encap6_ctlinput on icmp6 against tunnelled packet. sync w/kame
|
#
1.37 |
|
21-Dec-2001 |
itojun |
use radix table for inbound tunnel lookup (would increase performance for machines with a lot of tunnels). update route cache for IPvX-over-IPv6 tunnel on path MTU discovery. snyc with kame
|
#
1.36 |
|
21-Dec-2001 |
itojun |
move in6_gif_hlim decl to in6_gif.c. sync with kame
|
#
1.35 |
|
21-Dec-2001 |
itojun |
move protosw fragment for gif/stf to their own source code. reduce #ifdef in stf code. sync with kame
|
#
1.34 |
|
13-Nov-2001 |
lukem |
add RCSIDs
|
Revision tags: thorpej-mips-cache-base
|
#
1.33 |
|
24-Oct-2001 |
itojun |
no tcp_fasttimo any more. PR 14333
|
#
1.32 |
|
24-Oct-2001 |
itojun |
more whitespace sync with kame
|
#
1.31 |
|
16-Oct-2001 |
itojun |
branches: 1.31.2; remove unused #define. sync whitespace/comment with kame.
|
#
1.30 |
|
15-Oct-2001 |
itojun |
implement IPV6_V6ONLY socket option from draft-ietf-ipngwg-rfc2553bis-03.txt. IPV6_BINDV6ONLY (netbsd only) is deprecated, but still work just like before.
|
Revision tags: thorpej-devvp-base3 thorpej-devvp-base2 post-chs-ubcperf pre-chs-ubcperf thorpej-devvp-base thorpej_scsipi_beforemerge thorpej_scsipi_nbase thorpej_scsipi_base
|
#
1.29 |
|
21-Mar-2001 |
thorpej |
branches: 1.29.2; Add a protosw flag, PR_ABRTACPTDIS (Abort on Accept of Disconnected Socket), and add it to the protocols that use that behavior (all PR_LISTEN protocols except for PF_LOCAL stream sockets).
|
#
1.28 |
|
01-Mar-2001 |
itojun |
branches: 1.28.2; make sure to enforce inbound ipsec policy checking, for any protocols on top of ip (check it when final header is visited). sync with kame. XXX kame team will need to re-check policy engine code
|
#
1.27 |
|
21-Feb-2001 |
itojun |
need PR_ADDR|PR_ATOMIC for IPPROTO_EON. fix typo. from chopps, sync with kame
|
#
1.26 |
|
20-Feb-2001 |
itojun |
ISO over IPv4/v6 by EON encapsulation. from chopps, sync with kame.
|
#
1.25 |
|
11-Feb-2001 |
itojun |
pull latest kame pcbnotify code. synchronizes ICMPv6 path mtu discovery behavior with other protocols (i.e. validation, use of hiwat/lowat).
|
#
1.24 |
|
11-Feb-2001 |
itojun |
whitespace sync with kame
|
#
1.23 |
|
19-Oct-2000 |
itojun |
remove #ifdef TCP6. it is not likely for us to bring in sys/netinet6/tcp6*.c (separate TCP/IPv6 stack) into netbsd-current.
|
#
1.22 |
|
18-Oct-2000 |
itojun |
verify ICMPv6 too big messages based on TCP pcbs, and/or IPsec SA. TODO: udp6, and sendto consideration. as pmtud is mandatory for IPv6, it is rather important for us to support those cases. TODO: more testing TODO: kame sync
|
#
1.21 |
|
10-Oct-2000 |
itojun |
sync with kame ($KAME$)
|
#
1.20 |
|
10-Oct-2000 |
enami |
Don't initialize TCP twice on v4/v6 dual stack kernel.
|
#
1.19 |
|
28-Jul-2000 |
itojun |
nuke the following sysctl variables. "ppsratelimit" should work better. need to recompile sbin/sysctl after updating /usr/include. net.inet.tcp.rstratelimit net.inet.icmp.errratelimit net.inet6.icmp6.errratelimit
|
#
1.18 |
|
06-Jul-2000 |
itojun |
- do not use bitfield for router renumbering header. - add protection mechanism against ND cache corruption due to bad NUD hints. - more stats - icmp6 pps limitation. TOOD: should implement ppsratecheck(9).
|
Revision tags: netbsd-1-5-ALPHA2 netbsd-1-5-base minoura-xpg4dl-base
|
#
1.17 |
|
19-Apr-2000 |
itojun |
branches: 1.17.4; introduce sys/netinet/ip_encap.c, to dispatch inbound packets to protocol handlers, based on src/dst (for ip proto #4/41). see comment in ip_encap.c for details of the problem we have. there are too many protocol specs for ip proto #4/41. backward compatibility with MROUTING case is now provided in ip_encap.c.
fix ipip to work with gif (using ip_encap.c). sorry for breakage.
gif now uses ip_encap.c.
introduce stf pseudo interface (implements 6to4, another IPv6-over-IPv4 code with ip proto #41).
|
#
1.16 |
|
26-Feb-2000 |
itojun |
implement rip6_ctlinput, to cope with routing changes correctly. (IMHO we need rip_ctlinput as well)
|
#
1.15 |
|
26-Feb-2000 |
itojun |
make it possible to throw IPv6 packet with proto=4/41. (in normal case we don't do it, but this is how IPv4 in_proto is written)
|
#
1.14 |
|
14-Feb-2000 |
thorpej |
Use ratecheck() for ICMP6 rate limiting.
|
Revision tags: chs-ubc2-newbase
|
#
1.13 |
|
06-Feb-2000 |
itojun |
fix include pathname for better rfc2292 compliance.
|
#
1.12 |
|
06-Jan-2000 |
itojun |
remove extra portability #ifdef (like #ifdef __FreeBSD__) in KAME IPv6/IPsec code, from netbsd-current repository. #ifdef'ed version is always available from ftp.kame.net.
XXX please do not make too many diff-unfriendly changes, we'll need to take bunch of diffs on upgrade...
|
#
1.11 |
|
06-Jan-2000 |
itojun |
make IPV6_BINDV6ONLY setsockopt available. it controls behavior of AF_INET6 wildcard listening socket. heavily documented in ip6(4). net.inet6.ip6.bindv6only defines default value. default is 1.
"options INET6_BINDV6ONLY" removes any code fragment that supports IPV6_BINDV6ONLY == 0 case (not defopt'ed as use of this is rare).
|
#
1.10 |
|
02-Jan-2000 |
itojun |
add net.inet6.icmp6.nodeinfo sysctl. this allows you to disable/enable ICMPv6 node information query/reply processing (which tells remote end the gethostname(3) setting, interface addresses on the node, and some other things - documented in draft-ietf-ipngwg-icmp-name-lookup* or something alike).
to test it, try ping6 -w ::1 with nodeinfo=0 and nodeinfo=1. (sync with kame change)
|
Revision tags: wrstuden-devbsize-19991221 wrstuden-devbsize-base
|
#
1.9 |
|
13-Dec-1999 |
itojun |
sync IPv6 part with latest KAME tree. IPsec part is left unmodified due to massive changes in KAME side. - IPv6 output goes through nd6_output - faith can capture IPv4 packets as well - you can run IPv4-to-IPv6 translator using heavily modified DNS servers - per-interface statistics (required for IPv6 MIB) - interface autoconfig is revisited - udp input handling has a big change for mapped address support. - introduce in4_cksum() for non-overwriting checksumming - introduce m_pulldown() - neighbor discovery cleanups/improvements - netinet/in.h strictly conforms to RFC2553 (no extra defs visible to userland) - IFA_STATS is fixed a bit (not tested) - and more more more.
TODO: - cleanup os-independency #ifdef - avoid rcvif dual use (for IPsec) to help ifdetach
(sorry for jumbo commit, I can't separate this any more...)
|
Revision tags: comdex-fall-1999-base fvdl-softdep-base chs-ubc2-base
|
#
1.8 |
|
31-Jul-1999 |
itojun |
branches: 1.8.2; 1.8.8; sync with recent KAME. - loosen ipsec restriction on packet diredtion. - revise icmp6 redirect handling on IsRouter bit. - tcp/udp notification processing (link-local address case) - cosmetic fixes (better code share across *BSD).
|
#
1.7 |
|
30-Jul-1999 |
itojun |
remove reference to in6_systm.h (file itself will be removed afterwords)
|
#
1.6 |
|
27-Jul-1999 |
explorer |
Fix a problem where tcp_slowtimo was called twice, once for ipv4 tcp and once for ipv6. This patch makes the ipv6 case pass NULLs in for fast and slow timeouts iff defined(INET) and passes in the right function if !defined(INET).
Reveiwed by itojun@iijlab.net.
|
#
1.5 |
|
22-Jul-1999 |
itojun |
change unnecessary u_long/long into u_int32_t or something relevant. more fixes should follow.
|
#
1.4 |
|
09-Jul-1999 |
thorpej |
defopt IPSEC and IPSEC_ESP (both into opt_ipsec.h).
|
#
1.3 |
|
03-Jul-1999 |
thorpej |
RCS ID police.
|
#
1.2 |
|
01-Jul-1999 |
itojun |
branches: 1.2.2; IPv6 kernel code, based on KAME/NetBSD 1.4, SNAP kit 19990628. (Sorry for a big commit, I can't separate this into several pieces...) Pls check sys/netinet6/TODO and sys/netinet6/IMPLEMENTATION for details.
- sys/kern: do not assume single mbuf, accept chained mbuf on passing data from userland to kernel (or other way round). - "midway" ATM card: ATM PVC pseudo device support, like those done in ALTQ package (ftp://ftp.csl.sony.co.jp/pub/kjc/). - sys/netinet/tcp*: IPv4/v6 dual stack tcp support. - sys/netinet/{ip6,icmp6}.h, sys/net/pfkeyv2.h: IETF document assumes those file to be there so we patch it up. - sys/netinet: IPsec additions are here and there. - sys/netinet6/*: most of IPv6 code sits here. - sys/netkey: IPsec key management code - dev/pci/pcidevs: regen
In my understanding no code here is subject to export control so it should be safe.
|
#
1.1 |
|
28-Jun-1999 |
itojun |
branches: 1.1.2; file in6_proto.c was initially added on branch kame.
|
#
1.130 |
|
24-Oct-2022 |
knakahara |
Fix PR kern/57037
Be able to change the behavior sending parameter changing routing messages. When set net.inet6.ip6.param_rt_msg=0, don't send parameter changing routing messages. When set net.inet6.ip6.param_rt_msg=1(default), send parameter changing routing messages by RTM_NEWADDR.
|
Revision tags: bouyer-sunxi-drm-base
|
#
1.129 |
|
03-Sep-2022 |
thorpej |
Garbage-collect everything related to struct domain::dom_ifqueues (except dom_ifqueues itself, until the next kernel version bump). It's no longer used now that nothing uses the legacy netisr mechanism.
|
Revision tags: thorpej-i2c-spi-conf2-base thorpej-futex2-base thorpej-cfargs2-base cjep_sun2x-base1 cjep_sun2x-base cjep_staticlib_x-base1 cjep_staticlib_x-base thorpej-i2c-spi-conf-base thorpej-cfargs-base thorpej-futex-base
|
#
1.128 |
|
12-Jun-2020 |
roy |
Remove in-kernel handling of Router Advertisements
This is much better handled by a user-land tool. Proposed on tech-net here: https://mail-index.netbsd.org/tech-net/2020/04/22/msg007766.html
Note that the ioctl SIOCGIFINFO_IN6 no longer sets flags. That now needs to be done using the pre-existing SIOCSIFINFO_FLAGS ioctl.
Compat is fully provided where it makes sense, but trying to turn on RA handling will obviously throw an error as it no longer exists.
Note that if you use IPv6 temporary addresses, this now needs to be turned on in dhcpcd.conf(5) rather than in sysctl.conf(5).
|
Revision tags: bouyer-xenpvh-base2
|
#
1.127 |
|
24-Apr-2020 |
jakllsch |
Fill in .pr_usrreqs for SOCK_SEQPACKET and SOCK_STREAM variants of SCTP too.
This should allow these socket types of SCTP to operate on IPv6 family sockets, as .pr_usrreqs must not be NULL for socreate() to succeed.
|
Revision tags: netbsd-9-3-RELEASE netbsd-9-2-RELEASE netbsd-9-1-RELEASE phil-wifi-20200421 bouyer-xenpvh-base1 phil-wifi-20200411 bouyer-xenpvh-base is-mlppp-base phil-wifi-20200406 ad-namecache-base3 netbsd-9-0-RELEASE netbsd-9-0-RC2 ad-namecache-base2 ad-namecache-base1 ad-namecache-base netbsd-9-0-RC1 phil-wifi-20191119 netbsd-9-base phil-wifi-20190609 isaki-audio2-base pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906
|
#
1.126 |
|
14-Aug-2018 |
maxv |
branches: 1.126.10; Retire EtherIP, we have L2TP instead.
|
Revision tags: pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521
|
#
1.125 |
|
11-May-2018 |
roy |
branches: 1.125.2; Increase the default size of some receive buffers from 8k to 16k. This mitigates recent reports of socket overflow errors and fixes PR bin/53247.
|
#
1.124 |
|
03-May-2018 |
maxv |
Remove now unused tcpip.h includes. Some were already unused before.
|
#
1.123 |
|
03-May-2018 |
maxv |
Remove net_osdep.h completely.
|
Revision tags: pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315
|
#
1.122 |
|
15-Mar-2018 |
maxv |
Add the PR_LASTHDR flag on the PFsync and CARP entries. Otherwise a "require" IPsec policy is not enforced on them, and unauthenticated packets will be accepted.
Tested with a require-AH configuration. Sent on tech-net@, no comment.
|
Revision tags: pgoyette-compat-base
|
#
1.121 |
|
07-Feb-2018 |
maxv |
branches: 1.121.2; Style, and localify IPV6FORWARDING. No functional change.
|
#
1.120 |
|
07-Feb-2018 |
maxv |
Change ip6_hdrnestlimit to be 15 instead of 50. I couldn't find any reference in RFCs about what a correct limit should be, but FreeBSD already uses 15.
If an IPv6 packet has 50 options, there is clearly something wrong with it.
|
Revision tags: tls-maxphys-base-20171202
|
#
1.119 |
|
27-Sep-2017 |
ozaki-r |
Take softnet_lock on pr_input properly if NET_MPSAFE
Currently softnet_lock is taken unnecessarily in some cases, e.g., icmp_input and encap4_input from ip_input, or not taken even if needed, e.g., udp_input and tcp_input from ipsec4_common_input_cb. Fix them.
NFC if NET_MPSAFE is disabled (default).
|
#
1.118 |
|
21-Sep-2017 |
ozaki-r |
Invalidate rtcache based on a global generation counter
The change introduces a global generation counter that is incremented when any routes have been added or deleted. When a rtcache caches a rtentry into itself, it also stores a snapshot of the generation counter. If the snapshot equals to the global counter, the cache is still valid, otherwise invalidated.
One drawback of the change is that all rtcaches of all protocol families are invalidated when any routes of any protocol families are added or deleted. If that matters, we should have separate generation counters based on protocol families.
This change removes LIST_ENTRY from struct route, which fixes a part of PR kern/52515.
|
Revision tags: nick-nhusb-base-20170825 perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1
|
#
1.117 |
|
14-Apr-2017 |
ozaki-r |
branches: 1.117.4; Rumpify netipsec
Note that we should modularize netipsec and reduce reverse symbol references (referencing symbols of netipsec from net, netinet and netinet6) though, the task needs lots of code changes. Prior to doing so, rumpifying it and having ATF tests should be useful.
|
Revision tags: jdolecek-ncq-base pgoyette-localcount-20170320
|
#
1.116 |
|
16-Feb-2017 |
knakahara |
add l2tp(4) L2TPv3 interface.
originally implemented by IIJ SEIL team.
|
#
1.115 |
|
13-Feb-2017 |
ozaki-r |
Protect mtudisc and redirect stuffs of icmp/icmp6 with mutex
We have to run pr_init of icmp and icmp6 prior to tcp and tcp6 ones for mutex initialization.
|
Revision tags: nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107
|
#
1.114 |
|
13-Dec-2016 |
ozaki-r |
branches: 1.114.2; Remove unnecessary inclusions of nd6.h
|
Revision tags: nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907
|
#
1.113 |
|
06-Jul-2016 |
ozaki-r |
branches: 1.113.2; Move in6_ifaddr_list to a more proper place (from ip6_input.c to in6.c)
It's a similar place as the IPv4 address list, i.e., in.c.
More varibles will join together.
|
Revision tags: nick-nhusb-base-20160529
|
#
1.112 |
|
26-Apr-2016 |
ozaki-r |
Sweep unnecessary route.h inclusions
|
Revision tags: nick-nhusb-base-20160422
|
#
1.111 |
|
11-Apr-2016 |
ozaki-r |
Sweep unncessary radix.h inclusions
|
Revision tags: nick-nhusb-base-20160319
|
#
1.110 |
|
21-Jan-2016 |
riastradh |
Revert previous: ran cvs commit when I meant cvs diff. Sorry!
Hit up-arrow one too few times.
|
#
1.109 |
|
21-Jan-2016 |
riastradh |
Give proper prototype to ip_output.
|
#
1.108 |
|
20-Jan-2016 |
riastradh |
Eliminate struct protosw::pr_output.
You can't use this unless you know what it is a priori: the formal prototype is variadic, and the different instances (e.g., ip_output, route_output) have different real prototypes.
Convert the only user of it, raw_send in net/raw_cb.c, to take an explicit callback argument. Convert the only instances of it, route_output and key_output, to such explicit callbacks for raw_send. Use assertions to make sure the conversion to explicit callbacks is warranted.
Discussed on tech-net with no objections: https://mail-index.netbsd.org/tech-net/2016/01/16/msg005484.html
|
Revision tags: nick-nhusb-base-20151226
|
#
1.107 |
|
13-Oct-2015 |
rjs |
Add core networking support for SCTP.
|
Revision tags: nick-nhusb-base-20150921
|
#
1.106 |
|
24-Aug-2015 |
pooka |
sprinkle _KERNEL_OPT
|
Revision tags: nick-nhusb-base-20150606
|
#
1.105 |
|
22-Apr-2015 |
roy |
Move INET6 specific in6_if_{up,down}() and in6_if_link_{up,down}() into agnostic domain functions.
|
Revision tags: nick-nhusb-base-20150406
|
#
1.104 |
|
10-Feb-2015 |
rjs |
Add DCCP protocol support from KAME.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.103 |
|
05-Jun-2014 |
rmind |
branches: 1.103.4; - Implement pktqueue interface for lockless IP input queue. - Replace ipintrq and ip6intrq with the pktqueue mechanism. - Eliminate kernel-lock from ipintr() and ip6intr(). - Some preparation work to push softnet_lock out of ipintr().
Discussed on tech-net.
|
#
1.102 |
|
22-May-2014 |
rmind |
Move udp6_input(), udp6_sendup(), udp6_realinput() and udp6_input_checksum() from udp_usrreq.c to udp6_usrreq.c where they belong. No functional change.
|
Revision tags: rmind-smpnet-nbase rmind-smpnet-base
|
#
1.101 |
|
18-May-2014 |
rmind |
Add struct pr_usrreqs with a pr_generic function and prepare for the dismantling of pr_usrreq in the protocols; no functional change intended. PRU_ATTACH/PRU_DETACH changes will follow soon.
Bump for struct protosw. Welcome to 6.99.62!
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3
|
#
1.100 |
|
02-Jan-2014 |
pooka |
branches: 1.100.2; Allow kernels compiled with INET+INET6 to be booted as IPv4-only or IPv6-only.
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base
|
#
1.99 |
|
05-Jun-2013 |
christos |
branches: 1.99.2; IPSEC has not come in two speeds for a long time now (IPSEC == kame, FAST_IPSEC). Make everything refer to IPSEC to avoid confusion.
|
Revision tags: agc-symver-base
|
#
1.98 |
|
01-Mar-2013 |
joerg |
Retire OSI network stack. OK core@
|
Revision tags: yamt-pagecache-base8 yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.97 |
|
23-Jun-2012 |
christos |
branches: 1.97.2; 4 new sysctls to avoid ipv6 DoS attacks from OpenBSD
|
Revision tags: jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8
|
#
1.96 |
|
22-Mar-2012 |
drochner |
remove KAME IPSEC, replaced by FAST_IPSEC
|
Revision tags: netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 jmcneill-usbmp-base7 jmcneill-usbmp-base6 jmcneill-usbmp-base5 jmcneill-usbmp-base4 jmcneill-usbmp-base3 jmcneill-usbmp-base2 netbsd-6-base
|
#
1.95 |
|
31-Dec-2011 |
christos |
branches: 1.95.2; 1.95.6; 1.95.8; - fix offsetof usage, and redundant defines - kill pointer casts to 0
|
#
1.94 |
|
19-Dec-2011 |
drochner |
rename the IPSEC in-kernel CPP variable and config(8) option to KAME_IPSEC, and make IPSEC define it so that existing kernel config files work as before Now the default can be easily be changed to FAST_IPSEC just by setting the IPSEC alias to FAST_IPSEC.
|
Revision tags: jmcneill-usbmp-pre-base2 jmcneill-usbmp-base jmcneill-audiomp3-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base
|
#
1.93 |
|
24-Sep-2011 |
christos |
branches: 1.93.2; 1.93.6; Add inet6 part of the rfc6056 code contributed by Vlad Balan as part of Google SoC-2011
|
Revision tags: rmind-uvmplock-nbase cherry-xenmp-base rmind-uvmplock-base
|
#
1.92 |
|
24-May-2011 |
spz |
RA flood mitigation via a limit on accepted routes: - introduce a limit for the routes accepted via IPv6 Router Advertisement: a common 2 interface client will have 6, the default limit is 100 and can be adjusted via sysctl - report the current number of routes installed via RA via sysctl - count discarded route additions. Note that one RA message is two routes. This is at present only across all interfaces even though per-interface would be more useful, since the per-interface structure complies to RFC2466 - bump kernel version due to the previous change - adjust netstat to use the new value (with netstat -p icmp6)
|
#
1.91 |
|
03-May-2011 |
dyoung |
*_drain() routines may be called with locks held, so instead of doing any work in *_drain(), set a drain-needed flag. Do the work in the fasttimo handler.
Contributed by Coyote Point Systems, Inc.
|
#
1.90 |
|
31-Mar-2011 |
dyoung |
Hide the radix-trie implementation of the forwarding table so that we will have an easier time replacing it with something different, even if it is a second radix-trie implementation.
sys/net/route.c and sys/net/rtsock.c no longer operate directly on radix_nodes or radix_node_heads.
Hopefully this will reduce the temptation to implement multipath or source-based routing using grotty hacks to the grotty old radix-trie code, too. :-)
|
Revision tags: bouyer-quota2-nbase bouyer-quota2-base jruoho-x86intr-base matt-mips64-premerge-20101231 uebayasi-xip-base4 uebayasi-xip-base3 yamt-nfs-mp-base11
|
#
1.89 |
|
24-Aug-2010 |
jakllsch |
branches: 1.89.2; Make the EtherIP in IPv6 input path work. XXX: Figure out if we really need a separate protosw for IPv6.
|
Revision tags: uebayasi-xip-base2 yamt-nfs-mp-base10 uebayasi-xip-base1 yamt-nfs-mp-base9 uebayasi-xip-base
|
#
1.88 |
|
04-Feb-2010 |
joerg |
branches: 1.88.2; 1.88.4; Explicitly include opt_gateway.h when depending on GATEWAY.
|
Revision tags: matt-premerge-20091211 yamt-nfs-mp-base8 jym-xensuspend-nbase
|
#
1.87 |
|
11-Sep-2009 |
dyoung |
Make ifconfig(8) set and display preference numbers for IPv6 addresses. Make the kernel support SIOC[SG]IFADDRPREF for IPv6 interface addresses.
In in6ifa_ifpforlinklocal(), consult preference numbers before making an otherwise arbitrary choice of in6_ifaddr. Otherwise, preference numbers are *not* consulted by the kernel, but that will be rather easy for somebody with a little bit of free time to fix.
Please note that setting the preference number for a link-local IPv6 address does not work right, yet, but that ought to be fixed soon.
In support of the changes above,
1 Add a method to struct domain for "externalizing" a sockaddr, and provide an implementation for IPv6. Expect more work in this area: it may be more proper to say that the IPv6 implementation "internalizes" a sockaddr. Add sockaddr_externalize().
2 Add a subroutine, sofamily(), that returns a struct socket's address family or AF_UNSPEC.
3 Make a lot of IPv4-specific code generic, and move it from sys/netinet/ to sys/net/ for re-use by IPv6 parts of the kernel and ifconfig(8).
|
#
1.86 |
|
11-Sep-2009 |
dyoung |
Nothing uses sockaddr_in6_cmp() right now, and the generic sockaddr_cmp() is probably as fast or faster than calling sockaddr_in6_cmp() through a function pointer, so let's stop compiling it.
|
#
1.85 |
|
21-Aug-2009 |
tsutsui |
Fix error on kernels with options IPSEC without options IPSEC_ESP. Found on building evbppc/conf/PMPPC.
|
Revision tags: yamt-nfs-mp-base7 jymxensuspend-base yamt-nfs-mp-base6 yamt-nfs-mp-base5 yamt-nfs-mp-base4 yamt-nfs-mp-base3 nick-hppapmap-base4 nick-hppapmap-base3 jym-xensuspend-base nick-hppapmap-base
|
#
1.84 |
|
23-Mar-2009 |
liamjfoy |
Init ip6flow pool dynamically instead of using a linkset.
|
Revision tags: nick-hppapmap-base2 haad-dm-base2 haad-nbase2 ad-audiomp2-base haad-dm-base mjf-devfs2-base
|
#
1.83 |
|
25-Nov-2008 |
pooka |
branches: 1.83.4; Make dom_maxrtkey of inet/inet6domain the size of the ip_encap pack structures. This is far from optimal, but gets rid of iffy #ifdef INET in radix.c. The radix bonsai still needs lots of love before loading domains dynamically is possible...
|
Revision tags: netbsd-5-1-5-RELEASE netbsd-5-1-4-RELEASE netbsd-5-1-3-RELEASE netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE matt-nb5-mips64-premerge-20101231 netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 netbsd-5-base matt-mips64-base2 haad-dm-base1 wrstuden-revivesa-base-4 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 wrstuden-revivesa-base-1 simonb-wapbl-nbase yamt-pf42-base4 simonb-wapbl-base yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-base2 yamt-nfs-mp-base2 wrstuden-revivesa-base yamt-nfs-mp-base
|
#
1.82 |
|
24-Apr-2008 |
ad |
branches: 1.82.2; 1.82.8; 1.82.10; 1.82.12; Merge the socket locking patch:
- Socket layer becomes MP safe. - Unix protocols become MP safe. - Allows protocol processing interrupts to safely block on locks. - Fixes a number of race conditions.
With much feedback from matt@ and plunky@.
|
#
1.81 |
|
23-Apr-2008 |
thorpej |
Make IPSEC and FAST_IPSEC stats per-cpu. Use <net/net_stats.h> and netstat_sysctl().
|
Revision tags: yamt-pf42-baseX yamt-pf42-base
|
#
1.80 |
|
15-Apr-2008 |
thorpej |
branches: 1.80.2; Make pim6 stats per-cpu.
|
Revision tags: ad-socklock-base1 yamt-lazymbuf-base15 yamt-lazymbuf-base14 keiichi-mipv6-nbase nick-net80211-sync-base keiichi-mipv6-base bouyer-xeni386-merge1 vmlocking2-base3 bouyer-xeni386-nbase yamt-kmem-base3 cube-autoconf-base yamt-kmem-base2 bouyer-xeni386-base yamt-kmem-base vmlocking2-base2 reinoud-bufcleanup-nbase vmlocking2-base1 matt-armv6-nbase jmcneill-base mjf-devfs-base bouyer-xenamd64-base2 vmlocking-nbase yamt-x86pmap-base4 bouyer-xenamd64-base yamt-x86pmap-base3 yamt-x86pmap-base2 yamt-x86pmap-base matt-armv6-base jmcneill-pm-base hpcarm-cleanup-base reinoud-bufcleanup-base vmlocking-base
|
#
1.79 |
|
19-Sep-2007 |
dyoung |
branches: 1.79.16; 1.79.20; 1) Introduce a new socket option, (SOL_SOCKET, SO_NOHEADER), that tells a socket that it should both add a protocol header to tx'd datagrams and remove the header from rx'd datagrams:
int onoff = 1, s = socket(...); setsockopt(s, SOL_SOCKET, SO_NOHEADER, &onoff);
2) Add an implementation of (SOL_SOCKET, SO_NOHEADER) for raw IPv4 sockets.
3) Reorganize the protocols' pr_ctloutput implementations a bit. Consistently return ENOPROTOOPT when an option is unsupported, and EINVAL if a supported option's arguments are incorrect. Reorganize the flow of code so that it's more clear how/when options are passed down the stack until they are handled.
Shorten some pr_ctloutput staircases for readability.
4) Extract common mbuf code into subroutines, add new sockaddr methods, and introduce a new subroutine, fsocreate(), for reuse later; use it first in sys_socket():
struct mbuf *m_getsombuf(struct socket *so)
Create an mbuf and make its owner the socket `so'.
struct mbuf *m_intopt(struct socket *so, int val)
Create an mbuf, make its owner the socket `so', put the int `val' into it, and set its length to sizeof(int).
int fsocreate(..., int *fd)
Create a socket, a la socreate(9), put the socket into the given LWP's descriptor table, return the descriptor at `fd' on success.
void *sockaddr_addr(struct sockaddr *sa, socklen_t *slenp) const void *sockaddr_const_addr(const struct sockaddr *sa, socklen_t *slenp)
Extract a pointer to the address part of a sockaddr. Write the length of the address part at `slenp', if `slenp' is not NULL.
socklen_t sockaddr_getlen(const struct sockaddr *sa)
Return the length of a sockaddr. This just evaluates to sa->sa_len. I only add this for consistency with code that appears in a portable userland library that I am going to import.
const struct sockaddr *sockaddr_any(const struct sockaddr *sa)
Return the "don't care" sockaddr in the same family as `sa'. This is the address a client should sobind(9) if it does not care the source address and, if applicable, the port et cetera that it uses.
const void *sockaddr_anyaddr(const struct sockaddr *sa, socklen_t *slenp)
Return the "don't care" sockaddr in the same family as `sa'. This is the address a client should sobind(9) if it does not care the source address and, if applicable, the port et cetera that it uses.
|
Revision tags: nick-csl-alignment-base5
|
#
1.78 |
|
30-Aug-2007 |
dyoung |
Use malloc(9) for sockaddrs instead of pool(9), and remove dom_sa_pool and dom_sa_len members from struct domain. Pools of fixed-size objects are too rigid for sockaddr_dls, whose size can vary over a wide range.
Return sockaddr_dl to its "historical" size. Now that I'm using malloc(9) instead of pool(9) to allocate sockaddr_dl, I can create a sockaddr_dl of any size in the kernel, so expanding sockaddr_dl is useless.
Avoid using sizeof(struct sockaddr_dl) in the kernel.
Introduce sockaddr_dl_alloc() for allocating & initializing an arbitrary sockaddr_dl on the heap.
Add an argument, the sockaddr length, to sockaddr_alloc(), sockaddr_copy(), and sockaddr_dl_setaddr().
Constify: LLADDR() -> CLLADDR().
Where the kernel overwrites LLADDR(), use sockaddr_dl_setaddr(), instead. Used properly, sockaddr_dl_setaddr() will not overrun the end of the sockaddr.
|
Revision tags: matt-mips64-base nick-csl-alignment-base yamt-idlelwp-base8 mjf-ufs-trans-base
|
#
1.77 |
|
06-May-2007 |
dyoung |
branches: 1.77.2; 1.77.6; 1.77.8; In AppleTalk, IPv4, and IPv6 routing domains, help sockaddr_cmp() avoid an indirect function call by comparing the family, length, and bytes [dom->dom_sa_cmpofs, dom->dom_sa_cmpofs + dom->dom_sa_cmplen), corresponding to the the sockaddrs' "address" members.
For ISO, actually use sockaddr_iso_cmp, for a change. Thanks to yamt@ for pointing out my error.
|
#
1.76 |
|
02-May-2007 |
dyoung |
Eliminate address family-specific route caches (struct route, struct route_in6, struct route_iso), replacing all caches with a struct route.
The principle benefit of this change is that all of the protocol families can benefit from route cache-invalidation, which is necessary for correct routing. Route-cache invalidation fixes an ancient PR, kern/3508, at long last; it fixes various other PRs, also.
Discussions with and ideas from Joerg Sonnenberger influenced this work tremendously. Of course, all design oversights and bugs are mine.
DETAILS
1 I added to each address family a pool of sockaddrs. I have introduced routines for allocating, copying, and duplicating, and freeing sockaddrs:
struct sockaddr *sockaddr_alloc(sa_family_t af, int flags); struct sockaddr *sockaddr_copy(struct sockaddr *dst, const struct sockaddr *src); struct sockaddr *sockaddr_dup(const struct sockaddr *src, int flags); void sockaddr_free(struct sockaddr *sa);
sockaddr_alloc() returns either a sockaddr from the pool belonging to the specified family, or NULL if the pool is exhausted. The returned sockaddr has the right size for that family; sa_family and sa_len fields are initialized to the family and sockaddr length---e.g., sa_family = AF_INET and sa_len = sizeof(struct sockaddr_in). sockaddr_free() puts the given sockaddr back into its family's pool.
sockaddr_dup() and sockaddr_copy() work analogously to strdup() and strcpy(), respectively. sockaddr_copy() KASSERTs that the family of the destination and source sockaddrs are alike.
The 'flags' argumet for sockaddr_alloc() and sockaddr_dup() is passed directly to pool_get(9).
2 I added routines for initializing sockaddrs in each address family, sockaddr_in_init(), sockaddr_in6_init(), sockaddr_iso_init(), etc. They are fairly self-explanatory.
3 structs route_in6 and route_iso are no more. All protocol families use struct route. I have changed the route cache, 'struct route', so that it does not contain storage space for a sockaddr. Instead, struct route points to a sockaddr coming from the pool the sockaddr belongs to. I added a new method to struct route, rtcache_setdst(), for setting the cache destination:
int rtcache_setdst(struct route *, const struct sockaddr *);
rtcache_setdst() returns 0 on success, or ENOMEM if no memory is available to create the sockaddr storage.
It is now possible for rtcache_getdst() to return NULL if, say, rtcache_setdst() failed. I check the return value for NULL everywhere in the kernel.
4 Each routing domain (struct domain) has a list of live route caches, dom_rtcache. rtflushall(sa_family_t af) looks up the domain indicated by 'af', walks the domain's list of route caches and invalidates each one.
|
Revision tags: thorpej-atomic-base
|
#
1.75 |
|
07-Mar-2007 |
liamjfoy |
branches: 1.75.2; 1.75.4; Add IPv6 Fast Forward - the IPv4 counterpart:
If ip6_forward successfully forwards a packet, a cache, in this case a ip6flow struct entry, will be created. ether_input and friends will then be able to call ip6flow_fastforward with the packet which will then be passed to if_output (unless an issue is found - in that case the packet is passed back to ip6_input).
ok matt@ christos@ dyoung@ and joerg@
|
#
1.74 |
|
06-Mar-2007 |
liamjfoy |
Fix some style issues - no functional change
|
#
1.73 |
|
27-Feb-2007 |
degroote |
Initialize fast_ipsec entry in the protocol switch with structure initializers as other entries.
|
Revision tags: ad-audiomp-base
|
#
1.72 |
|
19-Feb-2007 |
dyoung |
Initialize protocol switch with structure initializers.
|
#
1.71 |
|
17-Feb-2007 |
dyoung |
0 -> NULL
|
#
1.70 |
|
10-Feb-2007 |
degroote |
branches: 1.70.2; Commit my SoC work Add ipv6 support for fast_ipsec Note that currently, packet with extensions headers are not correctly supported Change the ipcomp logic
|
Revision tags: post-newlock2-merge newlock2-nbase yamt-splraiseipl-base5 yamt-splraiseipl-base4 yamt-splraiseipl-base3 newlock2-base
|
#
1.69 |
|
09-Dec-2006 |
dyoung |
Here are various changes designed to protect against bad IPv4 routing caused by stale route caches (struct route). Route caches are sprinkled throughout PCBs, the IP fast-forwarding table, and IP tunnel interfaces (gre, gif, stf).
Stale IPv6 and ISO route caches will be treated by separate patches.
Thank you to Christoph Badura for suggesting the general approach to invalidating route caches that I take here.
Here are the details:
Add hooks to struct domain for tracking and for invalidating each domain's route caches: dom_rtcache, dom_rtflush, and dom_rtflushall.
Introduce helper subroutines, rtflush(ro) for invalidating a route cache, rtflushall(family) for invalidating all route caches in a routing domain, and rtcache(ro) for notifying the domain of a new cached route.
Chain together all IPv4 route caches where ro_rt != NULL. Provide in_rtcache() for adding a route to the chain. Provide in_rtflush() and in_rtflushall() for invalidating IPv4 route caches. In in_rtflush(), set ro_rt to NULL, and remove the route from the chain. In in_rtflushall(), walk the chain and remove every route cache.
In rtrequest1(), call rtflushall() to invalidate route caches when a route is added.
In gif(4), discard the workaround for stale caches that involves expiring them every so often.
Replace the pattern 'RTFREE(ro->ro_rt); ro->ro_rt = NULL;' with a call to rtflush(ro).
Update ipflow_fastforward() and all other users of route caches so that they expect a cached route, ro->ro_rt, to turn to NULL.
Take care when moving a 'struct route' to rtflush() the source and to rtcache() the destination.
In domain initializers, use .dom_xxx tags.
KNF here and there.
|
Revision tags: netbsd-4-base
|
#
1.68 |
|
23-Nov-2006 |
rpaulo |
branches: 1.68.2; 1.68.4; New EtherIP driver based on tap(4) and gif(4) by Hans Rosenfeld. Notable changes: * Fixes PR 34268. * Separates the code from gif(4) (which is more cleaner). * Allows the usage of STP (Spanning Tree Protocol). * Removed EtherIP implementation from gif(4)/tap(4).
Some input from Christos.
|
Revision tags: yamt-splraiseipl-base2
|
#
1.67 |
|
10-Oct-2006 |
dogcow |
change the MOWNER_INIT define to take two args; fix extant struct mowner decls to use it. Makes options MBUFTRACE compile again and not whinge about missing structure declarations. (Also makes initialization consistent.)
|
Revision tags: yamt-splraiseipl-base yamt-pdpolicy-base9 yamt-pdpolicy-base8 rpaulo-netinet-merge-pcb-base
|
#
1.66 |
|
30-Aug-2006 |
christos |
branches: 1.66.2; 1.66.4; add missing initializers
|
#
1.65 |
|
28-Aug-2006 |
christos |
remove extra members
|
#
1.64 |
|
25-Aug-2006 |
matt |
One step closer to loadable domains. Store pointers to a domain's soft interrupt queues so if_detach can remove packets to removed interfaces from them. This eliminates a lot of conditional ugly code in if.c
|
Revision tags: abandoned-netbsd-4-base yamt-pdpolicy-base7 yamt-pdpolicy-base6 chap-midi-nbase gdamore-uart-base yamt-pdpolicy-base5 chap-midi-base simonb-timecounters-base
|
#
1.63 |
|
18-May-2006 |
liamjfoy |
Integrate Common Address Redundancy Procotol (CARP) from OpenBSD
'pseudo-device carp'
Thanks to: joerg@ christos@ riz@ and others who tested Ok: core@
|
Revision tags: yamt-pdpolicy-base4 yamt-pdpolicy-base3 peter-altq-base yamt-pdpolicy-base2 elad-kernelauth-base
|
#
1.62 |
|
05-Mar-2006 |
rpaulo |
branches: 1.62.4; NDP-related improvements: RFC4191 - supports host-side router-preference
RFC3542 - if DAD fails on a interface, disables IPv6 operation on the interface - don't advertise MLD report before DAD finishes
Others - fixes integer overflow for valid and preferred lifetimes - improves timer granularity for MLD, using callout-timer. - reflects rtadvd's IPv6 host variable information into kernel (router only) - adds a sysctl option to enable/disable pMTUd for multicast packets - performs NUD on PPP/GRE interface by default - Redirect works regardless of ip6_accept_rtadv - removes RFC1885-related code
From the KAME project via SUZUKI Shinsuke. Reviewed by core.
|
Revision tags: yamt-pdpolicy-base yamt-uio_vmspace-base5
|
#
1.61 |
|
11-Dec-2005 |
christos |
branches: 1.61.4; 1.61.6; 1.61.8; merge ktrace-lwp.
|
Revision tags: yamt-readahead-base3 yamt-readahead-base2 yamt-readahead-pervnode yamt-readahead-perfile yamt-readahead-base yamt-vop-base3 yamt-vop-base2 thorpej-vnode-attr-base yamt-vop-base ktrace-lwp-base
|
#
1.60 |
|
19-Jul-2005 |
gdt |
Add PR_PURGEIF flag for protocols to indicate that the protocol might store a struct ifnet *, and define it for udp/tcp/rawip for INET and INET6. When deleting a struct ifnet, invoke PRU_PURGEIF on all protocols marked with PR_PURGEIF. Closes PR kern/29580 (mine).
|
#
1.59 |
|
29-May-2005 |
christos |
branches: 1.59.2; - avoid shadowed variables - sprinkle const.
|
Revision tags: yamt-km-base4 yamt-km-base3 netbsd-3-base yamt-km-base2 yamt-km-base kent-audio2-base
|
#
1.58 |
|
23-Jan-2005 |
matt |
branches: 1.58.6; Change initialzie of domains to use link sets. Switch to using STAILQ. Add a convenience macro DOMAIN_FOREACH to interate through the domain.
|
Revision tags: kent-audio1-beforemerge kent-audio1-base
|
#
1.57 |
|
22-Apr-2004 |
matt |
branches: 1.57.4; Constify protosw arrays. This can reduce the kernel .data section by over 4K (if all the network protocols) are loaded.
|
Revision tags: netbsd-2-0-3-RELEASE netbsd-2-1-RELEASE netbsd-2-1-RC6 netbsd-2-1-RC5 netbsd-2-1-RC4 netbsd-2-1-RC3 netbsd-2-1-RC2 netbsd-2-1-RC1 netbsd-2-0-2-RELEASE netbsd-2-0-1-RELEASE netbsd-2-base netbsd-2-0-RELEASE netbsd-2-0-RC5 netbsd-2-0-RC4 netbsd-2-0-RC3 netbsd-2-0-RC2 netbsd-2-0-RC1 netbsd-2-0-base
|
#
1.56 |
|
04-Dec-2003 |
atatat |
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(), vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all nodes are registered with the tree, and nodes can be added (or removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to number (and back again) can now be discovered, instead of having to be hard coded. Adding new nodes to the tree is likewise much simpler -- the new infrastructure handles almost all the work for simple types, and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking), so all existing consumers of sysctl information should notice no difference.
PS - I'm sorry, but there's a distinct lack of documentation at the moment. I'm working on sysctl(3/8/9) right now, and I promise to watch out for buses.
|
#
1.55 |
|
03-Nov-2003 |
briggs |
Revert the change in default value of ipv6_v6only. Further discussion on this topic is required. It should be reintroduced and pursued in the IETF.
|
#
1.54 |
|
28-Oct-2003 |
briggs |
Toggle the default value of ip6_v6only. Also provide a sample sysctl to retain the existing behavior.
|
#
1.53 |
|
06-Sep-2003 |
itojun |
randomize IPv4/v6 fragment ID and IPv6 flowlabel. avoids predictability of these fields. ip_id.c is from openbsd. ip6_id.c is adapted by kame.
|
#
1.52 |
|
05-Sep-2003 |
itojun |
call tcp_drain() if IPv4-less kernel
|
#
1.51 |
|
04-Sep-2003 |
itojun |
revamp inpcb/in6pcb so that they are more aligned with each other. in6pcb lookup now uses hash(9).
|
#
1.50 |
|
14-Aug-2003 |
itojun |
enforce ipsec policy on raw wildcard.
|
#
1.49 |
|
07-Aug-2003 |
agc |
Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22364, verified by myself.
|
#
1.48 |
|
07-Aug-2003 |
itojun |
make net.inet6.ip6.redirect actually work. from Tomoyuki Sahara via kame
|
#
1.47 |
|
17-Apr-2003 |
thorpej |
branches: 1.47.2; Protect the definition of offsetof().
|
Revision tags: nathanw_sa_before_merge fvdl_fs64_base gmcgarry_ctxsw_base gmcgarry_ucred_base nathanw_sa_base
|
#
1.46 |
|
11-Nov-2002 |
itojun |
pmtu_probe is not used anywhere (it is used in KAME TCP6-only code). From: Krister Walfridsson <cato@df.lth.se>
|
Revision tags: kqueue-aftermerge kqueue-beforemerge gehenna-devsw-base kqueue-base
|
#
1.45 |
|
20-Aug-2002 |
itojun |
sync up use_deprecated handling with latest kame. - bind(deprecated) is allowed, trusting userland app is doing the right thing - use_deprecated default to 1
|
#
1.44 |
|
17-Aug-2002 |
itojun |
set default value for use_deprecated to 0, to avoid consequences with ftpd.
|
#
1.43 |
|
09-Jun-2002 |
itojun |
whitespace cleanup
|
#
1.42 |
|
08-Jun-2002 |
itojun |
whitespace cleanup
|
#
1.41 |
|
29-May-2002 |
itojun |
move per-interface ip6/icmp6 stat to ifnet->if_afdata. sync w/kame
|
#
1.40 |
|
28-May-2002 |
itojun |
limit number of IPv6 fragments (not the fragment queue size) to fight against lots-of-frags DoS attacks. sync w/kame
|
Revision tags: netbsd-1-6-RC1 netbsd-1-6-base eeh-devprop-base
|
#
1.39 |
|
15-Mar-2002 |
itojun |
branches: 1.39.4; 1.39.6; have tcp6_drain
|
Revision tags: newlock-base ifpoll-base
|
#
1.38 |
|
21-Dec-2001 |
itojun |
call encap6_ctlinput on icmp6 against tunnelled packet. sync w/kame
|
#
1.37 |
|
21-Dec-2001 |
itojun |
use radix table for inbound tunnel lookup (would increase performance for machines with a lot of tunnels). update route cache for IPvX-over-IPv6 tunnel on path MTU discovery. snyc with kame
|
#
1.36 |
|
21-Dec-2001 |
itojun |
move in6_gif_hlim decl to in6_gif.c. sync with kame
|
#
1.35 |
|
21-Dec-2001 |
itojun |
move protosw fragment for gif/stf to their own source code. reduce #ifdef in stf code. sync with kame
|
#
1.34 |
|
13-Nov-2001 |
lukem |
add RCSIDs
|
Revision tags: thorpej-mips-cache-base
|
#
1.33 |
|
24-Oct-2001 |
itojun |
no tcp_fasttimo any more. PR 14333
|
#
1.32 |
|
24-Oct-2001 |
itojun |
more whitespace sync with kame
|
#
1.31 |
|
16-Oct-2001 |
itojun |
branches: 1.31.2; remove unused #define. sync whitespace/comment with kame.
|
#
1.30 |
|
15-Oct-2001 |
itojun |
implement IPV6_V6ONLY socket option from draft-ietf-ipngwg-rfc2553bis-03.txt. IPV6_BINDV6ONLY (netbsd only) is deprecated, but still work just like before.
|
Revision tags: thorpej-devvp-base3 thorpej-devvp-base2 post-chs-ubcperf pre-chs-ubcperf thorpej-devvp-base thorpej_scsipi_beforemerge thorpej_scsipi_nbase thorpej_scsipi_base
|
#
1.29 |
|
21-Mar-2001 |
thorpej |
branches: 1.29.2; Add a protosw flag, PR_ABRTACPTDIS (Abort on Accept of Disconnected Socket), and add it to the protocols that use that behavior (all PR_LISTEN protocols except for PF_LOCAL stream sockets).
|
#
1.28 |
|
01-Mar-2001 |
itojun |
branches: 1.28.2; make sure to enforce inbound ipsec policy checking, for any protocols on top of ip (check it when final header is visited). sync with kame. XXX kame team will need to re-check policy engine code
|
#
1.27 |
|
21-Feb-2001 |
itojun |
need PR_ADDR|PR_ATOMIC for IPPROTO_EON. fix typo. from chopps, sync with kame
|
#
1.26 |
|
20-Feb-2001 |
itojun |
ISO over IPv4/v6 by EON encapsulation. from chopps, sync with kame.
|
#
1.25 |
|
11-Feb-2001 |
itojun |
pull latest kame pcbnotify code. synchronizes ICMPv6 path mtu discovery behavior with other protocols (i.e. validation, use of hiwat/lowat).
|
#
1.24 |
|
11-Feb-2001 |
itojun |
whitespace sync with kame
|
#
1.23 |
|
19-Oct-2000 |
itojun |
remove #ifdef TCP6. it is not likely for us to bring in sys/netinet6/tcp6*.c (separate TCP/IPv6 stack) into netbsd-current.
|
#
1.22 |
|
18-Oct-2000 |
itojun |
verify ICMPv6 too big messages based on TCP pcbs, and/or IPsec SA. TODO: udp6, and sendto consideration. as pmtud is mandatory for IPv6, it is rather important for us to support those cases. TODO: more testing TODO: kame sync
|
#
1.21 |
|
10-Oct-2000 |
itojun |
sync with kame ($KAME$)
|
#
1.20 |
|
10-Oct-2000 |
enami |
Don't initialize TCP twice on v4/v6 dual stack kernel.
|
#
1.19 |
|
28-Jul-2000 |
itojun |
nuke the following sysctl variables. "ppsratelimit" should work better. need to recompile sbin/sysctl after updating /usr/include. net.inet.tcp.rstratelimit net.inet.icmp.errratelimit net.inet6.icmp6.errratelimit
|
#
1.18 |
|
06-Jul-2000 |
itojun |
- do not use bitfield for router renumbering header. - add protection mechanism against ND cache corruption due to bad NUD hints. - more stats - icmp6 pps limitation. TOOD: should implement ppsratecheck(9).
|
Revision tags: netbsd-1-5-ALPHA2 netbsd-1-5-base minoura-xpg4dl-base
|
#
1.17 |
|
19-Apr-2000 |
itojun |
branches: 1.17.4; introduce sys/netinet/ip_encap.c, to dispatch inbound packets to protocol handlers, based on src/dst (for ip proto #4/41). see comment in ip_encap.c for details of the problem we have. there are too many protocol specs for ip proto #4/41. backward compatibility with MROUTING case is now provided in ip_encap.c.
fix ipip to work with gif (using ip_encap.c). sorry for breakage.
gif now uses ip_encap.c.
introduce stf pseudo interface (implements 6to4, another IPv6-over-IPv4 code with ip proto #41).
|
#
1.16 |
|
26-Feb-2000 |
itojun |
implement rip6_ctlinput, to cope with routing changes correctly. (IMHO we need rip_ctlinput as well)
|
#
1.15 |
|
26-Feb-2000 |
itojun |
make it possible to throw IPv6 packet with proto=4/41. (in normal case we don't do it, but this is how IPv4 in_proto is written)
|
#
1.14 |
|
14-Feb-2000 |
thorpej |
Use ratecheck() for ICMP6 rate limiting.
|
Revision tags: chs-ubc2-newbase
|
#
1.13 |
|
06-Feb-2000 |
itojun |
fix include pathname for better rfc2292 compliance.
|
#
1.12 |
|
06-Jan-2000 |
itojun |
remove extra portability #ifdef (like #ifdef __FreeBSD__) in KAME IPv6/IPsec code, from netbsd-current repository. #ifdef'ed version is always available from ftp.kame.net.
XXX please do not make too many diff-unfriendly changes, we'll need to take bunch of diffs on upgrade...
|
#
1.11 |
|
06-Jan-2000 |
itojun |
make IPV6_BINDV6ONLY setsockopt available. it controls behavior of AF_INET6 wildcard listening socket. heavily documented in ip6(4). net.inet6.ip6.bindv6only defines default value. default is 1.
"options INET6_BINDV6ONLY" removes any code fragment that supports IPV6_BINDV6ONLY == 0 case (not defopt'ed as use of this is rare).
|
#
1.10 |
|
02-Jan-2000 |
itojun |
add net.inet6.icmp6.nodeinfo sysctl. this allows you to disable/enable ICMPv6 node information query/reply processing (which tells remote end the gethostname(3) setting, interface addresses on the node, and some other things - documented in draft-ietf-ipngwg-icmp-name-lookup* or something alike).
to test it, try ping6 -w ::1 with nodeinfo=0 and nodeinfo=1. (sync with kame change)
|
Revision tags: wrstuden-devbsize-19991221 wrstuden-devbsize-base
|
#
1.9 |
|
13-Dec-1999 |
itojun |
sync IPv6 part with latest KAME tree. IPsec part is left unmodified due to massive changes in KAME side. - IPv6 output goes through nd6_output - faith can capture IPv4 packets as well - you can run IPv4-to-IPv6 translator using heavily modified DNS servers - per-interface statistics (required for IPv6 MIB) - interface autoconfig is revisited - udp input handling has a big change for mapped address support. - introduce in4_cksum() for non-overwriting checksumming - introduce m_pulldown() - neighbor discovery cleanups/improvements - netinet/in.h strictly conforms to RFC2553 (no extra defs visible to userland) - IFA_STATS is fixed a bit (not tested) - and more more more.
TODO: - cleanup os-independency #ifdef - avoid rcvif dual use (for IPsec) to help ifdetach
(sorry for jumbo commit, I can't separate this any more...)
|
Revision tags: comdex-fall-1999-base fvdl-softdep-base chs-ubc2-base
|
#
1.8 |
|
31-Jul-1999 |
itojun |
branches: 1.8.2; 1.8.8; sync with recent KAME. - loosen ipsec restriction on packet diredtion. - revise icmp6 redirect handling on IsRouter bit. - tcp/udp notification processing (link-local address case) - cosmetic fixes (better code share across *BSD).
|
#
1.7 |
|
30-Jul-1999 |
itojun |
remove reference to in6_systm.h (file itself will be removed afterwords)
|
#
1.6 |
|
27-Jul-1999 |
explorer |
Fix a problem where tcp_slowtimo was called twice, once for ipv4 tcp and once for ipv6. This patch makes the ipv6 case pass NULLs in for fast and slow timeouts iff defined(INET) and passes in the right function if !defined(INET).
Reveiwed by itojun@iijlab.net.
|
#
1.5 |
|
22-Jul-1999 |
itojun |
change unnecessary u_long/long into u_int32_t or something relevant. more fixes should follow.
|
#
1.4 |
|
09-Jul-1999 |
thorpej |
defopt IPSEC and IPSEC_ESP (both into opt_ipsec.h).
|
#
1.3 |
|
03-Jul-1999 |
thorpej |
RCS ID police.
|
#
1.2 |
|
01-Jul-1999 |
itojun |
branches: 1.2.2; IPv6 kernel code, based on KAME/NetBSD 1.4, SNAP kit 19990628. (Sorry for a big commit, I can't separate this into several pieces...) Pls check sys/netinet6/TODO and sys/netinet6/IMPLEMENTATION for details.
- sys/kern: do not assume single mbuf, accept chained mbuf on passing data from userland to kernel (or other way round). - "midway" ATM card: ATM PVC pseudo device support, like those done in ALTQ package (ftp://ftp.csl.sony.co.jp/pub/kjc/). - sys/netinet/tcp*: IPv4/v6 dual stack tcp support. - sys/netinet/{ip6,icmp6}.h, sys/net/pfkeyv2.h: IETF document assumes those file to be there so we patch it up. - sys/netinet: IPsec additions are here and there. - sys/netinet6/*: most of IPv6 code sits here. - sys/netkey: IPsec key management code - dev/pci/pcidevs: regen
In my understanding no code here is subject to export control so it should be safe.
|
#
1.1 |
|
28-Jun-1999 |
itojun |
branches: 1.1.2; file in6_proto.c was initially added on branch kame.
|
#
1.129 |
|
03-Sep-2022 |
thorpej |
Garbage-collect everything related to struct domain::dom_ifqueues (except dom_ifqueues itself, until the next kernel version bump). It's no longer used now that nothing uses the legacy netisr mechanism.
|
Revision tags: thorpej-i2c-spi-conf2-base thorpej-futex2-base thorpej-cfargs2-base cjep_sun2x-base1 cjep_sun2x-base cjep_staticlib_x-base1 cjep_staticlib_x-base thorpej-i2c-spi-conf-base thorpej-cfargs-base thorpej-futex-base
|
#
1.128 |
|
12-Jun-2020 |
roy |
Remove in-kernel handling of Router Advertisements
This is much better handled by a user-land tool. Proposed on tech-net here: https://mail-index.netbsd.org/tech-net/2020/04/22/msg007766.html
Note that the ioctl SIOCGIFINFO_IN6 no longer sets flags. That now needs to be done using the pre-existing SIOCSIFINFO_FLAGS ioctl.
Compat is fully provided where it makes sense, but trying to turn on RA handling will obviously throw an error as it no longer exists.
Note that if you use IPv6 temporary addresses, this now needs to be turned on in dhcpcd.conf(5) rather than in sysctl.conf(5).
|
Revision tags: bouyer-xenpvh-base2
|
#
1.127 |
|
24-Apr-2020 |
jakllsch |
Fill in .pr_usrreqs for SOCK_SEQPACKET and SOCK_STREAM variants of SCTP too.
This should allow these socket types of SCTP to operate on IPv6 family sockets, as .pr_usrreqs must not be NULL for socreate() to succeed.
|
Revision tags: netbsd-9-3-RELEASE netbsd-9-2-RELEASE netbsd-9-1-RELEASE phil-wifi-20200421 bouyer-xenpvh-base1 phil-wifi-20200411 bouyer-xenpvh-base is-mlppp-base phil-wifi-20200406 ad-namecache-base3 netbsd-9-0-RELEASE netbsd-9-0-RC2 ad-namecache-base2 ad-namecache-base1 ad-namecache-base netbsd-9-0-RC1 phil-wifi-20191119 netbsd-9-base phil-wifi-20190609 isaki-audio2-base pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906
|
#
1.126 |
|
14-Aug-2018 |
maxv |
branches: 1.126.10; Retire EtherIP, we have L2TP instead.
|
Revision tags: pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521
|
#
1.125 |
|
11-May-2018 |
roy |
branches: 1.125.2; Increase the default size of some receive buffers from 8k to 16k. This mitigates recent reports of socket overflow errors and fixes PR bin/53247.
|
#
1.124 |
|
03-May-2018 |
maxv |
Remove now unused tcpip.h includes. Some were already unused before.
|
#
1.123 |
|
03-May-2018 |
maxv |
Remove net_osdep.h completely.
|
Revision tags: pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315
|
#
1.122 |
|
15-Mar-2018 |
maxv |
Add the PR_LASTHDR flag on the PFsync and CARP entries. Otherwise a "require" IPsec policy is not enforced on them, and unauthenticated packets will be accepted.
Tested with a require-AH configuration. Sent on tech-net@, no comment.
|
Revision tags: pgoyette-compat-base
|
#
1.121 |
|
07-Feb-2018 |
maxv |
branches: 1.121.2; Style, and localify IPV6FORWARDING. No functional change.
|
#
1.120 |
|
07-Feb-2018 |
maxv |
Change ip6_hdrnestlimit to be 15 instead of 50. I couldn't find any reference in RFCs about what a correct limit should be, but FreeBSD already uses 15.
If an IPv6 packet has 50 options, there is clearly something wrong with it.
|
Revision tags: tls-maxphys-base-20171202
|
#
1.119 |
|
27-Sep-2017 |
ozaki-r |
Take softnet_lock on pr_input properly if NET_MPSAFE
Currently softnet_lock is taken unnecessarily in some cases, e.g., icmp_input and encap4_input from ip_input, or not taken even if needed, e.g., udp_input and tcp_input from ipsec4_common_input_cb. Fix them.
NFC if NET_MPSAFE is disabled (default).
|
#
1.118 |
|
21-Sep-2017 |
ozaki-r |
Invalidate rtcache based on a global generation counter
The change introduces a global generation counter that is incremented when any routes have been added or deleted. When a rtcache caches a rtentry into itself, it also stores a snapshot of the generation counter. If the snapshot equals to the global counter, the cache is still valid, otherwise invalidated.
One drawback of the change is that all rtcaches of all protocol families are invalidated when any routes of any protocol families are added or deleted. If that matters, we should have separate generation counters based on protocol families.
