#
1.88 |
|
26-Mar-2024 |
bluhm |
Additional length check for IPv6 reassembled fragments.
FreeBSD-SA-23:06.ipv6 security advisory has added an additional overflow check in frag6_input(). OpenBSD is not affected by that as the bug was introduced by another change in 2019. The existing code is complicated and NetBSD has taken the FreeBSD fix, although they were also not affected.
The additional check makes the complicated code more robust. Length calculation taken from NetBSD. Discussed with FreeBSD.
OK sashan@ mvs@
|
Revision tags: OPENBSD_7_1_BASE OPENBSD_7_2_BASE OPENBSD_7_3_BASE OPENBSD_7_4_BASE OPENBSD_7_5_BASE
|
#
1.87 |
|
22-Feb-2022 |
guenther |
Delete unnecessary #includes of <sys/domain.h> and/or <sys/protosw.h>
net/if_pppx.c pointed out by jsg@ ok gnezdo@ deraadt@ jsg@ mpi@ millert@
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.86 |
|
26-Aug-2019 |
bluhm |
Do not use the flow of the first fragment to store ECN information. Handle the ECN in the fragment queue. Reported-by: syzbot+0aa80b25e9041001cac8@syzkaller.appspotmail.com fix from FreeBSD; OK claudio@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.85 |
|
10-Sep-2018 |
bluhm |
branches: 1.85.2; 1.85.4; Instead of calculating the mbuf packet header length here and there, put the algorithm into a new function m_calchdrlen(). Also set an uninitialized m_len to 0 in NFS code. OK claudio@
|
#
1.84 |
|
10-Sep-2018 |
bluhm |
During fragment reassembly, mbuf chains with packet headers were created. Add a new function m_removehdr() do convert packet header mbufs within the chain to regular mbufs. Assert that the mbuf at the beginning of the chain has a packet header. found by Maxime Villard in NetBSD; from markus@; OK claudio@
|
#
1.83 |
|
22-Aug-2018 |
cheloha |
frag6_slowtimo: push NET_LOCK into frag6_freef around icmp6_error.
icmp6_error() still probably needs the NET_LOCK, as the call chain icmp6_error -> icmp6_reflect -> rt_match -> rt_clone -> rtrequest is possible.
The fragment discard loop in frag6_slowtimo and the other cleanup bits in frag6_freef do not require it however. So push the lock down into frag6_freef around icmp6_error.
Prompted by mpi. Discussed with bluhm and kn. Regress test help by bluhm. Additional testing by kn.
ok kn@ visa@ mpi@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.82 |
|
01-Feb-2018 |
bluhm |
The function ip6_get_prevhdr() did return a pointer into a mbuf. It was not guaranteed that the mbuf data was not somewhere else in the chain. So return an offset and do a proper mbuf pulldown. found by Maxime Villard; from NetBSD; with markus@; OK deraadt@
|
#
1.81 |
|
14-Nov-2017 |
bluhm |
Put the net lock around frag6_freef() as it sends ICMP6 error messages. Splassert was triggered by regress/sys/netinet6/frag6. OK mpi@ sashan@ visa@
|
#
1.80 |
|
13-Nov-2017 |
mpi |
Remove 18 year old #if 0.
ok visa@, benno@
|
#
1.79 |
|
07-Nov-2017 |
visa |
Serialize access to the IPv6 reassembly queue with a mutex. This lets the code run without KERNEL_LOCK() and NET_LOCK().
In addition, this patch reorganizes a part of the code, to move some of the memory release operations outside the critical section.
Input and OK mpi@, OK florian@, an earlier version OK bluhm@
|
#
1.78 |
|
05-Nov-2017 |
florian |
Finish off pr_drain functions, they haven't been used since 2006. OK mpi
|
#
1.77 |
|
29-Oct-2017 |
florian |
Move NET_{,UN}LOCK into individual slowtimo functions.
Direction suggested by mpi
OK mpi, visa
|
#
1.76 |
|
27-Oct-2017 |
visa |
Allocate IPv6 reassembly structs using pools instead of malloc(), and drop the now redundant allocation type M_FTABLE.
OK mikeb@, bluhm@, mpi@
|
#
1.75 |
|
26-Oct-2017 |
visa |
Replace macro `IP6_REASS_MBUF' with direct use of field `ip6af_m'.
OK bluhm@, mpi@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.74 |
|
16-May-2017 |
mpi |
branches: 1.74.4; Replace remaining splsoftassert(IPL_SOFTNET) by NET_ASSERT_LOCKED().
ok visa@
|
#
1.73 |
|
14-Apr-2017 |
bluhm |
Pass down the address family through the pr_input calls. This allows to simplify code used for both IPv4 and IPv6. OK mikeb@ deraadt@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.72 |
|
05-Feb-2017 |
jca |
branches: 1.72.4; Use percpu counters for ip6stat
Try to follow the existing examples. Some notes: - don't implement counters_dec() yet, which could be used in two similar chunks of code. Let's see if there are more users first. - stop incrementing IPv6-specific mbuf stats, IPv4 has no equivalent.
Input from mpi@, ok bluhm@ mpi@
|
#
1.71 |
|
28-Nov-2016 |
mpi |
Assert that every slow/fast timeout routine is called at IPL_SOFTNET.
This removes multipe recursive splsoftnet()/splx() dances.
|
#
1.70 |
|
24-Oct-2016 |
bluhm |
When the IPv6 network stack receives an empty non atomic fragment, just drop it. It can never overlap existing content, there is no ambiguous payload. So save resources and do not try to insert it into the queue. This makes our IPv6 stack behave like pf fragment reassembly. OK deraadt@
|
#
1.69 |
|
24-Aug-2016 |
mpi |
Kill ip6_forward_rt reducing differences between v4 and v6.
A single forwarding cache is not the answer. The answer is 42... err PF!
ok bluhm@
|
#
1.68 |
|
22-Aug-2016 |
mpi |
Sizes for free(9) from David Hill.
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.67 |
|
07-Mar-2016 |
naddy |
Sync no-argument function declaration and definition by adding (void). ok mpi@ millert@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.66 |
|
03-Dec-2015 |
tedu |
rewrite if to be more clear. ok bluhm stsp
|
#
1.65 |
|
22-Oct-2015 |
mpi |
Kill dead code missed in per-ifp counter removal.
ok millert@, bluhm@
|
#
1.64 |
|
19-Oct-2015 |
mpi |
Remove superfluous NULL checks.
ifa are refcounted to ensure that rt_ifa is always valid.
|
#
1.63 |
|
10-Sep-2015 |
mpi |
Kill in6_ifstat_inc() and associated per-ifp storage.
The SIOCGIFSTAT_IN6 is no longer supported.
ok mikeb@, claudio@, dlg@
|
#
1.62 |
|
09-Sep-2015 |
mpi |
Kill some commented out in6_ifstat_inc().
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.61 |
|
08-Jul-2015 |
mpi |
unifdef IN6_IFSTAT_STRICT.
ok deraadt@, millert@
|
#
1.60 |
|
16-Jun-2015 |
mpi |
Store a unique ID, an interface index, rather than a pointer to the receiving interface in the packet header of every mbuf.
The interface pointer should now be retrieved when necessary with if_get(). If a NULL pointer is returned by if_get(), the interface has probably been destroy/removed and the mbuf should be freed.
Such mechanism will simplify garbage collection of mbufs and limit problems with dangling ifp pointers.
Tested by jmatthew@ and krw@, discussed with many.
ok mikeb@, bluhm@, dlg@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.59 |
|
08-Dec-2014 |
mpi |
Do not use a "struct route" when a "struct rtentry" is enough.
ok millert@, bluhm@
|
#
1.58 |
|
05-Dec-2014 |
mpi |
Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.
ok mikeb@, krw@, bluhm@, tedu@
|
#
1.57 |
|
18-Nov-2014 |
tedu |
move arc4random prototype to systm.h. more appropriate for most code to include that than rdnvar.h. ok deraadt dlg
|
#
1.56 |
|
14-Oct-2014 |
mpi |
Use rtfree() instead of RTFREE(), NULLify some free'd route pointers and kill the macro.
ok mikeb@, henning@
|
#
1.55 |
|
27-Sep-2014 |
mpi |
Kill rtalloc() and update rtalloc1() and rtalloc_mpath() to no longer rely on "struct route" that should die.
ok claudio@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.54 |
|
22-Jul-2014 |
mpi |
Fewer <netinet/in_systm.h> !
|
#
1.53 |
|
12-Jul-2014 |
tedu |
add a size argument to free. will be used soon, but for now default to 0. after discussions with beck deraadt kettenis.
|
#
1.52 |
|
14-Apr-2014 |
mpi |
"struct pkthdr" holds a routing table ID, not a routing domain one. Avoid the confusion by using an appropriate name for the variable.
Note that since routing domain IDs are a subset of the set of routing table IDs, the following idiom is correct:
rtableid = rdomain
But to get the routing domain ID corresponding to a given routing table ID, you must call rtable_l2(9).
claudio@ likes it, ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.51 |
|
11-Nov-2013 |
mpi |
Replace most of our formating functions to convert IPv4/6 addresses from network to presentation format to inet_ntop().
The few remaining functions will be soon converted.
ok mikeb@, deraadt@ and moral support from henning@
|
#
1.50 |
|
20-Oct-2013 |
phessler |
Put a large chunk of the IPv6 rdomain support in-tree.
Still some important missing pieces, and this is not yet enabled.
OK bluhm@
|
#
1.49 |
|
17-Oct-2013 |
bluhm |
The header file netinet/in_var.h included netinet6/in6_var.h. This created a bunch of useless dependencies. Remove this implicit inclusion and do an explicit #include <netinet6/in6_var.h> when it is needed. OK mpi@ henning@
|
#
1.48 |
|
27-Aug-2013 |
mpi |
Sync comment with reality, the draft is now an RFC and OpenBSD follows it since bluhm@ implemented it in 2012.
From Loganaden Velvindron, ok claudio@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.47 |
|
11-Jun-2013 |
deraadt |
Replace all ovbcopy with memmove; swap the src and dst arguments too ok otto
|
#
1.46 |
|
31-May-2013 |
bluhm |
Remove a bunch of sockaddr_in6 pointer casts and replace others with sin6tosa() or satosin6() inline functions. This allows the compiler to check the types more strictly. OK mpi@
|
#
1.45 |
|
22-Mar-2013 |
tedu |
simple replacement of LIST_END with NULL. ok mpi
|
#
1.44 |
|
04-Mar-2013 |
bluhm |
Replace the cast to struct in6_ifaddr pointer with the ifatoia6() macro. No binary change. OK claudio@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.43 |
|
28-Dec-2012 |
gsoares |
change the malloc(9) flags from M_DONTWAIT to M_NOWAIT; OK millert@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.42 |
|
24-Jan-2012 |
bluhm |
Add a short cut for atomic IPv6 fragments. They will be processed immediately and not go through the fragment queue. See draft-gont-6man-ipv6-atomic-fragments-00.txt. tested and ok sperreault@
|
#
1.41 |
|
23-Jan-2012 |
bluhm |
Do not keep state when dropping overlapping IPv6 fragments in pf and IPv6 stack. ok sperreault@
|
#
1.40 |
|
10-Jan-2012 |
bluhm |
Implement RFC 5722 and drop all IPv6 fragments that belong to a packet with overlapping fragments. ok henning@
|
#
1.39 |
|
10-Jan-2012 |
bluhm |
Flush the cached IPv6 forward route every 500 ms. This prevents wrong checks for local addresses and wrong packet forwarding in environments with only one communication partner and changing addresses or routes. Remove the #if 0 around the existing code to make IPv6 behave like IPv4. ok henning@
|
#
1.38 |
|
09-Jan-2012 |
bluhm |
Remove the IPv6 fragment overlapping length adjustment code. It was already #if 0 and will never come back. Remove unused fragment struct fields and sort the others. ok henning@
|
#
1.37 |
|
09-Jan-2012 |
bluhm |
Replace the hand-crafted queue for IPv6 fragments with LIST. ok henning@
|
#
1.36 |
|
05-Jan-2012 |
bluhm |
Remove dead code from #if 0: we do not have an ipsrcchk_rt anywhere else. from FreeBSD; ok henning@
|
#
1.35 |
|
05-Jan-2012 |
bluhm |
Replace the hand-crafted queue for fragmented IPv6 packets with TAILQ. ok henning@
|
Revision tags: OPENBSD_5_0_BASE
|
#
1.34 |
|
02-May-2011 |
chl |
Fix potential null dereference.
Found by LLVM/Clang Static Analyzer.
ok claudio@ henning@
|
#
1.33 |
|
03-Apr-2011 |
stsp |
Kill redundant offsetof definitions; ok deraadt henning sthen thib
|
#
1.32 |
|
06-Mar-2011 |
bluhm |
Extract the new function frag6_deletefraghdr() from frag6_input() to make it reusable by pf. No functional change. ok henning@, claudio@
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.31 |
|
13-Jan-2011 |
bluhm |
In frag6_input() there was an mbuf length calculation error. If you want to move "offset" bytes forward by "sizeof(struct ip6_frag)" bytes within an mbuf, you must have at least "offset + sizeof(struct ip6_frag)" bytes space in that mbuf. Fix from KAME, FreeBSD also has it. ok claudio@ markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.30 |
|
07-May-2010 |
claudio |
Start cleaning up the mess called rtalloc*. Kill rtalloc2, make rtalloc1 accept flags for report and nocloning. Move the rtableid into struct route (with a minor twist for now) and make a few more codepathes rdomain aware. Appart from the pf.c and route.c bits the diff is mostly mechanical. More to come... OK michele, henning
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.29 |
|
08-Feb-2010 |
jsing |
Destatic and ansify.
ok claudio@ naddy@
|
#
1.28 |
|
27-Dec-2009 |
jasper |
- obvious typo in comment, from holger mikolon
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.27 |
|
23-Nov-2008 |
claudio |
When accessing cached routes make sure the route is actually still valid. Before accessing a ro_rt make sure the route is either freshly allocated or RTF_UP is set. If not ro_rt should be freed and reallocated or at least no info from the ro_rt should be considered valid. This seems to solve the crashes seen by Felipe Alfaro Solana. some sort of OK dlg@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.26 |
|
11-Jun-2008 |
mcbride |
ANSIfy to sync with KAME. From Karl Sjodahl <dunceor@gmail.com>.
ok todd deraadt naddy bluhm
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.25 |
|
09-Dec-2007 |
hshoexer |
take advantage of M_ZERO
ok claudio gilles
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.24 |
|
01-May-2007 |
ray |
framgent -> fragment
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE
|
#
1.23 |
|
18-Jun-2006 |
pascoe |
Add support for equal-cost multipath IP.
To minimise path disruptions, this implements recommendations made in RFC2992 - the hash-threshold mechanism to select paths based on source/destination IP address pairs, and inserts multipath routes in the middle of the route table.
