#
1.118 |
|
13-May-2024 |
jsg |
remove prototypes with no matching function ok mpi@
|
#
1.117 |
|
21-Apr-2024 |
florian |
Implement rule 5.5 of RFC 6724 (Default Address Selection for IPv6)
Rule 5.5: Prefer addresses in a prefix advertised by the next-hop.
For this we have to track the (link-local) address of the advertising router per interface address and compare it with the selected route.
Rule 5.5 is useful in multi-homing setups where we have more than one prefix and default router. We have to use the source address with the correct default gateway otherwise traffic is likely going to be dropped because of BCP 38.
While here refactor in6_update_ifa() a bit to make the code clearer and consistently use (var & flag) instead of (var & flag) != 0.
Patiently reviewed by & OK bluhm.
|
Revision tags: OPENBSD_7_5_BASE
|
#
1.116 |
|
13-Feb-2024 |
bluhm |
Merge struct route and struct route_in6.
Use a common struct route for both inet and inet6. Unfortunately struct sockaddr is shorter than sockaddr_in6, so netinet/in.h has to be exposed from net/route.h. Struct route has to be bsd visible for userland as netstat kvm code inspects inp_route. Internet PCB and TCP SYN cache can use a plain struct route now. All specific sockaddr types for inet and inet6 are embeded there.
OK claudio@
|
#
1.115 |
|
09-Feb-2024 |
bluhm |
Route cache function returns hit or miss.
The route_cache() function can easily return whether it was a cache hit or miss. Then the logic to perform a route lookup gets a bit simpler. Some more complicated if (ro->ro_rt == NULL) checks still exist elsewhere. Also use route cache in in_pcbselsrc() instead of filling struct route manually.
OK claudio@
|
#
1.114 |
|
07-Feb-2024 |
bluhm |
Use the route generation number also for IPv6.
Implement route6_cache() to check whether the cached route is still valid and otherwise fill caching parameter of struct route_in6. Also count cache hits and misses in netstat. in_pcbrtentry() uses route cache now.
OK claudio@
|
#
1.113 |
|
31-Jan-2024 |
bluhm |
Add route generation number to route cache.
The outgoing route is cached at the inpcb. This cache was only invalidated when the socket closes or if the route gets invalid. More specific routes were not detected. Especially with dynamic routing protocols, sockets must be closed and reopened to use the correct route. Running ping during a route change shows the problem.
To solve this, add a route generation number that is updated whenever the routing table changes. The lookup in struct route is put into the route_cache() function. If the generation number is too old, the cached route gets discarded.
Implement route_cache() for ip_output() and ip_forward() first. IPv6 and more places will follow.
OK claudio@
|
#
1.112 |
|
27-Jan-2024 |
bluhm |
Declare address parameter in TCP SYN cache const.
tcp6_ctlinput() casted a constant sockaddr_sin6 to non-const sockaddr. sa6_src may be &sa6_any which lives in read-only data section. Better pass down the const addresses to syn_cache_lookup(). They are needed for hash lookup and are not modified.
OK mvs@
|
#
1.111 |
|
28-Nov-2023 |
bluhm |
Remove struct inpcb from in6_embedscope() parameters.
rip6_output() did modify inp_outputopts6 temporarily to provide different ip6_pktopts to in6_embedscope(). Better pass inp_outputopts6 and inp_moptions6 as separate arguments to in6_embedscope(). Simplify the code that deals with these options in in6_embedscope(). Doucument inp_moptions and inp_moptions6 as protected by net lock.
OK kn@
|
#
1.110 |
|
10-Nov-2023 |
bluhm |
rtable_match() takes constant destination.
For implementing MP safe route lookup, it helps to know which function parameters are constant. Add some const declarations, so that the compiler guarantees that sockaddr dst parameter of rtable_match() does not change.
OK dlg@
|
Revision tags: OPENBSD_7_0_BASE OPENBSD_7_1_BASE OPENBSD_7_2_BASE OPENBSD_7_3_BASE OPENBSD_7_4_BASE
|
#
1.109 |
|
02-Jun-2021 |
dlg |
factor out the code that does sanity checks on ipv6 headers and addresses.
this will allow these checks to be reused for ip packet inspection in bridge, veb, and tpmr.
ok bluhm@ sashan@
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.108 |
|
10-Mar-2021 |
jsg |
spelling
ok gnezdo@ semarie@ mpi@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.107 |
|
24-Aug-2020 |
gnezdo |
Convert ip6_sysctl to sysctl_bounded_args
Tighter limits and OK by sashan
|
#
1.106 |
|
24-Jun-2020 |
cheloha |
kernel: use gettime(9)/getuptime(9) in lieu of time_second(9)/time_uptime(9)
time_second(9) and time_uptime(9) are widely used in the kernel to quickly get the system UTC or system uptime as a time_t. However, time_t is 64-bit everywhere, so it is not generally safe to use them on 32-bit platforms: you have a split-read problem if your hardware cannot perform atomic 64-bit reads.
This patch replaces time_second(9) with gettime(9), a safer successor interface, throughout the kernel. Similarly, time_uptime(9) is replaced with getuptime(9).
There is a performance cost on 32-bit platforms in exchange for eliminating the split-read problem: instead of two register reads you now have a lockless read loop to pull the values from the timehands. This is really not *too* bad in the grand scheme of things, but compared to what we were doing before it is several times slower.
There is no performance cost on 64-bit (__LP64__) platforms.
With input from visa@, dlg@, and tedu@.
Several bugs squashed by visa@.
ok kettenis@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.105 |
|
11-Nov-2019 |
bluhm |
Kernel is missing propper input validation when configuring IPv6 addresses. Implement in6_sa2sin6() to validate inet6 address family and address length. The SIOCGIFDSTADDR_IN6, SIOCGIFNETMASK_IN6, SIOCGIFAFLAG_IN6, SIOCGIFALIFETIME_IN6, and SIOCDIFADDR_IN6 ioctl(2) are safe now. OK visa@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.104 |
|
22-Apr-2019 |
bluhm |
In in_cksum() and in6_cksum() convert types to C99 style and make both functions consistent. In in_cksum() panic if len is longer than mbuf, but in in6_cksum() do not panic if off and len match exactly to the end of mbuf. OK claudio@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.103 |
|
11-Sep-2018 |
bluhm |
Convert inetctlerrmap to u_char like inet6ctlerrmap. That is also what FreeBSD does. Remove old #if 0 version of inet6ctlerrmap. OK mpi@
|
#
1.102 |
|
07-Jun-2018 |
bluhm |
The global zero addresses must not change, mark them constant. OK tb@ visa@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.101 |
|
10-Feb-2018 |
florian |
Implement RFC 7217: "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration."
"An IPv6 address configured using this method is stable within each subnet, but the corresponding Interface Identifier changes when the host moves from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware addresses."
OK naddy, sthen
|
#
1.100 |
|
20-Nov-2017 |
mpi |
Sprinkle some NET_ASSERT_LOCKED(), const and co to prepare running pr_input handlers without KERNEL_LOCK().
ok visa@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.99 |
|
01-Sep-2017 |
florian |
Use in6_get_rand_ifid() instead of get_last_resort_ifid() and delete the get_last_resort_ifid() function because eww. Also if your system is so constraint that you end up in in6_get_rand_ifid() you don't deserve a random ifid that stays stable over reboots. Simplify code a bit since get_ifid() can no longer fail. It couldn't fail before either because that code path was #if 0'ed. While here sprinkle in some in6_ prefixes, pointed out by stsp. OK stsp
|
#
1.98 |
|
11-Aug-2017 |
bluhm |
Validate sockaddr from userland in central functions. This results in common checks for unix, inet, inet6 instead of partial checks here and there. Some checks are already done at a higher layer, but better be paranoid with user input. OK claudio@ millert@
|
#
1.97 |
|
13-Jul-2017 |
florian |
Get rid of ip6.maxifprefixes and ip6.maxifdefrouters, the kernel no longer tracks prefixes or default routers from router advertisements. Pointed out by jmc. ports tree grepping sthen, who only found nsh OK mpi, sthen
|
#
1.96 |
|
30-May-2017 |
mpi |
Keep ipv6_input() definition inside _KERNEL.
Unbreak userland, found the hardway by deraadt@
|
#
1.95 |
|
30-May-2017 |
mpi |
Introduce ipv{4,6}_input(), two wrappers around IP queues.
This will help transitionning to an un-KERNEL_LOCK()ed IP forwarding path.
Disucssed with bluhm@, ok claudio@
|
#
1.94 |
|
04-May-2017 |
bluhm |
Introduce sstosa() for converting sockaddr_storage with a type safe inline function instead of casting it to sockaddr. While there, use inline instead of __inline for all these conversions. Some struct sockaddr casts can be avoided completely. OK dhill@ mpi@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.93 |
|
22-Feb-2017 |
renato |
Fix comments about a few ipv6 sockoptions
OK millert@ florian@
|
#
1.92 |
|
22-Dec-2016 |
rzalamena |
Remove PIM support from the multicast stack.
ok mpi@
|
#
1.91 |
|
03-Oct-2016 |
mpi |
Convert some of the remaining usages of time_second to time_uptime.
time_second is unix time so it can be affected by clock changes. time_uptime is monotonic so it isnt affected by clock changes. that in turn means route expiries wont jump with clock changes if set against time_uptime.
the expiry is translated into unix time for export to userland though.
Should fix mismatch between route timers that were already converted and ND default routers that were still using time_second.
Tested by matthieu@ and sthen@
ok sthen@, dlg@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.90 |
|
27-Jun-2016 |
jca |
Implement IPV6_MINHOPCOUNT support.
Useful to implement GTSM support in daemons such as bgpd(8). Diff from 2013 revived by renato@. Input from bluhm@, ok bluhm@ deraadt@
|
#
1.89 |
|
01-Jun-2016 |
jca |
Kill sysctl net.inet6.ip6.rr_prune
We don't support Router Renumbering and there are no plans to change that. ok mpi@
|
#
1.88 |
|
19-May-2016 |
jca |
Remove sysctl net.inet6.ip6.v6only
This sysctl is a no-op, read-only since it was introduced. There are no plans to support IPv4-mapped addresses on OpenBSD, thus this sysctl is meaningless.
Noticed by djm@, ok claudio@ mpi@ sthen@ henning@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.87 |
|
03-Dec-2015 |
tedu |
rm unused kernel only IPV6_RECVRTHDRDSTOPTS sockopt. ok deraadt sthen
|
#
1.86 |
|
29-Oct-2015 |
tedu |
RFC 2292 API support was removed 9 years ago, but left in a binary compat ABI form for the sake of existing programs. no programs from that era have been able to run for quite some time. Kill it all. ok deraadt florian millert mpi (I believe this is my first IPv6 diff. Future, here I come!)
|
#
1.85 |
|
11-Sep-2015 |
claudio |
in6_embedscope() needs to lose some weight. Remove the last argument. In all but two calls NULL is passed and in the other 2 cases the ifp is only used to maybe feed it to in6_selecthlim() to select the hoplimit for the link. Since in6_embedscope() only works on link-local addresses it does not matter what hop limit we select since the destination is directly reachable. OK florian@ mpi@
|
#
1.84 |
|
10-Sep-2015 |
claudio |
It is time to put inet6 on a diet. Use the flensing knife and cut out the 3rd argument of in6_recoverscope() and make it return void. OK dlg@ mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.83 |
|
08-Jun-2015 |
krw |
More damned eye searing whitespace. No change to .o files.
|
#
1.82 |
|
14-Apr-2015 |
mikeb |
ip6_sprintf is long gone; noticed by blambert
|
#
1.81 |
|
10-Apr-2015 |
dlg |
replace the use of ifqueues for most input queues serviced by netisr with niqueues.
this change is so big because there's a lot of code that takes pointers to different input queues (eg, ether_input picks between ipv4, ipv6, pppoe, arp, and mpls input queues) and falls through to code to enqueue packets against the pointer. if i changed only one of the input queues id have to add sepearate code paths, one for ifqueues and one for niqueues in each of these places
by flipping all these input queues at once i can keep the currently common code common.
testing by mpi@ sthen@ and rafael zalamena ok mpi@ sthen@ claudio@ henning@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.80 |
|
09-Feb-2015 |
claudio |
Implement 2 sysctl to retrieve the multicast forwarding cache (mf6c) and the multicast interface table (mif6). Will be used by netstat soon. Looked over by guenther@
|
#
1.79 |
|
09-Feb-2015 |
dlg |
provide a net.inet6.ip6.ifq sysctl so people can see and fiddle with the ip6intrq.
ok claudio@
|
#
1.78 |
|
10-Jan-2015 |
mpi |
Correct some comments and merge in6_if_up() into in6_ifattach() to reflect that IPv6 link-local addresses are no longer automagically configured the first time an interface is brought up.
ok henning@, stsp@
|
#
1.77 |
|
05-Dec-2014 |
mpi |
Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.
ok mikeb@, krw@, bluhm@, tedu@
|
#
1.76 |
|
20-Nov-2014 |
mpi |
What have no need for a variable that holds the maximum MTU size of interfaces with an IPv6 address.
ok henning@, mikeb@, deraadt@
|
#
1.75 |
|
31-Aug-2014 |
bluhm |
Make the in6addr constant declarations and definitions consistent in kernel and user land. OK florian@ mpi@
|
#
1.74 |
|
26-Aug-2014 |
florian |
Do not hand-roll all routers link local address. pointed out & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.73 |
|
11-Jul-2014 |
henning |
introduce the IFXF_AUTOCONF6 interface flag which controls wether we accept rtadvs on that interface. the global net.inet6.ip6.accept_rtadv sysctl just doesn't cut it, even tho the spec wants that - but in their little absurd world, a host just has one interface by definition anyway... the sysctlgoes away. lots of head scratching, brain cell elemination etc from bluhm benno stsp florian, excitement from simon and todd, ok bluhm stsp benno florian
|
#
1.72 |
|
13-Jun-2014 |
chrisz |
Remove deprecated RFC2292 ancillary data convenience functions. They are obsoleted by the RFC3542 api.
ok mpi@
|
#
1.71 |
|
20-Apr-2014 |
naddy |
move in6_cksum_phdr from in6.h to ip6_output.c to mirror in_cksum_phdr ok henning@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.70 |
|
22-Jan-2014 |
naddy |
Split the checksum calculation for IPv6 like for IPv4: Always calculate the pseudo-header checksum. Complete the checksum if hardware offload is not available.
Parts originally from NetBSD; ok henning@
|
#
1.69 |
|
28-Oct-2013 |
deraadt |
kill kame version symbols and sysctl ports tree grep run by sthen
|
#
1.68 |
|
24-Oct-2013 |
mpi |
Remove the number of in6_var.h inclusions by moving some functions and global variables to in6.h.
ok deraadt@
|
#
1.67 |
|
24-Oct-2013 |
deraadt |
Significant namespace cleanup of netinet6 symbols.
One worrying bit is in icmp6.h where some htols() and htonl() are added, which may affect compatibility down the line. This component can be reverted if issues show up. Ports tree greps indicate no issue.
ok claudio mpi etc
|
#
1.66 |
|
21-Oct-2013 |
deraadt |
There are gasps of shock! Add a pmtu delay sysctl BUTTON for netinet6, making the code the same as netinet4 along the way. ok bluhm phessler
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.65 |
|
26-Jun-2013 |
henning |
put the cksum diff back, of course with the bug fixed where we could under some circumstances repair broken checksums on the way. ok ryan naddy mikeb . redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers.
|
#
1.64 |
|
28-Mar-2013 |
bluhm |
Convert the satosin, sintosa, ifatoia, satosin6, sin6tosa, ifatoia6 defines into static inline functions. This allows the compiler to check the source type before casting. liked by many; OK mpi@ haesbaert@
|
#
1.63 |
|
14-Mar-2013 |
mpi |
My lack of faith... These lines should stay, reported by ajacoutot@.
ok sthen@
|
#
1.62 |
|
14-Mar-2013 |
mpi |
tedu faith(4), suggested by todd@ some weeks ago after a submission by dhill.
ok krw@, mikeb@, tedu@ (implicit)
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.61 |
|
06-Nov-2012 |
henning |
backout csum diff for the moment, requested by theo
|
#
1.60 |
|
01-Nov-2012 |
henning |
redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers. ok camield sthen claudio, testing by many, thanks!
|
#
1.59 |
|
17-Sep-2012 |
yasuoka |
add IPV6_RECVDSTPORT socket option, which enables us to get original (= before divert) destination port of a UDP packet. The way to use this option is same as IP_RECVDSTPORT.
from UMEZAWA Takeshi tweaks from jmc; ok henning bluhm
|
#
1.58 |
|
15-Sep-2012 |
guenther |
Improve POSIX/SUS compliance of <netdb.h>, <sys/socket.h>, and <sys/un.h>.
Much ports testing of various versions by naddy@ and jasper@ ok matthew@, miller@
|
Revision tags: OPENBSD_5_2_BASE
|
#
1.57 |
|
10-Jul-2012 |
guenther |
Instead of <arpa/inet.h> pulling in <netinet/in.h>, just copy in the three things that it needed from there: INET_ADDRSTRLEN, INET6_ADDRSTRLEN, and struct in_addr. Add protecting #ifndefs to netinet6?/in6?.h for those.
ok deraadt@
|
#
1.56 |
|
26-Jun-2012 |
guenther |
Improve compliance for <arpa/inet.h> and <netinet/in.h> to define/declare all the symbols that POSIX says they must and fewer that they can't and, most importantly, to not require a specific ordering of headers.
ports testing by naddy@ ok millert@ deraadt@
|
Revision tags: OPENBSD_5_1_BASE
|
#
1.55 |
|
24-Nov-2011 |
sperreault |
rdomain support for IPv6 ok mikeb
|
#
1.54 |
|
13-Oct-2011 |
claudio |
Since the IPv6 madness is not enough introduce NAT64 -- which is actually "af-to" a generic IP version translator for pf(4). Not everything perfect yet but lets fix these things in the tree. Insane amount of work done by sperreault@, mikeb@ and reyk@. Looked over by mcbride@ henning@ and myself at eurobsdcon. OK mcbride@ and general put it in from deraadt@
|
Revision tags: OPENBSD_5_0_BASE
|
#
1.53 |
|
02-May-2011 |
mikeb |
recognize SO_RTABLE socket option at the SOL_SOCKET level; discussed with and ok claudio
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.52 |
|
23-Sep-2010 |
yasuoka |
add a new IP level socket option IP_PIPEX. This option is used for L2TP support by pipex. OK henning@, "Carry on" blambert@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.51 |
|
08-Jul-2010 |
jsg |
remove some unused netinet6 code ok stsp@ henning@ claudio@
|
#
1.50 |
|
07-May-2010 |
claudio |
Start cleaning up the mess called rtalloc*. Kill rtalloc2, make rtalloc1 accept flags for report and nocloning. Move the rtableid into struct route (with a minor twist for now) and make a few more codepathes rdomain aware. Appart from the pf.c and route.c bits the diff is mostly mechanical. More to come... OK michele, henning
|
#
1.49 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.48 |
|
05-Nov-2009 |
michele |
IPv6 support for divert sockets.
tested by phessler@ pyr@ ok claudio@ "go ahead" deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.47 |
|
25-Nov-2008 |
markus |
delay /etc/netstart until IPv6-DAD (dup-address-detection) is completed. ok fries, hshoexer, claudio
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.46 |
|
11-Jun-2008 |
mcbride |
From KAME, allow adjustable limits on NDP entries and discovered routes.
ok mpf naddy
|
#
1.45 |
|
09-Mar-2008 |
sobrado |
use the right capitalization for platform names
ok jsing@
|
Revision tags: OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.44 |
|
22-Jan-2007 |
miod |
Fix KAME cvsweb urls
|
#
1.43 |
|
09-Dec-2006 |
itojun |
switch IPv6 advanced API from RFC2292 to RFC3542 (2292 is superseded by 3542). the kernel still handles RFC2292 set/getsockopts, so that compiled binary has no trouble running. userland sees RFC3542 symbols only on header file so new code has to use RFC3542 API.
bump libc shlib minor for function additions.
tested on i386/amd64 by jmc, i386 by brad. checked by deraadt.
|
#
1.42 |
|
21-Nov-2006 |
itojun |
introduce sysctl net.inet6.ip6.multicast_mtudisc (for multicast routers). deraadt ok. manpage nit by jmc.
|
#
1.41 |
|
17-Nov-2006 |
itojun |
move comment to a line where it makes more sense
|
#
1.40 |
|
17-Nov-2006 |
itojun |
change semantics of ff01::/16 to interface local multicast (to sync up with more recent IPv6 spec)
ok from: deraadt mcbride
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.39 |
|
18-Jun-2006 |
pascoe |
Add support for equal-cost multipath IP.
To minimise path disruptions, this implements recommendations made in RFC2992 - the hash-threshold mechanism to select paths based on source/destination IP address pairs, and inserts multipath routes in the middle of the route table.