This change removes LIST_ENTRY from struct route, which fixes a part of PR kern/52515.
|
Revision tags: nick-nhusb-base-20170825 perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1
|
#
1.117 |
|
14-Apr-2017 |
ozaki-r |
branches: 1.117.4; Rumpify netipsec
Note that we should modularize netipsec and reduce reverse symbol references (referencing symbols of netipsec from net, netinet and netinet6) though, the task needs lots of code changes. Prior to doing so, rumpifying it and having ATF tests should be useful.
|
Revision tags: jdolecek-ncq-base pgoyette-localcount-20170320
|
#
1.116 |
|
16-Feb-2017 |
knakahara |
add l2tp(4) L2TPv3 interface.
originally implemented by IIJ SEIL team.
|
#
1.115 |
|
13-Feb-2017 |
ozaki-r |
Protect mtudisc and redirect stuffs of icmp/icmp6 with mutex
We have to run pr_init of icmp and icmp6 prior to tcp and tcp6 ones for mutex initialization.
|
Revision tags: nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107
|
#
1.114 |
|
13-Dec-2016 |
ozaki-r |
branches: 1.114.2; Remove unnecessary inclusions of nd6.h
|
Revision tags: nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907
|
#
1.113 |
|
06-Jul-2016 |
ozaki-r |
branches: 1.113.2; Move in6_ifaddr_list to a more proper place (from ip6_input.c to in6.c)
It's a similar place as the IPv4 address list, i.e., in.c.
More varibles will join together.
|
Revision tags: nick-nhusb-base-20160529
|
#
1.112 |
|
26-Apr-2016 |
ozaki-r |
Sweep unnecessary route.h inclusions
|
Revision tags: nick-nhusb-base-20160422
|
#
1.111 |
|
11-Apr-2016 |
ozaki-r |
Sweep unncessary radix.h inclusions
|
Revision tags: nick-nhusb-base-20160319
|
#
1.110 |
|
21-Jan-2016 |
riastradh |
Revert previous: ran cvs commit when I meant cvs diff. Sorry!
Hit up-arrow one too few times.
|
#
1.109 |
|
21-Jan-2016 |
riastradh |
Give proper prototype to ip_output.
|
#
1.108 |
|
20-Jan-2016 |
riastradh |
Eliminate struct protosw::pr_output.
You can't use this unless you know what it is a priori: the formal prototype is variadic, and the different instances (e.g., ip_output, route_output) have different real prototypes.
Convert the only user of it, raw_send in net/raw_cb.c, to take an explicit callback argument. Convert the only instances of it, route_output and key_output, to such explicit callbacks for raw_send. Use assertions to make sure the conversion to explicit callbacks is warranted.
Discussed on tech-net with no objections: https://mail-index.netbsd.org/tech-net/2016/01/16/msg005484.html
|
Revision tags: nick-nhusb-base-20151226
|
#
1.107 |
|
13-Oct-2015 |
rjs |
Add core networking support for SCTP.
|
Revision tags: nick-nhusb-base-20150921
|
#
1.106 |
|
24-Aug-2015 |
pooka |
sprinkle _KERNEL_OPT
|
Revision tags: nick-nhusb-base-20150606
|
#
1.105 |
|
22-Apr-2015 |
roy |
Move INET6 specific in6_if_{up,down}() and in6_if_link_{up,down}() into agnostic domain functions.
|
Revision tags: nick-nhusb-base-20150406
|
#
1.104 |
|
10-Feb-2015 |
rjs |
Add DCCP protocol support from KAME.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.103 |
|
05-Jun-2014 |
rmind |
branches: 1.103.4; - Implement pktqueue interface for lockless IP input queue. - Replace ipintrq and ip6intrq with the pktqueue mechanism. - Eliminate kernel-lock from ipintr() and ip6intr(). - Some preparation work to push softnet_lock out of ipintr().
Discussed on tech-net.
|
#
1.102 |
|
22-May-2014 |
rmind |
Move udp6_input(), udp6_sendup(), udp6_realinput() and udp6_input_checksum() from udp_usrreq.c to udp6_usrreq.c where they belong. No functional change.
|
Revision tags: rmind-smpnet-nbase rmind-smpnet-base
|
#
1.101 |
|
18-May-2014 |
rmind |
Add struct pr_usrreqs with a pr_generic function and prepare for the dismantling of pr_usrreq in the protocols; no functional change intended. PRU_ATTACH/PRU_DETACH changes will follow soon.
Bump for struct protosw. Welcome to 6.99.62!
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3
|
#
1.100 |
|
02-Jan-2014 |
pooka |
branches: 1.100.2; Allow kernels compiled with INET+INET6 to be booted as IPv4-only or IPv6-only.
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base
|
#
1.99 |
|
05-Jun-2013 |
christos |
branches: 1.99.2; IPSEC has not come in two speeds for a long time now (IPSEC == kame, FAST_IPSEC). Make everything refer to IPSEC to avoid confusion.
|
Revision tags: agc-symver-base
|
#
1.98 |
|
01-Mar-2013 |
joerg |
Retire OSI network stack. OK core@
|
Revision tags: yamt-pagecache-base8 yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.97 |
|
23-Jun-2012 |
christos |
branches: 1.97.2; 4 new sysctls to avoid ipv6 DoS attacks from OpenBSD
|
Revision tags: jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8
|
#
1.96 |
|
22-Mar-2012 |
drochner |
remove KAME IPSEC, replaced by FAST_IPSEC
|
Revision tags: netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 jmcneill-usbmp-base7 jmcneill-usbmp-base6 jmcneill-usbmp-base5 jmcneill-usbmp-base4 jmcneill-usbmp-base3 jmcneill-usbmp-base2 netbsd-6-base
|
#
1.95 |
|
31-Dec-2011 |
christos |
branches: 1.95.2; 1.95.6; 1.95.8; - fix offsetof usage, and redundant defines - kill pointer casts to 0
|
#
1.94 |
|
19-Dec-2011 |
drochner |
rename the IPSEC in-kernel CPP variable and config(8) option to KAME_IPSEC, and make IPSEC define it so that existing kernel config files work as before Now the default can be easily be changed to FAST_IPSEC just by setting the IPSEC alias to FAST_IPSEC.
|
Revision tags: jmcneill-usbmp-pre-base2 jmcneill-usbmp-base jmcneill-audiomp3-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base
|
#
1.93 |
|
24-Sep-2011 |
christos |
branches: 1.93.2; 1.93.6; Add inet6 part of the rfc6056 code contributed by Vlad Balan as part of Google SoC-2011
|
Revision tags: rmind-uvmplock-nbase cherry-xenmp-base rmind-uvmplock-base
|
#
1.92 |
|
24-May-2011 |
spz |
RA flood mitigation via a limit on accepted routes: - introduce a limit for the routes accepted via IPv6 Router Advertisement: a common 2 interface client will have 6, the default limit is 100 and can be adjusted via sysctl - report the current number of routes installed via RA via sysctl - count discarded route additions. Note that one RA message is two routes. This is at present only across all interfaces even though per-interface would be more useful, since the per-interface structure complies to RFC2466 - bump kernel version due to the previous change - adjust netstat to use the new value (with netstat -p icmp6)
|
#
1.91 |
|
03-May-2011 |
dyoung |
*_drain() routines may be called with locks held, so instead of doing any work in *_drain(), set a drain-needed flag. Do the work in the fasttimo handler.
Contributed by Coyote Point Systems, Inc.
|
#
1.90 |
|
31-Mar-2011 |
dyoung |
Hide the radix-trie implementation of the forwarding table so that we will have an easier time replacing it with something different, even if it is a second radix-trie implementation.
sys/net/route.c and sys/net/rtsock.c no longer operate directly on radix_nodes or radix_node_heads.
Hopefully this will reduce the temptation to implement multipath or source-based routing using grotty hacks to the grotty old radix-trie code, too. :-)
|
Revision tags: bouyer-quota2-nbase bouyer-quota2-base jruoho-x86intr-base matt-mips64-premerge-20101231 uebayasi-xip-base4 uebayasi-xip-base3 yamt-nfs-mp-base11
|
#
1.89 |
|
24-Aug-2010 |
jakllsch |
branches: 1.89.2; Make the EtherIP in IPv6 input path work. XXX: Figure out if we really need a separate protosw for IPv6.
|
Revision tags: uebayasi-xip-base2 yamt-nfs-mp-base10 uebayasi-xip-base1 yamt-nfs-mp-base9 uebayasi-xip-base
|
#
1.88 |
|
04-Feb-2010 |
joerg |
branches: 1.88.2; 1.88.4; Explicitly include opt_gateway.h when depending on GATEWAY.
|
Revision tags: matt-premerge-20091211 yamt-nfs-mp-base8 jym-xensuspend-nbase
|
#
1.87 |
|
11-Sep-2009 |
dyoung |
Make ifconfig(8) set and display preference numbers for IPv6 addresses. Make the kernel support SIOC[SG]IFADDRPREF for IPv6 interface addresses.
In in6ifa_ifpforlinklocal(), consult preference numbers before making an otherwise arbitrary choice of in6_ifaddr. Otherwise, preference numbers are *not* consulted by the kernel, but that will be rather easy for somebody with a little bit of free time to fix.
Please note that setting the preference number for a link-local IPv6 address does not work right, yet, but that ought to be fixed soon.
In support of the changes above,
1 Add a method to struct domain for "externalizing" a sockaddr, and provide an implementation for IPv6. Expect more work in this area: it may be more proper to say that the IPv6 implementation "internalizes" a sockaddr. Add sockaddr_externalize().
2 Add a subroutine, sofamily(), that returns a struct socket's address family or AF_UNSPEC.
3 Make a lot of IPv4-specific code generic, and move it from sys/netinet/ to sys/net/ for re-use by IPv6 parts of the kernel and ifconfig(8).
|
#
1.86 |
|
11-Sep-2009 |
dyoung |
Nothing uses sockaddr_in6_cmp() right now, and the generic sockaddr_cmp() is probably as fast or faster than calling sockaddr_in6_cmp() through a function pointer, so let's stop compiling it.
|
#
1.85 |
|
21-Aug-2009 |
tsutsui |
Fix error on kernels with options IPSEC without options IPSEC_ESP. Found on building evbppc/conf/PMPPC.
|
Revision tags: yamt-nfs-mp-base7 jymxensuspend-base yamt-nfs-mp-base6 yamt-nfs-mp-base5 yamt-nfs-mp-base4 yamt-nfs-mp-base3 nick-hppapmap-base4 nick-hppapmap-base3 jym-xensuspend-base nick-hppapmap-base
|
#
1.84 |
|
23-Mar-2009 |
liamjfoy |
Init ip6flow pool dynamically instead of using a linkset.
|
Revision tags: nick-hppapmap-base2 haad-dm-base2 haad-nbase2 ad-audiomp2-base haad-dm-base mjf-devfs2-base
|
#
1.83 |
|
25-Nov-2008 |
pooka |
branches: 1.83.4; Make dom_maxrtkey of inet/inet6domain the size of the ip_encap pack structures. This is far from optimal, but gets rid of iffy #ifdef INET in radix.c. The radix bonsai still needs lots of love before loading domains dynamically is possible...
|
Revision tags: netbsd-5-1-5-RELEASE netbsd-5-1-4-RELEASE netbsd-5-1-3-RELEASE netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE matt-nb5-mips64-premerge-20101231 netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 netbsd-5-base matt-mips64-base2 haad-dm-base1 wrstuden-revivesa-base-4 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 wrstuden-revivesa-base-1 simonb-wapbl-nbase yamt-pf42-base4 simonb-wapbl-base yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-base2 yamt-nfs-mp-base2 wrstuden-revivesa-base yamt-nfs-mp-base
|
#
1.82 |
|
24-Apr-2008 |
ad |
branches: 1.82.2; 1.82.8; 1.82.10; 1.82.12; Merge the socket locking patch:
- Socket layer becomes MP safe. - Unix protocols become MP safe. - Allows protocol processing interrupts to safely block on locks. - Fixes a number of race conditions.
With much feedback from matt@ and plunky@.
|
#
1.81 |
|
23-Apr-2008 |
thorpej |
Make IPSEC and FAST_IPSEC stats per-cpu. Use <net/net_stats.h> and netstat_sysctl().
|
Revision tags: yamt-pf42-baseX yamt-pf42-base
|
#
1.80 |
|
15-Apr-2008 |
thorpej |
branches: 1.80.2; Make pim6 stats per-cpu.
|
Revision tags: ad-socklock-base1 yamt-lazymbuf-base15 yamt-lazymbuf-base14 keiichi-mipv6-nbase nick-net80211-sync-base keiichi-mipv6-base bouyer-xeni386-merge1 vmlocking2-base3 bouyer-xeni386-nbase yamt-kmem-base3 cube-autoconf-base yamt-kmem-base2 bouyer-xeni386-base yamt-kmem-base vmlocking2-base2 reinoud-bufcleanup-nbase vmlocking2-base1 matt-armv6-nbase jmcneill-base mjf-devfs-base bouyer-xenamd64-base2 vmlocking-nbase yamt-x86pmap-base4 bouyer-xenamd64-base yamt-x86pmap-base3 yamt-x86pmap-base2 yamt-x86pmap-base matt-armv6-base jmcneill-pm-base hpcarm-cleanup-base reinoud-bufcleanup-base vmlocking-base
|
#
1.79 |
|
19-Sep-2007 |
dyoung |
branches: 1.79.16; 1.79.20; 1) Introduce a new socket option, (SOL_SOCKET, SO_NOHEADER), that tells a socket that it should both add a protocol header to tx'd datagrams and remove the header from rx'd datagrams:
int onoff = 1, s = socket(...); setsockopt(s, SOL_SOCKET, SO_NOHEADER, &onoff);
2) Add an implementation of (SOL_SOCKET, SO_NOHEADER) for raw IPv4 sockets.
3) Reorganize the protocols' pr_ctloutput implementations a bit. Consistently return ENOPROTOOPT when an option is unsupported, and EINVAL if a supported option's arguments are incorrect. Reorganize the flow of code so that it's more clear how/when options are passed down the stack until they are handled.
Shorten some pr_ctloutput staircases for readability.
4) Extract common mbuf code into subroutines, add new sockaddr methods, and introduce a new subroutine, fsocreate(), for reuse later; use it first in sys_socket():
struct mbuf *m_getsombuf(struct socket *so)
Create an mbuf and make its owner the socket `so'.
struct mbuf *m_intopt(struct socket *so, int val)
Create an mbuf, make its owner the socket `so', put the int `val' into it, and set its length to sizeof(int).
int fsocreate(..., int *fd)
Create a socket, a la socreate(9), put the socket into the given LWP's descriptor table, return the descriptor at `fd' on success.
void *sockaddr_addr(struct sockaddr *sa, socklen_t *slenp) const void *sockaddr_const_addr(const struct sockaddr *sa, socklen_t *slenp)
Extract a pointer to the address part of a sockaddr. Write the length of the address part at `slenp', if `slenp' is not NULL.
socklen_t sockaddr_getlen(const struct sockaddr *sa)
Return the length of a sockaddr. This just evaluates to sa->sa_len. I only add this for consistency with code that appears in a portable userland library that I am going to import.
const struct sockaddr *sockaddr_any(const struct sockaddr *sa)
Return the "don't care" sockaddr in the same family as `sa'. This is the address a client should sobind(9) if it does not care the source address and, if applicable, the port et cetera that it uses.
const void *sockaddr_anyaddr(const struct sockaddr *sa, socklen_t *slenp)
Return the "don't care" sockaddr in the same family as `sa'. This is the address a client should sobind(9) if it does not care the source address and, if applicable, the port et cetera that it uses.
|
Revision tags: nick-csl-alignment-base5
|
#
1.78 |
|
30-Aug-2007 |
dyoung |
Use malloc(9) for sockaddrs instead of pool(9), and remove dom_sa_pool and dom_sa_len members from struct domain. Pools of fixed-size objects are too rigid for sockaddr_dls, whose size can vary over a wide range.
Return sockaddr_dl to its "historical" size. Now that I'm using malloc(9) instead of pool(9) to allocate sockaddr_dl, I can create a sockaddr_dl of any size in the kernel, so expanding sockaddr_dl is useless.
Avoid using sizeof(struct sockaddr_dl) in the kernel.
Introduce sockaddr_dl_alloc() for allocating & initializing an arbitrary sockaddr_dl on the heap.
Add an argument, the sockaddr length, to sockaddr_alloc(), sockaddr_copy(), and sockaddr_dl_setaddr().
Constify: LLADDR() -> CLLADDR().
Where the kernel overwrites LLADDR(), use sockaddr_dl_setaddr(), instead. Used properly, sockaddr_dl_setaddr() will not overrun the end of the sockaddr.
|
Revision tags: matt-mips64-base nick-csl-alignment-base yamt-idlelwp-base8 mjf-ufs-trans-base
|
#
1.77 |
|
06-May-2007 |
dyoung |
branches: 1.77.2; 1.77.6; 1.77.8; In AppleTalk, IPv4, and IPv6 routing domains, help sockaddr_cmp() avoid an indirect function call by comparing the family, length, and bytes [dom->dom_sa_cmpofs, dom->dom_sa_cmpofs + dom->dom_sa_cmplen), corresponding to the the sockaddrs' "address" members.
For ISO, actually use sockaddr_iso_cmp, for a change. Thanks to yamt@ for pointing out my error.
|
#
1.76 |
|
02-May-2007 |
dyoung |
Eliminate address family-specific route caches (struct route, struct route_in6, struct route_iso), replacing all caches with a struct route.
The principle benefit of this change is that all of the protocol families can benefit from route cache-invalidation, which is necessary for correct routing. Route-cache invalidation fixes an ancient PR, kern/3508, at long last; it fixes various other PRs, also.
Discussions with and ideas from Joerg Sonnenberger influenced this work tremendously. Of course, all design oversights and bugs are mine.
DETAILS
1 I added to each address family a pool of sockaddrs. I have introduced routines for allocating, copying, and duplicating, and freeing sockaddrs:
struct sockaddr *sockaddr_alloc(sa_family_t af, int flags); struct sockaddr *sockaddr_copy(struct sockaddr *dst, const struct sockaddr *src); struct sockaddr *sockaddr_dup(const struct sockaddr *src, int flags); void sockaddr_free(struct sockaddr *sa);
sockaddr_alloc() returns either a sockaddr from the pool belonging to the specified family, or NULL if the pool is exhausted. The returned sockaddr has the right size for that family; sa_family and sa_len fields are initialized to the family and sockaddr length---e.g., sa_family = AF_INET and sa_len = sizeof(struct sockaddr_in). sockaddr_free() puts the given sockaddr back into its family's pool.
sockaddr_dup() and sockaddr_copy() work analogously to strdup() and strcpy(), respectively. sockaddr_copy() KASSERTs that the family of the destination and source sockaddrs are alike.
The 'flags' argumet for sockaddr_alloc() and sockaddr_dup() is passed directly to pool_get(9).
2 I added routines for initializing sockaddrs in each address family, sockaddr_in_init(), sockaddr_in6_init(), sockaddr_iso_init(), etc. They are fairly self-explanatory.
3 structs route_in6 and route_iso are no more. All protocol families use struct route. I have changed the route cache, 'struct route', so that it does not contain storage space for a sockaddr. Instead, struct route points to a sockaddr coming from the pool the sockaddr belongs to. I added a new method to struct route, rtcache_setdst(), for setting the cache destination:
int rtcache_setdst(struct route *, const struct sockaddr *);
rtcache_setdst() returns 0 on success, or ENOMEM if no memory is available to create the sockaddr storage.
It is now possible for rtcache_getdst() to return NULL if, say, rtcache_setdst() failed. I check the return value for NULL everywhere in the kernel.
4 Each routing domain (struct domain) has a list of live route caches, dom_rtcache. rtflushall(sa_family_t af) looks up the domain indicated by 'af', walks the domain's list of route caches and invalidates each one.
|
Revision tags: thorpej-atomic-base
|
#
1.75 |
|
07-Mar-2007 |
liamjfoy |
branches: 1.75.2; 1.75.4; Add IPv6 Fast Forward - the IPv4 counterpart:
If ip6_forward successfully forwards a packet, a cache, in this case a ip6flow struct entry, will be created. ether_input and friends will then be able to call ip6flow_fastforward with the packet which will then be passed to if_output (unless an issue is found - in that case the packet is passed back to ip6_input).
ok matt@ christos@ dyoung@ and joerg@
|
#
1.74 |
|
06-Mar-2007 |
liamjfoy |
Fix some style issues - no functional change
|
#
1.73 |
|
27-Feb-2007 |
degroote |
Initialize fast_ipsec entry in the protocol switch with structure initializers as other entries.
|
Revision tags: ad-audiomp-base
|
#
1.72 |
|
19-Feb-2007 |
dyoung |
Initialize protocol switch with structure initializers.
|
#
1.71 |
|
17-Feb-2007 |
dyoung |
0 -> NULL
|
#
1.70 |
|
10-Feb-2007 |
degroote |
branches: 1.70.2; Commit my SoC work Add ipv6 support for fast_ipsec Note that currently, packet with extensions headers are not correctly supported Change the ipcomp logic
|
Revision tags: post-newlock2-merge newlock2-nbase yamt-splraiseipl-base5 yamt-splraiseipl-base4 yamt-splraiseipl-base3 newlock2-base
|
#
1.69 |
|
09-Dec-2006 |
dyoung |
Here are various changes designed to protect against bad IPv4 routing caused by stale route caches (struct route). Route caches are sprinkled throughout PCBs, the IP fast-forwarding table, and IP tunnel interfaces (gre, gif, stf).
Stale IPv6 and ISO route caches will be treated by separate patches.
Thank you to Christoph Badura for suggesting the general approach to invalidating route caches that I take here.
Here are the details:
Add hooks to struct domain for tracking and for invalidating each domain's route caches: dom_rtcache, dom_rtflush, and dom_rtflushall.
Introduce helper subroutines, rtflush(ro) for invalidating a route cache, rtflushall(family) for invalidating all route caches in a routing domain, and rtcache(ro) for notifying the domain of a new cached route.
Chain together all IPv4 route caches where ro_rt != NULL. Provide in_rtcache() for adding a route to the chain. Provide in_rtflush() and in_rtflushall() for invalidating IPv4 route caches. In in_rtflush(), set ro_rt to NULL, and remove the route from the chain. In in_rtflushall(), walk the chain and remove every route cache.
In rtrequest1(), call rtflushall() to invalidate route caches when a route is added.
In gif(4), discard the workaround for stale caches that involves expiring them every so often.
Replace the pattern 'RTFREE(ro->ro_rt); ro->ro_rt = NULL;' with a call to rtflush(ro).
Update ipflow_fastforward() and all other users of route caches so that they expect a cached route, ro->ro_rt, to turn to NULL.
Take care when moving a 'struct route' to rtflush() the source and to rtcache() the destination.
In domain initializers, use .dom_xxx tags.
KNF here and there.
|
Revision tags: netbsd-4-base
|
#
1.68 |
|
23-Nov-2006 |
rpaulo |
branches: 1.68.2; 1.68.4; New EtherIP driver based on tap(4) and gif(4) by Hans Rosenfeld. Notable changes: * Fixes PR 34268. * Separates the code from gif(4) (which is more cleaner). * Allows the usage of STP (Spanning Tree Protocol). * Removed EtherIP implementation from gif(4)/tap(4).
Some input from Christos.
|
Revision tags: yamt-splraiseipl-base2
|
#
1.67 |
|
10-Oct-2006 |
dogcow |
change the MOWNER_INIT define to take two args; fix extant struct mowner decls to use it. Makes options MBUFTRACE compile again and not whinge about missing structure declarations. (Also makes initialization consistent.)
|
Revision tags: yamt-splraiseipl-base yamt-pdpolicy-base9 yamt-pdpolicy-base8 rpaulo-netinet-merge-pcb-base
|
#
1.66 |
|
30-Aug-2006 |
christos |
branches: 1.66.2; 1.66.4; add missing initializers
|
#
1.65 |
|
28-Aug-2006 |
christos |
remove extra members
|
#
1.64 |
|
25-Aug-2006 |
matt |
One step closer to loadable domains. Store pointers to a domain's soft interrupt queues so if_detach can remove packets to removed interfaces from them. This eliminates a lot of conditional ugly code in if.c
|
Revision tags: abandoned-netbsd-4-base yamt-pdpolicy-base7 yamt-pdpolicy-base6 chap-midi-nbase gdamore-uart-base yamt-pdpolicy-base5 chap-midi-base simonb-timecounters-base
|
#
1.63 |
|
18-May-2006 |
liamjfoy |
Integrate Common Address Redundancy Procotol (CARP) from OpenBSD
'pseudo-device carp'
Thanks to: joerg@ christos@ riz@ and others who tested Ok: core@
|
Revision tags: yamt-pdpolicy-base4 yamt-pdpolicy-base3 peter-altq-base yamt-pdpolicy-base2 elad-kernelauth-base
|
#
1.62 |
|
05-Mar-2006 |
rpaulo |
branches: 1.62.4; NDP-related improvements: RFC4191 - supports host-side router-preference
RFC3542 - if DAD fails on a interface, disables IPv6 operation on the interface - don't advertise MLD report before DAD finishes
Others - fixes integer overflow for valid and preferred lifetimes - improves timer granularity for MLD, using callout-timer. - reflects rtadvd's IPv6 host variable information into kernel (router only) - adds a sysctl option to enable/disable pMTUd for multicast packets - performs NUD on PPP/GRE interface by default - Redirect works regardless of ip6_accept_rtadv - removes RFC1885-related code
From the KAME project via SUZUKI Shinsuke. Reviewed by core.
|
Revision tags: yamt-pdpolicy-base yamt-uio_vmspace-base5
|
#
1.61 |
|
11-Dec-2005 |
christos |
branches: 1.61.4; 1.61.6; 1.61.8; merge ktrace-lwp.
|
Revision tags: yamt-readahead-base3 yamt-readahead-base2 yamt-readahead-pervnode yamt-readahead-perfile yamt-readahead-base yamt-vop-base3 yamt-vop-base2 thorpej-vnode-attr-base yamt-vop-base ktrace-lwp-base
|
#
1.60 |
|
19-Jul-2005 |
gdt |
Add PR_PURGEIF flag for protocols to indicate that the protocol might store a struct ifnet *, and define it for udp/tcp/rawip for INET and INET6. When deleting a struct ifnet, invoke PRU_PURGEIF on all protocols marked with PR_PURGEIF. Closes PR kern/29580 (mine).
|
#
1.59 |
|
29-May-2005 |
christos |
branches: 1.59.2; - avoid shadowed variables - sprinkle const.
|
Revision tags: yamt-km-base4 yamt-km-base3 netbsd-3-base yamt-km-base2 yamt-km-base kent-audio2-base
|
#
1.58 |
|
23-Jan-2005 |
matt |
branches: 1.58.6; Change initialzie of domains to use link sets. Switch to using STAILQ. Add a convenience macro DOMAIN_FOREACH to interate through the domain.
|
Revision tags: kent-audio1-beforemerge kent-audio1-base
|
#
1.57 |
|
22-Apr-2004 |
matt |
branches: 1.57.4; Constify protosw arrays. This can reduce the kernel .data section by over 4K (if all the network protocols) are loaded.
|
Revision tags: netbsd-2-0-3-RELEASE netbsd-2-1-RELEASE netbsd-2-1-RC6 netbsd-2-1-RC5 netbsd-2-1-RC4 netbsd-2-1-RC3 netbsd-2-1-RC2 netbsd-2-1-RC1 netbsd-2-0-2-RELEASE netbsd-2-0-1-RELEASE netbsd-2-base netbsd-2-0-RELEASE netbsd-2-0-RC5 netbsd-2-0-RC4 netbsd-2-0-RC3 netbsd-2-0-RC2 netbsd-2-0-RC1 netbsd-2-0-base
|
#
1.56 |
|
04-Dec-2003 |
atatat |
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(), vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all nodes are registered with the tree, and nodes can be added (or removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to number (and back again) can now be discovered, instead of having to be hard coded. Adding new nodes to the tree is likewise much simpler -- the new infrastructure handles almost all the work for simple types, and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking), so all existing consumers of sysctl information should notice no difference.
PS - I'm sorry, but there's a distinct lack of documentation at the moment. I'm working on sysctl(3/8/9) right now, and I promise to watch out for buses.
|
#
1.55 |
|
03-Nov-2003 |
briggs |
Revert the change in default value of ipv6_v6only. Further discussion on this topic is required. It should be reintroduced and pursued in the IETF.
|
#
1.54 |
|
28-Oct-2003 |
briggs |
Toggle the default value of ip6_v6only. Also provide a sample sysctl to retain the existing behavior.
|
#
1.53 |
|
06-Sep-2003 |
itojun |
randomize IPv4/v6 fragment ID and IPv6 flowlabel. avoids predictability of these fields. ip_id.c is from openbsd. ip6_id.c is adapted by kame.
|
#
1.52 |
|
05-Sep-2003 |
itojun |
call tcp_drain() if IPv4-less kernel
|
#
1.51 |
|
04-Sep-2003 |
itojun |
revamp inpcb/in6pcb so that they are more aligned with each other. in6pcb lookup now uses hash(9).
|
#
1.50 |
|
14-Aug-2003 |
itojun |
enforce ipsec policy on raw wildcard.
|
#
1.49 |
|
07-Aug-2003 |
agc |
Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22364, verified by myself.
|
#
1.48 |
|
07-Aug-2003 |
itojun |
make net.inet6.ip6.redirect actually work. from Tomoyuki Sahara via kame
|
#
1.47 |
|
17-Apr-2003 |
thorpej |
branches: 1.47.2; Protect the definition of offsetof().
|
Revision tags: nathanw_sa_before_merge fvdl_fs64_base gmcgarry_ctxsw_base gmcgarry_ucred_base nathanw_sa_base
|
#
1.46 |
|
11-Nov-2002 |
itojun |
pmtu_probe is not used anywhere (it is used in KAME TCP6-only code). From: Krister Walfridsson <cato@df.lth.se>
|
Revision tags: kqueue-aftermerge kqueue-beforemerge gehenna-devsw-base kqueue-base
|
#
1.45 |
|
20-Aug-2002 |
itojun |
sync up use_deprecated handling with latest kame. - bind(deprecated) is allowed, trusting userland app is doing the right thing - use_deprecated default to 1
|
#
1.44 |
|
17-Aug-2002 |
itojun |
set default value for use_deprecated to 0, to avoid consequences with ftpd.
|
#
1.43 |
|
09-Jun-2002 |
itojun |
whitespace cleanup
|
#
1.42 |
|
08-Jun-2002 |
itojun |
whitespace cleanup
|
#
1.41 |
|
29-May-2002 |
itojun |
move per-interface ip6/icmp6 stat to ifnet->if_afdata. sync w/kame
|
#
1.40 |
|
28-May-2002 |
itojun |
limit number of IPv6 fragments (not the fragment queue size) to fight against lots-of-frags DoS attacks. sync w/kame
|
Revision tags: netbsd-1-6-RC1 netbsd-1-6-base eeh-devprop-base
|
#
1.39 |
|
15-Mar-2002 |
itojun |
branches: 1.39.4; 1.39.6; have tcp6_drain
|
Revision tags: newlock-base ifpoll-base
|
#
1.38 |
|
21-Dec-2001 |
itojun |
call encap6_ctlinput on icmp6 against tunnelled packet. sync w/kame
|
#
1.37 |
|
21-Dec-2001 |
itojun |
use radix table for inbound tunnel lookup (would increase performance for machines with a lot of tunnels). update route cache for IPvX-over-IPv6 tunnel on path MTU discovery. snyc with kame
|
#
1.36 |
|
21-Dec-2001 |
itojun |
move in6_gif_hlim decl to in6_gif.c. sync with kame
|
#
1.35 |
|
21-Dec-2001 |
itojun |
move protosw fragment for gif/stf to their own source code. reduce #ifdef in stf code. sync with kame
|
#
1.34 |
|
13-Nov-2001 |
lukem |
add RCSIDs
|
Revision tags: thorpej-mips-cache-base
|
#
1.33 |
|
24-Oct-2001 |
itojun |
no tcp_fasttimo any more. PR 14333
|
#
1.32 |
|
24-Oct-2001 |
itojun |
more whitespace sync with kame
|
#
1.31 |
|
16-Oct-2001 |
itojun |
branches: 1.31.2; remove unused #define. sync whitespace/comment with kame.
|
#
1.30 |
|
15-Oct-2001 |
itojun |
implement IPV6_V6ONLY socket option from draft-ietf-ipngwg-rfc2553bis-03.txt. IPV6_BINDV6ONLY (netbsd only) is deprecated, but still work just like before.
|
Revision tags: thorpej-devvp-base3 thorpej-devvp-base2 post-chs-ubcperf pre-chs-ubcperf thorpej-devvp-base thorpej_scsipi_beforemerge thorpej_scsipi_nbase thorpej_scsipi_base
|
#
1.29 |
|
21-Mar-2001 |
thorpej |
branches: 1.29.2; Add a protosw flag, PR_ABRTACPTDIS (Abort on Accept of Disconnected Socket), and add it to the protocols that use that behavior (all PR_LISTEN protocols except for PF_LOCAL stream sockets).
|
#
1.28 |
|
01-Mar-2001 |
itojun |
branches: 1.28.2; make sure to enforce inbound ipsec policy checking, for any protocols on top of ip (check it when final header is visited). sync with kame. XXX kame team will need to re-check policy engine code
|
#
1.27 |
|
21-Feb-2001 |
itojun |
need PR_ADDR|PR_ATOMIC for IPPROTO_EON. fix typo. from chopps, sync with kame
|
#
1.26 |
|
20-Feb-2001 |
itojun |
ISO over IPv4/v6 by EON encapsulation. from chopps, sync with kame.
|
#
1.25 |
|
11-Feb-2001 |
itojun |
pull latest kame pcbnotify code. synchronizes ICMPv6 path mtu discovery behavior with other protocols (i.e. validation, use of hiwat/lowat).
|
#
1.24 |
|
11-Feb-2001 |
itojun |
whitespace sync with kame
|
#
1.23 |
|
19-Oct-2000 |
itojun |
remove #ifdef TCP6. it is not likely for us to bring in sys/netinet6/tcp6*.c (separate TCP/IPv6 stack) into netbsd-current.
|
#
1.22 |
|
18-Oct-2000 |
itojun |
verify ICMPv6 too big messages based on TCP pcbs, and/or IPsec SA. TODO: udp6, and sendto consideration. as pmtud is mandatory for IPv6, it is rather important for us to support those cases. TODO: more testing TODO: kame sync
|
#
1.21 |
|
10-Oct-2000 |
itojun |
sync with kame ($KAME$)
|
#
1.20 |
|
10-Oct-2000 |
enami |
Don't initialize TCP twice on v4/v6 dual stack kernel.
|
#
1.19 |
|
28-Jul-2000 |
itojun |
nuke the following sysctl variables. "ppsratelimit" should work better. need to recompile sbin/sysctl after updating /usr/include. net.inet.tcp.rstratelimit net.inet.icmp.errratelimit net.inet6.icmp6.errratelimit
|
#
1.18 |
|
06-Jul-2000 |
itojun |
- do not use bitfield for router renumbering header. - add protection mechanism against ND cache corruption due to bad NUD hints. - more stats - icmp6 pps limitation. TOOD: should implement ppsratecheck(9).
|
Revision tags: netbsd-1-5-ALPHA2 netbsd-1-5-base minoura-xpg4dl-base
|
#
1.17 |
|
19-Apr-2000 |
itojun |
branches: 1.17.4; introduce sys/netinet/ip_encap.c, to dispatch inbound packets to protocol handlers, based on src/dst (for ip proto #4/41). see comment in ip_encap.c for details of the problem we have. there are too many protocol specs for ip proto #4/41. backward compatibility with MROUTING case is now provided in ip_encap.c.
fix ipip to work with gif (using ip_encap.c). sorry for breakage.
gif now uses ip_encap.c.
introduce stf pseudo interface (implements 6to4, another IPv6-over-IPv4 code with ip proto #41).
|
#
1.16 |
|
26-Feb-2000 |
itojun |
implement rip6_ctlinput, to cope with routing changes correctly. (IMHO we need rip_ctlinput as well)
|
#
1.15 |
|
26-Feb-2000 |
itojun |
make it possible to throw IPv6 packet with proto=4/41. (in normal case we don't do it, but this is how IPv4 in_proto is written)
|
#
1.14 |
|
14-Feb-2000 |
thorpej |
Use ratecheck() for ICMP6 rate limiting.
|
Revision tags: chs-ubc2-newbase
|
#
1.13 |
|
06-Feb-2000 |
itojun |
fix include pathname for better rfc2292 compliance.
|
#
1.12 |
|
06-Jan-2000 |
itojun |
remove extra portability #ifdef (like #ifdef __FreeBSD__) in KAME IPv6/IPsec code, from netbsd-current repository. #ifdef'ed version is always available from ftp.kame.net.
XXX please do not make too many diff-unfriendly changes, we'll need to take bunch of diffs on upgrade...
|
#
1.11 |
|
06-Jan-2000 |
itojun |
make IPV6_BINDV6ONLY setsockopt available. it controls behavior of AF_INET6 wildcard listening socket. heavily documented in ip6(4). net.inet6.ip6.bindv6only defines default value. default is 1.
"options INET6_BINDV6ONLY" removes any code fragment that supports IPV6_BINDV6ONLY == 0 case (not defopt'ed as use of this is rare).
|
#
1.10 |
|
02-Jan-2000 |
itojun |
add net.inet6.icmp6.nodeinfo sysctl. this allows you to disable/enable ICMPv6 node information query/reply processing (which tells remote end the gethostname(3) setting, interface addresses on the node, and some other things - documented in draft-ietf-ipngwg-icmp-name-lookup* or something alike).
to test it, try ping6 -w ::1 with nodeinfo=0 and nodeinfo=1. (sync with kame change)
|
Revision tags: wrstuden-devbsize-19991221 wrstuden-devbsize-base
|
#
1.9 |
|
13-Dec-1999 |
itojun |
sync IPv6 part with latest KAME tree. IPsec part is left unmodified due to massive changes in KAME side. - IPv6 output goes through nd6_output - faith can capture IPv4 packets as well - you can run IPv4-to-IPv6 translator using heavily modified DNS servers - per-interface statistics (required for IPv6 MIB) - interface autoconfig is revisited - udp input handling has a big change for mapped address support. - introduce in4_cksum() for non-overwriting checksumming - introduce m_pulldown() - neighbor discovery cleanups/improvements - netinet/in.h strictly conforms to RFC2553 (no extra defs visible to userland) - IFA_STATS is fixed a bit (not tested) - and more more more.
TODO: - cleanup os-independency #ifdef - avoid rcvif dual use (for IPsec) to help ifdetach
(sorry for jumbo commit, I can't separate this any more...)
|
Revision tags: comdex-fall-1999-base fvdl-softdep-base chs-ubc2-base
|
#
1.8 |
|
31-Jul-1999 |
itojun |
branches: 1.8.2; 1.8.8; sync with recent KAME. - loosen ipsec restriction on packet diredtion. - revise icmp6 redirect handling on IsRouter bit. - tcp/udp notification processing (link-local address case) - cosmetic fixes (better code share across *BSD).
|
#
1.7 |
|
30-Jul-1999 |
itojun |
remove reference to in6_systm.h (file itself will be removed afterwords)
|
#
1.6 |
|
27-Jul-1999 |
explorer |
Fix a problem where tcp_slowtimo was called twice, once for ipv4 tcp and once for ipv6. This patch makes the ipv6 case pass NULLs in for fast and slow timeouts iff defined(INET) and passes in the right function if !defined(INET).
Reveiwed by itojun@iijlab.net.
|
#
1.5 |
|
22-Jul-1999 |
itojun |
change unnecessary u_long/long into u_int32_t or something relevant. more fixes should follow.
|
#
1.4 |
|
09-Jul-1999 |
thorpej |
defopt IPSEC and IPSEC_ESP (both into opt_ipsec.h).
|
#
1.3 |
|
03-Jul-1999 |
thorpej |
RCS ID police.
|
#
1.2 |
|
01-Jul-1999 |
itojun |
branches: 1.2.2; IPv6 kernel code, based on KAME/NetBSD 1.4, SNAP kit 19990628. (Sorry for a big commit, I can't separate this into several pieces...) Pls check sys/netinet6/TODO and sys/netinet6/IMPLEMENTATION for details.
- sys/kern: do not assume single mbuf, accept chained mbuf on passing data from userland to kernel (or other way round). - "midway" ATM card: ATM PVC pseudo device support, like those done in ALTQ package (ftp://ftp.csl.sony.co.jp/pub/kjc/). - sys/netinet/tcp*: IPv4/v6 dual stack tcp support. - sys/netinet/{ip6,icmp6}.h, sys/net/pfkeyv2.h: IETF document assumes those file to be there so we patch it up. - sys/netinet: IPsec additions are here and there. - sys/netinet6/*: most of IPv6 code sits here. - sys/netkey: IPsec key management code - dev/pci/pcidevs: regen
In my understanding no code here is subject to export control so it should be safe.
|
#
1.1 |
|
28-Jun-1999 |
itojun |
branches: 1.1.2; file in6_proto.c was initially added on branch kame.
|
#
1.128 |
|
12-Jun-2020 |
roy |
Remove in-kernel handling of Router Advertisements
This is much better handled by a user-land tool. Proposed on tech-net here: https://mail-index.netbsd.org/tech-net/2020/04/22/msg007766.html
Note that the ioctl SIOCGIFINFO_IN6 no longer sets flags. That now needs to be done using the pre-existing SIOCSIFINFO_FLAGS ioctl.
Compat is fully provided where it makes sense, but trying to turn on RA handling will obviously throw an error as it no longer exists.
Note that if you use IPv6 temporary addresses, this now needs to be turned on in dhcpcd.conf(5) rather than in sysctl.conf(5).
|
Revision tags: bouyer-xenpvh-base2
|
#
1.127 |
|
24-Apr-2020 |
jakllsch |
Fill in .pr_usrreqs for SOCK_SEQPACKET and SOCK_STREAM variants of SCTP too.
This should allow these socket types of SCTP to operate on IPv6 family sockets, as .pr_usrreqs must not be NULL for socreate() to succeed.
|
Revision tags: phil-wifi-20200421 bouyer-xenpvh-base1 phil-wifi-20200411 bouyer-xenpvh-base is-mlppp-base phil-wifi-20200406 ad-namecache-base3 netbsd-9-0-RELEASE netbsd-9-0-RC2 ad-namecache-base2 ad-namecache-base1 ad-namecache-base netbsd-9-0-RC1 phil-wifi-20191119 netbsd-9-base phil-wifi-20190609 isaki-audio2-base pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906
|
#
1.126 |
|
14-Aug-2018 |
maxv |
branches: 1.126.10; Retire EtherIP, we have L2TP instead.
|
Revision tags: pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521
|
#
1.125 |
|
11-May-2018 |
roy |
branches: 1.125.2; Increase the default size of some receive buffers from 8k to 16k. This mitigates recent reports of socket overflow errors and fixes PR bin/53247.
|
#
1.124 |
|
03-May-2018 |
maxv |
Remove now unused tcpip.h includes. Some were already unused before.
|
#
1.123 |
|
03-May-2018 |
maxv |
Remove net_osdep.h completely.
|
Revision tags: pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315
|
#
1.122 |
|
15-Mar-2018 |
maxv |
Add the PR_LASTHDR flag on the PFsync and CARP entries. Otherwise a "require" IPsec policy is not enforced on them, and unauthenticated packets will be accepted.
Tested with a require-AH configuration. Sent on tech-net@, no comment.
|
Revision tags: pgoyette-compat-base
|
#
1.121 |
|
07-Feb-2018 |
maxv |
branches: 1.121.2; Style, and localify IPV6FORWARDING. No functional change.
|
#
1.120 |
|
07-Feb-2018 |
maxv |
Change ip6_hdrnestlimit to be 15 instead of 50. I couldn't find any reference in RFCs about what a correct limit should be, but FreeBSD already uses 15.
If an IPv6 packet has 50 options, there is clearly something wrong with it.
|
Revision tags: tls-maxphys-base-20171202
|
#
1.119 |
|
27-Sep-2017 |
ozaki-r |
Take softnet_lock on pr_input properly if NET_MPSAFE
Currently softnet_lock is taken unnecessarily in some cases, e.g., icmp_input and encap4_input from ip_input, or not taken even if needed, e.g., udp_input and tcp_input from ipsec4_common_input_cb. Fix them.
NFC if NET_MPSAFE is disabled (default).
|
#
1.118 |
|
21-Sep-2017 |
ozaki-r |
Invalidate rtcache based on a global generation counter
The change introduces a global generation counter that is incremented when any routes have been added or deleted. When a rtcache caches a rtentry into itself, it also stores a snapshot of the generation counter. If the snapshot equals to the global counter, the cache is still valid, otherwise invalidated.
One drawback of the change is that all rtcaches of all protocol families are invalidated when any routes of any protocol families are added or deleted. If that matters, we should have separate generation counters based on protocol families.
This change removes LIST_ENTRY from struct route, which fixes a part of PR kern/52515.
|
Revision tags: nick-nhusb-base-20170825 perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1
|
#
1.117 |
|
14-Apr-2017 |
ozaki-r |
branches: 1.117.4; Rumpify netipsec
Note that we should modularize netipsec and reduce reverse symbol references (referencing symbols of netipsec from net, netinet and netinet6) though, the task needs lots of code changes. Prior to doing so, rumpifying it and having ATF tests should be useful.
|
Revision tags: jdolecek-ncq-base pgoyette-localcount-20170320
|
#
1.116 |
|
16-Feb-2017 |
knakahara |
add l2tp(4) L2TPv3 interface.
originally implemented by IIJ SEIL team.
|
#
1.115 |
|
13-Feb-2017 |
ozaki-r |
Protect mtudisc and redirect stuffs of icmp/icmp6 with mutex
We have to run pr_init of icmp and icmp6 prior to tcp and tcp6 ones for mutex initialization.
|
Revision tags: nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107
|
#
1.114 |
|
13-Dec-2016 |
ozaki-r |
branches: 1.114.2; Remove unnecessary inclusions of nd6.h
|
Revision tags: nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907
|
#
1.113 |
|
06-Jul-2016 |
ozaki-r |
branches: 1.113.2; Move in6_ifaddr_list to a more proper place (from ip6_input.c to in6.c)
It's a similar place as the IPv4 address list, i.e., in.c.
More varibles will join together.
|
Revision tags: nick-nhusb-base-20160529
|
#
1.112 |
|
26-Apr-2016 |
ozaki-r |
Sweep unnecessary route.h inclusions
|
Revision tags: nick-nhusb-base-20160422
|
#
1.111 |
|
11-Apr-2016 |
ozaki-r |
Sweep unncessary radix.h inclusions
|
Revision tags: nick-nhusb-base-20160319
|
#
1.110 |
|
21-Jan-2016 |
riastradh |
Revert previous: ran cvs commit when I meant cvs diff. Sorry!
Hit up-arrow one too few times.
|
#
1.109 |
|
21-Jan-2016 |
riastradh |
Give proper prototype to ip_output.
|
#
1.108 |
|
20-Jan-2016 |
riastradh |
Eliminate struct protosw::pr_output.
You can't use this unless you know what it is a priori: the formal prototype is variadic, and the different instances (e.g., ip_output, route_output) have different real prototypes.
Convert the only user of it, raw_send in net/raw_cb.c, to take an explicit callback argument. Convert the only instances of it, route_output and key_output, to such explicit callbacks for raw_send. Use assertions to make sure the conversion to explicit callbacks is warranted.
Discussed on tech-net with no objections: https://mail-index.netbsd.org/tech-net/2016/01/16/msg005484.html
|
Revision tags: nick-nhusb-base-20151226
|
#
1.107 |
|
13-Oct-2015 |
rjs |
Add core networking support for SCTP.
|
Revision tags: nick-nhusb-base-20150921
|
#
1.106 |
|
24-Aug-2015 |
pooka |
sprinkle _KERNEL_OPT
|
Revision tags: nick-nhusb-base-20150606
|
#
1.105 |
|
22-Apr-2015 |
roy |
Move INET6 specific in6_if_{up,down}() and in6_if_link_{up,down}() into agnostic domain functions.
|
Revision tags: nick-nhusb-base-20150406
|
#
1.104 |
|
10-Feb-2015 |
rjs |
Add DCCP protocol support from KAME.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.103 |
|
05-Jun-2014 |
rmind |
branches: 1.103.4; - Implement pktqueue interface for lockless IP input queue. - Replace ipintrq and ip6intrq with the pktqueue mechanism. - Eliminate kernel-lock from ipintr() and ip6intr(). - Some preparation work to push softnet_lock out of ipintr().
Discussed on tech-net.
|
#
1.102 |
|
22-May-2014 |
rmind |
Move udp6_input(), udp6_sendup(), udp6_realinput() and udp6_input_checksum() from udp_usrreq.c to udp6_usrreq.c where they belong. No functional change.
|
Revision tags: rmind-smpnet-nbase rmind-smpnet-base
|
#
1.101 |
|
18-May-2014 |
rmind |
Add struct pr_usrreqs with a pr_generic function and prepare for the dismantling of pr_usrreq in the protocols; no functional change intended. PRU_ATTACH/PRU_DETACH changes will follow soon.
Bump for struct protosw. Welcome to 6.99.62!
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3
|
#
1.100 |
|
02-Jan-2014 |
pooka |
branches: 1.100.2; Allow kernels compiled with INET+INET6 to be booted as IPv4-only or IPv6-only.
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base
|
#
1.99 |
|
05-Jun-2013 |
christos |
branches: 1.99.2; IPSEC has not come in two speeds for a long time now (IPSEC == kame, FAST_IPSEC). Make everything refer to IPSEC to avoid confusion.
|
Revision tags: agc-symver-base
|
#
1.98 |
|
01-Mar-2013 |
joerg |
Retire OSI network stack. OK core@
|
Revision tags: yamt-pagecache-base8 yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.97 |
|
23-Jun-2012 |
christos |
branches: 1.97.2; 4 new sysctls to avoid ipv6 DoS attacks from OpenBSD
|
Revision tags: jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8
|
#
1.96 |
|
22-Mar-2012 |
drochner |
remove KAME IPSEC, replaced by FAST_IPSEC
|
Revision tags: netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 jmcneill-usbmp-base7 jmcneill-usbmp-base6 jmcneill-usbmp-base5 jmcneill-usbmp-base4 jmcneill-usbmp-base3 jmcneill-usbmp-base2 netbsd-6-base
|
#
1.95 |
|
31-Dec-2011 |
christos |
branches: 1.95.2; 1.95.6; 1.95.8; - fix offsetof usage, and redundant defines - kill pointer casts to 0
|
#
1.94 |
|
19-Dec-2011 |
drochner |
rename the IPSEC in-kernel CPP variable and config(8) option to KAME_IPSEC, and make IPSEC define it so that existing kernel config files work as before Now the default can be easily be changed to FAST_IPSEC just by setting the IPSEC alias to FAST_IPSEC.
|
Revision tags: jmcneill-usbmp-pre-base2 jmcneill-usbmp-base jmcneill-audiomp3-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base
|
#
1.93 |
|
24-Sep-2011 |
christos |
branches: 1.93.2; 1.93.6; Add inet6 part of the rfc6056 code contributed by Vlad Balan as part of Google SoC-2011
|
Revision tags: rmind-uvmplock-nbase cherry-xenmp-base rmind-uvmplock-base
|
#
1.92 |
|
24-May-2011 |
spz |
RA flood mitigation via a limit on accepted routes: - introduce a limit for the routes accepted via IPv6 Router Advertisement: a common 2 interface client will have 6, the default limit is 100 and can be adjusted via sysctl - report the current number of routes installed via RA via sysctl - count discarded route additions. Note that one RA message is two routes. This is at present only across all interfaces even though per-interface would be more useful, since the per-interface structure complies to RFC2466 - bump kernel version due to the previous change - adjust netstat to use the new value (with netstat -p icmp6)
|
#
1.91 |
|
03-May-2011 |
dyoung |
*_drain() routines may be called with locks held, so instead of doing any work in *_drain(), set a drain-needed flag. Do the work in the fasttimo handler.
Contributed by Coyote Point Systems, Inc.
|
#
1.90 |
|
31-Mar-2011 |
dyoung |
Hide the radix-trie implementation of the forwarding table so that we will have an easier time replacing it with something different, even if it is a second radix-trie implementation.
sys/net/route.c and sys/net/rtsock.c no longer operate directly on radix_nodes or radix_node_heads.
Hopefully this will reduce the temptation to implement multipath or source-based routing using grotty hacks to the grotty old radix-trie code, too. :-)
|
Revision tags: bouyer-quota2-nbase bouyer-quota2-base jruoho-x86intr-base matt-mips64-premerge-20101231 uebayasi-xip-base4 uebayasi-xip-base3 yamt-nfs-mp-base11
|
#
1.89 |
|
24-Aug-2010 |
jakllsch |
branches: 1.89.2; Make the EtherIP in IPv6 input path work. XXX: Figure out if we really need a separate protosw for IPv6.
|
Revision tags: uebayasi-xip-base2 yamt-nfs-mp-base10 uebayasi-xip-base1 yamt-nfs-mp-base9 uebayasi-xip-base
|
#
1.88 |
|
04-Feb-2010 |
joerg |
branches: 1.88.2; 1.88.4; Explicitly include opt_gateway.h when depending on GATEWAY.
|
Revision tags: matt-premerge-20091211 yamt-nfs-mp-base8 jym-xensuspend-nbase
|
#
1.87 |
|
11-Sep-2009 |
dyoung |
Make ifconfig(8) set and display preference numbers for IPv6 addresses. Make the kernel support SIOC[SG]IFADDRPREF for IPv6 interface addresses.
In in6ifa_ifpforlinklocal(), consult preference numbers before making an otherwise arbitrary choice of in6_ifaddr. Otherwise, preference numbers are *not* consulted by the kernel, but that will be rather easy for somebody with a little bit of free time to fix.
Please note that setting the preference number for a link-local IPv6 address does not work right, yet, but that ought to be fixed soon.
In support of the changes above,
1 Add a method to struct domain for "externalizing" a sockaddr, and provide an implementation for IPv6. Expect more work in this area: it may be more proper to say that the IPv6 implementation "internalizes" a sockaddr. Add sockaddr_externalize().
2 Add a subroutine, sofamily(), that returns a struct socket's address family or AF_UNSPEC.
3 Make a lot of IPv4-specific code generic, and move it from sys/netinet/ to sys/net/ for re-use by IPv6 parts of the kernel and ifconfig(8).
|
#
1.86 |
|
11-Sep-2009 |
dyoung |
Nothing uses sockaddr_in6_cmp() right now, and the generic sockaddr_cmp() is probably as fast or faster than calling sockaddr_in6_cmp() through a function pointer, so let's stop compiling it.
|
#
1.85 |
|
21-Aug-2009 |
tsutsui |
Fix error on kernels with options IPSEC without options IPSEC_ESP. Found on building evbppc/conf/PMPPC.
|
Revision tags: yamt-nfs-mp-base7 jymxensuspend-base yamt-nfs-mp-base6 yamt-nfs-mp-base5 yamt-nfs-mp-base4 yamt-nfs-mp-base3 nick-hppapmap-base4 nick-hppapmap-base3 jym-xensuspend-base nick-hppapmap-base
|
#
1.84 |
|
23-Mar-2009 |
liamjfoy |
Init ip6flow pool dynamically instead of using a linkset.
|
Revision tags: nick-hppapmap-base2 haad-dm-base2 haad-nbase2 ad-audiomp2-base haad-dm-base mjf-devfs2-base
|
#
1.83 |
|
25-Nov-2008 |
pooka |
branches: 1.83.4; Make dom_maxrtkey of inet/inet6domain the size of the ip_encap pack structures. This is far from optimal, but gets rid of iffy #ifdef INET in radix.c. The radix bonsai still needs lots of love before loading domains dynamically is possible...
|
Revision tags: netbsd-5-1-5-RELEASE netbsd-5-1-4-RELEASE netbsd-5-1-3-RELEASE netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE matt-nb5-mips64-premerge-20101231 netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 netbsd-5-base matt-mips64-base2 haad-dm-base1 wrstuden-revivesa-base-4 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 wrstuden-revivesa-base-1 simonb-wapbl-nbase yamt-pf42-base4 simonb-wapbl-base yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-base2 yamt-nfs-mp-base2 wrstuden-revivesa-base yamt-nfs-mp-base
|
#
1.82 |
|
24-Apr-2008 |
ad |
branches: 1.82.2; 1.82.8; 1.82.10; 1.82.12; Merge the socket locking patch:
- Socket layer becomes MP safe. - Unix protocols become MP safe. - Allows protocol processing interrupts to safely block on locks. - Fixes a number of race conditions.
With much feedback from matt@ and plunky@.
|
#
1.81 |
|
23-Apr-2008 |
thorpej |
Make IPSEC and FAST_IPSEC stats per-cpu. Use <net/net_stats.h> and netstat_sysctl().
|
Revision tags: yamt-pf42-baseX yamt-pf42-base
|
#
1.80 |
|
15-Apr-2008 |
thorpej |
branches: 1.80.2; Make pim6 stats per-cpu.
|
Revision tags: ad-socklock-base1 yamt-lazymbuf-base15 yamt-lazymbuf-base14 keiichi-mipv6-nbase nick-net80211-sync-base keiichi-mipv6-base bouyer-xeni386-merge1 vmlocking2-base3 bouyer-xeni386-nbase yamt-kmem-base3 cube-autoconf-base yamt-kmem-base2 bouyer-xeni386-base yamt-kmem-base vmlocking2-base2 reinoud-bufcleanup-nbase vmlocking2-base1 matt-armv6-nbase jmcneill-base mjf-devfs-base bouyer-xenamd64-base2 vmlocking-nbase yamt-x86pmap-base4 bouyer-xenamd64-base yamt-x86pmap-base3 yamt-x86pmap-base2 yamt-x86pmap-base matt-armv6-base jmcneill-pm-base hpcarm-cleanup-base reinoud-bufcleanup-base vmlocking-base
|
#
1.79 |
|
19-Sep-2007 |
dyoung |
branches: 1.79.16; 1.79.20; 1) Introduce a new socket option, (SOL_SOCKET, SO_NOHEADER), that tells a socket that it should both add a protocol header to tx'd datagrams and remove the header from rx'd datagrams:
int onoff = 1, s = socket(...); setsockopt(s, SOL_SOCKET, SO_NOHEADER, &onoff);
2) Add an implementation of (SOL_SOCKET, SO_NOHEADER) for raw IPv4 sockets.
3) Reorganize the protocols' pr_ctloutput implementations a bit. Consistently return ENOPROTOOPT when an option is unsupported, and EINVAL if a supported option's arguments are incorrect. Reorganize the flow of code so that it's more clear how/when options are passed down the stack until they are handled.
Shorten some pr_ctloutput staircases for readability.
4) Extract common mbuf code into subroutines, add new sockaddr methods, and introduce a new subroutine, fsocreate(), for reuse later; use it first in sys_socket():
struct mbuf *m_getsombuf(struct socket *so)
Create an mbuf and make its owner the socket `so'.
struct mbuf *m_intopt(struct socket *so, int val)
Create an mbuf, make its owner the socket `so', put the int `val' into it, and set its length to sizeof(int).
int fsocreate(..., int *fd)
Create a socket, a la socreate(9), put the socket into the given LWP's descriptor table, return the descriptor at `fd' on success.
void *sockaddr_addr(struct sockaddr *sa, socklen_t *slenp) const void *sockaddr_const_addr(const struct sockaddr *sa, socklen_t *slenp)
Extract a pointer to the address part of a sockaddr. Write the length of the address part at `slenp', if `slenp' is not NULL.
socklen_t sockaddr_getlen(const struct sockaddr *sa)
Return the length of a sockaddr. This just evaluates to sa->sa_len. I only add this for consistency with code that appears in a portable userland library that I am going to import.
const struct sockaddr *sockaddr_any(const struct sockaddr *sa)
Return the "don't care" sockaddr in the same family as `sa'. This is the address a client should sobind(9) if it does not care the source address and, if applicable, the port et cetera that it uses.
const void *sockaddr_anyaddr(const struct sockaddr *sa, socklen_t *slenp)
Return the "don't care" sockaddr in the same family as `sa'. This is the address a client should sobind(9) if it does not care the source address and, if applicable, the port et cetera that it uses.
|
Revision tags: nick-csl-alignment-base5
|
#
1.78 |
|
30-Aug-2007 |
dyoung |
Use malloc(9) for sockaddrs instead of pool(9), and remove dom_sa_pool and dom_sa_len members from struct domain. Pools of fixed-size objects are too rigid for sockaddr_dls, whose size can vary over a wide range.