To enable multipath distribution, use: sysctl net.inet.ip.multipath=1 and/or: sysctl net.inet6.ip6.multipath=1
testing norby@ ok claudio@ henning@ hshoexer@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.22 |
|
20-Nov-2005 |
brad |
splimp -> splvm. mbuf allocation here.
ok henning@
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.21 |
|
01-Oct-2003 |
itojun |
use random number generator to generate IPv6 fragment ID/flowlabel. cleanup IPv6 flowlabel handling. deraadt ok
|
Revision tags: OPENBSD_3_4_BASE UBC_SYNC_A
|
#
1.20 |
|
14-May-2003 |
itojun |
make PULLDOWN_TEST codepath the default (has been default for a long time). markus ok
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_B
|
#
1.19 |
|
11-Sep-2002 |
itojun |
fix pointer signedness mixup. sync w/kame
|
#
1.18 |
|
11-Sep-2002 |
itojun |
KNF - return is not a function. sync w/kame
|
#
1.17 |
|
08-Jun-2002 |
itojun |
splnet -> splsoftnet where appropriate
|
#
1.16 |
|
28-May-2002 |
itojun |
limit number of IPv6 fragments (not the fragment queue size) to fight against lots-of-frags DoS attacks. sync w/kame
|
#
1.15 |
|
27-May-2002 |
deraadt |
kill __P
|
#
1.14 |
|
16-May-2002 |
kjc |
bring in ECN support from KAME. it consists of - ECN support in TCP - tunnel-egress and fragment reassembly rules in layer-3 not to lose congestion info at tunnel-egress and fragment reassembly
to enable ECN in TCP, build a kernel with TCP_ECN, and then, turn it on by "sysctl -w net.inet.tcp.ecn=1".
ok deraadt@
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.13 |
|
15-Mar-2002 |
itojun |
have a real lock around IPv6 reassembly.
|
#
1.12 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: OPENBSD_3_0_BASE UBC_BASE
|
#
1.11 |
|
09-Jun-2001 |
angelos |
branches: 1.11.4; No need for net/net_osdep.h
|
#
1.10 |
|
17-May-2001 |
itojun |
fix memory leak on ipv6 reass failure. sync with kame
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.9 |
|
22-Feb-2001 |
itojun |
correct behavior when ip6 reass queue reaches the upper limit.
|
#
1.8 |
|
16-Feb-2001 |
itojun |
set frag6_doing_reass while doing reass, to help frag6_drain.
|
#
1.7 |
|
16-Feb-2001 |
itojun |
sync whitespace/comment with kame. to help merge tasks
|
Revision tags: OPENBSD_2_7_BASE OPENBSD_2_8_BASE SMP_BASE
|
#
1.6 |
|
07-Feb-2000 |
itojun |
branches: 1.6.2; fix include file path related to ip6.
|
#
1.5 |
|
04-Feb-2000 |
itojun |
make IPv6 reass work on alpha. NetBSD PR 9340.
|
#
1.4 |
|
08-Jan-2000 |
deraadt |
pull in arc4random() prototype
|
#
1.3 |
|
08-Jan-2000 |
deraadt |
use arc4random() instead of random for two reasons. 1) on some architectures, random() should only be used by the scheduler (ie. statintr() because it is uniformly distributed 2) arc4random() is actually strong, random() is not at all
|
#
1.2 |
|
10-Dec-1999 |
angelos |
Remove remaining unnecessary ifdefs (itojun will hate me for this :-)
|
Revision tags: kame_19991208
|
#
1.1 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
#
1.87 |
|
22-Feb-2022 |
guenther |
Delete unnecessary #includes of <sys/domain.h> and/or <sys/protosw.h>
net/if_pppx.c pointed out by jsg@ ok gnezdo@ deraadt@ jsg@ mpi@ millert@
|
Revision tags: OPENBSD_6_6_BASE OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE
|
#
1.86 |
|
26-Aug-2019 |
bluhm |
Do not use the flow of the first fragment to store ECN information. Handle the ECN in the fragment queue. Reported-by: syzbot+0aa80b25e9041001cac8@syzkaller.appspotmail.com fix from FreeBSD; OK claudio@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.85 |
|
10-Sep-2018 |
bluhm |
branches: 1.85.2; 1.85.4; Instead of calculating the mbuf packet header length here and there, put the algorithm into a new function m_calchdrlen(). Also set an uninitialized m_len to 0 in NFS code. OK claudio@
|
#
1.84 |
|
10-Sep-2018 |
bluhm |
During fragment reassembly, mbuf chains with packet headers were created. Add a new function m_removehdr() do convert packet header mbufs within the chain to regular mbufs. Assert that the mbuf at the beginning of the chain has a packet header. found by Maxime Villard in NetBSD; from markus@; OK claudio@
|
#
1.83 |
|
22-Aug-2018 |
cheloha |
frag6_slowtimo: push NET_LOCK into frag6_freef around icmp6_error.
icmp6_error() still probably needs the NET_LOCK, as the call chain icmp6_error -> icmp6_reflect -> rt_match -> rt_clone -> rtrequest is possible.
The fragment discard loop in frag6_slowtimo and the other cleanup bits in frag6_freef do not require it however. So push the lock down into frag6_freef around icmp6_error.
Prompted by mpi. Discussed with bluhm and kn. Regress test help by bluhm. Additional testing by kn.
ok kn@ visa@ mpi@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.82 |
|
01-Feb-2018 |
bluhm |
The function ip6_get_prevhdr() did return a pointer into a mbuf. It was not guaranteed that the mbuf data was not somewhere else in the chain. So return an offset and do a proper mbuf pulldown. found by Maxime Villard; from NetBSD; with markus@; OK deraadt@
|
#
1.81 |
|
14-Nov-2017 |
bluhm |
Put the net lock around frag6_freef() as it sends ICMP6 error messages. Splassert was triggered by regress/sys/netinet6/frag6. OK mpi@ sashan@ visa@
|
#
1.80 |
|
13-Nov-2017 |
mpi |
Remove 18 year old #if 0.
ok visa@, benno@
|
#
1.79 |
|
07-Nov-2017 |
visa |
Serialize access to the IPv6 reassembly queue with a mutex. This lets the code run without KERNEL_LOCK() and NET_LOCK().
In addition, this patch reorganizes a part of the code, to move some of the memory release operations outside the critical section.
Input and OK mpi@, OK florian@, an earlier version OK bluhm@
|
#
1.78 |
|
05-Nov-2017 |
florian |
Finish off pr_drain functions, they haven't been used since 2006. OK mpi
|
#
1.77 |
|
29-Oct-2017 |
florian |
Move NET_{,UN}LOCK into individual slowtimo functions.
Direction suggested by mpi
OK mpi, visa
|
#
1.76 |
|
27-Oct-2017 |
visa |
Allocate IPv6 reassembly structs using pools instead of malloc(), and drop the now redundant allocation type M_FTABLE.
OK mikeb@, bluhm@, mpi@
|
#
1.75 |
|
26-Oct-2017 |
visa |
Replace macro `IP6_REASS_MBUF' with direct use of field `ip6af_m'.
OK bluhm@, mpi@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.74 |
|
16-May-2017 |
mpi |
branches: 1.74.4; Replace remaining splsoftassert(IPL_SOFTNET) by NET_ASSERT_LOCKED().
ok visa@
|
#
1.73 |
|
14-Apr-2017 |
bluhm |
Pass down the address family through the pr_input calls. This allows to simplify code used for both IPv4 and IPv6. OK mikeb@ deraadt@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.72 |
|
05-Feb-2017 |
jca |
branches: 1.72.4; Use percpu counters for ip6stat
Try to follow the existing examples. Some notes: - don't implement counters_dec() yet, which could be used in two similar chunks of code. Let's see if there are more users first. - stop incrementing IPv6-specific mbuf stats, IPv4 has no equivalent.
Input from mpi@, ok bluhm@ mpi@
|
#
1.71 |
|
28-Nov-2016 |
mpi |
Assert that every slow/fast timeout routine is called at IPL_SOFTNET.
This removes multipe recursive splsoftnet()/splx() dances.
|
#
1.70 |
|
24-Oct-2016 |
bluhm |
When the IPv6 network stack receives an empty non atomic fragment, just drop it. It can never overlap existing content, there is no ambiguous payload. So save resources and do not try to insert it into the queue. This makes our IPv6 stack behave like pf fragment reassembly. OK deraadt@
|
#
1.69 |
|
24-Aug-2016 |
mpi |
Kill ip6_forward_rt reducing differences between v4 and v6.
A single forwarding cache is not the answer. The answer is 42... err PF!
ok bluhm@
|
#
1.68 |
|
22-Aug-2016 |
mpi |
Sizes for free(9) from David Hill.
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.67 |
|
07-Mar-2016 |
naddy |
Sync no-argument function declaration and definition by adding (void). ok mpi@ millert@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.66 |
|
03-Dec-2015 |
tedu |
rewrite if to be more clear. ok bluhm stsp
|
#
1.65 |
|
22-Oct-2015 |
mpi |
Kill dead code missed in per-ifp counter removal.
ok millert@, bluhm@
|
#
1.64 |
|
19-Oct-2015 |
mpi |
Remove superfluous NULL checks.
ifa are refcounted to ensure that rt_ifa is always valid.
|
#
1.63 |
|
10-Sep-2015 |
mpi |
Kill in6_ifstat_inc() and associated per-ifp storage.
The SIOCGIFSTAT_IN6 is no longer supported.
ok mikeb@, claudio@, dlg@
|
#
1.62 |
|
09-Sep-2015 |
mpi |
Kill some commented out in6_ifstat_inc().
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.61 |
|
08-Jul-2015 |
mpi |
unifdef IN6_IFSTAT_STRICT.
ok deraadt@, millert@
|
#
1.60 |
|
16-Jun-2015 |
mpi |
Store a unique ID, an interface index, rather than a pointer to the receiving interface in the packet header of every mbuf.
The interface pointer should now be retrieved when necessary with if_get(). If a NULL pointer is returned by if_get(), the interface has probably been destroy/removed and the mbuf should be freed.
Such mechanism will simplify garbage collection of mbufs and limit problems with dangling ifp pointers.
Tested by jmatthew@ and krw@, discussed with many.
ok mikeb@, bluhm@, dlg@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.59 |
|
08-Dec-2014 |
mpi |
Do not use a "struct route" when a "struct rtentry" is enough.
ok millert@, bluhm@
|
#
1.58 |
|
05-Dec-2014 |
mpi |
Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.
ok mikeb@, krw@, bluhm@, tedu@
|
#
1.57 |
|
18-Nov-2014 |
tedu |
move arc4random prototype to systm.h. more appropriate for most code to include that than rdnvar.h. ok deraadt dlg
|
#
1.56 |
|
14-Oct-2014 |
mpi |
Use rtfree() instead of RTFREE(), NULLify some free'd route pointers and kill the macro.
ok mikeb@, henning@
|
#
1.55 |
|
27-Sep-2014 |
mpi |
Kill rtalloc() and update rtalloc1() and rtalloc_mpath() to no longer rely on "struct route" that should die.
ok claudio@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.54 |
|
22-Jul-2014 |
mpi |
Fewer <netinet/in_systm.h> !
|
#
1.53 |
|
12-Jul-2014 |
tedu |
add a size argument to free. will be used soon, but for now default to 0. after discussions with beck deraadt kettenis.
|
#
1.52 |
|
14-Apr-2014 |
mpi |
"struct pkthdr" holds a routing table ID, not a routing domain one. Avoid the confusion by using an appropriate name for the variable.
Note that since routing domain IDs are a subset of the set of routing table IDs, the following idiom is correct:
rtableid = rdomain
But to get the routing domain ID corresponding to a given routing table ID, you must call rtable_l2(9).
claudio@ likes it, ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.51 |
|
11-Nov-2013 |
mpi |
Replace most of our formating functions to convert IPv4/6 addresses from network to presentation format to inet_ntop().
The few remaining functions will be soon converted.
ok mikeb@, deraadt@ and moral support from henning@
|
#
1.50 |
|
20-Oct-2013 |
phessler |
Put a large chunk of the IPv6 rdomain support in-tree.
Still some important missing pieces, and this is not yet enabled.
OK bluhm@
|
#
1.49 |
|
17-Oct-2013 |
bluhm |
The header file netinet/in_var.h included netinet6/in6_var.h. This created a bunch of useless dependencies. Remove this implicit inclusion and do an explicit #include <netinet6/in6_var.h> when it is needed. OK mpi@ henning@
|
#
1.48 |
|
27-Aug-2013 |
mpi |
Sync comment with reality, the draft is now an RFC and OpenBSD follows it since bluhm@ implemented it in 2012.
From Loganaden Velvindron, ok claudio@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.47 |
|
11-Jun-2013 |
deraadt |
Replace all ovbcopy with memmove; swap the src and dst arguments too ok otto
|
#
1.46 |
|
31-May-2013 |
bluhm |
Remove a bunch of sockaddr_in6 pointer casts and replace others with sin6tosa() or satosin6() inline functions. This allows the compiler to check the types more strictly. OK mpi@
|
#
1.45 |
|
22-Mar-2013 |
tedu |
simple replacement of LIST_END with NULL. ok mpi
|
#
1.44 |
|
04-Mar-2013 |
bluhm |
Replace the cast to struct in6_ifaddr pointer with the ifatoia6() macro. No binary change. OK claudio@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.43 |
|
28-Dec-2012 |
gsoares |
change the malloc(9) flags from M_DONTWAIT to M_NOWAIT; OK millert@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.42 |
|
24-Jan-2012 |
bluhm |
Add a short cut for atomic IPv6 fragments. They will be processed immediately and not go through the fragment queue. See draft-gont-6man-ipv6-atomic-fragments-00.txt. tested and ok sperreault@
|
#
1.41 |
|
23-Jan-2012 |
bluhm |
Do not keep state when dropping overlapping IPv6 fragments in pf and IPv6 stack. ok sperreault@
|
#
1.40 |
|
10-Jan-2012 |
bluhm |
Implement RFC 5722 and drop all IPv6 fragments that belong to a packet with overlapping fragments. ok henning@
|
#
1.39 |
|
10-Jan-2012 |
bluhm |
Flush the cached IPv6 forward route every 500 ms. This prevents wrong checks for local addresses and wrong packet forwarding in environments with only one communication partner and changing addresses or routes. Remove the #if 0 around the existing code to make IPv6 behave like IPv4. ok henning@
|
#
1.38 |
|
09-Jan-2012 |
bluhm |
Remove the IPv6 fragment overlapping length adjustment code. It was already #if 0 and will never come back. Remove unused fragment struct fields and sort the others. ok henning@
|
#
1.37 |
|
09-Jan-2012 |
bluhm |
Replace the hand-crafted queue for IPv6 fragments with LIST. ok henning@
|
#
1.36 |
|
05-Jan-2012 |
bluhm |
Remove dead code from #if 0: we do not have an ipsrcchk_rt anywhere else. from FreeBSD; ok henning@
|
#
1.35 |
|
05-Jan-2012 |
bluhm |
Replace the hand-crafted queue for fragmented IPv6 packets with TAILQ. ok henning@
|
Revision tags: OPENBSD_5_0_BASE
|
#
1.34 |
|
02-May-2011 |
chl |
Fix potential null dereference.