To enable multipath distribution, use: sysctl net.inet.ip.multipath=1 and/or: sysctl net.inet6.ip6.multipath=1
testing norby@ ok claudio@ henning@ hshoexer@
|
#
1.38 |
|
27-May-2006 |
claudio |
Do the same thing as for IPv4. Use a sysctl to enable/disable mfrowarding and additionaly make the code part of the MROUTING option. Put it in deraadt@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.37 |
|
13-Dec-2005 |
millert |
First step in include files overhaul. Use __FOO_VISIBLE (as defined in sys/cdefs.h) instead of _FOO_SOURCE. Also fix several namespace pollution issues, including the byte order defines. OK deraadt@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.36 |
|
21-Jun-2004 |
tholo |
First step towards more sane time handling in the kernel -- this changes things such that code that only need a second-resolution uptime or wall time, and used to get that from time.tv_secs or mono_time.tv_secs now get this from separate time_t globals time_second and time_uptime.
ok art@ niklas@ nordin@
|
Revision tags: SMP_SYNC_A
|
#
1.35 |
|
12-Jun-2004 |
itojun |
support IPV6_USE_MIN_MTU, to make BIND9 better. (sorry about the mess yesterday)
|
#
1.34 |
|
11-Jun-2004 |
deraadt |
back out tree breakage. Like, come on
|
#
1.33 |
|
11-Jun-2004 |
itojun |
support IPV6_USE_MIN_MTU, which is needed to run BIND9 well. from kame markus ok
|
Revision tags: OPENBSD_3_5_BASE SMP_SYNC_B
|
#
1.32 |
|
15-Feb-2004 |
markus |
switch to sysctl_int_arr(); ok itojun, henning, miod, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.31 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_A UBC_SYNC_B
|
#
1.30 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.29 |
|
07-Jun-2002 |
itojun |
mistake in sysctl table
|
#
1.28 |
|
07-Jun-2002 |
itojun |
just for consistency/compatibility, have net.inet6.ip6.v6only sysctl MIB, as well as set/getsockopt(IPV6_V6ONLY).
|
#
1.27 |
|
28-May-2002 |
itojun |
limit number of IPv6 fragments (not the fragment queue size) to fight against lots-of-frags DoS attacks. sync w/kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.26 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.25 |
|
07-Dec-2001 |
itojun |
branches: 1.25.2; whitespace/comment sync with kame
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.24 |
|
19-Sep-2001 |
itojun |
comment; sockopt # 57-59 are also reserved
|
#
1.23 |
|
22-Aug-2001 |
niklas |
Add IPCOMP setsockopt policy controls. While here fix the other policies too
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.22 |
|
30-Mar-2001 |
itojun |
fix constness of IN6_{IS,ARE}_xx macros to conform to RFC2553. sync with kame.
|
#
1.21 |
|
02-Mar-2001 |
itojun |
remove date string from KAME version identification, it is getting meaningless as we merge random items daily. have comment that refers to kame COVERAGE document. sync with kame
|
#
1.20 |
|
16-Feb-2001 |
itojun |
get rid of #ifdef IPV6FIREWALL (never used, will never be used)
|
#
1.19 |
|
16-Feb-2001 |
itojun |
pull in new pcb notification code from kame. better handling of scope address.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.18 |
|
17-Oct-2000 |
itojun |
use __P() in prototype for non-ansi compilers. From: Michael Shalayeff <mickey@lucifier.remote.dti.net>
|
#
1.17 |
|
27-Aug-2000 |
itojun |
move IPv6 IPsec sysctl # downward, to avoid number conflict in *BSD. angelos ok
|
#
1.16 |
|
16-Jul-2000 |
itojun |
don't pull sys/queue.h in. sync better with kame.
|
#
1.15 |
|
25-Jun-2000 |
aaron |
Fix typo; ds@ds.primasoft.bg
|
#
1.14 |
|
18-Jun-2000 |
itojun |
allow IPsec-related get/setsockopt on IPv6 socket. due to number conflict they must be IPV6_xx instead of IP_xx.
actually, since in_ctloutput() does not check address family of inpcb, getsockopt(IPPROTO_IP, IP_xx) may work - never tested this.
|
#
1.13 |
|
25-May-2000 |
itojun |
net.inet.ip.gif_ttl (and IPv6 counterpart) is never used. enforce type checking on IN6_ARE_ADDR_EQUAL.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.12 |
|
28-Feb-2000 |
itojun |
bring in recent KAME changes (only important and stable ones, as usual). - remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works just like "arp -s". - revise source address selection. be more careful about use of yet-to-be-valid addresses as source. - as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope packet forwarding attempt. - path MTU discovery takes care of routing header properly. - be more strict about mbuf chain parsing. - nuke xxCTL_VARS #define, they are for BSDI. - disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit IPv6 model where multiple address on interface is normal. (kernel side supports them for a while for backward compat, the support will be nuked shortly) - introduce "default outgoing interface" (for spec conformance in very rare case)
|
#
1.11 |
|
19-Feb-2000 |
deraadt |
use more modern types
|
Revision tags: SMP_BASE
|
#
1.10 |
|
09-Feb-2000 |
itojun |
branches: 1.10.2; improve RFC2553/2292 conformance. netinet6/{ip6,icmp6,in6}.h should not be included. neitnet6/{ip6,icmp6}.h includes #error statements only - i'll remove them couple of days later.
|
#
1.9 |
|
10-Dec-1999 |
angelos |
Add RCS tags, remove unused header files and code, remove a few unnecessary ifdefs...
|
Revision tags: kame_19991208
|
#
1.8 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
Revision tags: OPENBSD_2_5_BASE OPENBSD_2_6_BASE
|
#
1.7 |
|
24-Mar-1999 |
cmetz |
Replace 'in6a_words' (old NRL convention) with 's6_addr32' (new BSDI et al. convention that is more common and more specific as to the access size)
|
#
1.6 |
|
09-Mar-1999 |
cmetz |
Demangled the INET6 stuff so as not to require any extra options and not to be mutually exclusive with the IPSEC option.
|
#
1.5 |
|
24-Feb-1999 |
cmetz |
Synchronized changes needed to integrate into OpenBSD with the NRL source tree so we can have a unified netinet6 directory.
|
#
1.4 |
|
11-Jan-1999 |
deraadt |
_KERNEL, and other cleanup
|
#
1.3 |
|
10-Jan-1999 |
deraadt |
merge INPROTO_* tables
|
#
1.2 |
|
08-Jan-1999 |
deraadt |
use _KERNEL, add ipv6intrq decl
|
#
1.1 |
|
07-Jan-1999 |
deraadt |
missed file
|
#
1.117 |
|
21-Apr-2024 |
florian |
Implement rule 5.5 of RFC 6724 (Default Address Selection for IPv6)
Rule 5.5: Prefer addresses in a prefix advertised by the next-hop.
For this we have to track the (link-local) address of the advertising router per interface address and compare it with the selected route.
Rule 5.5 is useful in multi-homing setups where we have more than one prefix and default router. We have to use the source address with the correct default gateway otherwise traffic is likely going to be dropped because of BCP 38.
While here refactor in6_update_ifa() a bit to make the code clearer and consistently use (var & flag) instead of (var & flag) != 0.
Patiently reviewed by & OK bluhm.
|
Revision tags: OPENBSD_7_5_BASE
|
#
1.116 |
|
13-Feb-2024 |
bluhm |
Merge struct route and struct route_in6.
Use a common struct route for both inet and inet6. Unfortunately struct sockaddr is shorter than sockaddr_in6, so netinet/in.h has to be exposed from net/route.h. Struct route has to be bsd visible for userland as netstat kvm code inspects inp_route. Internet PCB and TCP SYN cache can use a plain struct route now. All specific sockaddr types for inet and inet6 are embeded there.
OK claudio@
|
#
1.115 |
|
09-Feb-2024 |
bluhm |
Route cache function returns hit or miss.
The route_cache() function can easily return whether it was a cache hit or miss. Then the logic to perform a route lookup gets a bit simpler. Some more complicated if (ro->ro_rt == NULL) checks still exist elsewhere. Also use route cache in in_pcbselsrc() instead of filling struct route manually.
OK claudio@
|
#
1.114 |
|
07-Feb-2024 |
bluhm |
Use the route generation number also for IPv6.
Implement route6_cache() to check whether the cached route is still valid and otherwise fill caching parameter of struct route_in6. Also count cache hits and misses in netstat. in_pcbrtentry() uses route cache now.
OK claudio@
|
#
1.113 |
|
31-Jan-2024 |
bluhm |
Add route generation number to route cache.
The outgoing route is cached at the inpcb. This cache was only invalidated when the socket closes or if the route gets invalid. More specific routes were not detected. Especially with dynamic routing protocols, sockets must be closed and reopened to use the correct route. Running ping during a route change shows the problem.
To solve this, add a route generation number that is updated whenever the routing table changes. The lookup in struct route is put into the route_cache() function. If the generation number is too old, the cached route gets discarded.
Implement route_cache() for ip_output() and ip_forward() first. IPv6 and more places will follow.
OK claudio@
|
#
1.112 |
|
27-Jan-2024 |
bluhm |
Declare address parameter in TCP SYN cache const.
tcp6_ctlinput() casted a constant sockaddr_sin6 to non-const sockaddr. sa6_src may be &sa6_any which lives in read-only data section. Better pass down the const addresses to syn_cache_lookup(). They are needed for hash lookup and are not modified.
OK mvs@
|
#
1.111 |
|
28-Nov-2023 |
bluhm |
Remove struct inpcb from in6_embedscope() parameters.
rip6_output() did modify inp_outputopts6 temporarily to provide different ip6_pktopts to in6_embedscope(). Better pass inp_outputopts6 and inp_moptions6 as separate arguments to in6_embedscope(). Simplify the code that deals with these options in in6_embedscope(). Doucument inp_moptions and inp_moptions6 as protected by net lock.
OK kn@
|
#
1.110 |
|
10-Nov-2023 |
bluhm |
rtable_match() takes constant destination.
For implementing MP safe route lookup, it helps to know which function parameters are constant. Add some const declarations, so that the compiler guarantees that sockaddr dst parameter of rtable_match() does not change.
OK dlg@
|
Revision tags: OPENBSD_7_0_BASE OPENBSD_7_1_BASE OPENBSD_7_2_BASE OPENBSD_7_3_BASE OPENBSD_7_4_BASE
|
#
1.109 |
|
02-Jun-2021 |
dlg |
factor out the code that does sanity checks on ipv6 headers and addresses.
this will allow these checks to be reused for ip packet inspection in bridge, veb, and tpmr.
ok bluhm@ sashan@
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.108 |
|
10-Mar-2021 |
jsg |
spelling
ok gnezdo@ semarie@ mpi@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.107 |
|
24-Aug-2020 |
gnezdo |
Convert ip6_sysctl to sysctl_bounded_args
Tighter limits and OK by sashan
|
#
1.106 |
|
24-Jun-2020 |
cheloha |
kernel: use gettime(9)/getuptime(9) in lieu of time_second(9)/time_uptime(9)
time_second(9) and time_uptime(9) are widely used in the kernel to quickly get the system UTC or system uptime as a time_t. However, time_t is 64-bit everywhere, so it is not generally safe to use them on 32-bit platforms: you have a split-read problem if your hardware cannot perform atomic 64-bit reads.
This patch replaces time_second(9) with gettime(9), a safer successor interface, throughout the kernel. Similarly, time_uptime(9) is replaced with getuptime(9).
There is a performance cost on 32-bit platforms in exchange for eliminating the split-read problem: instead of two register reads you now have a lockless read loop to pull the values from the timehands. This is really not *too* bad in the grand scheme of things, but compared to what we were doing before it is several times slower.
There is no performance cost on 64-bit (__LP64__) platforms.
With input from visa@, dlg@, and tedu@.
Several bugs squashed by visa@.
ok kettenis@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.105 |
|
11-Nov-2019 |
bluhm |
Kernel is missing propper input validation when configuring IPv6 addresses. Implement in6_sa2sin6() to validate inet6 address family and address length. The SIOCGIFDSTADDR_IN6, SIOCGIFNETMASK_IN6, SIOCGIFAFLAG_IN6, SIOCGIFALIFETIME_IN6, and SIOCDIFADDR_IN6 ioctl(2) are safe now. OK visa@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.104 |
|
22-Apr-2019 |
bluhm |
In in_cksum() and in6_cksum() convert types to C99 style and make both functions consistent. In in_cksum() panic if len is longer than mbuf, but in in6_cksum() do not panic if off and len match exactly to the end of mbuf. OK claudio@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.103 |
|
11-Sep-2018 |
bluhm |
Convert inetctlerrmap to u_char like inet6ctlerrmap. That is also what FreeBSD does. Remove old #if 0 version of inet6ctlerrmap. OK mpi@
|
#
1.102 |
|
07-Jun-2018 |
bluhm |
The global zero addresses must not change, mark them constant. OK tb@ visa@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.101 |
|
10-Feb-2018 |
florian |
Implement RFC 7217: "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration."
"An IPv6 address configured using this method is stable within each subnet, but the corresponding Interface Identifier changes when the host moves from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware addresses."
OK naddy, sthen
|
#
1.100 |
|
20-Nov-2017 |
mpi |
Sprinkle some NET_ASSERT_LOCKED(), const and co to prepare running pr_input handlers without KERNEL_LOCK().
ok visa@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.99 |
|
01-Sep-2017 |
florian |
Use in6_get_rand_ifid() instead of get_last_resort_ifid() and delete the get_last_resort_ifid() function because eww. Also if your system is so constraint that you end up in in6_get_rand_ifid() you don't deserve a random ifid that stays stable over reboots. Simplify code a bit since get_ifid() can no longer fail. It couldn't fail before either because that code path was #if 0'ed. While here sprinkle in some in6_ prefixes, pointed out by stsp. OK stsp
|
#
1.98 |
|
11-Aug-2017 |
bluhm |
Validate sockaddr from userland in central functions. This results in common checks for unix, inet, inet6 instead of partial checks here and there. Some checks are already done at a higher layer, but better be paranoid with user input. OK claudio@ millert@
|
#
1.97 |
|
13-Jul-2017 |
florian |
Get rid of ip6.maxifprefixes and ip6.maxifdefrouters, the kernel no longer tracks prefixes or default routers from router advertisements. Pointed out by jmc. ports tree grepping sthen, who only found nsh OK mpi, sthen
|
#
1.96 |
|
30-May-2017 |
mpi |
Keep ipv6_input() definition inside _KERNEL.
Unbreak userland, found the hardway by deraadt@
|
#
1.95 |
|
30-May-2017 |
mpi |
Introduce ipv{4,6}_input(), two wrappers around IP queues.
This will help transitionning to an un-KERNEL_LOCK()ed IP forwarding path.
Disucssed with bluhm@, ok claudio@
|
#
1.94 |
|
04-May-2017 |
bluhm |
Introduce sstosa() for converting sockaddr_storage with a type safe inline function instead of casting it to sockaddr. While there, use inline instead of __inline for all these conversions. Some struct sockaddr casts can be avoided completely. OK dhill@ mpi@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.93 |
|
22-Feb-2017 |
renato |
Fix comments about a few ipv6 sockoptions
OK millert@ florian@
|
#
1.92 |
|
22-Dec-2016 |
rzalamena |
Remove PIM support from the multicast stack.
ok mpi@
|
#
1.91 |
|
03-Oct-2016 |
mpi |
Convert some of the remaining usages of time_second to time_uptime.
time_second is unix time so it can be affected by clock changes. time_uptime is monotonic so it isnt affected by clock changes. that in turn means route expiries wont jump with clock changes if set against time_uptime.
the expiry is translated into unix time for export to userland though.
Should fix mismatch between route timers that were already converted and ND default routers that were still using time_second.
Tested by matthieu@ and sthen@
ok sthen@, dlg@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.90 |
|
27-Jun-2016 |
jca |
Implement IPV6_MINHOPCOUNT support.
Useful to implement GTSM support in daemons such as bgpd(8). Diff from 2013 revived by renato@. Input from bluhm@, ok bluhm@ deraadt@
|
#
1.89 |
|
01-Jun-2016 |
jca |
Kill sysctl net.inet6.ip6.rr_prune
We don't support Router Renumbering and there are no plans to change that. ok mpi@
|
#
1.88 |
|
19-May-2016 |
jca |
Remove sysctl net.inet6.ip6.v6only
This sysctl is a no-op, read-only since it was introduced. There are no plans to support IPv4-mapped addresses on OpenBSD, thus this sysctl is meaningless.
Noticed by djm@, ok claudio@ mpi@ sthen@ henning@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.87 |
|
03-Dec-2015 |
tedu |
rm unused kernel only IPV6_RECVRTHDRDSTOPTS sockopt. ok deraadt sthen
|
#
1.86 |
|
29-Oct-2015 |
tedu |
RFC 2292 API support was removed 9 years ago, but left in a binary compat ABI form for the sake of existing programs. no programs from that era have been able to run for quite some time. Kill it all. ok deraadt florian millert mpi (I believe this is my first IPv6 diff. Future, here I come!)
|
#
1.85 |
|
11-Sep-2015 |
claudio |
in6_embedscope() needs to lose some weight. Remove the last argument. In all but two calls NULL is passed and in the other 2 cases the ifp is only used to maybe feed it to in6_selecthlim() to select the hoplimit for the link. Since in6_embedscope() only works on link-local addresses it does not matter what hop limit we select since the destination is directly reachable. OK florian@ mpi@
|
#
1.84 |
|
10-Sep-2015 |
claudio |
It is time to put inet6 on a diet. Use the flensing knife and cut out the 3rd argument of in6_recoverscope() and make it return void. OK dlg@ mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.83 |
|
08-Jun-2015 |
krw |
More damned eye searing whitespace. No change to .o files.
|
#
1.82 |
|
14-Apr-2015 |
mikeb |
ip6_sprintf is long gone; noticed by blambert
|
#
1.81 |
|
10-Apr-2015 |
dlg |
replace the use of ifqueues for most input queues serviced by netisr with niqueues.
this change is so big because there's a lot of code that takes pointers to different input queues (eg, ether_input picks between ipv4, ipv6, pppoe, arp, and mpls input queues) and falls through to code to enqueue packets against the pointer. if i changed only one of the input queues id have to add sepearate code paths, one for ifqueues and one for niqueues in each of these places
by flipping all these input queues at once i can keep the currently common code common.
testing by mpi@ sthen@ and rafael zalamena ok mpi@ sthen@ claudio@ henning@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.80 |
|
09-Feb-2015 |
claudio |
Implement 2 sysctl to retrieve the multicast forwarding cache (mf6c) and the multicast interface table (mif6). Will be used by netstat soon. Looked over by guenther@
|
#
1.79 |
|
09-Feb-2015 |
dlg |
provide a net.inet6.ip6.ifq sysctl so people can see and fiddle with the ip6intrq.
ok claudio@
|
#
1.78 |
|
10-Jan-2015 |
mpi |
Correct some comments and merge in6_if_up() into in6_ifattach() to reflect that IPv6 link-local addresses are no longer automagically configured the first time an interface is brought up.
ok henning@, stsp@
|
#
1.77 |
|
05-Dec-2014 |
mpi |
Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.
ok mikeb@, krw@, bluhm@, tedu@
|
#
1.76 |
|
20-Nov-2014 |
mpi |
What have no need for a variable that holds the maximum MTU size of interfaces with an IPv6 address.
ok henning@, mikeb@, deraadt@
|
#
1.75 |
|
31-Aug-2014 |
bluhm |
Make the in6addr constant declarations and definitions consistent in kernel and user land. OK florian@ mpi@
|
#
1.74 |
|
26-Aug-2014 |
florian |
Do not hand-roll all routers link local address. pointed out & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.73 |
|
11-Jul-2014 |
henning |
introduce the IFXF_AUTOCONF6 interface flag which controls wether we accept rtadvs on that interface. the global net.inet6.ip6.accept_rtadv sysctl just doesn't cut it, even tho the spec wants that - but in their little absurd world, a host just has one interface by definition anyway... the sysctlgoes away. lots of head scratching, brain cell elemination etc from bluhm benno stsp florian, excitement from simon and todd, ok bluhm stsp benno florian
|
#
1.72 |
|
13-Jun-2014 |
chrisz |
Remove deprecated RFC2292 ancillary data convenience functions. They are obsoleted by the RFC3542 api.
ok mpi@
|
#
1.71 |
|
20-Apr-2014 |
naddy |
move in6_cksum_phdr from in6.h to ip6_output.c to mirror in_cksum_phdr ok henning@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.70 |
|
22-Jan-2014 |
naddy |
Split the checksum calculation for IPv6 like for IPv4: Always calculate the pseudo-header checksum. Complete the checksum if hardware offload is not available.
Parts originally from NetBSD; ok henning@
|
#
1.69 |
|
28-Oct-2013 |
deraadt |
kill kame version symbols and sysctl ports tree grep run by sthen
|
#
1.68 |
|
24-Oct-2013 |
mpi |
Remove the number of in6_var.h inclusions by moving some functions and global variables to in6.h.
ok deraadt@
|
#
1.67 |
|
24-Oct-2013 |
deraadt |
Significant namespace cleanup of netinet6 symbols.