Return sockaddr_dl to its "historical" size. Now that I'm using malloc(9) instead of pool(9) to allocate sockaddr_dl, I can create a sockaddr_dl of any size in the kernel, so expanding sockaddr_dl is useless.
Avoid using sizeof(struct sockaddr_dl) in the kernel.
Introduce sockaddr_dl_alloc() for allocating & initializing an arbitrary sockaddr_dl on the heap.
Add an argument, the sockaddr length, to sockaddr_alloc(), sockaddr_copy(), and sockaddr_dl_setaddr().
Constify: LLADDR() -> CLLADDR().
Where the kernel overwrites LLADDR(), use sockaddr_dl_setaddr(), instead. Used properly, sockaddr_dl_setaddr() will not overrun the end of the sockaddr.
|
Revision tags: matt-mips64-base nick-csl-alignment-base yamt-idlelwp-base8 mjf-ufs-trans-base
|
#
1.77 |
|
06-May-2007 |
dyoung |
branches: 1.77.2; 1.77.6; 1.77.8; In AppleTalk, IPv4, and IPv6 routing domains, help sockaddr_cmp() avoid an indirect function call by comparing the family, length, and bytes [dom->dom_sa_cmpofs, dom->dom_sa_cmpofs + dom->dom_sa_cmplen), corresponding to the the sockaddrs' "address" members.
For ISO, actually use sockaddr_iso_cmp, for a change. Thanks to yamt@ for pointing out my error.
|
#
1.76 |
|
02-May-2007 |
dyoung |
Eliminate address family-specific route caches (struct route, struct route_in6, struct route_iso), replacing all caches with a struct route.
The principle benefit of this change is that all of the protocol families can benefit from route cache-invalidation, which is necessary for correct routing. Route-cache invalidation fixes an ancient PR, kern/3508, at long last; it fixes various other PRs, also.
Discussions with and ideas from Joerg Sonnenberger influenced this work tremendously. Of course, all design oversights and bugs are mine.
DETAILS
1 I added to each address family a pool of sockaddrs. I have introduced routines for allocating, copying, and duplicating, and freeing sockaddrs:
struct sockaddr *sockaddr_alloc(sa_family_t af, int flags); struct sockaddr *sockaddr_copy(struct sockaddr *dst, const struct sockaddr *src); struct sockaddr *sockaddr_dup(const struct sockaddr *src, int flags); void sockaddr_free(struct sockaddr *sa);
sockaddr_alloc() returns either a sockaddr from the pool belonging to the specified family, or NULL if the pool is exhausted. The returned sockaddr has the right size for that family; sa_family and sa_len fields are initialized to the family and sockaddr length---e.g., sa_family = AF_INET and sa_len = sizeof(struct sockaddr_in). sockaddr_free() puts the given sockaddr back into its family's pool.
sockaddr_dup() and sockaddr_copy() work analogously to strdup() and strcpy(), respectively. sockaddr_copy() KASSERTs that the family of the destination and source sockaddrs are alike.
The 'flags' argumet for sockaddr_alloc() and sockaddr_dup() is passed directly to pool_get(9).
2 I added routines for initializing sockaddrs in each address family, sockaddr_in_init(), sockaddr_in6_init(), sockaddr_iso_init(), etc. They are fairly self-explanatory.
3 structs route_in6 and route_iso are no more. All protocol families use struct route. I have changed the route cache, 'struct route', so that it does not contain storage space for a sockaddr. Instead, struct route points to a sockaddr coming from the pool the sockaddr belongs to. I added a new method to struct route, rtcache_setdst(), for setting the cache destination:
int rtcache_setdst(struct route *, const struct sockaddr *);
rtcache_setdst() returns 0 on success, or ENOMEM if no memory is available to create the sockaddr storage.
It is now possible for rtcache_getdst() to return NULL if, say, rtcache_setdst() failed. I check the return value for NULL everywhere in the kernel.
4 Each routing domain (struct domain) has a list of live route caches, dom_rtcache. rtflushall(sa_family_t af) looks up the domain indicated by 'af', walks the domain's list of route caches and invalidates each one.
|
Revision tags: thorpej-atomic-base
|
#
1.75 |
|
07-Mar-2007 |
liamjfoy |
branches: 1.75.2; 1.75.4; Add IPv6 Fast Forward - the IPv4 counterpart:
If ip6_forward successfully forwards a packet, a cache, in this case a ip6flow struct entry, will be created. ether_input and friends will then be able to call ip6flow_fastforward with the packet which will then be passed to if_output (unless an issue is found - in that case the packet is passed back to ip6_input).
ok matt@ christos@ dyoung@ and joerg@
|
#
1.74 |
|
06-Mar-2007 |
liamjfoy |
Fix some style issues - no functional change
|
#
1.73 |
|
27-Feb-2007 |
degroote |
Initialize fast_ipsec entry in the protocol switch with structure initializers as other entries.
|
Revision tags: ad-audiomp-base
|
#
1.72 |
|
19-Feb-2007 |
dyoung |
Initialize protocol switch with structure initializers.
|
#
1.71 |
|
17-Feb-2007 |
dyoung |
0 -> NULL
|
#
1.70 |
|
10-Feb-2007 |
degroote |
branches: 1.70.2; Commit my SoC work Add ipv6 support for fast_ipsec Note that currently, packet with extensions headers are not correctly supported Change the ipcomp logic
|
Revision tags: post-newlock2-merge newlock2-nbase yamt-splraiseipl-base5 yamt-splraiseipl-base4 yamt-splraiseipl-base3 newlock2-base
|
#
1.69 |
|
09-Dec-2006 |
dyoung |
Here are various changes designed to protect against bad IPv4 routing caused by stale route caches (struct route). Route caches are sprinkled throughout PCBs, the IP fast-forwarding table, and IP tunnel interfaces (gre, gif, stf).
Stale IPv6 and ISO route caches will be treated by separate patches.
Thank you to Christoph Badura for suggesting the general approach to invalidating route caches that I take here.
Here are the details:
Add hooks to struct domain for tracking and for invalidating each domain's route caches: dom_rtcache, dom_rtflush, and dom_rtflushall.
Introduce helper subroutines, rtflush(ro) for invalidating a route cache, rtflushall(family) for invalidating all route caches in a routing domain, and rtcache(ro) for notifying the domain of a new cached route.
Chain together all IPv4 route caches where ro_rt != NULL. Provide in_rtcache() for adding a route to the chain. Provide in_rtflush() and in_rtflushall() for invalidating IPv4 route caches. In in_rtflush(), set ro_rt to NULL, and remove the route from the chain. In in_rtflushall(), walk the chain and remove every route cache.
In rtrequest1(), call rtflushall() to invalidate route caches when a route is added.
In gif(4), discard the workaround for stale caches that involves expiring them every so often.
Replace the pattern 'RTFREE(ro->ro_rt); ro->ro_rt = NULL;' with a call to rtflush(ro).
Update ipflow_fastforward() and all other users of route caches so that they expect a cached route, ro->ro_rt, to turn to NULL.
Take care when moving a 'struct route' to rtflush() the source and to rtcache() the destination.
In domain initializers, use .dom_xxx tags.
KNF here and there.
|
Revision tags: netbsd-4-base
|
#
1.68 |
|
23-Nov-2006 |
rpaulo |
branches: 1.68.2; 1.68.4; New EtherIP driver based on tap(4) and gif(4) by Hans Rosenfeld. Notable changes: * Fixes PR 34268. * Separates the code from gif(4) (which is more cleaner). * Allows the usage of STP (Spanning Tree Protocol). * Removed EtherIP implementation from gif(4)/tap(4).
Some input from Christos.
|
Revision tags: yamt-splraiseipl-base2
|
#
1.67 |
|
10-Oct-2006 |
dogcow |
change the MOWNER_INIT define to take two args; fix extant struct mowner decls to use it. Makes options MBUFTRACE compile again and not whinge about missing structure declarations. (Also makes initialization consistent.)
|
Revision tags: yamt-splraiseipl-base yamt-pdpolicy-base9 yamt-pdpolicy-base8 rpaulo-netinet-merge-pcb-base
|
#
1.66 |
|
30-Aug-2006 |
christos |
branches: 1.66.2; 1.66.4; add missing initializers
|
#
1.65 |
|
28-Aug-2006 |
christos |
remove extra members
|
#
1.64 |
|
25-Aug-2006 |
matt |
One step closer to loadable domains. Store pointers to a domain's soft interrupt queues so if_detach can remove packets to removed interfaces from them. This eliminates a lot of conditional ugly code in if.c
|
Revision tags: abandoned-netbsd-4-base yamt-pdpolicy-base7 yamt-pdpolicy-base6 chap-midi-nbase gdamore-uart-base yamt-pdpolicy-base5 chap-midi-base simonb-timecounters-base
|
#
1.63 |
|
18-May-2006 |
liamjfoy |
Integrate Common Address Redundancy Procotol (CARP) from OpenBSD
'pseudo-device carp'
Thanks to: joerg@ christos@ riz@ and others who tested Ok: core@
|
Revision tags: yamt-pdpolicy-base4 yamt-pdpolicy-base3 peter-altq-base yamt-pdpolicy-base2 elad-kernelauth-base
|
#
1.62 |
|
05-Mar-2006 |
rpaulo |
branches: 1.62.4; NDP-related improvements: RFC4191 - supports host-side router-preference
RFC3542 - if DAD fails on a interface, disables IPv6 operation on the interface - don't advertise MLD report before DAD finishes
Others - fixes integer overflow for valid and preferred lifetimes - improves timer granularity for MLD, using callout-timer. - reflects rtadvd's IPv6 host variable information into kernel (router only) - adds a sysctl option to enable/disable pMTUd for multicast packets - performs NUD on PPP/GRE interface by default - Redirect works regardless of ip6_accept_rtadv - removes RFC1885-related code
From the KAME project via SUZUKI Shinsuke. Reviewed by core.
|
Revision tags: yamt-pdpolicy-base yamt-uio_vmspace-base5
|
#
1.61 |
|
11-Dec-2005 |
christos |
branches: 1.61.4; 1.61.6; 1.61.8; merge ktrace-lwp.
|
Revision tags: yamt-readahead-base3 yamt-readahead-base2 yamt-readahead-pervnode yamt-readahead-perfile yamt-readahead-base yamt-vop-base3 yamt-vop-base2 thorpej-vnode-attr-base yamt-vop-base ktrace-lwp-base
|
#
1.60 |
|
19-Jul-2005 |
gdt |
Add PR_PURGEIF flag for protocols to indicate that the protocol might store a struct ifnet *, and define it for udp/tcp/rawip for INET and INET6. When deleting a struct ifnet, invoke PRU_PURGEIF on all protocols marked with PR_PURGEIF. Closes PR kern/29580 (mine).
|
#
1.59 |
|
29-May-2005 |
christos |
branches: 1.59.2; - avoid shadowed variables - sprinkle const.
|
Revision tags: yamt-km-base4 yamt-km-base3 netbsd-3-base yamt-km-base2 yamt-km-base kent-audio2-base
|
#
1.58 |
|
23-Jan-2005 |
matt |
branches: 1.58.6; Change initialzie of domains to use link sets. Switch to using STAILQ. Add a convenience macro DOMAIN_FOREACH to interate through the domain.
|
Revision tags: kent-audio1-beforemerge kent-audio1-base
|
#
1.57 |
|
22-Apr-2004 |
matt |
branches: 1.57.4; Constify protosw arrays. This can reduce the kernel .data section by over 4K (if all the network protocols) are loaded.
|
Revision tags: netbsd-2-0-3-RELEASE netbsd-2-1-RELEASE netbsd-2-1-RC6 netbsd-2-1-RC5 netbsd-2-1-RC4 netbsd-2-1-RC3 netbsd-2-1-RC2 netbsd-2-1-RC1 netbsd-2-0-2-RELEASE netbsd-2-0-1-RELEASE netbsd-2-base netbsd-2-0-RELEASE netbsd-2-0-RC5 netbsd-2-0-RC4 netbsd-2-0-RC3 netbsd-2-0-RC2 netbsd-2-0-RC1 netbsd-2-0-base
|
#
1.56 |
|
04-Dec-2003 |
atatat |
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(), vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all nodes are registered with the tree, and nodes can be added (or removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to number (and back again) can now be discovered, instead of having to be hard coded. Adding new nodes to the tree is likewise much simpler -- the new infrastructure handles almost all the work for simple types, and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking), so all existing consumers of sysctl information should notice no difference.
PS - I'm sorry, but there's a distinct lack of documentation at the moment. I'm working on sysctl(3/8/9) right now, and I promise to watch out for buses.
|
#
1.55 |
|
03-Nov-2003 |
briggs |
Revert the change in default value of ipv6_v6only. Further discussion on this topic is required. It should be reintroduced and pursued in the IETF.
|
#
1.54 |
|
28-Oct-2003 |
briggs |
Toggle the default value of ip6_v6only. Also provide a sample sysctl to retain the existing behavior.
|
#
1.53 |
|
06-Sep-2003 |
itojun |
randomize IPv4/v6 fragment ID and IPv6 flowlabel. avoids predictability of these fields. ip_id.c is from openbsd. ip6_id.c is adapted by kame.
|
#
1.52 |
|
05-Sep-2003 |
itojun |
call tcp_drain() if IPv4-less kernel
|
#
1.51 |
|
04-Sep-2003 |
itojun |
revamp inpcb/in6pcb so that they are more aligned with each other. in6pcb lookup now uses hash(9).
|
#
1.50 |
|
14-Aug-2003 |
itojun |
enforce ipsec policy on raw wildcard.
|
#
1.49 |
|
07-Aug-2003 |
agc |
Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22364, verified by myself.
|
#
1.48 |
|
07-Aug-2003 |
itojun |
make net.inet6.ip6.redirect actually work. from Tomoyuki Sahara via kame
|
#
1.47 |
|
17-Apr-2003 |
thorpej |
branches: 1.47.2; Protect the definition of offsetof().
|
Revision tags: nathanw_sa_before_merge fvdl_fs64_base gmcgarry_ctxsw_base gmcgarry_ucred_base nathanw_sa_base
|
#
1.46 |
|
11-Nov-2002 |
itojun |
pmtu_probe is not used anywhere (it is used in KAME TCP6-only code). From: Krister Walfridsson <cato@df.lth.se>
|
Revision tags: kqueue-aftermerge kqueue-beforemerge gehenna-devsw-base kqueue-base
|
#
1.45 |
|
20-Aug-2002 |
itojun |
sync up use_deprecated handling with latest kame. - bind(deprecated) is allowed, trusting userland app is doing the right thing - use_deprecated default to 1
|
#
1.44 |
|
17-Aug-2002 |
itojun |
set default value for use_deprecated to 0, to avoid consequences with ftpd.
|
#
1.43 |
|
09-Jun-2002 |
itojun |
whitespace cleanup
|
#
1.42 |
|
08-Jun-2002 |
itojun |
whitespace cleanup
|
#
1.41 |
|
29-May-2002 |
itojun |
move per-interface ip6/icmp6 stat to ifnet->if_afdata. sync w/kame
|
#
1.40 |
|
28-May-2002 |
itojun |
limit number of IPv6 fragments (not the fragment queue size) to fight against lots-of-frags DoS attacks. sync w/kame
|
Revision tags: netbsd-1-6-RC1 netbsd-1-6-base eeh-devprop-base
|
#
1.39 |
|
15-Mar-2002 |
itojun |
branches: 1.39.4; 1.39.6; have tcp6_drain
|
Revision tags: newlock-base ifpoll-base
|
#
1.38 |
|
21-Dec-2001 |
itojun |
call encap6_ctlinput on icmp6 against tunnelled packet. sync w/kame
|
#
1.37 |
|
21-Dec-2001 |
itojun |
use radix table for inbound tunnel lookup (would increase performance for machines with a lot of tunnels). update route cache for IPvX-over-IPv6 tunnel on path MTU discovery. snyc with kame
|
#
1.36 |
|
21-Dec-2001 |
itojun |
move in6_gif_hlim decl to in6_gif.c. sync with kame
|
#
1.35 |
|
21-Dec-2001 |
itojun |
move protosw fragment for gif/stf to their own source code. reduce #ifdef in stf code. sync with kame
|
#
1.34 |
|
13-Nov-2001 |
lukem |
add RCSIDs
|
Revision tags: thorpej-mips-cache-base
|
#
1.33 |
|
24-Oct-2001 |
itojun |
no tcp_fasttimo any more. PR 14333
|
#
1.32 |
|
24-Oct-2001 |
itojun |
more whitespace sync with kame
|
#
1.31 |
|
16-Oct-2001 |
itojun |
branches: 1.31.2; remove unused #define. sync whitespace/comment with kame.
|
#
1.30 |
|
15-Oct-2001 |
itojun |
implement IPV6_V6ONLY socket option from draft-ietf-ipngwg-rfc2553bis-03.txt. IPV6_BINDV6ONLY (netbsd only) is deprecated, but still work just like before.
|
Revision tags: thorpej-devvp-base3 thorpej-devvp-base2 post-chs-ubcperf pre-chs-ubcperf thorpej-devvp-base thorpej_scsipi_beforemerge thorpej_scsipi_nbase thorpej_scsipi_base
|
#
1.29 |
|
21-Mar-2001 |
thorpej |
branches: 1.29.2; Add a protosw flag, PR_ABRTACPTDIS (Abort on Accept of Disconnected Socket), and add it to the protocols that use that behavior (all PR_LISTEN protocols except for PF_LOCAL stream sockets).
|
#
1.28 |
|
01-Mar-2001 |
itojun |
branches: 1.28.2; make sure to enforce inbound ipsec policy checking, for any protocols on top of ip (check it when final header is visited). sync with kame. XXX kame team will need to re-check policy engine code
|
#
1.27 |
|
21-Feb-2001 |
itojun |
need PR_ADDR|PR_ATOMIC for IPPROTO_EON. fix typo. from chopps, sync with kame
|
#
1.26 |
|
20-Feb-2001 |
itojun |
ISO over IPv4/v6 by EON encapsulation. from chopps, sync with kame.
|
#
1.25 |
|
11-Feb-2001 |
itojun |
pull latest kame pcbnotify code. synchronizes ICMPv6 path mtu discovery behavior with other protocols (i.e. validation, use of hiwat/lowat).
|
#
1.24 |
|
11-Feb-2001 |
itojun |
whitespace sync with kame
|
#
1.23 |
|
19-Oct-2000 |
itojun |
remove #ifdef TCP6. it is not likely for us to bring in sys/netinet6/tcp6*.c (separate TCP/IPv6 stack) into netbsd-current.
|
#
1.22 |
|
18-Oct-2000 |
itojun |
verify ICMPv6 too big messages based on TCP pcbs, and/or IPsec SA. TODO: udp6, and sendto consideration. as pmtud is mandatory for IPv6, it is rather important for us to support those cases. TODO: more testing TODO: kame sync
|
#
1.21 |
|
10-Oct-2000 |
itojun |
sync with kame ($KAME$)
|
#
1.20 |
|
10-Oct-2000 |
enami |
Don't initialize TCP twice on v4/v6 dual stack kernel.
|
#
1.19 |
|
28-Jul-2000 |
itojun |
nuke the following sysctl variables. "ppsratelimit" should work better. need to recompile sbin/sysctl after updating /usr/include. net.inet.tcp.rstratelimit net.inet.icmp.errratelimit net.inet6.icmp6.errratelimit
|
#
1.18 |
|
06-Jul-2000 |
itojun |
- do not use bitfield for router renumbering header. - add protection mechanism against ND cache corruption due to bad NUD hints. - more stats - icmp6 pps limitation. TOOD: should implement ppsratecheck(9).
|
Revision tags: netbsd-1-5-ALPHA2 netbsd-1-5-base minoura-xpg4dl-base
|
#
1.17 |
|
19-Apr-2000 |
itojun |
branches: 1.17.4; introduce sys/netinet/ip_encap.c, to dispatch inbound packets to protocol handlers, based on src/dst (for ip proto #4/41). see comment in ip_encap.c for details of the problem we have. there are too many protocol specs for ip proto #4/41. backward compatibility with MROUTING case is now provided in ip_encap.c.
fix ipip to work with gif (using ip_encap.c). sorry for breakage.
gif now uses ip_encap.c.
introduce stf pseudo interface (implements 6to4, another IPv6-over-IPv4 code with ip proto #41).
|
#
1.16 |
|
26-Feb-2000 |
itojun |
implement rip6_ctlinput, to cope with routing changes correctly. (IMHO we need rip_ctlinput as well)
|
#
1.15 |
|
26-Feb-2000 |
itojun |
make it possible to throw IPv6 packet with proto=4/41. (in normal case we don't do it, but this is how IPv4 in_proto is written)
|
#
1.14 |
|
14-Feb-2000 |
thorpej |
Use ratecheck() for ICMP6 rate limiting.
|
Revision tags: chs-ubc2-newbase
|
#
1.13 |
|
06-Feb-2000 |
itojun |
fix include pathname for better rfc2292 compliance.
|
#
1.12 |
|
06-Jan-2000 |
itojun |
remove extra portability #ifdef (like #ifdef __FreeBSD__) in KAME IPv6/IPsec code, from netbsd-current repository. #ifdef'ed version is always available from ftp.kame.net.
XXX please do not make too many diff-unfriendly changes, we'll need to take bunch of diffs on upgrade...
|
#
1.11 |
|
06-Jan-2000 |
itojun |
make IPV6_BINDV6ONLY setsockopt available. it controls behavior of AF_INET6 wildcard listening socket. heavily documented in ip6(4). net.inet6.ip6.bindv6only defines default value. default is 1.
"options INET6_BINDV6ONLY" removes any code fragment that supports IPV6_BINDV6ONLY == 0 case (not defopt'ed as use of this is rare).
|
#
1.10 |
|
02-Jan-2000 |
itojun |
add net.inet6.icmp6.nodeinfo sysctl. this allows you to disable/enable ICMPv6 node information query/reply processing (which tells remote end the gethostname(3) setting, interface addresses on the node, and some other things - documented in draft-ietf-ipngwg-icmp-name-lookup* or something alike).
to test it, try ping6 -w ::1 with nodeinfo=0 and nodeinfo=1. (sync with kame change)
|
Revision tags: wrstuden-devbsize-19991221 wrstuden-devbsize-base
|
#
1.9 |
|
13-Dec-1999 |
itojun |
sync IPv6 part with latest KAME tree. IPsec part is left unmodified due to massive changes in KAME side. - IPv6 output goes through nd6_output - faith can capture IPv4 packets as well - you can run IPv4-to-IPv6 translator using heavily modified DNS servers - per-interface statistics (required for IPv6 MIB) - interface autoconfig is revisited - udp input handling has a big change for mapped address support. - introduce in4_cksum() for non-overwriting checksumming - introduce m_pulldown() - neighbor discovery cleanups/improvements - netinet/in.h strictly conforms to RFC2553 (no extra defs visible to userland) - IFA_STATS is fixed a bit (not tested) - and more more more.
TODO: - cleanup os-independency #ifdef - avoid rcvif dual use (for IPsec) to help ifdetach
(sorry for jumbo commit, I can't separate this any more...)
|
Revision tags: comdex-fall-1999-base fvdl-softdep-base chs-ubc2-base
|
#
1.8 |
|
31-Jul-1999 |
itojun |
branches: 1.8.2; 1.8.8; sync with recent KAME. - loosen ipsec restriction on packet diredtion. - revise icmp6 redirect handling on IsRouter bit. - tcp/udp notification processing (link-local address case) - cosmetic fixes (better code share across *BSD).
|
#
1.7 |
|
30-Jul-1999 |
itojun |
remove reference to in6_systm.h (file itself will be removed afterwords)
|
#
1.6 |
|
27-Jul-1999 |
explorer |
Fix a problem where tcp_slowtimo was called twice, once for ipv4 tcp and once for ipv6. This patch makes the ipv6 case pass NULLs in for fast and slow timeouts iff defined(INET) and passes in the right function if !defined(INET).
Reveiwed by itojun@iijlab.net.
|
#
1.5 |
|
22-Jul-1999 |
itojun |
change unnecessary u_long/long into u_int32_t or something relevant. more fixes should follow.
|
#
1.4 |
|
09-Jul-1999 |
thorpej |
defopt IPSEC and IPSEC_ESP (both into opt_ipsec.h).
|
#
1.3 |
|
03-Jul-1999 |
thorpej |
RCS ID police.
|
#
1.2 |
|
01-Jul-1999 |
itojun |
branches: 1.2.2; IPv6 kernel code, based on KAME/NetBSD 1.4, SNAP kit 19990628. (Sorry for a big commit, I can't separate this into several pieces...) Pls check sys/netinet6/TODO and sys/netinet6/IMPLEMENTATION for details.
- sys/kern: do not assume single mbuf, accept chained mbuf on passing data from userland to kernel (or other way round). - "midway" ATM card: ATM PVC pseudo device support, like those done in ALTQ package (ftp://ftp.csl.sony.co.jp/pub/kjc/). - sys/netinet/tcp*: IPv4/v6 dual stack tcp support. - sys/netinet/{ip6,icmp6}.h, sys/net/pfkeyv2.h: IETF document assumes those file to be there so we patch it up. - sys/netinet: IPsec additions are here and there. - sys/netinet6/*: most of IPv6 code sits here. - sys/netkey: IPsec key management code - dev/pci/pcidevs: regen
In my understanding no code here is subject to export control so it should be safe.
|
#
1.1 |
|
28-Jun-1999 |
itojun |
branches: 1.1.2; file in6_proto.c was initially added on branch kame.
|
#
1.127 |
|
24-Apr-2020 |
jakllsch |
Fill in .pr_usrreqs for SOCK_SEQPACKET and SOCK_STREAM variants of SCTP too.
This should allow these socket types of SCTP to operate on IPv6 family sockets, as .pr_usrreqs must not be NULL for socreate() to succeed.
|
Revision tags: phil-wifi-20200421 bouyer-xenpvh-base1 phil-wifi-20200411 bouyer-xenpvh-base is-mlppp-base phil-wifi-20200406 ad-namecache-base3 netbsd-9-0-RELEASE netbsd-9-0-RC2 ad-namecache-base2 ad-namecache-base1 ad-namecache-base netbsd-9-0-RC1 phil-wifi-20191119 netbsd-9-base phil-wifi-20190609 isaki-audio2-base pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906
|
#
1.126 |
|
14-Aug-2018 |
maxv |
Retire EtherIP, we have L2TP instead.
|
Revision tags: pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521
|
#
1.125 |
|
11-May-2018 |
roy |
branches: 1.125.2; Increase the default size of some receive buffers from 8k to 16k. This mitigates recent reports of socket overflow errors and fixes PR bin/53247.
|
#
1.124 |
|
03-May-2018 |
maxv |
Remove now unused tcpip.h includes. Some were already unused before.
|
#
1.123 |
|
03-May-2018 |
maxv |
Remove net_osdep.h completely.
|
Revision tags: pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315
|
#
1.122 |
|
15-Mar-2018 |
maxv |
Add the PR_LASTHDR flag on the PFsync and CARP entries. Otherwise a "require" IPsec policy is not enforced on them, and unauthenticated packets will be accepted.
Tested with a require-AH configuration. Sent on tech-net@, no comment.
|
Revision tags: pgoyette-compat-base
|
#
1.121 |
|
07-Feb-2018 |
maxv |
branches: 1.121.2; Style, and localify IPV6FORWARDING. No functional change.
|
#
1.120 |
|
07-Feb-2018 |
maxv |
Change ip6_hdrnestlimit to be 15 instead of 50. I couldn't find any reference in RFCs about what a correct limit should be, but FreeBSD already uses 15.
If an IPv6 packet has 50 options, there is clearly something wrong with it.
|
Revision tags: tls-maxphys-base-20171202
|
#
1.119 |
|
27-Sep-2017 |
ozaki-r |
Take softnet_lock on pr_input properly if NET_MPSAFE
Currently softnet_lock is taken unnecessarily in some cases, e.g., icmp_input and encap4_input from ip_input, or not taken even if needed, e.g., udp_input and tcp_input from ipsec4_common_input_cb. Fix them.
NFC if NET_MPSAFE is disabled (default).
|
#
1.118 |
|
21-Sep-2017 |
ozaki-r |
Invalidate rtcache based on a global generation counter
The change introduces a global generation counter that is incremented when any routes have been added or deleted. When a rtcache caches a rtentry into itself, it also stores a snapshot of the generation counter. If the snapshot equals to the global counter, the cache is still valid, otherwise invalidated.
One drawback of the change is that all rtcaches of all protocol families are invalidated when any routes of any protocol families are added or deleted. If that matters, we should have separate generation counters based on protocol families.
This change removes LIST_ENTRY from struct route, which fixes a part of PR kern/52515.
|
Revision tags: nick-nhusb-base-20170825 perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1
|
#
1.117 |
|
14-Apr-2017 |
ozaki-r |
branches: 1.117.4; Rumpify netipsec
Note that we should modularize netipsec and reduce reverse symbol references (referencing symbols of netipsec from net, netinet and netinet6) though, the task needs lots of code changes. Prior to doing so, rumpifying it and having ATF tests should be useful.
|
Revision tags: jdolecek-ncq-base pgoyette-localcount-20170320
|
#
1.116 |
|
16-Feb-2017 |
knakahara |
add l2tp(4) L2TPv3 interface.
originally implemented by IIJ SEIL team.
|
#
1.115 |
|
13-Feb-2017 |
ozaki-r |
Protect mtudisc and redirect stuffs of icmp/icmp6 with mutex
We have to run pr_init of icmp and icmp6 prior to tcp and tcp6 ones for mutex initialization.
|
Revision tags: nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107
|
#
1.114 |
|
13-Dec-2016 |
ozaki-r |
branches: 1.114.2; Remove unnecessary inclusions of nd6.h
|
Revision tags: nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907
|
#
1.113 |
|
06-Jul-2016 |
ozaki-r |
branches: 1.113.2; Move in6_ifaddr_list to a more proper place (from ip6_input.c to in6.c)
It's a similar place as the IPv4 address list, i.e., in.c.
More varibles will join together.
|
Revision tags: nick-nhusb-base-20160529
|
#
1.112 |
|
26-Apr-2016 |
ozaki-r |
Sweep unnecessary route.h inclusions
|
Revision tags: nick-nhusb-base-20160422
|
#
1.111 |
|
11-Apr-2016 |
ozaki-r |
Sweep unncessary radix.h inclusions
|
Revision tags: nick-nhusb-base-20160319
|
#
1.110 |
|
21-Jan-2016 |
riastradh |
Revert previous: ran cvs commit when I meant cvs diff. Sorry!
Hit up-arrow one too few times.
|
#
1.109 |
|
21-Jan-2016 |
riastradh |
Give proper prototype to ip_output.
|
#
1.108 |
|
20-Jan-2016 |
riastradh |
Eliminate struct protosw::pr_output.
You can't use this unless you know what it is a priori: the formal prototype is variadic, and the different instances (e.g., ip_output, route_output) have different real prototypes.
Convert the only user of it, raw_send in net/raw_cb.c, to take an explicit callback argument. Convert the only instances of it, route_output and key_output, to such explicit callbacks for raw_send. Use assertions to make sure the conversion to explicit callbacks is warranted.
Discussed on tech-net with no objections: https://mail-index.netbsd.org/tech-net/2016/01/16/msg005484.html
|
Revision tags: nick-nhusb-base-20151226
|
#
1.107 |
|
13-Oct-2015 |
rjs |
Add core networking support for SCTP.
|
Revision tags: nick-nhusb-base-20150921
|
#
1.106 |
|
24-Aug-2015 |
pooka |
sprinkle _KERNEL_OPT
|
Revision tags: nick-nhusb-base-20150606
|
#
1.105 |
|
22-Apr-2015 |
roy |
Move INET6 specific in6_if_{up,down}() and in6_if_link_{up,down}() into agnostic domain functions.
|
Revision tags: nick-nhusb-base-20150406
|
#
1.104 |
|
10-Feb-2015 |
rjs |
Add DCCP protocol support from KAME.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.103 |
|
05-Jun-2014 |
rmind |
branches: 1.103.4; - Implement pktqueue interface for lockless IP input queue. - Replace ipintrq and ip6intrq with the pktqueue mechanism. - Eliminate kernel-lock from ipintr() and ip6intr(). - Some preparation work to push softnet_lock out of ipintr().
Discussed on tech-net.
|
#
1.102 |
|
22-May-2014 |
rmind |
Move udp6_input(), udp6_sendup(), udp6_realinput() and udp6_input_checksum() from udp_usrreq.c to udp6_usrreq.c where they belong. No functional change.
|
Revision tags: rmind-smpnet-nbase rmind-smpnet-base
|
#
1.101 |
|
18-May-2014 |
rmind |
Add struct pr_usrreqs with a pr_generic function and prepare for the dismantling of pr_usrreq in the protocols; no functional change intended. PRU_ATTACH/PRU_DETACH changes will follow soon.
Bump for struct protosw. Welcome to 6.99.62!
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3
|
#
1.100 |
|
02-Jan-2014 |
pooka |
branches: 1.100.2; Allow kernels compiled with INET+INET6 to be booted as IPv4-only or IPv6-only.
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base
|
#
1.99 |
|
05-Jun-2013 |
christos |
branches: 1.99.2; IPSEC has not come in two speeds for a long time now (IPSEC == kame, FAST_IPSEC). Make everything refer to IPSEC to avoid confusion.
|
Revision tags: agc-symver-base
|
#
1.98 |
|
01-Mar-2013 |
joerg |
Retire OSI network stack. OK core@
|
Revision tags: yamt-pagecache-base8 yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.97 |
|
23-Jun-2012 |
christos |
branches: 1.97.2; 4 new sysctls to avoid ipv6 DoS attacks from OpenBSD
|
Revision tags: jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8
|
#
1.96 |
|
22-Mar-2012 |
drochner |
remove KAME IPSEC, replaced by FAST_IPSEC
|
Revision tags: netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 jmcneill-usbmp-base7 jmcneill-usbmp-base6 jmcneill-usbmp-base5 jmcneill-usbmp-base4 jmcneill-usbmp-base3 jmcneill-usbmp-base2 netbsd-6-base
|
#
1.95 |
|
31-Dec-2011 |
christos |
branches: 1.95.2; 1.95.6; 1.95.8; - fix offsetof usage, and redundant defines - kill pointer casts to 0
|
#
1.94 |
|
19-Dec-2011 |
drochner |
rename the IPSEC in-kernel CPP variable and config(8) option to KAME_IPSEC, and make IPSEC define it so that existing kernel config files work as before Now the default can be easily be changed to FAST_IPSEC just by setting the IPSEC alias to FAST_IPSEC.
|
Revision tags: jmcneill-usbmp-pre-base2 jmcneill-usbmp-base jmcneill-audiomp3-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base
|
#
1.93 |
|
24-Sep-2011 |
christos |
branches: 1.93.2; 1.93.6; Add inet6 part of the rfc6056 code contributed by Vlad Balan as part of Google SoC-2011
|
Revision tags: rmind-uvmplock-nbase cherry-xenmp-base rmind-uvmplock-base
|
#
1.92 |
|
24-May-2011 |
spz |
RA flood mitigation via a limit on accepted routes: - introduce a limit for the routes accepted via IPv6 Router Advertisement: a common 2 interface client will have 6, the default limit is 100 and can be adjusted via sysctl - report the current number of routes installed via RA via sysctl - count discarded route additions. Note that one RA message is two routes. This is at present only across all interfaces even though per-interface would be more useful, since the per-interface structure complies to RFC2466 - bump kernel version due to the previous change - adjust netstat to use the new value (with netstat -p icmp6)
|
#
1.91 |
|
03-May-2011 |
dyoung |
*_drain() routines may be called with locks held, so instead of doing any work in *_drain(), set a drain-needed flag. Do the work in the fasttimo handler.
Contributed by Coyote Point Systems, Inc.
|
#
1.90 |
|
31-Mar-2011 |
dyoung |
Hide the radix-trie implementation of the forwarding table so that we will have an easier time replacing it with something different, even if it is a second radix-trie implementation.
sys/net/route.c and sys/net/rtsock.c no longer operate directly on radix_nodes or radix_node_heads.
Hopefully this will reduce the temptation to implement multipath or source-based routing using grotty hacks to the grotty old radix-trie code, too. :-)
|
Revision tags: bouyer-quota2-nbase bouyer-quota2-base jruoho-x86intr-base matt-mips64-premerge-20101231 uebayasi-xip-base4 uebayasi-xip-base3 yamt-nfs-mp-base11
|
#
1.89 |
|
24-Aug-2010 |
jakllsch |
branches: 1.89.2; Make the EtherIP in IPv6 input path work. XXX: Figure out if we really need a separate protosw for IPv6.
|
Revision tags: uebayasi-xip-base2 yamt-nfs-mp-base10 uebayasi-xip-base1 yamt-nfs-mp-base9 uebayasi-xip-base
|
#
1.88 |
|
04-Feb-2010 |
joerg |
branches: 1.88.2; 1.88.4; Explicitly include opt_gateway.h when depending on GATEWAY.
|
Revision tags: matt-premerge-20091211 yamt-nfs-mp-base8 jym-xensuspend-nbase
|
#
1.87 |
|
11-Sep-2009 |
dyoung |
Make ifconfig(8) set and display preference numbers for IPv6 addresses. Make the kernel support SIOC[SG]IFADDRPREF for IPv6 interface addresses.
In in6ifa_ifpforlinklocal(), consult preference numbers before making an otherwise arbitrary choice of in6_ifaddr. Otherwise, preference numbers are *not* consulted by the kernel, but that will be rather easy for somebody with a little bit of free time to fix.
Please note that setting the preference number for a link-local IPv6 address does not work right, yet, but that ought to be fixed soon.
In support of the changes above,
1 Add a method to struct domain for "externalizing" a sockaddr, and provide an implementation for IPv6. Expect more work in this area: it may be more proper to say that the IPv6 implementation "internalizes" a sockaddr. Add sockaddr_externalize().
2 Add a subroutine, sofamily(), that returns a struct socket's address family or AF_UNSPEC.
3 Make a lot of IPv4-specific code generic, and move it from sys/netinet/ to sys/net/ for re-use by IPv6 parts of the kernel and ifconfig(8).
|
#
1.86 |
|
11-Sep-2009 |
dyoung |
Nothing uses sockaddr_in6_cmp() right now, and the generic sockaddr_cmp() is probably as fast or faster than calling sockaddr_in6_cmp() through a function pointer, so let's stop compiling it.
|
#
1.85 |
|
21-Aug-2009 |
tsutsui |
Fix error on kernels with options IPSEC without options IPSEC_ESP. Found on building evbppc/conf/PMPPC.
|
Revision tags: yamt-nfs-mp-base7 jymxensuspend-base yamt-nfs-mp-base6 yamt-nfs-mp-base5 yamt-nfs-mp-base4 yamt-nfs-mp-base3 nick-hppapmap-base4 nick-hppapmap-base3 jym-xensuspend-base nick-hppapmap-base
|
#
1.84 |
|
23-Mar-2009 |
liamjfoy |
Init ip6flow pool dynamically instead of using a linkset.
|
Revision tags: nick-hppapmap-base2 haad-dm-base2 haad-nbase2 ad-audiomp2-base haad-dm-base mjf-devfs2-base
|
#
1.83 |
|
25-Nov-2008 |
pooka |
branches: 1.83.4; Make dom_maxrtkey of inet/inet6domain the size of the ip_encap pack structures. This is far from optimal, but gets rid of iffy #ifdef INET in radix.c. The radix bonsai still needs lots of love before loading domains dynamically is possible...
|
Revision tags: netbsd-5-1-5-RELEASE netbsd-5-1-4-RELEASE netbsd-5-1-3-RELEASE netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE matt-nb5-mips64-premerge-20101231 netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 netbsd-5-base matt-mips64-base2 haad-dm-base1 wrstuden-revivesa-base-4 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 wrstuden-revivesa-base-1 simonb-wapbl-nbase yamt-pf42-base4 simonb-wapbl-base yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-base2 yamt-nfs-mp-base2 wrstuden-revivesa-base yamt-nfs-mp-base
|
#
1.82 |
|
24-Apr-2008 |
ad |
branches: 1.82.2; 1.82.8; 1.82.10; 1.82.12; Merge the socket locking patch:
- Socket layer becomes MP safe. - Unix protocols become MP safe. - Allows protocol processing interrupts to safely block on locks. - Fixes a number of race conditions.
With much feedback from matt@ and plunky@.
|
#
1.81 |
|
23-Apr-2008 |
thorpej |
Make IPSEC and FAST_IPSEC stats per-cpu. Use <net/net_stats.h> and netstat_sysctl().
|
Revision tags: yamt-pf42-baseX yamt-pf42-base
|
#
1.80 |
|
15-Apr-2008 |
thorpej |
branches: 1.80.2; Make pim6 stats per-cpu.
|
Revision tags: ad-socklock-base1 yamt-lazymbuf-base15 yamt-lazymbuf-base14 keiichi-mipv6-nbase nick-net80211-sync-base keiichi-mipv6-base bouyer-xeni386-merge1 vmlocking2-base3 bouyer-xeni386-nbase yamt-kmem-base3 cube-autoconf-base yamt-kmem-base2 bouyer-xeni386-base yamt-kmem-base vmlocking2-base2 reinoud-bufcleanup-nbase vmlocking2-base1 matt-armv6-nbase jmcneill-base mjf-devfs-base bouyer-xenamd64-base2 vmlocking-nbase yamt-x86pmap-base4 bouyer-xenamd64-base yamt-x86pmap-base3 yamt-x86pmap-base2 yamt-x86pmap-base matt-armv6-base jmcneill-pm-base hpcarm-cleanup-base reinoud-bufcleanup-base vmlocking-base
|
#
1.79 |
|
19-Sep-2007 |
dyoung |
branches: 1.79.16; 1.79.20; 1) Introduce a new socket option, (SOL_SOCKET, SO_NOHEADER), that tells a socket that it should both add a protocol header to tx'd datagrams and remove the header from rx'd datagrams:
int onoff = 1, s = socket(...); setsockopt(s, SOL_SOCKET, SO_NOHEADER, &onoff);
2) Add an implementation of (SOL_SOCKET, SO_NOHEADER) for raw IPv4 sockets.
3) Reorganize the protocols' pr_ctloutput implementations a bit. Consistently return ENOPROTOOPT when an option is unsupported, and EINVAL if a supported option's arguments are incorrect. Reorganize the flow of code so that it's more clear how/when options are passed down the stack until they are handled.
Shorten some pr_ctloutput staircases for readability.
4) Extract common mbuf code into subroutines, add new sockaddr methods, and introduce a new subroutine, fsocreate(), for reuse later; use it first in sys_socket():
struct mbuf *m_getsombuf(struct socket *so)
Create an mbuf and make its owner the socket `so'.
struct mbuf *m_intopt(struct socket *so, int val)
Create an mbuf, make its owner the socket `so', put the int `val' into it, and set its length to sizeof(int).
int fsocreate(..., int *fd)
Create a socket, a la socreate(9), put the socket into the given LWP's descriptor table, return the descriptor at `fd' on success.
void *sockaddr_addr(struct sockaddr *sa, socklen_t *slenp) const void *sockaddr_const_addr(const struct sockaddr *sa, socklen_t *slenp)
Extract a pointer to the address part of a sockaddr. Write the length of the address part at `slenp', if `slenp' is not NULL.
socklen_t sockaddr_getlen(const struct sockaddr *sa)
Return the length of a sockaddr. This just evaluates to sa->sa_len. I only add this for consistency with code that appears in a portable userland library that I am going to import.
const struct sockaddr *sockaddr_any(const struct sockaddr *sa)
Return the "don't care" sockaddr in the same family as `sa'. This is the address a client should sobind(9) if it does not care the source address and, if applicable, the port et cetera that it uses.
const void *sockaddr_anyaddr(const struct sockaddr *sa, socklen_t *slenp)
Return the "don't care" sockaddr in the same family as `sa'. This is the address a client should sobind(9) if it does not care the source address and, if applicable, the port et cetera that it uses.
|
Revision tags: nick-csl-alignment-base5
|
#
1.78 |
|
30-Aug-2007 |
dyoung |
Use malloc(9) for sockaddrs instead of pool(9), and remove dom_sa_pool and dom_sa_len members from struct domain. Pools of fixed-size objects are too rigid for sockaddr_dls, whose size can vary over a wide range.
Return sockaddr_dl to its "historical" size. Now that I'm using malloc(9) instead of pool(9) to allocate sockaddr_dl, I can create a sockaddr_dl of any size in the kernel, so expanding sockaddr_dl is useless.
Avoid using sizeof(struct sockaddr_dl) in the kernel.
Introduce sockaddr_dl_alloc() for allocating & initializing an arbitrary sockaddr_dl on the heap.
Add an argument, the sockaddr length, to sockaddr_alloc(), sockaddr_copy(), and sockaddr_dl_setaddr().
Constify: LLADDR() -> CLLADDR().
Where the kernel overwrites LLADDR(), use sockaddr_dl_setaddr(), instead. Used properly, sockaddr_dl_setaddr() will not overrun the end of the sockaddr.
|
Revision tags: matt-mips64-base nick-csl-alignment-base yamt-idlelwp-base8 mjf-ufs-trans-base
|
#
1.77 |
|
06-May-2007 |
dyoung |
branches: 1.77.2; 1.77.6; 1.77.8; In AppleTalk, IPv4, and IPv6 routing domains, help sockaddr_cmp() avoid an indirect function call by comparing the family, length, and bytes [dom->dom_sa_cmpofs, dom->dom_sa_cmpofs + dom->dom_sa_cmplen), corresponding to the the sockaddrs' "address" members.
For ISO, actually use sockaddr_iso_cmp, for a change. Thanks to yamt@ for pointing out my error.
|
#
1.76 |
|
02-May-2007 |
dyoung |
Eliminate address family-specific route caches (struct route, struct route_in6, struct route_iso), replacing all caches with a struct route.
The principle benefit of this change is that all of the protocol families can benefit from route cache-invalidation, which is necessary for correct routing. Route-cache invalidation fixes an ancient PR, kern/3508, at long last; it fixes various other PRs, also.
Discussions with and ideas from Joerg Sonnenberger influenced this work tremendously. Of course, all design oversights and bugs are mine.
DETAILS
1 I added to each address family a pool of sockaddrs. I have introduced routines for allocating, copying, and duplicating, and freeing sockaddrs:
struct sockaddr *sockaddr_alloc(sa_family_t af, int flags); struct sockaddr *sockaddr_copy(struct sockaddr *dst, const struct sockaddr *src); struct sockaddr *sockaddr_dup(const struct sockaddr *src, int flags); void sockaddr_free(struct sockaddr *sa);
sockaddr_alloc() returns either a sockaddr from the pool belonging to the specified family, or NULL if the pool is exhausted. The returned sockaddr has the right size for that family; sa_family and sa_len fields are initialized to the family and sockaddr length---e.g., sa_family = AF_INET and sa_len = sizeof(struct sockaddr_in). sockaddr_free() puts the given sockaddr back into its family's pool.
sockaddr_dup() and sockaddr_copy() work analogously to strdup() and strcpy(), respectively. sockaddr_copy() KASSERTs that the family of the destination and source sockaddrs are alike.
The 'flags' argumet for sockaddr_alloc() and sockaddr_dup() is passed directly to pool_get(9).
2 I added routines for initializing sockaddrs in each address family, sockaddr_in_init(), sockaddr_in6_init(), sockaddr_iso_init(), etc. They are fairly self-explanatory.
3 structs route_in6 and route_iso are no more. All protocol families use struct route. I have changed the route cache, 'struct route', so that it does not contain storage space for a sockaddr. Instead, struct route points to a sockaddr coming from the pool the sockaddr belongs to. I added a new method to struct route, rtcache_setdst(), for setting the cache destination:
int rtcache_setdst(struct route *, const struct sockaddr *);
rtcache_setdst() returns 0 on success, or ENOMEM if no memory is available to create the sockaddr storage.
It is now possible for rtcache_getdst() to return NULL if, say, rtcache_setdst() failed. I check the return value for NULL everywhere in the kernel.
4 Each routing domain (struct domain) has a list of live route caches, dom_rtcache. rtflushall(sa_family_t af) looks up the domain indicated by 'af', walks the domain's list of route caches and invalidates each one.
|
Revision tags: thorpej-atomic-base
|
#
1.75 |
|
07-Mar-2007 |
liamjfoy |
branches: 1.75.2; 1.75.4; Add IPv6 Fast Forward - the IPv4 counterpart:
If ip6_forward successfully forwards a packet, a cache, in this case a ip6flow struct entry, will be created. ether_input and friends will then be able to call ip6flow_fastforward with the packet which will then be passed to if_output (unless an issue is found - in that case the packet is passed back to ip6_input).
ok matt@ christos@ dyoung@ and joerg@
|
#
1.74 |
|
06-Mar-2007 |
liamjfoy |
Fix some style issues - no functional change
|
#
1.73 |
|
27-Feb-2007 |
degroote |
Initialize fast_ipsec entry in the protocol switch with structure initializers as other entries.
|
Revision tags: ad-audiomp-base
|
#
1.72 |
|
19-Feb-2007 |
dyoung |
Initialize protocol switch with structure initializers.
|
#
1.71 |
|
17-Feb-2007 |
dyoung |
0 -> NULL
|
#
1.70 |
|
10-Feb-2007 |
degroote |
branches: 1.70.2; Commit my SoC work Add ipv6 support for fast_ipsec Note that currently, packet with extensions headers are not correctly supported Change the ipcomp logic
|
Revision tags: post-newlock2-merge newlock2-nbase yamt-splraiseipl-base5 yamt-splraiseipl-base4 yamt-splraiseipl-base3 newlock2-base
|
#
1.69 |
|
09-Dec-2006 |
dyoung |
Here are various changes designed to protect against bad IPv4 routing caused by stale route caches (struct route). Route caches are sprinkled throughout PCBs, the IP fast-forwarding table, and IP tunnel interfaces (gre, gif, stf).
Stale IPv6 and ISO route caches will be treated by separate patches.
Thank you to Christoph Badura for suggesting the general approach to invalidating route caches that I take here.
Here are the details:
Add hooks to struct domain for tracking and for invalidating each domain's route caches: dom_rtcache, dom_rtflush, and dom_rtflushall.
Introduce helper subroutines, rtflush(ro) for invalidating a route cache, rtflushall(family) for invalidating all route caches in a routing domain, and rtcache(ro) for notifying the domain of a new cached route.
Chain together all IPv4 route caches where ro_rt != NULL. Provide in_rtcache() for adding a route to the chain. Provide in_rtflush() and in_rtflushall() for invalidating IPv4 route caches. In in_rtflush(), set ro_rt to NULL, and remove the route from the chain. In in_rtflushall(), walk the chain and remove every route cache.
In rtrequest1(), call rtflushall() to invalidate route caches when a route is added.
In gif(4), discard the workaround for stale caches that involves expiring them every so often.
Replace the pattern 'RTFREE(ro->ro_rt); ro->ro_rt = NULL;' with a call to rtflush(ro).
Update ipflow_fastforward() and all other users of route caches so that they expect a cached route, ro->ro_rt, to turn to NULL.
Take care when moving a 'struct route' to rtflush() the source and to rtcache() the destination.
In domain initializers, use .dom_xxx tags.
KNF here and there.
|
Revision tags: netbsd-4-base
|
#
1.68 |
|
23-Nov-2006 |
rpaulo |
branches: 1.68.2; 1.68.4; New EtherIP driver based on tap(4) and gif(4) by Hans Rosenfeld. Notable changes: * Fixes PR 34268. * Separates the code from gif(4) (which is more cleaner). * Allows the usage of STP (Spanning Tree Protocol). * Removed EtherIP implementation from gif(4)/tap(4).
Some input from Christos.
|
Revision tags: yamt-splraiseipl-base2
|
#
1.67 |
|
10-Oct-2006 |
dogcow |
change the MOWNER_INIT define to take two args; fix extant struct mowner decls to use it. Makes options MBUFTRACE compile again and not whinge about missing structure declarations. (Also makes initialization consistent.)
|
Revision tags: yamt-splraiseipl-base yamt-pdpolicy-base9 yamt-pdpolicy-base8 rpaulo-netinet-merge-pcb-base
|
#
1.66 |
|
30-Aug-2006 |
christos |
branches: 1.66.2; 1.66.4; add missing initializers
|
#
1.65 |
|
28-Aug-2006 |
christos |
remove extra members
|
#
1.64 |
|
25-Aug-2006 |
matt |
One step closer to loadable domains. Store pointers to a domain's soft interrupt queues so if_detach can remove packets to removed interfaces from them. This eliminates a lot of conditional ugly code in if.c
|
Revision tags: abandoned-netbsd-4-base yamt-pdpolicy-base7 yamt-pdpolicy-base6 chap-midi-nbase gdamore-uart-base yamt-pdpolicy-base5 chap-midi-base simonb-timecounters-base
|
#
1.63 |
|
18-May-2006 |
liamjfoy |
Integrate Common Address Redundancy Procotol (CARP) from OpenBSD
'pseudo-device carp'
Thanks to: joerg@ christos@ riz@ and others who tested Ok: core@
|
Revision tags: yamt-pdpolicy-base4 yamt-pdpolicy-base3 peter-altq-base yamt-pdpolicy-base2 elad-kernelauth-base
|
#
1.62 |
|
05-Mar-2006 |
rpaulo |
branches: 1.62.4; NDP-related improvements: RFC4191 - supports host-side router-preference
RFC3542 - if DAD fails on a interface, disables IPv6 operation on the interface - don't advertise MLD report before DAD finishes
Others - fixes integer overflow for valid and preferred lifetimes - improves timer granularity for MLD, using callout-timer. - reflects rtadvd's IPv6 host variable information into kernel (router only) - adds a sysctl option to enable/disable pMTUd for multicast packets - performs NUD on PPP/GRE interface by default - Redirect works regardless of ip6_accept_rtadv - removes RFC1885-related code
From the KAME project via SUZUKI Shinsuke. Reviewed by core.
|
Revision tags: yamt-pdpolicy-base yamt-uio_vmspace-base5
|
#
1.61 |
|
11-Dec-2005 |
christos |
branches: 1.61.4; 1.61.6; 1.61.8; merge ktrace-lwp.
|
Revision tags: yamt-readahead-base3 yamt-readahead-base2 yamt-readahead-pervnode yamt-readahead-perfile yamt-readahead-base yamt-vop-base3 yamt-vop-base2 thorpej-vnode-attr-base yamt-vop-base ktrace-lwp-base
|
#
1.60 |
|
19-Jul-2005 |
gdt |
Add PR_PURGEIF flag for protocols to indicate that the protocol might store a struct ifnet *, and define it for udp/tcp/rawip for INET and INET6. When deleting a struct ifnet, invoke PRU_PURGEIF on all protocols marked with PR_PURGEIF. Closes PR kern/29580 (mine).
|
#
1.59 |
|
29-May-2005 |
christos |
branches: 1.59.2; - avoid shadowed variables - sprinkle const.
|
Revision tags: yamt-km-base4 yamt-km-base3 netbsd-3-base yamt-km-base2 yamt-km-base kent-audio2-base
|
#
1.58 |
|
23-Jan-2005 |
matt |
branches: 1.58.6; Change initialzie of domains to use link sets. Switch to using STAILQ. Add a convenience macro DOMAIN_FOREACH to interate through the domain.
|
Revision tags: kent-audio1-beforemerge kent-audio1-base
|
#
1.57 |
|
22-Apr-2004 |
matt |
branches: 1.57.4; Constify protosw arrays. This can reduce the kernel .data section by over 4K (if all the network protocols) are loaded.
|
Revision tags: netbsd-2-0-3-RELEASE netbsd-2-1-RELEASE netbsd-2-1-RC6 netbsd-2-1-RC5 netbsd-2-1-RC4 netbsd-2-1-RC3 netbsd-2-1-RC2 netbsd-2-1-RC1 netbsd-2-0-2-RELEASE netbsd-2-0-1-RELEASE netbsd-2-base netbsd-2-0-RELEASE netbsd-2-0-RC5 netbsd-2-0-RC4 netbsd-2-0-RC3 netbsd-2-0-RC2 netbsd-2-0-RC1 netbsd-2-0-base
|
#
1.56 |
|
04-Dec-2003 |
atatat |
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(), vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all nodes are registered with the tree, and nodes can be added (or removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to number (and back again) can now be discovered, instead of having to be hard coded. Adding new nodes to the tree is likewise much simpler -- the new infrastructure handles almost all the work for simple types, and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking), so all existing consumers of sysctl information should notice no difference.