Found by LLVM/Clang Static Analyzer.
ok claudio@ henning@
|
#
1.33 |
|
03-Apr-2011 |
stsp |
Kill redundant offsetof definitions; ok deraadt henning sthen thib
|
#
1.32 |
|
06-Mar-2011 |
bluhm |
Extract the new function frag6_deletefraghdr() from frag6_input() to make it reusable by pf. No functional change. ok henning@, claudio@
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.31 |
|
13-Jan-2011 |
bluhm |
In frag6_input() there was an mbuf length calculation error. If you want to move "offset" bytes forward by "sizeof(struct ip6_frag)" bytes within an mbuf, you must have at least "offset + sizeof(struct ip6_frag)" bytes space in that mbuf. Fix from KAME, FreeBSD also has it. ok claudio@ markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.30 |
|
07-May-2010 |
claudio |
Start cleaning up the mess called rtalloc*. Kill rtalloc2, make rtalloc1 accept flags for report and nocloning. Move the rtableid into struct route (with a minor twist for now) and make a few more codepathes rdomain aware. Appart from the pf.c and route.c bits the diff is mostly mechanical. More to come... OK michele, henning
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.29 |
|
08-Feb-2010 |
jsing |
Destatic and ansify.
ok claudio@ naddy@
|
#
1.28 |
|
27-Dec-2009 |
jasper |
- obvious typo in comment, from holger mikolon
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.27 |
|
23-Nov-2008 |
claudio |
When accessing cached routes make sure the route is actually still valid. Before accessing a ro_rt make sure the route is either freshly allocated or RTF_UP is set. If not ro_rt should be freed and reallocated or at least no info from the ro_rt should be considered valid. This seems to solve the crashes seen by Felipe Alfaro Solana. some sort of OK dlg@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.26 |
|
11-Jun-2008 |
mcbride |
ANSIfy to sync with KAME. From Karl Sjodahl <dunceor@gmail.com>.
ok todd deraadt naddy bluhm
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.25 |
|
09-Dec-2007 |
hshoexer |
take advantage of M_ZERO
ok claudio gilles
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.24 |
|
01-May-2007 |
ray |
framgent -> fragment
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE
|
#
1.23 |
|
18-Jun-2006 |
pascoe |
Add support for equal-cost multipath IP.
To minimise path disruptions, this implements recommendations made in RFC2992 - the hash-threshold mechanism to select paths based on source/destination IP address pairs, and inserts multipath routes in the middle of the route table.
To enable multipath distribution, use: sysctl net.inet.ip.multipath=1 and/or: sysctl net.inet6.ip6.multipath=1
testing norby@ ok claudio@ henning@ hshoexer@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.22 |
|
20-Nov-2005 |
brad |
splimp -> splvm. mbuf allocation here.
ok henning@
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.21 |
|
01-Oct-2003 |
itojun |
use random number generator to generate IPv6 fragment ID/flowlabel. cleanup IPv6 flowlabel handling. deraadt ok
|
Revision tags: OPENBSD_3_4_BASE UBC_SYNC_A
|
#
1.20 |
|
14-May-2003 |
itojun |
make PULLDOWN_TEST codepath the default (has been default for a long time). markus ok
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_B
|
#
1.19 |
|
11-Sep-2002 |
itojun |
fix pointer signedness mixup. sync w/kame
|
#
1.18 |
|
11-Sep-2002 |
itojun |
KNF - return is not a function. sync w/kame
|
#
1.17 |
|
08-Jun-2002 |
itojun |
splnet -> splsoftnet where appropriate
|
#
1.16 |
|
28-May-2002 |
itojun |
limit number of IPv6 fragments (not the fragment queue size) to fight against lots-of-frags DoS attacks. sync w/kame
|
#
1.15 |
|
27-May-2002 |
deraadt |
kill __P
|
#
1.14 |
|
16-May-2002 |
kjc |
bring in ECN support from KAME. it consists of - ECN support in TCP - tunnel-egress and fragment reassembly rules in layer-3 not to lose congestion info at tunnel-egress and fragment reassembly
to enable ECN in TCP, build a kernel with TCP_ECN, and then, turn it on by "sysctl -w net.inet.tcp.ecn=1".
ok deraadt@
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.13 |
|
15-Mar-2002 |
itojun |
have a real lock around IPv6 reassembly.
|
#
1.12 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: OPENBSD_3_0_BASE UBC_BASE
|
#
1.11 |
|
09-Jun-2001 |
angelos |
branches: 1.11.4; No need for net/net_osdep.h
|
#
1.10 |
|
17-May-2001 |
itojun |
fix memory leak on ipv6 reass failure. sync with kame
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.9 |
|
22-Feb-2001 |
itojun |
correct behavior when ip6 reass queue reaches the upper limit.
|
#
1.8 |
|
16-Feb-2001 |
itojun |
set frag6_doing_reass while doing reass, to help frag6_drain.
|
#
1.7 |
|
16-Feb-2001 |
itojun |
sync whitespace/comment with kame. to help merge tasks
|
Revision tags: OPENBSD_2_7_BASE OPENBSD_2_8_BASE SMP_BASE
|
#
1.6 |
|
07-Feb-2000 |
itojun |
branches: 1.6.2; fix include file path related to ip6.
|
#
1.5 |
|
04-Feb-2000 |
itojun |
make IPv6 reass work on alpha. NetBSD PR 9340.
|
#
1.4 |
|
08-Jan-2000 |
deraadt |
pull in arc4random() prototype
|
#
1.3 |
|
08-Jan-2000 |
deraadt |
use arc4random() instead of random for two reasons. 1) on some architectures, random() should only be used by the scheduler (ie. statintr() because it is uniformly distributed 2) arc4random() is actually strong, random() is not at all
|
#
1.2 |
|
10-Dec-1999 |
angelos |
Remove remaining unnecessary ifdefs (itojun will hate me for this :-)
|
Revision tags: kame_19991208
|
#
1.1 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
#
1.86 |
|
26-Aug-2019 |
bluhm |
Do not use the flow of the first fragment to store ECN information. Handle the ECN in the fragment queue. Reported-by: syzbot+0aa80b25e9041001cac8@syzkaller.appspotmail.com fix from FreeBSD; OK claudio@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.85 |
|
10-Sep-2018 |
bluhm |
Instead of calculating the mbuf packet header length here and there, put the algorithm into a new function m_calchdrlen(). Also set an uninitialized m_len to 0 in NFS code. OK claudio@
|
#
1.84 |
|
10-Sep-2018 |
bluhm |
During fragment reassembly, mbuf chains with packet headers were created. Add a new function m_removehdr() do convert packet header mbufs within the chain to regular mbufs. Assert that the mbuf at the beginning of the chain has a packet header. found by Maxime Villard in NetBSD; from markus@; OK claudio@
|
#
1.83 |
|
22-Aug-2018 |
cheloha |
frag6_slowtimo: push NET_LOCK into frag6_freef around icmp6_error.
icmp6_error() still probably needs the NET_LOCK, as the call chain icmp6_error -> icmp6_reflect -> rt_match -> rt_clone -> rtrequest is possible.
The fragment discard loop in frag6_slowtimo and the other cleanup bits in frag6_freef do not require it however. So push the lock down into frag6_freef around icmp6_error.
Prompted by mpi. Discussed with bluhm and kn. Regress test help by bluhm. Additional testing by kn.
ok kn@ visa@ mpi@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.82 |
|
01-Feb-2018 |
bluhm |
The function ip6_get_prevhdr() did return a pointer into a mbuf. It was not guaranteed that the mbuf data was not somewhere else in the chain. So return an offset and do a proper mbuf pulldown. found by Maxime Villard; from NetBSD; with markus@; OK deraadt@
|
#
1.81 |
|
14-Nov-2017 |
bluhm |
Put the net lock around frag6_freef() as it sends ICMP6 error messages. Splassert was triggered by regress/sys/netinet6/frag6. OK mpi@ sashan@ visa@
|
#
1.80 |
|
13-Nov-2017 |
mpi |
Remove 18 year old #if 0.
ok visa@, benno@
|
#
1.79 |
|
07-Nov-2017 |
visa |
Serialize access to the IPv6 reassembly queue with a mutex. This lets the code run without KERNEL_LOCK() and NET_LOCK().
In addition, this patch reorganizes a part of the code, to move some of the memory release operations outside the critical section.
Input and OK mpi@, OK florian@, an earlier version OK bluhm@
|
#
1.78 |
|
05-Nov-2017 |
florian |
Finish off pr_drain functions, they haven't been used since 2006. OK mpi
|
#
1.77 |
|
29-Oct-2017 |
florian |
Move NET_{,UN}LOCK into individual slowtimo functions.
Direction suggested by mpi
OK mpi, visa
|
#
1.76 |
|
27-Oct-2017 |
visa |
Allocate IPv6 reassembly structs using pools instead of malloc(), and drop the now redundant allocation type M_FTABLE.
OK mikeb@, bluhm@, mpi@
|
#
1.75 |
|
26-Oct-2017 |
visa |
Replace macro `IP6_REASS_MBUF' with direct use of field `ip6af_m'.
OK bluhm@, mpi@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.74 |
|
16-May-2017 |
mpi |
branches: 1.74.4; Replace remaining splsoftassert(IPL_SOFTNET) by NET_ASSERT_LOCKED().
ok visa@
|
#
1.73 |
|
14-Apr-2017 |
bluhm |
Pass down the address family through the pr_input calls. This allows to simplify code used for both IPv4 and IPv6. OK mikeb@ deraadt@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.72 |
|
05-Feb-2017 |
jca |
branches: 1.72.4; Use percpu counters for ip6stat
Try to follow the existing examples. Some notes: - don't implement counters_dec() yet, which could be used in two similar chunks of code. Let's see if there are more users first. - stop incrementing IPv6-specific mbuf stats, IPv4 has no equivalent.
Input from mpi@, ok bluhm@ mpi@
|
#
1.71 |
|
28-Nov-2016 |
mpi |
Assert that every slow/fast timeout routine is called at IPL_SOFTNET.
This removes multipe recursive splsoftnet()/splx() dances.
|
#
1.70 |
|
24-Oct-2016 |
bluhm |
When the IPv6 network stack receives an empty non atomic fragment, just drop it. It can never overlap existing content, there is no ambiguous payload. So save resources and do not try to insert it into the queue. This makes our IPv6 stack behave like pf fragment reassembly. OK deraadt@
|
#
1.69 |
|
24-Aug-2016 |
mpi |
Kill ip6_forward_rt reducing differences between v4 and v6.
A single forwarding cache is not the answer. The answer is 42... err PF!
ok bluhm@
|
#
1.68 |
|
22-Aug-2016 |
mpi |
Sizes for free(9) from David Hill.
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.67 |
|
07-Mar-2016 |
naddy |
Sync no-argument function declaration and definition by adding (void). ok mpi@ millert@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.66 |
|
03-Dec-2015 |
tedu |
rewrite if to be more clear. ok bluhm stsp
|
#
1.65 |
|
22-Oct-2015 |
mpi |
Kill dead code missed in per-ifp counter removal.
ok millert@, bluhm@
|
#
1.64 |
|
19-Oct-2015 |
mpi |
Remove superfluous NULL checks.
ifa are refcounted to ensure that rt_ifa is always valid.
|
#
1.63 |
|
10-Sep-2015 |
mpi |
Kill in6_ifstat_inc() and associated per-ifp storage.
The SIOCGIFSTAT_IN6 is no longer supported.
ok mikeb@, claudio@, dlg@
|
#
1.62 |
|
09-Sep-2015 |
mpi |
Kill some commented out in6_ifstat_inc().
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.61 |
|
08-Jul-2015 |
mpi |
unifdef IN6_IFSTAT_STRICT.
ok deraadt@, millert@
|
#
1.60 |
|
16-Jun-2015 |
mpi |
Store a unique ID, an interface index, rather than a pointer to the receiving interface in the packet header of every mbuf.
The interface pointer should now be retrieved when necessary with if_get(). If a NULL pointer is returned by if_get(), the interface has probably been destroy/removed and the mbuf should be freed.
Such mechanism will simplify garbage collection of mbufs and limit problems with dangling ifp pointers.
Tested by jmatthew@ and krw@, discussed with many.
ok mikeb@, bluhm@, dlg@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.59 |
|
08-Dec-2014 |
mpi |
Do not use a "struct route" when a "struct rtentry" is enough.
ok millert@, bluhm@
|
#
1.58 |
|
05-Dec-2014 |
mpi |
Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.
ok mikeb@, krw@, bluhm@, tedu@
|
#
1.57 |
|
18-Nov-2014 |
tedu |
move arc4random prototype to systm.h. more appropriate for most code to include that than rdnvar.h. ok deraadt dlg
|
#
1.56 |
|
14-Oct-2014 |
mpi |
Use rtfree() instead of RTFREE(), NULLify some free'd route pointers and kill the macro.
ok mikeb@, henning@
|
#
1.55 |
|
27-Sep-2014 |
mpi |
Kill rtalloc() and update rtalloc1() and rtalloc_mpath() to no longer rely on "struct route" that should die.
ok claudio@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.54 |
|
22-Jul-2014 |
mpi |
Fewer <netinet/in_systm.h> !
|
#
1.53 |
|
12-Jul-2014 |
tedu |
add a size argument to free. will be used soon, but for now default to 0. after discussions with beck deraadt kettenis.
|
#
1.52 |
|
14-Apr-2014 |
mpi |
"struct pkthdr" holds a routing table ID, not a routing domain one. Avoid the confusion by using an appropriate name for the variable.
Note that since routing domain IDs are a subset of the set of routing table IDs, the following idiom is correct:
rtableid = rdomain
But to get the routing domain ID corresponding to a given routing table ID, you must call rtable_l2(9).
claudio@ likes it, ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.51 |
|
11-Nov-2013 |
mpi |
Replace most of our formating functions to convert IPv4/6 addresses from network to presentation format to inet_ntop().
The few remaining functions will be soon converted.
ok mikeb@, deraadt@ and moral support from henning@
|
#
1.50 |
|
20-Oct-2013 |
phessler |
Put a large chunk of the IPv6 rdomain support in-tree.
Still some important missing pieces, and this is not yet enabled.