One worrying bit is in icmp6.h where some htols() and htonl() are added, which may affect compatibility down the line. This component can be reverted if issues show up. Ports tree greps indicate no issue.
ok claudio mpi etc
|
#
1.66 |
|
21-Oct-2013 |
deraadt |
There are gasps of shock! Add a pmtu delay sysctl BUTTON for netinet6, making the code the same as netinet4 along the way. ok bluhm phessler
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.65 |
|
26-Jun-2013 |
henning |
put the cksum diff back, of course with the bug fixed where we could under some circumstances repair broken checksums on the way. ok ryan naddy mikeb . redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers.
|
#
1.64 |
|
28-Mar-2013 |
bluhm |
Convert the satosin, sintosa, ifatoia, satosin6, sin6tosa, ifatoia6 defines into static inline functions. This allows the compiler to check the source type before casting. liked by many; OK mpi@ haesbaert@
|
#
1.63 |
|
14-Mar-2013 |
mpi |
My lack of faith... These lines should stay, reported by ajacoutot@.
ok sthen@
|
#
1.62 |
|
14-Mar-2013 |
mpi |
tedu faith(4), suggested by todd@ some weeks ago after a submission by dhill.
ok krw@, mikeb@, tedu@ (implicit)
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.61 |
|
06-Nov-2012 |
henning |
backout csum diff for the moment, requested by theo
|
#
1.60 |
|
01-Nov-2012 |
henning |
redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers. ok camield sthen claudio, testing by many, thanks!
|
#
1.59 |
|
17-Sep-2012 |
yasuoka |
add IPV6_RECVDSTPORT socket option, which enables us to get original (= before divert) destination port of a UDP packet. The way to use this option is same as IP_RECVDSTPORT.
from UMEZAWA Takeshi tweaks from jmc; ok henning bluhm
|
#
1.58 |
|
15-Sep-2012 |
guenther |
Improve POSIX/SUS compliance of <netdb.h>, <sys/socket.h>, and <sys/un.h>.
Much ports testing of various versions by naddy@ and jasper@ ok matthew@, miller@
|
Revision tags: OPENBSD_5_2_BASE
|
#
1.57 |
|
10-Jul-2012 |
guenther |
Instead of <arpa/inet.h> pulling in <netinet/in.h>, just copy in the three things that it needed from there: INET_ADDRSTRLEN, INET6_ADDRSTRLEN, and struct in_addr. Add protecting #ifndefs to netinet6?/in6?.h for those.
ok deraadt@
|
#
1.56 |
|
26-Jun-2012 |
guenther |
Improve compliance for <arpa/inet.h> and <netinet/in.h> to define/declare all the symbols that POSIX says they must and fewer that they can't and, most importantly, to not require a specific ordering of headers.
ports testing by naddy@ ok millert@ deraadt@
|
Revision tags: OPENBSD_5_1_BASE
|
#
1.55 |
|
24-Nov-2011 |
sperreault |
rdomain support for IPv6 ok mikeb
|
#
1.54 |
|
13-Oct-2011 |
claudio |
Since the IPv6 madness is not enough introduce NAT64 -- which is actually "af-to" a generic IP version translator for pf(4). Not everything perfect yet but lets fix these things in the tree. Insane amount of work done by sperreault@, mikeb@ and reyk@. Looked over by mcbride@ henning@ and myself at eurobsdcon. OK mcbride@ and general put it in from deraadt@
|
Revision tags: OPENBSD_5_0_BASE
|
#
1.53 |
|
02-May-2011 |
mikeb |
recognize SO_RTABLE socket option at the SOL_SOCKET level; discussed with and ok claudio
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.52 |
|
23-Sep-2010 |
yasuoka |
add a new IP level socket option IP_PIPEX. This option is used for L2TP support by pipex. OK henning@, "Carry on" blambert@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.51 |
|
08-Jul-2010 |
jsg |
remove some unused netinet6 code ok stsp@ henning@ claudio@
|
#
1.50 |
|
07-May-2010 |
claudio |
Start cleaning up the mess called rtalloc*. Kill rtalloc2, make rtalloc1 accept flags for report and nocloning. Move the rtableid into struct route (with a minor twist for now) and make a few more codepathes rdomain aware. Appart from the pf.c and route.c bits the diff is mostly mechanical. More to come... OK michele, henning
|
#
1.49 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.48 |
|
05-Nov-2009 |
michele |
IPv6 support for divert sockets.
tested by phessler@ pyr@ ok claudio@ "go ahead" deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.47 |
|
25-Nov-2008 |
markus |
delay /etc/netstart until IPv6-DAD (dup-address-detection) is completed. ok fries, hshoexer, claudio
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.46 |
|
11-Jun-2008 |
mcbride |
From KAME, allow adjustable limits on NDP entries and discovered routes.
ok mpf naddy
|
#
1.45 |
|
09-Mar-2008 |
sobrado |
use the right capitalization for platform names
ok jsing@
|
Revision tags: OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.44 |
|
22-Jan-2007 |
miod |
Fix KAME cvsweb urls
|
#
1.43 |
|
09-Dec-2006 |
itojun |
switch IPv6 advanced API from RFC2292 to RFC3542 (2292 is superseded by 3542). the kernel still handles RFC2292 set/getsockopts, so that compiled binary has no trouble running. userland sees RFC3542 symbols only on header file so new code has to use RFC3542 API.
bump libc shlib minor for function additions.
tested on i386/amd64 by jmc, i386 by brad. checked by deraadt.
|
#
1.42 |
|
21-Nov-2006 |
itojun |
introduce sysctl net.inet6.ip6.multicast_mtudisc (for multicast routers). deraadt ok. manpage nit by jmc.
|
#
1.41 |
|
17-Nov-2006 |
itojun |
move comment to a line where it makes more sense
|
#
1.40 |
|
17-Nov-2006 |
itojun |
change semantics of ff01::/16 to interface local multicast (to sync up with more recent IPv6 spec)
ok from: deraadt mcbride
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.39 |
|
18-Jun-2006 |
pascoe |
Add support for equal-cost multipath IP.
To minimise path disruptions, this implements recommendations made in RFC2992 - the hash-threshold mechanism to select paths based on source/destination IP address pairs, and inserts multipath routes in the middle of the route table.
To enable multipath distribution, use: sysctl net.inet.ip.multipath=1 and/or: sysctl net.inet6.ip6.multipath=1
testing norby@ ok claudio@ henning@ hshoexer@
|
#
1.38 |
|
27-May-2006 |
claudio |
Do the same thing as for IPv4. Use a sysctl to enable/disable mfrowarding and additionaly make the code part of the MROUTING option. Put it in deraadt@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.37 |
|
13-Dec-2005 |
millert |
First step in include files overhaul. Use __FOO_VISIBLE (as defined in sys/cdefs.h) instead of _FOO_SOURCE. Also fix several namespace pollution issues, including the byte order defines. OK deraadt@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.36 |
|
21-Jun-2004 |
tholo |
First step towards more sane time handling in the kernel -- this changes things such that code that only need a second-resolution uptime or wall time, and used to get that from time.tv_secs or mono_time.tv_secs now get this from separate time_t globals time_second and time_uptime.
ok art@ niklas@ nordin@
|
Revision tags: SMP_SYNC_A
|
#
1.35 |
|
12-Jun-2004 |
itojun |
support IPV6_USE_MIN_MTU, to make BIND9 better. (sorry about the mess yesterday)
|
#
1.34 |
|
11-Jun-2004 |
deraadt |
back out tree breakage. Like, come on
|
#
1.33 |
|
11-Jun-2004 |
itojun |
support IPV6_USE_MIN_MTU, which is needed to run BIND9 well. from kame markus ok
|
Revision tags: OPENBSD_3_5_BASE SMP_SYNC_B
|
#
1.32 |
|
15-Feb-2004 |
markus |
switch to sysctl_int_arr(); ok itojun, henning, miod, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.31 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_A UBC_SYNC_B
|
#
1.30 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.29 |
|
07-Jun-2002 |
itojun |
mistake in sysctl table
|
#
1.28 |
|
07-Jun-2002 |
itojun |
just for consistency/compatibility, have net.inet6.ip6.v6only sysctl MIB, as well as set/getsockopt(IPV6_V6ONLY).
|
#
1.27 |
|
28-May-2002 |
itojun |
limit number of IPv6 fragments (not the fragment queue size) to fight against lots-of-frags DoS attacks. sync w/kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.26 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.25 |
|
07-Dec-2001 |
itojun |
branches: 1.25.2; whitespace/comment sync with kame
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.24 |
|
19-Sep-2001 |
itojun |
comment; sockopt # 57-59 are also reserved
|
#
1.23 |
|
22-Aug-2001 |
niklas |
Add IPCOMP setsockopt policy controls. While here fix the other policies too
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.22 |
|
30-Mar-2001 |
itojun |
fix constness of IN6_{IS,ARE}_xx macros to conform to RFC2553. sync with kame.
|
#
1.21 |
|
02-Mar-2001 |
itojun |
remove date string from KAME version identification, it is getting meaningless as we merge random items daily. have comment that refers to kame COVERAGE document. sync with kame
|
#
1.20 |
|
16-Feb-2001 |
itojun |
get rid of #ifdef IPV6FIREWALL (never used, will never be used)
|
#
1.19 |
|
16-Feb-2001 |
itojun |
pull in new pcb notification code from kame. better handling of scope address.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.18 |
|
17-Oct-2000 |
itojun |
use __P() in prototype for non-ansi compilers. From: Michael Shalayeff <mickey@lucifier.remote.dti.net>
|
#
1.17 |
|
27-Aug-2000 |
itojun |
move IPv6 IPsec sysctl # downward, to avoid number conflict in *BSD. angelos ok
|
#
1.16 |
|
16-Jul-2000 |
itojun |
don't pull sys/queue.h in. sync better with kame.
|
#
1.15 |
|
25-Jun-2000 |
aaron |
Fix typo; ds@ds.primasoft.bg
|
#
1.14 |
|
18-Jun-2000 |
itojun |
allow IPsec-related get/setsockopt on IPv6 socket. due to number conflict they must be IPV6_xx instead of IP_xx.
actually, since in_ctloutput() does not check address family of inpcb, getsockopt(IPPROTO_IP, IP_xx) may work - never tested this.
|
#
1.13 |
|
25-May-2000 |
itojun |
net.inet.ip.gif_ttl (and IPv6 counterpart) is never used. enforce type checking on IN6_ARE_ADDR_EQUAL.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.12 |
|
28-Feb-2000 |
itojun |
bring in recent KAME changes (only important and stable ones, as usual). - remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works just like "arp -s". - revise source address selection. be more careful about use of yet-to-be-valid addresses as source. - as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope packet forwarding attempt. - path MTU discovery takes care of routing header properly. - be more strict about mbuf chain parsing. - nuke xxCTL_VARS #define, they are for BSDI. - disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit IPv6 model where multiple address on interface is normal. (kernel side supports them for a while for backward compat, the support will be nuked shortly) - introduce "default outgoing interface" (for spec conformance in very rare case)
|
#
1.11 |
|
19-Feb-2000 |
deraadt |
use more modern types
|
Revision tags: SMP_BASE
|
#
1.10 |
|
09-Feb-2000 |
itojun |
branches: 1.10.2; improve RFC2553/2292 conformance. netinet6/{ip6,icmp6,in6}.h should not be included. neitnet6/{ip6,icmp6}.h includes #error statements only - i'll remove them couple of days later.
|
#
1.9 |
|
10-Dec-1999 |
angelos |
Add RCS tags, remove unused header files and code, remove a few unnecessary ifdefs...
|
Revision tags: kame_19991208
|
#
1.8 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
Revision tags: OPENBSD_2_5_BASE OPENBSD_2_6_BASE
|
#
1.7 |
|
24-Mar-1999 |
cmetz |
Replace 'in6a_words' (old NRL convention) with 's6_addr32' (new BSDI et al. convention that is more common and more specific as to the access size)
|
#
1.6 |
|
09-Mar-1999 |
cmetz |
Demangled the INET6 stuff so as not to require any extra options and not to be mutually exclusive with the IPSEC option.
|
#
1.5 |
|
24-Feb-1999 |
cmetz |
Synchronized changes needed to integrate into OpenBSD with the NRL source tree so we can have a unified netinet6 directory.
|
#
1.4 |
|
11-Jan-1999 |
deraadt |
_KERNEL, and other cleanup
|
#
1.3 |
|
10-Jan-1999 |
deraadt |
merge INPROTO_* tables
|
#
1.2 |
|
08-Jan-1999 |
deraadt |
use _KERNEL, add ipv6intrq decl
|
#
1.1 |
|
07-Jan-1999 |
deraadt |
missed file
|
#
1.116 |
|
13-Feb-2024 |
bluhm |
Merge struct route and struct route_in6.
Use a common struct route for both inet and inet6. Unfortunately struct sockaddr is shorter than sockaddr_in6, so netinet/in.h has to be exposed from net/route.h. Struct route has to be bsd visible for userland as netstat kvm code inspects inp_route. Internet PCB and TCP SYN cache can use a plain struct route now. All specific sockaddr types for inet and inet6 are embeded there.
OK claudio@
|
#
1.115 |
|
09-Feb-2024 |
bluhm |
Route cache function returns hit or miss.
The route_cache() function can easily return whether it was a cache hit or miss. Then the logic to perform a route lookup gets a bit simpler. Some more complicated if (ro->ro_rt == NULL) checks still exist elsewhere. Also use route cache in in_pcbselsrc() instead of filling struct route manually.
OK claudio@
|
#
1.114 |
|
07-Feb-2024 |
bluhm |
Use the route generation number also for IPv6.
Implement route6_cache() to check whether the cached route is still valid and otherwise fill caching parameter of struct route_in6. Also count cache hits and misses in netstat. in_pcbrtentry() uses route cache now.
OK claudio@
|
#
1.113 |
|
31-Jan-2024 |
bluhm |
Add route generation number to route cache.
The outgoing route is cached at the inpcb. This cache was only invalidated when the socket closes or if the route gets invalid. More specific routes were not detected. Especially with dynamic routing protocols, sockets must be closed and reopened to use the correct route. Running ping during a route change shows the problem.
To solve this, add a route generation number that is updated whenever the routing table changes. The lookup in struct route is put into the route_cache() function. If the generation number is too old, the cached route gets discarded.
Implement route_cache() for ip_output() and ip_forward() first. IPv6 and more places will follow.
OK claudio@
|
#
1.112 |
|
27-Jan-2024 |
bluhm |
Declare address parameter in TCP SYN cache const.
tcp6_ctlinput() casted a constant sockaddr_sin6 to non-const sockaddr. sa6_src may be &sa6_any which lives in read-only data section. Better pass down the const addresses to syn_cache_lookup(). They are needed for hash lookup and are not modified.
OK mvs@
|
#
1.111 |
|
28-Nov-2023 |
bluhm |
Remove struct inpcb from in6_embedscope() parameters.
rip6_output() did modify inp_outputopts6 temporarily to provide different ip6_pktopts to in6_embedscope(). Better pass inp_outputopts6 and inp_moptions6 as separate arguments to in6_embedscope(). Simplify the code that deals with these options in in6_embedscope(). Doucument inp_moptions and inp_moptions6 as protected by net lock.
OK kn@
|
#
1.110 |
|
10-Nov-2023 |
bluhm |
rtable_match() takes constant destination.
For implementing MP safe route lookup, it helps to know which function parameters are constant. Add some const declarations, so that the compiler guarantees that sockaddr dst parameter of rtable_match() does not change.
OK dlg@
|
Revision tags: OPENBSD_7_0_BASE OPENBSD_7_1_BASE OPENBSD_7_2_BASE OPENBSD_7_3_BASE OPENBSD_7_4_BASE
|
#
1.109 |
|
02-Jun-2021 |
dlg |
factor out the code that does sanity checks on ipv6 headers and addresses.
this will allow these checks to be reused for ip packet inspection in bridge, veb, and tpmr.
ok bluhm@ sashan@
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.108 |
|
10-Mar-2021 |
jsg |
spelling
ok gnezdo@ semarie@ mpi@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.107 |
|
24-Aug-2020 |
gnezdo |
Convert ip6_sysctl to sysctl_bounded_args
Tighter limits and OK by sashan
|
#
1.106 |
|
24-Jun-2020 |
cheloha |
kernel: use gettime(9)/getuptime(9) in lieu of time_second(9)/time_uptime(9)
time_second(9) and time_uptime(9) are widely used in the kernel to quickly get the system UTC or system uptime as a time_t. However, time_t is 64-bit everywhere, so it is not generally safe to use them on 32-bit platforms: you have a split-read problem if your hardware cannot perform atomic 64-bit reads.
This patch replaces time_second(9) with gettime(9), a safer successor interface, throughout the kernel. Similarly, time_uptime(9) is replaced with getuptime(9).
There is a performance cost on 32-bit platforms in exchange for eliminating the split-read problem: instead of two register reads you now have a lockless read loop to pull the values from the timehands. This is really not *too* bad in the grand scheme of things, but compared to what we were doing before it is several times slower.
There is no performance cost on 64-bit (__LP64__) platforms.
With input from visa@, dlg@, and tedu@.
Several bugs squashed by visa@.
ok kettenis@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.105 |
|
11-Nov-2019 |
bluhm |
Kernel is missing propper input validation when configuring IPv6 addresses. Implement in6_sa2sin6() to validate inet6 address family and address length. The SIOCGIFDSTADDR_IN6, SIOCGIFNETMASK_IN6, SIOCGIFAFLAG_IN6, SIOCGIFALIFETIME_IN6, and SIOCDIFADDR_IN6 ioctl(2) are safe now. OK visa@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.104 |
|
22-Apr-2019 |
bluhm |
In in_cksum() and in6_cksum() convert types to C99 style and make both functions consistent. In in_cksum() panic if len is longer than mbuf, but in in6_cksum() do not panic if off and len match exactly to the end of mbuf. OK claudio@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.103 |
|
11-Sep-2018 |
bluhm |
Convert inetctlerrmap to u_char like inet6ctlerrmap. That is also what FreeBSD does. Remove old #if 0 version of inet6ctlerrmap. OK mpi@
|
#
1.102 |
|
07-Jun-2018 |
bluhm |
The global zero addresses must not change, mark them constant. OK tb@ visa@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.101 |
|
10-Feb-2018 |
florian |
Implement RFC 7217: "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration."
"An IPv6 address configured using this method is stable within each subnet, but the corresponding Interface Identifier changes when the host moves from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware addresses."
OK naddy, sthen
|
#
1.100 |
|
20-Nov-2017 |
mpi |
Sprinkle some NET_ASSERT_LOCKED(), const and co to prepare running pr_input handlers without KERNEL_LOCK().
ok visa@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.99 |
|
01-Sep-2017 |
florian |
Use in6_get_rand_ifid() instead of get_last_resort_ifid() and delete the get_last_resort_ifid() function because eww. Also if your system is so constraint that you end up in in6_get_rand_ifid() you don't deserve a random ifid that stays stable over reboots. Simplify code a bit since get_ifid() can no longer fail. It couldn't fail before either because that code path was #if 0'ed. While here sprinkle in some in6_ prefixes, pointed out by stsp. OK stsp
|
#
1.98 |
|
11-Aug-2017 |
bluhm |
Validate sockaddr from userland in central functions. This results in common checks for unix, inet, inet6 instead of partial checks here and there. Some checks are already done at a higher layer, but better be paranoid with user input. OK claudio@ millert@
|
#
1.97 |
|
13-Jul-2017 |
florian |
Get rid of ip6.maxifprefixes and ip6.maxifdefrouters, the kernel no longer tracks prefixes or default routers from router advertisements. Pointed out by jmc. ports tree grepping sthen, who only found nsh OK mpi, sthen
|
#
1.96 |
|
30-May-2017 |
mpi |
Keep ipv6_input() definition inside _KERNEL.
Unbreak userland, found the hardway by deraadt@
|
#
1.95 |
|
30-May-2017 |
mpi |
Introduce ipv{4,6}_input(), two wrappers around IP queues.
This will help transitionning to an un-KERNEL_LOCK()ed IP forwarding path.
Disucssed with bluhm@, ok claudio@
|
#
1.94 |
|
04-May-2017 |
bluhm |
Introduce sstosa() for converting sockaddr_storage with a type safe inline function instead of casting it to sockaddr. While there, use inline instead of __inline for all these conversions. Some struct sockaddr casts can be avoided completely. OK dhill@ mpi@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.93 |
|
22-Feb-2017 |
renato |
Fix comments about a few ipv6 sockoptions
OK millert@ florian@
|
#
1.92 |
|
22-Dec-2016 |
rzalamena |
Remove PIM support from the multicast stack.
ok mpi@
|
#
1.91 |
|
03-Oct-2016 |
mpi |
Convert some of the remaining usages of time_second to time_uptime.
time_second is unix time so it can be affected by clock changes. time_uptime is monotonic so it isnt affected by clock changes. that in turn means route expiries wont jump with clock changes if set against time_uptime.
the expiry is translated into unix time for export to userland though.
Should fix mismatch between route timers that were already converted and ND default routers that were still using time_second.
Tested by matthieu@ and sthen@
ok sthen@, dlg@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.90 |
|
27-Jun-2016 |
jca |
Implement IPV6_MINHOPCOUNT support.