PS - I'm sorry, but there's a distinct lack of documentation at the moment. I'm working on sysctl(3/8/9) right now, and I promise to watch out for buses.
|
#
1.55 |
|
03-Nov-2003 |
briggs |
Revert the change in default value of ipv6_v6only. Further discussion on this topic is required. It should be reintroduced and pursued in the IETF.
|
#
1.54 |
|
28-Oct-2003 |
briggs |
Toggle the default value of ip6_v6only. Also provide a sample sysctl to retain the existing behavior.
|
#
1.53 |
|
06-Sep-2003 |
itojun |
randomize IPv4/v6 fragment ID and IPv6 flowlabel. avoids predictability of these fields. ip_id.c is from openbsd. ip6_id.c is adapted by kame.
|
#
1.52 |
|
05-Sep-2003 |
itojun |
call tcp_drain() if IPv4-less kernel
|
#
1.51 |
|
04-Sep-2003 |
itojun |
revamp inpcb/in6pcb so that they are more aligned with each other. in6pcb lookup now uses hash(9).
|
#
1.50 |
|
14-Aug-2003 |
itojun |
enforce ipsec policy on raw wildcard.
|
#
1.49 |
|
07-Aug-2003 |
agc |
Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22364, verified by myself.
|
#
1.48 |
|
07-Aug-2003 |
itojun |
make net.inet6.ip6.redirect actually work. from Tomoyuki Sahara via kame
|
#
1.47 |
|
17-Apr-2003 |
thorpej |
branches: 1.47.2; Protect the definition of offsetof().
|
Revision tags: nathanw_sa_before_merge fvdl_fs64_base gmcgarry_ctxsw_base gmcgarry_ucred_base nathanw_sa_base
|
#
1.46 |
|
11-Nov-2002 |
itojun |
pmtu_probe is not used anywhere (it is used in KAME TCP6-only code). From: Krister Walfridsson <cato@df.lth.se>
|
Revision tags: kqueue-aftermerge kqueue-beforemerge gehenna-devsw-base kqueue-base
|
#
1.45 |
|
20-Aug-2002 |
itojun |
sync up use_deprecated handling with latest kame. - bind(deprecated) is allowed, trusting userland app is doing the right thing - use_deprecated default to 1
|
#
1.44 |
|
17-Aug-2002 |
itojun |
set default value for use_deprecated to 0, to avoid consequences with ftpd.
|
#
1.43 |
|
09-Jun-2002 |
itojun |
whitespace cleanup
|
#
1.42 |
|
08-Jun-2002 |
itojun |
whitespace cleanup
|
#
1.41 |
|
29-May-2002 |
itojun |
move per-interface ip6/icmp6 stat to ifnet->if_afdata. sync w/kame
|
#
1.40 |
|
28-May-2002 |
itojun |
limit number of IPv6 fragments (not the fragment queue size) to fight against lots-of-frags DoS attacks. sync w/kame
|
Revision tags: netbsd-1-6-RC1 netbsd-1-6-base eeh-devprop-base
|
#
1.39 |
|
15-Mar-2002 |
itojun |
branches: 1.39.4; 1.39.6; have tcp6_drain
|
Revision tags: newlock-base ifpoll-base
|
#
1.38 |
|
21-Dec-2001 |
itojun |
call encap6_ctlinput on icmp6 against tunnelled packet. sync w/kame
|
#
1.37 |
|
21-Dec-2001 |
itojun |
use radix table for inbound tunnel lookup (would increase performance for machines with a lot of tunnels). update route cache for IPvX-over-IPv6 tunnel on path MTU discovery. snyc with kame
|
#
1.36 |
|
21-Dec-2001 |
itojun |
move in6_gif_hlim decl to in6_gif.c. sync with kame
|
#
1.35 |
|
21-Dec-2001 |
itojun |
move protosw fragment for gif/stf to their own source code. reduce #ifdef in stf code. sync with kame
|
#
1.34 |
|
13-Nov-2001 |
lukem |
add RCSIDs
|
Revision tags: thorpej-mips-cache-base
|
#
1.33 |
|
24-Oct-2001 |
itojun |
no tcp_fasttimo any more. PR 14333
|
#
1.32 |
|
24-Oct-2001 |
itojun |
more whitespace sync with kame
|
#
1.31 |
|
16-Oct-2001 |
itojun |
branches: 1.31.2; remove unused #define. sync whitespace/comment with kame.
|
#
1.30 |
|
15-Oct-2001 |
itojun |
implement IPV6_V6ONLY socket option from draft-ietf-ipngwg-rfc2553bis-03.txt. IPV6_BINDV6ONLY (netbsd only) is deprecated, but still work just like before.
|
Revision tags: thorpej-devvp-base3 thorpej-devvp-base2 post-chs-ubcperf pre-chs-ubcperf thorpej-devvp-base thorpej_scsipi_beforemerge thorpej_scsipi_nbase thorpej_scsipi_base
|
#
1.29 |
|
21-Mar-2001 |
thorpej |
branches: 1.29.2; Add a protosw flag, PR_ABRTACPTDIS (Abort on Accept of Disconnected Socket), and add it to the protocols that use that behavior (all PR_LISTEN protocols except for PF_LOCAL stream sockets).
|
#
1.28 |
|
01-Mar-2001 |
itojun |
branches: 1.28.2; make sure to enforce inbound ipsec policy checking, for any protocols on top of ip (check it when final header is visited). sync with kame. XXX kame team will need to re-check policy engine code
|
#
1.27 |
|
21-Feb-2001 |
itojun |
need PR_ADDR|PR_ATOMIC for IPPROTO_EON. fix typo. from chopps, sync with kame
|
#
1.26 |
|
20-Feb-2001 |
itojun |
ISO over IPv4/v6 by EON encapsulation. from chopps, sync with kame.
|
#
1.25 |
|
11-Feb-2001 |
itojun |
pull latest kame pcbnotify code. synchronizes ICMPv6 path mtu discovery behavior with other protocols (i.e. validation, use of hiwat/lowat).
|
#
1.24 |
|
11-Feb-2001 |
itojun |
whitespace sync with kame
|
#
1.23 |
|
19-Oct-2000 |
itojun |
remove #ifdef TCP6. it is not likely for us to bring in sys/netinet6/tcp6*.c (separate TCP/IPv6 stack) into netbsd-current.
|
#
1.22 |
|
18-Oct-2000 |
itojun |
verify ICMPv6 too big messages based on TCP pcbs, and/or IPsec SA. TODO: udp6, and sendto consideration. as pmtud is mandatory for IPv6, it is rather important for us to support those cases. TODO: more testing TODO: kame sync
|
#
1.21 |
|
10-Oct-2000 |
itojun |
sync with kame ($KAME$)
|
#
1.20 |
|
10-Oct-2000 |
enami |
Don't initialize TCP twice on v4/v6 dual stack kernel.
|
#
1.19 |
|
28-Jul-2000 |
itojun |
nuke the following sysctl variables. "ppsratelimit" should work better. need to recompile sbin/sysctl after updating /usr/include. net.inet.tcp.rstratelimit net.inet.icmp.errratelimit net.inet6.icmp6.errratelimit
|
#
1.18 |
|
06-Jul-2000 |
itojun |
- do not use bitfield for router renumbering header. - add protection mechanism against ND cache corruption due to bad NUD hints. - more stats - icmp6 pps limitation. TOOD: should implement ppsratecheck(9).
|
Revision tags: netbsd-1-5-ALPHA2 netbsd-1-5-base minoura-xpg4dl-base
|
#
1.17 |
|
19-Apr-2000 |
itojun |
branches: 1.17.4; introduce sys/netinet/ip_encap.c, to dispatch inbound packets to protocol handlers, based on src/dst (for ip proto #4/41). see comment in ip_encap.c for details of the problem we have. there are too many protocol specs for ip proto #4/41. backward compatibility with MROUTING case is now provided in ip_encap.c.
fix ipip to work with gif (using ip_encap.c). sorry for breakage.
gif now uses ip_encap.c.
introduce stf pseudo interface (implements 6to4, another IPv6-over-IPv4 code with ip proto #41).
|
#
1.16 |
|
26-Feb-2000 |
itojun |
implement rip6_ctlinput, to cope with routing changes correctly. (IMHO we need rip_ctlinput as well)
|
#
1.15 |
|
26-Feb-2000 |
itojun |
make it possible to throw IPv6 packet with proto=4/41. (in normal case we don't do it, but this is how IPv4 in_proto is written)
|
#
1.14 |
|
14-Feb-2000 |
thorpej |
Use ratecheck() for ICMP6 rate limiting.
|
Revision tags: chs-ubc2-newbase
|
#
1.13 |
|
06-Feb-2000 |
itojun |
fix include pathname for better rfc2292 compliance.
|
#
1.12 |
|
06-Jan-2000 |
itojun |
remove extra portability #ifdef (like #ifdef __FreeBSD__) in KAME IPv6/IPsec code, from netbsd-current repository. #ifdef'ed version is always available from ftp.kame.net.
XXX please do not make too many diff-unfriendly changes, we'll need to take bunch of diffs on upgrade...
|
#
1.11 |
|
06-Jan-2000 |
itojun |
make IPV6_BINDV6ONLY setsockopt available. it controls behavior of AF_INET6 wildcard listening socket. heavily documented in ip6(4). net.inet6.ip6.bindv6only defines default value. default is 1.
"options INET6_BINDV6ONLY" removes any code fragment that supports IPV6_BINDV6ONLY == 0 case (not defopt'ed as use of this is rare).
|
#
1.10 |
|
02-Jan-2000 |
itojun |
add net.inet6.icmp6.nodeinfo sysctl. this allows you to disable/enable ICMPv6 node information query/reply processing (which tells remote end the gethostname(3) setting, interface addresses on the node, and some other things - documented in draft-ietf-ipngwg-icmp-name-lookup* or something alike).
to test it, try ping6 -w ::1 with nodeinfo=0 and nodeinfo=1. (sync with kame change)
|
Revision tags: wrstuden-devbsize-19991221 wrstuden-devbsize-base
|
#
1.9 |
|
13-Dec-1999 |
itojun |
sync IPv6 part with latest KAME tree. IPsec part is left unmodified due to massive changes in KAME side. - IPv6 output goes through nd6_output - faith can capture IPv4 packets as well - you can run IPv4-to-IPv6 translator using heavily modified DNS servers - per-interface statistics (required for IPv6 MIB) - interface autoconfig is revisited - udp input handling has a big change for mapped address support. - introduce in4_cksum() for non-overwriting checksumming - introduce m_pulldown() - neighbor discovery cleanups/improvements - netinet/in.h strictly conforms to RFC2553 (no extra defs visible to userland) - IFA_STATS is fixed a bit (not tested) - and more more more.
TODO: - cleanup os-independency #ifdef - avoid rcvif dual use (for IPsec) to help ifdetach
(sorry for jumbo commit, I can't separate this any more...)
|
Revision tags: comdex-fall-1999-base fvdl-softdep-base chs-ubc2-base
|
#
1.8 |
|
31-Jul-1999 |
itojun |
branches: 1.8.2; 1.8.8; sync with recent KAME. - loosen ipsec restriction on packet diredtion. - revise icmp6 redirect handling on IsRouter bit. - tcp/udp notification processing (link-local address case) - cosmetic fixes (better code share across *BSD).
|
#
1.7 |
|
30-Jul-1999 |
itojun |
remove reference to in6_systm.h (file itself will be removed afterwords)
|
#
1.6 |
|
27-Jul-1999 |
explorer |
Fix a problem where tcp_slowtimo was called twice, once for ipv4 tcp and once for ipv6. This patch makes the ipv6 case pass NULLs in for fast and slow timeouts iff defined(INET) and passes in the right function if !defined(INET).
Reveiwed by itojun@iijlab.net.
|
#
1.5 |
|
22-Jul-1999 |
itojun |
change unnecessary u_long/long into u_int32_t or something relevant. more fixes should follow.
|
#
1.4 |
|
09-Jul-1999 |
thorpej |
defopt IPSEC and IPSEC_ESP (both into opt_ipsec.h).
|
#
1.3 |
|
03-Jul-1999 |
thorpej |
RCS ID police.
|
#
1.2 |
|
01-Jul-1999 |
itojun |
branches: 1.2.2; IPv6 kernel code, based on KAME/NetBSD 1.4, SNAP kit 19990628. (Sorry for a big commit, I can't separate this into several pieces...) Pls check sys/netinet6/TODO and sys/netinet6/IMPLEMENTATION for details.
- sys/kern: do not assume single mbuf, accept chained mbuf on passing data from userland to kernel (or other way round). - "midway" ATM card: ATM PVC pseudo device support, like those done in ALTQ package (ftp://ftp.csl.sony.co.jp/pub/kjc/). - sys/netinet/tcp*: IPv4/v6 dual stack tcp support. - sys/netinet/{ip6,icmp6}.h, sys/net/pfkeyv2.h: IETF document assumes those file to be there so we patch it up. - sys/netinet: IPsec additions are here and there. - sys/netinet6/*: most of IPv6 code sits here. - sys/netkey: IPsec key management code - dev/pci/pcidevs: regen
In my understanding no code here is subject to export control so it should be safe.
|
#
1.1 |
|
28-Jun-1999 |
itojun |
branches: 1.1.2; file in6_proto.c was initially added on branch kame.
|
Revision tags: isaki-audio2-base pgoyette-compat-20190127 pgoyette-compat-20190118 pgoyette-compat-1226 pgoyette-compat-1126 pgoyette-compat-1020 pgoyette-compat-0930 pgoyette-compat-0906
|
#
1.126 |
|
14-Aug-2018 |
maxv |
Retire EtherIP, we have L2TP instead.
|
Revision tags: pgoyette-compat-0728 phil-wifi-base pgoyette-compat-0625 pgoyette-compat-0521
|
#
1.125 |
|
11-May-2018 |
roy |
Increase the default size of some receive buffers from 8k to 16k. This mitigates recent reports of socket overflow errors and fixes PR bin/53247.
|
#
1.124 |
|
03-May-2018 |
maxv |
Remove now unused tcpip.h includes. Some were already unused before.
|
#
1.123 |
|
03-May-2018 |
maxv |
Remove net_osdep.h completely.
|
Revision tags: pgoyette-compat-0502 pgoyette-compat-0422 pgoyette-compat-0415 pgoyette-compat-0407 pgoyette-compat-0330 pgoyette-compat-0322 pgoyette-compat-0315
|
#
1.122 |
|
15-Mar-2018 |
maxv |
Add the PR_LASTHDR flag on the PFsync and CARP entries. Otherwise a "require" IPsec policy is not enforced on them, and unauthenticated packets will be accepted.
Tested with a require-AH configuration. Sent on tech-net@, no comment.
|
Revision tags: pgoyette-compat-base
|
#
1.121 |
|
07-Feb-2018 |
maxv |
branches: 1.121.2; Style, and localify IPV6FORWARDING. No functional change.
|
#
1.120 |
|
07-Feb-2018 |
maxv |
Change ip6_hdrnestlimit to be 15 instead of 50. I couldn't find any reference in RFCs about what a correct limit should be, but FreeBSD already uses 15.
If an IPv6 packet has 50 options, there is clearly something wrong with it.
|
Revision tags: tls-maxphys-base-20171202
|
#
1.119 |
|
27-Sep-2017 |
ozaki-r |
Take softnet_lock on pr_input properly if NET_MPSAFE
Currently softnet_lock is taken unnecessarily in some cases, e.g., icmp_input and encap4_input from ip_input, or not taken even if needed, e.g., udp_input and tcp_input from ipsec4_common_input_cb. Fix them.
NFC if NET_MPSAFE is disabled (default).
|
#
1.118 |
|
21-Sep-2017 |
ozaki-r |
Invalidate rtcache based on a global generation counter
The change introduces a global generation counter that is incremented when any routes have been added or deleted. When a rtcache caches a rtentry into itself, it also stores a snapshot of the generation counter. If the snapshot equals to the global counter, the cache is still valid, otherwise invalidated.
One drawback of the change is that all rtcaches of all protocol families are invalidated when any routes of any protocol families are added or deleted. If that matters, we should have separate generation counters based on protocol families.
This change removes LIST_ENTRY from struct route, which fixes a part of PR kern/52515.
|
Revision tags: nick-nhusb-base-20170825 perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1
|
#
1.117 |
|
14-Apr-2017 |
ozaki-r |
branches: 1.117.4; Rumpify netipsec
Note that we should modularize netipsec and reduce reverse symbol references (referencing symbols of netipsec from net, netinet and netinet6) though, the task needs lots of code changes. Prior to doing so, rumpifying it and having ATF tests should be useful.
|
Revision tags: jdolecek-ncq-base pgoyette-localcount-20170320
|
#
1.116 |
|
16-Feb-2017 |
knakahara |
add l2tp(4) L2TPv3 interface.
originally implemented by IIJ SEIL team.
|
#
1.115 |
|
13-Feb-2017 |
ozaki-r |
Protect mtudisc and redirect stuffs of icmp/icmp6 with mutex
We have to run pr_init of icmp and icmp6 prior to tcp and tcp6 ones for mutex initialization.
|
Revision tags: nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107
|
#
1.114 |
|
13-Dec-2016 |
ozaki-r |
branches: 1.114.2; Remove unnecessary inclusions of nd6.h
|
Revision tags: nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907
|
#
1.113 |
|
06-Jul-2016 |
ozaki-r |
branches: 1.113.2; Move in6_ifaddr_list to a more proper place (from ip6_input.c to in6.c)
It's a similar place as the IPv4 address list, i.e., in.c.
More varibles will join together.
|
Revision tags: nick-nhusb-base-20160529
|
#
1.112 |
|
26-Apr-2016 |
ozaki-r |
Sweep unnecessary route.h inclusions
|
Revision tags: nick-nhusb-base-20160422
|
#
1.111 |
|
11-Apr-2016 |
ozaki-r |
Sweep unncessary radix.h inclusions
|
Revision tags: nick-nhusb-base-20160319
|
#
1.110 |
|
21-Jan-2016 |
riastradh |
Revert previous: ran cvs commit when I meant cvs diff. Sorry!
Hit up-arrow one too few times.
|
#
1.109 |
|
21-Jan-2016 |
riastradh |
Give proper prototype to ip_output.
|
#
1.108 |
|
20-Jan-2016 |
riastradh |
Eliminate struct protosw::pr_output.
You can't use this unless you know what it is a priori: the formal prototype is variadic, and the different instances (e.g., ip_output, route_output) have different real prototypes.
Convert the only user of it, raw_send in net/raw_cb.c, to take an explicit callback argument. Convert the only instances of it, route_output and key_output, to such explicit callbacks for raw_send. Use assertions to make sure the conversion to explicit callbacks is warranted.
Discussed on tech-net with no objections: https://mail-index.netbsd.org/tech-net/2016/01/16/msg005484.html
|
Revision tags: nick-nhusb-base-20151226
|
#
1.107 |
|
13-Oct-2015 |
rjs |
Add core networking support for SCTP.
|
Revision tags: nick-nhusb-base-20150921
|
#
1.106 |
|
24-Aug-2015 |
pooka |
sprinkle _KERNEL_OPT
|
Revision tags: nick-nhusb-base-20150606
|
#
1.105 |
|
22-Apr-2015 |
roy |
Move INET6 specific in6_if_{up,down}() and in6_if_link_{up,down}() into agnostic domain functions.
|
Revision tags: nick-nhusb-base-20150406
|
#
1.104 |
|
10-Feb-2015 |
rjs |
Add DCCP protocol support from KAME.
|
Revision tags: netbsd-7-2-RELEASE netbsd-7-1-2-RELEASE netbsd-7-1-1-RELEASE netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.103 |
|
05-Jun-2014 |
rmind |
branches: 1.103.4; - Implement pktqueue interface for lockless IP input queue. - Replace ipintrq and ip6intrq with the pktqueue mechanism. - Eliminate kernel-lock from ipintr() and ip6intr(). - Some preparation work to push softnet_lock out of ipintr().
Discussed on tech-net.
|
#
1.102 |
|
22-May-2014 |
rmind |
Move udp6_input(), udp6_sendup(), udp6_realinput() and udp6_input_checksum() from udp_usrreq.c to udp6_usrreq.c where they belong. No functional change.
|
Revision tags: rmind-smpnet-nbase rmind-smpnet-base
|
#
1.101 |
|
18-May-2014 |
rmind |
Add struct pr_usrreqs with a pr_generic function and prepare for the dismantling of pr_usrreq in the protocols; no functional change intended. PRU_ATTACH/PRU_DETACH changes will follow soon.
Bump for struct protosw. Welcome to 6.99.62!
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3
|
#
1.100 |
|
02-Jan-2014 |
pooka |
branches: 1.100.2; Allow kernels compiled with INET+INET6 to be booted as IPv4-only or IPv6-only.
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base
|
#
1.99 |
|
05-Jun-2013 |
christos |
branches: 1.99.2; IPSEC has not come in two speeds for a long time now (IPSEC == kame, FAST_IPSEC). Make everything refer to IPSEC to avoid confusion.
|
Revision tags: agc-symver-base
|
#
1.98 |
|
01-Mar-2013 |
joerg |
Retire OSI network stack. OK core@
|
Revision tags: yamt-pagecache-base8 yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.97 |
|
23-Jun-2012 |
christos |
branches: 1.97.2; 4 new sysctls to avoid ipv6 DoS attacks from OpenBSD
|
Revision tags: jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8
|
#
1.96 |
|
22-Mar-2012 |
drochner |
remove KAME IPSEC, replaced by FAST_IPSEC
|
Revision tags: netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 jmcneill-usbmp-base7 jmcneill-usbmp-base6 jmcneill-usbmp-base5 jmcneill-usbmp-base4 jmcneill-usbmp-base3 jmcneill-usbmp-base2 netbsd-6-base
|
#
1.95 |
|
31-Dec-2011 |
christos |
branches: 1.95.2; 1.95.6; 1.95.8; - fix offsetof usage, and redundant defines - kill pointer casts to 0
|
#
1.94 |
|
19-Dec-2011 |
drochner |
rename the IPSEC in-kernel CPP variable and config(8) option to KAME_IPSEC, and make IPSEC define it so that existing kernel config files work as before Now the default can be easily be changed to FAST_IPSEC just by setting the IPSEC alias to FAST_IPSEC.
|
Revision tags: jmcneill-usbmp-pre-base2 jmcneill-usbmp-base jmcneill-audiomp3-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base
|
#
1.93 |
|
24-Sep-2011 |
christos |
branches: 1.93.2; 1.93.6; Add inet6 part of the rfc6056 code contributed by Vlad Balan as part of Google SoC-2011
|
Revision tags: rmind-uvmplock-nbase cherry-xenmp-base rmind-uvmplock-base
|
#
1.92 |
|
24-May-2011 |
spz |
RA flood mitigation via a limit on accepted routes: - introduce a limit for the routes accepted via IPv6 Router Advertisement: a common 2 interface client will have 6, the default limit is 100 and can be adjusted via sysctl - report the current number of routes installed via RA via sysctl - count discarded route additions. Note that one RA message is two routes. This is at present only across all interfaces even though per-interface would be more useful, since the per-interface structure complies to RFC2466 - bump kernel version due to the previous change - adjust netstat to use the new value (with netstat -p icmp6)
|
#
1.91 |
|
03-May-2011 |
dyoung |
*_drain() routines may be called with locks held, so instead of doing any work in *_drain(), set a drain-needed flag. Do the work in the fasttimo handler.
Contributed by Coyote Point Systems, Inc.
|
#
1.90 |
|
31-Mar-2011 |
dyoung |
Hide the radix-trie implementation of the forwarding table so that we will have an easier time replacing it with something different, even if it is a second radix-trie implementation.
sys/net/route.c and sys/net/rtsock.c no longer operate directly on radix_nodes or radix_node_heads.
Hopefully this will reduce the temptation to implement multipath or source-based routing using grotty hacks to the grotty old radix-trie code, too. :-)
|
Revision tags: bouyer-quota2-nbase bouyer-quota2-base jruoho-x86intr-base matt-mips64-premerge-20101231 uebayasi-xip-base4 uebayasi-xip-base3 yamt-nfs-mp-base11
|
#
1.89 |
|
24-Aug-2010 |
jakllsch |
branches: 1.89.2; Make the EtherIP in IPv6 input path work. XXX: Figure out if we really need a separate protosw for IPv6.
|
Revision tags: uebayasi-xip-base2 yamt-nfs-mp-base10 uebayasi-xip-base1 yamt-nfs-mp-base9 uebayasi-xip-base
|
#
1.88 |
|
04-Feb-2010 |
joerg |
branches: 1.88.2; 1.88.4; Explicitly include opt_gateway.h when depending on GATEWAY.
|
Revision tags: matt-premerge-20091211 yamt-nfs-mp-base8 jym-xensuspend-nbase
|
#
1.87 |
|
11-Sep-2009 |
dyoung |
Make ifconfig(8) set and display preference numbers for IPv6 addresses. Make the kernel support SIOC[SG]IFADDRPREF for IPv6 interface addresses.
In in6ifa_ifpforlinklocal(), consult preference numbers before making an otherwise arbitrary choice of in6_ifaddr. Otherwise, preference numbers are *not* consulted by the kernel, but that will be rather easy for somebody with a little bit of free time to fix.
Please note that setting the preference number for a link-local IPv6 address does not work right, yet, but that ought to be fixed soon.
In support of the changes above,
1 Add a method to struct domain for "externalizing" a sockaddr, and provide an implementation for IPv6. Expect more work in this area: it may be more proper to say that the IPv6 implementation "internalizes" a sockaddr. Add sockaddr_externalize().
2 Add a subroutine, sofamily(), that returns a struct socket's address family or AF_UNSPEC.
3 Make a lot of IPv4-specific code generic, and move it from sys/netinet/ to sys/net/ for re-use by IPv6 parts of the kernel and ifconfig(8).
|
#
1.86 |
|
11-Sep-2009 |
dyoung |
Nothing uses sockaddr_in6_cmp() right now, and the generic sockaddr_cmp() is probably as fast or faster than calling sockaddr_in6_cmp() through a function pointer, so let's stop compiling it.
|
#
1.85 |
|
21-Aug-2009 |
tsutsui |
Fix error on kernels with options IPSEC without options IPSEC_ESP. Found on building evbppc/conf/PMPPC.
|
Revision tags: yamt-nfs-mp-base7 jymxensuspend-base yamt-nfs-mp-base6 yamt-nfs-mp-base5 yamt-nfs-mp-base4 yamt-nfs-mp-base3 nick-hppapmap-base4 nick-hppapmap-base3 jym-xensuspend-base nick-hppapmap-base
|
#
1.84 |
|
23-Mar-2009 |
liamjfoy |
Init ip6flow pool dynamically instead of using a linkset.
|
Revision tags: nick-hppapmap-base2 haad-dm-base2 haad-nbase2 ad-audiomp2-base haad-dm-base mjf-devfs2-base
|
#
1.83 |
|
25-Nov-2008 |
pooka |
branches: 1.83.4; Make dom_maxrtkey of inet/inet6domain the size of the ip_encap pack structures. This is far from optimal, but gets rid of iffy #ifdef INET in radix.c. The radix bonsai still needs lots of love before loading domains dynamically is possible...
|
Revision tags: netbsd-5-1-5-RELEASE netbsd-5-1-4-RELEASE netbsd-5-1-3-RELEASE netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE matt-nb5-mips64-premerge-20101231 netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 netbsd-5-base matt-mips64-base2 haad-dm-base1 wrstuden-revivesa-base-4 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 wrstuden-revivesa-base-1 simonb-wapbl-nbase yamt-pf42-base4 simonb-wapbl-base yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-base2 yamt-nfs-mp-base2 wrstuden-revivesa-base yamt-nfs-mp-base
|
#
1.82 |
|
24-Apr-2008 |
ad |
branches: 1.82.2; 1.82.8; 1.82.10; 1.82.12; Merge the socket locking patch:
- Socket layer becomes MP safe. - Unix protocols become MP safe. - Allows protocol processing interrupts to safely block on locks. - Fixes a number of race conditions.
With much feedback from matt@ and plunky@.
|
#
1.81 |
|
23-Apr-2008 |
thorpej |
Make IPSEC and FAST_IPSEC stats per-cpu. Use <net/net_stats.h> and netstat_sysctl().
|
Revision tags: yamt-pf42-baseX yamt-pf42-base
|
#
1.80 |
|
15-Apr-2008 |
thorpej |
branches: 1.80.2; Make pim6 stats per-cpu.
|
Revision tags: ad-socklock-base1 yamt-lazymbuf-base15 yamt-lazymbuf-base14 keiichi-mipv6-nbase nick-net80211-sync-base keiichi-mipv6-base bouyer-xeni386-merge1 vmlocking2-base3 bouyer-xeni386-nbase yamt-kmem-base3 cube-autoconf-base yamt-kmem-base2 bouyer-xeni386-base yamt-kmem-base vmlocking2-base2 reinoud-bufcleanup-nbase vmlocking2-base1 matt-armv6-nbase jmcneill-base mjf-devfs-base bouyer-xenamd64-base2 vmlocking-nbase yamt-x86pmap-base4 bouyer-xenamd64-base yamt-x86pmap-base3 yamt-x86pmap-base2 yamt-x86pmap-base matt-armv6-base jmcneill-pm-base hpcarm-cleanup-base reinoud-bufcleanup-base vmlocking-base
|
#
1.79 |
|
19-Sep-2007 |
dyoung |
branches: 1.79.16; 1.79.20; 1) Introduce a new socket option, (SOL_SOCKET, SO_NOHEADER), that tells a socket that it should both add a protocol header to tx'd datagrams and remove the header from rx'd datagrams:
int onoff = 1, s = socket(...); setsockopt(s, SOL_SOCKET, SO_NOHEADER, &onoff);
2) Add an implementation of (SOL_SOCKET, SO_NOHEADER) for raw IPv4 sockets.
3) Reorganize the protocols' pr_ctloutput implementations a bit. Consistently return ENOPROTOOPT when an option is unsupported, and EINVAL if a supported option's arguments are incorrect. Reorganize the flow of code so that it's more clear how/when options are passed down the stack until they are handled.
Shorten some pr_ctloutput staircases for readability.
4) Extract common mbuf code into subroutines, add new sockaddr methods, and introduce a new subroutine, fsocreate(), for reuse later; use it first in sys_socket():
struct mbuf *m_getsombuf(struct socket *so)
Create an mbuf and make its owner the socket `so'.
struct mbuf *m_intopt(struct socket *so, int val)
Create an mbuf, make its owner the socket `so', put the int `val' into it, and set its length to sizeof(int).
int fsocreate(..., int *fd)
Create a socket, a la socreate(9), put the socket into the given LWP's descriptor table, return the descriptor at `fd' on success.
void *sockaddr_addr(struct sockaddr *sa, socklen_t *slenp) const void *sockaddr_const_addr(const struct sockaddr *sa, socklen_t *slenp)
Extract a pointer to the address part of a sockaddr. Write the length of the address part at `slenp', if `slenp' is not NULL.
socklen_t sockaddr_getlen(const struct sockaddr *sa)
Return the length of a sockaddr. This just evaluates to sa->sa_len. I only add this for consistency with code that appears in a portable userland library that I am going to import.
const struct sockaddr *sockaddr_any(const struct sockaddr *sa)
Return the "don't care" sockaddr in the same family as `sa'. This is the address a client should sobind(9) if it does not care the source address and, if applicable, the port et cetera that it uses.
const void *sockaddr_anyaddr(const struct sockaddr *sa, socklen_t *slenp)
Return the "don't care" sockaddr in the same family as `sa'. This is the address a client should sobind(9) if it does not care the source address and, if applicable, the port et cetera that it uses.
|
Revision tags: nick-csl-alignment-base5
|
#
1.78 |
|
30-Aug-2007 |
dyoung |
Use malloc(9) for sockaddrs instead of pool(9), and remove dom_sa_pool and dom_sa_len members from struct domain. Pools of fixed-size objects are too rigid for sockaddr_dls, whose size can vary over a wide range.
Return sockaddr_dl to its "historical" size. Now that I'm using malloc(9) instead of pool(9) to allocate sockaddr_dl, I can create a sockaddr_dl of any size in the kernel, so expanding sockaddr_dl is useless.
Avoid using sizeof(struct sockaddr_dl) in the kernel.
Introduce sockaddr_dl_alloc() for allocating & initializing an arbitrary sockaddr_dl on the heap.
Add an argument, the sockaddr length, to sockaddr_alloc(), sockaddr_copy(), and sockaddr_dl_setaddr().
Constify: LLADDR() -> CLLADDR().
Where the kernel overwrites LLADDR(), use sockaddr_dl_setaddr(), instead. Used properly, sockaddr_dl_setaddr() will not overrun the end of the sockaddr.
|
Revision tags: matt-mips64-base nick-csl-alignment-base yamt-idlelwp-base8 mjf-ufs-trans-base
|
#
1.77 |
|
06-May-2007 |
dyoung |
branches: 1.77.2; 1.77.6; 1.77.8; In AppleTalk, IPv4, and IPv6 routing domains, help sockaddr_cmp() avoid an indirect function call by comparing the family, length, and bytes [dom->dom_sa_cmpofs, dom->dom_sa_cmpofs + dom->dom_sa_cmplen), corresponding to the the sockaddrs' "address" members.
For ISO, actually use sockaddr_iso_cmp, for a change. Thanks to yamt@ for pointing out my error.
|
#
1.76 |
|
02-May-2007 |
dyoung |
Eliminate address family-specific route caches (struct route, struct route_in6, struct route_iso), replacing all caches with a struct route.
The principle benefit of this change is that all of the protocol families can benefit from route cache-invalidation, which is necessary for correct routing. Route-cache invalidation fixes an ancient PR, kern/3508, at long last; it fixes various other PRs, also.
Discussions with and ideas from Joerg Sonnenberger influenced this work tremendously. Of course, all design oversights and bugs are mine.
DETAILS
1 I added to each address family a pool of sockaddrs. I have introduced routines for allocating, copying, and duplicating, and freeing sockaddrs:
struct sockaddr *sockaddr_alloc(sa_family_t af, int flags); struct sockaddr *sockaddr_copy(struct sockaddr *dst, const struct sockaddr *src); struct sockaddr *sockaddr_dup(const struct sockaddr *src, int flags); void sockaddr_free(struct sockaddr *sa);
sockaddr_alloc() returns either a sockaddr from the pool belonging to the specified family, or NULL if the pool is exhausted. The returned sockaddr has the right size for that family; sa_family and sa_len fields are initialized to the family and sockaddr length---e.g., sa_family = AF_INET and sa_len = sizeof(struct sockaddr_in). sockaddr_free() puts the given sockaddr back into its family's pool.
sockaddr_dup() and sockaddr_copy() work analogously to strdup() and strcpy(), respectively. sockaddr_copy() KASSERTs that the family of the destination and source sockaddrs are alike.
The 'flags' argumet for sockaddr_alloc() and sockaddr_dup() is passed directly to pool_get(9).
2 I added routines for initializing sockaddrs in each address family, sockaddr_in_init(), sockaddr_in6_init(), sockaddr_iso_init(), etc. They are fairly self-explanatory.
3 structs route_in6 and route_iso are no more. All protocol families use struct route. I have changed the route cache, 'struct route', so that it does not contain storage space for a sockaddr. Instead, struct route points to a sockaddr coming from the pool the sockaddr belongs to. I added a new method to struct route, rtcache_setdst(), for setting the cache destination:
int rtcache_setdst(struct route *, const struct sockaddr *);
rtcache_setdst() returns 0 on success, or ENOMEM if no memory is available to create the sockaddr storage.
It is now possible for rtcache_getdst() to return NULL if, say, rtcache_setdst() failed. I check the return value for NULL everywhere in the kernel.
4 Each routing domain (struct domain) has a list of live route caches, dom_rtcache. rtflushall(sa_family_t af) looks up the domain indicated by 'af', walks the domain's list of route caches and invalidates each one.
|
Revision tags: thorpej-atomic-base
|
#
1.75 |
|
07-Mar-2007 |
liamjfoy |
branches: 1.75.2; 1.75.4; Add IPv6 Fast Forward - the IPv4 counterpart:
If ip6_forward successfully forwards a packet, a cache, in this case a ip6flow struct entry, will be created. ether_input and friends will then be able to call ip6flow_fastforward with the packet which will then be passed to if_output (unless an issue is found - in that case the packet is passed back to ip6_input).
ok matt@ christos@ dyoung@ and joerg@
|
#
1.74 |
|
06-Mar-2007 |
liamjfoy |
Fix some style issues - no functional change
|
#
1.73 |
|
27-Feb-2007 |
degroote |
Initialize fast_ipsec entry in the protocol switch with structure initializers as other entries.
|
Revision tags: ad-audiomp-base
|
#
1.72 |
|
19-Feb-2007 |
dyoung |
Initialize protocol switch with structure initializers.
|
#
1.71 |
|
17-Feb-2007 |
dyoung |
0 -> NULL
|
#
1.70 |
|
10-Feb-2007 |
degroote |
branches: 1.70.2; Commit my SoC work Add ipv6 support for fast_ipsec Note that currently, packet with extensions headers are not correctly supported Change the ipcomp logic
|
Revision tags: post-newlock2-merge newlock2-nbase yamt-splraiseipl-base5 yamt-splraiseipl-base4 yamt-splraiseipl-base3 newlock2-base
|
#
1.69 |
|
09-Dec-2006 |
dyoung |
Here are various changes designed to protect against bad IPv4 routing caused by stale route caches (struct route). Route caches are sprinkled throughout PCBs, the IP fast-forwarding table, and IP tunnel interfaces (gre, gif, stf).
Stale IPv6 and ISO route caches will be treated by separate patches.
Thank you to Christoph Badura for suggesting the general approach to invalidating route caches that I take here.
Here are the details:
Add hooks to struct domain for tracking and for invalidating each domain's route caches: dom_rtcache, dom_rtflush, and dom_rtflushall.
Introduce helper subroutines, rtflush(ro) for invalidating a route cache, rtflushall(family) for invalidating all route caches in a routing domain, and rtcache(ro) for notifying the domain of a new cached route.
Chain together all IPv4 route caches where ro_rt != NULL. Provide in_rtcache() for adding a route to the chain. Provide in_rtflush() and in_rtflushall() for invalidating IPv4 route caches. In in_rtflush(), set ro_rt to NULL, and remove the route from the chain. In in_rtflushall(), walk the chain and remove every route cache.
In rtrequest1(), call rtflushall() to invalidate route caches when a route is added.
In gif(4), discard the workaround for stale caches that involves expiring them every so often.
Replace the pattern 'RTFREE(ro->ro_rt); ro->ro_rt = NULL;' with a call to rtflush(ro).
Update ipflow_fastforward() and all other users of route caches so that they expect a cached route, ro->ro_rt, to turn to NULL.
Take care when moving a 'struct route' to rtflush() the source and to rtcache() the destination.
In domain initializers, use .dom_xxx tags.
KNF here and there.
|
Revision tags: netbsd-4-base
|
#
1.68 |
|
23-Nov-2006 |
rpaulo |
branches: 1.68.2; 1.68.4; New EtherIP driver based on tap(4) and gif(4) by Hans Rosenfeld. Notable changes: * Fixes PR 34268. * Separates the code from gif(4) (which is more cleaner). * Allows the usage of STP (Spanning Tree Protocol). * Removed EtherIP implementation from gif(4)/tap(4).
Some input from Christos.
|
Revision tags: yamt-splraiseipl-base2
|
#
1.67 |
|
10-Oct-2006 |
dogcow |
change the MOWNER_INIT define to take two args; fix extant struct mowner decls to use it. Makes options MBUFTRACE compile again and not whinge about missing structure declarations. (Also makes initialization consistent.)
|
Revision tags: yamt-splraiseipl-base yamt-pdpolicy-base9 yamt-pdpolicy-base8 rpaulo-netinet-merge-pcb-base
|
#
1.66 |
|
30-Aug-2006 |
christos |
branches: 1.66.2; 1.66.4; add missing initializers
|
#
1.65 |
|
28-Aug-2006 |
christos |
remove extra members
|
#
1.64 |
|
25-Aug-2006 |
matt |
One step closer to loadable domains. Store pointers to a domain's soft interrupt queues so if_detach can remove packets to removed interfaces from them. This eliminates a lot of conditional ugly code in if.c
|
Revision tags: abandoned-netbsd-4-base yamt-pdpolicy-base7 yamt-pdpolicy-base6 chap-midi-nbase gdamore-uart-base yamt-pdpolicy-base5 chap-midi-base simonb-timecounters-base
|
#
1.63 |
|
18-May-2006 |
liamjfoy |
Integrate Common Address Redundancy Procotol (CARP) from OpenBSD
'pseudo-device carp'
Thanks to: joerg@ christos@ riz@ and others who tested Ok: core@
|
Revision tags: yamt-pdpolicy-base4 yamt-pdpolicy-base3 peter-altq-base yamt-pdpolicy-base2 elad-kernelauth-base
|
#
1.62 |
|
05-Mar-2006 |
rpaulo |
branches: 1.62.4; NDP-related improvements: RFC4191 - supports host-side router-preference
RFC3542 - if DAD fails on a interface, disables IPv6 operation on the interface - don't advertise MLD report before DAD finishes
Others - fixes integer overflow for valid and preferred lifetimes - improves timer granularity for MLD, using callout-timer. - reflects rtadvd's IPv6 host variable information into kernel (router only) - adds a sysctl option to enable/disable pMTUd for multicast packets - performs NUD on PPP/GRE interface by default - Redirect works regardless of ip6_accept_rtadv - removes RFC1885-related code
From the KAME project via SUZUKI Shinsuke. Reviewed by core.
|
Revision tags: yamt-pdpolicy-base yamt-uio_vmspace-base5
|
#
1.61 |
|
11-Dec-2005 |
christos |
branches: 1.61.4; 1.61.6; 1.61.8; merge ktrace-lwp.
|
Revision tags: yamt-readahead-base3 yamt-readahead-base2 yamt-readahead-pervnode yamt-readahead-perfile yamt-readahead-base yamt-vop-base3 yamt-vop-base2 thorpej-vnode-attr-base yamt-vop-base ktrace-lwp-base
|
#
1.60 |
|
19-Jul-2005 |
gdt |
Add PR_PURGEIF flag for protocols to indicate that the protocol might store a struct ifnet *, and define it for udp/tcp/rawip for INET and INET6. When deleting a struct ifnet, invoke PRU_PURGEIF on all protocols marked with PR_PURGEIF. Closes PR kern/29580 (mine).
|
#
1.59 |
|
29-May-2005 |
christos |
branches: 1.59.2; - avoid shadowed variables - sprinkle const.
|
Revision tags: yamt-km-base4 yamt-km-base3 netbsd-3-base yamt-km-base2 yamt-km-base kent-audio2-base
|
#
1.58 |
|
23-Jan-2005 |
matt |
branches: 1.58.6; Change initialzie of domains to use link sets. Switch to using STAILQ. Add a convenience macro DOMAIN_FOREACH to interate through the domain.
|
Revision tags: kent-audio1-beforemerge kent-audio1-base
|
#
1.57 |
|
22-Apr-2004 |
matt |
branches: 1.57.4; Constify protosw arrays. This can reduce the kernel .data section by over 4K (if all the network protocols) are loaded.
|
Revision tags: netbsd-2-0-3-RELEASE netbsd-2-1-RELEASE netbsd-2-1-RC6 netbsd-2-1-RC5 netbsd-2-1-RC4 netbsd-2-1-RC3 netbsd-2-1-RC2 netbsd-2-1-RC1 netbsd-2-0-2-RELEASE netbsd-2-0-1-RELEASE netbsd-2-base netbsd-2-0-RELEASE netbsd-2-0-RC5 netbsd-2-0-RC4 netbsd-2-0-RC3 netbsd-2-0-RC2 netbsd-2-0-RC1 netbsd-2-0-base
|
#
1.56 |
|
04-Dec-2003 |
atatat |
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(), vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all nodes are registered with the tree, and nodes can be added (or removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to number (and back again) can now be discovered, instead of having to be hard coded. Adding new nodes to the tree is likewise much simpler -- the new infrastructure handles almost all the work for simple types, and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking), so all existing consumers of sysctl information should notice no difference.
PS - I'm sorry, but there's a distinct lack of documentation at the moment. I'm working on sysctl(3/8/9) right now, and I promise to watch out for buses.
|
#
1.55 |
|
03-Nov-2003 |
briggs |
Revert the change in default value of ipv6_v6only. Further discussion on this topic is required. It should be reintroduced and pursued in the IETF.
|
#
1.54 |
|
28-Oct-2003 |
briggs |
Toggle the default value of ip6_v6only. Also provide a sample sysctl to retain the existing behavior.
|
#
1.53 |
|
06-Sep-2003 |
itojun |
randomize IPv4/v6 fragment ID and IPv6 flowlabel. avoids predictability of these fields. ip_id.c is from openbsd. ip6_id.c is adapted by kame.
|
#
1.52 |
|
05-Sep-2003 |
itojun |
call tcp_drain() if IPv4-less kernel
|
#
1.51 |
|
04-Sep-2003 |
itojun |
revamp inpcb/in6pcb so that they are more aligned with each other. in6pcb lookup now uses hash(9).
|
#
1.50 |
|
14-Aug-2003 |
itojun |
enforce ipsec policy on raw wildcard.
|
#
1.49 |
|
07-Aug-2003 |
agc |
Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22364, verified by myself.
|
#
1.48 |
|
07-Aug-2003 |
itojun |
make net.inet6.ip6.redirect actually work. from Tomoyuki Sahara via kame
|
#
1.47 |
|
17-Apr-2003 |
thorpej |
branches: 1.47.2; Protect the definition of offsetof().
|
Revision tags: nathanw_sa_before_merge fvdl_fs64_base gmcgarry_ctxsw_base gmcgarry_ucred_base nathanw_sa_base
|
#
1.46 |
|
11-Nov-2002 |
itojun |
pmtu_probe is not used anywhere (it is used in KAME TCP6-only code). From: Krister Walfridsson <cato@df.lth.se>
|
Revision tags: kqueue-aftermerge kqueue-beforemerge gehenna-devsw-base kqueue-base
|
#
1.45 |
|
20-Aug-2002 |
itojun |
sync up use_deprecated handling with latest kame. - bind(deprecated) is allowed, trusting userland app is doing the right thing - use_deprecated default to 1
|
#
1.44 |
|
17-Aug-2002 |
itojun |
set default value for use_deprecated to 0, to avoid consequences with ftpd.
|
#
1.43 |
|
09-Jun-2002 |
itojun |
whitespace cleanup
|
#
1.42 |
|
08-Jun-2002 |
itojun |
whitespace cleanup
|
#
1.41 |
|
29-May-2002 |
itojun |
move per-interface ip6/icmp6 stat to ifnet->if_afdata. sync w/kame
|
#
1.40 |
|
28-May-2002 |
itojun |
limit number of IPv6 fragments (not the fragment queue size) to fight against lots-of-frags DoS attacks. sync w/kame
|
Revision tags: netbsd-1-6-RC1 netbsd-1-6-base eeh-devprop-base
|
#
1.39 |
|
15-Mar-2002 |
itojun |
branches: 1.39.4; 1.39.6; have tcp6_drain
|
Revision tags: newlock-base ifpoll-base
|
#
1.38 |
|
21-Dec-2001 |
itojun |
call encap6_ctlinput on icmp6 against tunnelled packet. sync w/kame
|
#
1.37 |
|
21-Dec-2001 |
itojun |
use radix table for inbound tunnel lookup (would increase performance for machines with a lot of tunnels). update route cache for IPvX-over-IPv6 tunnel on path MTU discovery. snyc with kame
|
#
1.36 |
|
21-Dec-2001 |
itojun |
move in6_gif_hlim decl to in6_gif.c. sync with kame
|
#
1.35 |
|
21-Dec-2001 |
itojun |
move protosw fragment for gif/stf to their own source code. reduce #ifdef in stf code. sync with kame
|
#
1.34 |
|
13-Nov-2001 |
lukem |
add RCSIDs
|
Revision tags: thorpej-mips-cache-base
|
#
1.33 |
|
24-Oct-2001 |
itojun |
no tcp_fasttimo any more. PR 14333
|
#
1.32 |
|
24-Oct-2001 |
itojun |
more whitespace sync with kame
|
#
1.31 |
|
16-Oct-2001 |
itojun |
branches: 1.31.2; remove unused #define. sync whitespace/comment with kame.
|
#
1.30 |
|
15-Oct-2001 |
itojun |
implement IPV6_V6ONLY socket option from draft-ietf-ipngwg-rfc2553bis-03.txt. IPV6_BINDV6ONLY (netbsd only) is deprecated, but still work just like before.
|
Revision tags: thorpej-devvp-base3 thorpej-devvp-base2 post-chs-ubcperf pre-chs-ubcperf thorpej-devvp-base thorpej_scsipi_beforemerge thorpej_scsipi_nbase thorpej_scsipi_base
|
#
1.29 |
|
21-Mar-2001 |
thorpej |
branches: 1.29.2; Add a protosw flag, PR_ABRTACPTDIS (Abort on Accept of Disconnected Socket), and add it to the protocols that use that behavior (all PR_LISTEN protocols except for PF_LOCAL stream sockets).
|
#
1.28 |
|
01-Mar-2001 |
itojun |
branches: 1.28.2; make sure to enforce inbound ipsec policy checking, for any protocols on top of ip (check it when final header is visited). sync with kame. XXX kame team will need to re-check policy engine code
|
#
1.27 |
|
21-Feb-2001 |
itojun |
need PR_ADDR|PR_ATOMIC for IPPROTO_EON. fix typo. from chopps, sync with kame
|
#
1.26 |
|
20-Feb-2001 |
itojun |
ISO over IPv4/v6 by EON encapsulation. from chopps, sync with kame.
|
#
1.25 |
|
11-Feb-2001 |
itojun |
pull latest kame pcbnotify code. synchronizes ICMPv6 path mtu discovery behavior with other protocols (i.e. validation, use of hiwat/lowat).
|
#
1.24 |
|
11-Feb-2001 |
itojun |
whitespace sync with kame
|
#
1.23 |
|
19-Oct-2000 |
itojun |
remove #ifdef TCP6. it is not likely for us to bring in sys/netinet6/tcp6*.c (separate TCP/IPv6 stack) into netbsd-current.
|
#
1.22 |
|
18-Oct-2000 |
itojun |
verify ICMPv6 too big messages based on TCP pcbs, and/or IPsec SA. TODO: udp6, and sendto consideration. as pmtud is mandatory for IPv6, it is rather important for us to support those cases. TODO: more testing TODO: kame sync
|
#
1.21 |
|
10-Oct-2000 |
itojun |
sync with kame ($KAME$)
|
#
1.20 |
|
10-Oct-2000 |
enami |
Don't initialize TCP twice on v4/v6 dual stack kernel.
|
#
1.19 |
|
28-Jul-2000 |
itojun |
nuke the following sysctl variables. "ppsratelimit" should work better. need to recompile sbin/sysctl after updating /usr/include. net.inet.tcp.rstratelimit net.inet.icmp.errratelimit net.inet6.icmp6.errratelimit
|
#
1.18 |
|
06-Jul-2000 |
itojun |
- do not use bitfield for router renumbering header. - add protection mechanism against ND cache corruption due to bad NUD hints. - more stats - icmp6 pps limitation. TOOD: should implement ppsratecheck(9).
|
Revision tags: netbsd-1-5-ALPHA2 netbsd-1-5-base minoura-xpg4dl-base
|
#
1.17 |
|
19-Apr-2000 |
itojun |
branches: 1.17.4; introduce sys/netinet/ip_encap.c, to dispatch inbound packets to protocol handlers, based on src/dst (for ip proto #4/41). see comment in ip_encap.c for details of the problem we have. there are too many protocol specs for ip proto #4/41. backward compatibility with MROUTING case is now provided in ip_encap.c.
fix ipip to work with gif (using ip_encap.c). sorry for breakage.
gif now uses ip_encap.c.
introduce stf pseudo interface (implements 6to4, another IPv6-over-IPv4 code with ip proto #41).
|
#
1.16 |
|
26-Feb-2000 |
itojun |
implement rip6_ctlinput, to cope with routing changes correctly. (IMHO we need rip_ctlinput as well)
|
#
1.15 |
|
26-Feb-2000 |
itojun |
make it possible to throw IPv6 packet with proto=4/41. (in normal case we don't do it, but this is how IPv4 in_proto is written)
|
#
1.14 |
|
14-Feb-2000 |
thorpej |
Use ratecheck() for ICMP6 rate limiting.
|
Revision tags: chs-ubc2-newbase
|
#
1.13 |
|
06-Feb-2000 |
itojun |
fix include pathname for better rfc2292 compliance.
|
#
1.12 |
|
06-Jan-2000 |
itojun |
remove extra portability #ifdef (like #ifdef __FreeBSD__) in KAME IPv6/IPsec code, from netbsd-current repository. #ifdef'ed version is always available from ftp.kame.net.
XXX please do not make too many diff-unfriendly changes, we'll need to take bunch of diffs on upgrade...
|
#
1.11 |
|
06-Jan-2000 |
itojun |
make IPV6_BINDV6ONLY setsockopt available. it controls behavior of AF_INET6 wildcard listening socket. heavily documented in ip6(4). net.inet6.ip6.bindv6only defines default value. default is 1.
"options INET6_BINDV6ONLY" removes any code fragment that supports IPV6_BINDV6ONLY == 0 case (not defopt'ed as use of this is rare).
|
#
1.10 |
|
02-Jan-2000 |
itojun |
add net.inet6.icmp6.nodeinfo sysctl. this allows you to disable/enable ICMPv6 node information query/reply processing (which tells remote end the gethostname(3) setting, interface addresses on the node, and some other things - documented in draft-ietf-ipngwg-icmp-name-lookup* or something alike).
to test it, try ping6 -w ::1 with nodeinfo=0 and nodeinfo=1. (sync with kame change)
|
Revision tags: wrstuden-devbsize-19991221 wrstuden-devbsize-base
|
#
1.9 |
|
13-Dec-1999 |
itojun |
sync IPv6 part with latest KAME tree. IPsec part is left unmodified due to massive changes in KAME side. - IPv6 output goes through nd6_output - faith can capture IPv4 packets as well - you can run IPv4-to-IPv6 translator using heavily modified DNS servers - per-interface statistics (required for IPv6 MIB) - interface autoconfig is revisited - udp input handling has a big change for mapped address support. - introduce in4_cksum() for non-overwriting checksumming - introduce m_pulldown() - neighbor discovery cleanups/improvements - netinet/in.h strictly conforms to RFC2553 (no extra defs visible to userland) - IFA_STATS is fixed a bit (not tested) - and more more more.
TODO: - cleanup os-independency #ifdef - avoid rcvif dual use (for IPsec) to help ifdetach
(sorry for jumbo commit, I can't separate this any more...)
|
Revision tags: comdex-fall-1999-base fvdl-softdep-base chs-ubc2-base
|
#
1.8 |
|
31-Jul-1999 |
itojun |
branches: 1.8.2; 1.8.8; sync with recent KAME. - loosen ipsec restriction on packet diredtion. - revise icmp6 redirect handling on IsRouter bit. - tcp/udp notification processing (link-local address case) - cosmetic fixes (better code share across *BSD).
|
#
1.7 |
|
30-Jul-1999 |
itojun |
remove reference to in6_systm.h (file itself will be removed afterwords)
|
#
1.6 |
|
27-Jul-1999 |
explorer |
Fix a problem where tcp_slowtimo was called twice, once for ipv4 tcp and once for ipv6. This patch makes the ipv6 case pass NULLs in for fast and slow timeouts iff defined(INET) and passes in the right function if !defined(INET).
Reveiwed by itojun@iijlab.net.
|
#
1.5 |
|
22-Jul-1999 |
itojun |
change unnecessary u_long/long into u_int32_t or something relevant. more fixes should follow.
|
#
1.4 |
|
09-Jul-1999 |
thorpej |
defopt IPSEC and IPSEC_ESP (both into opt_ipsec.h).
|
#
1.3 |
|
03-Jul-1999 |
thorpej |
RCS ID police.
|
#
1.2 |
|
01-Jul-1999 |
itojun |
branches: 1.2.2; IPv6 kernel code, based on KAME/NetBSD 1.4, SNAP kit 19990628. (Sorry for a big commit, I can't separate this into several pieces...) Pls check sys/netinet6/TODO and sys/netinet6/IMPLEMENTATION for details.
- sys/kern: do not assume single mbuf, accept chained mbuf on passing data from userland to kernel (or other way round). - "midway" ATM card: ATM PVC pseudo device support, like those done in ALTQ package (ftp://ftp.csl.sony.co.jp/pub/kjc/). - sys/netinet/tcp*: IPv4/v6 dual stack tcp support. - sys/netinet/{ip6,icmp6}.h, sys/net/pfkeyv2.h: IETF document assumes those file to be there so we patch it up. - sys/netinet: IPsec additions are here and there. - sys/netinet6/*: most of IPv6 code sits here. - sys/netkey: IPsec key management code - dev/pci/pcidevs: regen
In my understanding no code here is subject to export control so it should be safe.
|
#
1.1 |
|
28-Jun-1999 |
itojun |
branches: 1.1.2; file in6_proto.c was initially added on branch kame.
|
#
1.121 |
|
07-Feb-2018 |
maxv |
Style, and localify IPV6FORWARDING. No functional change.
|
#
1.120 |
|
07-Feb-2018 |
maxv |
Change ip6_hdrnestlimit to be 15 instead of 50. I couldn't find any reference in RFCs about what a correct limit should be, but FreeBSD already uses 15.
If an IPv6 packet has 50 options, there is clearly something wrong with it.
|
Revision tags: tls-maxphys-base-20171202
|
#
1.119 |
|
27-Sep-2017 |
ozaki-r |
Take softnet_lock on pr_input properly if NET_MPSAFE
Currently softnet_lock is taken unnecessarily in some cases, e.g., icmp_input and encap4_input from ip_input, or not taken even if needed, e.g., udp_input and tcp_input from ipsec4_common_input_cb. Fix them.
NFC if NET_MPSAFE is disabled (default).
|
#
1.118 |
|
21-Sep-2017 |
ozaki-r |
Invalidate rtcache based on a global generation counter
The change introduces a global generation counter that is incremented when any routes have been added or deleted. When a rtcache caches a rtentry into itself, it also stores a snapshot of the generation counter. If the snapshot equals to the global counter, the cache is still valid, otherwise invalidated.
One drawback of the change is that all rtcaches of all protocol families are invalidated when any routes of any protocol families are added or deleted. If that matters, we should have separate generation counters based on protocol families.
This change removes LIST_ENTRY from struct route, which fixes a part of PR kern/52515.
|
Revision tags: nick-nhusb-base-20170825 perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1
|
#
1.117 |
|
14-Apr-2017 |
ozaki-r |
branches: 1.117.4; Rumpify netipsec
Note that we should modularize netipsec and reduce reverse symbol references (referencing symbols of netipsec from net, netinet and netinet6) though, the task needs lots of code changes. Prior to doing so, rumpifying it and having ATF tests should be useful.
|
Revision tags: jdolecek-ncq-base pgoyette-localcount-20170320
|
#
1.116 |
|
16-Feb-2017 |
knakahara |
add l2tp(4) L2TPv3 interface.
originally implemented by IIJ SEIL team.
|
#
1.115 |
|
13-Feb-2017 |
ozaki-r |
Protect mtudisc and redirect stuffs of icmp/icmp6 with mutex
We have to run pr_init of icmp and icmp6 prior to tcp and tcp6 ones for mutex initialization.
|
Revision tags: nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107
|
#
1.114 |
|
13-Dec-2016 |
ozaki-r |
branches: 1.114.2; Remove unnecessary inclusions of nd6.h
|
Revision tags: nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907
|
#
1.113 |
|
06-Jul-2016 |
ozaki-r |
branches: 1.113.2; Move in6_ifaddr_list to a more proper place (from ip6_input.c to in6.c)
It's a similar place as the IPv4 address list, i.e., in.c.
More varibles will join together.
|
Revision tags: nick-nhusb-base-20160529
|
#
1.112 |
|
26-Apr-2016 |
ozaki-r |
Sweep unnecessary route.h inclusions
|
Revision tags: nick-nhusb-base-20160422
|
#
1.111 |
|
11-Apr-2016 |
ozaki-r |
Sweep unncessary radix.h inclusions
|
Revision tags: nick-nhusb-base-20160319
|
#
1.110 |
|
21-Jan-2016 |
riastradh |
Revert previous: ran cvs commit when I meant cvs diff. Sorry!
Hit up-arrow one too few times.
|
#
1.109 |
|
21-Jan-2016 |
riastradh |
Give proper prototype to ip_output.
|
#
1.108 |
|
20-Jan-2016 |
riastradh |
Eliminate struct protosw::pr_output.
You can't use this unless you know what it is a priori: the formal prototype is variadic, and the different instances (e.g., ip_output, route_output) have different real prototypes.
Convert the only user of it, raw_send in net/raw_cb.c, to take an explicit callback argument. Convert the only instances of it, route_output and key_output, to such explicit callbacks for raw_send. Use assertions to make sure the conversion to explicit callbacks is warranted.
Discussed on tech-net with no objections: https://mail-index.netbsd.org/tech-net/2016/01/16/msg005484.html
|
Revision tags: nick-nhusb-base-20151226
|
#
1.107 |
|
13-Oct-2015 |
rjs |
Add core networking support for SCTP.
|
Revision tags: nick-nhusb-base-20150921
|
#
1.106 |
|
24-Aug-2015 |
pooka |
sprinkle _KERNEL_OPT
|
Revision tags: nick-nhusb-base-20150606
|
#
1.105 |
|
22-Apr-2015 |
roy |
Move INET6 specific in6_if_{up,down}() and in6_if_link_{up,down}() into agnostic domain functions.
|
Revision tags: nick-nhusb-base-20150406
|
#
1.104 |
|
10-Feb-2015 |
rjs |
Add DCCP protocol support from KAME.
|
Revision tags: netbsd-7-1-1-RELEASE netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.103 |
|
05-Jun-2014 |
rmind |
branches: 1.103.4; - Implement pktqueue interface for lockless IP input queue. - Replace ipintrq and ip6intrq with the pktqueue mechanism. - Eliminate kernel-lock from ipintr() and ip6intr(). - Some preparation work to push softnet_lock out of ipintr().
Discussed on tech-net.
|
#
1.102 |
|
22-May-2014 |
rmind |
Move udp6_input(), udp6_sendup(), udp6_realinput() and udp6_input_checksum() from udp_usrreq.c to udp6_usrreq.c where they belong. No functional change.
|
Revision tags: rmind-smpnet-nbase rmind-smpnet-base
|
#
1.101 |
|
18-May-2014 |
rmind |
Add struct pr_usrreqs with a pr_generic function and prepare for the dismantling of pr_usrreq in the protocols; no functional change intended. PRU_ATTACH/PRU_DETACH changes will follow soon.
Bump for struct protosw. Welcome to 6.99.62!
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3
|
#
1.100 |
|
02-Jan-2014 |
pooka |
branches: 1.100.2; Allow kernels compiled with INET+INET6 to be booted as IPv4-only or IPv6-only.
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base
|
#
1.99 |
|
05-Jun-2013 |
christos |
branches: 1.99.2; IPSEC has not come in two speeds for a long time now (IPSEC == kame, FAST_IPSEC). Make everything refer to IPSEC to avoid confusion.
|
Revision tags: agc-symver-base
|
#
1.98 |
|
01-Mar-2013 |
joerg |
Retire OSI network stack. OK core@
|
Revision tags: yamt-pagecache-base8 yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.97 |
|
23-Jun-2012 |
christos |
branches: 1.97.2; 4 new sysctls to avoid ipv6 DoS attacks from OpenBSD
|
Revision tags: jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8
|
#
1.96 |
|
22-Mar-2012 |
drochner |
remove KAME IPSEC, replaced by FAST_IPSEC
|
Revision tags: netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 jmcneill-usbmp-base7 jmcneill-usbmp-base6 jmcneill-usbmp-base5 jmcneill-usbmp-base4 jmcneill-usbmp-base3 jmcneill-usbmp-base2 netbsd-6-base
|
#
1.95 |
|
31-Dec-2011 |
christos |
branches: 1.95.2; 1.95.6; 1.95.8; - fix offsetof usage, and redundant defines - kill pointer casts to 0
|
#
1.94 |
|
19-Dec-2011 |
drochner |
rename the IPSEC in-kernel CPP variable and config(8) option to KAME_IPSEC, and make IPSEC define it so that existing kernel config files work as before Now the default can be easily be changed to FAST_IPSEC just by setting the IPSEC alias to FAST_IPSEC.
|
Revision tags: jmcneill-usbmp-pre-base2 jmcneill-usbmp-base jmcneill-audiomp3-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base
|
#
1.93 |
|
24-Sep-2011 |
christos |
branches: 1.93.2; 1.93.6; Add inet6 part of the rfc6056 code contributed by Vlad Balan as part of Google SoC-2011
|
Revision tags: rmind-uvmplock-nbase cherry-xenmp-base rmind-uvmplock-base
|
#
1.92 |
|
24-May-2011 |
spz |
RA flood mitigation via a limit on accepted routes: - introduce a limit for the routes accepted via IPv6 Router Advertisement: a common 2 interface client will have 6, the default limit is 100 and can be adjusted via sysctl - report the current number of routes installed via RA via sysctl - count discarded route additions. Note that one RA message is two routes. This is at present only across all interfaces even though per-interface would be more useful, since the per-interface structure complies to RFC2466 - bump kernel version due to the previous change - adjust netstat to use the new value (with netstat -p icmp6)
|
#
1.91 |
|
03-May-2011 |
dyoung |
*_drain() routines may be called with locks held, so instead of doing any work in *_drain(), set a drain-needed flag. Do the work in the fasttimo handler.