OK bluhm@
|
#
1.49 |
|
17-Oct-2013 |
bluhm |
The header file netinet/in_var.h included netinet6/in6_var.h. This created a bunch of useless dependencies. Remove this implicit inclusion and do an explicit #include <netinet6/in6_var.h> when it is needed. OK mpi@ henning@
|
#
1.48 |
|
27-Aug-2013 |
mpi |
Sync comment with reality, the draft is now an RFC and OpenBSD follows it since bluhm@ implemented it in 2012.
From Loganaden Velvindron, ok claudio@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.47 |
|
11-Jun-2013 |
deraadt |
Replace all ovbcopy with memmove; swap the src and dst arguments too ok otto
|
#
1.46 |
|
31-May-2013 |
bluhm |
Remove a bunch of sockaddr_in6 pointer casts and replace others with sin6tosa() or satosin6() inline functions. This allows the compiler to check the types more strictly. OK mpi@
|
#
1.45 |
|
22-Mar-2013 |
tedu |
simple replacement of LIST_END with NULL. ok mpi
|
#
1.44 |
|
04-Mar-2013 |
bluhm |
Replace the cast to struct in6_ifaddr pointer with the ifatoia6() macro. No binary change. OK claudio@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.43 |
|
28-Dec-2012 |
gsoares |
change the malloc(9) flags from M_DONTWAIT to M_NOWAIT; OK millert@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.42 |
|
24-Jan-2012 |
bluhm |
Add a short cut for atomic IPv6 fragments. They will be processed immediately and not go through the fragment queue. See draft-gont-6man-ipv6-atomic-fragments-00.txt. tested and ok sperreault@
|
#
1.41 |
|
23-Jan-2012 |
bluhm |
Do not keep state when dropping overlapping IPv6 fragments in pf and IPv6 stack. ok sperreault@
|
#
1.40 |
|
10-Jan-2012 |
bluhm |
Implement RFC 5722 and drop all IPv6 fragments that belong to a packet with overlapping fragments. ok henning@
|
#
1.39 |
|
10-Jan-2012 |
bluhm |
Flush the cached IPv6 forward route every 500 ms. This prevents wrong checks for local addresses and wrong packet forwarding in environments with only one communication partner and changing addresses or routes. Remove the #if 0 around the existing code to make IPv6 behave like IPv4. ok henning@
|
#
1.38 |
|
09-Jan-2012 |
bluhm |
Remove the IPv6 fragment overlapping length adjustment code. It was already #if 0 and will never come back. Remove unused fragment struct fields and sort the others. ok henning@
|
#
1.37 |
|
09-Jan-2012 |
bluhm |
Replace the hand-crafted queue for IPv6 fragments with LIST. ok henning@
|
#
1.36 |
|
05-Jan-2012 |
bluhm |
Remove dead code from #if 0: we do not have an ipsrcchk_rt anywhere else. from FreeBSD; ok henning@
|
#
1.35 |
|
05-Jan-2012 |
bluhm |
Replace the hand-crafted queue for fragmented IPv6 packets with TAILQ. ok henning@
|
Revision tags: OPENBSD_5_0_BASE
|
#
1.34 |
|
02-May-2011 |
chl |
Fix potential null dereference.
Found by LLVM/Clang Static Analyzer.
ok claudio@ henning@
|
#
1.33 |
|
03-Apr-2011 |
stsp |
Kill redundant offsetof definitions; ok deraadt henning sthen thib
|
#
1.32 |
|
06-Mar-2011 |
bluhm |
Extract the new function frag6_deletefraghdr() from frag6_input() to make it reusable by pf. No functional change. ok henning@, claudio@
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.31 |
|
13-Jan-2011 |
bluhm |
In frag6_input() there was an mbuf length calculation error. If you want to move "offset" bytes forward by "sizeof(struct ip6_frag)" bytes within an mbuf, you must have at least "offset + sizeof(struct ip6_frag)" bytes space in that mbuf. Fix from KAME, FreeBSD also has it. ok claudio@ markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.30 |
|
07-May-2010 |
claudio |
Start cleaning up the mess called rtalloc*. Kill rtalloc2, make rtalloc1 accept flags for report and nocloning. Move the rtableid into struct route (with a minor twist for now) and make a few more codepathes rdomain aware. Appart from the pf.c and route.c bits the diff is mostly mechanical. More to come... OK michele, henning
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.29 |
|
08-Feb-2010 |
jsing |
Destatic and ansify.
ok claudio@ naddy@
|
#
1.28 |
|
27-Dec-2009 |
jasper |
- obvious typo in comment, from holger mikolon
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.27 |
|
23-Nov-2008 |
claudio |
When accessing cached routes make sure the route is actually still valid. Before accessing a ro_rt make sure the route is either freshly allocated or RTF_UP is set. If not ro_rt should be freed and reallocated or at least no info from the ro_rt should be considered valid. This seems to solve the crashes seen by Felipe Alfaro Solana. some sort of OK dlg@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.26 |
|
11-Jun-2008 |
mcbride |
ANSIfy to sync with KAME. From Karl Sjodahl <dunceor@gmail.com>.
ok todd deraadt naddy bluhm
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.25 |
|
09-Dec-2007 |
hshoexer |
take advantage of M_ZERO
ok claudio gilles
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.24 |
|
01-May-2007 |
ray |
framgent -> fragment
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE
|
#
1.23 |
|
18-Jun-2006 |
pascoe |
Add support for equal-cost multipath IP.
To minimise path disruptions, this implements recommendations made in RFC2992 - the hash-threshold mechanism to select paths based on source/destination IP address pairs, and inserts multipath routes in the middle of the route table.
To enable multipath distribution, use: sysctl net.inet.ip.multipath=1 and/or: sysctl net.inet6.ip6.multipath=1
testing norby@ ok claudio@ henning@ hshoexer@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.22 |
|
20-Nov-2005 |
brad |
splimp -> splvm. mbuf allocation here.
ok henning@
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.21 |
|
01-Oct-2003 |
itojun |
use random number generator to generate IPv6 fragment ID/flowlabel. cleanup IPv6 flowlabel handling. deraadt ok
|
Revision tags: OPENBSD_3_4_BASE UBC_SYNC_A
|
#
1.20 |
|
14-May-2003 |
itojun |
make PULLDOWN_TEST codepath the default (has been default for a long time). markus ok
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_B
|
#
1.19 |
|
11-Sep-2002 |
itojun |
fix pointer signedness mixup. sync w/kame
|
#
1.18 |
|
11-Sep-2002 |
itojun |
KNF - return is not a function. sync w/kame
|
#
1.17 |
|
08-Jun-2002 |
itojun |
splnet -> splsoftnet where appropriate
|
#
1.16 |
|
28-May-2002 |
itojun |
limit number of IPv6 fragments (not the fragment queue size) to fight against lots-of-frags DoS attacks. sync w/kame
|
#
1.15 |
|
27-May-2002 |
deraadt |
kill __P
|
#
1.14 |
|
16-May-2002 |
kjc |
bring in ECN support from KAME. it consists of - ECN support in TCP - tunnel-egress and fragment reassembly rules in layer-3 not to lose congestion info at tunnel-egress and fragment reassembly
to enable ECN in TCP, build a kernel with TCP_ECN, and then, turn it on by "sysctl -w net.inet.tcp.ecn=1".
ok deraadt@
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.13 |
|
15-Mar-2002 |
itojun |
have a real lock around IPv6 reassembly.
|
#
1.12 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: OPENBSD_3_0_BASE UBC_BASE
|
#
1.11 |
|
09-Jun-2001 |
angelos |
branches: 1.11.4; No need for net/net_osdep.h
|
#
1.10 |
|
17-May-2001 |
itojun |
fix memory leak on ipv6 reass failure. sync with kame
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.9 |
|
22-Feb-2001 |
itojun |
correct behavior when ip6 reass queue reaches the upper limit.
|
#
1.8 |
|
16-Feb-2001 |
itojun |
set frag6_doing_reass while doing reass, to help frag6_drain.
|
#
1.7 |
|
16-Feb-2001 |
itojun |
sync whitespace/comment with kame. to help merge tasks
|
Revision tags: OPENBSD_2_7_BASE OPENBSD_2_8_BASE SMP_BASE
|
#
1.6 |
|
07-Feb-2000 |
itojun |
branches: 1.6.2; fix include file path related to ip6.
|
#
1.5 |
|
04-Feb-2000 |
itojun |
make IPv6 reass work on alpha. NetBSD PR 9340.
|
#
1.4 |
|
08-Jan-2000 |
deraadt |
pull in arc4random() prototype
|
#
1.3 |
|
08-Jan-2000 |
deraadt |
use arc4random() instead of random for two reasons. 1) on some architectures, random() should only be used by the scheduler (ie. statintr() because it is uniformly distributed 2) arc4random() is actually strong, random() is not at all
|
#
1.2 |
|
10-Dec-1999 |
angelos |
Remove remaining unnecessary ifdefs (itojun will hate me for this :-)
|
Revision tags: kame_19991208
|
#
1.1 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
#
1.85 |
|
10-Sep-2018 |
bluhm |
Instead of calculating the mbuf packet header length here and there, put the algorithm into a new function m_calchdrlen(). Also set an uninitialized m_len to 0 in NFS code. OK claudio@
|
#
1.84 |
|
10-Sep-2018 |
bluhm |
During fragment reassembly, mbuf chains with packet headers were created. Add a new function m_removehdr() do convert packet header mbufs within the chain to regular mbufs. Assert that the mbuf at the beginning of the chain has a packet header. found by Maxime Villard in NetBSD; from markus@; OK claudio@
|
#
1.83 |
|
22-Aug-2018 |
cheloha |
frag6_slowtimo: push NET_LOCK into frag6_freef around icmp6_error.
icmp6_error() still probably needs the NET_LOCK, as the call chain icmp6_error -> icmp6_reflect -> rt_match -> rt_clone -> rtrequest is possible.
The fragment discard loop in frag6_slowtimo and the other cleanup bits in frag6_freef do not require it however. So push the lock down into frag6_freef around icmp6_error.
Prompted by mpi. Discussed with bluhm and kn. Regress test help by bluhm. Additional testing by kn.
ok kn@ visa@ mpi@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.82 |
|
01-Feb-2018 |
bluhm |
The function ip6_get_prevhdr() did return a pointer into a mbuf. It was not guaranteed that the mbuf data was not somewhere else in the chain. So return an offset and do a proper mbuf pulldown. found by Maxime Villard; from NetBSD; with markus@; OK deraadt@
|
#
1.81 |
|
14-Nov-2017 |
bluhm |
Put the net lock around frag6_freef() as it sends ICMP6 error messages. Splassert was triggered by regress/sys/netinet6/frag6. OK mpi@ sashan@ visa@
|
#
1.80 |
|
13-Nov-2017 |
mpi |
Remove 18 year old #if 0.
ok visa@, benno@
|
#
1.79 |
|
07-Nov-2017 |
visa |
Serialize access to the IPv6 reassembly queue with a mutex. This lets the code run without KERNEL_LOCK() and NET_LOCK().
In addition, this patch reorganizes a part of the code, to move some of the memory release operations outside the critical section.
Input and OK mpi@, OK florian@, an earlier version OK bluhm@
|
#
1.78 |
|
05-Nov-2017 |
florian |
Finish off pr_drain functions, they haven't been used since 2006. OK mpi
|
#
1.77 |
|
29-Oct-2017 |
florian |
Move NET_{,UN}LOCK into individual slowtimo functions.
Direction suggested by mpi
OK mpi, visa
|
#
1.76 |
|
27-Oct-2017 |
visa |
Allocate IPv6 reassembly structs using pools instead of malloc(), and drop the now redundant allocation type M_FTABLE.
OK mikeb@, bluhm@, mpi@
|
#
1.75 |
|
26-Oct-2017 |
visa |
Replace macro `IP6_REASS_MBUF' with direct use of field `ip6af_m'.
OK bluhm@, mpi@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.74 |
|
16-May-2017 |
mpi |
branches: 1.74.4; Replace remaining splsoftassert(IPL_SOFTNET) by NET_ASSERT_LOCKED().
ok visa@
|
#
1.73 |
|
14-Apr-2017 |
bluhm |
Pass down the address family through the pr_input calls. This allows to simplify code used for both IPv4 and IPv6. OK mikeb@ deraadt@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.72 |
|
05-Feb-2017 |
jca |
branches: 1.72.4; Use percpu counters for ip6stat
Try to follow the existing examples. Some notes: - don't implement counters_dec() yet, which could be used in two similar chunks of code. Let's see if there are more users first. - stop incrementing IPv6-specific mbuf stats, IPv4 has no equivalent.
Input from mpi@, ok bluhm@ mpi@
|
#
1.71 |
|
28-Nov-2016 |
mpi |
Assert that every slow/fast timeout routine is called at IPL_SOFTNET.
This removes multipe recursive splsoftnet()/splx() dances.
|
#
1.70 |
|
24-Oct-2016 |
bluhm |
When the IPv6 network stack receives an empty non atomic fragment, just drop it. It can never overlap existing content, there is no ambiguous payload. So save resources and do not try to insert it into the queue. This makes our IPv6 stack behave like pf fragment reassembly. OK deraadt@
|
#
1.69 |
|
24-Aug-2016 |
mpi |
Kill ip6_forward_rt reducing differences between v4 and v6.
A single forwarding cache is not the answer. The answer is 42... err PF!
ok bluhm@
|
#
1.68 |
|
22-Aug-2016 |
mpi |
Sizes for free(9) from David Hill.
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.67 |
|
07-Mar-2016 |
naddy |
Sync no-argument function declaration and definition by adding (void). ok mpi@ millert@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.66 |
|
03-Dec-2015 |
tedu |
rewrite if to be more clear. ok bluhm stsp
|
#
1.65 |
|
22-Oct-2015 |
mpi |
Kill dead code missed in per-ifp counter removal.
ok millert@, bluhm@
|
#
1.64 |
|
19-Oct-2015 |
mpi |
Remove superfluous NULL checks.
ifa are refcounted to ensure that rt_ifa is always valid.
|
#
1.63 |
|
10-Sep-2015 |
mpi |
Kill in6_ifstat_inc() and associated per-ifp storage.
The SIOCGIFSTAT_IN6 is no longer supported.
ok mikeb@, claudio@, dlg@
|
#
1.62 |
|
09-Sep-2015 |
mpi |
Kill some commented out in6_ifstat_inc().
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.61 |
|
08-Jul-2015 |
mpi |
unifdef IN6_IFSTAT_STRICT.
ok deraadt@, millert@
|
#
1.60 |
|
16-Jun-2015 |
mpi |
Store a unique ID, an interface index, rather than a pointer to the receiving interface in the packet header of every mbuf.
The interface pointer should now be retrieved when necessary with if_get(). If a NULL pointer is returned by if_get(), the interface has probably been destroy/removed and the mbuf should be freed.