Useful to implement GTSM support in daemons such as bgpd(8). Diff from 2013 revived by renato@. Input from bluhm@, ok bluhm@ deraadt@
|
#
1.89 |
|
01-Jun-2016 |
jca |
Kill sysctl net.inet6.ip6.rr_prune
We don't support Router Renumbering and there are no plans to change that. ok mpi@
|
#
1.88 |
|
19-May-2016 |
jca |
Remove sysctl net.inet6.ip6.v6only
This sysctl is a no-op, read-only since it was introduced. There are no plans to support IPv4-mapped addresses on OpenBSD, thus this sysctl is meaningless.
Noticed by djm@, ok claudio@ mpi@ sthen@ henning@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.87 |
|
03-Dec-2015 |
tedu |
rm unused kernel only IPV6_RECVRTHDRDSTOPTS sockopt. ok deraadt sthen
|
#
1.86 |
|
29-Oct-2015 |
tedu |
RFC 2292 API support was removed 9 years ago, but left in a binary compat ABI form for the sake of existing programs. no programs from that era have been able to run for quite some time. Kill it all. ok deraadt florian millert mpi (I believe this is my first IPv6 diff. Future, here I come!)
|
#
1.85 |
|
11-Sep-2015 |
claudio |
in6_embedscope() needs to lose some weight. Remove the last argument. In all but two calls NULL is passed and in the other 2 cases the ifp is only used to maybe feed it to in6_selecthlim() to select the hoplimit for the link. Since in6_embedscope() only works on link-local addresses it does not matter what hop limit we select since the destination is directly reachable. OK florian@ mpi@
|
#
1.84 |
|
10-Sep-2015 |
claudio |
It is time to put inet6 on a diet. Use the flensing knife and cut out the 3rd argument of in6_recoverscope() and make it return void. OK dlg@ mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.83 |
|
08-Jun-2015 |
krw |
More damned eye searing whitespace. No change to .o files.
|
#
1.82 |
|
14-Apr-2015 |
mikeb |
ip6_sprintf is long gone; noticed by blambert
|
#
1.81 |
|
10-Apr-2015 |
dlg |
replace the use of ifqueues for most input queues serviced by netisr with niqueues.
this change is so big because there's a lot of code that takes pointers to different input queues (eg, ether_input picks between ipv4, ipv6, pppoe, arp, and mpls input queues) and falls through to code to enqueue packets against the pointer. if i changed only one of the input queues id have to add sepearate code paths, one for ifqueues and one for niqueues in each of these places
by flipping all these input queues at once i can keep the currently common code common.
testing by mpi@ sthen@ and rafael zalamena ok mpi@ sthen@ claudio@ henning@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.80 |
|
09-Feb-2015 |
claudio |
Implement 2 sysctl to retrieve the multicast forwarding cache (mf6c) and the multicast interface table (mif6). Will be used by netstat soon. Looked over by guenther@
|
#
1.79 |
|
09-Feb-2015 |
dlg |
provide a net.inet6.ip6.ifq sysctl so people can see and fiddle with the ip6intrq.
ok claudio@
|
#
1.78 |
|
10-Jan-2015 |
mpi |
Correct some comments and merge in6_if_up() into in6_ifattach() to reflect that IPv6 link-local addresses are no longer automagically configured the first time an interface is brought up.
ok henning@, stsp@
|
#
1.77 |
|
05-Dec-2014 |
mpi |
Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.
ok mikeb@, krw@, bluhm@, tedu@
|
#
1.76 |
|
20-Nov-2014 |
mpi |
What have no need for a variable that holds the maximum MTU size of interfaces with an IPv6 address.
ok henning@, mikeb@, deraadt@
|
#
1.75 |
|
31-Aug-2014 |
bluhm |
Make the in6addr constant declarations and definitions consistent in kernel and user land. OK florian@ mpi@
|
#
1.74 |
|
26-Aug-2014 |
florian |
Do not hand-roll all routers link local address. pointed out & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.73 |
|
11-Jul-2014 |
henning |
introduce the IFXF_AUTOCONF6 interface flag which controls wether we accept rtadvs on that interface. the global net.inet6.ip6.accept_rtadv sysctl just doesn't cut it, even tho the spec wants that - but in their little absurd world, a host just has one interface by definition anyway... the sysctlgoes away. lots of head scratching, brain cell elemination etc from bluhm benno stsp florian, excitement from simon and todd, ok bluhm stsp benno florian
|
#
1.72 |
|
13-Jun-2014 |
chrisz |
Remove deprecated RFC2292 ancillary data convenience functions. They are obsoleted by the RFC3542 api.
ok mpi@
|
#
1.71 |
|
20-Apr-2014 |
naddy |
move in6_cksum_phdr from in6.h to ip6_output.c to mirror in_cksum_phdr ok henning@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.70 |
|
22-Jan-2014 |
naddy |
Split the checksum calculation for IPv6 like for IPv4: Always calculate the pseudo-header checksum. Complete the checksum if hardware offload is not available.
Parts originally from NetBSD; ok henning@
|
#
1.69 |
|
28-Oct-2013 |
deraadt |
kill kame version symbols and sysctl ports tree grep run by sthen
|
#
1.68 |
|
24-Oct-2013 |
mpi |
Remove the number of in6_var.h inclusions by moving some functions and global variables to in6.h.
ok deraadt@
|
#
1.67 |
|
24-Oct-2013 |
deraadt |
Significant namespace cleanup of netinet6 symbols.
One worrying bit is in icmp6.h where some htols() and htonl() are added, which may affect compatibility down the line. This component can be reverted if issues show up. Ports tree greps indicate no issue.
ok claudio mpi etc
|
#
1.66 |
|
21-Oct-2013 |
deraadt |
There are gasps of shock! Add a pmtu delay sysctl BUTTON for netinet6, making the code the same as netinet4 along the way. ok bluhm phessler
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.65 |
|
26-Jun-2013 |
henning |
put the cksum diff back, of course with the bug fixed where we could under some circumstances repair broken checksums on the way. ok ryan naddy mikeb . redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers.
|
#
1.64 |
|
28-Mar-2013 |
bluhm |
Convert the satosin, sintosa, ifatoia, satosin6, sin6tosa, ifatoia6 defines into static inline functions. This allows the compiler to check the source type before casting. liked by many; OK mpi@ haesbaert@
|
#
1.63 |
|
14-Mar-2013 |
mpi |
My lack of faith... These lines should stay, reported by ajacoutot@.
ok sthen@
|
#
1.62 |
|
14-Mar-2013 |
mpi |
tedu faith(4), suggested by todd@ some weeks ago after a submission by dhill.
ok krw@, mikeb@, tedu@ (implicit)
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.61 |
|
06-Nov-2012 |
henning |
backout csum diff for the moment, requested by theo
|
#
1.60 |
|
01-Nov-2012 |
henning |
redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers. ok camield sthen claudio, testing by many, thanks!
|
#
1.59 |
|
17-Sep-2012 |
yasuoka |
add IPV6_RECVDSTPORT socket option, which enables us to get original (= before divert) destination port of a UDP packet. The way to use this option is same as IP_RECVDSTPORT.
from UMEZAWA Takeshi tweaks from jmc; ok henning bluhm
|
#
1.58 |
|
15-Sep-2012 |
guenther |
Improve POSIX/SUS compliance of <netdb.h>, <sys/socket.h>, and <sys/un.h>.
Much ports testing of various versions by naddy@ and jasper@ ok matthew@, miller@
|
Revision tags: OPENBSD_5_2_BASE
|
#
1.57 |
|
10-Jul-2012 |
guenther |
Instead of <arpa/inet.h> pulling in <netinet/in.h>, just copy in the three things that it needed from there: INET_ADDRSTRLEN, INET6_ADDRSTRLEN, and struct in_addr. Add protecting #ifndefs to netinet6?/in6?.h for those.
ok deraadt@
|
#
1.56 |
|
26-Jun-2012 |
guenther |
Improve compliance for <arpa/inet.h> and <netinet/in.h> to define/declare all the symbols that POSIX says they must and fewer that they can't and, most importantly, to not require a specific ordering of headers.
ports testing by naddy@ ok millert@ deraadt@
|
Revision tags: OPENBSD_5_1_BASE
|
#
1.55 |
|
24-Nov-2011 |
sperreault |
rdomain support for IPv6 ok mikeb
|
#
1.54 |
|
13-Oct-2011 |
claudio |
Since the IPv6 madness is not enough introduce NAT64 -- which is actually "af-to" a generic IP version translator for pf(4). Not everything perfect yet but lets fix these things in the tree. Insane amount of work done by sperreault@, mikeb@ and reyk@. Looked over by mcbride@ henning@ and myself at eurobsdcon. OK mcbride@ and general put it in from deraadt@
|
Revision tags: OPENBSD_5_0_BASE
|
#
1.53 |
|
02-May-2011 |
mikeb |
recognize SO_RTABLE socket option at the SOL_SOCKET level; discussed with and ok claudio
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.52 |
|
23-Sep-2010 |
yasuoka |
add a new IP level socket option IP_PIPEX. This option is used for L2TP support by pipex. OK henning@, "Carry on" blambert@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.51 |
|
08-Jul-2010 |
jsg |
remove some unused netinet6 code ok stsp@ henning@ claudio@
|
#
1.50 |
|
07-May-2010 |
claudio |
Start cleaning up the mess called rtalloc*. Kill rtalloc2, make rtalloc1 accept flags for report and nocloning. Move the rtableid into struct route (with a minor twist for now) and make a few more codepathes rdomain aware. Appart from the pf.c and route.c bits the diff is mostly mechanical. More to come... OK michele, henning
|
#
1.49 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.48 |
|
05-Nov-2009 |
michele |
IPv6 support for divert sockets.
tested by phessler@ pyr@ ok claudio@ "go ahead" deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.47 |
|
25-Nov-2008 |
markus |
delay /etc/netstart until IPv6-DAD (dup-address-detection) is completed. ok fries, hshoexer, claudio
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.46 |
|
11-Jun-2008 |
mcbride |
From KAME, allow adjustable limits on NDP entries and discovered routes.
ok mpf naddy
|
#
1.45 |
|
09-Mar-2008 |
sobrado |
use the right capitalization for platform names
ok jsing@
|
Revision tags: OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.44 |
|
22-Jan-2007 |
miod |
Fix KAME cvsweb urls
|
#
1.43 |
|
09-Dec-2006 |
itojun |
switch IPv6 advanced API from RFC2292 to RFC3542 (2292 is superseded by 3542). the kernel still handles RFC2292 set/getsockopts, so that compiled binary has no trouble running. userland sees RFC3542 symbols only on header file so new code has to use RFC3542 API.
bump libc shlib minor for function additions.
tested on i386/amd64 by jmc, i386 by brad. checked by deraadt.
|
#
1.42 |
|
21-Nov-2006 |
itojun |
introduce sysctl net.inet6.ip6.multicast_mtudisc (for multicast routers). deraadt ok. manpage nit by jmc.
|
#
1.41 |
|
17-Nov-2006 |
itojun |
move comment to a line where it makes more sense
|
#
1.40 |
|
17-Nov-2006 |
itojun |
change semantics of ff01::/16 to interface local multicast (to sync up with more recent IPv6 spec)
ok from: deraadt mcbride
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.39 |
|
18-Jun-2006 |
pascoe |
Add support for equal-cost multipath IP.
To minimise path disruptions, this implements recommendations made in RFC2992 - the hash-threshold mechanism to select paths based on source/destination IP address pairs, and inserts multipath routes in the middle of the route table.
To enable multipath distribution, use: sysctl net.inet.ip.multipath=1 and/or: sysctl net.inet6.ip6.multipath=1
testing norby@ ok claudio@ henning@ hshoexer@
|
#
1.38 |
|
27-May-2006 |
claudio |
Do the same thing as for IPv4. Use a sysctl to enable/disable mfrowarding and additionaly make the code part of the MROUTING option. Put it in deraadt@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.37 |
|
13-Dec-2005 |
millert |
First step in include files overhaul. Use __FOO_VISIBLE (as defined in sys/cdefs.h) instead of _FOO_SOURCE. Also fix several namespace pollution issues, including the byte order defines. OK deraadt@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.36 |
|
21-Jun-2004 |
tholo |
First step towards more sane time handling in the kernel -- this changes things such that code that only need a second-resolution uptime or wall time, and used to get that from time.tv_secs or mono_time.tv_secs now get this from separate time_t globals time_second and time_uptime.
ok art@ niklas@ nordin@
|
Revision tags: SMP_SYNC_A
|
#
1.35 |
|
12-Jun-2004 |
itojun |
support IPV6_USE_MIN_MTU, to make BIND9 better. (sorry about the mess yesterday)
|
#
1.34 |
|
11-Jun-2004 |
deraadt |
back out tree breakage. Like, come on
|
#
1.33 |
|
11-Jun-2004 |
itojun |
support IPV6_USE_MIN_MTU, which is needed to run BIND9 well. from kame markus ok
|
Revision tags: OPENBSD_3_5_BASE SMP_SYNC_B
|
#
1.32 |
|
15-Feb-2004 |
markus |
switch to sysctl_int_arr(); ok itojun, henning, miod, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.31 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_A UBC_SYNC_B
|
#
1.30 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.29 |
|
07-Jun-2002 |
itojun |
mistake in sysctl table
|
#
1.28 |
|
07-Jun-2002 |
itojun |
just for consistency/compatibility, have net.inet6.ip6.v6only sysctl MIB, as well as set/getsockopt(IPV6_V6ONLY).
|
#
1.27 |
|
28-May-2002 |
itojun |
limit number of IPv6 fragments (not the fragment queue size) to fight against lots-of-frags DoS attacks. sync w/kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.26 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.25 |
|
07-Dec-2001 |
itojun |
branches: 1.25.2; whitespace/comment sync with kame
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.24 |
|
19-Sep-2001 |
itojun |
comment; sockopt # 57-59 are also reserved
|
#
1.23 |
|
22-Aug-2001 |
niklas |
Add IPCOMP setsockopt policy controls. While here fix the other policies too
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.22 |
|
30-Mar-2001 |
itojun |
fix constness of IN6_{IS,ARE}_xx macros to conform to RFC2553. sync with kame.
|
#
1.21 |
|
02-Mar-2001 |
itojun |
remove date string from KAME version identification, it is getting meaningless as we merge random items daily. have comment that refers to kame COVERAGE document. sync with kame
|
#
1.20 |
|
16-Feb-2001 |
itojun |
get rid of #ifdef IPV6FIREWALL (never used, will never be used)
|
#
1.19 |
|
16-Feb-2001 |
itojun |
pull in new pcb notification code from kame. better handling of scope address.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.18 |
|
17-Oct-2000 |
itojun |
use __P() in prototype for non-ansi compilers. From: Michael Shalayeff <mickey@lucifier.remote.dti.net>
|
#
1.17 |
|
27-Aug-2000 |
itojun |
move IPv6 IPsec sysctl # downward, to avoid number conflict in *BSD. angelos ok
|
#
1.16 |
|
16-Jul-2000 |
itojun |
don't pull sys/queue.h in. sync better with kame.
|
#
1.15 |
|
25-Jun-2000 |
aaron |
Fix typo; ds@ds.primasoft.bg
|
#
1.14 |
|
18-Jun-2000 |
itojun |
allow IPsec-related get/setsockopt on IPv6 socket. due to number conflict they must be IPV6_xx instead of IP_xx.
actually, since in_ctloutput() does not check address family of inpcb, getsockopt(IPPROTO_IP, IP_xx) may work - never tested this.
|
#
1.13 |
|
25-May-2000 |
itojun |
net.inet.ip.gif_ttl (and IPv6 counterpart) is never used. enforce type checking on IN6_ARE_ADDR_EQUAL.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.12 |
|
28-Feb-2000 |
itojun |
bring in recent KAME changes (only important and stable ones, as usual). - remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works just like "arp -s". - revise source address selection. be more careful about use of yet-to-be-valid addresses as source. - as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope packet forwarding attempt. - path MTU discovery takes care of routing header properly. - be more strict about mbuf chain parsing. - nuke xxCTL_VARS #define, they are for BSDI. - disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit IPv6 model where multiple address on interface is normal. (kernel side supports them for a while for backward compat, the support will be nuked shortly) - introduce "default outgoing interface" (for spec conformance in very rare case)
|
#
1.11 |
|
19-Feb-2000 |
deraadt |
use more modern types
|
Revision tags: SMP_BASE
|
#
1.10 |
|
09-Feb-2000 |
itojun |
branches: 1.10.2; improve RFC2553/2292 conformance. netinet6/{ip6,icmp6,in6}.h should not be included. neitnet6/{ip6,icmp6}.h includes #error statements only - i'll remove them couple of days later.
|
#
1.9 |
|
10-Dec-1999 |
angelos |
Add RCS tags, remove unused header files and code, remove a few unnecessary ifdefs...
|
Revision tags: kame_19991208
|
#
1.8 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
Revision tags: OPENBSD_2_5_BASE OPENBSD_2_6_BASE
|
#
1.7 |
|
24-Mar-1999 |
cmetz |
Replace 'in6a_words' (old NRL convention) with 's6_addr32' (new BSDI et al. convention that is more common and more specific as to the access size)
|
#
1.6 |
|
09-Mar-1999 |
cmetz |
Demangled the INET6 stuff so as not to require any extra options and not to be mutually exclusive with the IPSEC option.
|
#
1.5 |
|
24-Feb-1999 |
cmetz |
Synchronized changes needed to integrate into OpenBSD with the NRL source tree so we can have a unified netinet6 directory.
|
#
1.4 |
|
11-Jan-1999 |
deraadt |
_KERNEL, and other cleanup
|
#
1.3 |
|
10-Jan-1999 |
deraadt |
merge INPROTO_* tables
|
#
1.2 |
|
08-Jan-1999 |
deraadt |
use _KERNEL, add ipv6intrq decl
|
#
1.1 |
|
07-Jan-1999 |
deraadt |
missed file
|
#
1.115 |
|
09-Feb-2024 |
bluhm |
Route cache function returns hit or miss.
The route_cache() function can easily return whether it was a cache hit or miss. Then the logic to perform a route lookup gets a bit simpler. Some more complicated if (ro->ro_rt == NULL) checks still exist elsewhere. Also use route cache in in_pcbselsrc() instead of filling struct route manually.
OK claudio@
|
#
1.114 |
|
07-Feb-2024 |
bluhm |
Use the route generation number also for IPv6.
Implement route6_cache() to check whether the cached route is still valid and otherwise fill caching parameter of struct route_in6. Also count cache hits and misses in netstat. in_pcbrtentry() uses route cache now.
OK claudio@
|
#
1.113 |
|
31-Jan-2024 |
bluhm |
Add route generation number to route cache.
The outgoing route is cached at the inpcb. This cache was only invalidated when the socket closes or if the route gets invalid. More specific routes were not detected. Especially with dynamic routing protocols, sockets must be closed and reopened to use the correct route. Running ping during a route change shows the problem.
To solve this, add a route generation number that is updated whenever the routing table changes. The lookup in struct route is put into the route_cache() function. If the generation number is too old, the cached route gets discarded.
Implement route_cache() for ip_output() and ip_forward() first. IPv6 and more places will follow.
OK claudio@
|
#
1.112 |
|
27-Jan-2024 |
bluhm |
Declare address parameter in TCP SYN cache const.
tcp6_ctlinput() casted a constant sockaddr_sin6 to non-const sockaddr. sa6_src may be &sa6_any which lives in read-only data section. Better pass down the const addresses to syn_cache_lookup(). They are needed for hash lookup and are not modified.
OK mvs@
|
#
1.111 |
|
28-Nov-2023 |
bluhm |
Remove struct inpcb from in6_embedscope() parameters.
rip6_output() did modify inp_outputopts6 temporarily to provide different ip6_pktopts to in6_embedscope(). Better pass inp_outputopts6 and inp_moptions6 as separate arguments to in6_embedscope(). Simplify the code that deals with these options in in6_embedscope(). Doucument inp_moptions and inp_moptions6 as protected by net lock.
OK kn@
|
#
1.110 |
|
10-Nov-2023 |
bluhm |
rtable_match() takes constant destination.
For implementing MP safe route lookup, it helps to know which function parameters are constant. Add some const declarations, so that the compiler guarantees that sockaddr dst parameter of rtable_match() does not change.
OK dlg@
|
Revision tags: OPENBSD_7_0_BASE OPENBSD_7_1_BASE OPENBSD_7_2_BASE OPENBSD_7_3_BASE OPENBSD_7_4_BASE
|
#
1.109 |
|
02-Jun-2021 |
dlg |
factor out the code that does sanity checks on ipv6 headers and addresses.
this will allow these checks to be reused for ip packet inspection in bridge, veb, and tpmr.
ok bluhm@ sashan@
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.108 |
|
10-Mar-2021 |
jsg |
spelling
ok gnezdo@ semarie@ mpi@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.107 |
|
24-Aug-2020 |
gnezdo |
Convert ip6_sysctl to sysctl_bounded_args
Tighter limits and OK by sashan
|
#
1.106 |
|
24-Jun-2020 |
cheloha |
kernel: use gettime(9)/getuptime(9) in lieu of time_second(9)/time_uptime(9)
time_second(9) and time_uptime(9) are widely used in the kernel to quickly get the system UTC or system uptime as a time_t. However, time_t is 64-bit everywhere, so it is not generally safe to use them on 32-bit platforms: you have a split-read problem if your hardware cannot perform atomic 64-bit reads.