Contributed by Coyote Point Systems, Inc.
|
#
1.90 |
|
31-Mar-2011 |
dyoung |
Hide the radix-trie implementation of the forwarding table so that we will have an easier time replacing it with something different, even if it is a second radix-trie implementation.
sys/net/route.c and sys/net/rtsock.c no longer operate directly on radix_nodes or radix_node_heads.
Hopefully this will reduce the temptation to implement multipath or source-based routing using grotty hacks to the grotty old radix-trie code, too. :-)
|
Revision tags: bouyer-quota2-nbase bouyer-quota2-base jruoho-x86intr-base matt-mips64-premerge-20101231 uebayasi-xip-base4 uebayasi-xip-base3 yamt-nfs-mp-base11
|
#
1.89 |
|
24-Aug-2010 |
jakllsch |
branches: 1.89.2; Make the EtherIP in IPv6 input path work. XXX: Figure out if we really need a separate protosw for IPv6.
|
Revision tags: uebayasi-xip-base2 yamt-nfs-mp-base10 uebayasi-xip-base1 yamt-nfs-mp-base9 uebayasi-xip-base
|
#
1.88 |
|
04-Feb-2010 |
joerg |
branches: 1.88.2; 1.88.4; Explicitly include opt_gateway.h when depending on GATEWAY.
|
Revision tags: matt-premerge-20091211 yamt-nfs-mp-base8 jym-xensuspend-nbase
|
#
1.87 |
|
11-Sep-2009 |
dyoung |
Make ifconfig(8) set and display preference numbers for IPv6 addresses. Make the kernel support SIOC[SG]IFADDRPREF for IPv6 interface addresses.
In in6ifa_ifpforlinklocal(), consult preference numbers before making an otherwise arbitrary choice of in6_ifaddr. Otherwise, preference numbers are *not* consulted by the kernel, but that will be rather easy for somebody with a little bit of free time to fix.
Please note that setting the preference number for a link-local IPv6 address does not work right, yet, but that ought to be fixed soon.
In support of the changes above,
1 Add a method to struct domain for "externalizing" a sockaddr, and provide an implementation for IPv6. Expect more work in this area: it may be more proper to say that the IPv6 implementation "internalizes" a sockaddr. Add sockaddr_externalize().
2 Add a subroutine, sofamily(), that returns a struct socket's address family or AF_UNSPEC.
3 Make a lot of IPv4-specific code generic, and move it from sys/netinet/ to sys/net/ for re-use by IPv6 parts of the kernel and ifconfig(8).
|
#
1.86 |
|
11-Sep-2009 |
dyoung |
Nothing uses sockaddr_in6_cmp() right now, and the generic sockaddr_cmp() is probably as fast or faster than calling sockaddr_in6_cmp() through a function pointer, so let's stop compiling it.
|
#
1.85 |
|
21-Aug-2009 |
tsutsui |
Fix error on kernels with options IPSEC without options IPSEC_ESP. Found on building evbppc/conf/PMPPC.
|
Revision tags: yamt-nfs-mp-base7 jymxensuspend-base yamt-nfs-mp-base6 yamt-nfs-mp-base5 yamt-nfs-mp-base4 yamt-nfs-mp-base3 nick-hppapmap-base4 nick-hppapmap-base3 jym-xensuspend-base nick-hppapmap-base
|
#
1.84 |
|
23-Mar-2009 |
liamjfoy |
Init ip6flow pool dynamically instead of using a linkset.
|
Revision tags: nick-hppapmap-base2 haad-dm-base2 haad-nbase2 ad-audiomp2-base haad-dm-base mjf-devfs2-base
|
#
1.83 |
|
25-Nov-2008 |
pooka |
branches: 1.83.4; Make dom_maxrtkey of inet/inet6domain the size of the ip_encap pack structures. This is far from optimal, but gets rid of iffy #ifdef INET in radix.c. The radix bonsai still needs lots of love before loading domains dynamically is possible...
|
Revision tags: netbsd-5-1-5-RELEASE netbsd-5-1-4-RELEASE netbsd-5-1-3-RELEASE netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE matt-nb5-mips64-premerge-20101231 netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 netbsd-5-base matt-mips64-base2 haad-dm-base1 wrstuden-revivesa-base-4 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 wrstuden-revivesa-base-1 simonb-wapbl-nbase yamt-pf42-base4 simonb-wapbl-base yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-base2 yamt-nfs-mp-base2 wrstuden-revivesa-base yamt-nfs-mp-base
|
#
1.82 |
|
24-Apr-2008 |
ad |
branches: 1.82.2; 1.82.8; 1.82.10; 1.82.12; Merge the socket locking patch:
- Socket layer becomes MP safe. - Unix protocols become MP safe. - Allows protocol processing interrupts to safely block on locks. - Fixes a number of race conditions.
With much feedback from matt@ and plunky@.
|
#
1.81 |
|
23-Apr-2008 |
thorpej |
Make IPSEC and FAST_IPSEC stats per-cpu. Use <net/net_stats.h> and netstat_sysctl().
|
Revision tags: yamt-pf42-baseX yamt-pf42-base
|
#
1.80 |
|
15-Apr-2008 |
thorpej |
branches: 1.80.2; Make pim6 stats per-cpu.
|
Revision tags: ad-socklock-base1 yamt-lazymbuf-base15 yamt-lazymbuf-base14 keiichi-mipv6-nbase nick-net80211-sync-base keiichi-mipv6-base bouyer-xeni386-merge1 vmlocking2-base3 bouyer-xeni386-nbase yamt-kmem-base3 cube-autoconf-base yamt-kmem-base2 bouyer-xeni386-base yamt-kmem-base vmlocking2-base2 reinoud-bufcleanup-nbase vmlocking2-base1 matt-armv6-nbase jmcneill-base mjf-devfs-base bouyer-xenamd64-base2 vmlocking-nbase yamt-x86pmap-base4 bouyer-xenamd64-base yamt-x86pmap-base3 yamt-x86pmap-base2 yamt-x86pmap-base matt-armv6-base jmcneill-pm-base hpcarm-cleanup-base reinoud-bufcleanup-base vmlocking-base
|
#
1.79 |
|
19-Sep-2007 |
dyoung |
branches: 1.79.16; 1.79.20; 1) Introduce a new socket option, (SOL_SOCKET, SO_NOHEADER), that tells a socket that it should both add a protocol header to tx'd datagrams and remove the header from rx'd datagrams:
int onoff = 1, s = socket(...); setsockopt(s, SOL_SOCKET, SO_NOHEADER, &onoff);
2) Add an implementation of (SOL_SOCKET, SO_NOHEADER) for raw IPv4 sockets.
3) Reorganize the protocols' pr_ctloutput implementations a bit. Consistently return ENOPROTOOPT when an option is unsupported, and EINVAL if a supported option's arguments are incorrect. Reorganize the flow of code so that it's more clear how/when options are passed down the stack until they are handled.
Shorten some pr_ctloutput staircases for readability.
4) Extract common mbuf code into subroutines, add new sockaddr methods, and introduce a new subroutine, fsocreate(), for reuse later; use it first in sys_socket():
struct mbuf *m_getsombuf(struct socket *so)
Create an mbuf and make its owner the socket `so'.
struct mbuf *m_intopt(struct socket *so, int val)
Create an mbuf, make its owner the socket `so', put the int `val' into it, and set its length to sizeof(int).
int fsocreate(..., int *fd)
Create a socket, a la socreate(9), put the socket into the given LWP's descriptor table, return the descriptor at `fd' on success.
void *sockaddr_addr(struct sockaddr *sa, socklen_t *slenp) const void *sockaddr_const_addr(const struct sockaddr *sa, socklen_t *slenp)
Extract a pointer to the address part of a sockaddr. Write the length of the address part at `slenp', if `slenp' is not NULL.
socklen_t sockaddr_getlen(const struct sockaddr *sa)
Return the length of a sockaddr. This just evaluates to sa->sa_len. I only add this for consistency with code that appears in a portable userland library that I am going to import.
const struct sockaddr *sockaddr_any(const struct sockaddr *sa)
Return the "don't care" sockaddr in the same family as `sa'. This is the address a client should sobind(9) if it does not care the source address and, if applicable, the port et cetera that it uses.
const void *sockaddr_anyaddr(const struct sockaddr *sa, socklen_t *slenp)
Return the "don't care" sockaddr in the same family as `sa'. This is the address a client should sobind(9) if it does not care the source address and, if applicable, the port et cetera that it uses.
|
Revision tags: nick-csl-alignment-base5
|
#
1.78 |
|
30-Aug-2007 |
dyoung |
Use malloc(9) for sockaddrs instead of pool(9), and remove dom_sa_pool and dom_sa_len members from struct domain. Pools of fixed-size objects are too rigid for sockaddr_dls, whose size can vary over a wide range.
Return sockaddr_dl to its "historical" size. Now that I'm using malloc(9) instead of pool(9) to allocate sockaddr_dl, I can create a sockaddr_dl of any size in the kernel, so expanding sockaddr_dl is useless.
Avoid using sizeof(struct sockaddr_dl) in the kernel.
Introduce sockaddr_dl_alloc() for allocating & initializing an arbitrary sockaddr_dl on the heap.
Add an argument, the sockaddr length, to sockaddr_alloc(), sockaddr_copy(), and sockaddr_dl_setaddr().
Constify: LLADDR() -> CLLADDR().
Where the kernel overwrites LLADDR(), use sockaddr_dl_setaddr(), instead. Used properly, sockaddr_dl_setaddr() will not overrun the end of the sockaddr.
|
Revision tags: matt-mips64-base nick-csl-alignment-base yamt-idlelwp-base8 mjf-ufs-trans-base
|
#
1.77 |
|
06-May-2007 |
dyoung |
branches: 1.77.2; 1.77.6; 1.77.8; In AppleTalk, IPv4, and IPv6 routing domains, help sockaddr_cmp() avoid an indirect function call by comparing the family, length, and bytes [dom->dom_sa_cmpofs, dom->dom_sa_cmpofs + dom->dom_sa_cmplen), corresponding to the the sockaddrs' "address" members.
For ISO, actually use sockaddr_iso_cmp, for a change. Thanks to yamt@ for pointing out my error.
|
#
1.76 |
|
02-May-2007 |
dyoung |
Eliminate address family-specific route caches (struct route, struct route_in6, struct route_iso), replacing all caches with a struct route.
The principle benefit of this change is that all of the protocol families can benefit from route cache-invalidation, which is necessary for correct routing. Route-cache invalidation fixes an ancient PR, kern/3508, at long last; it fixes various other PRs, also.
Discussions with and ideas from Joerg Sonnenberger influenced this work tremendously. Of course, all design oversights and bugs are mine.
DETAILS
1 I added to each address family a pool of sockaddrs. I have introduced routines for allocating, copying, and duplicating, and freeing sockaddrs:
struct sockaddr *sockaddr_alloc(sa_family_t af, int flags); struct sockaddr *sockaddr_copy(struct sockaddr *dst, const struct sockaddr *src); struct sockaddr *sockaddr_dup(const struct sockaddr *src, int flags); void sockaddr_free(struct sockaddr *sa);
sockaddr_alloc() returns either a sockaddr from the pool belonging to the specified family, or NULL if the pool is exhausted. The returned sockaddr has the right size for that family; sa_family and sa_len fields are initialized to the family and sockaddr length---e.g., sa_family = AF_INET and sa_len = sizeof(struct sockaddr_in). sockaddr_free() puts the given sockaddr back into its family's pool.
sockaddr_dup() and sockaddr_copy() work analogously to strdup() and strcpy(), respectively. sockaddr_copy() KASSERTs that the family of the destination and source sockaddrs are alike.
The 'flags' argumet for sockaddr_alloc() and sockaddr_dup() is passed directly to pool_get(9).
2 I added routines for initializing sockaddrs in each address family, sockaddr_in_init(), sockaddr_in6_init(), sockaddr_iso_init(), etc. They are fairly self-explanatory.
3 structs route_in6 and route_iso are no more. All protocol families use struct route. I have changed the route cache, 'struct route', so that it does not contain storage space for a sockaddr. Instead, struct route points to a sockaddr coming from the pool the sockaddr belongs to. I added a new method to struct route, rtcache_setdst(), for setting the cache destination:
int rtcache_setdst(struct route *, const struct sockaddr *);
rtcache_setdst() returns 0 on success, or ENOMEM if no memory is available to create the sockaddr storage.
It is now possible for rtcache_getdst() to return NULL if, say, rtcache_setdst() failed. I check the return value for NULL everywhere in the kernel.
4 Each routing domain (struct domain) has a list of live route caches, dom_rtcache. rtflushall(sa_family_t af) looks up the domain indicated by 'af', walks the domain's list of route caches and invalidates each one.
|
Revision tags: thorpej-atomic-base
|
#
1.75 |
|
07-Mar-2007 |
liamjfoy |
branches: 1.75.2; 1.75.4; Add IPv6 Fast Forward - the IPv4 counterpart:
If ip6_forward successfully forwards a packet, a cache, in this case a ip6flow struct entry, will be created. ether_input and friends will then be able to call ip6flow_fastforward with the packet which will then be passed to if_output (unless an issue is found - in that case the packet is passed back to ip6_input).
ok matt@ christos@ dyoung@ and joerg@
|
#
1.74 |
|
06-Mar-2007 |
liamjfoy |
Fix some style issues - no functional change
|
#
1.73 |
|
27-Feb-2007 |
degroote |
Initialize fast_ipsec entry in the protocol switch with structure initializers as other entries.
|
Revision tags: ad-audiomp-base
|
#
1.72 |
|
19-Feb-2007 |
dyoung |
Initialize protocol switch with structure initializers.
|
#
1.71 |
|
17-Feb-2007 |
dyoung |
0 -> NULL
|
#
1.70 |
|
10-Feb-2007 |
degroote |
branches: 1.70.2; Commit my SoC work Add ipv6 support for fast_ipsec Note that currently, packet with extensions headers are not correctly supported Change the ipcomp logic
|
Revision tags: post-newlock2-merge newlock2-nbase yamt-splraiseipl-base5 yamt-splraiseipl-base4 yamt-splraiseipl-base3 newlock2-base
|
#
1.69 |
|
09-Dec-2006 |
dyoung |
Here are various changes designed to protect against bad IPv4 routing caused by stale route caches (struct route). Route caches are sprinkled throughout PCBs, the IP fast-forwarding table, and IP tunnel interfaces (gre, gif, stf).
Stale IPv6 and ISO route caches will be treated by separate patches.
Thank you to Christoph Badura for suggesting the general approach to invalidating route caches that I take here.
Here are the details:
Add hooks to struct domain for tracking and for invalidating each domain's route caches: dom_rtcache, dom_rtflush, and dom_rtflushall.
Introduce helper subroutines, rtflush(ro) for invalidating a route cache, rtflushall(family) for invalidating all route caches in a routing domain, and rtcache(ro) for notifying the domain of a new cached route.
Chain together all IPv4 route caches where ro_rt != NULL. Provide in_rtcache() for adding a route to the chain. Provide in_rtflush() and in_rtflushall() for invalidating IPv4 route caches. In in_rtflush(), set ro_rt to NULL, and remove the route from the chain. In in_rtflushall(), walk the chain and remove every route cache.
In rtrequest1(), call rtflushall() to invalidate route caches when a route is added.
In gif(4), discard the workaround for stale caches that involves expiring them every so often.
Replace the pattern 'RTFREE(ro->ro_rt); ro->ro_rt = NULL;' with a call to rtflush(ro).
Update ipflow_fastforward() and all other users of route caches so that they expect a cached route, ro->ro_rt, to turn to NULL.
Take care when moving a 'struct route' to rtflush() the source and to rtcache() the destination.
In domain initializers, use .dom_xxx tags.
KNF here and there.
|
Revision tags: netbsd-4-base
|
#
1.68 |
|
23-Nov-2006 |
rpaulo |
branches: 1.68.2; 1.68.4; New EtherIP driver based on tap(4) and gif(4) by Hans Rosenfeld. Notable changes: * Fixes PR 34268. * Separates the code from gif(4) (which is more cleaner). * Allows the usage of STP (Spanning Tree Protocol). * Removed EtherIP implementation from gif(4)/tap(4).
Some input from Christos.
|
Revision tags: yamt-splraiseipl-base2
|
#
1.67 |
|
10-Oct-2006 |
dogcow |
change the MOWNER_INIT define to take two args; fix extant struct mowner decls to use it. Makes options MBUFTRACE compile again and not whinge about missing structure declarations. (Also makes initialization consistent.)
|
Revision tags: yamt-splraiseipl-base yamt-pdpolicy-base9 yamt-pdpolicy-base8 rpaulo-netinet-merge-pcb-base
|
#
1.66 |
|
30-Aug-2006 |
christos |
branches: 1.66.2; 1.66.4; add missing initializers
|
#
1.65 |
|
28-Aug-2006 |
christos |
remove extra members
|
#
1.64 |
|
25-Aug-2006 |
matt |
One step closer to loadable domains. Store pointers to a domain's soft interrupt queues so if_detach can remove packets to removed interfaces from them. This eliminates a lot of conditional ugly code in if.c
|
Revision tags: abandoned-netbsd-4-base yamt-pdpolicy-base7 yamt-pdpolicy-base6 chap-midi-nbase gdamore-uart-base yamt-pdpolicy-base5 chap-midi-base simonb-timecounters-base
|
#
1.63 |
|
18-May-2006 |
liamjfoy |
Integrate Common Address Redundancy Procotol (CARP) from OpenBSD
'pseudo-device carp'
Thanks to: joerg@ christos@ riz@ and others who tested Ok: core@
|
Revision tags: yamt-pdpolicy-base4 yamt-pdpolicy-base3 peter-altq-base yamt-pdpolicy-base2 elad-kernelauth-base
|
#
1.62 |
|
05-Mar-2006 |
rpaulo |
branches: 1.62.4; NDP-related improvements: RFC4191 - supports host-side router-preference
RFC3542 - if DAD fails on a interface, disables IPv6 operation on the interface - don't advertise MLD report before DAD finishes
Others - fixes integer overflow for valid and preferred lifetimes - improves timer granularity for MLD, using callout-timer. - reflects rtadvd's IPv6 host variable information into kernel (router only) - adds a sysctl option to enable/disable pMTUd for multicast packets - performs NUD on PPP/GRE interface by default - Redirect works regardless of ip6_accept_rtadv - removes RFC1885-related code
From the KAME project via SUZUKI Shinsuke. Reviewed by core.
|
Revision tags: yamt-pdpolicy-base yamt-uio_vmspace-base5
|
#
1.61 |
|
11-Dec-2005 |
christos |
branches: 1.61.4; 1.61.6; 1.61.8; merge ktrace-lwp.
|
Revision tags: yamt-readahead-base3 yamt-readahead-base2 yamt-readahead-pervnode yamt-readahead-perfile yamt-readahead-base yamt-vop-base3 yamt-vop-base2 thorpej-vnode-attr-base yamt-vop-base ktrace-lwp-base
|
#
1.60 |
|
19-Jul-2005 |
gdt |
Add PR_PURGEIF flag for protocols to indicate that the protocol might store a struct ifnet *, and define it for udp/tcp/rawip for INET and INET6. When deleting a struct ifnet, invoke PRU_PURGEIF on all protocols marked with PR_PURGEIF. Closes PR kern/29580 (mine).
|
#
1.59 |
|
29-May-2005 |
christos |
branches: 1.59.2; - avoid shadowed variables - sprinkle const.
|
Revision tags: yamt-km-base4 yamt-km-base3 netbsd-3-base yamt-km-base2 yamt-km-base kent-audio2-base
|
#
1.58 |
|
23-Jan-2005 |
matt |
branches: 1.58.6; Change initialzie of domains to use link sets. Switch to using STAILQ. Add a convenience macro DOMAIN_FOREACH to interate through the domain.
|
Revision tags: kent-audio1-beforemerge kent-audio1-base
|
#
1.57 |
|
22-Apr-2004 |
matt |
branches: 1.57.4; Constify protosw arrays. This can reduce the kernel .data section by over 4K (if all the network protocols) are loaded.
|
Revision tags: netbsd-2-0-3-RELEASE netbsd-2-1-RELEASE netbsd-2-1-RC6 netbsd-2-1-RC5 netbsd-2-1-RC4 netbsd-2-1-RC3 netbsd-2-1-RC2 netbsd-2-1-RC1 netbsd-2-0-2-RELEASE netbsd-2-0-1-RELEASE netbsd-2-base netbsd-2-0-RELEASE netbsd-2-0-RC5 netbsd-2-0-RC4 netbsd-2-0-RC3 netbsd-2-0-RC2 netbsd-2-0-RC1 netbsd-2-0-base
|
#
1.56 |
|
04-Dec-2003 |
atatat |
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(), vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all nodes are registered with the tree, and nodes can be added (or removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to number (and back again) can now be discovered, instead of having to be hard coded. Adding new nodes to the tree is likewise much simpler -- the new infrastructure handles almost all the work for simple types, and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking), so all existing consumers of sysctl information should notice no difference.
PS - I'm sorry, but there's a distinct lack of documentation at the moment. I'm working on sysctl(3/8/9) right now, and I promise to watch out for buses.
|
#
1.55 |
|
03-Nov-2003 |
briggs |
Revert the change in default value of ipv6_v6only. Further discussion on this topic is required. It should be reintroduced and pursued in the IETF.
|
#
1.54 |
|
28-Oct-2003 |
briggs |
Toggle the default value of ip6_v6only. Also provide a sample sysctl to retain the existing behavior.
|
#
1.53 |
|
06-Sep-2003 |
itojun |
randomize IPv4/v6 fragment ID and IPv6 flowlabel. avoids predictability of these fields. ip_id.c is from openbsd. ip6_id.c is adapted by kame.
|
#
1.52 |
|
05-Sep-2003 |
itojun |
call tcp_drain() if IPv4-less kernel
|
#
1.51 |
|
04-Sep-2003 |
itojun |
revamp inpcb/in6pcb so that they are more aligned with each other. in6pcb lookup now uses hash(9).
|
#
1.50 |
|
14-Aug-2003 |
itojun |
enforce ipsec policy on raw wildcard.
|
#
1.49 |
|
07-Aug-2003 |
agc |
Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22364, verified by myself.
|
#
1.48 |
|
07-Aug-2003 |
itojun |
make net.inet6.ip6.redirect actually work. from Tomoyuki Sahara via kame
|
#
1.47 |
|
17-Apr-2003 |
thorpej |
branches: 1.47.2; Protect the definition of offsetof().
|
Revision tags: nathanw_sa_before_merge fvdl_fs64_base gmcgarry_ctxsw_base gmcgarry_ucred_base nathanw_sa_base
|
#
1.46 |
|
11-Nov-2002 |
itojun |
pmtu_probe is not used anywhere (it is used in KAME TCP6-only code). From: Krister Walfridsson <cato@df.lth.se>
|
Revision tags: kqueue-aftermerge kqueue-beforemerge gehenna-devsw-base kqueue-base
|
#
1.45 |
|
20-Aug-2002 |
itojun |
sync up use_deprecated handling with latest kame. - bind(deprecated) is allowed, trusting userland app is doing the right thing - use_deprecated default to 1
|
#
1.44 |
|
17-Aug-2002 |
itojun |
set default value for use_deprecated to 0, to avoid consequences with ftpd.
|
#
1.43 |
|
09-Jun-2002 |
itojun |
whitespace cleanup
|
#
1.42 |
|
08-Jun-2002 |
itojun |
whitespace cleanup
|
#
1.41 |
|
29-May-2002 |
itojun |
move per-interface ip6/icmp6 stat to ifnet->if_afdata. sync w/kame
|
#
1.40 |
|
28-May-2002 |
itojun |
limit number of IPv6 fragments (not the fragment queue size) to fight against lots-of-frags DoS attacks. sync w/kame
|
Revision tags: netbsd-1-6-RC1 netbsd-1-6-base eeh-devprop-base
|
#
1.39 |
|
15-Mar-2002 |
itojun |
branches: 1.39.4; 1.39.6; have tcp6_drain
|
Revision tags: newlock-base ifpoll-base
|
#
1.38 |
|
21-Dec-2001 |
itojun |
call encap6_ctlinput on icmp6 against tunnelled packet. sync w/kame
|
#
1.37 |
|
21-Dec-2001 |
itojun |
use radix table for inbound tunnel lookup (would increase performance for machines with a lot of tunnels). update route cache for IPvX-over-IPv6 tunnel on path MTU discovery. snyc with kame
|
#
1.36 |
|
21-Dec-2001 |
itojun |
move in6_gif_hlim decl to in6_gif.c. sync with kame
|
#
1.35 |
|
21-Dec-2001 |
itojun |
move protosw fragment for gif/stf to their own source code. reduce #ifdef in stf code. sync with kame
|
#
1.34 |
|
13-Nov-2001 |
lukem |
add RCSIDs
|
Revision tags: thorpej-mips-cache-base
|
#
1.33 |
|
24-Oct-2001 |
itojun |
no tcp_fasttimo any more. PR 14333
|
#
1.32 |
|
24-Oct-2001 |
itojun |
more whitespace sync with kame
|
#
1.31 |
|
16-Oct-2001 |
itojun |
branches: 1.31.2; remove unused #define. sync whitespace/comment with kame.
|
#
1.30 |
|
15-Oct-2001 |
itojun |
implement IPV6_V6ONLY socket option from draft-ietf-ipngwg-rfc2553bis-03.txt. IPV6_BINDV6ONLY (netbsd only) is deprecated, but still work just like before.
|
Revision tags: thorpej-devvp-base3 thorpej-devvp-base2 post-chs-ubcperf pre-chs-ubcperf thorpej-devvp-base thorpej_scsipi_beforemerge thorpej_scsipi_nbase thorpej_scsipi_base
|
#
1.29 |
|
21-Mar-2001 |
thorpej |
branches: 1.29.2; Add a protosw flag, PR_ABRTACPTDIS (Abort on Accept of Disconnected Socket), and add it to the protocols that use that behavior (all PR_LISTEN protocols except for PF_LOCAL stream sockets).
|
#
1.28 |
|
01-Mar-2001 |
itojun |
branches: 1.28.2; make sure to enforce inbound ipsec policy checking, for any protocols on top of ip (check it when final header is visited). sync with kame. XXX kame team will need to re-check policy engine code
|
#
1.27 |
|
21-Feb-2001 |
itojun |
need PR_ADDR|PR_ATOMIC for IPPROTO_EON. fix typo. from chopps, sync with kame
|
#
1.26 |
|
20-Feb-2001 |
itojun |
ISO over IPv4/v6 by EON encapsulation. from chopps, sync with kame.
|
#
1.25 |
|
11-Feb-2001 |
itojun |
pull latest kame pcbnotify code. synchronizes ICMPv6 path mtu discovery behavior with other protocols (i.e. validation, use of hiwat/lowat).
|
#
1.24 |
|
11-Feb-2001 |
itojun |
whitespace sync with kame
|
#
1.23 |
|
19-Oct-2000 |
itojun |
remove #ifdef TCP6. it is not likely for us to bring in sys/netinet6/tcp6*.c (separate TCP/IPv6 stack) into netbsd-current.
|
#
1.22 |
|
18-Oct-2000 |
itojun |
verify ICMPv6 too big messages based on TCP pcbs, and/or IPsec SA. TODO: udp6, and sendto consideration. as pmtud is mandatory for IPv6, it is rather important for us to support those cases. TODO: more testing TODO: kame sync
|
#
1.21 |
|
10-Oct-2000 |
itojun |
sync with kame ($KAME$)
|
#
1.20 |
|
10-Oct-2000 |
enami |
Don't initialize TCP twice on v4/v6 dual stack kernel.
|
#
1.19 |
|
28-Jul-2000 |
itojun |
nuke the following sysctl variables. "ppsratelimit" should work better. need to recompile sbin/sysctl after updating /usr/include. net.inet.tcp.rstratelimit net.inet.icmp.errratelimit net.inet6.icmp6.errratelimit
|
#
1.18 |
|
06-Jul-2000 |
itojun |
- do not use bitfield for router renumbering header. - add protection mechanism against ND cache corruption due to bad NUD hints. - more stats - icmp6 pps limitation. TOOD: should implement ppsratecheck(9).
|
Revision tags: netbsd-1-5-ALPHA2 netbsd-1-5-base minoura-xpg4dl-base
|
#
1.17 |
|
19-Apr-2000 |
itojun |
branches: 1.17.4; introduce sys/netinet/ip_encap.c, to dispatch inbound packets to protocol handlers, based on src/dst (for ip proto #4/41). see comment in ip_encap.c for details of the problem we have. there are too many protocol specs for ip proto #4/41. backward compatibility with MROUTING case is now provided in ip_encap.c.
fix ipip to work with gif (using ip_encap.c). sorry for breakage.
gif now uses ip_encap.c.
introduce stf pseudo interface (implements 6to4, another IPv6-over-IPv4 code with ip proto #41).
|
#
1.16 |
|
26-Feb-2000 |
itojun |
implement rip6_ctlinput, to cope with routing changes correctly. (IMHO we need rip_ctlinput as well)
|
#
1.15 |
|
26-Feb-2000 |
itojun |
make it possible to throw IPv6 packet with proto=4/41. (in normal case we don't do it, but this is how IPv4 in_proto is written)
|
#
1.14 |
|
14-Feb-2000 |
thorpej |
Use ratecheck() for ICMP6 rate limiting.
|
Revision tags: chs-ubc2-newbase
|
#
1.13 |
|
06-Feb-2000 |
itojun |
fix include pathname for better rfc2292 compliance.
|
#
1.12 |
|
06-Jan-2000 |
itojun |
remove extra portability #ifdef (like #ifdef __FreeBSD__) in KAME IPv6/IPsec code, from netbsd-current repository. #ifdef'ed version is always available from ftp.kame.net.
XXX please do not make too many diff-unfriendly changes, we'll need to take bunch of diffs on upgrade...
|
#
1.11 |
|
06-Jan-2000 |
itojun |
make IPV6_BINDV6ONLY setsockopt available. it controls behavior of AF_INET6 wildcard listening socket. heavily documented in ip6(4). net.inet6.ip6.bindv6only defines default value. default is 1.
"options INET6_BINDV6ONLY" removes any code fragment that supports IPV6_BINDV6ONLY == 0 case (not defopt'ed as use of this is rare).
|
#
1.10 |
|
02-Jan-2000 |
itojun |
add net.inet6.icmp6.nodeinfo sysctl. this allows you to disable/enable ICMPv6 node information query/reply processing (which tells remote end the gethostname(3) setting, interface addresses on the node, and some other things - documented in draft-ietf-ipngwg-icmp-name-lookup* or something alike).
to test it, try ping6 -w ::1 with nodeinfo=0 and nodeinfo=1. (sync with kame change)
|
Revision tags: wrstuden-devbsize-19991221 wrstuden-devbsize-base
|
#
1.9 |
|
13-Dec-1999 |
itojun |
sync IPv6 part with latest KAME tree. IPsec part is left unmodified due to massive changes in KAME side. - IPv6 output goes through nd6_output - faith can capture IPv4 packets as well - you can run IPv4-to-IPv6 translator using heavily modified DNS servers - per-interface statistics (required for IPv6 MIB) - interface autoconfig is revisited - udp input handling has a big change for mapped address support. - introduce in4_cksum() for non-overwriting checksumming - introduce m_pulldown() - neighbor discovery cleanups/improvements - netinet/in.h strictly conforms to RFC2553 (no extra defs visible to userland) - IFA_STATS is fixed a bit (not tested) - and more more more.
TODO: - cleanup os-independency #ifdef - avoid rcvif dual use (for IPsec) to help ifdetach
(sorry for jumbo commit, I can't separate this any more...)
|
Revision tags: comdex-fall-1999-base fvdl-softdep-base chs-ubc2-base
|
#
1.8 |
|
31-Jul-1999 |
itojun |
branches: 1.8.2; 1.8.8; sync with recent KAME. - loosen ipsec restriction on packet diredtion. - revise icmp6 redirect handling on IsRouter bit. - tcp/udp notification processing (link-local address case) - cosmetic fixes (better code share across *BSD).
|
#
1.7 |
|
30-Jul-1999 |
itojun |
remove reference to in6_systm.h (file itself will be removed afterwords)
|
#
1.6 |
|
27-Jul-1999 |
explorer |
Fix a problem where tcp_slowtimo was called twice, once for ipv4 tcp and once for ipv6. This patch makes the ipv6 case pass NULLs in for fast and slow timeouts iff defined(INET) and passes in the right function if !defined(INET).
Reveiwed by itojun@iijlab.net.
|
#
1.5 |
|
22-Jul-1999 |
itojun |
change unnecessary u_long/long into u_int32_t or something relevant. more fixes should follow.
|
#
1.4 |
|
09-Jul-1999 |
thorpej |
defopt IPSEC and IPSEC_ESP (both into opt_ipsec.h).
|
#
1.3 |
|
03-Jul-1999 |
thorpej |
RCS ID police.
|
#
1.2 |
|
01-Jul-1999 |
itojun |
branches: 1.2.2; IPv6 kernel code, based on KAME/NetBSD 1.4, SNAP kit 19990628. (Sorry for a big commit, I can't separate this into several pieces...) Pls check sys/netinet6/TODO and sys/netinet6/IMPLEMENTATION for details.
- sys/kern: do not assume single mbuf, accept chained mbuf on passing data from userland to kernel (or other way round). - "midway" ATM card: ATM PVC pseudo device support, like those done in ALTQ package (ftp://ftp.csl.sony.co.jp/pub/kjc/). - sys/netinet/tcp*: IPv4/v6 dual stack tcp support. - sys/netinet/{ip6,icmp6}.h, sys/net/pfkeyv2.h: IETF document assumes those file to be there so we patch it up. - sys/netinet: IPsec additions are here and there. - sys/netinet6/*: most of IPv6 code sits here. - sys/netkey: IPsec key management code - dev/pci/pcidevs: regen
In my understanding no code here is subject to export control so it should be safe.
|
#
1.1 |
|
28-Jun-1999 |
itojun |
branches: 1.1.2; file in6_proto.c was initially added on branch kame.
|
#
1.119 |
|
27-Sep-2017 |
ozaki-r |
Take softnet_lock on pr_input properly if NET_MPSAFE
Currently softnet_lock is taken unnecessarily in some cases, e.g., icmp_input and encap4_input from ip_input, or not taken even if needed, e.g., udp_input and tcp_input from ipsec4_common_input_cb. Fix them.
NFC if NET_MPSAFE is disabled (default).
|
#
1.118 |
|
21-Sep-2017 |
ozaki-r |
Invalidate rtcache based on a global generation counter
The change introduces a global generation counter that is incremented when any routes have been added or deleted. When a rtcache caches a rtentry into itself, it also stores a snapshot of the generation counter. If the snapshot equals to the global counter, the cache is still valid, otherwise invalidated.
One drawback of the change is that all rtcaches of all protocol families are invalidated when any routes of any protocol families are added or deleted. If that matters, we should have separate generation counters based on protocol families.
This change removes LIST_ENTRY from struct route, which fixes a part of PR kern/52515.
|
Revision tags: nick-nhusb-base-20170825 perseant-stdc-iso10646-base netbsd-8-base prg-localcount2-base3 prg-localcount2-base2 prg-localcount2-base1 prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1
|
#
1.117 |
|
14-Apr-2017 |
ozaki-r |
Rumpify netipsec
Note that we should modularize netipsec and reduce reverse symbol references (referencing symbols of netipsec from net, netinet and netinet6) though, the task needs lots of code changes. Prior to doing so, rumpifying it and having ATF tests should be useful.
|
Revision tags: jdolecek-ncq-base pgoyette-localcount-20170320
|
#
1.116 |
|
16-Feb-2017 |
knakahara |
add l2tp(4) L2TPv3 interface.
originally implemented by IIJ SEIL team.
|
#
1.115 |
|
13-Feb-2017 |
ozaki-r |
Protect mtudisc and redirect stuffs of icmp/icmp6 with mutex
We have to run pr_init of icmp and icmp6 prior to tcp and tcp6 ones for mutex initialization.
|
Revision tags: nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107
|
#
1.114 |
|
13-Dec-2016 |
ozaki-r |
branches: 1.114.2; Remove unnecessary inclusions of nd6.h
|
Revision tags: nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907
|
#
1.113 |
|
06-Jul-2016 |
ozaki-r |
branches: 1.113.2; Move in6_ifaddr_list to a more proper place (from ip6_input.c to in6.c)
It's a similar place as the IPv4 address list, i.e., in.c.
More varibles will join together.
|
Revision tags: nick-nhusb-base-20160529
|
#
1.112 |
|
26-Apr-2016 |
ozaki-r |
Sweep unnecessary route.h inclusions
|
Revision tags: nick-nhusb-base-20160422
|
#
1.111 |
|
11-Apr-2016 |
ozaki-r |
Sweep unncessary radix.h inclusions
|
Revision tags: nick-nhusb-base-20160319
|
#
1.110 |
|
21-Jan-2016 |
riastradh |
Revert previous: ran cvs commit when I meant cvs diff. Sorry!
Hit up-arrow one too few times.
|
#
1.109 |
|
21-Jan-2016 |
riastradh |
Give proper prototype to ip_output.
|
#
1.108 |
|
20-Jan-2016 |
riastradh |
Eliminate struct protosw::pr_output.
You can't use this unless you know what it is a priori: the formal prototype is variadic, and the different instances (e.g., ip_output, route_output) have different real prototypes.
Convert the only user of it, raw_send in net/raw_cb.c, to take an explicit callback argument. Convert the only instances of it, route_output and key_output, to such explicit callbacks for raw_send. Use assertions to make sure the conversion to explicit callbacks is warranted.
Discussed on tech-net with no objections: https://mail-index.netbsd.org/tech-net/2016/01/16/msg005484.html
|
Revision tags: nick-nhusb-base-20151226
|
#
1.107 |
|
13-Oct-2015 |
rjs |
Add core networking support for SCTP.
|
Revision tags: nick-nhusb-base-20150921
|
#
1.106 |
|
24-Aug-2015 |
pooka |
sprinkle _KERNEL_OPT
|
Revision tags: nick-nhusb-base-20150606
|
#
1.105 |
|
22-Apr-2015 |
roy |
Move INET6 specific in6_if_{up,down}() and in6_if_link_{up,down}() into agnostic domain functions.
|
Revision tags: nick-nhusb-base-20150406
|
#
1.104 |
|
10-Feb-2015 |
rjs |
Add DCCP protocol support from KAME.
|
Revision tags: netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.103 |
|
05-Jun-2014 |
rmind |
branches: 1.103.4; - Implement pktqueue interface for lockless IP input queue. - Replace ipintrq and ip6intrq with the pktqueue mechanism. - Eliminate kernel-lock from ipintr() and ip6intr(). - Some preparation work to push softnet_lock out of ipintr().
Discussed on tech-net.
|
#
1.102 |
|
22-May-2014 |
rmind |
Move udp6_input(), udp6_sendup(), udp6_realinput() and udp6_input_checksum() from udp_usrreq.c to udp6_usrreq.c where they belong. No functional change.
|
Revision tags: rmind-smpnet-nbase rmind-smpnet-base
|
#
1.101 |
|
18-May-2014 |
rmind |
Add struct pr_usrreqs with a pr_generic function and prepare for the dismantling of pr_usrreq in the protocols; no functional change intended. PRU_ATTACH/PRU_DETACH changes will follow soon.
Bump for struct protosw. Welcome to 6.99.62!
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3
|
#
1.100 |
|
02-Jan-2014 |
pooka |
branches: 1.100.2; Allow kernels compiled with INET+INET6 to be booted as IPv4-only or IPv6-only.
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base
|
#
1.99 |
|
05-Jun-2013 |
christos |
branches: 1.99.2; IPSEC has not come in two speeds for a long time now (IPSEC == kame, FAST_IPSEC). Make everything refer to IPSEC to avoid confusion.
|
Revision tags: agc-symver-base
|
#
1.98 |
|
01-Mar-2013 |
joerg |
Retire OSI network stack. OK core@
|
Revision tags: yamt-pagecache-base8 yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.97 |
|
23-Jun-2012 |
christos |
branches: 1.97.2; 4 new sysctls to avoid ipv6 DoS attacks from OpenBSD
|
Revision tags: jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8
|
#
1.96 |
|
22-Mar-2012 |
drochner |
remove KAME IPSEC, replaced by FAST_IPSEC
|
Revision tags: netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 jmcneill-usbmp-base7 jmcneill-usbmp-base6 jmcneill-usbmp-base5 jmcneill-usbmp-base4 jmcneill-usbmp-base3 jmcneill-usbmp-base2 netbsd-6-base
|
#
1.95 |
|
31-Dec-2011 |
christos |
branches: 1.95.2; 1.95.6; 1.95.8; - fix offsetof usage, and redundant defines - kill pointer casts to 0
|
#
1.94 |
|
19-Dec-2011 |
drochner |
rename the IPSEC in-kernel CPP variable and config(8) option to KAME_IPSEC, and make IPSEC define it so that existing kernel config files work as before Now the default can be easily be changed to FAST_IPSEC just by setting the IPSEC alias to FAST_IPSEC.
|
Revision tags: jmcneill-usbmp-pre-base2 jmcneill-usbmp-base jmcneill-audiomp3-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base
|
#
1.93 |
|
24-Sep-2011 |
christos |
branches: 1.93.2; 1.93.6; Add inet6 part of the rfc6056 code contributed by Vlad Balan as part of Google SoC-2011
|
Revision tags: rmind-uvmplock-nbase cherry-xenmp-base rmind-uvmplock-base
|
#
1.92 |
|
24-May-2011 |
spz |
RA flood mitigation via a limit on accepted routes: - introduce a limit for the routes accepted via IPv6 Router Advertisement: a common 2 interface client will have 6, the default limit is 100 and can be adjusted via sysctl - report the current number of routes installed via RA via sysctl - count discarded route additions. Note that one RA message is two routes. This is at present only across all interfaces even though per-interface would be more useful, since the per-interface structure complies to RFC2466 - bump kernel version due to the previous change - adjust netstat to use the new value (with netstat -p icmp6)
|
#
1.91 |
|
03-May-2011 |
dyoung |
*_drain() routines may be called with locks held, so instead of doing any work in *_drain(), set a drain-needed flag. Do the work in the fasttimo handler.
Contributed by Coyote Point Systems, Inc.
|
#
1.90 |
|
31-Mar-2011 |
dyoung |
Hide the radix-trie implementation of the forwarding table so that we will have an easier time replacing it with something different, even if it is a second radix-trie implementation.
sys/net/route.c and sys/net/rtsock.c no longer operate directly on radix_nodes or radix_node_heads.
Hopefully this will reduce the temptation to implement multipath or source-based routing using grotty hacks to the grotty old radix-trie code, too. :-)
|
Revision tags: bouyer-quota2-nbase bouyer-quota2-base jruoho-x86intr-base matt-mips64-premerge-20101231 uebayasi-xip-base4 uebayasi-xip-base3 yamt-nfs-mp-base11
|
#
1.89 |
|
24-Aug-2010 |
jakllsch |
branches: 1.89.2; Make the EtherIP in IPv6 input path work. XXX: Figure out if we really need a separate protosw for IPv6.
|
Revision tags: uebayasi-xip-base2 yamt-nfs-mp-base10 uebayasi-xip-base1 yamt-nfs-mp-base9 uebayasi-xip-base
|
#
1.88 |
|
04-Feb-2010 |
joerg |
branches: 1.88.2; 1.88.4; Explicitly include opt_gateway.h when depending on GATEWAY.
|
Revision tags: matt-premerge-20091211 yamt-nfs-mp-base8 jym-xensuspend-nbase
|
#
1.87 |
|
11-Sep-2009 |
dyoung |
Make ifconfig(8) set and display preference numbers for IPv6 addresses. Make the kernel support SIOC[SG]IFADDRPREF for IPv6 interface addresses.
In in6ifa_ifpforlinklocal(), consult preference numbers before making an otherwise arbitrary choice of in6_ifaddr. Otherwise, preference numbers are *not* consulted by the kernel, but that will be rather easy for somebody with a little bit of free time to fix.
Please note that setting the preference number for a link-local IPv6 address does not work right, yet, but that ought to be fixed soon.
In support of the changes above,
1 Add a method to struct domain for "externalizing" a sockaddr, and provide an implementation for IPv6. Expect more work in this area: it may be more proper to say that the IPv6 implementation "internalizes" a sockaddr. Add sockaddr_externalize().
2 Add a subroutine, sofamily(), that returns a struct socket's address family or AF_UNSPEC.
3 Make a lot of IPv4-specific code generic, and move it from sys/netinet/ to sys/net/ for re-use by IPv6 parts of the kernel and ifconfig(8).
|
#
1.86 |
|
11-Sep-2009 |
dyoung |
Nothing uses sockaddr_in6_cmp() right now, and the generic sockaddr_cmp() is probably as fast or faster than calling sockaddr_in6_cmp() through a function pointer, so let's stop compiling it.
|
#
1.85 |
|
21-Aug-2009 |
tsutsui |
Fix error on kernels with options IPSEC without options IPSEC_ESP. Found on building evbppc/conf/PMPPC.
|
Revision tags: yamt-nfs-mp-base7 jymxensuspend-base yamt-nfs-mp-base6 yamt-nfs-mp-base5 yamt-nfs-mp-base4 yamt-nfs-mp-base3 nick-hppapmap-base4 nick-hppapmap-base3 jym-xensuspend-base nick-hppapmap-base
|
#
1.84 |
|
23-Mar-2009 |
liamjfoy |
Init ip6flow pool dynamically instead of using a linkset.
|
Revision tags: nick-hppapmap-base2 haad-dm-base2 haad-nbase2 ad-audiomp2-base haad-dm-base mjf-devfs2-base
|
#
1.83 |
|
25-Nov-2008 |
pooka |
branches: 1.83.4; Make dom_maxrtkey of inet/inet6domain the size of the ip_encap pack structures. This is far from optimal, but gets rid of iffy #ifdef INET in radix.c. The radix bonsai still needs lots of love before loading domains dynamically is possible...
|
Revision tags: netbsd-5-1-5-RELEASE netbsd-5-1-4-RELEASE netbsd-5-1-3-RELEASE netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE matt-nb5-mips64-premerge-20101231 netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 netbsd-5-base matt-mips64-base2 haad-dm-base1 wrstuden-revivesa-base-4 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 wrstuden-revivesa-base-1 simonb-wapbl-nbase yamt-pf42-base4 simonb-wapbl-base yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-base2 yamt-nfs-mp-base2 wrstuden-revivesa-base yamt-nfs-mp-base
|
#
1.82 |
|
24-Apr-2008 |
ad |
branches: 1.82.2; 1.82.8; 1.82.10; 1.82.12; Merge the socket locking patch:
- Socket layer becomes MP safe. - Unix protocols become MP safe. - Allows protocol processing interrupts to safely block on locks. - Fixes a number of race conditions.
With much feedback from matt@ and plunky@.
|
#
1.81 |
|
23-Apr-2008 |
thorpej |
Make IPSEC and FAST_IPSEC stats per-cpu. Use <net/net_stats.h> and netstat_sysctl().
|
Revision tags: yamt-pf42-baseX yamt-pf42-base
|
#
1.80 |
|
15-Apr-2008 |
thorpej |
branches: 1.80.2; Make pim6 stats per-cpu.
|
Revision tags: ad-socklock-base1 yamt-lazymbuf-base15 yamt-lazymbuf-base14 keiichi-mipv6-nbase nick-net80211-sync-base keiichi-mipv6-base bouyer-xeni386-merge1 vmlocking2-base3 bouyer-xeni386-nbase yamt-kmem-base3 cube-autoconf-base yamt-kmem-base2 bouyer-xeni386-base yamt-kmem-base vmlocking2-base2 reinoud-bufcleanup-nbase vmlocking2-base1 matt-armv6-nbase jmcneill-base mjf-devfs-base bouyer-xenamd64-base2 vmlocking-nbase yamt-x86pmap-base4 bouyer-xenamd64-base yamt-x86pmap-base3 yamt-x86pmap-base2 yamt-x86pmap-base matt-armv6-base jmcneill-pm-base hpcarm-cleanup-base reinoud-bufcleanup-base vmlocking-base
|
#
1.79 |
|
19-Sep-2007 |
dyoung |
branches: 1.79.16; 1.79.20; 1) Introduce a new socket option, (SOL_SOCKET, SO_NOHEADER), that tells a socket that it should both add a protocol header to tx'd datagrams and remove the header from rx'd datagrams:
int onoff = 1, s = socket(...); setsockopt(s, SOL_SOCKET, SO_NOHEADER, &onoff);
2) Add an implementation of (SOL_SOCKET, SO_NOHEADER) for raw IPv4 sockets.
3) Reorganize the protocols' pr_ctloutput implementations a bit. Consistently return ENOPROTOOPT when an option is unsupported, and EINVAL if a supported option's arguments are incorrect. Reorganize the flow of code so that it's more clear how/when options are passed down the stack until they are handled.
Shorten some pr_ctloutput staircases for readability.
4) Extract common mbuf code into subroutines, add new sockaddr methods, and introduce a new subroutine, fsocreate(), for reuse later; use it first in sys_socket():
struct mbuf *m_getsombuf(struct socket *so)
Create an mbuf and make its owner the socket `so'.
struct mbuf *m_intopt(struct socket *so, int val)
Create an mbuf, make its owner the socket `so', put the int `val' into it, and set its length to sizeof(int).
int fsocreate(..., int *fd)
Create a socket, a la socreate(9), put the socket into the given LWP's descriptor table, return the descriptor at `fd' on success.
void *sockaddr_addr(struct sockaddr *sa, socklen_t *slenp) const void *sockaddr_const_addr(const struct sockaddr *sa, socklen_t *slenp)
Extract a pointer to the address part of a sockaddr. Write the length of the address part at `slenp', if `slenp' is not NULL.
socklen_t sockaddr_getlen(const struct sockaddr *sa)
Return the length of a sockaddr. This just evaluates to sa->sa_len. I only add this for consistency with code that appears in a portable userland library that I am going to import.
const struct sockaddr *sockaddr_any(const struct sockaddr *sa)
Return the "don't care" sockaddr in the same family as `sa'. This is the address a client should sobind(9) if it does not care the source address and, if applicable, the port et cetera that it uses.
const void *sockaddr_anyaddr(const struct sockaddr *sa, socklen_t *slenp)
Return the "don't care" sockaddr in the same family as `sa'. This is the address a client should sobind(9) if it does not care the source address and, if applicable, the port et cetera that it uses.
|
Revision tags: nick-csl-alignment-base5
|
#
1.78 |
|
30-Aug-2007 |
dyoung |
Use malloc(9) for sockaddrs instead of pool(9), and remove dom_sa_pool and dom_sa_len members from struct domain. Pools of fixed-size objects are too rigid for sockaddr_dls, whose size can vary over a wide range.
Return sockaddr_dl to its "historical" size. Now that I'm using malloc(9) instead of pool(9) to allocate sockaddr_dl, I can create a sockaddr_dl of any size in the kernel, so expanding sockaddr_dl is useless.
Avoid using sizeof(struct sockaddr_dl) in the kernel.
Introduce sockaddr_dl_alloc() for allocating & initializing an arbitrary sockaddr_dl on the heap.
Add an argument, the sockaddr length, to sockaddr_alloc(), sockaddr_copy(), and sockaddr_dl_setaddr().
Constify: LLADDR() -> CLLADDR().
Where the kernel overwrites LLADDR(), use sockaddr_dl_setaddr(), instead. Used properly, sockaddr_dl_setaddr() will not overrun the end of the sockaddr.
|
Revision tags: matt-mips64-base nick-csl-alignment-base yamt-idlelwp-base8 mjf-ufs-trans-base
|
#
1.77 |
|
06-May-2007 |
dyoung |
branches: 1.77.2; 1.77.6; 1.77.8; In AppleTalk, IPv4, and IPv6 routing domains, help sockaddr_cmp() avoid an indirect function call by comparing the family, length, and bytes [dom->dom_sa_cmpofs, dom->dom_sa_cmpofs + dom->dom_sa_cmplen), corresponding to the the sockaddrs' "address" members.
For ISO, actually use sockaddr_iso_cmp, for a change. Thanks to yamt@ for pointing out my error.
|
#
1.76 |
|
02-May-2007 |
dyoung |
Eliminate address family-specific route caches (struct route, struct route_in6, struct route_iso), replacing all caches with a struct route.
The principle benefit of this change is that all of the protocol families can benefit from route cache-invalidation, which is necessary for correct routing. Route-cache invalidation fixes an ancient PR, kern/3508, at long last; it fixes various other PRs, also.
Discussions with and ideas from Joerg Sonnenberger influenced this work tremendously. Of course, all design oversights and bugs are mine.
DETAILS
1 I added to each address family a pool of sockaddrs. I have introduced routines for allocating, copying, and duplicating, and freeing sockaddrs:
struct sockaddr *sockaddr_alloc(sa_family_t af, int flags); struct sockaddr *sockaddr_copy(struct sockaddr *dst, const struct sockaddr *src); struct sockaddr *sockaddr_dup(const struct sockaddr *src, int flags); void sockaddr_free(struct sockaddr *sa);
sockaddr_alloc() returns either a sockaddr from the pool belonging to the specified family, or NULL if the pool is exhausted. The returned sockaddr has the right size for that family; sa_family and sa_len fields are initialized to the family and sockaddr length---e.g., sa_family = AF_INET and sa_len = sizeof(struct sockaddr_in). sockaddr_free() puts the given sockaddr back into its family's pool.
sockaddr_dup() and sockaddr_copy() work analogously to strdup() and strcpy(), respectively. sockaddr_copy() KASSERTs that the family of the destination and source sockaddrs are alike.
The 'flags' argumet for sockaddr_alloc() and sockaddr_dup() is passed directly to pool_get(9).
2 I added routines for initializing sockaddrs in each address family, sockaddr_in_init(), sockaddr_in6_init(), sockaddr_iso_init(), etc. They are fairly self-explanatory.
3 structs route_in6 and route_iso are no more. All protocol families use struct route. I have changed the route cache, 'struct route', so that it does not contain storage space for a sockaddr. Instead, struct route points to a sockaddr coming from the pool the sockaddr belongs to. I added a new method to struct route, rtcache_setdst(), for setting the cache destination:
int rtcache_setdst(struct route *, const struct sockaddr *);
rtcache_setdst() returns 0 on success, or ENOMEM if no memory is available to create the sockaddr storage.
It is now possible for rtcache_getdst() to return NULL if, say, rtcache_setdst() failed. I check the return value for NULL everywhere in the kernel.
4 Each routing domain (struct domain) has a list of live route caches, dom_rtcache. rtflushall(sa_family_t af) looks up the domain indicated by 'af', walks the domain's list of route caches and invalidates each one.
|
Revision tags: thorpej-atomic-base
|
#
1.75 |
|
07-Mar-2007 |
liamjfoy |
branches: 1.75.2; 1.75.4; Add IPv6 Fast Forward - the IPv4 counterpart:
If ip6_forward successfully forwards a packet, a cache, in this case a ip6flow struct entry, will be created. ether_input and friends will then be able to call ip6flow_fastforward with the packet which will then be passed to if_output (unless an issue is found - in that case the packet is passed back to ip6_input).
ok matt@ christos@ dyoung@ and joerg@
|
#
1.74 |
|
06-Mar-2007 |
liamjfoy |
Fix some style issues - no functional change
|
#
1.73 |
|
27-Feb-2007 |
degroote |
Initialize fast_ipsec entry in the protocol switch with structure initializers as other entries.
|
Revision tags: ad-audiomp-base
|
#
1.72 |
|
19-Feb-2007 |
dyoung |
Initialize protocol switch with structure initializers.
|
#
1.71 |
|
17-Feb-2007 |
dyoung |
0 -> NULL
|
#
1.70 |
|
10-Feb-2007 |
degroote |
branches: 1.70.2; Commit my SoC work Add ipv6 support for fast_ipsec Note that currently, packet with extensions headers are not correctly supported Change the ipcomp logic
|
Revision tags: post-newlock2-merge newlock2-nbase yamt-splraiseipl-base5 yamt-splraiseipl-base4 yamt-splraiseipl-base3 newlock2-base
|
#
1.69 |
|
09-Dec-2006 |
dyoung |
Here are various changes designed to protect against bad IPv4 routing caused by stale route caches (struct route). Route caches are sprinkled throughout PCBs, the IP fast-forwarding table, and IP tunnel interfaces (gre, gif, stf).
Stale IPv6 and ISO route caches will be treated by separate patches.
Thank you to Christoph Badura for suggesting the general approach to invalidating route caches that I take here.
Here are the details:
Add hooks to struct domain for tracking and for invalidating each domain's route caches: dom_rtcache, dom_rtflush, and dom_rtflushall.
Introduce helper subroutines, rtflush(ro) for invalidating a route cache, rtflushall(family) for invalidating all route caches in a routing domain, and rtcache(ro) for notifying the domain of a new cached route.
Chain together all IPv4 route caches where ro_rt != NULL. Provide in_rtcache() for adding a route to the chain. Provide in_rtflush() and in_rtflushall() for invalidating IPv4 route caches. In in_rtflush(), set ro_rt to NULL, and remove the route from the chain. In in_rtflushall(), walk the chain and remove every route cache.
In rtrequest1(), call rtflushall() to invalidate route caches when a route is added.
In gif(4), discard the workaround for stale caches that involves expiring them every so often.
Replace the pattern 'RTFREE(ro->ro_rt); ro->ro_rt = NULL;' with a call to rtflush(ro).
Update ipflow_fastforward() and all other users of route caches so that they expect a cached route, ro->ro_rt, to turn to NULL.
Take care when moving a 'struct route' to rtflush() the source and to rtcache() the destination.
In domain initializers, use .dom_xxx tags.
KNF here and there.
|
Revision tags: netbsd-4-base
|
#
1.68 |
|
23-Nov-2006 |
rpaulo |
branches: 1.68.2; 1.68.4; New EtherIP driver based on tap(4) and gif(4) by Hans Rosenfeld. Notable changes: * Fixes PR 34268. * Separates the code from gif(4) (which is more cleaner). * Allows the usage of STP (Spanning Tree Protocol). * Removed EtherIP implementation from gif(4)/tap(4).