Such mechanism will simplify garbage collection of mbufs and limit problems with dangling ifp pointers.
Tested by jmatthew@ and krw@, discussed with many.
ok mikeb@, bluhm@, dlg@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.59 |
|
08-Dec-2014 |
mpi |
Do not use a "struct route" when a "struct rtentry" is enough.
ok millert@, bluhm@
|
#
1.58 |
|
05-Dec-2014 |
mpi |
Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.
ok mikeb@, krw@, bluhm@, tedu@
|
#
1.57 |
|
18-Nov-2014 |
tedu |
move arc4random prototype to systm.h. more appropriate for most code to include that than rdnvar.h. ok deraadt dlg
|
#
1.56 |
|
14-Oct-2014 |
mpi |
Use rtfree() instead of RTFREE(), NULLify some free'd route pointers and kill the macro.
ok mikeb@, henning@
|
#
1.55 |
|
27-Sep-2014 |
mpi |
Kill rtalloc() and update rtalloc1() and rtalloc_mpath() to no longer rely on "struct route" that should die.
ok claudio@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.54 |
|
22-Jul-2014 |
mpi |
Fewer <netinet/in_systm.h> !
|
#
1.53 |
|
12-Jul-2014 |
tedu |
add a size argument to free. will be used soon, but for now default to 0. after discussions with beck deraadt kettenis.
|
#
1.52 |
|
14-Apr-2014 |
mpi |
"struct pkthdr" holds a routing table ID, not a routing domain one. Avoid the confusion by using an appropriate name for the variable.
Note that since routing domain IDs are a subset of the set of routing table IDs, the following idiom is correct:
rtableid = rdomain
But to get the routing domain ID corresponding to a given routing table ID, you must call rtable_l2(9).
claudio@ likes it, ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.51 |
|
11-Nov-2013 |
mpi |
Replace most of our formating functions to convert IPv4/6 addresses from network to presentation format to inet_ntop().
The few remaining functions will be soon converted.
ok mikeb@, deraadt@ and moral support from henning@
|
#
1.50 |
|
20-Oct-2013 |
phessler |
Put a large chunk of the IPv6 rdomain support in-tree.
Still some important missing pieces, and this is not yet enabled.
OK bluhm@
|
#
1.49 |
|
17-Oct-2013 |
bluhm |
The header file netinet/in_var.h included netinet6/in6_var.h. This created a bunch of useless dependencies. Remove this implicit inclusion and do an explicit #include <netinet6/in6_var.h> when it is needed. OK mpi@ henning@
|
#
1.48 |
|
27-Aug-2013 |
mpi |
Sync comment with reality, the draft is now an RFC and OpenBSD follows it since bluhm@ implemented it in 2012.
From Loganaden Velvindron, ok claudio@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.47 |
|
11-Jun-2013 |
deraadt |
Replace all ovbcopy with memmove; swap the src and dst arguments too ok otto
|
#
1.46 |
|
31-May-2013 |
bluhm |
Remove a bunch of sockaddr_in6 pointer casts and replace others with sin6tosa() or satosin6() inline functions. This allows the compiler to check the types more strictly. OK mpi@
|
#
1.45 |
|
22-Mar-2013 |
tedu |
simple replacement of LIST_END with NULL. ok mpi
|
#
1.44 |
|
04-Mar-2013 |
bluhm |
Replace the cast to struct in6_ifaddr pointer with the ifatoia6() macro. No binary change. OK claudio@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.43 |
|
28-Dec-2012 |
gsoares |
change the malloc(9) flags from M_DONTWAIT to M_NOWAIT; OK millert@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.42 |
|
24-Jan-2012 |
bluhm |
Add a short cut for atomic IPv6 fragments. They will be processed immediately and not go through the fragment queue. See draft-gont-6man-ipv6-atomic-fragments-00.txt. tested and ok sperreault@
|
#
1.41 |
|
23-Jan-2012 |
bluhm |
Do not keep state when dropping overlapping IPv6 fragments in pf and IPv6 stack. ok sperreault@
|
#
1.40 |
|
10-Jan-2012 |
bluhm |
Implement RFC 5722 and drop all IPv6 fragments that belong to a packet with overlapping fragments. ok henning@
|
#
1.39 |
|
10-Jan-2012 |
bluhm |
Flush the cached IPv6 forward route every 500 ms. This prevents wrong checks for local addresses and wrong packet forwarding in environments with only one communication partner and changing addresses or routes. Remove the #if 0 around the existing code to make IPv6 behave like IPv4. ok henning@
|
#
1.38 |
|
09-Jan-2012 |
bluhm |
Remove the IPv6 fragment overlapping length adjustment code. It was already #if 0 and will never come back. Remove unused fragment struct fields and sort the others. ok henning@
|
#
1.37 |
|
09-Jan-2012 |
bluhm |
Replace the hand-crafted queue for IPv6 fragments with LIST. ok henning@
|
#
1.36 |
|
05-Jan-2012 |
bluhm |
Remove dead code from #if 0: we do not have an ipsrcchk_rt anywhere else. from FreeBSD; ok henning@
|
#
1.35 |
|
05-Jan-2012 |
bluhm |
Replace the hand-crafted queue for fragmented IPv6 packets with TAILQ. ok henning@
|
Revision tags: OPENBSD_5_0_BASE
|
#
1.34 |
|
02-May-2011 |
chl |
Fix potential null dereference.
Found by LLVM/Clang Static Analyzer.
ok claudio@ henning@
|
#
1.33 |
|
03-Apr-2011 |
stsp |
Kill redundant offsetof definitions; ok deraadt henning sthen thib
|
#
1.32 |
|
06-Mar-2011 |
bluhm |
Extract the new function frag6_deletefraghdr() from frag6_input() to make it reusable by pf. No functional change. ok henning@, claudio@
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.31 |
|
13-Jan-2011 |
bluhm |
In frag6_input() there was an mbuf length calculation error. If you want to move "offset" bytes forward by "sizeof(struct ip6_frag)" bytes within an mbuf, you must have at least "offset + sizeof(struct ip6_frag)" bytes space in that mbuf. Fix from KAME, FreeBSD also has it. ok claudio@ markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.30 |
|
07-May-2010 |
claudio |
Start cleaning up the mess called rtalloc*. Kill rtalloc2, make rtalloc1 accept flags for report and nocloning. Move the rtableid into struct route (with a minor twist for now) and make a few more codepathes rdomain aware. Appart from the pf.c and route.c bits the diff is mostly mechanical. More to come... OK michele, henning
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.29 |
|
08-Feb-2010 |
jsing |
Destatic and ansify.
ok claudio@ naddy@
|
#
1.28 |
|
27-Dec-2009 |
jasper |
- obvious typo in comment, from holger mikolon
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.27 |
|
23-Nov-2008 |
claudio |
When accessing cached routes make sure the route is actually still valid. Before accessing a ro_rt make sure the route is either freshly allocated or RTF_UP is set. If not ro_rt should be freed and reallocated or at least no info from the ro_rt should be considered valid. This seems to solve the crashes seen by Felipe Alfaro Solana. some sort of OK dlg@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.26 |
|
11-Jun-2008 |
mcbride |
ANSIfy to sync with KAME. From Karl Sjodahl <dunceor@gmail.com>.
ok todd deraadt naddy bluhm
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.25 |
|
09-Dec-2007 |
hshoexer |
take advantage of M_ZERO
ok claudio gilles
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.24 |
|
01-May-2007 |
ray |
framgent -> fragment
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE
|
#
1.23 |
|
18-Jun-2006 |
pascoe |
Add support for equal-cost multipath IP.
To minimise path disruptions, this implements recommendations made in RFC2992 - the hash-threshold mechanism to select paths based on source/destination IP address pairs, and inserts multipath routes in the middle of the route table.
To enable multipath distribution, use: sysctl net.inet.ip.multipath=1 and/or: sysctl net.inet6.ip6.multipath=1
testing norby@ ok claudio@ henning@ hshoexer@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.22 |
|
20-Nov-2005 |
brad |
splimp -> splvm. mbuf allocation here.
ok henning@
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.21 |
|
01-Oct-2003 |
itojun |
use random number generator to generate IPv6 fragment ID/flowlabel. cleanup IPv6 flowlabel handling. deraadt ok
|
Revision tags: OPENBSD_3_4_BASE UBC_SYNC_A
|
#
1.20 |
|
14-May-2003 |
itojun |
make PULLDOWN_TEST codepath the default (has been default for a long time). markus ok
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_B
|
#
1.19 |
|
11-Sep-2002 |
itojun |
fix pointer signedness mixup. sync w/kame
|
#
1.18 |
|
11-Sep-2002 |
itojun |
KNF - return is not a function. sync w/kame
|
#
1.17 |
|
08-Jun-2002 |
itojun |
splnet -> splsoftnet where appropriate
|
#
1.16 |
|
28-May-2002 |
itojun |
limit number of IPv6 fragments (not the fragment queue size) to fight against lots-of-frags DoS attacks. sync w/kame
|
#
1.15 |
|
27-May-2002 |
deraadt |
kill __P
|
#
1.14 |
|
16-May-2002 |
kjc |
bring in ECN support from KAME. it consists of - ECN support in TCP - tunnel-egress and fragment reassembly rules in layer-3 not to lose congestion info at tunnel-egress and fragment reassembly
to enable ECN in TCP, build a kernel with TCP_ECN, and then, turn it on by "sysctl -w net.inet.tcp.ecn=1".
ok deraadt@
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.13 |
|
15-Mar-2002 |
itojun |
have a real lock around IPv6 reassembly.
|
#
1.12 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: OPENBSD_3_0_BASE UBC_BASE
|
#
1.11 |
|
09-Jun-2001 |
angelos |
branches: 1.11.4; No need for net/net_osdep.h
|
#
1.10 |
|
17-May-2001 |
itojun |
fix memory leak on ipv6 reass failure. sync with kame
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.9 |
|
22-Feb-2001 |
itojun |
correct behavior when ip6 reass queue reaches the upper limit.
|
#
1.8 |
|
16-Feb-2001 |
itojun |
set frag6_doing_reass while doing reass, to help frag6_drain.
|
#
1.7 |
|
16-Feb-2001 |
itojun |
sync whitespace/comment with kame. to help merge tasks
|
Revision tags: OPENBSD_2_7_BASE OPENBSD_2_8_BASE SMP_BASE
|
#
1.6 |
|
07-Feb-2000 |
itojun |
branches: 1.6.2; fix include file path related to ip6.
|
#
1.5 |
|
04-Feb-2000 |
itojun |
make IPv6 reass work on alpha. NetBSD PR 9340.
|
#
1.4 |
|
08-Jan-2000 |
deraadt |
pull in arc4random() prototype
|
#
1.3 |
|
08-Jan-2000 |
deraadt |
use arc4random() instead of random for two reasons. 1) on some architectures, random() should only be used by the scheduler (ie. statintr() because it is uniformly distributed 2) arc4random() is actually strong, random() is not at all
|
#
1.2 |
|
10-Dec-1999 |
angelos |
Remove remaining unnecessary ifdefs (itojun will hate me for this :-)
|
Revision tags: kame_19991208
|
#
1.1 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
#
1.83 |
|
22-Aug-2018 |
cheloha |
frag6_slowtimo: push NET_LOCK into frag6_freef around icmp6_error.
icmp6_error() still probably needs the NET_LOCK, as the call chain icmp6_error -> icmp6_reflect -> rt_match -> rt_clone -> rtrequest is possible.
The fragment discard loop in frag6_slowtimo and the other cleanup bits in frag6_freef do not require it however. So push the lock down into frag6_freef around icmp6_error.
Prompted by mpi. Discussed with bluhm and kn. Regress test help by bluhm. Additional testing by kn.
ok kn@ visa@ mpi@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.82 |
|
01-Feb-2018 |
bluhm |
The function ip6_get_prevhdr() did return a pointer into a mbuf. It was not guaranteed that the mbuf data was not somewhere else in the chain. So return an offset and do a proper mbuf pulldown. found by Maxime Villard; from NetBSD; with markus@; OK deraadt@
|
#
1.81 |
|
14-Nov-2017 |
bluhm |
Put the net lock around frag6_freef() as it sends ICMP6 error messages. Splassert was triggered by regress/sys/netinet6/frag6. OK mpi@ sashan@ visa@
|
#
1.80 |
|
13-Nov-2017 |
mpi |
Remove 18 year old #if 0.
ok visa@, benno@
|
#
1.79 |
|
07-Nov-2017 |
visa |
Serialize access to the IPv6 reassembly queue with a mutex. This lets the code run without KERNEL_LOCK() and NET_LOCK().
In addition, this patch reorganizes a part of the code, to move some of the memory release operations outside the critical section.
Input and OK mpi@, OK florian@, an earlier version OK bluhm@
|
#
1.78 |
|
05-Nov-2017 |
florian |
Finish off pr_drain functions, they haven't been used since 2006. OK mpi
|
#
1.77 |
|
29-Oct-2017 |
florian |
Move NET_{,UN}LOCK into individual slowtimo functions.
Direction suggested by mpi
OK mpi, visa
|
#
1.76 |
|
27-Oct-2017 |
visa |
Allocate IPv6 reassembly structs using pools instead of malloc(), and drop the now redundant allocation type M_FTABLE.
OK mikeb@, bluhm@, mpi@
|
#
1.75 |
|
26-Oct-2017 |
visa |
Replace macro `IP6_REASS_MBUF' with direct use of field `ip6af_m'.
OK bluhm@, mpi@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.74 |
|
16-May-2017 |
mpi |
branches: 1.74.4; Replace remaining splsoftassert(IPL_SOFTNET) by NET_ASSERT_LOCKED().
ok visa@
|
#
1.73 |
|
14-Apr-2017 |
bluhm |
Pass down the address family through the pr_input calls. This allows to simplify code used for both IPv4 and IPv6. OK mikeb@ deraadt@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.72 |
|
05-Feb-2017 |
jca |
branches: 1.72.4; Use percpu counters for ip6stat
Try to follow the existing examples. Some notes: - don't implement counters_dec() yet, which could be used in two similar chunks of code. Let's see if there are more users first. - stop incrementing IPv6-specific mbuf stats, IPv4 has no equivalent.
Input from mpi@, ok bluhm@ mpi@
|
#
1.71 |
|
28-Nov-2016 |
mpi |
Assert that every slow/fast timeout routine is called at IPL_SOFTNET.
This removes multipe recursive splsoftnet()/splx() dances.
|
#
1.70 |
|
24-Oct-2016 |
bluhm |
When the IPv6 network stack receives an empty non atomic fragment, just drop it. It can never overlap existing content, there is no ambiguous payload. So save resources and do not try to insert it into the queue. This makes our IPv6 stack behave like pf fragment reassembly. OK deraadt@
|
#
1.69 |
|
24-Aug-2016 |
mpi |
Kill ip6_forward_rt reducing differences between v4 and v6.