This patch replaces time_second(9) with gettime(9), a safer successor interface, throughout the kernel. Similarly, time_uptime(9) is replaced with getuptime(9).
There is a performance cost on 32-bit platforms in exchange for eliminating the split-read problem: instead of two register reads you now have a lockless read loop to pull the values from the timehands. This is really not *too* bad in the grand scheme of things, but compared to what we were doing before it is several times slower.
There is no performance cost on 64-bit (__LP64__) platforms.
With input from visa@, dlg@, and tedu@.
Several bugs squashed by visa@.
ok kettenis@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.105 |
|
11-Nov-2019 |
bluhm |
Kernel is missing propper input validation when configuring IPv6 addresses. Implement in6_sa2sin6() to validate inet6 address family and address length. The SIOCGIFDSTADDR_IN6, SIOCGIFNETMASK_IN6, SIOCGIFAFLAG_IN6, SIOCGIFALIFETIME_IN6, and SIOCDIFADDR_IN6 ioctl(2) are safe now. OK visa@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.104 |
|
22-Apr-2019 |
bluhm |
In in_cksum() and in6_cksum() convert types to C99 style and make both functions consistent. In in_cksum() panic if len is longer than mbuf, but in in6_cksum() do not panic if off and len match exactly to the end of mbuf. OK claudio@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.103 |
|
11-Sep-2018 |
bluhm |
Convert inetctlerrmap to u_char like inet6ctlerrmap. That is also what FreeBSD does. Remove old #if 0 version of inet6ctlerrmap. OK mpi@
|
#
1.102 |
|
07-Jun-2018 |
bluhm |
The global zero addresses must not change, mark them constant. OK tb@ visa@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.101 |
|
10-Feb-2018 |
florian |
Implement RFC 7217: "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration."
"An IPv6 address configured using this method is stable within each subnet, but the corresponding Interface Identifier changes when the host moves from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware addresses."
OK naddy, sthen
|
#
1.100 |
|
20-Nov-2017 |
mpi |
Sprinkle some NET_ASSERT_LOCKED(), const and co to prepare running pr_input handlers without KERNEL_LOCK().
ok visa@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.99 |
|
01-Sep-2017 |
florian |
Use in6_get_rand_ifid() instead of get_last_resort_ifid() and delete the get_last_resort_ifid() function because eww. Also if your system is so constraint that you end up in in6_get_rand_ifid() you don't deserve a random ifid that stays stable over reboots. Simplify code a bit since get_ifid() can no longer fail. It couldn't fail before either because that code path was #if 0'ed. While here sprinkle in some in6_ prefixes, pointed out by stsp. OK stsp
|
#
1.98 |
|
11-Aug-2017 |
bluhm |
Validate sockaddr from userland in central functions. This results in common checks for unix, inet, inet6 instead of partial checks here and there. Some checks are already done at a higher layer, but better be paranoid with user input. OK claudio@ millert@
|
#
1.97 |
|
13-Jul-2017 |
florian |
Get rid of ip6.maxifprefixes and ip6.maxifdefrouters, the kernel no longer tracks prefixes or default routers from router advertisements. Pointed out by jmc. ports tree grepping sthen, who only found nsh OK mpi, sthen
|
#
1.96 |
|
30-May-2017 |
mpi |
Keep ipv6_input() definition inside _KERNEL.
Unbreak userland, found the hardway by deraadt@
|
#
1.95 |
|
30-May-2017 |
mpi |
Introduce ipv{4,6}_input(), two wrappers around IP queues.
This will help transitionning to an un-KERNEL_LOCK()ed IP forwarding path.
Disucssed with bluhm@, ok claudio@
|
#
1.94 |
|
04-May-2017 |
bluhm |
Introduce sstosa() for converting sockaddr_storage with a type safe inline function instead of casting it to sockaddr. While there, use inline instead of __inline for all these conversions. Some struct sockaddr casts can be avoided completely. OK dhill@ mpi@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.93 |
|
22-Feb-2017 |
renato |
Fix comments about a few ipv6 sockoptions
OK millert@ florian@
|
#
1.92 |
|
22-Dec-2016 |
rzalamena |
Remove PIM support from the multicast stack.
ok mpi@
|
#
1.91 |
|
03-Oct-2016 |
mpi |
Convert some of the remaining usages of time_second to time_uptime.
time_second is unix time so it can be affected by clock changes. time_uptime is monotonic so it isnt affected by clock changes. that in turn means route expiries wont jump with clock changes if set against time_uptime.
the expiry is translated into unix time for export to userland though.
Should fix mismatch between route timers that were already converted and ND default routers that were still using time_second.
Tested by matthieu@ and sthen@
ok sthen@, dlg@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.90 |
|
27-Jun-2016 |
jca |
Implement IPV6_MINHOPCOUNT support.
Useful to implement GTSM support in daemons such as bgpd(8). Diff from 2013 revived by renato@. Input from bluhm@, ok bluhm@ deraadt@
|
#
1.89 |
|
01-Jun-2016 |
jca |
Kill sysctl net.inet6.ip6.rr_prune
We don't support Router Renumbering and there are no plans to change that. ok mpi@
|
#
1.88 |
|
19-May-2016 |
jca |
Remove sysctl net.inet6.ip6.v6only
This sysctl is a no-op, read-only since it was introduced. There are no plans to support IPv4-mapped addresses on OpenBSD, thus this sysctl is meaningless.
Noticed by djm@, ok claudio@ mpi@ sthen@ henning@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.87 |
|
03-Dec-2015 |
tedu |
rm unused kernel only IPV6_RECVRTHDRDSTOPTS sockopt. ok deraadt sthen
|
#
1.86 |
|
29-Oct-2015 |
tedu |
RFC 2292 API support was removed 9 years ago, but left in a binary compat ABI form for the sake of existing programs. no programs from that era have been able to run for quite some time. Kill it all. ok deraadt florian millert mpi (I believe this is my first IPv6 diff. Future, here I come!)
|
#
1.85 |
|
11-Sep-2015 |
claudio |
in6_embedscope() needs to lose some weight. Remove the last argument. In all but two calls NULL is passed and in the other 2 cases the ifp is only used to maybe feed it to in6_selecthlim() to select the hoplimit for the link. Since in6_embedscope() only works on link-local addresses it does not matter what hop limit we select since the destination is directly reachable. OK florian@ mpi@
|
#
1.84 |
|
10-Sep-2015 |
claudio |
It is time to put inet6 on a diet. Use the flensing knife and cut out the 3rd argument of in6_recoverscope() and make it return void. OK dlg@ mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.83 |
|
08-Jun-2015 |
krw |
More damned eye searing whitespace. No change to .o files.
|
#
1.82 |
|
14-Apr-2015 |
mikeb |
ip6_sprintf is long gone; noticed by blambert
|
#
1.81 |
|
10-Apr-2015 |
dlg |
replace the use of ifqueues for most input queues serviced by netisr with niqueues.
this change is so big because there's a lot of code that takes pointers to different input queues (eg, ether_input picks between ipv4, ipv6, pppoe, arp, and mpls input queues) and falls through to code to enqueue packets against the pointer. if i changed only one of the input queues id have to add sepearate code paths, one for ifqueues and one for niqueues in each of these places
by flipping all these input queues at once i can keep the currently common code common.
testing by mpi@ sthen@ and rafael zalamena ok mpi@ sthen@ claudio@ henning@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.80 |
|
09-Feb-2015 |
claudio |
Implement 2 sysctl to retrieve the multicast forwarding cache (mf6c) and the multicast interface table (mif6). Will be used by netstat soon. Looked over by guenther@
|
#
1.79 |
|
09-Feb-2015 |
dlg |
provide a net.inet6.ip6.ifq sysctl so people can see and fiddle with the ip6intrq.
ok claudio@
|
#
1.78 |
|
10-Jan-2015 |
mpi |
Correct some comments and merge in6_if_up() into in6_ifattach() to reflect that IPv6 link-local addresses are no longer automagically configured the first time an interface is brought up.
ok henning@, stsp@
|
#
1.77 |
|
05-Dec-2014 |
mpi |
Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.
ok mikeb@, krw@, bluhm@, tedu@
|
#
1.76 |
|
20-Nov-2014 |
mpi |
What have no need for a variable that holds the maximum MTU size of interfaces with an IPv6 address.
ok henning@, mikeb@, deraadt@
|
#
1.75 |
|
31-Aug-2014 |
bluhm |
Make the in6addr constant declarations and definitions consistent in kernel and user land. OK florian@ mpi@
|
#
1.74 |
|
26-Aug-2014 |
florian |
Do not hand-roll all routers link local address. pointed out & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.73 |
|
11-Jul-2014 |
henning |
introduce the IFXF_AUTOCONF6 interface flag which controls wether we accept rtadvs on that interface. the global net.inet6.ip6.accept_rtadv sysctl just doesn't cut it, even tho the spec wants that - but in their little absurd world, a host just has one interface by definition anyway... the sysctlgoes away. lots of head scratching, brain cell elemination etc from bluhm benno stsp florian, excitement from simon and todd, ok bluhm stsp benno florian
|
#
1.72 |
|
13-Jun-2014 |
chrisz |
Remove deprecated RFC2292 ancillary data convenience functions. They are obsoleted by the RFC3542 api.
ok mpi@
|
#
1.71 |
|
20-Apr-2014 |
naddy |
move in6_cksum_phdr from in6.h to ip6_output.c to mirror in_cksum_phdr ok henning@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.70 |
|
22-Jan-2014 |
naddy |
Split the checksum calculation for IPv6 like for IPv4: Always calculate the pseudo-header checksum. Complete the checksum if hardware offload is not available.
Parts originally from NetBSD; ok henning@
|
#
1.69 |
|
28-Oct-2013 |
deraadt |
kill kame version symbols and sysctl ports tree grep run by sthen
|
#
1.68 |
|
24-Oct-2013 |
mpi |
Remove the number of in6_var.h inclusions by moving some functions and global variables to in6.h.
ok deraadt@
|
#
1.67 |
|
24-Oct-2013 |
deraadt |
Significant namespace cleanup of netinet6 symbols.
One worrying bit is in icmp6.h where some htols() and htonl() are added, which may affect compatibility down the line. This component can be reverted if issues show up. Ports tree greps indicate no issue.
ok claudio mpi etc
|
#
1.66 |
|
21-Oct-2013 |
deraadt |
There are gasps of shock! Add a pmtu delay sysctl BUTTON for netinet6, making the code the same as netinet4 along the way. ok bluhm phessler
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.65 |
|
26-Jun-2013 |
henning |
put the cksum diff back, of course with the bug fixed where we could under some circumstances repair broken checksums on the way. ok ryan naddy mikeb . redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers.
|
#
1.64 |
|
28-Mar-2013 |
bluhm |
Convert the satosin, sintosa, ifatoia, satosin6, sin6tosa, ifatoia6 defines into static inline functions. This allows the compiler to check the source type before casting. liked by many; OK mpi@ haesbaert@
|
#
1.63 |
|
14-Mar-2013 |
mpi |
My lack of faith... These lines should stay, reported by ajacoutot@.
ok sthen@
|
#
1.62 |
|
14-Mar-2013 |
mpi |
tedu faith(4), suggested by todd@ some weeks ago after a submission by dhill.
ok krw@, mikeb@, tedu@ (implicit)
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.61 |
|
06-Nov-2012 |
henning |
backout csum diff for the moment, requested by theo
|
#
1.60 |
|
01-Nov-2012 |
henning |
redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers. ok camield sthen claudio, testing by many, thanks!
|
#
1.59 |
|
17-Sep-2012 |
yasuoka |
add IPV6_RECVDSTPORT socket option, which enables us to get original (= before divert) destination port of a UDP packet. The way to use this option is same as IP_RECVDSTPORT.
from UMEZAWA Takeshi tweaks from jmc; ok henning bluhm
|
#
1.58 |
|
15-Sep-2012 |
guenther |
Improve POSIX/SUS compliance of <netdb.h>, <sys/socket.h>, and <sys/un.h>.
Much ports testing of various versions by naddy@ and jasper@ ok matthew@, miller@
|
Revision tags: OPENBSD_5_2_BASE
|
#
1.57 |
|
10-Jul-2012 |
guenther |
Instead of <arpa/inet.h> pulling in <netinet/in.h>, just copy in the three things that it needed from there: INET_ADDRSTRLEN, INET6_ADDRSTRLEN, and struct in_addr. Add protecting #ifndefs to netinet6?/in6?.h for those.
ok deraadt@
|
#
1.56 |
|
26-Jun-2012 |
guenther |
Improve compliance for <arpa/inet.h> and <netinet/in.h> to define/declare all the symbols that POSIX says they must and fewer that they can't and, most importantly, to not require a specific ordering of headers.
ports testing by naddy@ ok millert@ deraadt@
|
Revision tags: OPENBSD_5_1_BASE
|
#
1.55 |
|
24-Nov-2011 |
sperreault |
rdomain support for IPv6 ok mikeb
|
#
1.54 |
|
13-Oct-2011 |
claudio |
Since the IPv6 madness is not enough introduce NAT64 -- which is actually "af-to" a generic IP version translator for pf(4). Not everything perfect yet but lets fix these things in the tree. Insane amount of work done by sperreault@, mikeb@ and reyk@. Looked over by mcbride@ henning@ and myself at eurobsdcon. OK mcbride@ and general put it in from deraadt@
|
Revision tags: OPENBSD_5_0_BASE
|
#
1.53 |
|
02-May-2011 |
mikeb |
recognize SO_RTABLE socket option at the SOL_SOCKET level; discussed with and ok claudio
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.52 |
|
23-Sep-2010 |
yasuoka |
add a new IP level socket option IP_PIPEX. This option is used for L2TP support by pipex. OK henning@, "Carry on" blambert@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.51 |
|
08-Jul-2010 |
jsg |
remove some unused netinet6 code ok stsp@ henning@ claudio@
|
#
1.50 |
|
07-May-2010 |
claudio |
Start cleaning up the mess called rtalloc*. Kill rtalloc2, make rtalloc1 accept flags for report and nocloning. Move the rtableid into struct route (with a minor twist for now) and make a few more codepathes rdomain aware. Appart from the pf.c and route.c bits the diff is mostly mechanical. More to come... OK michele, henning
|
#
1.49 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.48 |
|
05-Nov-2009 |
michele |
IPv6 support for divert sockets.
tested by phessler@ pyr@ ok claudio@ "go ahead" deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.47 |
|
25-Nov-2008 |
markus |
delay /etc/netstart until IPv6-DAD (dup-address-detection) is completed. ok fries, hshoexer, claudio
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.46 |
|
11-Jun-2008 |
mcbride |
From KAME, allow adjustable limits on NDP entries and discovered routes.
ok mpf naddy
|
#
1.45 |
|
09-Mar-2008 |
sobrado |
use the right capitalization for platform names
ok jsing@
|
Revision tags: OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.44 |
|
22-Jan-2007 |
miod |
Fix KAME cvsweb urls
|
#
1.43 |
|
09-Dec-2006 |
itojun |
switch IPv6 advanced API from RFC2292 to RFC3542 (2292 is superseded by 3542). the kernel still handles RFC2292 set/getsockopts, so that compiled binary has no trouble running. userland sees RFC3542 symbols only on header file so new code has to use RFC3542 API.
bump libc shlib minor for function additions.
tested on i386/amd64 by jmc, i386 by brad. checked by deraadt.
|
#
1.42 |
|
21-Nov-2006 |
itojun |
introduce sysctl net.inet6.ip6.multicast_mtudisc (for multicast routers). deraadt ok. manpage nit by jmc.
|
#
1.41 |
|
17-Nov-2006 |
itojun |
move comment to a line where it makes more sense
|
#
1.40 |
|
17-Nov-2006 |
itojun |
change semantics of ff01::/16 to interface local multicast (to sync up with more recent IPv6 spec)
ok from: deraadt mcbride
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.39 |
|
18-Jun-2006 |
pascoe |
Add support for equal-cost multipath IP.
To minimise path disruptions, this implements recommendations made in RFC2992 - the hash-threshold mechanism to select paths based on source/destination IP address pairs, and inserts multipath routes in the middle of the route table.
To enable multipath distribution, use: sysctl net.inet.ip.multipath=1 and/or: sysctl net.inet6.ip6.multipath=1
testing norby@ ok claudio@ henning@ hshoexer@
|
#
1.38 |
|
27-May-2006 |
claudio |
Do the same thing as for IPv4. Use a sysctl to enable/disable mfrowarding and additionaly make the code part of the MROUTING option. Put it in deraadt@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.37 |
|
13-Dec-2005 |
millert |
First step in include files overhaul. Use __FOO_VISIBLE (as defined in sys/cdefs.h) instead of _FOO_SOURCE. Also fix several namespace pollution issues, including the byte order defines. OK deraadt@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.36 |
|
21-Jun-2004 |
tholo |
First step towards more sane time handling in the kernel -- this changes things such that code that only need a second-resolution uptime or wall time, and used to get that from time.tv_secs or mono_time.tv_secs now get this from separate time_t globals time_second and time_uptime.
ok art@ niklas@ nordin@
|
Revision tags: SMP_SYNC_A
|
#
1.35 |
|
12-Jun-2004 |
itojun |
support IPV6_USE_MIN_MTU, to make BIND9 better. (sorry about the mess yesterday)
|
#
1.34 |
|
11-Jun-2004 |
deraadt |
back out tree breakage. Like, come on
|
#
1.33 |
|
11-Jun-2004 |
itojun |
support IPV6_USE_MIN_MTU, which is needed to run BIND9 well. from kame markus ok
|
Revision tags: OPENBSD_3_5_BASE SMP_SYNC_B
|
#
1.32 |
|
15-Feb-2004 |
markus |
switch to sysctl_int_arr(); ok itojun, henning, miod, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.31 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_A UBC_SYNC_B
|
#
1.30 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.29 |
|
07-Jun-2002 |
itojun |
mistake in sysctl table
|
#
1.28 |
|
07-Jun-2002 |
itojun |
just for consistency/compatibility, have net.inet6.ip6.v6only sysctl MIB, as well as set/getsockopt(IPV6_V6ONLY).
|
#
1.27 |
|
28-May-2002 |
itojun |
limit number of IPv6 fragments (not the fragment queue size) to fight against lots-of-frags DoS attacks. sync w/kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.26 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.25 |
|
07-Dec-2001 |
itojun |
branches: 1.25.2; whitespace/comment sync with kame
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.24 |
|
19-Sep-2001 |
itojun |
comment; sockopt # 57-59 are also reserved
|
#
1.23 |
|
22-Aug-2001 |
niklas |
Add IPCOMP setsockopt policy controls. While here fix the other policies too
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.22 |
|
30-Mar-2001 |
itojun |
fix constness of IN6_{IS,ARE}_xx macros to conform to RFC2553. sync with kame.
|
#
1.21 |
|
02-Mar-2001 |
itojun |
remove date string from KAME version identification, it is getting meaningless as we merge random items daily. have comment that refers to kame COVERAGE document. sync with kame
|
#
1.20 |
|
16-Feb-2001 |
itojun |
get rid of #ifdef IPV6FIREWALL (never used, will never be used)
|
#
1.19 |
|
16-Feb-2001 |
itojun |
pull in new pcb notification code from kame. better handling of scope address.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.18 |
|
17-Oct-2000 |
itojun |
use __P() in prototype for non-ansi compilers. From: Michael Shalayeff <mickey@lucifier.remote.dti.net>
|
#
1.17 |
|
27-Aug-2000 |
itojun |
move IPv6 IPsec sysctl # downward, to avoid number conflict in *BSD. angelos ok
|
#
1.16 |
|
16-Jul-2000 |
itojun |
don't pull sys/queue.h in. sync better with kame.
|
#
1.15 |
|
25-Jun-2000 |
aaron |
Fix typo; ds@ds.primasoft.bg
|
#
1.14 |
|
18-Jun-2000 |
itojun |
allow IPsec-related get/setsockopt on IPv6 socket. due to number conflict they must be IPV6_xx instead of IP_xx.
actually, since in_ctloutput() does not check address family of inpcb, getsockopt(IPPROTO_IP, IP_xx) may work - never tested this.
|
#
1.13 |
|
25-May-2000 |
itojun |
net.inet.ip.gif_ttl (and IPv6 counterpart) is never used. enforce type checking on IN6_ARE_ADDR_EQUAL.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.12 |
|
28-Feb-2000 |
itojun |
bring in recent KAME changes (only important and stable ones, as usual). - remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works just like "arp -s". - revise source address selection. be more careful about use of yet-to-be-valid addresses as source. - as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope packet forwarding attempt. - path MTU discovery takes care of routing header properly. - be more strict about mbuf chain parsing. - nuke xxCTL_VARS #define, they are for BSDI. - disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit IPv6 model where multiple address on interface is normal. (kernel side supports them for a while for backward compat, the support will be nuked shortly) - introduce "default outgoing interface" (for spec conformance in very rare case)
|
#
1.11 |
|
19-Feb-2000 |
deraadt |
use more modern types
|
Revision tags: SMP_BASE
|
#
1.10 |
|
09-Feb-2000 |
itojun |
branches: 1.10.2; improve RFC2553/2292 conformance. netinet6/{ip6,icmp6,in6}.h should not be included. neitnet6/{ip6,icmp6}.h includes #error statements only - i'll remove them couple of days later.
|
#
1.9 |
|
10-Dec-1999 |
angelos |
Add RCS tags, remove unused header files and code, remove a few unnecessary ifdefs...
|
Revision tags: kame_19991208
|
#
1.8 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
Revision tags: OPENBSD_2_5_BASE OPENBSD_2_6_BASE
|
#
1.7 |
|
24-Mar-1999 |
cmetz |
Replace 'in6a_words' (old NRL convention) with 's6_addr32' (new BSDI et al. convention that is more common and more specific as to the access size)
|
#
1.6 |
|
09-Mar-1999 |
cmetz |
Demangled the INET6 stuff so as not to require any extra options and not to be mutually exclusive with the IPSEC option.
|
#
1.5 |
|
24-Feb-1999 |
cmetz |
Synchronized changes needed to integrate into OpenBSD with the NRL source tree so we can have a unified netinet6 directory.
|
#
1.4 |
|
11-Jan-1999 |
deraadt |
_KERNEL, and other cleanup
|
#
1.3 |
|
10-Jan-1999 |
deraadt |
merge INPROTO_* tables
|
#
1.2 |
|
08-Jan-1999 |
deraadt |
use _KERNEL, add ipv6intrq decl
|
#
1.1 |
|
07-Jan-1999 |
deraadt |
missed file
|
#
1.114 |
|
07-Feb-2024 |
bluhm |
Use the route generation number also for IPv6.