Some input from Christos.
|
Revision tags: yamt-splraiseipl-base2
|
#
1.67 |
|
10-Oct-2006 |
dogcow |
change the MOWNER_INIT define to take two args; fix extant struct mowner decls to use it. Makes options MBUFTRACE compile again and not whinge about missing structure declarations. (Also makes initialization consistent.)
|
Revision tags: yamt-splraiseipl-base yamt-pdpolicy-base9 yamt-pdpolicy-base8 rpaulo-netinet-merge-pcb-base
|
#
1.66 |
|
30-Aug-2006 |
christos |
branches: 1.66.2; 1.66.4; add missing initializers
|
#
1.65 |
|
28-Aug-2006 |
christos |
remove extra members
|
#
1.64 |
|
25-Aug-2006 |
matt |
One step closer to loadable domains. Store pointers to a domain's soft interrupt queues so if_detach can remove packets to removed interfaces from them. This eliminates a lot of conditional ugly code in if.c
|
Revision tags: abandoned-netbsd-4-base yamt-pdpolicy-base7 yamt-pdpolicy-base6 chap-midi-nbase gdamore-uart-base yamt-pdpolicy-base5 chap-midi-base simonb-timecounters-base
|
#
1.63 |
|
18-May-2006 |
liamjfoy |
Integrate Common Address Redundancy Procotol (CARP) from OpenBSD
'pseudo-device carp'
Thanks to: joerg@ christos@ riz@ and others who tested Ok: core@
|
Revision tags: yamt-pdpolicy-base4 yamt-pdpolicy-base3 peter-altq-base yamt-pdpolicy-base2 elad-kernelauth-base
|
#
1.62 |
|
05-Mar-2006 |
rpaulo |
branches: 1.62.4; NDP-related improvements: RFC4191 - supports host-side router-preference
RFC3542 - if DAD fails on a interface, disables IPv6 operation on the interface - don't advertise MLD report before DAD finishes
Others - fixes integer overflow for valid and preferred lifetimes - improves timer granularity for MLD, using callout-timer. - reflects rtadvd's IPv6 host variable information into kernel (router only) - adds a sysctl option to enable/disable pMTUd for multicast packets - performs NUD on PPP/GRE interface by default - Redirect works regardless of ip6_accept_rtadv - removes RFC1885-related code
From the KAME project via SUZUKI Shinsuke. Reviewed by core.
|
Revision tags: yamt-pdpolicy-base yamt-uio_vmspace-base5
|
#
1.61 |
|
11-Dec-2005 |
christos |
branches: 1.61.4; 1.61.6; 1.61.8; merge ktrace-lwp.
|
Revision tags: yamt-readahead-base3 yamt-readahead-base2 yamt-readahead-pervnode yamt-readahead-perfile yamt-readahead-base yamt-vop-base3 yamt-vop-base2 thorpej-vnode-attr-base yamt-vop-base ktrace-lwp-base
|
#
1.60 |
|
19-Jul-2005 |
gdt |
Add PR_PURGEIF flag for protocols to indicate that the protocol might store a struct ifnet *, and define it for udp/tcp/rawip for INET and INET6. When deleting a struct ifnet, invoke PRU_PURGEIF on all protocols marked with PR_PURGEIF. Closes PR kern/29580 (mine).
|
#
1.59 |
|
29-May-2005 |
christos |
branches: 1.59.2; - avoid shadowed variables - sprinkle const.
|
Revision tags: yamt-km-base4 yamt-km-base3 netbsd-3-base yamt-km-base2 yamt-km-base kent-audio2-base
|
#
1.58 |
|
23-Jan-2005 |
matt |
branches: 1.58.6; Change initialzie of domains to use link sets. Switch to using STAILQ. Add a convenience macro DOMAIN_FOREACH to interate through the domain.
|
Revision tags: kent-audio1-beforemerge kent-audio1-base
|
#
1.57 |
|
22-Apr-2004 |
matt |
branches: 1.57.4; Constify protosw arrays. This can reduce the kernel .data section by over 4K (if all the network protocols) are loaded.
|
Revision tags: netbsd-2-0-3-RELEASE netbsd-2-1-RELEASE netbsd-2-1-RC6 netbsd-2-1-RC5 netbsd-2-1-RC4 netbsd-2-1-RC3 netbsd-2-1-RC2 netbsd-2-1-RC1 netbsd-2-0-2-RELEASE netbsd-2-0-1-RELEASE netbsd-2-base netbsd-2-0-RELEASE netbsd-2-0-RC5 netbsd-2-0-RC4 netbsd-2-0-RC3 netbsd-2-0-RC2 netbsd-2-0-RC1 netbsd-2-0-base
|
#
1.56 |
|
04-Dec-2003 |
atatat |
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(), vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all nodes are registered with the tree, and nodes can be added (or removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to number (and back again) can now be discovered, instead of having to be hard coded. Adding new nodes to the tree is likewise much simpler -- the new infrastructure handles almost all the work for simple types, and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking), so all existing consumers of sysctl information should notice no difference.
PS - I'm sorry, but there's a distinct lack of documentation at the moment. I'm working on sysctl(3/8/9) right now, and I promise to watch out for buses.
|
#
1.55 |
|
03-Nov-2003 |
briggs |
Revert the change in default value of ipv6_v6only. Further discussion on this topic is required. It should be reintroduced and pursued in the IETF.
|
#
1.54 |
|
28-Oct-2003 |
briggs |
Toggle the default value of ip6_v6only. Also provide a sample sysctl to retain the existing behavior.
|
#
1.53 |
|
06-Sep-2003 |
itojun |
randomize IPv4/v6 fragment ID and IPv6 flowlabel. avoids predictability of these fields. ip_id.c is from openbsd. ip6_id.c is adapted by kame.
|
#
1.52 |
|
05-Sep-2003 |
itojun |
call tcp_drain() if IPv4-less kernel
|
#
1.51 |
|
04-Sep-2003 |
itojun |
revamp inpcb/in6pcb so that they are more aligned with each other. in6pcb lookup now uses hash(9).
|
#
1.50 |
|
14-Aug-2003 |
itojun |
enforce ipsec policy on raw wildcard.
|
#
1.49 |
|
07-Aug-2003 |
agc |
Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22364, verified by myself.
|
#
1.48 |
|
07-Aug-2003 |
itojun |
make net.inet6.ip6.redirect actually work. from Tomoyuki Sahara via kame
|
#
1.47 |
|
17-Apr-2003 |
thorpej |
branches: 1.47.2; Protect the definition of offsetof().
|
Revision tags: nathanw_sa_before_merge fvdl_fs64_base gmcgarry_ctxsw_base gmcgarry_ucred_base nathanw_sa_base
|
#
1.46 |
|
11-Nov-2002 |
itojun |
pmtu_probe is not used anywhere (it is used in KAME TCP6-only code). From: Krister Walfridsson <cato@df.lth.se>
|
Revision tags: kqueue-aftermerge kqueue-beforemerge gehenna-devsw-base kqueue-base
|
#
1.45 |
|
20-Aug-2002 |
itojun |
sync up use_deprecated handling with latest kame. - bind(deprecated) is allowed, trusting userland app is doing the right thing - use_deprecated default to 1
|
#
1.44 |
|
17-Aug-2002 |
itojun |
set default value for use_deprecated to 0, to avoid consequences with ftpd.
|
#
1.43 |
|
09-Jun-2002 |
itojun |
whitespace cleanup
|
#
1.42 |
|
08-Jun-2002 |
itojun |
whitespace cleanup
|
#
1.41 |
|
29-May-2002 |
itojun |
move per-interface ip6/icmp6 stat to ifnet->if_afdata. sync w/kame
|
#
1.40 |
|
28-May-2002 |
itojun |
limit number of IPv6 fragments (not the fragment queue size) to fight against lots-of-frags DoS attacks. sync w/kame
|
Revision tags: netbsd-1-6-RC1 netbsd-1-6-base eeh-devprop-base
|
#
1.39 |
|
15-Mar-2002 |
itojun |
branches: 1.39.4; 1.39.6; have tcp6_drain
|
Revision tags: newlock-base ifpoll-base
|
#
1.38 |
|
21-Dec-2001 |
itojun |
call encap6_ctlinput on icmp6 against tunnelled packet. sync w/kame
|
#
1.37 |
|
21-Dec-2001 |
itojun |
use radix table for inbound tunnel lookup (would increase performance for machines with a lot of tunnels). update route cache for IPvX-over-IPv6 tunnel on path MTU discovery. snyc with kame
|
#
1.36 |
|
21-Dec-2001 |
itojun |
move in6_gif_hlim decl to in6_gif.c. sync with kame
|
#
1.35 |
|
21-Dec-2001 |
itojun |
move protosw fragment for gif/stf to their own source code. reduce #ifdef in stf code. sync with kame
|
#
1.34 |
|
13-Nov-2001 |
lukem |
add RCSIDs
|
Revision tags: thorpej-mips-cache-base
|
#
1.33 |
|
24-Oct-2001 |
itojun |
no tcp_fasttimo any more. PR 14333
|
#
1.32 |
|
24-Oct-2001 |
itojun |
more whitespace sync with kame
|
#
1.31 |
|
16-Oct-2001 |
itojun |
branches: 1.31.2; remove unused #define. sync whitespace/comment with kame.
|
#
1.30 |
|
15-Oct-2001 |
itojun |
implement IPV6_V6ONLY socket option from draft-ietf-ipngwg-rfc2553bis-03.txt. IPV6_BINDV6ONLY (netbsd only) is deprecated, but still work just like before.
|
Revision tags: thorpej-devvp-base3 thorpej-devvp-base2 post-chs-ubcperf pre-chs-ubcperf thorpej-devvp-base thorpej_scsipi_beforemerge thorpej_scsipi_nbase thorpej_scsipi_base
|
#
1.29 |
|
21-Mar-2001 |
thorpej |
branches: 1.29.2; Add a protosw flag, PR_ABRTACPTDIS (Abort on Accept of Disconnected Socket), and add it to the protocols that use that behavior (all PR_LISTEN protocols except for PF_LOCAL stream sockets).
|
#
1.28 |
|
01-Mar-2001 |
itojun |
branches: 1.28.2; make sure to enforce inbound ipsec policy checking, for any protocols on top of ip (check it when final header is visited). sync with kame. XXX kame team will need to re-check policy engine code
|
#
1.27 |
|
21-Feb-2001 |
itojun |
need PR_ADDR|PR_ATOMIC for IPPROTO_EON. fix typo. from chopps, sync with kame
|
#
1.26 |
|
20-Feb-2001 |
itojun |
ISO over IPv4/v6 by EON encapsulation. from chopps, sync with kame.
|
#
1.25 |
|
11-Feb-2001 |
itojun |
pull latest kame pcbnotify code. synchronizes ICMPv6 path mtu discovery behavior with other protocols (i.e. validation, use of hiwat/lowat).
|
#
1.24 |
|
11-Feb-2001 |
itojun |
whitespace sync with kame
|
#
1.23 |
|
19-Oct-2000 |
itojun |
remove #ifdef TCP6. it is not likely for us to bring in sys/netinet6/tcp6*.c (separate TCP/IPv6 stack) into netbsd-current.
|
#
1.22 |
|
18-Oct-2000 |
itojun |
verify ICMPv6 too big messages based on TCP pcbs, and/or IPsec SA. TODO: udp6, and sendto consideration. as pmtud is mandatory for IPv6, it is rather important for us to support those cases. TODO: more testing TODO: kame sync
|
#
1.21 |
|
10-Oct-2000 |
itojun |
sync with kame ($KAME$)
|
#
1.20 |
|
10-Oct-2000 |
enami |
Don't initialize TCP twice on v4/v6 dual stack kernel.
|
#
1.19 |
|
28-Jul-2000 |
itojun |
nuke the following sysctl variables. "ppsratelimit" should work better. need to recompile sbin/sysctl after updating /usr/include. net.inet.tcp.rstratelimit net.inet.icmp.errratelimit net.inet6.icmp6.errratelimit
|
#
1.18 |
|
06-Jul-2000 |
itojun |
- do not use bitfield for router renumbering header. - add protection mechanism against ND cache corruption due to bad NUD hints. - more stats - icmp6 pps limitation. TOOD: should implement ppsratecheck(9).
|
Revision tags: netbsd-1-5-ALPHA2 netbsd-1-5-base minoura-xpg4dl-base
|
#
1.17 |
|
19-Apr-2000 |
itojun |
branches: 1.17.4; introduce sys/netinet/ip_encap.c, to dispatch inbound packets to protocol handlers, based on src/dst (for ip proto #4/41). see comment in ip_encap.c for details of the problem we have. there are too many protocol specs for ip proto #4/41. backward compatibility with MROUTING case is now provided in ip_encap.c.
fix ipip to work with gif (using ip_encap.c). sorry for breakage.
gif now uses ip_encap.c.
introduce stf pseudo interface (implements 6to4, another IPv6-over-IPv4 code with ip proto #41).
|
#
1.16 |
|
26-Feb-2000 |
itojun |
implement rip6_ctlinput, to cope with routing changes correctly. (IMHO we need rip_ctlinput as well)
|
#
1.15 |
|
26-Feb-2000 |
itojun |
make it possible to throw IPv6 packet with proto=4/41. (in normal case we don't do it, but this is how IPv4 in_proto is written)
|
#
1.14 |
|
14-Feb-2000 |
thorpej |
Use ratecheck() for ICMP6 rate limiting.
|
Revision tags: chs-ubc2-newbase
|
#
1.13 |
|
06-Feb-2000 |
itojun |
fix include pathname for better rfc2292 compliance.
|
#
1.12 |
|
06-Jan-2000 |
itojun |
remove extra portability #ifdef (like #ifdef __FreeBSD__) in KAME IPv6/IPsec code, from netbsd-current repository. #ifdef'ed version is always available from ftp.kame.net.
XXX please do not make too many diff-unfriendly changes, we'll need to take bunch of diffs on upgrade...
|
#
1.11 |
|
06-Jan-2000 |
itojun |
make IPV6_BINDV6ONLY setsockopt available. it controls behavior of AF_INET6 wildcard listening socket. heavily documented in ip6(4). net.inet6.ip6.bindv6only defines default value. default is 1.
"options INET6_BINDV6ONLY" removes any code fragment that supports IPV6_BINDV6ONLY == 0 case (not defopt'ed as use of this is rare).
|
#
1.10 |
|
02-Jan-2000 |
itojun |
add net.inet6.icmp6.nodeinfo sysctl. this allows you to disable/enable ICMPv6 node information query/reply processing (which tells remote end the gethostname(3) setting, interface addresses on the node, and some other things - documented in draft-ietf-ipngwg-icmp-name-lookup* or something alike).
to test it, try ping6 -w ::1 with nodeinfo=0 and nodeinfo=1. (sync with kame change)
|
Revision tags: wrstuden-devbsize-19991221 wrstuden-devbsize-base
|
#
1.9 |
|
13-Dec-1999 |
itojun |
sync IPv6 part with latest KAME tree. IPsec part is left unmodified due to massive changes in KAME side. - IPv6 output goes through nd6_output - faith can capture IPv4 packets as well - you can run IPv4-to-IPv6 translator using heavily modified DNS servers - per-interface statistics (required for IPv6 MIB) - interface autoconfig is revisited - udp input handling has a big change for mapped address support. - introduce in4_cksum() for non-overwriting checksumming - introduce m_pulldown() - neighbor discovery cleanups/improvements - netinet/in.h strictly conforms to RFC2553 (no extra defs visible to userland) - IFA_STATS is fixed a bit (not tested) - and more more more.
TODO: - cleanup os-independency #ifdef - avoid rcvif dual use (for IPsec) to help ifdetach
(sorry for jumbo commit, I can't separate this any more...)
|
Revision tags: comdex-fall-1999-base fvdl-softdep-base chs-ubc2-base
|
#
1.8 |
|
31-Jul-1999 |
itojun |
branches: 1.8.2; 1.8.8; sync with recent KAME. - loosen ipsec restriction on packet diredtion. - revise icmp6 redirect handling on IsRouter bit. - tcp/udp notification processing (link-local address case) - cosmetic fixes (better code share across *BSD).
|
#
1.7 |
|
30-Jul-1999 |
itojun |
remove reference to in6_systm.h (file itself will be removed afterwords)
|
#
1.6 |
|
27-Jul-1999 |
explorer |
Fix a problem where tcp_slowtimo was called twice, once for ipv4 tcp and once for ipv6. This patch makes the ipv6 case pass NULLs in for fast and slow timeouts iff defined(INET) and passes in the right function if !defined(INET).
Reveiwed by itojun@iijlab.net.
|
#
1.5 |
|
22-Jul-1999 |
itojun |
change unnecessary u_long/long into u_int32_t or something relevant. more fixes should follow.
|
#
1.4 |
|
09-Jul-1999 |
thorpej |
defopt IPSEC and IPSEC_ESP (both into opt_ipsec.h).
|
#
1.3 |
|
03-Jul-1999 |
thorpej |
RCS ID police.
|
#
1.2 |
|
01-Jul-1999 |
itojun |
branches: 1.2.2; IPv6 kernel code, based on KAME/NetBSD 1.4, SNAP kit 19990628. (Sorry for a big commit, I can't separate this into several pieces...) Pls check sys/netinet6/TODO and sys/netinet6/IMPLEMENTATION for details.
- sys/kern: do not assume single mbuf, accept chained mbuf on passing data from userland to kernel (or other way round). - "midway" ATM card: ATM PVC pseudo device support, like those done in ALTQ package (ftp://ftp.csl.sony.co.jp/pub/kjc/). - sys/netinet/tcp*: IPv4/v6 dual stack tcp support. - sys/netinet/{ip6,icmp6}.h, sys/net/pfkeyv2.h: IETF document assumes those file to be there so we patch it up. - sys/netinet: IPsec additions are here and there. - sys/netinet6/*: most of IPv6 code sits here. - sys/netkey: IPsec key management code - dev/pci/pcidevs: regen
In my understanding no code here is subject to export control so it should be safe.
|
#
1.1 |
|
28-Jun-1999 |
itojun |
branches: 1.1.2; file in6_proto.c was initially added on branch kame.
|
Revision tags: prg-localcount2-base pgoyette-localcount-20170426 bouyer-socketcan-base1
|
#
1.117 |
|
14-Apr-2017 |
ozaki-r |
Rumpify netipsec
Note that we should modularize netipsec and reduce reverse symbol references (referencing symbols of netipsec from net, netinet and netinet6) though, the task needs lots of code changes. Prior to doing so, rumpifying it and having ATF tests should be useful.
|
Revision tags: jdolecek-ncq-base pgoyette-localcount-20170320
|
#
1.116 |
|
16-Feb-2017 |
knakahara |
add l2tp(4) L2TPv3 interface.
originally implemented by IIJ SEIL team.
|
#
1.115 |
|
13-Feb-2017 |
ozaki-r |
Protect mtudisc and redirect stuffs of icmp/icmp6 with mutex
We have to run pr_init of icmp and icmp6 prior to tcp and tcp6 ones for mutex initialization.
|
Revision tags: nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107
|
#
1.114 |
|
13-Dec-2016 |
ozaki-r |
branches: 1.114.2; Remove unnecessary inclusions of nd6.h
|
Revision tags: nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907
|
#
1.113 |
|
06-Jul-2016 |
ozaki-r |
branches: 1.113.2; Move in6_ifaddr_list to a more proper place (from ip6_input.c to in6.c)
It's a similar place as the IPv4 address list, i.e., in.c.
More varibles will join together.
|
Revision tags: nick-nhusb-base-20160529
|
#
1.112 |
|
26-Apr-2016 |
ozaki-r |
Sweep unnecessary route.h inclusions
|
Revision tags: nick-nhusb-base-20160422
|
#
1.111 |
|
11-Apr-2016 |
ozaki-r |
Sweep unncessary radix.h inclusions
|
Revision tags: nick-nhusb-base-20160319
|
#
1.110 |
|
21-Jan-2016 |
riastradh |
Revert previous: ran cvs commit when I meant cvs diff. Sorry!
Hit up-arrow one too few times.
|
#
1.109 |
|
21-Jan-2016 |
riastradh |
Give proper prototype to ip_output.
|
#
1.108 |
|
20-Jan-2016 |
riastradh |
Eliminate struct protosw::pr_output.
You can't use this unless you know what it is a priori: the formal prototype is variadic, and the different instances (e.g., ip_output, route_output) have different real prototypes.
Convert the only user of it, raw_send in net/raw_cb.c, to take an explicit callback argument. Convert the only instances of it, route_output and key_output, to such explicit callbacks for raw_send. Use assertions to make sure the conversion to explicit callbacks is warranted.
Discussed on tech-net with no objections: https://mail-index.netbsd.org/tech-net/2016/01/16/msg005484.html
|
Revision tags: nick-nhusb-base-20151226
|
#
1.107 |
|
13-Oct-2015 |
rjs |
Add core networking support for SCTP.
|
Revision tags: nick-nhusb-base-20150921
|
#
1.106 |
|
24-Aug-2015 |
pooka |
sprinkle _KERNEL_OPT
|
Revision tags: nick-nhusb-base-20150606
|
#
1.105 |
|
22-Apr-2015 |
roy |
Move INET6 specific in6_if_{up,down}() and in6_if_link_{up,down}() into agnostic domain functions.
|
Revision tags: nick-nhusb-base-20150406
|
#
1.104 |
|
10-Feb-2015 |
rjs |
Add DCCP protocol support from KAME.
|
Revision tags: netbsd-7-1-RELEASE netbsd-7-1-RC2 netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.103 |
|
05-Jun-2014 |
rmind |
branches: 1.103.4; - Implement pktqueue interface for lockless IP input queue. - Replace ipintrq and ip6intrq with the pktqueue mechanism. - Eliminate kernel-lock from ipintr() and ip6intr(). - Some preparation work to push softnet_lock out of ipintr().
Discussed on tech-net.
|
#
1.102 |
|
22-May-2014 |
rmind |
Move udp6_input(), udp6_sendup(), udp6_realinput() and udp6_input_checksum() from udp_usrreq.c to udp6_usrreq.c where they belong. No functional change.
|
Revision tags: rmind-smpnet-nbase rmind-smpnet-base
|
#
1.101 |
|
18-May-2014 |
rmind |
Add struct pr_usrreqs with a pr_generic function and prepare for the dismantling of pr_usrreq in the protocols; no functional change intended. PRU_ATTACH/PRU_DETACH changes will follow soon.
Bump for struct protosw. Welcome to 6.99.62!
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3
|
#
1.100 |
|
02-Jan-2014 |
pooka |
branches: 1.100.2; Allow kernels compiled with INET+INET6 to be booted as IPv4-only or IPv6-only.
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base
|
#
1.99 |
|
05-Jun-2013 |
christos |
branches: 1.99.2; IPSEC has not come in two speeds for a long time now (IPSEC == kame, FAST_IPSEC). Make everything refer to IPSEC to avoid confusion.
|
Revision tags: agc-symver-base
|
#
1.98 |
|
01-Mar-2013 |
joerg |
Retire OSI network stack. OK core@
|
Revision tags: yamt-pagecache-base8 yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.97 |
|
23-Jun-2012 |
christos |
branches: 1.97.2; 4 new sysctls to avoid ipv6 DoS attacks from OpenBSD
|
Revision tags: jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8
|
#
1.96 |
|
22-Mar-2012 |
drochner |
remove KAME IPSEC, replaced by FAST_IPSEC
|
Revision tags: netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 jmcneill-usbmp-base7 jmcneill-usbmp-base6 jmcneill-usbmp-base5 jmcneill-usbmp-base4 jmcneill-usbmp-base3 jmcneill-usbmp-base2 netbsd-6-base
|
#
1.95 |
|
31-Dec-2011 |
christos |
branches: 1.95.2; 1.95.6; 1.95.8; - fix offsetof usage, and redundant defines - kill pointer casts to 0
|
#
1.94 |
|
19-Dec-2011 |
drochner |
rename the IPSEC in-kernel CPP variable and config(8) option to KAME_IPSEC, and make IPSEC define it so that existing kernel config files work as before Now the default can be easily be changed to FAST_IPSEC just by setting the IPSEC alias to FAST_IPSEC.
|
Revision tags: jmcneill-usbmp-pre-base2 jmcneill-usbmp-base jmcneill-audiomp3-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base
|
#
1.93 |
|
24-Sep-2011 |
christos |
branches: 1.93.2; 1.93.6; Add inet6 part of the rfc6056 code contributed by Vlad Balan as part of Google SoC-2011
|
Revision tags: rmind-uvmplock-nbase cherry-xenmp-base rmind-uvmplock-base
|
#
1.92 |
|
24-May-2011 |
spz |
RA flood mitigation via a limit on accepted routes: - introduce a limit for the routes accepted via IPv6 Router Advertisement: a common 2 interface client will have 6, the default limit is 100 and can be adjusted via sysctl - report the current number of routes installed via RA via sysctl - count discarded route additions. Note that one RA message is two routes. This is at present only across all interfaces even though per-interface would be more useful, since the per-interface structure complies to RFC2466 - bump kernel version due to the previous change - adjust netstat to use the new value (with netstat -p icmp6)
|
#
1.91 |
|
03-May-2011 |
dyoung |
*_drain() routines may be called with locks held, so instead of doing any work in *_drain(), set a drain-needed flag. Do the work in the fasttimo handler.
Contributed by Coyote Point Systems, Inc.
|
#
1.90 |
|
31-Mar-2011 |
dyoung |
Hide the radix-trie implementation of the forwarding table so that we will have an easier time replacing it with something different, even if it is a second radix-trie implementation.
sys/net/route.c and sys/net/rtsock.c no longer operate directly on radix_nodes or radix_node_heads.
Hopefully this will reduce the temptation to implement multipath or source-based routing using grotty hacks to the grotty old radix-trie code, too. :-)
|
Revision tags: bouyer-quota2-nbase bouyer-quota2-base jruoho-x86intr-base matt-mips64-premerge-20101231 uebayasi-xip-base4 uebayasi-xip-base3 yamt-nfs-mp-base11
|
#
1.89 |
|
24-Aug-2010 |
jakllsch |
branches: 1.89.2; Make the EtherIP in IPv6 input path work. XXX: Figure out if we really need a separate protosw for IPv6.
|
Revision tags: uebayasi-xip-base2 yamt-nfs-mp-base10 uebayasi-xip-base1 yamt-nfs-mp-base9 uebayasi-xip-base
|
#
1.88 |
|
04-Feb-2010 |
joerg |
branches: 1.88.2; 1.88.4; Explicitly include opt_gateway.h when depending on GATEWAY.
|
Revision tags: matt-premerge-20091211 yamt-nfs-mp-base8 jym-xensuspend-nbase
|
#
1.87 |
|
11-Sep-2009 |
dyoung |
Make ifconfig(8) set and display preference numbers for IPv6 addresses. Make the kernel support SIOC[SG]IFADDRPREF for IPv6 interface addresses.
In in6ifa_ifpforlinklocal(), consult preference numbers before making an otherwise arbitrary choice of in6_ifaddr. Otherwise, preference numbers are *not* consulted by the kernel, but that will be rather easy for somebody with a little bit of free time to fix.
Please note that setting the preference number for a link-local IPv6 address does not work right, yet, but that ought to be fixed soon.
In support of the changes above,
1 Add a method to struct domain for "externalizing" a sockaddr, and provide an implementation for IPv6. Expect more work in this area: it may be more proper to say that the IPv6 implementation "internalizes" a sockaddr. Add sockaddr_externalize().
2 Add a subroutine, sofamily(), that returns a struct socket's address family or AF_UNSPEC.
3 Make a lot of IPv4-specific code generic, and move it from sys/netinet/ to sys/net/ for re-use by IPv6 parts of the kernel and ifconfig(8).
|
#
1.86 |
|
11-Sep-2009 |
dyoung |
Nothing uses sockaddr_in6_cmp() right now, and the generic sockaddr_cmp() is probably as fast or faster than calling sockaddr_in6_cmp() through a function pointer, so let's stop compiling it.
|
#
1.85 |
|
21-Aug-2009 |
tsutsui |
Fix error on kernels with options IPSEC without options IPSEC_ESP. Found on building evbppc/conf/PMPPC.
|
Revision tags: yamt-nfs-mp-base7 jymxensuspend-base yamt-nfs-mp-base6 yamt-nfs-mp-base5 yamt-nfs-mp-base4 yamt-nfs-mp-base3 nick-hppapmap-base4 nick-hppapmap-base3 jym-xensuspend-base nick-hppapmap-base
|
#
1.84 |
|
23-Mar-2009 |
liamjfoy |
Init ip6flow pool dynamically instead of using a linkset.
|
Revision tags: nick-hppapmap-base2 haad-dm-base2 haad-nbase2 ad-audiomp2-base haad-dm-base mjf-devfs2-base
|
#
1.83 |
|
25-Nov-2008 |
pooka |
branches: 1.83.4; Make dom_maxrtkey of inet/inet6domain the size of the ip_encap pack structures. This is far from optimal, but gets rid of iffy #ifdef INET in radix.c. The radix bonsai still needs lots of love before loading domains dynamically is possible...
|
Revision tags: netbsd-5-1-5-RELEASE netbsd-5-1-4-RELEASE netbsd-5-1-3-RELEASE netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE matt-nb5-mips64-premerge-20101231 netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 netbsd-5-base matt-mips64-base2 haad-dm-base1 wrstuden-revivesa-base-4 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 wrstuden-revivesa-base-1 simonb-wapbl-nbase yamt-pf42-base4 simonb-wapbl-base yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-base2 yamt-nfs-mp-base2 wrstuden-revivesa-base yamt-nfs-mp-base
|
#
1.82 |
|
24-Apr-2008 |
ad |
branches: 1.82.2; 1.82.8; 1.82.10; 1.82.12; Merge the socket locking patch:
- Socket layer becomes MP safe. - Unix protocols become MP safe. - Allows protocol processing interrupts to safely block on locks. - Fixes a number of race conditions.
With much feedback from matt@ and plunky@.
|
#
1.81 |
|
23-Apr-2008 |
thorpej |
Make IPSEC and FAST_IPSEC stats per-cpu. Use <net/net_stats.h> and netstat_sysctl().
|
Revision tags: yamt-pf42-baseX yamt-pf42-base
|
#
1.80 |
|
15-Apr-2008 |
thorpej |
branches: 1.80.2; Make pim6 stats per-cpu.
|
Revision tags: ad-socklock-base1 yamt-lazymbuf-base15 yamt-lazymbuf-base14 keiichi-mipv6-nbase nick-net80211-sync-base keiichi-mipv6-base bouyer-xeni386-merge1 vmlocking2-base3 bouyer-xeni386-nbase yamt-kmem-base3 cube-autoconf-base yamt-kmem-base2 bouyer-xeni386-base yamt-kmem-base vmlocking2-base2 reinoud-bufcleanup-nbase vmlocking2-base1 matt-armv6-nbase jmcneill-base mjf-devfs-base bouyer-xenamd64-base2 vmlocking-nbase yamt-x86pmap-base4 bouyer-xenamd64-base yamt-x86pmap-base3 yamt-x86pmap-base2 yamt-x86pmap-base matt-armv6-base jmcneill-pm-base hpcarm-cleanup-base reinoud-bufcleanup-base vmlocking-base
|
#
1.79 |
|
19-Sep-2007 |
dyoung |
branches: 1.79.16; 1.79.20; 1) Introduce a new socket option, (SOL_SOCKET, SO_NOHEADER), that tells a socket that it should both add a protocol header to tx'd datagrams and remove the header from rx'd datagrams:
int onoff = 1, s = socket(...); setsockopt(s, SOL_SOCKET, SO_NOHEADER, &onoff);
2) Add an implementation of (SOL_SOCKET, SO_NOHEADER) for raw IPv4 sockets.
3) Reorganize the protocols' pr_ctloutput implementations a bit. Consistently return ENOPROTOOPT when an option is unsupported, and EINVAL if a supported option's arguments are incorrect. Reorganize the flow of code so that it's more clear how/when options are passed down the stack until they are handled.
Shorten some pr_ctloutput staircases for readability.
4) Extract common mbuf code into subroutines, add new sockaddr methods, and introduce a new subroutine, fsocreate(), for reuse later; use it first in sys_socket():
struct mbuf *m_getsombuf(struct socket *so)
Create an mbuf and make its owner the socket `so'.
struct mbuf *m_intopt(struct socket *so, int val)
Create an mbuf, make its owner the socket `so', put the int `val' into it, and set its length to sizeof(int).
int fsocreate(..., int *fd)
Create a socket, a la socreate(9), put the socket into the given LWP's descriptor table, return the descriptor at `fd' on success.
void *sockaddr_addr(struct sockaddr *sa, socklen_t *slenp) const void *sockaddr_const_addr(const struct sockaddr *sa, socklen_t *slenp)
Extract a pointer to the address part of a sockaddr. Write the length of the address part at `slenp', if `slenp' is not NULL.
socklen_t sockaddr_getlen(const struct sockaddr *sa)
Return the length of a sockaddr. This just evaluates to sa->sa_len. I only add this for consistency with code that appears in a portable userland library that I am going to import.
const struct sockaddr *sockaddr_any(const struct sockaddr *sa)
Return the "don't care" sockaddr in the same family as `sa'. This is the address a client should sobind(9) if it does not care the source address and, if applicable, the port et cetera that it uses.
const void *sockaddr_anyaddr(const struct sockaddr *sa, socklen_t *slenp)
Return the "don't care" sockaddr in the same family as `sa'. This is the address a client should sobind(9) if it does not care the source address and, if applicable, the port et cetera that it uses.
|
Revision tags: nick-csl-alignment-base5
|
#
1.78 |
|
30-Aug-2007 |
dyoung |
Use malloc(9) for sockaddrs instead of pool(9), and remove dom_sa_pool and dom_sa_len members from struct domain. Pools of fixed-size objects are too rigid for sockaddr_dls, whose size can vary over a wide range.
Return sockaddr_dl to its "historical" size. Now that I'm using malloc(9) instead of pool(9) to allocate sockaddr_dl, I can create a sockaddr_dl of any size in the kernel, so expanding sockaddr_dl is useless.
Avoid using sizeof(struct sockaddr_dl) in the kernel.
Introduce sockaddr_dl_alloc() for allocating & initializing an arbitrary sockaddr_dl on the heap.
Add an argument, the sockaddr length, to sockaddr_alloc(), sockaddr_copy(), and sockaddr_dl_setaddr().
Constify: LLADDR() -> CLLADDR().
Where the kernel overwrites LLADDR(), use sockaddr_dl_setaddr(), instead. Used properly, sockaddr_dl_setaddr() will not overrun the end of the sockaddr.
|
Revision tags: matt-mips64-base nick-csl-alignment-base yamt-idlelwp-base8 mjf-ufs-trans-base
|
#
1.77 |
|
06-May-2007 |
dyoung |
branches: 1.77.2; 1.77.6; 1.77.8; In AppleTalk, IPv4, and IPv6 routing domains, help sockaddr_cmp() avoid an indirect function call by comparing the family, length, and bytes [dom->dom_sa_cmpofs, dom->dom_sa_cmpofs + dom->dom_sa_cmplen), corresponding to the the sockaddrs' "address" members.
For ISO, actually use sockaddr_iso_cmp, for a change. Thanks to yamt@ for pointing out my error.
|
#
1.76 |
|
02-May-2007 |
dyoung |
Eliminate address family-specific route caches (struct route, struct route_in6, struct route_iso), replacing all caches with a struct route.
The principle benefit of this change is that all of the protocol families can benefit from route cache-invalidation, which is necessary for correct routing. Route-cache invalidation fixes an ancient PR, kern/3508, at long last; it fixes various other PRs, also.
Discussions with and ideas from Joerg Sonnenberger influenced this work tremendously. Of course, all design oversights and bugs are mine.
DETAILS
1 I added to each address family a pool of sockaddrs. I have introduced routines for allocating, copying, and duplicating, and freeing sockaddrs:
struct sockaddr *sockaddr_alloc(sa_family_t af, int flags); struct sockaddr *sockaddr_copy(struct sockaddr *dst, const struct sockaddr *src); struct sockaddr *sockaddr_dup(const struct sockaddr *src, int flags); void sockaddr_free(struct sockaddr *sa);
sockaddr_alloc() returns either a sockaddr from the pool belonging to the specified family, or NULL if the pool is exhausted. The returned sockaddr has the right size for that family; sa_family and sa_len fields are initialized to the family and sockaddr length---e.g., sa_family = AF_INET and sa_len = sizeof(struct sockaddr_in). sockaddr_free() puts the given sockaddr back into its family's pool.
sockaddr_dup() and sockaddr_copy() work analogously to strdup() and strcpy(), respectively. sockaddr_copy() KASSERTs that the family of the destination and source sockaddrs are alike.
The 'flags' argumet for sockaddr_alloc() and sockaddr_dup() is passed directly to pool_get(9).
2 I added routines for initializing sockaddrs in each address family, sockaddr_in_init(), sockaddr_in6_init(), sockaddr_iso_init(), etc. They are fairly self-explanatory.
3 structs route_in6 and route_iso are no more. All protocol families use struct route. I have changed the route cache, 'struct route', so that it does not contain storage space for a sockaddr. Instead, struct route points to a sockaddr coming from the pool the sockaddr belongs to. I added a new method to struct route, rtcache_setdst(), for setting the cache destination:
int rtcache_setdst(struct route *, const struct sockaddr *);
rtcache_setdst() returns 0 on success, or ENOMEM if no memory is available to create the sockaddr storage.
It is now possible for rtcache_getdst() to return NULL if, say, rtcache_setdst() failed. I check the return value for NULL everywhere in the kernel.
4 Each routing domain (struct domain) has a list of live route caches, dom_rtcache. rtflushall(sa_family_t af) looks up the domain indicated by 'af', walks the domain's list of route caches and invalidates each one.
|
Revision tags: thorpej-atomic-base
|
#
1.75 |
|
07-Mar-2007 |
liamjfoy |
branches: 1.75.2; 1.75.4; Add IPv6 Fast Forward - the IPv4 counterpart:
If ip6_forward successfully forwards a packet, a cache, in this case a ip6flow struct entry, will be created. ether_input and friends will then be able to call ip6flow_fastforward with the packet which will then be passed to if_output (unless an issue is found - in that case the packet is passed back to ip6_input).
ok matt@ christos@ dyoung@ and joerg@
|
#
1.74 |
|
06-Mar-2007 |
liamjfoy |
Fix some style issues - no functional change
|
#
1.73 |
|
27-Feb-2007 |
degroote |
Initialize fast_ipsec entry in the protocol switch with structure initializers as other entries.
|
Revision tags: ad-audiomp-base
|
#
1.72 |
|
19-Feb-2007 |
dyoung |
Initialize protocol switch with structure initializers.
|
#
1.71 |
|
17-Feb-2007 |
dyoung |
0 -> NULL
|
#
1.70 |
|
10-Feb-2007 |
degroote |
branches: 1.70.2; Commit my SoC work Add ipv6 support for fast_ipsec Note that currently, packet with extensions headers are not correctly supported Change the ipcomp logic
|
Revision tags: post-newlock2-merge newlock2-nbase yamt-splraiseipl-base5 yamt-splraiseipl-base4 yamt-splraiseipl-base3 newlock2-base
|
#
1.69 |
|
09-Dec-2006 |
dyoung |
Here are various changes designed to protect against bad IPv4 routing caused by stale route caches (struct route). Route caches are sprinkled throughout PCBs, the IP fast-forwarding table, and IP tunnel interfaces (gre, gif, stf).
Stale IPv6 and ISO route caches will be treated by separate patches.
Thank you to Christoph Badura for suggesting the general approach to invalidating route caches that I take here.
Here are the details:
Add hooks to struct domain for tracking and for invalidating each domain's route caches: dom_rtcache, dom_rtflush, and dom_rtflushall.
Introduce helper subroutines, rtflush(ro) for invalidating a route cache, rtflushall(family) for invalidating all route caches in a routing domain, and rtcache(ro) for notifying the domain of a new cached route.
Chain together all IPv4 route caches where ro_rt != NULL. Provide in_rtcache() for adding a route to the chain. Provide in_rtflush() and in_rtflushall() for invalidating IPv4 route caches. In in_rtflush(), set ro_rt to NULL, and remove the route from the chain. In in_rtflushall(), walk the chain and remove every route cache.
In rtrequest1(), call rtflushall() to invalidate route caches when a route is added.
In gif(4), discard the workaround for stale caches that involves expiring them every so often.
Replace the pattern 'RTFREE(ro->ro_rt); ro->ro_rt = NULL;' with a call to rtflush(ro).
Update ipflow_fastforward() and all other users of route caches so that they expect a cached route, ro->ro_rt, to turn to NULL.
Take care when moving a 'struct route' to rtflush() the source and to rtcache() the destination.
In domain initializers, use .dom_xxx tags.
KNF here and there.
|
Revision tags: netbsd-4-base
|
#
1.68 |
|
23-Nov-2006 |
rpaulo |
branches: 1.68.2; 1.68.4; New EtherIP driver based on tap(4) and gif(4) by Hans Rosenfeld. Notable changes: * Fixes PR 34268. * Separates the code from gif(4) (which is more cleaner). * Allows the usage of STP (Spanning Tree Protocol). * Removed EtherIP implementation from gif(4)/tap(4).
Some input from Christos.
|
Revision tags: yamt-splraiseipl-base2
|
#
1.67 |
|
10-Oct-2006 |
dogcow |
change the MOWNER_INIT define to take two args; fix extant struct mowner decls to use it. Makes options MBUFTRACE compile again and not whinge about missing structure declarations. (Also makes initialization consistent.)
|
Revision tags: yamt-splraiseipl-base yamt-pdpolicy-base9 yamt-pdpolicy-base8 rpaulo-netinet-merge-pcb-base
|
#
1.66 |
|
30-Aug-2006 |
christos |
branches: 1.66.2; 1.66.4; add missing initializers
|
#
1.65 |
|
28-Aug-2006 |
christos |
remove extra members
|
#
1.64 |
|
25-Aug-2006 |
matt |
One step closer to loadable domains. Store pointers to a domain's soft interrupt queues so if_detach can remove packets to removed interfaces from them. This eliminates a lot of conditional ugly code in if.c
|
Revision tags: abandoned-netbsd-4-base yamt-pdpolicy-base7 yamt-pdpolicy-base6 chap-midi-nbase gdamore-uart-base yamt-pdpolicy-base5 chap-midi-base simonb-timecounters-base
|
#
1.63 |
|
18-May-2006 |
liamjfoy |
Integrate Common Address Redundancy Procotol (CARP) from OpenBSD
'pseudo-device carp'
Thanks to: joerg@ christos@ riz@ and others who tested Ok: core@
|
Revision tags: yamt-pdpolicy-base4 yamt-pdpolicy-base3 peter-altq-base yamt-pdpolicy-base2 elad-kernelauth-base
|
#
1.62 |
|
05-Mar-2006 |
rpaulo |
branches: 1.62.4; NDP-related improvements: RFC4191 - supports host-side router-preference
RFC3542 - if DAD fails on a interface, disables IPv6 operation on the interface - don't advertise MLD report before DAD finishes
Others - fixes integer overflow for valid and preferred lifetimes - improves timer granularity for MLD, using callout-timer. - reflects rtadvd's IPv6 host variable information into kernel (router only) - adds a sysctl option to enable/disable pMTUd for multicast packets - performs NUD on PPP/GRE interface by default - Redirect works regardless of ip6_accept_rtadv - removes RFC1885-related code
From the KAME project via SUZUKI Shinsuke. Reviewed by core.
|
Revision tags: yamt-pdpolicy-base yamt-uio_vmspace-base5
|
#
1.61 |
|
11-Dec-2005 |
christos |
branches: 1.61.4; 1.61.6; 1.61.8; merge ktrace-lwp.
|
Revision tags: yamt-readahead-base3 yamt-readahead-base2 yamt-readahead-pervnode yamt-readahead-perfile yamt-readahead-base yamt-vop-base3 yamt-vop-base2 thorpej-vnode-attr-base yamt-vop-base ktrace-lwp-base
|
#
1.60 |
|
19-Jul-2005 |
gdt |
Add PR_PURGEIF flag for protocols to indicate that the protocol might store a struct ifnet *, and define it for udp/tcp/rawip for INET and INET6. When deleting a struct ifnet, invoke PRU_PURGEIF on all protocols marked with PR_PURGEIF. Closes PR kern/29580 (mine).
|
#
1.59 |
|
29-May-2005 |
christos |
branches: 1.59.2; - avoid shadowed variables - sprinkle const.
|
Revision tags: yamt-km-base4 yamt-km-base3 netbsd-3-base yamt-km-base2 yamt-km-base kent-audio2-base
|
#
1.58 |
|
23-Jan-2005 |
matt |
branches: 1.58.6; Change initialzie of domains to use link sets. Switch to using STAILQ. Add a convenience macro DOMAIN_FOREACH to interate through the domain.
|
Revision tags: kent-audio1-beforemerge kent-audio1-base
|
#
1.57 |
|
22-Apr-2004 |
matt |
branches: 1.57.4; Constify protosw arrays. This can reduce the kernel .data section by over 4K (if all the network protocols) are loaded.
|
Revision tags: netbsd-2-0-3-RELEASE netbsd-2-1-RELEASE netbsd-2-1-RC6 netbsd-2-1-RC5 netbsd-2-1-RC4 netbsd-2-1-RC3 netbsd-2-1-RC2 netbsd-2-1-RC1 netbsd-2-0-2-RELEASE netbsd-2-0-1-RELEASE netbsd-2-base netbsd-2-0-RELEASE netbsd-2-0-RC5 netbsd-2-0-RC4 netbsd-2-0-RC3 netbsd-2-0-RC2 netbsd-2-0-RC1 netbsd-2-0-base
|
#
1.56 |
|
04-Dec-2003 |
atatat |
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(), vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all nodes are registered with the tree, and nodes can be added (or removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to number (and back again) can now be discovered, instead of having to be hard coded. Adding new nodes to the tree is likewise much simpler -- the new infrastructure handles almost all the work for simple types, and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking), so all existing consumers of sysctl information should notice no difference.
PS - I'm sorry, but there's a distinct lack of documentation at the moment. I'm working on sysctl(3/8/9) right now, and I promise to watch out for buses.
|
#
1.55 |
|
03-Nov-2003 |
briggs |
Revert the change in default value of ipv6_v6only. Further discussion on this topic is required. It should be reintroduced and pursued in the IETF.
|
#
1.54 |
|
28-Oct-2003 |
briggs |
Toggle the default value of ip6_v6only. Also provide a sample sysctl to retain the existing behavior.
|
#
1.53 |
|
06-Sep-2003 |
itojun |
randomize IPv4/v6 fragment ID and IPv6 flowlabel. avoids predictability of these fields. ip_id.c is from openbsd. ip6_id.c is adapted by kame.
|
#
1.52 |
|
05-Sep-2003 |
itojun |
call tcp_drain() if IPv4-less kernel
|
#
1.51 |
|
04-Sep-2003 |
itojun |
revamp inpcb/in6pcb so that they are more aligned with each other. in6pcb lookup now uses hash(9).
|
#
1.50 |
|
14-Aug-2003 |
itojun |
enforce ipsec policy on raw wildcard.
|
#
1.49 |
|
07-Aug-2003 |
agc |
Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22364, verified by myself.
|
#
1.48 |
|
07-Aug-2003 |
itojun |
make net.inet6.ip6.redirect actually work. from Tomoyuki Sahara via kame
|
#
1.47 |
|
17-Apr-2003 |
thorpej |
branches: 1.47.2; Protect the definition of offsetof().
|
Revision tags: nathanw_sa_before_merge fvdl_fs64_base gmcgarry_ctxsw_base gmcgarry_ucred_base nathanw_sa_base
|
#
1.46 |
|
11-Nov-2002 |
itojun |
pmtu_probe is not used anywhere (it is used in KAME TCP6-only code). From: Krister Walfridsson <cato@df.lth.se>
|
Revision tags: kqueue-aftermerge kqueue-beforemerge gehenna-devsw-base kqueue-base
|
#
1.45 |
|
20-Aug-2002 |
itojun |
sync up use_deprecated handling with latest kame. - bind(deprecated) is allowed, trusting userland app is doing the right thing - use_deprecated default to 1
|
#
1.44 |
|
17-Aug-2002 |
itojun |
set default value for use_deprecated to 0, to avoid consequences with ftpd.
|
#
1.43 |
|
09-Jun-2002 |
itojun |
whitespace cleanup
|
#
1.42 |
|
08-Jun-2002 |
itojun |
whitespace cleanup
|
#
1.41 |
|
29-May-2002 |
itojun |
move per-interface ip6/icmp6 stat to ifnet->if_afdata. sync w/kame
|
#
1.40 |
|
28-May-2002 |
itojun |
limit number of IPv6 fragments (not the fragment queue size) to fight against lots-of-frags DoS attacks. sync w/kame
|
Revision tags: netbsd-1-6-RC1 netbsd-1-6-base eeh-devprop-base
|
#
1.39 |
|
15-Mar-2002 |
itojun |
branches: 1.39.4; 1.39.6; have tcp6_drain
|
Revision tags: newlock-base ifpoll-base
|
#
1.38 |
|
21-Dec-2001 |
itojun |
call encap6_ctlinput on icmp6 against tunnelled packet. sync w/kame
|
#
1.37 |
|
21-Dec-2001 |
itojun |
use radix table for inbound tunnel lookup (would increase performance for machines with a lot of tunnels). update route cache for IPvX-over-IPv6 tunnel on path MTU discovery. snyc with kame
|
#
1.36 |
|
21-Dec-2001 |
itojun |
move in6_gif_hlim decl to in6_gif.c. sync with kame
|
#
1.35 |
|
21-Dec-2001 |
itojun |
move protosw fragment for gif/stf to their own source code. reduce #ifdef in stf code. sync with kame
|
#
1.34 |
|
13-Nov-2001 |
lukem |
add RCSIDs
|
Revision tags: thorpej-mips-cache-base
|
#
1.33 |
|
24-Oct-2001 |
itojun |
no tcp_fasttimo any more. PR 14333
|
#
1.32 |
|
24-Oct-2001 |
itojun |
more whitespace sync with kame
|
#
1.31 |
|
16-Oct-2001 |
itojun |
branches: 1.31.2; remove unused #define. sync whitespace/comment with kame.
|
#
1.30 |
|
15-Oct-2001 |
itojun |
implement IPV6_V6ONLY socket option from draft-ietf-ipngwg-rfc2553bis-03.txt. IPV6_BINDV6ONLY (netbsd only) is deprecated, but still work just like before.
|
Revision tags: thorpej-devvp-base3 thorpej-devvp-base2 post-chs-ubcperf pre-chs-ubcperf thorpej-devvp-base thorpej_scsipi_beforemerge thorpej_scsipi_nbase thorpej_scsipi_base
|
#
1.29 |
|
21-Mar-2001 |
thorpej |
branches: 1.29.2; Add a protosw flag, PR_ABRTACPTDIS (Abort on Accept of Disconnected Socket), and add it to the protocols that use that behavior (all PR_LISTEN protocols except for PF_LOCAL stream sockets).
|
#
1.28 |
|
01-Mar-2001 |
itojun |
branches: 1.28.2; make sure to enforce inbound ipsec policy checking, for any protocols on top of ip (check it when final header is visited). sync with kame. XXX kame team will need to re-check policy engine code
|
#
1.27 |
|
21-Feb-2001 |
itojun |
need PR_ADDR|PR_ATOMIC for IPPROTO_EON. fix typo. from chopps, sync with kame
|
#
1.26 |
|
20-Feb-2001 |
itojun |
ISO over IPv4/v6 by EON encapsulation. from chopps, sync with kame.
|
#
1.25 |
|
11-Feb-2001 |
itojun |
pull latest kame pcbnotify code. synchronizes ICMPv6 path mtu discovery behavior with other protocols (i.e. validation, use of hiwat/lowat).
|
#
1.24 |
|
11-Feb-2001 |
itojun |
whitespace sync with kame
|
#
1.23 |
|
19-Oct-2000 |
itojun |
remove #ifdef TCP6. it is not likely for us to bring in sys/netinet6/tcp6*.c (separate TCP/IPv6 stack) into netbsd-current.
|
#
1.22 |
|
18-Oct-2000 |
itojun |
verify ICMPv6 too big messages based on TCP pcbs, and/or IPsec SA. TODO: udp6, and sendto consideration. as pmtud is mandatory for IPv6, it is rather important for us to support those cases. TODO: more testing TODO: kame sync
|
#
1.21 |
|
10-Oct-2000 |
itojun |
sync with kame ($KAME$)
|
#
1.20 |
|
10-Oct-2000 |
enami |
Don't initialize TCP twice on v4/v6 dual stack kernel.
|
#
1.19 |
|
28-Jul-2000 |
itojun |
nuke the following sysctl variables. "ppsratelimit" should work better. need to recompile sbin/sysctl after updating /usr/include. net.inet.tcp.rstratelimit net.inet.icmp.errratelimit net.inet6.icmp6.errratelimit
|
#
1.18 |
|
06-Jul-2000 |
itojun |
- do not use bitfield for router renumbering header. - add protection mechanism against ND cache corruption due to bad NUD hints. - more stats - icmp6 pps limitation. TOOD: should implement ppsratecheck(9).
|
Revision tags: netbsd-1-5-ALPHA2 netbsd-1-5-base minoura-xpg4dl-base
|
#
1.17 |
|
19-Apr-2000 |
itojun |
branches: 1.17.4; introduce sys/netinet/ip_encap.c, to dispatch inbound packets to protocol handlers, based on src/dst (for ip proto #4/41). see comment in ip_encap.c for details of the problem we have. there are too many protocol specs for ip proto #4/41. backward compatibility with MROUTING case is now provided in ip_encap.c.
fix ipip to work with gif (using ip_encap.c). sorry for breakage.
gif now uses ip_encap.c.
introduce stf pseudo interface (implements 6to4, another IPv6-over-IPv4 code with ip proto #41).
|
#
1.16 |
|
26-Feb-2000 |
itojun |
implement rip6_ctlinput, to cope with routing changes correctly. (IMHO we need rip_ctlinput as well)
|
#
1.15 |
|
26-Feb-2000 |
itojun |
make it possible to throw IPv6 packet with proto=4/41. (in normal case we don't do it, but this is how IPv4 in_proto is written)
|
#
1.14 |
|
14-Feb-2000 |
thorpej |
Use ratecheck() for ICMP6 rate limiting.
|
Revision tags: chs-ubc2-newbase
|
#
1.13 |
|
06-Feb-2000 |
itojun |
fix include pathname for better rfc2292 compliance.
|
#
1.12 |
|
06-Jan-2000 |
itojun |
remove extra portability #ifdef (like #ifdef __FreeBSD__) in KAME IPv6/IPsec code, from netbsd-current repository. #ifdef'ed version is always available from ftp.kame.net.
XXX please do not make too many diff-unfriendly changes, we'll need to take bunch of diffs on upgrade...
|
#
1.11 |
|
06-Jan-2000 |
itojun |
make IPV6_BINDV6ONLY setsockopt available. it controls behavior of AF_INET6 wildcard listening socket. heavily documented in ip6(4). net.inet6.ip6.bindv6only defines default value. default is 1.
"options INET6_BINDV6ONLY" removes any code fragment that supports IPV6_BINDV6ONLY == 0 case (not defopt'ed as use of this is rare).
|
#
1.10 |
|
02-Jan-2000 |
itojun |
add net.inet6.icmp6.nodeinfo sysctl. this allows you to disable/enable ICMPv6 node information query/reply processing (which tells remote end the gethostname(3) setting, interface addresses on the node, and some other things - documented in draft-ietf-ipngwg-icmp-name-lookup* or something alike).
to test it, try ping6 -w ::1 with nodeinfo=0 and nodeinfo=1. (sync with kame change)
|
Revision tags: wrstuden-devbsize-19991221 wrstuden-devbsize-base
|
#
1.9 |
|
13-Dec-1999 |
itojun |
sync IPv6 part with latest KAME tree. IPsec part is left unmodified due to massive changes in KAME side. - IPv6 output goes through nd6_output - faith can capture IPv4 packets as well - you can run IPv4-to-IPv6 translator using heavily modified DNS servers - per-interface statistics (required for IPv6 MIB) - interface autoconfig is revisited - udp input handling has a big change for mapped address support. - introduce in4_cksum() for non-overwriting checksumming - introduce m_pulldown() - neighbor discovery cleanups/improvements - netinet/in.h strictly conforms to RFC2553 (no extra defs visible to userland) - IFA_STATS is fixed a bit (not tested) - and more more more.
TODO: - cleanup os-independency #ifdef - avoid rcvif dual use (for IPsec) to help ifdetach
(sorry for jumbo commit, I can't separate this any more...)
|
Revision tags: comdex-fall-1999-base fvdl-softdep-base chs-ubc2-base
|
#
1.8 |
|
31-Jul-1999 |
itojun |
branches: 1.8.2; 1.8.8; sync with recent KAME. - loosen ipsec restriction on packet diredtion. - revise icmp6 redirect handling on IsRouter bit. - tcp/udp notification processing (link-local address case) - cosmetic fixes (better code share across *BSD).
|
#
1.7 |
|
30-Jul-1999 |
itojun |
remove reference to in6_systm.h (file itself will be removed afterwords)
|
#
1.6 |
|
27-Jul-1999 |
explorer |
Fix a problem where tcp_slowtimo was called twice, once for ipv4 tcp and once for ipv6. This patch makes the ipv6 case pass NULLs in for fast and slow timeouts iff defined(INET) and passes in the right function if !defined(INET).
Reveiwed by itojun@iijlab.net.
|
#
1.5 |
|
22-Jul-1999 |
itojun |
change unnecessary u_long/long into u_int32_t or something relevant. more fixes should follow.
|
#
1.4 |
|
09-Jul-1999 |
thorpej |
defopt IPSEC and IPSEC_ESP (both into opt_ipsec.h).
|
#
1.3 |
|
03-Jul-1999 |
thorpej |
RCS ID police.
|
#
1.2 |
|
01-Jul-1999 |
itojun |
branches: 1.2.2; IPv6 kernel code, based on KAME/NetBSD 1.4, SNAP kit 19990628. (Sorry for a big commit, I can't separate this into several pieces...) Pls check sys/netinet6/TODO and sys/netinet6/IMPLEMENTATION for details.
- sys/kern: do not assume single mbuf, accept chained mbuf on passing data from userland to kernel (or other way round). - "midway" ATM card: ATM PVC pseudo device support, like those done in ALTQ package (ftp://ftp.csl.sony.co.jp/pub/kjc/). - sys/netinet/tcp*: IPv4/v6 dual stack tcp support. - sys/netinet/{ip6,icmp6}.h, sys/net/pfkeyv2.h: IETF document assumes those file to be there so we patch it up. - sys/netinet: IPsec additions are here and there. - sys/netinet6/*: most of IPv6 code sits here. - sys/netkey: IPsec key management code - dev/pci/pcidevs: regen
In my understanding no code here is subject to export control so it should be safe.
|
#
1.1 |
|
28-Jun-1999 |
itojun |
branches: 1.1.2; file in6_proto.c was initially added on branch kame.
|
#
1.116 |
|
16-Feb-2017 |
knakahara |
add l2tp(4) L2TPv3 interface.
originally implemented by IIJ SEIL team.
|
#
1.115 |
|
13-Feb-2017 |
ozaki-r |
Protect mtudisc and redirect stuffs of icmp/icmp6 with mutex
We have to run pr_init of icmp and icmp6 prior to tcp and tcp6 ones for mutex initialization.
|
Revision tags: nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107
|
#
1.114 |
|
13-Dec-2016 |
ozaki-r |
Remove unnecessary inclusions of nd6.h
|
Revision tags: nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907
|
#
1.113 |
|
06-Jul-2016 |
ozaki-r |
branches: 1.113.2; Move in6_ifaddr_list to a more proper place (from ip6_input.c to in6.c)
It's a similar place as the IPv4 address list, i.e., in.c.
More varibles will join together.
|
Revision tags: nick-nhusb-base-20160529
|
#
1.112 |
|
26-Apr-2016 |
ozaki-r |
Sweep unnecessary route.h inclusions
|
Revision tags: nick-nhusb-base-20160422
|
#
1.111 |
|
11-Apr-2016 |
ozaki-r |
Sweep unncessary radix.h inclusions
|
Revision tags: nick-nhusb-base-20160319
|
#
1.110 |
|
21-Jan-2016 |
riastradh |
Revert previous: ran cvs commit when I meant cvs diff. Sorry!
Hit up-arrow one too few times.
|
#
1.109 |
|
21-Jan-2016 |
riastradh |
Give proper prototype to ip_output.
|
#
1.108 |
|
20-Jan-2016 |
riastradh |
Eliminate struct protosw::pr_output.
You can't use this unless you know what it is a priori: the formal prototype is variadic, and the different instances (e.g., ip_output, route_output) have different real prototypes.
Convert the only user of it, raw_send in net/raw_cb.c, to take an explicit callback argument. Convert the only instances of it, route_output and key_output, to such explicit callbacks for raw_send. Use assertions to make sure the conversion to explicit callbacks is warranted.
Discussed on tech-net with no objections: https://mail-index.netbsd.org/tech-net/2016/01/16/msg005484.html
|
Revision tags: nick-nhusb-base-20151226
|
#
1.107 |
|
13-Oct-2015 |
rjs |
Add core networking support for SCTP.
|
Revision tags: nick-nhusb-base-20150921
|
#
1.106 |
|
24-Aug-2015 |
pooka |
sprinkle _KERNEL_OPT
|
Revision tags: nick-nhusb-base-20150606
|
#
1.105 |
|
22-Apr-2015 |
roy |
Move INET6 specific in6_if_{up,down}() and in6_if_link_{up,down}() into agnostic domain functions.
|
Revision tags: nick-nhusb-base-20150406
|
#
1.104 |
|
10-Feb-2015 |
rjs |
Add DCCP protocol support from KAME.
|
Revision tags: netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.103 |
|
05-Jun-2014 |
rmind |
branches: 1.103.4; - Implement pktqueue interface for lockless IP input queue. - Replace ipintrq and ip6intrq with the pktqueue mechanism. - Eliminate kernel-lock from ipintr() and ip6intr(). - Some preparation work to push softnet_lock out of ipintr().