A single forwarding cache is not the answer. The answer is 42... err PF!
ok bluhm@
|
#
1.68 |
|
22-Aug-2016 |
mpi |
Sizes for free(9) from David Hill.
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.67 |
|
07-Mar-2016 |
naddy |
Sync no-argument function declaration and definition by adding (void). ok mpi@ millert@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.66 |
|
03-Dec-2015 |
tedu |
rewrite if to be more clear. ok bluhm stsp
|
#
1.65 |
|
22-Oct-2015 |
mpi |
Kill dead code missed in per-ifp counter removal.
ok millert@, bluhm@
|
#
1.64 |
|
19-Oct-2015 |
mpi |
Remove superfluous NULL checks.
ifa are refcounted to ensure that rt_ifa is always valid.
|
#
1.63 |
|
10-Sep-2015 |
mpi |
Kill in6_ifstat_inc() and associated per-ifp storage.
The SIOCGIFSTAT_IN6 is no longer supported.
ok mikeb@, claudio@, dlg@
|
#
1.62 |
|
09-Sep-2015 |
mpi |
Kill some commented out in6_ifstat_inc().
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.61 |
|
08-Jul-2015 |
mpi |
unifdef IN6_IFSTAT_STRICT.
ok deraadt@, millert@
|
#
1.60 |
|
16-Jun-2015 |
mpi |
Store a unique ID, an interface index, rather than a pointer to the receiving interface in the packet header of every mbuf.
The interface pointer should now be retrieved when necessary with if_get(). If a NULL pointer is returned by if_get(), the interface has probably been destroy/removed and the mbuf should be freed.
Such mechanism will simplify garbage collection of mbufs and limit problems with dangling ifp pointers.
Tested by jmatthew@ and krw@, discussed with many.
ok mikeb@, bluhm@, dlg@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.59 |
|
08-Dec-2014 |
mpi |
Do not use a "struct route" when a "struct rtentry" is enough.
ok millert@, bluhm@
|
#
1.58 |
|
05-Dec-2014 |
mpi |
Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.
ok mikeb@, krw@, bluhm@, tedu@
|
#
1.57 |
|
18-Nov-2014 |
tedu |
move arc4random prototype to systm.h. more appropriate for most code to include that than rdnvar.h. ok deraadt dlg
|
#
1.56 |
|
14-Oct-2014 |
mpi |
Use rtfree() instead of RTFREE(), NULLify some free'd route pointers and kill the macro.
ok mikeb@, henning@
|
#
1.55 |
|
27-Sep-2014 |
mpi |
Kill rtalloc() and update rtalloc1() and rtalloc_mpath() to no longer rely on "struct route" that should die.
ok claudio@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.54 |
|
22-Jul-2014 |
mpi |
Fewer <netinet/in_systm.h> !
|
#
1.53 |
|
12-Jul-2014 |
tedu |
add a size argument to free. will be used soon, but for now default to 0. after discussions with beck deraadt kettenis.
|
#
1.52 |
|
14-Apr-2014 |
mpi |
"struct pkthdr" holds a routing table ID, not a routing domain one. Avoid the confusion by using an appropriate name for the variable.
Note that since routing domain IDs are a subset of the set of routing table IDs, the following idiom is correct:
rtableid = rdomain
But to get the routing domain ID corresponding to a given routing table ID, you must call rtable_l2(9).
claudio@ likes it, ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.51 |
|
11-Nov-2013 |
mpi |
Replace most of our formating functions to convert IPv4/6 addresses from network to presentation format to inet_ntop().
The few remaining functions will be soon converted.
ok mikeb@, deraadt@ and moral support from henning@
|
#
1.50 |
|
20-Oct-2013 |
phessler |
Put a large chunk of the IPv6 rdomain support in-tree.
Still some important missing pieces, and this is not yet enabled.
OK bluhm@
|
#
1.49 |
|
17-Oct-2013 |
bluhm |
The header file netinet/in_var.h included netinet6/in6_var.h. This created a bunch of useless dependencies. Remove this implicit inclusion and do an explicit #include <netinet6/in6_var.h> when it is needed. OK mpi@ henning@
|
#
1.48 |
|
27-Aug-2013 |
mpi |
Sync comment with reality, the draft is now an RFC and OpenBSD follows it since bluhm@ implemented it in 2012.
From Loganaden Velvindron, ok claudio@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.47 |
|
11-Jun-2013 |
deraadt |
Replace all ovbcopy with memmove; swap the src and dst arguments too ok otto
|
#
1.46 |
|
31-May-2013 |
bluhm |
Remove a bunch of sockaddr_in6 pointer casts and replace others with sin6tosa() or satosin6() inline functions. This allows the compiler to check the types more strictly. OK mpi@
|
#
1.45 |
|
22-Mar-2013 |
tedu |
simple replacement of LIST_END with NULL. ok mpi
|
#
1.44 |
|
04-Mar-2013 |
bluhm |
Replace the cast to struct in6_ifaddr pointer with the ifatoia6() macro. No binary change. OK claudio@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.43 |
|
28-Dec-2012 |
gsoares |
change the malloc(9) flags from M_DONTWAIT to M_NOWAIT; OK millert@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.42 |
|
24-Jan-2012 |
bluhm |
Add a short cut for atomic IPv6 fragments. They will be processed immediately and not go through the fragment queue. See draft-gont-6man-ipv6-atomic-fragments-00.txt. tested and ok sperreault@
|
#
1.41 |
|
23-Jan-2012 |
bluhm |
Do not keep state when dropping overlapping IPv6 fragments in pf and IPv6 stack. ok sperreault@
|
#
1.40 |
|
10-Jan-2012 |
bluhm |
Implement RFC 5722 and drop all IPv6 fragments that belong to a packet with overlapping fragments. ok henning@
|
#
1.39 |
|
10-Jan-2012 |
bluhm |
Flush the cached IPv6 forward route every 500 ms. This prevents wrong checks for local addresses and wrong packet forwarding in environments with only one communication partner and changing addresses or routes. Remove the #if 0 around the existing code to make IPv6 behave like IPv4. ok henning@
|
#
1.38 |
|
09-Jan-2012 |
bluhm |
Remove the IPv6 fragment overlapping length adjustment code. It was already #if 0 and will never come back. Remove unused fragment struct fields and sort the others. ok henning@
|
#
1.37 |
|
09-Jan-2012 |
bluhm |
Replace the hand-crafted queue for IPv6 fragments with LIST. ok henning@
|
#
1.36 |
|
05-Jan-2012 |
bluhm |
Remove dead code from #if 0: we do not have an ipsrcchk_rt anywhere else. from FreeBSD; ok henning@
|
#
1.35 |
|
05-Jan-2012 |
bluhm |
Replace the hand-crafted queue for fragmented IPv6 packets with TAILQ. ok henning@
|
Revision tags: OPENBSD_5_0_BASE
|
#
1.34 |
|
02-May-2011 |
chl |
Fix potential null dereference.
Found by LLVM/Clang Static Analyzer.
ok claudio@ henning@
|
#
1.33 |
|
03-Apr-2011 |
stsp |
Kill redundant offsetof definitions; ok deraadt henning sthen thib
|
#
1.32 |
|
06-Mar-2011 |
bluhm |
Extract the new function frag6_deletefraghdr() from frag6_input() to make it reusable by pf. No functional change. ok henning@, claudio@
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.31 |
|
13-Jan-2011 |
bluhm |
In frag6_input() there was an mbuf length calculation error. If you want to move "offset" bytes forward by "sizeof(struct ip6_frag)" bytes within an mbuf, you must have at least "offset + sizeof(struct ip6_frag)" bytes space in that mbuf. Fix from KAME, FreeBSD also has it. ok claudio@ markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.30 |
|
07-May-2010 |
claudio |
Start cleaning up the mess called rtalloc*. Kill rtalloc2, make rtalloc1 accept flags for report and nocloning. Move the rtableid into struct route (with a minor twist for now) and make a few more codepathes rdomain aware. Appart from the pf.c and route.c bits the diff is mostly mechanical. More to come... OK michele, henning
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.29 |
|
08-Feb-2010 |
jsing |
Destatic and ansify.
ok claudio@ naddy@
|
#
1.28 |
|
27-Dec-2009 |
jasper |
- obvious typo in comment, from holger mikolon
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.27 |
|
23-Nov-2008 |
claudio |
When accessing cached routes make sure the route is actually still valid. Before accessing a ro_rt make sure the route is either freshly allocated or RTF_UP is set. If not ro_rt should be freed and reallocated or at least no info from the ro_rt should be considered valid. This seems to solve the crashes seen by Felipe Alfaro Solana. some sort of OK dlg@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.26 |
|
11-Jun-2008 |
mcbride |
ANSIfy to sync with KAME. From Karl Sjodahl <dunceor@gmail.com>.
ok todd deraadt naddy bluhm
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.25 |
|
09-Dec-2007 |
hshoexer |
take advantage of M_ZERO
ok claudio gilles
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.24 |
|
01-May-2007 |
ray |
framgent -> fragment
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE
|
#
1.23 |
|
18-Jun-2006 |
pascoe |
Add support for equal-cost multipath IP.
To minimise path disruptions, this implements recommendations made in RFC2992 - the hash-threshold mechanism to select paths based on source/destination IP address pairs, and inserts multipath routes in the middle of the route table.
To enable multipath distribution, use: sysctl net.inet.ip.multipath=1 and/or: sysctl net.inet6.ip6.multipath=1
testing norby@ ok claudio@ henning@ hshoexer@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.22 |
|
20-Nov-2005 |
brad |
splimp -> splvm. mbuf allocation here.
ok henning@
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.21 |
|
01-Oct-2003 |
itojun |
use random number generator to generate IPv6 fragment ID/flowlabel. cleanup IPv6 flowlabel handling. deraadt ok
|
Revision tags: OPENBSD_3_4_BASE UBC_SYNC_A
|
#
1.20 |
|
14-May-2003 |
itojun |
make PULLDOWN_TEST codepath the default (has been default for a long time). markus ok
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_B
|
#
1.19 |
|
11-Sep-2002 |
itojun |
fix pointer signedness mixup. sync w/kame
|
#
1.18 |
|
11-Sep-2002 |
itojun |
KNF - return is not a function. sync w/kame
|
#
1.17 |
|
08-Jun-2002 |
itojun |
splnet -> splsoftnet where appropriate
|
#
1.16 |
|
28-May-2002 |
itojun |
limit number of IPv6 fragments (not the fragment queue size) to fight against lots-of-frags DoS attacks. sync w/kame
|
#
1.15 |
|
27-May-2002 |
deraadt |
kill __P
|
#
1.14 |
|
16-May-2002 |
kjc |
bring in ECN support from KAME. it consists of - ECN support in TCP - tunnel-egress and fragment reassembly rules in layer-3 not to lose congestion info at tunnel-egress and fragment reassembly
to enable ECN in TCP, build a kernel with TCP_ECN, and then, turn it on by "sysctl -w net.inet.tcp.ecn=1".
ok deraadt@
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.13 |
|
15-Mar-2002 |
itojun |
have a real lock around IPv6 reassembly.
|
#
1.12 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: OPENBSD_3_0_BASE UBC_BASE
|
#
1.11 |
|
09-Jun-2001 |
angelos |
branches: 1.11.4; No need for net/net_osdep.h
|
#
1.10 |
|
17-May-2001 |
itojun |
fix memory leak on ipv6 reass failure. sync with kame
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.9 |
|
22-Feb-2001 |
itojun |
correct behavior when ip6 reass queue reaches the upper limit.
|
#
1.8 |
|
16-Feb-2001 |
itojun |
set frag6_doing_reass while doing reass, to help frag6_drain.
|
#
1.7 |
|
16-Feb-2001 |
itojun |
sync whitespace/comment with kame. to help merge tasks
|
Revision tags: OPENBSD_2_7_BASE OPENBSD_2_8_BASE SMP_BASE
|
#
1.6 |
|
07-Feb-2000 |
itojun |
branches: 1.6.2; fix include file path related to ip6.
|
#
1.5 |
|
04-Feb-2000 |
itojun |
make IPv6 reass work on alpha. NetBSD PR 9340.
|
#
1.4 |
|
08-Jan-2000 |
deraadt |
pull in arc4random() prototype
|
#
1.3 |
|
08-Jan-2000 |
deraadt |
use arc4random() instead of random for two reasons. 1) on some architectures, random() should only be used by the scheduler (ie. statintr() because it is uniformly distributed 2) arc4random() is actually strong, random() is not at all
|
#
1.2 |
|
10-Dec-1999 |
angelos |
Remove remaining unnecessary ifdefs (itojun will hate me for this :-)
|
Revision tags: kame_19991208
|
#
1.1 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
#
1.82 |
|
01-Feb-2018 |
bluhm |
The function ip6_get_prevhdr() did return a pointer into a mbuf. It was not guaranteed that the mbuf data was not somewhere else in the chain. So return an offset and do a proper mbuf pulldown. found by Maxime Villard; from NetBSD; with markus@; OK deraadt@
|
#
1.81 |
|
14-Nov-2017 |
bluhm |
Put the net lock around frag6_freef() as it sends ICMP6 error messages. Splassert was triggered by regress/sys/netinet6/frag6. OK mpi@ sashan@ visa@
|
#
1.80 |
|
13-Nov-2017 |
mpi |
Remove 18 year old #if 0.
ok visa@, benno@
|
#
1.79 |
|
07-Nov-2017 |
visa |
Serialize access to the IPv6 reassembly queue with a mutex. This lets the code run without KERNEL_LOCK() and NET_LOCK().
In addition, this patch reorganizes a part of the code, to move some of the memory release operations outside the critical section.
Input and OK mpi@, OK florian@, an earlier version OK bluhm@
|
#
1.78 |
|
05-Nov-2017 |
florian |
Finish off pr_drain functions, they haven't been used since 2006. OK mpi
|
#
1.77 |
|
29-Oct-2017 |
florian |
Move NET_{,UN}LOCK into individual slowtimo functions.
Direction suggested by mpi
OK mpi, visa
|
#
1.76 |
|
27-Oct-2017 |
visa |
Allocate IPv6 reassembly structs using pools instead of malloc(), and drop the now redundant allocation type M_FTABLE.
OK mikeb@, bluhm@, mpi@
|
#
1.75 |
|
26-Oct-2017 |
visa |
Replace macro `IP6_REASS_MBUF' with direct use of field `ip6af_m'.