Implement route6_cache() to check whether the cached route is still valid and otherwise fill caching parameter of struct route_in6. Also count cache hits and misses in netstat. in_pcbrtentry() uses route cache now.
OK claudio@
|
#
1.113 |
|
31-Jan-2024 |
bluhm |
Add route generation number to route cache.
The outgoing route is cached at the inpcb. This cache was only invalidated when the socket closes or if the route gets invalid. More specific routes were not detected. Especially with dynamic routing protocols, sockets must be closed and reopened to use the correct route. Running ping during a route change shows the problem.
To solve this, add a route generation number that is updated whenever the routing table changes. The lookup in struct route is put into the route_cache() function. If the generation number is too old, the cached route gets discarded.
Implement route_cache() for ip_output() and ip_forward() first. IPv6 and more places will follow.
OK claudio@
|
#
1.112 |
|
27-Jan-2024 |
bluhm |
Declare address parameter in TCP SYN cache const.
tcp6_ctlinput() casted a constant sockaddr_sin6 to non-const sockaddr. sa6_src may be &sa6_any which lives in read-only data section. Better pass down the const addresses to syn_cache_lookup(). They are needed for hash lookup and are not modified.
OK mvs@
|
#
1.111 |
|
28-Nov-2023 |
bluhm |
Remove struct inpcb from in6_embedscope() parameters.
rip6_output() did modify inp_outputopts6 temporarily to provide different ip6_pktopts to in6_embedscope(). Better pass inp_outputopts6 and inp_moptions6 as separate arguments to in6_embedscope(). Simplify the code that deals with these options in in6_embedscope(). Doucument inp_moptions and inp_moptions6 as protected by net lock.
OK kn@
|
#
1.110 |
|
10-Nov-2023 |
bluhm |
rtable_match() takes constant destination.
For implementing MP safe route lookup, it helps to know which function parameters are constant. Add some const declarations, so that the compiler guarantees that sockaddr dst parameter of rtable_match() does not change.
OK dlg@
|
Revision tags: OPENBSD_7_0_BASE OPENBSD_7_1_BASE OPENBSD_7_2_BASE OPENBSD_7_3_BASE OPENBSD_7_4_BASE
|
#
1.109 |
|
02-Jun-2021 |
dlg |
factor out the code that does sanity checks on ipv6 headers and addresses.
this will allow these checks to be reused for ip packet inspection in bridge, veb, and tpmr.
ok bluhm@ sashan@
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.108 |
|
10-Mar-2021 |
jsg |
spelling
ok gnezdo@ semarie@ mpi@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.107 |
|
24-Aug-2020 |
gnezdo |
Convert ip6_sysctl to sysctl_bounded_args
Tighter limits and OK by sashan
|
#
1.106 |
|
24-Jun-2020 |
cheloha |
kernel: use gettime(9)/getuptime(9) in lieu of time_second(9)/time_uptime(9)
time_second(9) and time_uptime(9) are widely used in the kernel to quickly get the system UTC or system uptime as a time_t. However, time_t is 64-bit everywhere, so it is not generally safe to use them on 32-bit platforms: you have a split-read problem if your hardware cannot perform atomic 64-bit reads.
This patch replaces time_second(9) with gettime(9), a safer successor interface, throughout the kernel. Similarly, time_uptime(9) is replaced with getuptime(9).
There is a performance cost on 32-bit platforms in exchange for eliminating the split-read problem: instead of two register reads you now have a lockless read loop to pull the values from the timehands. This is really not *too* bad in the grand scheme of things, but compared to what we were doing before it is several times slower.
There is no performance cost on 64-bit (__LP64__) platforms.
With input from visa@, dlg@, and tedu@.
Several bugs squashed by visa@.
ok kettenis@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.105 |
|
11-Nov-2019 |
bluhm |
Kernel is missing propper input validation when configuring IPv6 addresses. Implement in6_sa2sin6() to validate inet6 address family and address length. The SIOCGIFDSTADDR_IN6, SIOCGIFNETMASK_IN6, SIOCGIFAFLAG_IN6, SIOCGIFALIFETIME_IN6, and SIOCDIFADDR_IN6 ioctl(2) are safe now. OK visa@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.104 |
|
22-Apr-2019 |
bluhm |
In in_cksum() and in6_cksum() convert types to C99 style and make both functions consistent. In in_cksum() panic if len is longer than mbuf, but in in6_cksum() do not panic if off and len match exactly to the end of mbuf. OK claudio@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.103 |
|
11-Sep-2018 |
bluhm |
Convert inetctlerrmap to u_char like inet6ctlerrmap. That is also what FreeBSD does. Remove old #if 0 version of inet6ctlerrmap. OK mpi@
|
#
1.102 |
|
07-Jun-2018 |
bluhm |
The global zero addresses must not change, mark them constant. OK tb@ visa@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.101 |
|
10-Feb-2018 |
florian |
Implement RFC 7217: "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration."
"An IPv6 address configured using this method is stable within each subnet, but the corresponding Interface Identifier changes when the host moves from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware addresses."
OK naddy, sthen
|
#
1.100 |
|
20-Nov-2017 |
mpi |
Sprinkle some NET_ASSERT_LOCKED(), const and co to prepare running pr_input handlers without KERNEL_LOCK().
ok visa@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.99 |
|
01-Sep-2017 |
florian |
Use in6_get_rand_ifid() instead of get_last_resort_ifid() and delete the get_last_resort_ifid() function because eww. Also if your system is so constraint that you end up in in6_get_rand_ifid() you don't deserve a random ifid that stays stable over reboots. Simplify code a bit since get_ifid() can no longer fail. It couldn't fail before either because that code path was #if 0'ed. While here sprinkle in some in6_ prefixes, pointed out by stsp. OK stsp
|
#
1.98 |
|
11-Aug-2017 |
bluhm |
Validate sockaddr from userland in central functions. This results in common checks for unix, inet, inet6 instead of partial checks here and there. Some checks are already done at a higher layer, but better be paranoid with user input. OK claudio@ millert@
|
#
1.97 |
|
13-Jul-2017 |
florian |
Get rid of ip6.maxifprefixes and ip6.maxifdefrouters, the kernel no longer tracks prefixes or default routers from router advertisements. Pointed out by jmc. ports tree grepping sthen, who only found nsh OK mpi, sthen
|
#
1.96 |
|
30-May-2017 |
mpi |
Keep ipv6_input() definition inside _KERNEL.
Unbreak userland, found the hardway by deraadt@
|
#
1.95 |
|
30-May-2017 |
mpi |
Introduce ipv{4,6}_input(), two wrappers around IP queues.
This will help transitionning to an un-KERNEL_LOCK()ed IP forwarding path.
Disucssed with bluhm@, ok claudio@
|
#
1.94 |
|
04-May-2017 |
bluhm |
Introduce sstosa() for converting sockaddr_storage with a type safe inline function instead of casting it to sockaddr. While there, use inline instead of __inline for all these conversions. Some struct sockaddr casts can be avoided completely. OK dhill@ mpi@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.93 |
|
22-Feb-2017 |
renato |
Fix comments about a few ipv6 sockoptions
OK millert@ florian@
|
#
1.92 |
|
22-Dec-2016 |
rzalamena |
Remove PIM support from the multicast stack.
ok mpi@
|
#
1.91 |
|
03-Oct-2016 |
mpi |
Convert some of the remaining usages of time_second to time_uptime.
time_second is unix time so it can be affected by clock changes. time_uptime is monotonic so it isnt affected by clock changes. that in turn means route expiries wont jump with clock changes if set against time_uptime.
the expiry is translated into unix time for export to userland though.
Should fix mismatch between route timers that were already converted and ND default routers that were still using time_second.
Tested by matthieu@ and sthen@
ok sthen@, dlg@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.90 |
|
27-Jun-2016 |
jca |
Implement IPV6_MINHOPCOUNT support.
Useful to implement GTSM support in daemons such as bgpd(8). Diff from 2013 revived by renato@. Input from bluhm@, ok bluhm@ deraadt@
|
#
1.89 |
|
01-Jun-2016 |
jca |
Kill sysctl net.inet6.ip6.rr_prune
We don't support Router Renumbering and there are no plans to change that. ok mpi@
|
#
1.88 |
|
19-May-2016 |
jca |
Remove sysctl net.inet6.ip6.v6only
This sysctl is a no-op, read-only since it was introduced. There are no plans to support IPv4-mapped addresses on OpenBSD, thus this sysctl is meaningless.
Noticed by djm@, ok claudio@ mpi@ sthen@ henning@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.87 |
|
03-Dec-2015 |
tedu |
rm unused kernel only IPV6_RECVRTHDRDSTOPTS sockopt. ok deraadt sthen
|
#
1.86 |
|
29-Oct-2015 |
tedu |
RFC 2292 API support was removed 9 years ago, but left in a binary compat ABI form for the sake of existing programs. no programs from that era have been able to run for quite some time. Kill it all. ok deraadt florian millert mpi (I believe this is my first IPv6 diff. Future, here I come!)
|
#
1.85 |
|
11-Sep-2015 |
claudio |
in6_embedscope() needs to lose some weight. Remove the last argument. In all but two calls NULL is passed and in the other 2 cases the ifp is only used to maybe feed it to in6_selecthlim() to select the hoplimit for the link. Since in6_embedscope() only works on link-local addresses it does not matter what hop limit we select since the destination is directly reachable. OK florian@ mpi@
|
#
1.84 |
|
10-Sep-2015 |
claudio |
It is time to put inet6 on a diet. Use the flensing knife and cut out the 3rd argument of in6_recoverscope() and make it return void. OK dlg@ mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.83 |
|
08-Jun-2015 |
krw |
More damned eye searing whitespace. No change to .o files.
|
#
1.82 |
|
14-Apr-2015 |
mikeb |
ip6_sprintf is long gone; noticed by blambert
|
#
1.81 |
|
10-Apr-2015 |
dlg |
replace the use of ifqueues for most input queues serviced by netisr with niqueues.
this change is so big because there's a lot of code that takes pointers to different input queues (eg, ether_input picks between ipv4, ipv6, pppoe, arp, and mpls input queues) and falls through to code to enqueue packets against the pointer. if i changed only one of the input queues id have to add sepearate code paths, one for ifqueues and one for niqueues in each of these places
by flipping all these input queues at once i can keep the currently common code common.
testing by mpi@ sthen@ and rafael zalamena ok mpi@ sthen@ claudio@ henning@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.80 |
|
09-Feb-2015 |
claudio |
Implement 2 sysctl to retrieve the multicast forwarding cache (mf6c) and the multicast interface table (mif6). Will be used by netstat soon. Looked over by guenther@
|
#
1.79 |
|
09-Feb-2015 |
dlg |
provide a net.inet6.ip6.ifq sysctl so people can see and fiddle with the ip6intrq.
ok claudio@
|
#
1.78 |
|
10-Jan-2015 |
mpi |
Correct some comments and merge in6_if_up() into in6_ifattach() to reflect that IPv6 link-local addresses are no longer automagically configured the first time an interface is brought up.
ok henning@, stsp@
|
#
1.77 |
|
05-Dec-2014 |
mpi |
Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.
ok mikeb@, krw@, bluhm@, tedu@
|
#
1.76 |
|
20-Nov-2014 |
mpi |
What have no need for a variable that holds the maximum MTU size of interfaces with an IPv6 address.
ok henning@, mikeb@, deraadt@
|
#
1.75 |
|
31-Aug-2014 |
bluhm |
Make the in6addr constant declarations and definitions consistent in kernel and user land. OK florian@ mpi@
|
#
1.74 |
|
26-Aug-2014 |
florian |
Do not hand-roll all routers link local address. pointed out & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.73 |
|
11-Jul-2014 |
henning |
introduce the IFXF_AUTOCONF6 interface flag which controls wether we accept rtadvs on that interface. the global net.inet6.ip6.accept_rtadv sysctl just doesn't cut it, even tho the spec wants that - but in their little absurd world, a host just has one interface by definition anyway... the sysctlgoes away. lots of head scratching, brain cell elemination etc from bluhm benno stsp florian, excitement from simon and todd, ok bluhm stsp benno florian
|
#
1.72 |
|
13-Jun-2014 |
chrisz |
Remove deprecated RFC2292 ancillary data convenience functions. They are obsoleted by the RFC3542 api.
ok mpi@
|
#
1.71 |
|
20-Apr-2014 |
naddy |
move in6_cksum_phdr from in6.h to ip6_output.c to mirror in_cksum_phdr ok henning@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.70 |
|
22-Jan-2014 |
naddy |
Split the checksum calculation for IPv6 like for IPv4: Always calculate the pseudo-header checksum. Complete the checksum if hardware offload is not available.
Parts originally from NetBSD; ok henning@
|
#
1.69 |
|
28-Oct-2013 |
deraadt |
kill kame version symbols and sysctl ports tree grep run by sthen
|
#
1.68 |
|
24-Oct-2013 |
mpi |
Remove the number of in6_var.h inclusions by moving some functions and global variables to in6.h.
ok deraadt@
|
#
1.67 |
|
24-Oct-2013 |
deraadt |
Significant namespace cleanup of netinet6 symbols.
One worrying bit is in icmp6.h where some htols() and htonl() are added, which may affect compatibility down the line. This component can be reverted if issues show up. Ports tree greps indicate no issue.
ok claudio mpi etc
|
#
1.66 |
|
21-Oct-2013 |
deraadt |
There are gasps of shock! Add a pmtu delay sysctl BUTTON for netinet6, making the code the same as netinet4 along the way. ok bluhm phessler
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.65 |
|
26-Jun-2013 |
henning |
put the cksum diff back, of course with the bug fixed where we could under some circumstances repair broken checksums on the way. ok ryan naddy mikeb . redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers.
|
#
1.64 |
|
28-Mar-2013 |
bluhm |
Convert the satosin, sintosa, ifatoia, satosin6, sin6tosa, ifatoia6 defines into static inline functions. This allows the compiler to check the source type before casting. liked by many; OK mpi@ haesbaert@
|
#
1.63 |
|
14-Mar-2013 |
mpi |
My lack of faith... These lines should stay, reported by ajacoutot@.
ok sthen@
|
#
1.62 |
|
14-Mar-2013 |
mpi |
tedu faith(4), suggested by todd@ some weeks ago after a submission by dhill.
ok krw@, mikeb@, tedu@ (implicit)
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.61 |
|
06-Nov-2012 |
henning |
backout csum diff for the moment, requested by theo
|
#
1.60 |
|
01-Nov-2012 |
henning |
redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers. ok camield sthen claudio, testing by many, thanks!
|
#
1.59 |
|
17-Sep-2012 |
yasuoka |
add IPV6_RECVDSTPORT socket option, which enables us to get original (= before divert) destination port of a UDP packet. The way to use this option is same as IP_RECVDSTPORT.
from UMEZAWA Takeshi tweaks from jmc; ok henning bluhm
|
#
1.58 |
|
15-Sep-2012 |
guenther |
Improve POSIX/SUS compliance of <netdb.h>, <sys/socket.h>, and <sys/un.h>.
Much ports testing of various versions by naddy@ and jasper@ ok matthew@, miller@
|
Revision tags: OPENBSD_5_2_BASE
|
#
1.57 |
|
10-Jul-2012 |
guenther |
Instead of <arpa/inet.h> pulling in <netinet/in.h>, just copy in the three things that it needed from there: INET_ADDRSTRLEN, INET6_ADDRSTRLEN, and struct in_addr. Add protecting #ifndefs to netinet6?/in6?.h for those.
ok deraadt@
|
#
1.56 |
|
26-Jun-2012 |
guenther |
Improve compliance for <arpa/inet.h> and <netinet/in.h> to define/declare all the symbols that POSIX says they must and fewer that they can't and, most importantly, to not require a specific ordering of headers.
ports testing by naddy@ ok millert@ deraadt@
|
Revision tags: OPENBSD_5_1_BASE
|
#
1.55 |
|
24-Nov-2011 |
sperreault |
rdomain support for IPv6 ok mikeb
|
#
1.54 |
|
13-Oct-2011 |
claudio |
Since the IPv6 madness is not enough introduce NAT64 -- which is actually "af-to" a generic IP version translator for pf(4). Not everything perfect yet but lets fix these things in the tree. Insane amount of work done by sperreault@, mikeb@ and reyk@. Looked over by mcbride@ henning@ and myself at eurobsdcon. OK mcbride@ and general put it in from deraadt@
|
Revision tags: OPENBSD_5_0_BASE
|
#
1.53 |
|
02-May-2011 |
mikeb |
recognize SO_RTABLE socket option at the SOL_SOCKET level; discussed with and ok claudio
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.52 |
|
23-Sep-2010 |
yasuoka |
add a new IP level socket option IP_PIPEX. This option is used for L2TP support by pipex. OK henning@, "Carry on" blambert@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.51 |
|
08-Jul-2010 |
jsg |
remove some unused netinet6 code ok stsp@ henning@ claudio@
|
#
1.50 |
|
07-May-2010 |
claudio |
Start cleaning up the mess called rtalloc*. Kill rtalloc2, make rtalloc1 accept flags for report and nocloning. Move the rtableid into struct route (with a minor twist for now) and make a few more codepathes rdomain aware. Appart from the pf.c and route.c bits the diff is mostly mechanical. More to come... OK michele, henning
|
#
1.49 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.48 |
|
05-Nov-2009 |
michele |
IPv6 support for divert sockets.
tested by phessler@ pyr@ ok claudio@ "go ahead" deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.47 |
|
25-Nov-2008 |
markus |
delay /etc/netstart until IPv6-DAD (dup-address-detection) is completed. ok fries, hshoexer, claudio
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.46 |
|
11-Jun-2008 |
mcbride |
From KAME, allow adjustable limits on NDP entries and discovered routes.
ok mpf naddy
|
#
1.45 |
|
09-Mar-2008 |
sobrado |
use the right capitalization for platform names
ok jsing@
|
Revision tags: OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.44 |
|
22-Jan-2007 |
miod |
Fix KAME cvsweb urls
|
#
1.43 |
|
09-Dec-2006 |
itojun |
switch IPv6 advanced API from RFC2292 to RFC3542 (2292 is superseded by 3542). the kernel still handles RFC2292 set/getsockopts, so that compiled binary has no trouble running. userland sees RFC3542 symbols only on header file so new code has to use RFC3542 API.
bump libc shlib minor for function additions.
tested on i386/amd64 by jmc, i386 by brad. checked by deraadt.
|
#
1.42 |
|
21-Nov-2006 |
itojun |
introduce sysctl net.inet6.ip6.multicast_mtudisc (for multicast routers). deraadt ok. manpage nit by jmc.
|
#
1.41 |
|
17-Nov-2006 |
itojun |
move comment to a line where it makes more sense
|
#
1.40 |
|
17-Nov-2006 |
itojun |
change semantics of ff01::/16 to interface local multicast (to sync up with more recent IPv6 spec)
ok from: deraadt mcbride
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.39 |
|
18-Jun-2006 |
pascoe |
Add support for equal-cost multipath IP.
To minimise path disruptions, this implements recommendations made in RFC2992 - the hash-threshold mechanism to select paths based on source/destination IP address pairs, and inserts multipath routes in the middle of the route table.