Discussed on tech-net.
|
#
1.102 |
|
22-May-2014 |
rmind |
Move udp6_input(), udp6_sendup(), udp6_realinput() and udp6_input_checksum() from udp_usrreq.c to udp6_usrreq.c where they belong. No functional change.
|
Revision tags: rmind-smpnet-nbase rmind-smpnet-base
|
#
1.101 |
|
18-May-2014 |
rmind |
Add struct pr_usrreqs with a pr_generic function and prepare for the dismantling of pr_usrreq in the protocols; no functional change intended. PRU_ATTACH/PRU_DETACH changes will follow soon.
Bump for struct protosw. Welcome to 6.99.62!
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3
|
#
1.100 |
|
02-Jan-2014 |
pooka |
branches: 1.100.2; Allow kernels compiled with INET+INET6 to be booted as IPv4-only or IPv6-only.
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base
|
#
1.99 |
|
05-Jun-2013 |
christos |
branches: 1.99.2; IPSEC has not come in two speeds for a long time now (IPSEC == kame, FAST_IPSEC). Make everything refer to IPSEC to avoid confusion.
|
Revision tags: agc-symver-base
|
#
1.98 |
|
01-Mar-2013 |
joerg |
Retire OSI network stack. OK core@
|
Revision tags: yamt-pagecache-base8 yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.97 |
|
23-Jun-2012 |
christos |
branches: 1.97.2; 4 new sysctls to avoid ipv6 DoS attacks from OpenBSD
|
Revision tags: jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8
|
#
1.96 |
|
22-Mar-2012 |
drochner |
remove KAME IPSEC, replaced by FAST_IPSEC
|
Revision tags: netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 jmcneill-usbmp-base7 jmcneill-usbmp-base6 jmcneill-usbmp-base5 jmcneill-usbmp-base4 jmcneill-usbmp-base3 jmcneill-usbmp-base2 netbsd-6-base
|
#
1.95 |
|
31-Dec-2011 |
christos |
branches: 1.95.2; 1.95.6; 1.95.8; - fix offsetof usage, and redundant defines - kill pointer casts to 0
|
#
1.94 |
|
19-Dec-2011 |
drochner |
rename the IPSEC in-kernel CPP variable and config(8) option to KAME_IPSEC, and make IPSEC define it so that existing kernel config files work as before Now the default can be easily be changed to FAST_IPSEC just by setting the IPSEC alias to FAST_IPSEC.
|
Revision tags: jmcneill-usbmp-pre-base2 jmcneill-usbmp-base jmcneill-audiomp3-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base
|
#
1.93 |
|
24-Sep-2011 |
christos |
branches: 1.93.2; 1.93.6; Add inet6 part of the rfc6056 code contributed by Vlad Balan as part of Google SoC-2011
|
Revision tags: rmind-uvmplock-nbase cherry-xenmp-base rmind-uvmplock-base
|
#
1.92 |
|
24-May-2011 |
spz |
RA flood mitigation via a limit on accepted routes: - introduce a limit for the routes accepted via IPv6 Router Advertisement: a common 2 interface client will have 6, the default limit is 100 and can be adjusted via sysctl - report the current number of routes installed via RA via sysctl - count discarded route additions. Note that one RA message is two routes. This is at present only across all interfaces even though per-interface would be more useful, since the per-interface structure complies to RFC2466 - bump kernel version due to the previous change - adjust netstat to use the new value (with netstat -p icmp6)
|
#
1.91 |
|
03-May-2011 |
dyoung |
*_drain() routines may be called with locks held, so instead of doing any work in *_drain(), set a drain-needed flag. Do the work in the fasttimo handler.
Contributed by Coyote Point Systems, Inc.
|
#
1.90 |
|
31-Mar-2011 |
dyoung |
Hide the radix-trie implementation of the forwarding table so that we will have an easier time replacing it with something different, even if it is a second radix-trie implementation.
sys/net/route.c and sys/net/rtsock.c no longer operate directly on radix_nodes or radix_node_heads.
Hopefully this will reduce the temptation to implement multipath or source-based routing using grotty hacks to the grotty old radix-trie code, too. :-)
|
Revision tags: bouyer-quota2-nbase bouyer-quota2-base jruoho-x86intr-base matt-mips64-premerge-20101231 uebayasi-xip-base4 uebayasi-xip-base3 yamt-nfs-mp-base11
|
#
1.89 |
|
24-Aug-2010 |
jakllsch |
branches: 1.89.2; Make the EtherIP in IPv6 input path work. XXX: Figure out if we really need a separate protosw for IPv6.
|
Revision tags: uebayasi-xip-base2 yamt-nfs-mp-base10 uebayasi-xip-base1 yamt-nfs-mp-base9 uebayasi-xip-base
|
#
1.88 |
|
04-Feb-2010 |
joerg |
branches: 1.88.2; 1.88.4; Explicitly include opt_gateway.h when depending on GATEWAY.
|
Revision tags: matt-premerge-20091211 yamt-nfs-mp-base8 jym-xensuspend-nbase
|
#
1.87 |
|
11-Sep-2009 |
dyoung |
Make ifconfig(8) set and display preference numbers for IPv6 addresses. Make the kernel support SIOC[SG]IFADDRPREF for IPv6 interface addresses.
In in6ifa_ifpforlinklocal(), consult preference numbers before making an otherwise arbitrary choice of in6_ifaddr. Otherwise, preference numbers are *not* consulted by the kernel, but that will be rather easy for somebody with a little bit of free time to fix.
Please note that setting the preference number for a link-local IPv6 address does not work right, yet, but that ought to be fixed soon.
In support of the changes above,
1 Add a method to struct domain for "externalizing" a sockaddr, and provide an implementation for IPv6. Expect more work in this area: it may be more proper to say that the IPv6 implementation "internalizes" a sockaddr. Add sockaddr_externalize().
2 Add a subroutine, sofamily(), that returns a struct socket's address family or AF_UNSPEC.
3 Make a lot of IPv4-specific code generic, and move it from sys/netinet/ to sys/net/ for re-use by IPv6 parts of the kernel and ifconfig(8).
|
#
1.86 |
|
11-Sep-2009 |
dyoung |
Nothing uses sockaddr_in6_cmp() right now, and the generic sockaddr_cmp() is probably as fast or faster than calling sockaddr_in6_cmp() through a function pointer, so let's stop compiling it.
|
#
1.85 |
|
21-Aug-2009 |
tsutsui |
Fix error on kernels with options IPSEC without options IPSEC_ESP. Found on building evbppc/conf/PMPPC.
|
Revision tags: yamt-nfs-mp-base7 jymxensuspend-base yamt-nfs-mp-base6 yamt-nfs-mp-base5 yamt-nfs-mp-base4 yamt-nfs-mp-base3 nick-hppapmap-base4 nick-hppapmap-base3 jym-xensuspend-base nick-hppapmap-base
|
#
1.84 |
|
23-Mar-2009 |
liamjfoy |
Init ip6flow pool dynamically instead of using a linkset.
|
Revision tags: nick-hppapmap-base2 haad-dm-base2 haad-nbase2 ad-audiomp2-base haad-dm-base mjf-devfs2-base
|
#
1.83 |
|
25-Nov-2008 |
pooka |
branches: 1.83.4; Make dom_maxrtkey of inet/inet6domain the size of the ip_encap pack structures. This is far from optimal, but gets rid of iffy #ifdef INET in radix.c. The radix bonsai still needs lots of love before loading domains dynamically is possible...
|
Revision tags: netbsd-5-1-5-RELEASE netbsd-5-1-4-RELEASE netbsd-5-1-3-RELEASE netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE matt-nb5-mips64-premerge-20101231 netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 netbsd-5-base matt-mips64-base2 haad-dm-base1 wrstuden-revivesa-base-4 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 wrstuden-revivesa-base-1 simonb-wapbl-nbase yamt-pf42-base4 simonb-wapbl-base yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-base2 yamt-nfs-mp-base2 wrstuden-revivesa-base yamt-nfs-mp-base
|
#
1.82 |
|
24-Apr-2008 |
ad |
branches: 1.82.2; 1.82.8; 1.82.10; 1.82.12; Merge the socket locking patch:
- Socket layer becomes MP safe. - Unix protocols become MP safe. - Allows protocol processing interrupts to safely block on locks. - Fixes a number of race conditions.
With much feedback from matt@ and plunky@.
|
#
1.81 |
|
23-Apr-2008 |
thorpej |
Make IPSEC and FAST_IPSEC stats per-cpu. Use <net/net_stats.h> and netstat_sysctl().
|
Revision tags: yamt-pf42-baseX yamt-pf42-base
|
#
1.80 |
|
15-Apr-2008 |
thorpej |
branches: 1.80.2; Make pim6 stats per-cpu.
|
Revision tags: ad-socklock-base1 yamt-lazymbuf-base15 yamt-lazymbuf-base14 keiichi-mipv6-nbase nick-net80211-sync-base keiichi-mipv6-base bouyer-xeni386-merge1 vmlocking2-base3 bouyer-xeni386-nbase yamt-kmem-base3 cube-autoconf-base yamt-kmem-base2 bouyer-xeni386-base yamt-kmem-base vmlocking2-base2 reinoud-bufcleanup-nbase vmlocking2-base1 matt-armv6-nbase jmcneill-base mjf-devfs-base bouyer-xenamd64-base2 vmlocking-nbase yamt-x86pmap-base4 bouyer-xenamd64-base yamt-x86pmap-base3 yamt-x86pmap-base2 yamt-x86pmap-base matt-armv6-base jmcneill-pm-base hpcarm-cleanup-base reinoud-bufcleanup-base vmlocking-base
|
#
1.79 |
|
19-Sep-2007 |
dyoung |
branches: 1.79.16; 1.79.20; 1) Introduce a new socket option, (SOL_SOCKET, SO_NOHEADER), that tells a socket that it should both add a protocol header to tx'd datagrams and remove the header from rx'd datagrams:
int onoff = 1, s = socket(...); setsockopt(s, SOL_SOCKET, SO_NOHEADER, &onoff);
2) Add an implementation of (SOL_SOCKET, SO_NOHEADER) for raw IPv4 sockets.
3) Reorganize the protocols' pr_ctloutput implementations a bit. Consistently return ENOPROTOOPT when an option is unsupported, and EINVAL if a supported option's arguments are incorrect. Reorganize the flow of code so that it's more clear how/when options are passed down the stack until they are handled.
Shorten some pr_ctloutput staircases for readability.
4) Extract common mbuf code into subroutines, add new sockaddr methods, and introduce a new subroutine, fsocreate(), for reuse later; use it first in sys_socket():
struct mbuf *m_getsombuf(struct socket *so)
Create an mbuf and make its owner the socket `so'.
struct mbuf *m_intopt(struct socket *so, int val)
Create an mbuf, make its owner the socket `so', put the int `val' into it, and set its length to sizeof(int).
int fsocreate(..., int *fd)
Create a socket, a la socreate(9), put the socket into the given LWP's descriptor table, return the descriptor at `fd' on success.
void *sockaddr_addr(struct sockaddr *sa, socklen_t *slenp) const void *sockaddr_const_addr(const struct sockaddr *sa, socklen_t *slenp)
Extract a pointer to the address part of a sockaddr. Write the length of the address part at `slenp', if `slenp' is not NULL.
socklen_t sockaddr_getlen(const struct sockaddr *sa)
Return the length of a sockaddr. This just evaluates to sa->sa_len. I only add this for consistency with code that appears in a portable userland library that I am going to import.
const struct sockaddr *sockaddr_any(const struct sockaddr *sa)
Return the "don't care" sockaddr in the same family as `sa'. This is the address a client should sobind(9) if it does not care the source address and, if applicable, the port et cetera that it uses.
const void *sockaddr_anyaddr(const struct sockaddr *sa, socklen_t *slenp)
Return the "don't care" sockaddr in the same family as `sa'. This is the address a client should sobind(9) if it does not care the source address and, if applicable, the port et cetera that it uses.
|
Revision tags: nick-csl-alignment-base5
|
#
1.78 |
|
30-Aug-2007 |
dyoung |
Use malloc(9) for sockaddrs instead of pool(9), and remove dom_sa_pool and dom_sa_len members from struct domain. Pools of fixed-size objects are too rigid for sockaddr_dls, whose size can vary over a wide range.
Return sockaddr_dl to its "historical" size. Now that I'm using malloc(9) instead of pool(9) to allocate sockaddr_dl, I can create a sockaddr_dl of any size in the kernel, so expanding sockaddr_dl is useless.
Avoid using sizeof(struct sockaddr_dl) in the kernel.
Introduce sockaddr_dl_alloc() for allocating & initializing an arbitrary sockaddr_dl on the heap.
Add an argument, the sockaddr length, to sockaddr_alloc(), sockaddr_copy(), and sockaddr_dl_setaddr().
Constify: LLADDR() -> CLLADDR().
Where the kernel overwrites LLADDR(), use sockaddr_dl_setaddr(), instead. Used properly, sockaddr_dl_setaddr() will not overrun the end of the sockaddr.
|
Revision tags: matt-mips64-base nick-csl-alignment-base yamt-idlelwp-base8 mjf-ufs-trans-base
|
#
1.77 |
|
06-May-2007 |
dyoung |
branches: 1.77.2; 1.77.6; 1.77.8; In AppleTalk, IPv4, and IPv6 routing domains, help sockaddr_cmp() avoid an indirect function call by comparing the family, length, and bytes [dom->dom_sa_cmpofs, dom->dom_sa_cmpofs + dom->dom_sa_cmplen), corresponding to the the sockaddrs' "address" members.
For ISO, actually use sockaddr_iso_cmp, for a change. Thanks to yamt@ for pointing out my error.
|
#
1.76 |
|
02-May-2007 |
dyoung |
Eliminate address family-specific route caches (struct route, struct route_in6, struct route_iso), replacing all caches with a struct route.
The principle benefit of this change is that all of the protocol families can benefit from route cache-invalidation, which is necessary for correct routing. Route-cache invalidation fixes an ancient PR, kern/3508, at long last; it fixes various other PRs, also.
Discussions with and ideas from Joerg Sonnenberger influenced this work tremendously. Of course, all design oversights and bugs are mine.
DETAILS
1 I added to each address family a pool of sockaddrs. I have introduced routines for allocating, copying, and duplicating, and freeing sockaddrs:
struct sockaddr *sockaddr_alloc(sa_family_t af, int flags); struct sockaddr *sockaddr_copy(struct sockaddr *dst, const struct sockaddr *src); struct sockaddr *sockaddr_dup(const struct sockaddr *src, int flags); void sockaddr_free(struct sockaddr *sa);
sockaddr_alloc() returns either a sockaddr from the pool belonging to the specified family, or NULL if the pool is exhausted. The returned sockaddr has the right size for that family; sa_family and sa_len fields are initialized to the family and sockaddr length---e.g., sa_family = AF_INET and sa_len = sizeof(struct sockaddr_in). sockaddr_free() puts the given sockaddr back into its family's pool.
sockaddr_dup() and sockaddr_copy() work analogously to strdup() and strcpy(), respectively. sockaddr_copy() KASSERTs that the family of the destination and source sockaddrs are alike.
The 'flags' argumet for sockaddr_alloc() and sockaddr_dup() is passed directly to pool_get(9).
2 I added routines for initializing sockaddrs in each address family, sockaddr_in_init(), sockaddr_in6_init(), sockaddr_iso_init(), etc. They are fairly self-explanatory.
3 structs route_in6 and route_iso are no more. All protocol families use struct route. I have changed the route cache, 'struct route', so that it does not contain storage space for a sockaddr. Instead, struct route points to a sockaddr coming from the pool the sockaddr belongs to. I added a new method to struct route, rtcache_setdst(), for setting the cache destination:
int rtcache_setdst(struct route *, const struct sockaddr *);
rtcache_setdst() returns 0 on success, or ENOMEM if no memory is available to create the sockaddr storage.
It is now possible for rtcache_getdst() to return NULL if, say, rtcache_setdst() failed. I check the return value for NULL everywhere in the kernel.
4 Each routing domain (struct domain) has a list of live route caches, dom_rtcache. rtflushall(sa_family_t af) looks up the domain indicated by 'af', walks the domain's list of route caches and invalidates each one.
|
Revision tags: thorpej-atomic-base
|
#
1.75 |
|
07-Mar-2007 |
liamjfoy |
branches: 1.75.2; 1.75.4; Add IPv6 Fast Forward - the IPv4 counterpart:
If ip6_forward successfully forwards a packet, a cache, in this case a ip6flow struct entry, will be created. ether_input and friends will then be able to call ip6flow_fastforward with the packet which will then be passed to if_output (unless an issue is found - in that case the packet is passed back to ip6_input).
ok matt@ christos@ dyoung@ and joerg@
|
#
1.74 |
|
06-Mar-2007 |
liamjfoy |
Fix some style issues - no functional change
|
#
1.73 |
|
27-Feb-2007 |
degroote |
Initialize fast_ipsec entry in the protocol switch with structure initializers as other entries.
|
Revision tags: ad-audiomp-base
|
#
1.72 |
|
19-Feb-2007 |
dyoung |
Initialize protocol switch with structure initializers.
|
#
1.71 |
|
17-Feb-2007 |
dyoung |
0 -> NULL
|
#
1.70 |
|
10-Feb-2007 |
degroote |
branches: 1.70.2; Commit my SoC work Add ipv6 support for fast_ipsec Note that currently, packet with extensions headers are not correctly supported Change the ipcomp logic
|
Revision tags: post-newlock2-merge newlock2-nbase yamt-splraiseipl-base5 yamt-splraiseipl-base4 yamt-splraiseipl-base3 newlock2-base
|
#
1.69 |
|
09-Dec-2006 |
dyoung |
Here are various changes designed to protect against bad IPv4 routing caused by stale route caches (struct route). Route caches are sprinkled throughout PCBs, the IP fast-forwarding table, and IP tunnel interfaces (gre, gif, stf).
Stale IPv6 and ISO route caches will be treated by separate patches.
Thank you to Christoph Badura for suggesting the general approach to invalidating route caches that I take here.
Here are the details:
Add hooks to struct domain for tracking and for invalidating each domain's route caches: dom_rtcache, dom_rtflush, and dom_rtflushall.
Introduce helper subroutines, rtflush(ro) for invalidating a route cache, rtflushall(family) for invalidating all route caches in a routing domain, and rtcache(ro) for notifying the domain of a new cached route.
Chain together all IPv4 route caches where ro_rt != NULL. Provide in_rtcache() for adding a route to the chain. Provide in_rtflush() and in_rtflushall() for invalidating IPv4 route caches. In in_rtflush(), set ro_rt to NULL, and remove the route from the chain. In in_rtflushall(), walk the chain and remove every route cache.
In rtrequest1(), call rtflushall() to invalidate route caches when a route is added.
In gif(4), discard the workaround for stale caches that involves expiring them every so often.
Replace the pattern 'RTFREE(ro->ro_rt); ro->ro_rt = NULL;' with a call to rtflush(ro).
Update ipflow_fastforward() and all other users of route caches so that they expect a cached route, ro->ro_rt, to turn to NULL.
Take care when moving a 'struct route' to rtflush() the source and to rtcache() the destination.
In domain initializers, use .dom_xxx tags.
KNF here and there.
|
Revision tags: netbsd-4-base
|
#
1.68 |
|
23-Nov-2006 |
rpaulo |
branches: 1.68.2; 1.68.4; New EtherIP driver based on tap(4) and gif(4) by Hans Rosenfeld. Notable changes: * Fixes PR 34268. * Separates the code from gif(4) (which is more cleaner). * Allows the usage of STP (Spanning Tree Protocol). * Removed EtherIP implementation from gif(4)/tap(4).
Some input from Christos.
|
Revision tags: yamt-splraiseipl-base2
|
#
1.67 |
|
10-Oct-2006 |
dogcow |
change the MOWNER_INIT define to take two args; fix extant struct mowner decls to use it. Makes options MBUFTRACE compile again and not whinge about missing structure declarations. (Also makes initialization consistent.)
|
Revision tags: yamt-splraiseipl-base yamt-pdpolicy-base9 yamt-pdpolicy-base8 rpaulo-netinet-merge-pcb-base
|
#
1.66 |
|
30-Aug-2006 |
christos |
branches: 1.66.2; 1.66.4; add missing initializers
|
#
1.65 |
|
28-Aug-2006 |
christos |
remove extra members
|
#
1.64 |
|
25-Aug-2006 |
matt |
One step closer to loadable domains. Store pointers to a domain's soft interrupt queues so if_detach can remove packets to removed interfaces from them. This eliminates a lot of conditional ugly code in if.c
|
Revision tags: abandoned-netbsd-4-base yamt-pdpolicy-base7 yamt-pdpolicy-base6 chap-midi-nbase gdamore-uart-base yamt-pdpolicy-base5 chap-midi-base simonb-timecounters-base
|
#
1.63 |
|
18-May-2006 |
liamjfoy |
Integrate Common Address Redundancy Procotol (CARP) from OpenBSD
'pseudo-device carp'
Thanks to: joerg@ christos@ riz@ and others who tested Ok: core@
|
Revision tags: yamt-pdpolicy-base4 yamt-pdpolicy-base3 peter-altq-base yamt-pdpolicy-base2 elad-kernelauth-base
|
#
1.62 |
|
05-Mar-2006 |
rpaulo |
branches: 1.62.4; NDP-related improvements: RFC4191 - supports host-side router-preference
RFC3542 - if DAD fails on a interface, disables IPv6 operation on the interface - don't advertise MLD report before DAD finishes
Others - fixes integer overflow for valid and preferred lifetimes - improves timer granularity for MLD, using callout-timer. - reflects rtadvd's IPv6 host variable information into kernel (router only) - adds a sysctl option to enable/disable pMTUd for multicast packets - performs NUD on PPP/GRE interface by default - Redirect works regardless of ip6_accept_rtadv - removes RFC1885-related code
From the KAME project via SUZUKI Shinsuke. Reviewed by core.
|
Revision tags: yamt-pdpolicy-base yamt-uio_vmspace-base5
|
#
1.61 |
|
11-Dec-2005 |
christos |
branches: 1.61.4; 1.61.6; 1.61.8; merge ktrace-lwp.
|
Revision tags: yamt-readahead-base3 yamt-readahead-base2 yamt-readahead-pervnode yamt-readahead-perfile yamt-readahead-base yamt-vop-base3 yamt-vop-base2 thorpej-vnode-attr-base yamt-vop-base ktrace-lwp-base
|
#
1.60 |
|
19-Jul-2005 |
gdt |
Add PR_PURGEIF flag for protocols to indicate that the protocol might store a struct ifnet *, and define it for udp/tcp/rawip for INET and INET6. When deleting a struct ifnet, invoke PRU_PURGEIF on all protocols marked with PR_PURGEIF. Closes PR kern/29580 (mine).
|
#
1.59 |
|
29-May-2005 |
christos |
branches: 1.59.2; - avoid shadowed variables - sprinkle const.
|
Revision tags: yamt-km-base4 yamt-km-base3 netbsd-3-base yamt-km-base2 yamt-km-base kent-audio2-base
|
#
1.58 |
|
23-Jan-2005 |
matt |
branches: 1.58.6; Change initialzie of domains to use link sets. Switch to using STAILQ. Add a convenience macro DOMAIN_FOREACH to interate through the domain.
|
Revision tags: kent-audio1-beforemerge kent-audio1-base
|
#
1.57 |
|
22-Apr-2004 |
matt |
branches: 1.57.4; Constify protosw arrays. This can reduce the kernel .data section by over 4K (if all the network protocols) are loaded.
|
Revision tags: netbsd-2-0-3-RELEASE netbsd-2-1-RELEASE netbsd-2-1-RC6 netbsd-2-1-RC5 netbsd-2-1-RC4 netbsd-2-1-RC3 netbsd-2-1-RC2 netbsd-2-1-RC1 netbsd-2-0-2-RELEASE netbsd-2-0-1-RELEASE netbsd-2-base netbsd-2-0-RELEASE netbsd-2-0-RC5 netbsd-2-0-RC4 netbsd-2-0-RC3 netbsd-2-0-RC2 netbsd-2-0-RC1 netbsd-2-0-base
|
#
1.56 |
|
04-Dec-2003 |
atatat |
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(), vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all nodes are registered with the tree, and nodes can be added (or removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to number (and back again) can now be discovered, instead of having to be hard coded. Adding new nodes to the tree is likewise much simpler -- the new infrastructure handles almost all the work for simple types, and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking), so all existing consumers of sysctl information should notice no difference.
PS - I'm sorry, but there's a distinct lack of documentation at the moment. I'm working on sysctl(3/8/9) right now, and I promise to watch out for buses.
|
#
1.55 |
|
03-Nov-2003 |
briggs |
Revert the change in default value of ipv6_v6only. Further discussion on this topic is required. It should be reintroduced and pursued in the IETF.
|
#
1.54 |
|
28-Oct-2003 |
briggs |
Toggle the default value of ip6_v6only. Also provide a sample sysctl to retain the existing behavior.
|
#
1.53 |
|
06-Sep-2003 |
itojun |
randomize IPv4/v6 fragment ID and IPv6 flowlabel. avoids predictability of these fields. ip_id.c is from openbsd. ip6_id.c is adapted by kame.
|
#
1.52 |
|
05-Sep-2003 |
itojun |
call tcp_drain() if IPv4-less kernel
|
#
1.51 |
|
04-Sep-2003 |
itojun |
revamp inpcb/in6pcb so that they are more aligned with each other. in6pcb lookup now uses hash(9).
|
#
1.50 |
|
14-Aug-2003 |
itojun |
enforce ipsec policy on raw wildcard.
|
#
1.49 |
|
07-Aug-2003 |
agc |
Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22364, verified by myself.
|
#
1.48 |
|
07-Aug-2003 |
itojun |
make net.inet6.ip6.redirect actually work. from Tomoyuki Sahara via kame
|
#
1.47 |
|
17-Apr-2003 |
thorpej |
branches: 1.47.2; Protect the definition of offsetof().
|
Revision tags: nathanw_sa_before_merge fvdl_fs64_base gmcgarry_ctxsw_base gmcgarry_ucred_base nathanw_sa_base
|
#
1.46 |
|
11-Nov-2002 |
itojun |
pmtu_probe is not used anywhere (it is used in KAME TCP6-only code). From: Krister Walfridsson <cato@df.lth.se>
|
Revision tags: kqueue-aftermerge kqueue-beforemerge gehenna-devsw-base kqueue-base
|
#
1.45 |
|
20-Aug-2002 |
itojun |
sync up use_deprecated handling with latest kame. - bind(deprecated) is allowed, trusting userland app is doing the right thing - use_deprecated default to 1
|
#
1.44 |
|
17-Aug-2002 |
itojun |
set default value for use_deprecated to 0, to avoid consequences with ftpd.
|
#
1.43 |
|
09-Jun-2002 |
itojun |
whitespace cleanup
|
#
1.42 |
|
08-Jun-2002 |
itojun |
whitespace cleanup
|
#
1.41 |
|
29-May-2002 |
itojun |
move per-interface ip6/icmp6 stat to ifnet->if_afdata. sync w/kame
|
#
1.40 |
|
28-May-2002 |
itojun |
limit number of IPv6 fragments (not the fragment queue size) to fight against lots-of-frags DoS attacks. sync w/kame
|
Revision tags: netbsd-1-6-RC1 netbsd-1-6-base eeh-devprop-base
|
#
1.39 |
|
15-Mar-2002 |
itojun |
branches: 1.39.4; 1.39.6; have tcp6_drain
|
Revision tags: newlock-base ifpoll-base
|
#
1.38 |
|
21-Dec-2001 |
itojun |
call encap6_ctlinput on icmp6 against tunnelled packet. sync w/kame
|
#
1.37 |
|
21-Dec-2001 |
itojun |
use radix table for inbound tunnel lookup (would increase performance for machines with a lot of tunnels). update route cache for IPvX-over-IPv6 tunnel on path MTU discovery. snyc with kame
|
#
1.36 |
|
21-Dec-2001 |
itojun |
move in6_gif_hlim decl to in6_gif.c. sync with kame
|
#
1.35 |
|
21-Dec-2001 |
itojun |
move protosw fragment for gif/stf to their own source code. reduce #ifdef in stf code. sync with kame
|
#
1.34 |
|
13-Nov-2001 |
lukem |
add RCSIDs
|
Revision tags: thorpej-mips-cache-base
|
#
1.33 |
|
24-Oct-2001 |
itojun |
no tcp_fasttimo any more. PR 14333
|
#
1.32 |
|
24-Oct-2001 |
itojun |
more whitespace sync with kame
|
#
1.31 |
|
16-Oct-2001 |
itojun |
branches: 1.31.2; remove unused #define. sync whitespace/comment with kame.
|
#
1.30 |
|
15-Oct-2001 |
itojun |
implement IPV6_V6ONLY socket option from draft-ietf-ipngwg-rfc2553bis-03.txt. IPV6_BINDV6ONLY (netbsd only) is deprecated, but still work just like before.
|
Revision tags: thorpej-devvp-base3 thorpej-devvp-base2 post-chs-ubcperf pre-chs-ubcperf thorpej-devvp-base thorpej_scsipi_beforemerge thorpej_scsipi_nbase thorpej_scsipi_base
|
#
1.29 |
|
21-Mar-2001 |
thorpej |
branches: 1.29.2; Add a protosw flag, PR_ABRTACPTDIS (Abort on Accept of Disconnected Socket), and add it to the protocols that use that behavior (all PR_LISTEN protocols except for PF_LOCAL stream sockets).
|
#
1.28 |
|
01-Mar-2001 |
itojun |
branches: 1.28.2; make sure to enforce inbound ipsec policy checking, for any protocols on top of ip (check it when final header is visited). sync with kame. XXX kame team will need to re-check policy engine code
|
#
1.27 |
|
21-Feb-2001 |
itojun |
need PR_ADDR|PR_ATOMIC for IPPROTO_EON. fix typo. from chopps, sync with kame
|
#
1.26 |
|
20-Feb-2001 |
itojun |
ISO over IPv4/v6 by EON encapsulation. from chopps, sync with kame.
|
#
1.25 |
|
11-Feb-2001 |
itojun |
pull latest kame pcbnotify code. synchronizes ICMPv6 path mtu discovery behavior with other protocols (i.e. validation, use of hiwat/lowat).
|
#
1.24 |
|
11-Feb-2001 |
itojun |
whitespace sync with kame
|
#
1.23 |
|
19-Oct-2000 |
itojun |
remove #ifdef TCP6. it is not likely for us to bring in sys/netinet6/tcp6*.c (separate TCP/IPv6 stack) into netbsd-current.
|
#
1.22 |
|
18-Oct-2000 |
itojun |
verify ICMPv6 too big messages based on TCP pcbs, and/or IPsec SA. TODO: udp6, and sendto consideration. as pmtud is mandatory for IPv6, it is rather important for us to support those cases. TODO: more testing TODO: kame sync
|
#
1.21 |
|
10-Oct-2000 |
itojun |
sync with kame ($KAME$)
|
#
1.20 |
|
10-Oct-2000 |
enami |
Don't initialize TCP twice on v4/v6 dual stack kernel.
|
#
1.19 |
|
28-Jul-2000 |
itojun |
nuke the following sysctl variables. "ppsratelimit" should work better. need to recompile sbin/sysctl after updating /usr/include. net.inet.tcp.rstratelimit net.inet.icmp.errratelimit net.inet6.icmp6.errratelimit
|
#
1.18 |
|
06-Jul-2000 |
itojun |
- do not use bitfield for router renumbering header. - add protection mechanism against ND cache corruption due to bad NUD hints. - more stats - icmp6 pps limitation. TOOD: should implement ppsratecheck(9).
|
Revision tags: netbsd-1-5-ALPHA2 netbsd-1-5-base minoura-xpg4dl-base
|
#
1.17 |
|
19-Apr-2000 |
itojun |
branches: 1.17.4; introduce sys/netinet/ip_encap.c, to dispatch inbound packets to protocol handlers, based on src/dst (for ip proto #4/41). see comment in ip_encap.c for details of the problem we have. there are too many protocol specs for ip proto #4/41. backward compatibility with MROUTING case is now provided in ip_encap.c.
fix ipip to work with gif (using ip_encap.c). sorry for breakage.
gif now uses ip_encap.c.
introduce stf pseudo interface (implements 6to4, another IPv6-over-IPv4 code with ip proto #41).
|
#
1.16 |
|
26-Feb-2000 |
itojun |
implement rip6_ctlinput, to cope with routing changes correctly. (IMHO we need rip_ctlinput as well)
|
#
1.15 |
|
26-Feb-2000 |
itojun |
make it possible to throw IPv6 packet with proto=4/41. (in normal case we don't do it, but this is how IPv4 in_proto is written)
|
#
1.14 |
|
14-Feb-2000 |
thorpej |
Use ratecheck() for ICMP6 rate limiting.
|
Revision tags: chs-ubc2-newbase
|
#
1.13 |
|
06-Feb-2000 |
itojun |
fix include pathname for better rfc2292 compliance.
|
#
1.12 |
|
06-Jan-2000 |
itojun |
remove extra portability #ifdef (like #ifdef __FreeBSD__) in KAME IPv6/IPsec code, from netbsd-current repository. #ifdef'ed version is always available from ftp.kame.net.
XXX please do not make too many diff-unfriendly changes, we'll need to take bunch of diffs on upgrade...
|
#
1.11 |
|
06-Jan-2000 |
itojun |
make IPV6_BINDV6ONLY setsockopt available. it controls behavior of AF_INET6 wildcard listening socket. heavily documented in ip6(4). net.inet6.ip6.bindv6only defines default value. default is 1.
"options INET6_BINDV6ONLY" removes any code fragment that supports IPV6_BINDV6ONLY == 0 case (not defopt'ed as use of this is rare).
|
#
1.10 |
|
02-Jan-2000 |
itojun |
add net.inet6.icmp6.nodeinfo sysctl. this allows you to disable/enable ICMPv6 node information query/reply processing (which tells remote end the gethostname(3) setting, interface addresses on the node, and some other things - documented in draft-ietf-ipngwg-icmp-name-lookup* or something alike).
to test it, try ping6 -w ::1 with nodeinfo=0 and nodeinfo=1. (sync with kame change)
|
Revision tags: wrstuden-devbsize-19991221 wrstuden-devbsize-base
|
#
1.9 |
|
13-Dec-1999 |
itojun |
sync IPv6 part with latest KAME tree. IPsec part is left unmodified due to massive changes in KAME side. - IPv6 output goes through nd6_output - faith can capture IPv4 packets as well - you can run IPv4-to-IPv6 translator using heavily modified DNS servers - per-interface statistics (required for IPv6 MIB) - interface autoconfig is revisited - udp input handling has a big change for mapped address support. - introduce in4_cksum() for non-overwriting checksumming - introduce m_pulldown() - neighbor discovery cleanups/improvements - netinet/in.h strictly conforms to RFC2553 (no extra defs visible to userland) - IFA_STATS is fixed a bit (not tested) - and more more more.
TODO: - cleanup os-independency #ifdef - avoid rcvif dual use (for IPsec) to help ifdetach
(sorry for jumbo commit, I can't separate this any more...)
|
Revision tags: comdex-fall-1999-base fvdl-softdep-base chs-ubc2-base
|
#
1.8 |
|
31-Jul-1999 |
itojun |
branches: 1.8.2; 1.8.8; sync with recent KAME. - loosen ipsec restriction on packet diredtion. - revise icmp6 redirect handling on IsRouter bit. - tcp/udp notification processing (link-local address case) - cosmetic fixes (better code share across *BSD).
|
#
1.7 |
|
30-Jul-1999 |
itojun |
remove reference to in6_systm.h (file itself will be removed afterwords)
|
#
1.6 |
|
27-Jul-1999 |
explorer |
Fix a problem where tcp_slowtimo was called twice, once for ipv4 tcp and once for ipv6. This patch makes the ipv6 case pass NULLs in for fast and slow timeouts iff defined(INET) and passes in the right function if !defined(INET).
Reveiwed by itojun@iijlab.net.
|
#
1.5 |
|
22-Jul-1999 |
itojun |
change unnecessary u_long/long into u_int32_t or something relevant. more fixes should follow.
|
#
1.4 |
|
09-Jul-1999 |
thorpej |
defopt IPSEC and IPSEC_ESP (both into opt_ipsec.h).
|
#
1.3 |
|
03-Jul-1999 |
thorpej |
RCS ID police.
|
#
1.2 |
|
01-Jul-1999 |
itojun |
branches: 1.2.2; IPv6 kernel code, based on KAME/NetBSD 1.4, SNAP kit 19990628. (Sorry for a big commit, I can't separate this into several pieces...) Pls check sys/netinet6/TODO and sys/netinet6/IMPLEMENTATION for details.
- sys/kern: do not assume single mbuf, accept chained mbuf on passing data from userland to kernel (or other way round). - "midway" ATM card: ATM PVC pseudo device support, like those done in ALTQ package (ftp://ftp.csl.sony.co.jp/pub/kjc/). - sys/netinet/tcp*: IPv4/v6 dual stack tcp support. - sys/netinet/{ip6,icmp6}.h, sys/net/pfkeyv2.h: IETF document assumes those file to be there so we patch it up. - sys/netinet: IPsec additions are here and there. - sys/netinet6/*: most of IPv6 code sits here. - sys/netkey: IPsec key management code - dev/pci/pcidevs: regen
In my understanding no code here is subject to export control so it should be safe.
|
#
1.1 |
|
28-Jun-1999 |
itojun |
branches: 1.1.2; file in6_proto.c was initially added on branch kame.
|
#
1.115 |
|
13-Feb-2017 |
ozaki-r |
Protect mtudisc and redirect stuffs of icmp/icmp6 with mutex
We have to run pr_init of icmp and icmp6 prior to tcp and tcp6 ones for mutex initialization.
|
Revision tags: nick-nhusb-base-20170204 bouyer-socketcan-base pgoyette-localcount-20170107
|
#
1.114 |
|
13-Dec-2016 |
ozaki-r |
Remove unnecessary inclusions of nd6.h
|
Revision tags: nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907
|
#
1.113 |
|
06-Jul-2016 |
ozaki-r |
branches: 1.113.2; Move in6_ifaddr_list to a more proper place (from ip6_input.c to in6.c)
It's a similar place as the IPv4 address list, i.e., in.c.
More varibles will join together.
|
Revision tags: nick-nhusb-base-20160529
|
#
1.112 |
|
26-Apr-2016 |
ozaki-r |
Sweep unnecessary route.h inclusions
|
Revision tags: nick-nhusb-base-20160422
|
#
1.111 |
|
11-Apr-2016 |
ozaki-r |
Sweep unncessary radix.h inclusions
|
Revision tags: nick-nhusb-base-20160319
|
#
1.110 |
|
21-Jan-2016 |
riastradh |
Revert previous: ran cvs commit when I meant cvs diff. Sorry!
Hit up-arrow one too few times.
|
#
1.109 |
|
21-Jan-2016 |
riastradh |
Give proper prototype to ip_output.
|
#
1.108 |
|
20-Jan-2016 |
riastradh |
Eliminate struct protosw::pr_output.
You can't use this unless you know what it is a priori: the formal prototype is variadic, and the different instances (e.g., ip_output, route_output) have different real prototypes.
Convert the only user of it, raw_send in net/raw_cb.c, to take an explicit callback argument. Convert the only instances of it, route_output and key_output, to such explicit callbacks for raw_send. Use assertions to make sure the conversion to explicit callbacks is warranted.
Discussed on tech-net with no objections: https://mail-index.netbsd.org/tech-net/2016/01/16/msg005484.html
|
Revision tags: nick-nhusb-base-20151226
|
#
1.107 |
|
13-Oct-2015 |
rjs |
Add core networking support for SCTP.
|
Revision tags: nick-nhusb-base-20150921
|
#
1.106 |
|
24-Aug-2015 |
pooka |
sprinkle _KERNEL_OPT
|
Revision tags: nick-nhusb-base-20150606
|
#
1.105 |
|
22-Apr-2015 |
roy |
Move INET6 specific in6_if_{up,down}() and in6_if_link_{up,down}() into agnostic domain functions.
|
Revision tags: nick-nhusb-base-20150406
|
#
1.104 |
|
10-Feb-2015 |
rjs |
Add DCCP protocol support from KAME.
|
Revision tags: netbsd-7-nhusb-base-20170116 netbsd-7-1-RC1 netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.103 |
|
05-Jun-2014 |
rmind |
branches: 1.103.4; - Implement pktqueue interface for lockless IP input queue. - Replace ipintrq and ip6intrq with the pktqueue mechanism. - Eliminate kernel-lock from ipintr() and ip6intr(). - Some preparation work to push softnet_lock out of ipintr().
Discussed on tech-net.
|
#
1.102 |
|
22-May-2014 |
rmind |
Move udp6_input(), udp6_sendup(), udp6_realinput() and udp6_input_checksum() from udp_usrreq.c to udp6_usrreq.c where they belong. No functional change.
|
Revision tags: rmind-smpnet-nbase rmind-smpnet-base
|
#
1.101 |
|
18-May-2014 |
rmind |
Add struct pr_usrreqs with a pr_generic function and prepare for the dismantling of pr_usrreq in the protocols; no functional change intended. PRU_ATTACH/PRU_DETACH changes will follow soon.
Bump for struct protosw. Welcome to 6.99.62!
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3
|
#
1.100 |
|
02-Jan-2014 |
pooka |
branches: 1.100.2; Allow kernels compiled with INET+INET6 to be booted as IPv4-only or IPv6-only.
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base
|
#
1.99 |
|
05-Jun-2013 |
christos |
branches: 1.99.2; IPSEC has not come in two speeds for a long time now (IPSEC == kame, FAST_IPSEC). Make everything refer to IPSEC to avoid confusion.
|
Revision tags: agc-symver-base
|
#
1.98 |
|
01-Mar-2013 |
joerg |
Retire OSI network stack. OK core@
|
Revision tags: yamt-pagecache-base8 yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.97 |
|
23-Jun-2012 |
christos |
branches: 1.97.2; 4 new sysctls to avoid ipv6 DoS attacks from OpenBSD
|
Revision tags: jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8
|
#
1.96 |
|
22-Mar-2012 |
drochner |
remove KAME IPSEC, replaced by FAST_IPSEC
|
Revision tags: netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 jmcneill-usbmp-base7 jmcneill-usbmp-base6 jmcneill-usbmp-base5 jmcneill-usbmp-base4 jmcneill-usbmp-base3 jmcneill-usbmp-base2 netbsd-6-base
|
#
1.95 |
|
31-Dec-2011 |
christos |
branches: 1.95.2; 1.95.6; 1.95.8; - fix offsetof usage, and redundant defines - kill pointer casts to 0
|
#
1.94 |
|
19-Dec-2011 |
drochner |
rename the IPSEC in-kernel CPP variable and config(8) option to KAME_IPSEC, and make IPSEC define it so that existing kernel config files work as before Now the default can be easily be changed to FAST_IPSEC just by setting the IPSEC alias to FAST_IPSEC.
|
Revision tags: jmcneill-usbmp-pre-base2 jmcneill-usbmp-base jmcneill-audiomp3-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base
|
#
1.93 |
|
24-Sep-2011 |
christos |
branches: 1.93.2; 1.93.6; Add inet6 part of the rfc6056 code contributed by Vlad Balan as part of Google SoC-2011
|
Revision tags: rmind-uvmplock-nbase cherry-xenmp-base rmind-uvmplock-base
|
#
1.92 |
|
24-May-2011 |
spz |
RA flood mitigation via a limit on accepted routes: - introduce a limit for the routes accepted via IPv6 Router Advertisement: a common 2 interface client will have 6, the default limit is 100 and can be adjusted via sysctl - report the current number of routes installed via RA via sysctl - count discarded route additions. Note that one RA message is two routes. This is at present only across all interfaces even though per-interface would be more useful, since the per-interface structure complies to RFC2466 - bump kernel version due to the previous change - adjust netstat to use the new value (with netstat -p icmp6)
|
#
1.91 |
|
03-May-2011 |
dyoung |
*_drain() routines may be called with locks held, so instead of doing any work in *_drain(), set a drain-needed flag. Do the work in the fasttimo handler.
Contributed by Coyote Point Systems, Inc.
|
#
1.90 |
|
31-Mar-2011 |
dyoung |
Hide the radix-trie implementation of the forwarding table so that we will have an easier time replacing it with something different, even if it is a second radix-trie implementation.
sys/net/route.c and sys/net/rtsock.c no longer operate directly on radix_nodes or radix_node_heads.
Hopefully this will reduce the temptation to implement multipath or source-based routing using grotty hacks to the grotty old radix-trie code, too. :-)
|
Revision tags: bouyer-quota2-nbase bouyer-quota2-base jruoho-x86intr-base matt-mips64-premerge-20101231 uebayasi-xip-base4 uebayasi-xip-base3 yamt-nfs-mp-base11
|
#
1.89 |
|
24-Aug-2010 |
jakllsch |
branches: 1.89.2; Make the EtherIP in IPv6 input path work. XXX: Figure out if we really need a separate protosw for IPv6.
|
Revision tags: uebayasi-xip-base2 yamt-nfs-mp-base10 uebayasi-xip-base1 yamt-nfs-mp-base9 uebayasi-xip-base
|
#
1.88 |
|
04-Feb-2010 |
joerg |
branches: 1.88.2; 1.88.4; Explicitly include opt_gateway.h when depending on GATEWAY.
|
Revision tags: matt-premerge-20091211 yamt-nfs-mp-base8 jym-xensuspend-nbase
|
#
1.87 |
|
11-Sep-2009 |
dyoung |
Make ifconfig(8) set and display preference numbers for IPv6 addresses. Make the kernel support SIOC[SG]IFADDRPREF for IPv6 interface addresses.
In in6ifa_ifpforlinklocal(), consult preference numbers before making an otherwise arbitrary choice of in6_ifaddr. Otherwise, preference numbers are *not* consulted by the kernel, but that will be rather easy for somebody with a little bit of free time to fix.
Please note that setting the preference number for a link-local IPv6 address does not work right, yet, but that ought to be fixed soon.
In support of the changes above,
1 Add a method to struct domain for "externalizing" a sockaddr, and provide an implementation for IPv6. Expect more work in this area: it may be more proper to say that the IPv6 implementation "internalizes" a sockaddr. Add sockaddr_externalize().
2 Add a subroutine, sofamily(), that returns a struct socket's address family or AF_UNSPEC.
3 Make a lot of IPv4-specific code generic, and move it from sys/netinet/ to sys/net/ for re-use by IPv6 parts of the kernel and ifconfig(8).
|
#
1.86 |
|
11-Sep-2009 |
dyoung |
Nothing uses sockaddr_in6_cmp() right now, and the generic sockaddr_cmp() is probably as fast or faster than calling sockaddr_in6_cmp() through a function pointer, so let's stop compiling it.
|
#
1.85 |
|
21-Aug-2009 |
tsutsui |
Fix error on kernels with options IPSEC without options IPSEC_ESP. Found on building evbppc/conf/PMPPC.
|
Revision tags: yamt-nfs-mp-base7 jymxensuspend-base yamt-nfs-mp-base6 yamt-nfs-mp-base5 yamt-nfs-mp-base4 yamt-nfs-mp-base3 nick-hppapmap-base4 nick-hppapmap-base3 jym-xensuspend-base nick-hppapmap-base
|
#
1.84 |
|
23-Mar-2009 |
liamjfoy |
Init ip6flow pool dynamically instead of using a linkset.
|
Revision tags: nick-hppapmap-base2 haad-dm-base2 haad-nbase2 ad-audiomp2-base haad-dm-base mjf-devfs2-base
|
#
1.83 |
|
25-Nov-2008 |
pooka |
branches: 1.83.4; Make dom_maxrtkey of inet/inet6domain the size of the ip_encap pack structures. This is far from optimal, but gets rid of iffy #ifdef INET in radix.c. The radix bonsai still needs lots of love before loading domains dynamically is possible...
|
Revision tags: netbsd-5-1-5-RELEASE netbsd-5-1-4-RELEASE netbsd-5-1-3-RELEASE netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE matt-nb5-mips64-premerge-20101231 netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 netbsd-5-base matt-mips64-base2 haad-dm-base1 wrstuden-revivesa-base-4 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 wrstuden-revivesa-base-1 simonb-wapbl-nbase yamt-pf42-base4 simonb-wapbl-base yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-base2 yamt-nfs-mp-base2 wrstuden-revivesa-base yamt-nfs-mp-base
|
#
1.82 |
|
24-Apr-2008 |
ad |
branches: 1.82.2; 1.82.8; 1.82.10; 1.82.12; Merge the socket locking patch:
- Socket layer becomes MP safe. - Unix protocols become MP safe. - Allows protocol processing interrupts to safely block on locks. - Fixes a number of race conditions.
With much feedback from matt@ and plunky@.
|
#
1.81 |
|
23-Apr-2008 |
thorpej |
Make IPSEC and FAST_IPSEC stats per-cpu. Use <net/net_stats.h> and netstat_sysctl().
|
Revision tags: yamt-pf42-baseX yamt-pf42-base
|
#
1.80 |
|
15-Apr-2008 |
thorpej |
branches: 1.80.2; Make pim6 stats per-cpu.
|
Revision tags: ad-socklock-base1 yamt-lazymbuf-base15 yamt-lazymbuf-base14 keiichi-mipv6-nbase nick-net80211-sync-base keiichi-mipv6-base bouyer-xeni386-merge1 vmlocking2-base3 bouyer-xeni386-nbase yamt-kmem-base3 cube-autoconf-base yamt-kmem-base2 bouyer-xeni386-base yamt-kmem-base vmlocking2-base2 reinoud-bufcleanup-nbase vmlocking2-base1 matt-armv6-nbase jmcneill-base mjf-devfs-base bouyer-xenamd64-base2 vmlocking-nbase yamt-x86pmap-base4 bouyer-xenamd64-base yamt-x86pmap-base3 yamt-x86pmap-base2 yamt-x86pmap-base matt-armv6-base jmcneill-pm-base hpcarm-cleanup-base reinoud-bufcleanup-base vmlocking-base
|
#
1.79 |
|
19-Sep-2007 |
dyoung |
branches: 1.79.16; 1.79.20; 1) Introduce a new socket option, (SOL_SOCKET, SO_NOHEADER), that tells a socket that it should both add a protocol header to tx'd datagrams and remove the header from rx'd datagrams:
int onoff = 1, s = socket(...); setsockopt(s, SOL_SOCKET, SO_NOHEADER, &onoff);
2) Add an implementation of (SOL_SOCKET, SO_NOHEADER) for raw IPv4 sockets.
3) Reorganize the protocols' pr_ctloutput implementations a bit. Consistently return ENOPROTOOPT when an option is unsupported, and EINVAL if a supported option's arguments are incorrect. Reorganize the flow of code so that it's more clear how/when options are passed down the stack until they are handled.
Shorten some pr_ctloutput staircases for readability.
4) Extract common mbuf code into subroutines, add new sockaddr methods, and introduce a new subroutine, fsocreate(), for reuse later; use it first in sys_socket():
struct mbuf *m_getsombuf(struct socket *so)
Create an mbuf and make its owner the socket `so'.
struct mbuf *m_intopt(struct socket *so, int val)
Create an mbuf, make its owner the socket `so', put the int `val' into it, and set its length to sizeof(int).
int fsocreate(..., int *fd)
Create a socket, a la socreate(9), put the socket into the given LWP's descriptor table, return the descriptor at `fd' on success.
void *sockaddr_addr(struct sockaddr *sa, socklen_t *slenp) const void *sockaddr_const_addr(const struct sockaddr *sa, socklen_t *slenp)
Extract a pointer to the address part of a sockaddr. Write the length of the address part at `slenp', if `slenp' is not NULL.
socklen_t sockaddr_getlen(const struct sockaddr *sa)
Return the length of a sockaddr. This just evaluates to sa->sa_len. I only add this for consistency with code that appears in a portable userland library that I am going to import.
const struct sockaddr *sockaddr_any(const struct sockaddr *sa)
Return the "don't care" sockaddr in the same family as `sa'. This is the address a client should sobind(9) if it does not care the source address and, if applicable, the port et cetera that it uses.
const void *sockaddr_anyaddr(const struct sockaddr *sa, socklen_t *slenp)
Return the "don't care" sockaddr in the same family as `sa'. This is the address a client should sobind(9) if it does not care the source address and, if applicable, the port et cetera that it uses.
|
Revision tags: nick-csl-alignment-base5
|
#
1.78 |
|
30-Aug-2007 |
dyoung |
Use malloc(9) for sockaddrs instead of pool(9), and remove dom_sa_pool and dom_sa_len members from struct domain. Pools of fixed-size objects are too rigid for sockaddr_dls, whose size can vary over a wide range.
Return sockaddr_dl to its "historical" size. Now that I'm using malloc(9) instead of pool(9) to allocate sockaddr_dl, I can create a sockaddr_dl of any size in the kernel, so expanding sockaddr_dl is useless.
Avoid using sizeof(struct sockaddr_dl) in the kernel.
Introduce sockaddr_dl_alloc() for allocating & initializing an arbitrary sockaddr_dl on the heap.
Add an argument, the sockaddr length, to sockaddr_alloc(), sockaddr_copy(), and sockaddr_dl_setaddr().
Constify: LLADDR() -> CLLADDR().
Where the kernel overwrites LLADDR(), use sockaddr_dl_setaddr(), instead. Used properly, sockaddr_dl_setaddr() will not overrun the end of the sockaddr.
|
Revision tags: matt-mips64-base nick-csl-alignment-base yamt-idlelwp-base8 mjf-ufs-trans-base
|
#
1.77 |
|
06-May-2007 |
dyoung |
branches: 1.77.2; 1.77.6; 1.77.8; In AppleTalk, IPv4, and IPv6 routing domains, help sockaddr_cmp() avoid an indirect function call by comparing the family, length, and bytes [dom->dom_sa_cmpofs, dom->dom_sa_cmpofs + dom->dom_sa_cmplen), corresponding to the the sockaddrs' "address" members.
For ISO, actually use sockaddr_iso_cmp, for a change. Thanks to yamt@ for pointing out my error.
|
#
1.76 |
|
02-May-2007 |
dyoung |
Eliminate address family-specific route caches (struct route, struct route_in6, struct route_iso), replacing all caches with a struct route.
The principle benefit of this change is that all of the protocol families can benefit from route cache-invalidation, which is necessary for correct routing. Route-cache invalidation fixes an ancient PR, kern/3508, at long last; it fixes various other PRs, also.
Discussions with and ideas from Joerg Sonnenberger influenced this work tremendously. Of course, all design oversights and bugs are mine.
DETAILS
1 I added to each address family a pool of sockaddrs. I have introduced routines for allocating, copying, and duplicating, and freeing sockaddrs:
struct sockaddr *sockaddr_alloc(sa_family_t af, int flags); struct sockaddr *sockaddr_copy(struct sockaddr *dst, const struct sockaddr *src); struct sockaddr *sockaddr_dup(const struct sockaddr *src, int flags); void sockaddr_free(struct sockaddr *sa);
sockaddr_alloc() returns either a sockaddr from the pool belonging to the specified family, or NULL if the pool is exhausted. The returned sockaddr has the right size for that family; sa_family and sa_len fields are initialized to the family and sockaddr length---e.g., sa_family = AF_INET and sa_len = sizeof(struct sockaddr_in). sockaddr_free() puts the given sockaddr back into its family's pool.
sockaddr_dup() and sockaddr_copy() work analogously to strdup() and strcpy(), respectively. sockaddr_copy() KASSERTs that the family of the destination and source sockaddrs are alike.
The 'flags' argumet for sockaddr_alloc() and sockaddr_dup() is passed directly to pool_get(9).
2 I added routines for initializing sockaddrs in each address family, sockaddr_in_init(), sockaddr_in6_init(), sockaddr_iso_init(), etc. They are fairly self-explanatory.
3 structs route_in6 and route_iso are no more. All protocol families use struct route. I have changed the route cache, 'struct route', so that it does not contain storage space for a sockaddr. Instead, struct route points to a sockaddr coming from the pool the sockaddr belongs to. I added a new method to struct route, rtcache_setdst(), for setting the cache destination:
int rtcache_setdst(struct route *, const struct sockaddr *);
rtcache_setdst() returns 0 on success, or ENOMEM if no memory is available to create the sockaddr storage.
It is now possible for rtcache_getdst() to return NULL if, say, rtcache_setdst() failed. I check the return value for NULL everywhere in the kernel.
4 Each routing domain (struct domain) has a list of live route caches, dom_rtcache. rtflushall(sa_family_t af) looks up the domain indicated by 'af', walks the domain's list of route caches and invalidates each one.
|
Revision tags: thorpej-atomic-base
|
#
1.75 |
|
07-Mar-2007 |
liamjfoy |
branches: 1.75.2; 1.75.4; Add IPv6 Fast Forward - the IPv4 counterpart:
If ip6_forward successfully forwards a packet, a cache, in this case a ip6flow struct entry, will be created. ether_input and friends will then be able to call ip6flow_fastforward with the packet which will then be passed to if_output (unless an issue is found - in that case the packet is passed back to ip6_input).
ok matt@ christos@ dyoung@ and joerg@
|
#
1.74 |
|
06-Mar-2007 |
liamjfoy |
Fix some style issues - no functional change
|
#
1.73 |
|
27-Feb-2007 |
degroote |
Initialize fast_ipsec entry in the protocol switch with structure initializers as other entries.
|
Revision tags: ad-audiomp-base
|
#
1.72 |
|
19-Feb-2007 |
dyoung |
Initialize protocol switch with structure initializers.
|
#
1.71 |
|
17-Feb-2007 |
dyoung |
0 -> NULL
|
#
1.70 |
|
10-Feb-2007 |
degroote |
branches: 1.70.2; Commit my SoC work Add ipv6 support for fast_ipsec Note that currently, packet with extensions headers are not correctly supported Change the ipcomp logic
|
Revision tags: post-newlock2-merge newlock2-nbase yamt-splraiseipl-base5 yamt-splraiseipl-base4 yamt-splraiseipl-base3 newlock2-base
|
#
1.69 |
|
09-Dec-2006 |
dyoung |
Here are various changes designed to protect against bad IPv4 routing caused by stale route caches (struct route). Route caches are sprinkled throughout PCBs, the IP fast-forwarding table, and IP tunnel interfaces (gre, gif, stf).
Stale IPv6 and ISO route caches will be treated by separate patches.
Thank you to Christoph Badura for suggesting the general approach to invalidating route caches that I take here.
Here are the details:
Add hooks to struct domain for tracking and for invalidating each domain's route caches: dom_rtcache, dom_rtflush, and dom_rtflushall.
Introduce helper subroutines, rtflush(ro) for invalidating a route cache, rtflushall(family) for invalidating all route caches in a routing domain, and rtcache(ro) for notifying the domain of a new cached route.
Chain together all IPv4 route caches where ro_rt != NULL. Provide in_rtcache() for adding a route to the chain. Provide in_rtflush() and in_rtflushall() for invalidating IPv4 route caches. In in_rtflush(), set ro_rt to NULL, and remove the route from the chain. In in_rtflushall(), walk the chain and remove every route cache.
In rtrequest1(), call rtflushall() to invalidate route caches when a route is added.
In gif(4), discard the workaround for stale caches that involves expiring them every so often.
Replace the pattern 'RTFREE(ro->ro_rt); ro->ro_rt = NULL;' with a call to rtflush(ro).
Update ipflow_fastforward() and all other users of route caches so that they expect a cached route, ro->ro_rt, to turn to NULL.
Take care when moving a 'struct route' to rtflush() the source and to rtcache() the destination.
In domain initializers, use .dom_xxx tags.
KNF here and there.
|
Revision tags: netbsd-4-base
|
#
1.68 |
|
23-Nov-2006 |
rpaulo |
branches: 1.68.2; 1.68.4; New EtherIP driver based on tap(4) and gif(4) by Hans Rosenfeld. Notable changes: * Fixes PR 34268. * Separates the code from gif(4) (which is more cleaner). * Allows the usage of STP (Spanning Tree Protocol). * Removed EtherIP implementation from gif(4)/tap(4).