OK bluhm@, mpi@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.74 |
|
16-May-2017 |
mpi |
branches: 1.74.4; Replace remaining splsoftassert(IPL_SOFTNET) by NET_ASSERT_LOCKED().
ok visa@
|
#
1.73 |
|
14-Apr-2017 |
bluhm |
Pass down the address family through the pr_input calls. This allows to simplify code used for both IPv4 and IPv6. OK mikeb@ deraadt@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.72 |
|
05-Feb-2017 |
jca |
branches: 1.72.4; Use percpu counters for ip6stat
Try to follow the existing examples. Some notes: - don't implement counters_dec() yet, which could be used in two similar chunks of code. Let's see if there are more users first. - stop incrementing IPv6-specific mbuf stats, IPv4 has no equivalent.
Input from mpi@, ok bluhm@ mpi@
|
#
1.71 |
|
28-Nov-2016 |
mpi |
Assert that every slow/fast timeout routine is called at IPL_SOFTNET.
This removes multipe recursive splsoftnet()/splx() dances.
|
#
1.70 |
|
24-Oct-2016 |
bluhm |
When the IPv6 network stack receives an empty non atomic fragment, just drop it. It can never overlap existing content, there is no ambiguous payload. So save resources and do not try to insert it into the queue. This makes our IPv6 stack behave like pf fragment reassembly. OK deraadt@
|
#
1.69 |
|
24-Aug-2016 |
mpi |
Kill ip6_forward_rt reducing differences between v4 and v6.
A single forwarding cache is not the answer. The answer is 42... err PF!
ok bluhm@
|
#
1.68 |
|
22-Aug-2016 |
mpi |
Sizes for free(9) from David Hill.
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.67 |
|
07-Mar-2016 |
naddy |
Sync no-argument function declaration and definition by adding (void). ok mpi@ millert@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.66 |
|
03-Dec-2015 |
tedu |
rewrite if to be more clear. ok bluhm stsp
|
#
1.65 |
|
22-Oct-2015 |
mpi |
Kill dead code missed in per-ifp counter removal.
ok millert@, bluhm@
|
#
1.64 |
|
19-Oct-2015 |
mpi |
Remove superfluous NULL checks.
ifa are refcounted to ensure that rt_ifa is always valid.
|
#
1.63 |
|
10-Sep-2015 |
mpi |
Kill in6_ifstat_inc() and associated per-ifp storage.
The SIOCGIFSTAT_IN6 is no longer supported.
ok mikeb@, claudio@, dlg@
|
#
1.62 |
|
09-Sep-2015 |
mpi |
Kill some commented out in6_ifstat_inc().
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.61 |
|
08-Jul-2015 |
mpi |
unifdef IN6_IFSTAT_STRICT.
ok deraadt@, millert@
|
#
1.60 |
|
16-Jun-2015 |
mpi |
Store a unique ID, an interface index, rather than a pointer to the receiving interface in the packet header of every mbuf.
The interface pointer should now be retrieved when necessary with if_get(). If a NULL pointer is returned by if_get(), the interface has probably been destroy/removed and the mbuf should be freed.
Such mechanism will simplify garbage collection of mbufs and limit problems with dangling ifp pointers.
Tested by jmatthew@ and krw@, discussed with many.
ok mikeb@, bluhm@, dlg@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.59 |
|
08-Dec-2014 |
mpi |
Do not use a "struct route" when a "struct rtentry" is enough.
ok millert@, bluhm@
|
#
1.58 |
|
05-Dec-2014 |
mpi |
Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.
ok mikeb@, krw@, bluhm@, tedu@
|
#
1.57 |
|
18-Nov-2014 |
tedu |
move arc4random prototype to systm.h. more appropriate for most code to include that than rdnvar.h. ok deraadt dlg
|
#
1.56 |
|
14-Oct-2014 |
mpi |
Use rtfree() instead of RTFREE(), NULLify some free'd route pointers and kill the macro.
ok mikeb@, henning@
|
#
1.55 |
|
27-Sep-2014 |
mpi |
Kill rtalloc() and update rtalloc1() and rtalloc_mpath() to no longer rely on "struct route" that should die.
ok claudio@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.54 |
|
22-Jul-2014 |
mpi |
Fewer <netinet/in_systm.h> !
|
#
1.53 |
|
12-Jul-2014 |
tedu |
add a size argument to free. will be used soon, but for now default to 0. after discussions with beck deraadt kettenis.
|
#
1.52 |
|
14-Apr-2014 |
mpi |
"struct pkthdr" holds a routing table ID, not a routing domain one. Avoid the confusion by using an appropriate name for the variable.
Note that since routing domain IDs are a subset of the set of routing table IDs, the following idiom is correct:
rtableid = rdomain
But to get the routing domain ID corresponding to a given routing table ID, you must call rtable_l2(9).
claudio@ likes it, ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.51 |
|
11-Nov-2013 |
mpi |
Replace most of our formating functions to convert IPv4/6 addresses from network to presentation format to inet_ntop().
The few remaining functions will be soon converted.
ok mikeb@, deraadt@ and moral support from henning@
|
#
1.50 |
|
20-Oct-2013 |
phessler |
Put a large chunk of the IPv6 rdomain support in-tree.
Still some important missing pieces, and this is not yet enabled.
OK bluhm@
|
#
1.49 |
|
17-Oct-2013 |
bluhm |
The header file netinet/in_var.h included netinet6/in6_var.h. This created a bunch of useless dependencies. Remove this implicit inclusion and do an explicit #include <netinet6/in6_var.h> when it is needed. OK mpi@ henning@
|
#
1.48 |
|
27-Aug-2013 |
mpi |
Sync comment with reality, the draft is now an RFC and OpenBSD follows it since bluhm@ implemented it in 2012.
From Loganaden Velvindron, ok claudio@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.47 |
|
11-Jun-2013 |
deraadt |
Replace all ovbcopy with memmove; swap the src and dst arguments too ok otto
|
#
1.46 |
|
31-May-2013 |
bluhm |
Remove a bunch of sockaddr_in6 pointer casts and replace others with sin6tosa() or satosin6() inline functions. This allows the compiler to check the types more strictly. OK mpi@
|
#
1.45 |
|
22-Mar-2013 |
tedu |
simple replacement of LIST_END with NULL. ok mpi
|
#
1.44 |
|
04-Mar-2013 |
bluhm |
Replace the cast to struct in6_ifaddr pointer with the ifatoia6() macro. No binary change. OK claudio@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.43 |
|
28-Dec-2012 |
gsoares |
change the malloc(9) flags from M_DONTWAIT to M_NOWAIT; OK millert@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.42 |
|
24-Jan-2012 |
bluhm |
Add a short cut for atomic IPv6 fragments. They will be processed immediately and not go through the fragment queue. See draft-gont-6man-ipv6-atomic-fragments-00.txt. tested and ok sperreault@
|
#
1.41 |
|
23-Jan-2012 |
bluhm |
Do not keep state when dropping overlapping IPv6 fragments in pf and IPv6 stack. ok sperreault@
|
#
1.40 |
|
10-Jan-2012 |
bluhm |
Implement RFC 5722 and drop all IPv6 fragments that belong to a packet with overlapping fragments. ok henning@
|
#
1.39 |
|
10-Jan-2012 |
bluhm |
Flush the cached IPv6 forward route every 500 ms. This prevents wrong checks for local addresses and wrong packet forwarding in environments with only one communication partner and changing addresses or routes. Remove the #if 0 around the existing code to make IPv6 behave like IPv4. ok henning@
|
#
1.38 |
|
09-Jan-2012 |
bluhm |
Remove the IPv6 fragment overlapping length adjustment code. It was already #if 0 and will never come back. Remove unused fragment struct fields and sort the others. ok henning@
|
#
1.37 |
|
09-Jan-2012 |
bluhm |
Replace the hand-crafted queue for IPv6 fragments with LIST. ok henning@
|
#
1.36 |
|
05-Jan-2012 |
bluhm |
Remove dead code from #if 0: we do not have an ipsrcchk_rt anywhere else. from FreeBSD; ok henning@
|
#
1.35 |
|
05-Jan-2012 |
bluhm |
Replace the hand-crafted queue for fragmented IPv6 packets with TAILQ. ok henning@
|
Revision tags: OPENBSD_5_0_BASE
|
#
1.34 |
|
02-May-2011 |
chl |
Fix potential null dereference.
Found by LLVM/Clang Static Analyzer.
ok claudio@ henning@
|
#
1.33 |
|
03-Apr-2011 |
stsp |
Kill redundant offsetof definitions; ok deraadt henning sthen thib
|
#
1.32 |
|
06-Mar-2011 |
bluhm |
Extract the new function frag6_deletefraghdr() from frag6_input() to make it reusable by pf. No functional change. ok henning@, claudio@
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.31 |
|
13-Jan-2011 |
bluhm |
In frag6_input() there was an mbuf length calculation error. If you want to move "offset" bytes forward by "sizeof(struct ip6_frag)" bytes within an mbuf, you must have at least "offset + sizeof(struct ip6_frag)" bytes space in that mbuf. Fix from KAME, FreeBSD also has it. ok claudio@ markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.30 |
|
07-May-2010 |
claudio |
Start cleaning up the mess called rtalloc*. Kill rtalloc2, make rtalloc1 accept flags for report and nocloning. Move the rtableid into struct route (with a minor twist for now) and make a few more codepathes rdomain aware. Appart from the pf.c and route.c bits the diff is mostly mechanical. More to come... OK michele, henning
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.29 |
|
08-Feb-2010 |
jsing |
Destatic and ansify.
ok claudio@ naddy@
|
#
1.28 |
|
27-Dec-2009 |
jasper |
- obvious typo in comment, from holger mikolon
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.27 |
|
23-Nov-2008 |
claudio |
When accessing cached routes make sure the route is actually still valid. Before accessing a ro_rt make sure the route is either freshly allocated or RTF_UP is set. If not ro_rt should be freed and reallocated or at least no info from the ro_rt should be considered valid. This seems to solve the crashes seen by Felipe Alfaro Solana. some sort of OK dlg@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.26 |
|
11-Jun-2008 |
mcbride |
ANSIfy to sync with KAME. From Karl Sjodahl <dunceor@gmail.com>.
ok todd deraadt naddy bluhm
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.25 |
|
09-Dec-2007 |
hshoexer |
take advantage of M_ZERO
ok claudio gilles
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.24 |
|
01-May-2007 |
ray |
framgent -> fragment
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE
|
#
1.23 |
|
18-Jun-2006 |
pascoe |
Add support for equal-cost multipath IP.
To minimise path disruptions, this implements recommendations made in RFC2992 - the hash-threshold mechanism to select paths based on source/destination IP address pairs, and inserts multipath routes in the middle of the route table.
To enable multipath distribution, use: sysctl net.inet.ip.multipath=1 and/or: sysctl net.inet6.ip6.multipath=1
testing norby@ ok claudio@ henning@ hshoexer@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.22 |
|
20-Nov-2005 |
brad |
splimp -> splvm. mbuf allocation here.
ok henning@
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.21 |
|
01-Oct-2003 |
itojun |
use random number generator to generate IPv6 fragment ID/flowlabel. cleanup IPv6 flowlabel handling. deraadt ok
|
Revision tags: OPENBSD_3_4_BASE UBC_SYNC_A
|
#
1.20 |
|
14-May-2003 |
itojun |
make PULLDOWN_TEST codepath the default (has been default for a long time). markus ok
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_B
|
#
1.19 |
|
11-Sep-2002 |
itojun |
fix pointer signedness mixup. sync w/kame
|
#
1.18 |
|
11-Sep-2002 |
itojun |
KNF - return is not a function. sync w/kame
|
#
1.17 |
|
08-Jun-2002 |
itojun |
splnet -> splsoftnet where appropriate
|
#
1.16 |
|
28-May-2002 |
itojun |
limit number of IPv6 fragments (not the fragment queue size) to fight against lots-of-frags DoS attacks. sync w/kame
|
#
1.15 |
|
27-May-2002 |
deraadt |
kill __P
|
#
1.14 |
|
16-May-2002 |
kjc |
bring in ECN support from KAME. it consists of - ECN support in TCP - tunnel-egress and fragment reassembly rules in layer-3 not to lose congestion info at tunnel-egress and fragment reassembly
to enable ECN in TCP, build a kernel with TCP_ECN, and then, turn it on by "sysctl -w net.inet.tcp.ecn=1".
ok deraadt@
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.13 |
|
15-Mar-2002 |
itojun |
have a real lock around IPv6 reassembly.
|
#
1.12 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: OPENBSD_3_0_BASE UBC_BASE
|
#
1.11 |
|
09-Jun-2001 |
angelos |
branches: 1.11.4; No need for net/net_osdep.h
|
#
1.10 |
|
17-May-2001 |
itojun |
fix memory leak on ipv6 reass failure. sync with kame
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.9 |
|
22-Feb-2001 |
itojun |
correct behavior when ip6 reass queue reaches the upper limit.
|
#
1.8 |
|
16-Feb-2001 |
itojun |
set frag6_doing_reass while doing reass, to help frag6_drain.
|
#
1.7 |
|
16-Feb-2001 |
itojun |
sync whitespace/comment with kame. to help merge tasks
|
Revision tags: OPENBSD_2_7_BASE OPENBSD_2_8_BASE SMP_BASE
|
#
1.6 |
|
07-Feb-2000 |
itojun |
branches: 1.6.2; fix include file path related to ip6.
|
#
1.5 |
|
04-Feb-2000 |
itojun |
make IPv6 reass work on alpha. NetBSD PR 9340.
|
#
1.4 |
|
08-Jan-2000 |
deraadt |
pull in arc4random() prototype
|
#
1.3 |
|
08-Jan-2000 |
deraadt |
use arc4random() instead of random for two reasons. 1) on some architectures, random() should only be used by the scheduler (ie. statintr() because it is uniformly distributed 2) arc4random() is actually strong, random() is not at all
|
#
1.2 |
|
10-Dec-1999 |
angelos |
Remove remaining unnecessary ifdefs (itojun will hate me for this :-)
|
Revision tags: kame_19991208
|
#
1.1 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
#
1.81 |
|
14-Nov-2017 |
bluhm |
Put the net lock around frag6_freef() as it sends ICMP6 error messages. Splassert was triggered by regress/sys/netinet6/frag6. OK mpi@ sashan@ visa@
|
#
1.80 |
|
13-Nov-2017 |
mpi |
Remove 18 year old #if 0.
ok visa@, benno@
|
#
1.79 |
|
07-Nov-2017 |
visa |
Serialize access to the IPv6 reassembly queue with a mutex. This lets the code run without KERNEL_LOCK() and NET_LOCK().
In addition, this patch reorganizes a part of the code, to move some of the memory release operations outside the critical section.
Input and OK mpi@, OK florian@, an earlier version OK bluhm@
|
#
1.78 |
|
05-Nov-2017 |
florian |
Finish off pr_drain functions, they haven't been used since 2006. OK mpi
|
#
1.77 |
|
29-Oct-2017 |
florian |
Move NET_{,UN}LOCK into individual slowtimo functions.