To enable multipath distribution, use: sysctl net.inet.ip.multipath=1 and/or: sysctl net.inet6.ip6.multipath=1
testing norby@ ok claudio@ henning@ hshoexer@
|
#
1.38 |
|
27-May-2006 |
claudio |
Do the same thing as for IPv4. Use a sysctl to enable/disable mfrowarding and additionaly make the code part of the MROUTING option. Put it in deraadt@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.37 |
|
13-Dec-2005 |
millert |
First step in include files overhaul. Use __FOO_VISIBLE (as defined in sys/cdefs.h) instead of _FOO_SOURCE. Also fix several namespace pollution issues, including the byte order defines. OK deraadt@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.36 |
|
21-Jun-2004 |
tholo |
First step towards more sane time handling in the kernel -- this changes things such that code that only need a second-resolution uptime or wall time, and used to get that from time.tv_secs or mono_time.tv_secs now get this from separate time_t globals time_second and time_uptime.
ok art@ niklas@ nordin@
|
Revision tags: SMP_SYNC_A
|
#
1.35 |
|
12-Jun-2004 |
itojun |
support IPV6_USE_MIN_MTU, to make BIND9 better. (sorry about the mess yesterday)
|
#
1.34 |
|
11-Jun-2004 |
deraadt |
back out tree breakage. Like, come on
|
#
1.33 |
|
11-Jun-2004 |
itojun |
support IPV6_USE_MIN_MTU, which is needed to run BIND9 well. from kame markus ok
|
Revision tags: OPENBSD_3_5_BASE SMP_SYNC_B
|
#
1.32 |
|
15-Feb-2004 |
markus |
switch to sysctl_int_arr(); ok itojun, henning, miod, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.31 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_A UBC_SYNC_B
|
#
1.30 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.29 |
|
07-Jun-2002 |
itojun |
mistake in sysctl table
|
#
1.28 |
|
07-Jun-2002 |
itojun |
just for consistency/compatibility, have net.inet6.ip6.v6only sysctl MIB, as well as set/getsockopt(IPV6_V6ONLY).
|
#
1.27 |
|
28-May-2002 |
itojun |
limit number of IPv6 fragments (not the fragment queue size) to fight against lots-of-frags DoS attacks. sync w/kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.26 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.25 |
|
07-Dec-2001 |
itojun |
branches: 1.25.2; whitespace/comment sync with kame
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.24 |
|
19-Sep-2001 |
itojun |
comment; sockopt # 57-59 are also reserved
|
#
1.23 |
|
22-Aug-2001 |
niklas |
Add IPCOMP setsockopt policy controls. While here fix the other policies too
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.22 |
|
30-Mar-2001 |
itojun |
fix constness of IN6_{IS,ARE}_xx macros to conform to RFC2553. sync with kame.
|
#
1.21 |
|
02-Mar-2001 |
itojun |
remove date string from KAME version identification, it is getting meaningless as we merge random items daily. have comment that refers to kame COVERAGE document. sync with kame
|
#
1.20 |
|
16-Feb-2001 |
itojun |
get rid of #ifdef IPV6FIREWALL (never used, will never be used)
|
#
1.19 |
|
16-Feb-2001 |
itojun |
pull in new pcb notification code from kame. better handling of scope address.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.18 |
|
17-Oct-2000 |
itojun |
use __P() in prototype for non-ansi compilers. From: Michael Shalayeff <mickey@lucifier.remote.dti.net>
|
#
1.17 |
|
27-Aug-2000 |
itojun |
move IPv6 IPsec sysctl # downward, to avoid number conflict in *BSD. angelos ok
|
#
1.16 |
|
16-Jul-2000 |
itojun |
don't pull sys/queue.h in. sync better with kame.
|
#
1.15 |
|
25-Jun-2000 |
aaron |
Fix typo; ds@ds.primasoft.bg
|
#
1.14 |
|
18-Jun-2000 |
itojun |
allow IPsec-related get/setsockopt on IPv6 socket. due to number conflict they must be IPV6_xx instead of IP_xx.
actually, since in_ctloutput() does not check address family of inpcb, getsockopt(IPPROTO_IP, IP_xx) may work - never tested this.
|
#
1.13 |
|
25-May-2000 |
itojun |
net.inet.ip.gif_ttl (and IPv6 counterpart) is never used. enforce type checking on IN6_ARE_ADDR_EQUAL.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.12 |
|
28-Feb-2000 |
itojun |
bring in recent KAME changes (only important and stable ones, as usual). - remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works just like "arp -s". - revise source address selection. be more careful about use of yet-to-be-valid addresses as source. - as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope packet forwarding attempt. - path MTU discovery takes care of routing header properly. - be more strict about mbuf chain parsing. - nuke xxCTL_VARS #define, they are for BSDI. - disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit IPv6 model where multiple address on interface is normal. (kernel side supports them for a while for backward compat, the support will be nuked shortly) - introduce "default outgoing interface" (for spec conformance in very rare case)
|
#
1.11 |
|
19-Feb-2000 |
deraadt |
use more modern types
|
Revision tags: SMP_BASE
|
#
1.10 |
|
09-Feb-2000 |
itojun |
branches: 1.10.2; improve RFC2553/2292 conformance. netinet6/{ip6,icmp6,in6}.h should not be included. neitnet6/{ip6,icmp6}.h includes #error statements only - i'll remove them couple of days later.
|
#
1.9 |
|
10-Dec-1999 |
angelos |
Add RCS tags, remove unused header files and code, remove a few unnecessary ifdefs...
|
Revision tags: kame_19991208
|
#
1.8 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
Revision tags: OPENBSD_2_5_BASE OPENBSD_2_6_BASE
|
#
1.7 |
|
24-Mar-1999 |
cmetz |
Replace 'in6a_words' (old NRL convention) with 's6_addr32' (new BSDI et al. convention that is more common and more specific as to the access size)
|
#
1.6 |
|
09-Mar-1999 |
cmetz |
Demangled the INET6 stuff so as not to require any extra options and not to be mutually exclusive with the IPSEC option.
|
#
1.5 |
|
24-Feb-1999 |
cmetz |
Synchronized changes needed to integrate into OpenBSD with the NRL source tree so we can have a unified netinet6 directory.
|
#
1.4 |
|
11-Jan-1999 |
deraadt |
_KERNEL, and other cleanup
|
#
1.3 |
|
10-Jan-1999 |
deraadt |
merge INPROTO_* tables
|
#
1.2 |
|
08-Jan-1999 |
deraadt |
use _KERNEL, add ipv6intrq decl
|
#
1.1 |
|
07-Jan-1999 |
deraadt |
missed file
|
#
1.113 |
|
31-Jan-2024 |
bluhm |
Add route generation number to route cache.
The outgoing route is cached at the inpcb. This cache was only invalidated when the socket closes or if the route gets invalid. More specific routes were not detected. Especially with dynamic routing protocols, sockets must be closed and reopened to use the correct route. Running ping during a route change shows the problem.
To solve this, add a route generation number that is updated whenever the routing table changes. The lookup in struct route is put into the route_cache() function. If the generation number is too old, the cached route gets discarded.
Implement route_cache() for ip_output() and ip_forward() first. IPv6 and more places will follow.
OK claudio@
|
#
1.112 |
|
27-Jan-2024 |
bluhm |
Declare address parameter in TCP SYN cache const.
tcp6_ctlinput() casted a constant sockaddr_sin6 to non-const sockaddr. sa6_src may be &sa6_any which lives in read-only data section. Better pass down the const addresses to syn_cache_lookup(). They are needed for hash lookup and are not modified.
OK mvs@
|
#
1.111 |
|
28-Nov-2023 |
bluhm |
Remove struct inpcb from in6_embedscope() parameters.
rip6_output() did modify inp_outputopts6 temporarily to provide different ip6_pktopts to in6_embedscope(). Better pass inp_outputopts6 and inp_moptions6 as separate arguments to in6_embedscope(). Simplify the code that deals with these options in in6_embedscope(). Doucument inp_moptions and inp_moptions6 as protected by net lock.
OK kn@
|
#
1.110 |
|
10-Nov-2023 |
bluhm |
rtable_match() takes constant destination.
For implementing MP safe route lookup, it helps to know which function parameters are constant. Add some const declarations, so that the compiler guarantees that sockaddr dst parameter of rtable_match() does not change.
OK dlg@
|
Revision tags: OPENBSD_7_0_BASE OPENBSD_7_1_BASE OPENBSD_7_2_BASE OPENBSD_7_3_BASE OPENBSD_7_4_BASE
|
#
1.109 |
|
02-Jun-2021 |
dlg |
factor out the code that does sanity checks on ipv6 headers and addresses.
this will allow these checks to be reused for ip packet inspection in bridge, veb, and tpmr.
ok bluhm@ sashan@
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.108 |
|
10-Mar-2021 |
jsg |
spelling
ok gnezdo@ semarie@ mpi@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.107 |
|
24-Aug-2020 |
gnezdo |
Convert ip6_sysctl to sysctl_bounded_args
Tighter limits and OK by sashan
|
#
1.106 |
|
24-Jun-2020 |
cheloha |
kernel: use gettime(9)/getuptime(9) in lieu of time_second(9)/time_uptime(9)
time_second(9) and time_uptime(9) are widely used in the kernel to quickly get the system UTC or system uptime as a time_t. However, time_t is 64-bit everywhere, so it is not generally safe to use them on 32-bit platforms: you have a split-read problem if your hardware cannot perform atomic 64-bit reads.
This patch replaces time_second(9) with gettime(9), a safer successor interface, throughout the kernel. Similarly, time_uptime(9) is replaced with getuptime(9).
There is a performance cost on 32-bit platforms in exchange for eliminating the split-read problem: instead of two register reads you now have a lockless read loop to pull the values from the timehands. This is really not *too* bad in the grand scheme of things, but compared to what we were doing before it is several times slower.
There is no performance cost on 64-bit (__LP64__) platforms.
With input from visa@, dlg@, and tedu@.
Several bugs squashed by visa@.
ok kettenis@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.105 |
|
11-Nov-2019 |
bluhm |
Kernel is missing propper input validation when configuring IPv6 addresses. Implement in6_sa2sin6() to validate inet6 address family and address length. The SIOCGIFDSTADDR_IN6, SIOCGIFNETMASK_IN6, SIOCGIFAFLAG_IN6, SIOCGIFALIFETIME_IN6, and SIOCDIFADDR_IN6 ioctl(2) are safe now. OK visa@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.104 |
|
22-Apr-2019 |
bluhm |
In in_cksum() and in6_cksum() convert types to C99 style and make both functions consistent. In in_cksum() panic if len is longer than mbuf, but in in6_cksum() do not panic if off and len match exactly to the end of mbuf. OK claudio@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.103 |
|
11-Sep-2018 |
bluhm |
Convert inetctlerrmap to u_char like inet6ctlerrmap. That is also what FreeBSD does. Remove old #if 0 version of inet6ctlerrmap. OK mpi@
|
#
1.102 |
|
07-Jun-2018 |
bluhm |
The global zero addresses must not change, mark them constant. OK tb@ visa@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.101 |
|
10-Feb-2018 |
florian |
Implement RFC 7217: "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration."
"An IPv6 address configured using this method is stable within each subnet, but the corresponding Interface Identifier changes when the host moves from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware addresses."
OK naddy, sthen
|
#
1.100 |
|
20-Nov-2017 |
mpi |
Sprinkle some NET_ASSERT_LOCKED(), const and co to prepare running pr_input handlers without KERNEL_LOCK().
ok visa@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.99 |
|
01-Sep-2017 |
florian |
Use in6_get_rand_ifid() instead of get_last_resort_ifid() and delete the get_last_resort_ifid() function because eww. Also if your system is so constraint that you end up in in6_get_rand_ifid() you don't deserve a random ifid that stays stable over reboots. Simplify code a bit since get_ifid() can no longer fail. It couldn't fail before either because that code path was #if 0'ed. While here sprinkle in some in6_ prefixes, pointed out by stsp. OK stsp
|
#
1.98 |
|
11-Aug-2017 |
bluhm |
Validate sockaddr from userland in central functions. This results in common checks for unix, inet, inet6 instead of partial checks here and there. Some checks are already done at a higher layer, but better be paranoid with user input. OK claudio@ millert@
|
#
1.97 |
|
13-Jul-2017 |
florian |
Get rid of ip6.maxifprefixes and ip6.maxifdefrouters, the kernel no longer tracks prefixes or default routers from router advertisements. Pointed out by jmc. ports tree grepping sthen, who only found nsh OK mpi, sthen
|
#
1.96 |
|
30-May-2017 |
mpi |
Keep ipv6_input() definition inside _KERNEL.
Unbreak userland, found the hardway by deraadt@
|
#
1.95 |
|
30-May-2017 |
mpi |
Introduce ipv{4,6}_input(), two wrappers around IP queues.
This will help transitionning to an un-KERNEL_LOCK()ed IP forwarding path.
Disucssed with bluhm@, ok claudio@
|
#
1.94 |
|
04-May-2017 |
bluhm |
Introduce sstosa() for converting sockaddr_storage with a type safe inline function instead of casting it to sockaddr. While there, use inline instead of __inline for all these conversions. Some struct sockaddr casts can be avoided completely. OK dhill@ mpi@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.93 |
|
22-Feb-2017 |
renato |
Fix comments about a few ipv6 sockoptions
OK millert@ florian@
|
#
1.92 |
|
22-Dec-2016 |
rzalamena |
Remove PIM support from the multicast stack.
ok mpi@
|
#
1.91 |
|
03-Oct-2016 |
mpi |
Convert some of the remaining usages of time_second to time_uptime.
time_second is unix time so it can be affected by clock changes. time_uptime is monotonic so it isnt affected by clock changes. that in turn means route expiries wont jump with clock changes if set against time_uptime.
the expiry is translated into unix time for export to userland though.
Should fix mismatch between route timers that were already converted and ND default routers that were still using time_second.
Tested by matthieu@ and sthen@
ok sthen@, dlg@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.90 |
|
27-Jun-2016 |
jca |
Implement IPV6_MINHOPCOUNT support.
Useful to implement GTSM support in daemons such as bgpd(8). Diff from 2013 revived by renato@. Input from bluhm@, ok bluhm@ deraadt@
|
#
1.89 |
|
01-Jun-2016 |
jca |
Kill sysctl net.inet6.ip6.rr_prune
We don't support Router Renumbering and there are no plans to change that. ok mpi@
|
#
1.88 |
|
19-May-2016 |
jca |
Remove sysctl net.inet6.ip6.v6only
This sysctl is a no-op, read-only since it was introduced. There are no plans to support IPv4-mapped addresses on OpenBSD, thus this sysctl is meaningless.
Noticed by djm@, ok claudio@ mpi@ sthen@ henning@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.87 |
|
03-Dec-2015 |
tedu |
rm unused kernel only IPV6_RECVRTHDRDSTOPTS sockopt. ok deraadt sthen
|
#
1.86 |
|
29-Oct-2015 |
tedu |
RFC 2292 API support was removed 9 years ago, but left in a binary compat ABI form for the sake of existing programs. no programs from that era have been able to run for quite some time. Kill it all. ok deraadt florian millert mpi (I believe this is my first IPv6 diff. Future, here I come!)
|
#
1.85 |
|
11-Sep-2015 |
claudio |
in6_embedscope() needs to lose some weight. Remove the last argument. In all but two calls NULL is passed and in the other 2 cases the ifp is only used to maybe feed it to in6_selecthlim() to select the hoplimit for the link. Since in6_embedscope() only works on link-local addresses it does not matter what hop limit we select since the destination is directly reachable. OK florian@ mpi@
|
#
1.84 |
|
10-Sep-2015 |
claudio |
It is time to put inet6 on a diet. Use the flensing knife and cut out the 3rd argument of in6_recoverscope() and make it return void. OK dlg@ mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.83 |
|
08-Jun-2015 |
krw |
More damned eye searing whitespace. No change to .o files.
|
#
1.82 |
|
14-Apr-2015 |
mikeb |
ip6_sprintf is long gone; noticed by blambert
|
#
1.81 |
|
10-Apr-2015 |
dlg |
replace the use of ifqueues for most input queues serviced by netisr with niqueues.
this change is so big because there's a lot of code that takes pointers to different input queues (eg, ether_input picks between ipv4, ipv6, pppoe, arp, and mpls input queues) and falls through to code to enqueue packets against the pointer. if i changed only one of the input queues id have to add sepearate code paths, one for ifqueues and one for niqueues in each of these places
by flipping all these input queues at once i can keep the currently common code common.
testing by mpi@ sthen@ and rafael zalamena ok mpi@ sthen@ claudio@ henning@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.80 |
|
09-Feb-2015 |
claudio |
Implement 2 sysctl to retrieve the multicast forwarding cache (mf6c) and the multicast interface table (mif6). Will be used by netstat soon. Looked over by guenther@
|
#
1.79 |
|
09-Feb-2015 |
dlg |
provide a net.inet6.ip6.ifq sysctl so people can see and fiddle with the ip6intrq.
ok claudio@
|
#
1.78 |
|
10-Jan-2015 |
mpi |
Correct some comments and merge in6_if_up() into in6_ifattach() to reflect that IPv6 link-local addresses are no longer automagically configured the first time an interface is brought up.
ok henning@, stsp@
|
#
1.77 |
|
05-Dec-2014 |
mpi |
Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.
ok mikeb@, krw@, bluhm@, tedu@
|
#
1.76 |
|
20-Nov-2014 |
mpi |
What have no need for a variable that holds the maximum MTU size of interfaces with an IPv6 address.
ok henning@, mikeb@, deraadt@
|
#
1.75 |
|
31-Aug-2014 |
bluhm |
Make the in6addr constant declarations and definitions consistent in kernel and user land. OK florian@ mpi@
|
#
1.74 |
|
26-Aug-2014 |
florian |
Do not hand-roll all routers link local address. pointed out & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.73 |
|
11-Jul-2014 |
henning |
introduce the IFXF_AUTOCONF6 interface flag which controls wether we accept rtadvs on that interface. the global net.inet6.ip6.accept_rtadv sysctl just doesn't cut it, even tho the spec wants that - but in their little absurd world, a host just has one interface by definition anyway... the sysctlgoes away. lots of head scratching, brain cell elemination etc from bluhm benno stsp florian, excitement from simon and todd, ok bluhm stsp benno florian
|
#
1.72 |
|
13-Jun-2014 |
chrisz |
Remove deprecated RFC2292 ancillary data convenience functions. They are obsoleted by the RFC3542 api.
ok mpi@
|
#
1.71 |
|
20-Apr-2014 |
naddy |
move in6_cksum_phdr from in6.h to ip6_output.c to mirror in_cksum_phdr ok henning@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.70 |
|
22-Jan-2014 |
naddy |
Split the checksum calculation for IPv6 like for IPv4: Always calculate the pseudo-header checksum. Complete the checksum if hardware offload is not available.
Parts originally from NetBSD; ok henning@
|
#
1.69 |
|
28-Oct-2013 |
deraadt |
kill kame version symbols and sysctl ports tree grep run by sthen
|
#
1.68 |
|
24-Oct-2013 |
mpi |
Remove the number of in6_var.h inclusions by moving some functions and global variables to in6.h.
ok deraadt@
|
#
1.67 |
|
24-Oct-2013 |
deraadt |
Significant namespace cleanup of netinet6 symbols.
One worrying bit is in icmp6.h where some htols() and htonl() are added, which may affect compatibility down the line. This component can be reverted if issues show up. Ports tree greps indicate no issue.
ok claudio mpi etc
|
#
1.66 |
|
21-Oct-2013 |
deraadt |
There are gasps of shock! Add a pmtu delay sysctl BUTTON for netinet6, making the code the same as netinet4 along the way. ok bluhm phessler
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.65 |
|
26-Jun-2013 |
henning |
put the cksum diff back, of course with the bug fixed where we could under some circumstances repair broken checksums on the way. ok ryan naddy mikeb . redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers.
|
#
1.64 |
|
28-Mar-2013 |
bluhm |
Convert the satosin, sintosa, ifatoia, satosin6, sin6tosa, ifatoia6 defines into static inline functions. This allows the compiler to check the source type before casting. liked by many; OK mpi@ haesbaert@
|
#
1.63 |
|
14-Mar-2013 |
mpi |
My lack of faith... These lines should stay, reported by ajacoutot@.
ok sthen@
|
#
1.62 |
|
14-Mar-2013 |
mpi |
tedu faith(4), suggested by todd@ some weeks ago after a submission by dhill.
ok krw@, mikeb@, tedu@ (implicit)
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.61 |
|
06-Nov-2012 |
henning |
backout csum diff for the moment, requested by theo
|
#
1.60 |
|
01-Nov-2012 |
henning |
redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers. ok camield sthen claudio, testing by many, thanks!
|
#
1.59 |
|
17-Sep-2012 |
yasuoka |
add IPV6_RECVDSTPORT socket option, which enables us to get original (= before divert) destination port of a UDP packet. The way to use this option is same as IP_RECVDSTPORT.
from UMEZAWA Takeshi tweaks from jmc; ok henning bluhm
|
#
1.58 |
|
15-Sep-2012 |
guenther |
Improve POSIX/SUS compliance of <netdb.h>, <sys/socket.h>, and <sys/un.h>.