Some input from Christos.
|
Revision tags: yamt-splraiseipl-base2
|
#
1.67 |
|
10-Oct-2006 |
dogcow |
change the MOWNER_INIT define to take two args; fix extant struct mowner decls to use it. Makes options MBUFTRACE compile again and not whinge about missing structure declarations. (Also makes initialization consistent.)
|
Revision tags: yamt-splraiseipl-base yamt-pdpolicy-base9 yamt-pdpolicy-base8 rpaulo-netinet-merge-pcb-base
|
#
1.66 |
|
30-Aug-2006 |
christos |
branches: 1.66.2; 1.66.4; add missing initializers
|
#
1.65 |
|
28-Aug-2006 |
christos |
remove extra members
|
#
1.64 |
|
25-Aug-2006 |
matt |
One step closer to loadable domains. Store pointers to a domain's soft interrupt queues so if_detach can remove packets to removed interfaces from them. This eliminates a lot of conditional ugly code in if.c
|
Revision tags: abandoned-netbsd-4-base yamt-pdpolicy-base7 yamt-pdpolicy-base6 chap-midi-nbase gdamore-uart-base yamt-pdpolicy-base5 chap-midi-base simonb-timecounters-base
|
#
1.63 |
|
18-May-2006 |
liamjfoy |
Integrate Common Address Redundancy Procotol (CARP) from OpenBSD
'pseudo-device carp'
Thanks to: joerg@ christos@ riz@ and others who tested Ok: core@
|
Revision tags: yamt-pdpolicy-base4 yamt-pdpolicy-base3 peter-altq-base yamt-pdpolicy-base2 elad-kernelauth-base
|
#
1.62 |
|
05-Mar-2006 |
rpaulo |
branches: 1.62.4; NDP-related improvements: RFC4191 - supports host-side router-preference
RFC3542 - if DAD fails on a interface, disables IPv6 operation on the interface - don't advertise MLD report before DAD finishes
Others - fixes integer overflow for valid and preferred lifetimes - improves timer granularity for MLD, using callout-timer. - reflects rtadvd's IPv6 host variable information into kernel (router only) - adds a sysctl option to enable/disable pMTUd for multicast packets - performs NUD on PPP/GRE interface by default - Redirect works regardless of ip6_accept_rtadv - removes RFC1885-related code
From the KAME project via SUZUKI Shinsuke. Reviewed by core.
|
Revision tags: yamt-pdpolicy-base yamt-uio_vmspace-base5
|
#
1.61 |
|
11-Dec-2005 |
christos |
branches: 1.61.4; 1.61.6; 1.61.8; merge ktrace-lwp.
|
Revision tags: yamt-readahead-base3 yamt-readahead-base2 yamt-readahead-pervnode yamt-readahead-perfile yamt-readahead-base yamt-vop-base3 yamt-vop-base2 thorpej-vnode-attr-base yamt-vop-base ktrace-lwp-base
|
#
1.60 |
|
19-Jul-2005 |
gdt |
Add PR_PURGEIF flag for protocols to indicate that the protocol might store a struct ifnet *, and define it for udp/tcp/rawip for INET and INET6. When deleting a struct ifnet, invoke PRU_PURGEIF on all protocols marked with PR_PURGEIF. Closes PR kern/29580 (mine).
|
#
1.59 |
|
29-May-2005 |
christos |
branches: 1.59.2; - avoid shadowed variables - sprinkle const.
|
Revision tags: yamt-km-base4 yamt-km-base3 netbsd-3-base yamt-km-base2 yamt-km-base kent-audio2-base
|
#
1.58 |
|
23-Jan-2005 |
matt |
branches: 1.58.6; Change initialzie of domains to use link sets. Switch to using STAILQ. Add a convenience macro DOMAIN_FOREACH to interate through the domain.
|
Revision tags: kent-audio1-beforemerge kent-audio1-base
|
#
1.57 |
|
22-Apr-2004 |
matt |
branches: 1.57.4; Constify protosw arrays. This can reduce the kernel .data section by over 4K (if all the network protocols) are loaded.
|
Revision tags: netbsd-2-0-3-RELEASE netbsd-2-1-RELEASE netbsd-2-1-RC6 netbsd-2-1-RC5 netbsd-2-1-RC4 netbsd-2-1-RC3 netbsd-2-1-RC2 netbsd-2-1-RC1 netbsd-2-0-2-RELEASE netbsd-2-0-1-RELEASE netbsd-2-base netbsd-2-0-RELEASE netbsd-2-0-RC5 netbsd-2-0-RC4 netbsd-2-0-RC3 netbsd-2-0-RC2 netbsd-2-0-RC1 netbsd-2-0-base
|
#
1.56 |
|
04-Dec-2003 |
atatat |
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(), vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all nodes are registered with the tree, and nodes can be added (or removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to number (and back again) can now be discovered, instead of having to be hard coded. Adding new nodes to the tree is likewise much simpler -- the new infrastructure handles almost all the work for simple types, and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking), so all existing consumers of sysctl information should notice no difference.
PS - I'm sorry, but there's a distinct lack of documentation at the moment. I'm working on sysctl(3/8/9) right now, and I promise to watch out for buses.
|
#
1.55 |
|
03-Nov-2003 |
briggs |
Revert the change in default value of ipv6_v6only. Further discussion on this topic is required. It should be reintroduced and pursued in the IETF.
|
#
1.54 |
|
28-Oct-2003 |
briggs |
Toggle the default value of ip6_v6only. Also provide a sample sysctl to retain the existing behavior.
|
#
1.53 |
|
06-Sep-2003 |
itojun |
randomize IPv4/v6 fragment ID and IPv6 flowlabel. avoids predictability of these fields. ip_id.c is from openbsd. ip6_id.c is adapted by kame.
|
#
1.52 |
|
05-Sep-2003 |
itojun |
call tcp_drain() if IPv4-less kernel
|
#
1.51 |
|
04-Sep-2003 |
itojun |
revamp inpcb/in6pcb so that they are more aligned with each other. in6pcb lookup now uses hash(9).
|
#
1.50 |
|
14-Aug-2003 |
itojun |
enforce ipsec policy on raw wildcard.
|
#
1.49 |
|
07-Aug-2003 |
agc |
Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22364, verified by myself.
|
#
1.48 |
|
07-Aug-2003 |
itojun |
make net.inet6.ip6.redirect actually work. from Tomoyuki Sahara via kame
|
#
1.47 |
|
17-Apr-2003 |
thorpej |
branches: 1.47.2; Protect the definition of offsetof().
|
Revision tags: nathanw_sa_before_merge fvdl_fs64_base gmcgarry_ctxsw_base gmcgarry_ucred_base nathanw_sa_base
|
#
1.46 |
|
11-Nov-2002 |
itojun |
pmtu_probe is not used anywhere (it is used in KAME TCP6-only code). From: Krister Walfridsson <cato@df.lth.se>
|
Revision tags: kqueue-aftermerge kqueue-beforemerge gehenna-devsw-base kqueue-base
|
#
1.45 |
|
20-Aug-2002 |
itojun |
sync up use_deprecated handling with latest kame. - bind(deprecated) is allowed, trusting userland app is doing the right thing - use_deprecated default to 1
|
#
1.44 |
|
17-Aug-2002 |
itojun |
set default value for use_deprecated to 0, to avoid consequences with ftpd.
|
#
1.43 |
|
09-Jun-2002 |
itojun |
whitespace cleanup
|
#
1.42 |
|
08-Jun-2002 |
itojun |
whitespace cleanup
|
#
1.41 |
|
29-May-2002 |
itojun |
move per-interface ip6/icmp6 stat to ifnet->if_afdata. sync w/kame
|
#
1.40 |
|
28-May-2002 |
itojun |
limit number of IPv6 fragments (not the fragment queue size) to fight against lots-of-frags DoS attacks. sync w/kame
|
Revision tags: netbsd-1-6-RC1 netbsd-1-6-base eeh-devprop-base
|
#
1.39 |
|
15-Mar-2002 |
itojun |
branches: 1.39.4; 1.39.6; have tcp6_drain
|
Revision tags: newlock-base ifpoll-base
|
#
1.38 |
|
21-Dec-2001 |
itojun |
call encap6_ctlinput on icmp6 against tunnelled packet. sync w/kame
|
#
1.37 |
|
21-Dec-2001 |
itojun |
use radix table for inbound tunnel lookup (would increase performance for machines with a lot of tunnels). update route cache for IPvX-over-IPv6 tunnel on path MTU discovery. snyc with kame
|
#
1.36 |
|
21-Dec-2001 |
itojun |
move in6_gif_hlim decl to in6_gif.c. sync with kame
|
#
1.35 |
|
21-Dec-2001 |
itojun |
move protosw fragment for gif/stf to their own source code. reduce #ifdef in stf code. sync with kame
|
#
1.34 |
|
13-Nov-2001 |
lukem |
add RCSIDs
|
Revision tags: thorpej-mips-cache-base
|
#
1.33 |
|
24-Oct-2001 |
itojun |
no tcp_fasttimo any more. PR 14333
|
#
1.32 |
|
24-Oct-2001 |
itojun |
more whitespace sync with kame
|
#
1.31 |
|
16-Oct-2001 |
itojun |
branches: 1.31.2; remove unused #define. sync whitespace/comment with kame.
|
#
1.30 |
|
15-Oct-2001 |
itojun |
implement IPV6_V6ONLY socket option from draft-ietf-ipngwg-rfc2553bis-03.txt. IPV6_BINDV6ONLY (netbsd only) is deprecated, but still work just like before.
|
Revision tags: thorpej-devvp-base3 thorpej-devvp-base2 post-chs-ubcperf pre-chs-ubcperf thorpej-devvp-base thorpej_scsipi_beforemerge thorpej_scsipi_nbase thorpej_scsipi_base
|
#
1.29 |
|
21-Mar-2001 |
thorpej |
branches: 1.29.2; Add a protosw flag, PR_ABRTACPTDIS (Abort on Accept of Disconnected Socket), and add it to the protocols that use that behavior (all PR_LISTEN protocols except for PF_LOCAL stream sockets).
|
#
1.28 |
|
01-Mar-2001 |
itojun |
branches: 1.28.2; make sure to enforce inbound ipsec policy checking, for any protocols on top of ip (check it when final header is visited). sync with kame. XXX kame team will need to re-check policy engine code
|
#
1.27 |
|
21-Feb-2001 |
itojun |
need PR_ADDR|PR_ATOMIC for IPPROTO_EON. fix typo. from chopps, sync with kame
|
#
1.26 |
|
20-Feb-2001 |
itojun |
ISO over IPv4/v6 by EON encapsulation. from chopps, sync with kame.
|
#
1.25 |
|
11-Feb-2001 |
itojun |
pull latest kame pcbnotify code. synchronizes ICMPv6 path mtu discovery behavior with other protocols (i.e. validation, use of hiwat/lowat).
|
#
1.24 |
|
11-Feb-2001 |
itojun |
whitespace sync with kame
|
#
1.23 |
|
19-Oct-2000 |
itojun |
remove #ifdef TCP6. it is not likely for us to bring in sys/netinet6/tcp6*.c (separate TCP/IPv6 stack) into netbsd-current.
|
#
1.22 |
|
18-Oct-2000 |
itojun |
verify ICMPv6 too big messages based on TCP pcbs, and/or IPsec SA. TODO: udp6, and sendto consideration. as pmtud is mandatory for IPv6, it is rather important for us to support those cases. TODO: more testing TODO: kame sync
|
#
1.21 |
|
10-Oct-2000 |
itojun |
sync with kame ($KAME$)
|
#
1.20 |
|
10-Oct-2000 |
enami |
Don't initialize TCP twice on v4/v6 dual stack kernel.
|
#
1.19 |
|
28-Jul-2000 |
itojun |
nuke the following sysctl variables. "ppsratelimit" should work better. need to recompile sbin/sysctl after updating /usr/include. net.inet.tcp.rstratelimit net.inet.icmp.errratelimit net.inet6.icmp6.errratelimit
|
#
1.18 |
|
06-Jul-2000 |
itojun |
- do not use bitfield for router renumbering header. - add protection mechanism against ND cache corruption due to bad NUD hints. - more stats - icmp6 pps limitation. TOOD: should implement ppsratecheck(9).
|
Revision tags: netbsd-1-5-ALPHA2 netbsd-1-5-base minoura-xpg4dl-base
|
#
1.17 |
|
19-Apr-2000 |
itojun |
branches: 1.17.4; introduce sys/netinet/ip_encap.c, to dispatch inbound packets to protocol handlers, based on src/dst (for ip proto #4/41). see comment in ip_encap.c for details of the problem we have. there are too many protocol specs for ip proto #4/41. backward compatibility with MROUTING case is now provided in ip_encap.c.
fix ipip to work with gif (using ip_encap.c). sorry for breakage.
gif now uses ip_encap.c.
introduce stf pseudo interface (implements 6to4, another IPv6-over-IPv4 code with ip proto #41).
|
#
1.16 |
|
26-Feb-2000 |
itojun |
implement rip6_ctlinput, to cope with routing changes correctly. (IMHO we need rip_ctlinput as well)
|
#
1.15 |
|
26-Feb-2000 |
itojun |
make it possible to throw IPv6 packet with proto=4/41. (in normal case we don't do it, but this is how IPv4 in_proto is written)
|
#
1.14 |
|
14-Feb-2000 |
thorpej |
Use ratecheck() for ICMP6 rate limiting.
|
Revision tags: chs-ubc2-newbase
|
#
1.13 |
|
06-Feb-2000 |
itojun |
fix include pathname for better rfc2292 compliance.
|
#
1.12 |
|
06-Jan-2000 |
itojun |
remove extra portability #ifdef (like #ifdef __FreeBSD__) in KAME IPv6/IPsec code, from netbsd-current repository. #ifdef'ed version is always available from ftp.kame.net.
XXX please do not make too many diff-unfriendly changes, we'll need to take bunch of diffs on upgrade...
|
#
1.11 |
|
06-Jan-2000 |
itojun |
make IPV6_BINDV6ONLY setsockopt available. it controls behavior of AF_INET6 wildcard listening socket. heavily documented in ip6(4). net.inet6.ip6.bindv6only defines default value. default is 1.
"options INET6_BINDV6ONLY" removes any code fragment that supports IPV6_BINDV6ONLY == 0 case (not defopt'ed as use of this is rare).
|
#
1.10 |
|
02-Jan-2000 |
itojun |
add net.inet6.icmp6.nodeinfo sysctl. this allows you to disable/enable ICMPv6 node information query/reply processing (which tells remote end the gethostname(3) setting, interface addresses on the node, and some other things - documented in draft-ietf-ipngwg-icmp-name-lookup* or something alike).
to test it, try ping6 -w ::1 with nodeinfo=0 and nodeinfo=1. (sync with kame change)
|
Revision tags: wrstuden-devbsize-19991221 wrstuden-devbsize-base
|
#
1.9 |
|
13-Dec-1999 |
itojun |
sync IPv6 part with latest KAME tree. IPsec part is left unmodified due to massive changes in KAME side. - IPv6 output goes through nd6_output - faith can capture IPv4 packets as well - you can run IPv4-to-IPv6 translator using heavily modified DNS servers - per-interface statistics (required for IPv6 MIB) - interface autoconfig is revisited - udp input handling has a big change for mapped address support. - introduce in4_cksum() for non-overwriting checksumming - introduce m_pulldown() - neighbor discovery cleanups/improvements - netinet/in.h strictly conforms to RFC2553 (no extra defs visible to userland) - IFA_STATS is fixed a bit (not tested) - and more more more.
TODO: - cleanup os-independency #ifdef - avoid rcvif dual use (for IPsec) to help ifdetach
(sorry for jumbo commit, I can't separate this any more...)
|
Revision tags: comdex-fall-1999-base fvdl-softdep-base chs-ubc2-base
|
#
1.8 |
|
31-Jul-1999 |
itojun |
branches: 1.8.2; 1.8.8; sync with recent KAME. - loosen ipsec restriction on packet diredtion. - revise icmp6 redirect handling on IsRouter bit. - tcp/udp notification processing (link-local address case) - cosmetic fixes (better code share across *BSD).
|
#
1.7 |
|
30-Jul-1999 |
itojun |
remove reference to in6_systm.h (file itself will be removed afterwords)
|
#
1.6 |
|
27-Jul-1999 |
explorer |
Fix a problem where tcp_slowtimo was called twice, once for ipv4 tcp and once for ipv6. This patch makes the ipv6 case pass NULLs in for fast and slow timeouts iff defined(INET) and passes in the right function if !defined(INET).
Reveiwed by itojun@iijlab.net.
|
#
1.5 |
|
22-Jul-1999 |
itojun |
change unnecessary u_long/long into u_int32_t or something relevant. more fixes should follow.
|
#
1.4 |
|
09-Jul-1999 |
thorpej |
defopt IPSEC and IPSEC_ESP (both into opt_ipsec.h).
|
#
1.3 |
|
03-Jul-1999 |
thorpej |
RCS ID police.
|
#
1.2 |
|
01-Jul-1999 |
itojun |
branches: 1.2.2; IPv6 kernel code, based on KAME/NetBSD 1.4, SNAP kit 19990628. (Sorry for a big commit, I can't separate this into several pieces...) Pls check sys/netinet6/TODO and sys/netinet6/IMPLEMENTATION for details.
- sys/kern: do not assume single mbuf, accept chained mbuf on passing data from userland to kernel (or other way round). - "midway" ATM card: ATM PVC pseudo device support, like those done in ALTQ package (ftp://ftp.csl.sony.co.jp/pub/kjc/). - sys/netinet/tcp*: IPv4/v6 dual stack tcp support. - sys/netinet/{ip6,icmp6}.h, sys/net/pfkeyv2.h: IETF document assumes those file to be there so we patch it up. - sys/netinet: IPsec additions are here and there. - sys/netinet6/*: most of IPv6 code sits here. - sys/netkey: IPsec key management code - dev/pci/pcidevs: regen
In my understanding no code here is subject to export control so it should be safe.
|
#
1.1 |
|
28-Jun-1999 |
itojun |
branches: 1.1.2; file in6_proto.c was initially added on branch kame.
|
#
1.114 |
|
13-Dec-2016 |
ozaki-r |
Remove unnecessary inclusions of nd6.h
|
Revision tags: nick-nhusb-base-20161204 pgoyette-localcount-20161104 nick-nhusb-base-20161004 localcount-20160914 pgoyette-localcount-20160806 pgoyette-localcount-20160726 pgoyette-localcount-base nick-nhusb-base-20160907
|
#
1.113 |
|
06-Jul-2016 |
ozaki-r |
Move in6_ifaddr_list to a more proper place (from ip6_input.c to in6.c)
It's a similar place as the IPv4 address list, i.e., in.c.
More varibles will join together.
|
Revision tags: nick-nhusb-base-20160529
|
#
1.112 |
|
26-Apr-2016 |
ozaki-r |
Sweep unnecessary route.h inclusions
|
Revision tags: nick-nhusb-base-20160422
|
#
1.111 |
|
11-Apr-2016 |
ozaki-r |
Sweep unncessary radix.h inclusions
|
Revision tags: nick-nhusb-base-20160319
|
#
1.110 |
|
21-Jan-2016 |
riastradh |
Revert previous: ran cvs commit when I meant cvs diff. Sorry!
Hit up-arrow one too few times.
|
#
1.109 |
|
21-Jan-2016 |
riastradh |
Give proper prototype to ip_output.
|
#
1.108 |
|
20-Jan-2016 |
riastradh |
Eliminate struct protosw::pr_output.
You can't use this unless you know what it is a priori: the formal prototype is variadic, and the different instances (e.g., ip_output, route_output) have different real prototypes.
Convert the only user of it, raw_send in net/raw_cb.c, to take an explicit callback argument. Convert the only instances of it, route_output and key_output, to such explicit callbacks for raw_send. Use assertions to make sure the conversion to explicit callbacks is warranted.
Discussed on tech-net with no objections: https://mail-index.netbsd.org/tech-net/2016/01/16/msg005484.html
|
Revision tags: nick-nhusb-base-20151226
|
#
1.107 |
|
13-Oct-2015 |
rjs |
Add core networking support for SCTP.
|
Revision tags: nick-nhusb-base-20150921
|
#
1.106 |
|
24-Aug-2015 |
pooka |
sprinkle _KERNEL_OPT
|
Revision tags: nick-nhusb-base-20150606
|
#
1.105 |
|
22-Apr-2015 |
roy |
Move INET6 specific in6_if_{up,down}() and in6_if_link_{up,down}() into agnostic domain functions.
|
Revision tags: nick-nhusb-base-20150406
|
#
1.104 |
|
10-Feb-2015 |
rjs |
Add DCCP protocol support from KAME.
|
Revision tags: netbsd-7-0-2-RELEASE netbsd-7-nhusb-base netbsd-7-0-1-RELEASE netbsd-7-0-RELEASE netbsd-7-0-RC3 netbsd-7-0-RC2 netbsd-7-0-RC1 nick-nhusb-base netbsd-7-base tls-earlyentropy-base tls-maxphys-base
|
#
1.103 |
|
05-Jun-2014 |
rmind |
branches: 1.103.4; - Implement pktqueue interface for lockless IP input queue. - Replace ipintrq and ip6intrq with the pktqueue mechanism. - Eliminate kernel-lock from ipintr() and ip6intr(). - Some preparation work to push softnet_lock out of ipintr().
Discussed on tech-net.
|
#
1.102 |
|
22-May-2014 |
rmind |
Move udp6_input(), udp6_sendup(), udp6_realinput() and udp6_input_checksum() from udp_usrreq.c to udp6_usrreq.c where they belong. No functional change.
|
Revision tags: rmind-smpnet-nbase rmind-smpnet-base
|
#
1.101 |
|
18-May-2014 |
rmind |
Add struct pr_usrreqs with a pr_generic function and prepare for the dismantling of pr_usrreq in the protocols; no functional change intended. PRU_ATTACH/PRU_DETACH changes will follow soon.
Bump for struct protosw. Welcome to 6.99.62!
|
Revision tags: yamt-pagecache-base9 riastradh-xf86-video-intel-2-7-1-pre-2-21-15 riastradh-drm2-base3
|
#
1.100 |
|
02-Jan-2014 |
pooka |
branches: 1.100.2; Allow kernels compiled with INET+INET6 to be booted as IPv4-only or IPv6-only.
|
Revision tags: riastradh-drm2-base2 riastradh-drm2-base1 riastradh-drm2-base
|
#
1.99 |
|
05-Jun-2013 |
christos |
branches: 1.99.2; IPSEC has not come in two speeds for a long time now (IPSEC == kame, FAST_IPSEC). Make everything refer to IPSEC to avoid confusion.
|
Revision tags: agc-symver-base
|
#
1.98 |
|
01-Mar-2013 |
joerg |
Retire OSI network stack. OK core@
|
Revision tags: yamt-pagecache-base8 yamt-pagecache-base7 yamt-pagecache-base6
|
#
1.97 |
|
23-Jun-2012 |
christos |
branches: 1.97.2; 4 new sysctls to avoid ipv6 DoS attacks from OpenBSD
|
Revision tags: jmcneill-usbmp-base10 yamt-pagecache-base5 jmcneill-usbmp-base9 yamt-pagecache-base4 jmcneill-usbmp-base8
|
#
1.96 |
|
22-Mar-2012 |
drochner |
remove KAME IPSEC, replaced by FAST_IPSEC
|
Revision tags: netbsd-6-0-2-RELEASE netbsd-6-1-RELEASE netbsd-6-1-RC4 netbsd-6-1-RC3 netbsd-6-1-RC2 netbsd-6-1-RC1 netbsd-6-0-1-RELEASE matt-nb6-plus-nbase netbsd-6-0-RELEASE netbsd-6-0-RC2 matt-nb6-plus-base netbsd-6-0-RC1 jmcneill-usbmp-base7 jmcneill-usbmp-base6 jmcneill-usbmp-base5 jmcneill-usbmp-base4 jmcneill-usbmp-base3 jmcneill-usbmp-base2 netbsd-6-base
|
#
1.95 |
|
31-Dec-2011 |
christos |
branches: 1.95.2; 1.95.6; 1.95.8; - fix offsetof usage, and redundant defines - kill pointer casts to 0
|
#
1.94 |
|
19-Dec-2011 |
drochner |
rename the IPSEC in-kernel CPP variable and config(8) option to KAME_IPSEC, and make IPSEC define it so that existing kernel config files work as before Now the default can be easily be changed to FAST_IPSEC just by setting the IPSEC alias to FAST_IPSEC.
|
Revision tags: jmcneill-usbmp-pre-base2 jmcneill-usbmp-base jmcneill-audiomp3-base yamt-pagecache-base3 yamt-pagecache-base2 yamt-pagecache-base
|
#
1.93 |
|
24-Sep-2011 |
christos |
branches: 1.93.2; 1.93.6; Add inet6 part of the rfc6056 code contributed by Vlad Balan as part of Google SoC-2011
|
Revision tags: rmind-uvmplock-nbase cherry-xenmp-base rmind-uvmplock-base
|
#
1.92 |
|
24-May-2011 |
spz |
RA flood mitigation via a limit on accepted routes: - introduce a limit for the routes accepted via IPv6 Router Advertisement: a common 2 interface client will have 6, the default limit is 100 and can be adjusted via sysctl - report the current number of routes installed via RA via sysctl - count discarded route additions. Note that one RA message is two routes. This is at present only across all interfaces even though per-interface would be more useful, since the per-interface structure complies to RFC2466 - bump kernel version due to the previous change - adjust netstat to use the new value (with netstat -p icmp6)
|
#
1.91 |
|
03-May-2011 |
dyoung |
*_drain() routines may be called with locks held, so instead of doing any work in *_drain(), set a drain-needed flag. Do the work in the fasttimo handler.
Contributed by Coyote Point Systems, Inc.
|
#
1.90 |
|
31-Mar-2011 |
dyoung |
Hide the radix-trie implementation of the forwarding table so that we will have an easier time replacing it with something different, even if it is a second radix-trie implementation.
sys/net/route.c and sys/net/rtsock.c no longer operate directly on radix_nodes or radix_node_heads.
Hopefully this will reduce the temptation to implement multipath or source-based routing using grotty hacks to the grotty old radix-trie code, too. :-)
|
Revision tags: bouyer-quota2-nbase bouyer-quota2-base jruoho-x86intr-base matt-mips64-premerge-20101231 uebayasi-xip-base4 uebayasi-xip-base3 yamt-nfs-mp-base11
|
#
1.89 |
|
24-Aug-2010 |
jakllsch |
branches: 1.89.2; Make the EtherIP in IPv6 input path work. XXX: Figure out if we really need a separate protosw for IPv6.
|
Revision tags: uebayasi-xip-base2 yamt-nfs-mp-base10 uebayasi-xip-base1 yamt-nfs-mp-base9 uebayasi-xip-base
|
#
1.88 |
|
04-Feb-2010 |
joerg |
branches: 1.88.2; 1.88.4; Explicitly include opt_gateway.h when depending on GATEWAY.
|
Revision tags: matt-premerge-20091211 yamt-nfs-mp-base8 jym-xensuspend-nbase
|
#
1.87 |
|
11-Sep-2009 |
dyoung |
Make ifconfig(8) set and display preference numbers for IPv6 addresses. Make the kernel support SIOC[SG]IFADDRPREF for IPv6 interface addresses.
In in6ifa_ifpforlinklocal(), consult preference numbers before making an otherwise arbitrary choice of in6_ifaddr. Otherwise, preference numbers are *not* consulted by the kernel, but that will be rather easy for somebody with a little bit of free time to fix.
Please note that setting the preference number for a link-local IPv6 address does not work right, yet, but that ought to be fixed soon.
In support of the changes above,
1 Add a method to struct domain for "externalizing" a sockaddr, and provide an implementation for IPv6. Expect more work in this area: it may be more proper to say that the IPv6 implementation "internalizes" a sockaddr. Add sockaddr_externalize().
2 Add a subroutine, sofamily(), that returns a struct socket's address family or AF_UNSPEC.
3 Make a lot of IPv4-specific code generic, and move it from sys/netinet/ to sys/net/ for re-use by IPv6 parts of the kernel and ifconfig(8).
|
#
1.86 |
|
11-Sep-2009 |
dyoung |
Nothing uses sockaddr_in6_cmp() right now, and the generic sockaddr_cmp() is probably as fast or faster than calling sockaddr_in6_cmp() through a function pointer, so let's stop compiling it.
|
#
1.85 |
|
21-Aug-2009 |
tsutsui |
Fix error on kernels with options IPSEC without options IPSEC_ESP. Found on building evbppc/conf/PMPPC.
|
Revision tags: yamt-nfs-mp-base7 jymxensuspend-base yamt-nfs-mp-base6 yamt-nfs-mp-base5 yamt-nfs-mp-base4 yamt-nfs-mp-base3 nick-hppapmap-base4 nick-hppapmap-base3 jym-xensuspend-base nick-hppapmap-base
|
#
1.84 |
|
23-Mar-2009 |
liamjfoy |
Init ip6flow pool dynamically instead of using a linkset.
|
Revision tags: nick-hppapmap-base2 haad-dm-base2 haad-nbase2 ad-audiomp2-base haad-dm-base mjf-devfs2-base
|
#
1.83 |
|
25-Nov-2008 |
pooka |
branches: 1.83.4; Make dom_maxrtkey of inet/inet6domain the size of the ip_encap pack structures. This is far from optimal, but gets rid of iffy #ifdef INET in radix.c. The radix bonsai still needs lots of love before loading domains dynamically is possible...
|
Revision tags: netbsd-5-1-5-RELEASE netbsd-5-1-4-RELEASE netbsd-5-1-3-RELEASE netbsd-5-1-2-RELEASE netbsd-5-1-1-RELEASE matt-nb5-mips64-premerge-20101231 netbsd-5-1-RELEASE netbsd-5-1-RC4 matt-nb5-mips64-k15 netbsd-5-1-RC3 netbsd-5-1-RC2 netbsd-5-1-RC1 netbsd-5-0-2-RELEASE matt-nb5-mips64-premerge-20091211 matt-nb5-mips64-u2-k2-k4-k7-k8-k9 matt-nb4-mips64-k7-u2a-k9b matt-nb5-mips64-u1-k1-k5 netbsd-5-0-1-RELEASE netbsd-5-0-RELEASE netbsd-5-0-RC4 netbsd-5-0-RC3 netbsd-5-0-RC2 netbsd-5-0-RC1 netbsd-5-base matt-mips64-base2 haad-dm-base1 wrstuden-revivesa-base-4 wrstuden-revivesa-base-3 wrstuden-revivesa-base-2 wrstuden-revivesa-base-1 simonb-wapbl-nbase yamt-pf42-base4 simonb-wapbl-base yamt-pf42-base3 hpcarm-cleanup-nbase yamt-pf42-base2 yamt-nfs-mp-base2 wrstuden-revivesa-base yamt-nfs-mp-base
|
#
1.82 |
|
24-Apr-2008 |
ad |
branches: 1.82.2; 1.82.8; 1.82.10; 1.82.12; Merge the socket locking patch:
- Socket layer becomes MP safe. - Unix protocols become MP safe. - Allows protocol processing interrupts to safely block on locks. - Fixes a number of race conditions.
With much feedback from matt@ and plunky@.
|
#
1.81 |
|
23-Apr-2008 |
thorpej |
Make IPSEC and FAST_IPSEC stats per-cpu. Use <net/net_stats.h> and netstat_sysctl().
|
Revision tags: yamt-pf42-baseX yamt-pf42-base
|
#
1.80 |
|
15-Apr-2008 |
thorpej |
branches: 1.80.2; Make pim6 stats per-cpu.
|
Revision tags: ad-socklock-base1 yamt-lazymbuf-base15 yamt-lazymbuf-base14 keiichi-mipv6-nbase nick-net80211-sync-base keiichi-mipv6-base bouyer-xeni386-merge1 vmlocking2-base3 bouyer-xeni386-nbase yamt-kmem-base3 cube-autoconf-base yamt-kmem-base2 bouyer-xeni386-base yamt-kmem-base vmlocking2-base2 reinoud-bufcleanup-nbase vmlocking2-base1 matt-armv6-nbase jmcneill-base mjf-devfs-base bouyer-xenamd64-base2 vmlocking-nbase yamt-x86pmap-base4 bouyer-xenamd64-base yamt-x86pmap-base3 yamt-x86pmap-base2 yamt-x86pmap-base matt-armv6-base jmcneill-pm-base hpcarm-cleanup-base reinoud-bufcleanup-base vmlocking-base
|
#
1.79 |
|
19-Sep-2007 |
dyoung |
branches: 1.79.16; 1.79.20; 1) Introduce a new socket option, (SOL_SOCKET, SO_NOHEADER), that tells a socket that it should both add a protocol header to tx'd datagrams and remove the header from rx'd datagrams:
int onoff = 1, s = socket(...); setsockopt(s, SOL_SOCKET, SO_NOHEADER, &onoff);
2) Add an implementation of (SOL_SOCKET, SO_NOHEADER) for raw IPv4 sockets.
3) Reorganize the protocols' pr_ctloutput implementations a bit. Consistently return ENOPROTOOPT when an option is unsupported, and EINVAL if a supported option's arguments are incorrect. Reorganize the flow of code so that it's more clear how/when options are passed down the stack until they are handled.
Shorten some pr_ctloutput staircases for readability.
4) Extract common mbuf code into subroutines, add new sockaddr methods, and introduce a new subroutine, fsocreate(), for reuse later; use it first in sys_socket():
struct mbuf *m_getsombuf(struct socket *so)
Create an mbuf and make its owner the socket `so'.
struct mbuf *m_intopt(struct socket *so, int val)
Create an mbuf, make its owner the socket `so', put the int `val' into it, and set its length to sizeof(int).
int fsocreate(..., int *fd)
Create a socket, a la socreate(9), put the socket into the given LWP's descriptor table, return the descriptor at `fd' on success.
void *sockaddr_addr(struct sockaddr *sa, socklen_t *slenp) const void *sockaddr_const_addr(const struct sockaddr *sa, socklen_t *slenp)
Extract a pointer to the address part of a sockaddr. Write the length of the address part at `slenp', if `slenp' is not NULL.
socklen_t sockaddr_getlen(const struct sockaddr *sa)
Return the length of a sockaddr. This just evaluates to sa->sa_len. I only add this for consistency with code that appears in a portable userland library that I am going to import.
const struct sockaddr *sockaddr_any(const struct sockaddr *sa)
Return the "don't care" sockaddr in the same family as `sa'. This is the address a client should sobind(9) if it does not care the source address and, if applicable, the port et cetera that it uses.
const void *sockaddr_anyaddr(const struct sockaddr *sa, socklen_t *slenp)
Return the "don't care" sockaddr in the same family as `sa'. This is the address a client should sobind(9) if it does not care the source address and, if applicable, the port et cetera that it uses.
|
Revision tags: nick-csl-alignment-base5
|
#
1.78 |
|
30-Aug-2007 |
dyoung |
Use malloc(9) for sockaddrs instead of pool(9), and remove dom_sa_pool and dom_sa_len members from struct domain. Pools of fixed-size objects are too rigid for sockaddr_dls, whose size can vary over a wide range.
Return sockaddr_dl to its "historical" size. Now that I'm using malloc(9) instead of pool(9) to allocate sockaddr_dl, I can create a sockaddr_dl of any size in the kernel, so expanding sockaddr_dl is useless.
Avoid using sizeof(struct sockaddr_dl) in the kernel.
Introduce sockaddr_dl_alloc() for allocating & initializing an arbitrary sockaddr_dl on the heap.
Add an argument, the sockaddr length, to sockaddr_alloc(), sockaddr_copy(), and sockaddr_dl_setaddr().
Constify: LLADDR() -> CLLADDR().
Where the kernel overwrites LLADDR(), use sockaddr_dl_setaddr(), instead. Used properly, sockaddr_dl_setaddr() will not overrun the end of the sockaddr.
|
Revision tags: matt-mips64-base nick-csl-alignment-base yamt-idlelwp-base8 mjf-ufs-trans-base
|
#
1.77 |
|
06-May-2007 |
dyoung |
branches: 1.77.2; 1.77.6; 1.77.8; In AppleTalk, IPv4, and IPv6 routing domains, help sockaddr_cmp() avoid an indirect function call by comparing the family, length, and bytes [dom->dom_sa_cmpofs, dom->dom_sa_cmpofs + dom->dom_sa_cmplen), corresponding to the the sockaddrs' "address" members.
For ISO, actually use sockaddr_iso_cmp, for a change. Thanks to yamt@ for pointing out my error.
|
#
1.76 |
|
02-May-2007 |
dyoung |
Eliminate address family-specific route caches (struct route, struct route_in6, struct route_iso), replacing all caches with a struct route.
The principle benefit of this change is that all of the protocol families can benefit from route cache-invalidation, which is necessary for correct routing. Route-cache invalidation fixes an ancient PR, kern/3508, at long last; it fixes various other PRs, also.
Discussions with and ideas from Joerg Sonnenberger influenced this work tremendously. Of course, all design oversights and bugs are mine.
DETAILS
1 I added to each address family a pool of sockaddrs. I have introduced routines for allocating, copying, and duplicating, and freeing sockaddrs:
struct sockaddr *sockaddr_alloc(sa_family_t af, int flags); struct sockaddr *sockaddr_copy(struct sockaddr *dst, const struct sockaddr *src); struct sockaddr *sockaddr_dup(const struct sockaddr *src, int flags); void sockaddr_free(struct sockaddr *sa);
sockaddr_alloc() returns either a sockaddr from the pool belonging to the specified family, or NULL if the pool is exhausted. The returned sockaddr has the right size for that family; sa_family and sa_len fields are initialized to the family and sockaddr length---e.g., sa_family = AF_INET and sa_len = sizeof(struct sockaddr_in). sockaddr_free() puts the given sockaddr back into its family's pool.
sockaddr_dup() and sockaddr_copy() work analogously to strdup() and strcpy(), respectively. sockaddr_copy() KASSERTs that the family of the destination and source sockaddrs are alike.
The 'flags' argumet for sockaddr_alloc() and sockaddr_dup() is passed directly to pool_get(9).
2 I added routines for initializing sockaddrs in each address family, sockaddr_in_init(), sockaddr_in6_init(), sockaddr_iso_init(), etc. They are fairly self-explanatory.
3 structs route_in6 and route_iso are no more. All protocol families use struct route. I have changed the route cache, 'struct route', so that it does not contain storage space for a sockaddr. Instead, struct route points to a sockaddr coming from the pool the sockaddr belongs to. I added a new method to struct route, rtcache_setdst(), for setting the cache destination:
int rtcache_setdst(struct route *, const struct sockaddr *);
rtcache_setdst() returns 0 on success, or ENOMEM if no memory is available to create the sockaddr storage.
It is now possible for rtcache_getdst() to return NULL if, say, rtcache_setdst() failed. I check the return value for NULL everywhere in the kernel.
4 Each routing domain (struct domain) has a list of live route caches, dom_rtcache. rtflushall(sa_family_t af) looks up the domain indicated by 'af', walks the domain's list of route caches and invalidates each one.
|
Revision tags: thorpej-atomic-base
|
#
1.75 |
|
07-Mar-2007 |
liamjfoy |
branches: 1.75.2; 1.75.4; Add IPv6 Fast Forward - the IPv4 counterpart:
If ip6_forward successfully forwards a packet, a cache, in this case a ip6flow struct entry, will be created. ether_input and friends will then be able to call ip6flow_fastforward with the packet which will then be passed to if_output (unless an issue is found - in that case the packet is passed back to ip6_input).
ok matt@ christos@ dyoung@ and joerg@
|
#
1.74 |
|
06-Mar-2007 |
liamjfoy |
Fix some style issues - no functional change
|
#
1.73 |
|
27-Feb-2007 |
degroote |
Initialize fast_ipsec entry in the protocol switch with structure initializers as other entries.
|
Revision tags: ad-audiomp-base
|
#
1.72 |
|
19-Feb-2007 |
dyoung |
Initialize protocol switch with structure initializers.
|
#
1.71 |
|
17-Feb-2007 |
dyoung |
0 -> NULL
|
#
1.70 |
|
10-Feb-2007 |
degroote |
branches: 1.70.2; Commit my SoC work Add ipv6 support for fast_ipsec Note that currently, packet with extensions headers are not correctly supported Change the ipcomp logic
|
Revision tags: post-newlock2-merge newlock2-nbase yamt-splraiseipl-base5 yamt-splraiseipl-base4 yamt-splraiseipl-base3 newlock2-base
|
#
1.69 |
|
09-Dec-2006 |
dyoung |
Here are various changes designed to protect against bad IPv4 routing caused by stale route caches (struct route). Route caches are sprinkled throughout PCBs, the IP fast-forwarding table, and IP tunnel interfaces (gre, gif, stf).
Stale IPv6 and ISO route caches will be treated by separate patches.
Thank you to Christoph Badura for suggesting the general approach to invalidating route caches that I take here.
Here are the details:
Add hooks to struct domain for tracking and for invalidating each domain's route caches: dom_rtcache, dom_rtflush, and dom_rtflushall.
Introduce helper subroutines, rtflush(ro) for invalidating a route cache, rtflushall(family) for invalidating all route caches in a routing domain, and rtcache(ro) for notifying the domain of a new cached route.
Chain together all IPv4 route caches where ro_rt != NULL. Provide in_rtcache() for adding a route to the chain. Provide in_rtflush() and in_rtflushall() for invalidating IPv4 route caches. In in_rtflush(), set ro_rt to NULL, and remove the route from the chain. In in_rtflushall(), walk the chain and remove every route cache.
In rtrequest1(), call rtflushall() to invalidate route caches when a route is added.
In gif(4), discard the workaround for stale caches that involves expiring them every so often.
Replace the pattern 'RTFREE(ro->ro_rt); ro->ro_rt = NULL;' with a call to rtflush(ro).
Update ipflow_fastforward() and all other users of route caches so that they expect a cached route, ro->ro_rt, to turn to NULL.
Take care when moving a 'struct route' to rtflush() the source and to rtcache() the destination.
In domain initializers, use .dom_xxx tags.
KNF here and there.
|
Revision tags: netbsd-4-base
|
#
1.68 |
|
23-Nov-2006 |
rpaulo |
branches: 1.68.2; 1.68.4; New EtherIP driver based on tap(4) and gif(4) by Hans Rosenfeld. Notable changes: * Fixes PR 34268. * Separates the code from gif(4) (which is more cleaner). * Allows the usage of STP (Spanning Tree Protocol). * Removed EtherIP implementation from gif(4)/tap(4).
Some input from Christos.
|
Revision tags: yamt-splraiseipl-base2
|
#
1.67 |
|
10-Oct-2006 |
dogcow |
change the MOWNER_INIT define to take two args; fix extant struct mowner decls to use it. Makes options MBUFTRACE compile again and not whinge about missing structure declarations. (Also makes initialization consistent.)
|
Revision tags: yamt-splraiseipl-base yamt-pdpolicy-base9 yamt-pdpolicy-base8 rpaulo-netinet-merge-pcb-base
|
#
1.66 |
|
30-Aug-2006 |
christos |
branches: 1.66.2; 1.66.4; add missing initializers
|
#
1.65 |
|
28-Aug-2006 |
christos |
remove extra members
|
#
1.64 |
|
25-Aug-2006 |
matt |
One step closer to loadable domains. Store pointers to a domain's soft interrupt queues so if_detach can remove packets to removed interfaces from them. This eliminates a lot of conditional ugly code in if.c
|
Revision tags: abandoned-netbsd-4-base yamt-pdpolicy-base7 yamt-pdpolicy-base6 chap-midi-nbase gdamore-uart-base yamt-pdpolicy-base5 chap-midi-base simonb-timecounters-base
|
#
1.63 |
|
18-May-2006 |
liamjfoy |
Integrate Common Address Redundancy Procotol (CARP) from OpenBSD
'pseudo-device carp'
Thanks to: joerg@ christos@ riz@ and others who tested Ok: core@
|
Revision tags: yamt-pdpolicy-base4 yamt-pdpolicy-base3 peter-altq-base yamt-pdpolicy-base2 elad-kernelauth-base
|
#
1.62 |
|
05-Mar-2006 |
rpaulo |
branches: 1.62.4; NDP-related improvements: RFC4191 - supports host-side router-preference
RFC3542 - if DAD fails on a interface, disables IPv6 operation on the interface - don't advertise MLD report before DAD finishes
Others - fixes integer overflow for valid and preferred lifetimes - improves timer granularity for MLD, using callout-timer. - reflects rtadvd's IPv6 host variable information into kernel (router only) - adds a sysctl option to enable/disable pMTUd for multicast packets - performs NUD on PPP/GRE interface by default - Redirect works regardless of ip6_accept_rtadv - removes RFC1885-related code
From the KAME project via SUZUKI Shinsuke. Reviewed by core.
|
Revision tags: yamt-pdpolicy-base yamt-uio_vmspace-base5
|
#
1.61 |
|
11-Dec-2005 |
christos |
branches: 1.61.4; 1.61.6; 1.61.8; merge ktrace-lwp.
|
Revision tags: yamt-readahead-base3 yamt-readahead-base2 yamt-readahead-pervnode yamt-readahead-perfile yamt-readahead-base yamt-vop-base3 yamt-vop-base2 thorpej-vnode-attr-base yamt-vop-base ktrace-lwp-base
|
#
1.60 |
|
19-Jul-2005 |
gdt |
Add PR_PURGEIF flag for protocols to indicate that the protocol might store a struct ifnet *, and define it for udp/tcp/rawip for INET and INET6. When deleting a struct ifnet, invoke PRU_PURGEIF on all protocols marked with PR_PURGEIF. Closes PR kern/29580 (mine).
|
#
1.59 |
|
29-May-2005 |
christos |
branches: 1.59.2; - avoid shadowed variables - sprinkle const.
|
Revision tags: yamt-km-base4 yamt-km-base3 netbsd-3-base yamt-km-base2 yamt-km-base kent-audio2-base
|
#
1.58 |
|
23-Jan-2005 |
matt |
branches: 1.58.6; Change initialzie of domains to use link sets. Switch to using STAILQ. Add a convenience macro DOMAIN_FOREACH to interate through the domain.
|
Revision tags: kent-audio1-beforemerge kent-audio1-base
|
#
1.57 |
|
22-Apr-2004 |
matt |
branches: 1.57.4; Constify protosw arrays. This can reduce the kernel .data section by over 4K (if all the network protocols) are loaded.
|
Revision tags: netbsd-2-0-3-RELEASE netbsd-2-1-RELEASE netbsd-2-1-RC6 netbsd-2-1-RC5 netbsd-2-1-RC4 netbsd-2-1-RC3 netbsd-2-1-RC2 netbsd-2-1-RC1 netbsd-2-0-2-RELEASE netbsd-2-0-1-RELEASE netbsd-2-base netbsd-2-0-RELEASE netbsd-2-0-RC5 netbsd-2-0-RC4 netbsd-2-0-RC3 netbsd-2-0-RC2 netbsd-2-0-RC1 netbsd-2-0-base
|
#
1.56 |
|
04-Dec-2003 |
atatat |
Dynamic sysctl.
Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(), vfs_sysctl(), etc, routines, along with sysctl_int() et al. Now all nodes are registered with the tree, and nodes can be added (or removed) easily, and I/O to and from the tree is handled generically.
Since the nodes are registered with the tree, the mapping from name to number (and back again) can now be discovered, instead of having to be hard coded. Adding new nodes to the tree is likewise much simpler -- the new infrastructure handles almost all the work for simple types, and just about anything else can be done with a small helper function.
All existing nodes are where they were before (numerically speaking), so all existing consumers of sysctl information should notice no difference.
PS - I'm sorry, but there's a distinct lack of documentation at the moment. I'm working on sysctl(3/8/9) right now, and I promise to watch out for buses.
|
#
1.55 |
|
03-Nov-2003 |
briggs |
Revert the change in default value of ipv6_v6only. Further discussion on this topic is required. It should be reintroduced and pursued in the IETF.
|
#
1.54 |
|
28-Oct-2003 |
briggs |
Toggle the default value of ip6_v6only. Also provide a sample sysctl to retain the existing behavior.
|
#
1.53 |
|
06-Sep-2003 |
itojun |
randomize IPv4/v6 fragment ID and IPv6 flowlabel. avoids predictability of these fields. ip_id.c is from openbsd. ip6_id.c is adapted by kame.
|
#
1.52 |
|
05-Sep-2003 |
itojun |
call tcp_drain() if IPv4-less kernel
|
#
1.51 |
|
04-Sep-2003 |
itojun |
revamp inpcb/in6pcb so that they are more aligned with each other. in6pcb lookup now uses hash(9).
|
#
1.50 |
|
14-Aug-2003 |
itojun |
enforce ipsec policy on raw wildcard.
|
#
1.49 |
|
07-Aug-2003 |
agc |
Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22364, verified by myself.
|
#
1.48 |
|
07-Aug-2003 |
itojun |
make net.inet6.ip6.redirect actually work. from Tomoyuki Sahara via kame
|
#
1.47 |
|
17-Apr-2003 |
thorpej |
branches: 1.47.2; Protect the definition of offsetof().
|
Revision tags: nathanw_sa_before_merge fvdl_fs64_base gmcgarry_ctxsw_base gmcgarry_ucred_base nathanw_sa_base
|
#
1.46 |
|
11-Nov-2002 |
itojun |
pmtu_probe is not used anywhere (it is used in KAME TCP6-only code). From: Krister Walfridsson <cato@df.lth.se>
|
Revision tags: kqueue-aftermerge kqueue-beforemerge gehenna-devsw-base kqueue-base
|
#
1.45 |
|
20-Aug-2002 |
itojun |
sync up use_deprecated handling with latest kame. - bind(deprecated) is allowed, trusting userland app is doing the right thing - use_deprecated default to 1
|
#
1.44 |
|
17-Aug-2002 |
itojun |
set default value for use_deprecated to 0, to avoid consequences with ftpd.
|
#
1.43 |
|
09-Jun-2002 |
itojun |
whitespace cleanup
|
#
1.42 |
|
08-Jun-2002 |
itojun |
whitespace cleanup
|
#
1.41 |
|
29-May-2002 |
itojun |
move per-interface ip6/icmp6 stat to ifnet->if_afdata. sync w/kame
|
#
1.40 |
|
28-May-2002 |
itojun |
limit number of IPv6 fragments (not the fragment queue size) to fight against lots-of-frags DoS attacks. sync w/kame
|
Revision tags: netbsd-1-6-RC1 netbsd-1-6-base eeh-devprop-base
|
#
1.39 |
|
15-Mar-2002 |
itojun |
branches: 1.39.4; 1.39.6; have tcp6_drain
|
Revision tags: newlock-base ifpoll-base
|
#
1.38 |
|
21-Dec-2001 |
itojun |
call encap6_ctlinput on icmp6 against tunnelled packet. sync w/kame
|
#
1.37 |
|
21-Dec-2001 |
itojun |
use radix table for inbound tunnel lookup (would increase performance for machines with a lot of tunnels). update route cache for IPvX-over-IPv6 tunnel on path MTU discovery. snyc with kame
|
#
1.36 |
|
21-Dec-2001 |
itojun |
move in6_gif_hlim decl to in6_gif.c. sync with kame
|
#
1.35 |
|
21-Dec-2001 |
itojun |
move protosw fragment for gif/stf to their own source code. reduce #ifdef in stf code. sync with kame
|
#
1.34 |
|
13-Nov-2001 |
lukem |
add RCSIDs
|
Revision tags: thorpej-mips-cache-base
|
#
1.33 |
|
24-Oct-2001 |
itojun |
no tcp_fasttimo any more. PR 14333
|
#
1.32 |
|
24-Oct-2001 |
itojun |
more whitespace sync with kame
|
#
1.31 |
|
16-Oct-2001 |
itojun |
branches: 1.31.2; remove unused #define. sync whitespace/comment with kame.
|
#
1.30 |
|
15-Oct-2001 |
itojun |
implement IPV6_V6ONLY socket option from draft-ietf-ipngwg-rfc2553bis-03.txt. IPV6_BINDV6ONLY (netbsd only) is deprecated, but still work just like before.
|
Revision tags: thorpej-devvp-base3 thorpej-devvp-base2 post-chs-ubcperf pre-chs-ubcperf thorpej-devvp-base thorpej_scsipi_beforemerge thorpej_scsipi_nbase thorpej_scsipi_base
|
#
1.29 |
|
21-Mar-2001 |
thorpej |
branches: 1.29.2; Add a protosw flag, PR_ABRTACPTDIS (Abort on Accept of Disconnected Socket), and add it to the protocols that use that behavior (all PR_LISTEN protocols except for PF_LOCAL stream sockets).
|
#
1.28 |
|
01-Mar-2001 |
itojun |
branches: 1.28.2; make sure to enforce inbound ipsec policy checking, for any protocols on top of ip (check it when final header is visited). sync with kame. XXX kame team will need to re-check policy engine code
|
#
1.27 |
|
21-Feb-2001 |
itojun |
need PR_ADDR|PR_ATOMIC for IPPROTO_EON. fix typo. from chopps, sync with kame
|
#
1.26 |
|
20-Feb-2001 |
itojun |
ISO over IPv4/v6 by EON encapsulation. from chopps, sync with kame.
|
#
1.25 |
|
11-Feb-2001 |
itojun |
pull latest kame pcbnotify code. synchronizes ICMPv6 path mtu discovery behavior with other protocols (i.e. validation, use of hiwat/lowat).
|
#
1.24 |
|
11-Feb-2001 |
itojun |
whitespace sync with kame
|
#
1.23 |
|
19-Oct-2000 |
itojun |
remove #ifdef TCP6. it is not likely for us to bring in sys/netinet6/tcp6*.c (separate TCP/IPv6 stack) into netbsd-current.
|
#
1.22 |
|
18-Oct-2000 |
itojun |
verify ICMPv6 too big messages based on TCP pcbs, and/or IPsec SA. TODO: udp6, and sendto consideration. as pmtud is mandatory for IPv6, it is rather important for us to support those cases. TODO: more testing TODO: kame sync
|
#
1.21 |
|
10-Oct-2000 |
itojun |
sync with kame ($KAME$)
|
#
1.20 |
|
10-Oct-2000 |
enami |
Don't initialize TCP twice on v4/v6 dual stack kernel.
|
#
1.19 |
|
28-Jul-2000 |
itojun |
nuke the following sysctl variables. "ppsratelimit" should work better. need to recompile sbin/sysctl after updating /usr/include. net.inet.tcp.rstratelimit net.inet.icmp.errratelimit net.inet6.icmp6.errratelimit
|
#
1.18 |
|
06-Jul-2000 |
itojun |
- do not use bitfield for router renumbering header. - add protection mechanism against ND cache corruption due to bad NUD hints. - more stats - icmp6 pps limitation. TOOD: should implement ppsratecheck(9).
|
Revision tags: netbsd-1-5-ALPHA2 netbsd-1-5-base minoura-xpg4dl-base
|
#
1.17 |
|
19-Apr-2000 |
itojun |
branches: 1.17.4; introduce sys/netinet/ip_encap.c, to dispatch inbound packets to protocol handlers, based on src/dst (for ip proto #4/41). see comment in ip_encap.c for details of the problem we have. there are too many protocol specs for ip proto #4/41. backward compatibility with MROUTING case is now provided in ip_encap.c.
fix ipip to work with gif (using ip_encap.c). sorry for breakage.
gif now uses ip_encap.c.
introduce stf pseudo interface (implements 6to4, another IPv6-over-IPv4 code with ip proto #41).
|
#
1.16 |
|
26-Feb-2000 |
itojun |
implement rip6_ctlinput, to cope with routing changes correctly. (IMHO we need rip_ctlinput as well)
|
#
1.15 |
|
26-Feb-2000 |
itojun |
make it possible to throw IPv6 packet with proto=4/41. (in normal case we don't do it, but this is how IPv4 in_proto is written)
|
#
1.14 |
|
14-Feb-2000 |
thorpej |
Use ratecheck() for ICMP6 rate limiting.
|
Revision tags: chs-ubc2-newbase
|
#
1.13 |
|
06-Feb-2000 |
itojun |
fix include pathname for better rfc2292 compliance.
|
#
1.12 |
|
06-Jan-2000 |
itojun |
remove extra portability #ifdef (like #ifdef __FreeBSD__) in KAME IPv6/IPsec code, from netbsd-current repository. #ifdef'ed version is always available from ftp.kame.net.
XXX please do not make too many diff-unfriendly changes, we'll need to take bunch of diffs on upgrade...
|
#
1.11 |
|
06-Jan-2000 |
itojun |
make IPV6_BINDV6ONLY setsockopt available. it controls behavior of AF_INET6 wildcard listening socket. heavily documented in ip6(4). net.inet6.ip6.bindv6only defines default value. default is 1.
"options INET6_BINDV6ONLY" removes any code fragment that supports IPV6_BINDV6ONLY == 0 case (not defopt'ed as use of this is rare).
|
#
1.10 |
|
02-Jan-2000 |
itojun |
add net.inet6.icmp6.nodeinfo sysctl. this allows you to disable/enable ICMPv6 node information query/reply processing (which tells remote end the gethostname(3) setting, interface addresses on the node, and some other things - documented in draft-ietf-ipngwg-icmp-name-lookup* or something alike).
to test it, try ping6 -w ::1 with nodeinfo=0 and nodeinfo=1. (sync with kame change)
|
Revision tags: wrstuden-devbsize-19991221 wrstuden-devbsize-base
|
#
1.9 |
|
13-Dec-1999 |
itojun |
sync IPv6 part with latest KAME tree. IPsec part is left unmodified due to massive changes in KAME side. - IPv6 output goes through nd6_output - faith can capture IPv4 packets as well - you can run IPv4-to-IPv6 translator using heavily modified DNS servers - per-interface statistics (required for IPv6 MIB) - interface autoconfig is revisited - udp input handling has a big change for mapped address support. - introduce in4_cksum() for non-overwriting checksumming - introduce m_pulldown() - neighbor discovery cleanups/improvements - netinet/in.h strictly conforms to RFC2553 (no extra defs visible to userland) - IFA_STATS is fixed a bit (not tested) - and more more more.
TODO: - cleanup os-independency #ifdef - avoid rcvif dual use (for IPsec) to help ifdetach
(sorry for jumbo commit, I can't separate this any more...)
|
Revision tags: comdex-fall-1999-base fvdl-softdep-base chs-ubc2-base
|
#
1.8 |
|
31-Jul-1999 |
itojun |
branches: 1.8.2; 1.8.8; sync with recent KAME. - loosen ipsec restriction on packet diredtion. - revise icmp6 redirect handling on IsRouter bit. - tcp/udp notification processing (link-local address case) - cosmetic fixes (better code share across *BSD).
|
#
1.7 |
|
30-Jul-1999 |
itojun |
remove reference to in6_systm.h (file itself will be removed afterwords)
|
#
1.6 |
|
27-Jul-1999 |
explorer |
Fix a problem where tcp_slowtimo was called twice, once for ipv4 tcp and once for ipv6. This patch makes the ipv6 case pass NULLs in for fast and slow timeouts iff defined(INET) and passes in the right function if !defined(INET).
Reveiwed by itojun@iijlab.net.
|
#
1.5 |
|
22-Jul-1999 |
itojun |
change unnecessary u_long/long into u_int32_t or something relevant. more fixes should follow.
|
#
1.4 |
|
09-Jul-1999 |
thorpej |
defopt IPSEC and IPSEC_ESP (both into opt_ipsec.h).
|
#
1.3 |
|
03-Jul-1999 |
thorpej |
RCS ID police.
|
#
1.2 |
|
01-Jul-1999 |
itojun |
branches: 1.2.2; IPv6 kernel code, based on KAME/NetBSD 1.4, SNAP kit 19990628. (Sorry for a big commit, I can't separate this into several pieces...) Pls check sys/netinet6/TODO and sys/netinet6/IMPLEMENTATION for details.
- sys/kern: do not assume single mbuf, accept chained mbuf on passing data from userland to kernel (or other way round). - "midway" ATM card: ATM PVC pseudo device support, like those done in ALTQ package (ftp://ftp.csl.sony.co.jp/pub/kjc/). - sys/netinet/tcp*: IPv4/v6 dual stack tcp support. - sys/netinet/{ip6,icmp6}.h, sys/net/pfkeyv2.h: IETF document assumes those file to be there so we patch it up. - sys/netinet: IPsec additions are here and there. - sys/netinet6/*: most of IPv6 code sits here. - sys/netkey: IPsec key management code - dev/pci/pcidevs: regen
In my understanding no code here is subject to export control so it should be safe.
|
#
1.1 |
|
28-Jun-1999 |
itojun |
branches: 1.1.2; file in6_proto.c was initially added on branch kame.
|