Direction suggested by mpi
OK mpi, visa
|
#
1.76 |
|
27-Oct-2017 |
visa |
Allocate IPv6 reassembly structs using pools instead of malloc(), and drop the now redundant allocation type M_FTABLE.
OK mikeb@, bluhm@, mpi@
|
#
1.75 |
|
26-Oct-2017 |
visa |
Replace macro `IP6_REASS_MBUF' with direct use of field `ip6af_m'.
OK bluhm@, mpi@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.74 |
|
16-May-2017 |
mpi |
Replace remaining splsoftassert(IPL_SOFTNET) by NET_ASSERT_LOCKED().
ok visa@
|
#
1.73 |
|
14-Apr-2017 |
bluhm |
Pass down the address family through the pr_input calls. This allows to simplify code used for both IPv4 and IPv6. OK mikeb@ deraadt@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.72 |
|
05-Feb-2017 |
jca |
Use percpu counters for ip6stat
Try to follow the existing examples. Some notes: - don't implement counters_dec() yet, which could be used in two similar chunks of code. Let's see if there are more users first. - stop incrementing IPv6-specific mbuf stats, IPv4 has no equivalent.
Input from mpi@, ok bluhm@ mpi@
|
#
1.71 |
|
28-Nov-2016 |
mpi |
Assert that every slow/fast timeout routine is called at IPL_SOFTNET.
This removes multipe recursive splsoftnet()/splx() dances.
|
#
1.70 |
|
24-Oct-2016 |
bluhm |
When the IPv6 network stack receives an empty non atomic fragment, just drop it. It can never overlap existing content, there is no ambiguous payload. So save resources and do not try to insert it into the queue. This makes our IPv6 stack behave like pf fragment reassembly. OK deraadt@
|
#
1.69 |
|
24-Aug-2016 |
mpi |
Kill ip6_forward_rt reducing differences between v4 and v6.
A single forwarding cache is not the answer. The answer is 42... err PF!
ok bluhm@
|
#
1.68 |
|
22-Aug-2016 |
mpi |
Sizes for free(9) from David Hill.
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.67 |
|
07-Mar-2016 |
naddy |
Sync no-argument function declaration and definition by adding (void). ok mpi@ millert@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.66 |
|
03-Dec-2015 |
tedu |
rewrite if to be more clear. ok bluhm stsp
|
#
1.65 |
|
22-Oct-2015 |
mpi |
Kill dead code missed in per-ifp counter removal.
ok millert@, bluhm@
|
#
1.64 |
|
19-Oct-2015 |
mpi |
Remove superfluous NULL checks.
ifa are refcounted to ensure that rt_ifa is always valid.
|
#
1.63 |
|
10-Sep-2015 |
mpi |
Kill in6_ifstat_inc() and associated per-ifp storage.
The SIOCGIFSTAT_IN6 is no longer supported.
ok mikeb@, claudio@, dlg@
|
#
1.62 |
|
09-Sep-2015 |
mpi |
Kill some commented out in6_ifstat_inc().
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.61 |
|
08-Jul-2015 |
mpi |
unifdef IN6_IFSTAT_STRICT.
ok deraadt@, millert@
|
#
1.60 |
|
16-Jun-2015 |
mpi |
Store a unique ID, an interface index, rather than a pointer to the receiving interface in the packet header of every mbuf.
The interface pointer should now be retrieved when necessary with if_get(). If a NULL pointer is returned by if_get(), the interface has probably been destroy/removed and the mbuf should be freed.
Such mechanism will simplify garbage collection of mbufs and limit problems with dangling ifp pointers.
Tested by jmatthew@ and krw@, discussed with many.
ok mikeb@, bluhm@, dlg@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.59 |
|
08-Dec-2014 |
mpi |
Do not use a "struct route" when a "struct rtentry" is enough.
ok millert@, bluhm@
|
#
1.58 |
|
05-Dec-2014 |
mpi |
Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.
ok mikeb@, krw@, bluhm@, tedu@
|
#
1.57 |
|
18-Nov-2014 |
tedu |
move arc4random prototype to systm.h. more appropriate for most code to include that than rdnvar.h. ok deraadt dlg
|
#
1.56 |
|
14-Oct-2014 |
mpi |
Use rtfree() instead of RTFREE(), NULLify some free'd route pointers and kill the macro.
ok mikeb@, henning@
|
#
1.55 |
|
27-Sep-2014 |
mpi |
Kill rtalloc() and update rtalloc1() and rtalloc_mpath() to no longer rely on "struct route" that should die.
ok claudio@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.54 |
|
22-Jul-2014 |
mpi |
Fewer <netinet/in_systm.h> !
|
#
1.53 |
|
12-Jul-2014 |
tedu |
add a size argument to free. will be used soon, but for now default to 0. after discussions with beck deraadt kettenis.
|
#
1.52 |
|
14-Apr-2014 |
mpi |
"struct pkthdr" holds a routing table ID, not a routing domain one. Avoid the confusion by using an appropriate name for the variable.
Note that since routing domain IDs are a subset of the set of routing table IDs, the following idiom is correct:
rtableid = rdomain
But to get the routing domain ID corresponding to a given routing table ID, you must call rtable_l2(9).
claudio@ likes it, ok mikeb@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.51 |
|
11-Nov-2013 |
mpi |
Replace most of our formating functions to convert IPv4/6 addresses from network to presentation format to inet_ntop().
The few remaining functions will be soon converted.
ok mikeb@, deraadt@ and moral support from henning@
|
#
1.50 |
|
20-Oct-2013 |
phessler |
Put a large chunk of the IPv6 rdomain support in-tree.
Still some important missing pieces, and this is not yet enabled.
OK bluhm@
|
#
1.49 |
|
17-Oct-2013 |
bluhm |
The header file netinet/in_var.h included netinet6/in6_var.h. This created a bunch of useless dependencies. Remove this implicit inclusion and do an explicit #include <netinet6/in6_var.h> when it is needed. OK mpi@ henning@
|
#
1.48 |
|
27-Aug-2013 |
mpi |
Sync comment with reality, the draft is now an RFC and OpenBSD follows it since bluhm@ implemented it in 2012.
From Loganaden Velvindron, ok claudio@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.47 |
|
11-Jun-2013 |
deraadt |
Replace all ovbcopy with memmove; swap the src and dst arguments too ok otto
|
#
1.46 |
|
31-May-2013 |
bluhm |
Remove a bunch of sockaddr_in6 pointer casts and replace others with sin6tosa() or satosin6() inline functions. This allows the compiler to check the types more strictly. OK mpi@
|
#
1.45 |
|
22-Mar-2013 |
tedu |
simple replacement of LIST_END with NULL. ok mpi
|
#
1.44 |
|
04-Mar-2013 |
bluhm |
Replace the cast to struct in6_ifaddr pointer with the ifatoia6() macro. No binary change. OK claudio@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.43 |
|
28-Dec-2012 |
gsoares |
change the malloc(9) flags from M_DONTWAIT to M_NOWAIT; OK millert@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.42 |
|
24-Jan-2012 |
bluhm |
Add a short cut for atomic IPv6 fragments. They will be processed immediately and not go through the fragment queue. See draft-gont-6man-ipv6-atomic-fragments-00.txt. tested and ok sperreault@
|
#
1.41 |
|
23-Jan-2012 |
bluhm |
Do not keep state when dropping overlapping IPv6 fragments in pf and IPv6 stack. ok sperreault@
|
#
1.40 |
|
10-Jan-2012 |
bluhm |
Implement RFC 5722 and drop all IPv6 fragments that belong to a packet with overlapping fragments. ok henning@
|
#
1.39 |
|
10-Jan-2012 |
bluhm |
Flush the cached IPv6 forward route every 500 ms. This prevents wrong checks for local addresses and wrong packet forwarding in environments with only one communication partner and changing addresses or routes. Remove the #if 0 around the existing code to make IPv6 behave like IPv4. ok henning@
|
#
1.38 |
|
09-Jan-2012 |
bluhm |
Remove the IPv6 fragment overlapping length adjustment code. It was already #if 0 and will never come back. Remove unused fragment struct fields and sort the others. ok henning@
|
#
1.37 |
|
09-Jan-2012 |
bluhm |
Replace the hand-crafted queue for IPv6 fragments with LIST. ok henning@
|
#
1.36 |
|
05-Jan-2012 |
bluhm |
Remove dead code from #if 0: we do not have an ipsrcchk_rt anywhere else. from FreeBSD; ok henning@
|
#
1.35 |
|
05-Jan-2012 |
bluhm |
Replace the hand-crafted queue for fragmented IPv6 packets with TAILQ. ok henning@
|
Revision tags: OPENBSD_5_0_BASE
|
#
1.34 |
|
02-May-2011 |
chl |
Fix potential null dereference.
Found by LLVM/Clang Static Analyzer.
ok claudio@ henning@
|
#
1.33 |
|
03-Apr-2011 |
stsp |
Kill redundant offsetof definitions; ok deraadt henning sthen thib
|
#
1.32 |
|
06-Mar-2011 |
bluhm |
Extract the new function frag6_deletefraghdr() from frag6_input() to make it reusable by pf. No functional change. ok henning@, claudio@
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.31 |
|
13-Jan-2011 |
bluhm |
In frag6_input() there was an mbuf length calculation error. If you want to move "offset" bytes forward by "sizeof(struct ip6_frag)" bytes within an mbuf, you must have at least "offset + sizeof(struct ip6_frag)" bytes space in that mbuf. Fix from KAME, FreeBSD also has it. ok claudio@ markus@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.30 |
|
07-May-2010 |
claudio |
Start cleaning up the mess called rtalloc*. Kill rtalloc2, make rtalloc1 accept flags for report and nocloning. Move the rtableid into struct route (with a minor twist for now) and make a few more codepathes rdomain aware. Appart from the pf.c and route.c bits the diff is mostly mechanical. More to come... OK michele, henning
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.29 |
|
08-Feb-2010 |
jsing |
Destatic and ansify.
ok claudio@ naddy@
|
#
1.28 |
|
27-Dec-2009 |
jasper |
- obvious typo in comment, from holger mikolon
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.27 |
|
23-Nov-2008 |
claudio |
When accessing cached routes make sure the route is actually still valid. Before accessing a ro_rt make sure the route is either freshly allocated or RTF_UP is set. If not ro_rt should be freed and reallocated or at least no info from the ro_rt should be considered valid. This seems to solve the crashes seen by Felipe Alfaro Solana. some sort of OK dlg@
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.26 |
|
11-Jun-2008 |
mcbride |
ANSIfy to sync with KAME. From Karl Sjodahl <dunceor@gmail.com>.
ok todd deraadt naddy bluhm
|
Revision tags: OPENBSD_4_3_BASE
|
#
1.25 |
|
09-Dec-2007 |
hshoexer |
take advantage of M_ZERO
ok claudio gilles
|
Revision tags: OPENBSD_4_2_BASE
|
#
1.24 |
|
01-May-2007 |
ray |
framgent -> fragment
|
Revision tags: OPENBSD_4_0_BASE OPENBSD_4_1_BASE
|
#
1.23 |
|
18-Jun-2006 |
pascoe |
Add support for equal-cost multipath IP.
To minimise path disruptions, this implements recommendations made in RFC2992 - the hash-threshold mechanism to select paths based on source/destination IP address pairs, and inserts multipath routes in the middle of the route table.
To enable multipath distribution, use: sysctl net.inet.ip.multipath=1 and/or: sysctl net.inet6.ip6.multipath=1
testing norby@ ok claudio@ henning@ hshoexer@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.22 |
|
20-Nov-2005 |
brad |
splimp -> splvm. mbuf allocation here.
ok henning@
|
Revision tags: OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.21 |
|
01-Oct-2003 |
itojun |
use random number generator to generate IPv6 fragment ID/flowlabel. cleanup IPv6 flowlabel handling. deraadt ok
|
Revision tags: OPENBSD_3_4_BASE UBC_SYNC_A
|
#
1.20 |
|
14-May-2003 |
itojun |
make PULLDOWN_TEST codepath the default (has been default for a long time). markus ok
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_B
|
#
1.19 |
|
11-Sep-2002 |
itojun |
fix pointer signedness mixup. sync w/kame
|
#
1.18 |
|
11-Sep-2002 |
itojun |
KNF - return is not a function. sync w/kame
|
#
1.17 |
|
08-Jun-2002 |
itojun |
splnet -> splsoftnet where appropriate
|
#
1.16 |
|
28-May-2002 |
itojun |
limit number of IPv6 fragments (not the fragment queue size) to fight against lots-of-frags DoS attacks. sync w/kame
|
#
1.15 |
|
27-May-2002 |
deraadt |
kill __P
|
#
1.14 |
|
16-May-2002 |
kjc |
bring in ECN support from KAME. it consists of - ECN support in TCP - tunnel-egress and fragment reassembly rules in layer-3 not to lose congestion info at tunnel-egress and fragment reassembly
to enable ECN in TCP, build a kernel with TCP_ECN, and then, turn it on by "sysctl -w net.inet.tcp.ecn=1".
ok deraadt@
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.13 |
|
15-Mar-2002 |
itojun |
have a real lock around IPv6 reassembly.
|
#
1.12 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: OPENBSD_3_0_BASE UBC_BASE
|
#
1.11 |
|
09-Jun-2001 |
angelos |
branches: 1.11.4; No need for net/net_osdep.h
|
#
1.10 |
|
17-May-2001 |
itojun |
fix memory leak on ipv6 reass failure. sync with kame
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.9 |
|
22-Feb-2001 |
itojun |
correct behavior when ip6 reass queue reaches the upper limit.
|
#
1.8 |
|
16-Feb-2001 |
itojun |
set frag6_doing_reass while doing reass, to help frag6_drain.
|
#
1.7 |
|
16-Feb-2001 |
itojun |
sync whitespace/comment with kame. to help merge tasks
|
Revision tags: OPENBSD_2_7_BASE OPENBSD_2_8_BASE SMP_BASE
|
#
1.6 |
|
07-Feb-2000 |
itojun |
branches: 1.6.2; fix include file path related to ip6.
|
#
1.5 |
|
04-Feb-2000 |
itojun |
make IPv6 reass work on alpha. NetBSD PR 9340.
|
#
1.4 |
|
08-Jan-2000 |
deraadt |
pull in arc4random() prototype
|
#
1.3 |
|
08-Jan-2000 |
deraadt |
use arc4random() instead of random for two reasons. 1) on some architectures, random() should only be used by the scheduler (ie. statintr() because it is uniformly distributed 2) arc4random() is actually strong, random() is not at all
|
#
1.2 |
|
10-Dec-1999 |
angelos |
Remove remaining unnecessary ifdefs (itojun will hate me for this :-)
|
Revision tags: kame_19991208
|
#
1.1 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|