Much ports testing of various versions by naddy@ and jasper@ ok matthew@, miller@
|
Revision tags: OPENBSD_5_2_BASE
|
#
1.57 |
|
10-Jul-2012 |
guenther |
Instead of <arpa/inet.h> pulling in <netinet/in.h>, just copy in the three things that it needed from there: INET_ADDRSTRLEN, INET6_ADDRSTRLEN, and struct in_addr. Add protecting #ifndefs to netinet6?/in6?.h for those.
ok deraadt@
|
#
1.56 |
|
26-Jun-2012 |
guenther |
Improve compliance for <arpa/inet.h> and <netinet/in.h> to define/declare all the symbols that POSIX says they must and fewer that they can't and, most importantly, to not require a specific ordering of headers.
ports testing by naddy@ ok millert@ deraadt@
|
Revision tags: OPENBSD_5_1_BASE
|
#
1.55 |
|
24-Nov-2011 |
sperreault |
rdomain support for IPv6 ok mikeb
|
#
1.54 |
|
13-Oct-2011 |
claudio |
Since the IPv6 madness is not enough introduce NAT64 -- which is actually "af-to" a generic IP version translator for pf(4). Not everything perfect yet but lets fix these things in the tree. Insane amount of work done by sperreault@, mikeb@ and reyk@. Looked over by mcbride@ henning@ and myself at eurobsdcon. OK mcbride@ and general put it in from deraadt@
|
Revision tags: OPENBSD_5_0_BASE
|
#
1.53 |
|
02-May-2011 |
mikeb |
recognize SO_RTABLE socket option at the SOL_SOCKET level; discussed with and ok claudio
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.52 |
|
23-Sep-2010 |
yasuoka |
add a new IP level socket option IP_PIPEX. This option is used for L2TP support by pipex. OK henning@, "Carry on" blambert@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.51 |
|
08-Jul-2010 |
jsg |
remove some unused netinet6 code ok stsp@ henning@ claudio@
|
#
1.50 |
|
07-May-2010 |
claudio |
Start cleaning up the mess called rtalloc*. Kill rtalloc2, make rtalloc1 accept flags for report and nocloning. Move the rtableid into struct route (with a minor twist for now) and make a few more codepathes rdomain aware. Appart from the pf.c and route.c bits the diff is mostly mechanical. More to come... OK michele, henning
|
#
1.49 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.48 |
|
05-Nov-2009 |
michele |
IPv6 support for divert sockets.
tested by phessler@ pyr@ ok claudio@ "go ahead" deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.47 |
|
25-Nov-2008 |
markus |
delay /etc/netstart until IPv6-DAD (dup-address-detection) is completed. ok fries, hshoexer, claudio
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.46 |
|
11-Jun-2008 |
mcbride |
From KAME, allow adjustable limits on NDP entries and discovered routes.
ok mpf naddy
|
#
1.45 |
|
09-Mar-2008 |
sobrado |
use the right capitalization for platform names
ok jsing@
|
Revision tags: OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.44 |
|
22-Jan-2007 |
miod |
Fix KAME cvsweb urls
|
#
1.43 |
|
09-Dec-2006 |
itojun |
switch IPv6 advanced API from RFC2292 to RFC3542 (2292 is superseded by 3542). the kernel still handles RFC2292 set/getsockopts, so that compiled binary has no trouble running. userland sees RFC3542 symbols only on header file so new code has to use RFC3542 API.
bump libc shlib minor for function additions.
tested on i386/amd64 by jmc, i386 by brad. checked by deraadt.
|
#
1.42 |
|
21-Nov-2006 |
itojun |
introduce sysctl net.inet6.ip6.multicast_mtudisc (for multicast routers). deraadt ok. manpage nit by jmc.
|
#
1.41 |
|
17-Nov-2006 |
itojun |
move comment to a line where it makes more sense
|
#
1.40 |
|
17-Nov-2006 |
itojun |
change semantics of ff01::/16 to interface local multicast (to sync up with more recent IPv6 spec)
ok from: deraadt mcbride
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.39 |
|
18-Jun-2006 |
pascoe |
Add support for equal-cost multipath IP.
To minimise path disruptions, this implements recommendations made in RFC2992 - the hash-threshold mechanism to select paths based on source/destination IP address pairs, and inserts multipath routes in the middle of the route table.
To enable multipath distribution, use: sysctl net.inet.ip.multipath=1 and/or: sysctl net.inet6.ip6.multipath=1
testing norby@ ok claudio@ henning@ hshoexer@
|
#
1.38 |
|
27-May-2006 |
claudio |
Do the same thing as for IPv4. Use a sysctl to enable/disable mfrowarding and additionaly make the code part of the MROUTING option. Put it in deraadt@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.37 |
|
13-Dec-2005 |
millert |
First step in include files overhaul. Use __FOO_VISIBLE (as defined in sys/cdefs.h) instead of _FOO_SOURCE. Also fix several namespace pollution issues, including the byte order defines. OK deraadt@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.36 |
|
21-Jun-2004 |
tholo |
First step towards more sane time handling in the kernel -- this changes things such that code that only need a second-resolution uptime or wall time, and used to get that from time.tv_secs or mono_time.tv_secs now get this from separate time_t globals time_second and time_uptime.
ok art@ niklas@ nordin@
|
Revision tags: SMP_SYNC_A
|
#
1.35 |
|
12-Jun-2004 |
itojun |
support IPV6_USE_MIN_MTU, to make BIND9 better. (sorry about the mess yesterday)
|
#
1.34 |
|
11-Jun-2004 |
deraadt |
back out tree breakage. Like, come on
|
#
1.33 |
|
11-Jun-2004 |
itojun |
support IPV6_USE_MIN_MTU, which is needed to run BIND9 well. from kame markus ok
|
Revision tags: OPENBSD_3_5_BASE SMP_SYNC_B
|
#
1.32 |
|
15-Feb-2004 |
markus |
switch to sysctl_int_arr(); ok itojun, henning, miod, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.31 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_A UBC_SYNC_B
|
#
1.30 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.29 |
|
07-Jun-2002 |
itojun |
mistake in sysctl table
|
#
1.28 |
|
07-Jun-2002 |
itojun |
just for consistency/compatibility, have net.inet6.ip6.v6only sysctl MIB, as well as set/getsockopt(IPV6_V6ONLY).
|
#
1.27 |
|
28-May-2002 |
itojun |
limit number of IPv6 fragments (not the fragment queue size) to fight against lots-of-frags DoS attacks. sync w/kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.26 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.25 |
|
07-Dec-2001 |
itojun |
branches: 1.25.2; whitespace/comment sync with kame
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.24 |
|
19-Sep-2001 |
itojun |
comment; sockopt # 57-59 are also reserved
|
#
1.23 |
|
22-Aug-2001 |
niklas |
Add IPCOMP setsockopt policy controls. While here fix the other policies too
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.22 |
|
30-Mar-2001 |
itojun |
fix constness of IN6_{IS,ARE}_xx macros to conform to RFC2553. sync with kame.
|
#
1.21 |
|
02-Mar-2001 |
itojun |
remove date string from KAME version identification, it is getting meaningless as we merge random items daily. have comment that refers to kame COVERAGE document. sync with kame
|
#
1.20 |
|
16-Feb-2001 |
itojun |
get rid of #ifdef IPV6FIREWALL (never used, will never be used)
|
#
1.19 |
|
16-Feb-2001 |
itojun |
pull in new pcb notification code from kame. better handling of scope address.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.18 |
|
17-Oct-2000 |
itojun |
use __P() in prototype for non-ansi compilers. From: Michael Shalayeff <mickey@lucifier.remote.dti.net>
|
#
1.17 |
|
27-Aug-2000 |
itojun |
move IPv6 IPsec sysctl # downward, to avoid number conflict in *BSD. angelos ok
|
#
1.16 |
|
16-Jul-2000 |
itojun |
don't pull sys/queue.h in. sync better with kame.
|
#
1.15 |
|
25-Jun-2000 |
aaron |
Fix typo; ds@ds.primasoft.bg
|
#
1.14 |
|
18-Jun-2000 |
itojun |
allow IPsec-related get/setsockopt on IPv6 socket. due to number conflict they must be IPV6_xx instead of IP_xx.
actually, since in_ctloutput() does not check address family of inpcb, getsockopt(IPPROTO_IP, IP_xx) may work - never tested this.
|
#
1.13 |
|
25-May-2000 |
itojun |
net.inet.ip.gif_ttl (and IPv6 counterpart) is never used. enforce type checking on IN6_ARE_ADDR_EQUAL.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.12 |
|
28-Feb-2000 |
itojun |
bring in recent KAME changes (only important and stable ones, as usual). - remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works just like "arp -s". - revise source address selection. be more careful about use of yet-to-be-valid addresses as source. - as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope packet forwarding attempt. - path MTU discovery takes care of routing header properly. - be more strict about mbuf chain parsing. - nuke xxCTL_VARS #define, they are for BSDI. - disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit IPv6 model where multiple address on interface is normal. (kernel side supports them for a while for backward compat, the support will be nuked shortly) - introduce "default outgoing interface" (for spec conformance in very rare case)
|
#
1.11 |
|
19-Feb-2000 |
deraadt |
use more modern types
|
Revision tags: SMP_BASE
|
#
1.10 |
|
09-Feb-2000 |
itojun |
branches: 1.10.2; improve RFC2553/2292 conformance. netinet6/{ip6,icmp6,in6}.h should not be included. neitnet6/{ip6,icmp6}.h includes #error statements only - i'll remove them couple of days later.
|
#
1.9 |
|
10-Dec-1999 |
angelos |
Add RCS tags, remove unused header files and code, remove a few unnecessary ifdefs...
|
Revision tags: kame_19991208
|
#
1.8 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
Revision tags: OPENBSD_2_5_BASE OPENBSD_2_6_BASE
|
#
1.7 |
|
24-Mar-1999 |
cmetz |
Replace 'in6a_words' (old NRL convention) with 's6_addr32' (new BSDI et al. convention that is more common and more specific as to the access size)
|
#
1.6 |
|
09-Mar-1999 |
cmetz |
Demangled the INET6 stuff so as not to require any extra options and not to be mutually exclusive with the IPSEC option.
|
#
1.5 |
|
24-Feb-1999 |
cmetz |
Synchronized changes needed to integrate into OpenBSD with the NRL source tree so we can have a unified netinet6 directory.
|
#
1.4 |
|
11-Jan-1999 |
deraadt |
_KERNEL, and other cleanup
|
#
1.3 |
|
10-Jan-1999 |
deraadt |
merge INPROTO_* tables
|
#
1.2 |
|
08-Jan-1999 |
deraadt |
use _KERNEL, add ipv6intrq decl
|
#
1.1 |
|
07-Jan-1999 |
deraadt |
missed file
|
#
1.112 |
|
27-Jan-2024 |
bluhm |
Declare address parameter in TCP SYN cache const.
tcp6_ctlinput() casted a constant sockaddr_sin6 to non-const sockaddr. sa6_src may be &sa6_any which lives in read-only data section. Better pass down the const addresses to syn_cache_lookup(). They are needed for hash lookup and are not modified.
OK mvs@
|
#
1.111 |
|
28-Nov-2023 |
bluhm |
Remove struct inpcb from in6_embedscope() parameters.
rip6_output() did modify inp_outputopts6 temporarily to provide different ip6_pktopts to in6_embedscope(). Better pass inp_outputopts6 and inp_moptions6 as separate arguments to in6_embedscope(). Simplify the code that deals with these options in in6_embedscope(). Doucument inp_moptions and inp_moptions6 as protected by net lock.
OK kn@
|
#
1.110 |
|
10-Nov-2023 |
bluhm |
rtable_match() takes constant destination.
For implementing MP safe route lookup, it helps to know which function parameters are constant. Add some const declarations, so that the compiler guarantees that sockaddr dst parameter of rtable_match() does not change.
OK dlg@
|
Revision tags: OPENBSD_7_0_BASE OPENBSD_7_1_BASE OPENBSD_7_2_BASE OPENBSD_7_3_BASE OPENBSD_7_4_BASE
|
#
1.109 |
|
02-Jun-2021 |
dlg |
factor out the code that does sanity checks on ipv6 headers and addresses.
this will allow these checks to be reused for ip packet inspection in bridge, veb, and tpmr.
ok bluhm@ sashan@
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.108 |
|
10-Mar-2021 |
jsg |
spelling
ok gnezdo@ semarie@ mpi@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.107 |
|
24-Aug-2020 |
gnezdo |
Convert ip6_sysctl to sysctl_bounded_args
Tighter limits and OK by sashan
|
#
1.106 |
|
24-Jun-2020 |
cheloha |
kernel: use gettime(9)/getuptime(9) in lieu of time_second(9)/time_uptime(9)
time_second(9) and time_uptime(9) are widely used in the kernel to quickly get the system UTC or system uptime as a time_t. However, time_t is 64-bit everywhere, so it is not generally safe to use them on 32-bit platforms: you have a split-read problem if your hardware cannot perform atomic 64-bit reads.
This patch replaces time_second(9) with gettime(9), a safer successor interface, throughout the kernel. Similarly, time_uptime(9) is replaced with getuptime(9).
There is a performance cost on 32-bit platforms in exchange for eliminating the split-read problem: instead of two register reads you now have a lockless read loop to pull the values from the timehands. This is really not *too* bad in the grand scheme of things, but compared to what we were doing before it is several times slower.
There is no performance cost on 64-bit (__LP64__) platforms.
With input from visa@, dlg@, and tedu@.
Several bugs squashed by visa@.
ok kettenis@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.105 |
|
11-Nov-2019 |
bluhm |
Kernel is missing propper input validation when configuring IPv6 addresses. Implement in6_sa2sin6() to validate inet6 address family and address length. The SIOCGIFDSTADDR_IN6, SIOCGIFNETMASK_IN6, SIOCGIFAFLAG_IN6, SIOCGIFALIFETIME_IN6, and SIOCDIFADDR_IN6 ioctl(2) are safe now. OK visa@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.104 |
|
22-Apr-2019 |
bluhm |
In in_cksum() and in6_cksum() convert types to C99 style and make both functions consistent. In in_cksum() panic if len is longer than mbuf, but in in6_cksum() do not panic if off and len match exactly to the end of mbuf. OK claudio@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.103 |
|
11-Sep-2018 |
bluhm |
Convert inetctlerrmap to u_char like inet6ctlerrmap. That is also what FreeBSD does. Remove old #if 0 version of inet6ctlerrmap. OK mpi@
|
#
1.102 |
|
07-Jun-2018 |
bluhm |
The global zero addresses must not change, mark them constant. OK tb@ visa@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.101 |
|
10-Feb-2018 |
florian |
Implement RFC 7217: "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration."
"An IPv6 address configured using this method is stable within each subnet, but the corresponding Interface Identifier changes when the host moves from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware addresses."
OK naddy, sthen
|
#
1.100 |
|
20-Nov-2017 |
mpi |
Sprinkle some NET_ASSERT_LOCKED(), const and co to prepare running pr_input handlers without KERNEL_LOCK().
ok visa@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.99 |
|
01-Sep-2017 |
florian |
Use in6_get_rand_ifid() instead of get_last_resort_ifid() and delete the get_last_resort_ifid() function because eww. Also if your system is so constraint that you end up in in6_get_rand_ifid() you don't deserve a random ifid that stays stable over reboots. Simplify code a bit since get_ifid() can no longer fail. It couldn't fail before either because that code path was #if 0'ed. While here sprinkle in some in6_ prefixes, pointed out by stsp. OK stsp
|
#
1.98 |
|
11-Aug-2017 |
bluhm |
Validate sockaddr from userland in central functions. This results in common checks for unix, inet, inet6 instead of partial checks here and there. Some checks are already done at a higher layer, but better be paranoid with user input. OK claudio@ millert@
|
#
1.97 |
|
13-Jul-2017 |
florian |
Get rid of ip6.maxifprefixes and ip6.maxifdefrouters, the kernel no longer tracks prefixes or default routers from router advertisements. Pointed out by jmc. ports tree grepping sthen, who only found nsh OK mpi, sthen
|
#
1.96 |
|
30-May-2017 |
mpi |
Keep ipv6_input() definition inside _KERNEL.
Unbreak userland, found the hardway by deraadt@
|
#
1.95 |
|
30-May-2017 |
mpi |
Introduce ipv{4,6}_input(), two wrappers around IP queues.
This will help transitionning to an un-KERNEL_LOCK()ed IP forwarding path.
Disucssed with bluhm@, ok claudio@
|
#
1.94 |
|
04-May-2017 |
bluhm |
Introduce sstosa() for converting sockaddr_storage with a type safe inline function instead of casting it to sockaddr. While there, use inline instead of __inline for all these conversions. Some struct sockaddr casts can be avoided completely. OK dhill@ mpi@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.93 |
|
22-Feb-2017 |
renato |
Fix comments about a few ipv6 sockoptions
OK millert@ florian@
|
#
1.92 |
|
22-Dec-2016 |
rzalamena |
Remove PIM support from the multicast stack.
ok mpi@
|
#
1.91 |
|
03-Oct-2016 |
mpi |
Convert some of the remaining usages of time_second to time_uptime.
time_second is unix time so it can be affected by clock changes. time_uptime is monotonic so it isnt affected by clock changes. that in turn means route expiries wont jump with clock changes if set against time_uptime.
the expiry is translated into unix time for export to userland though.
Should fix mismatch between route timers that were already converted and ND default routers that were still using time_second.
Tested by matthieu@ and sthen@
ok sthen@, dlg@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.90 |
|
27-Jun-2016 |
jca |
Implement IPV6_MINHOPCOUNT support.
Useful to implement GTSM support in daemons such as bgpd(8). Diff from 2013 revived by renato@. Input from bluhm@, ok bluhm@ deraadt@
|
#
1.89 |
|
01-Jun-2016 |
jca |
Kill sysctl net.inet6.ip6.rr_prune
We don't support Router Renumbering and there are no plans to change that. ok mpi@
|
#
1.88 |
|
19-May-2016 |
jca |
Remove sysctl net.inet6.ip6.v6only
This sysctl is a no-op, read-only since it was introduced. There are no plans to support IPv4-mapped addresses on OpenBSD, thus this sysctl is meaningless.
Noticed by djm@, ok claudio@ mpi@ sthen@ henning@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.87 |
|
03-Dec-2015 |
tedu |
rm unused kernel only IPV6_RECVRTHDRDSTOPTS sockopt. ok deraadt sthen
|
#
1.86 |
|
29-Oct-2015 |
tedu |
RFC 2292 API support was removed 9 years ago, but left in a binary compat ABI form for the sake of existing programs. no programs from that era have been able to run for quite some time. Kill it all. ok deraadt florian millert mpi (I believe this is my first IPv6 diff. Future, here I come!)
|
#
1.85 |
|
11-Sep-2015 |
claudio |
in6_embedscope() needs to lose some weight. Remove the last argument. In all but two calls NULL is passed and in the other 2 cases the ifp is only used to maybe feed it to in6_selecthlim() to select the hoplimit for the link. Since in6_embedscope() only works on link-local addresses it does not matter what hop limit we select since the destination is directly reachable. OK florian@ mpi@
|
#
1.84 |
|
10-Sep-2015 |
claudio |
It is time to put inet6 on a diet. Use the flensing knife and cut out the 3rd argument of in6_recoverscope() and make it return void. OK dlg@ mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.83 |
|
08-Jun-2015 |
krw |
More damned eye searing whitespace. No change to .o files.
|
#
1.82 |
|
14-Apr-2015 |
mikeb |
ip6_sprintf is long gone; noticed by blambert
|
#
1.81 |
|
10-Apr-2015 |
dlg |
replace the use of ifqueues for most input queues serviced by netisr with niqueues.
this change is so big because there's a lot of code that takes pointers to different input queues (eg, ether_input picks between ipv4, ipv6, pppoe, arp, and mpls input queues) and falls through to code to enqueue packets against the pointer. if i changed only one of the input queues id have to add sepearate code paths, one for ifqueues and one for niqueues in each of these places
by flipping all these input queues at once i can keep the currently common code common.
testing by mpi@ sthen@ and rafael zalamena ok mpi@ sthen@ claudio@ henning@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.80 |
|
09-Feb-2015 |
claudio |
Implement 2 sysctl to retrieve the multicast forwarding cache (mf6c) and the multicast interface table (mif6). Will be used by netstat soon. Looked over by guenther@
|
#
1.79 |
|
09-Feb-2015 |
dlg |
provide a net.inet6.ip6.ifq sysctl so people can see and fiddle with the ip6intrq.
ok claudio@
|
#
1.78 |
|
10-Jan-2015 |
mpi |
Correct some comments and merge in6_if_up() into in6_ifattach() to reflect that IPv6 link-local addresses are no longer automagically configured the first time an interface is brought up.
ok henning@, stsp@
|
#
1.77 |
|
05-Dec-2014 |
mpi |
Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.
ok mikeb@, krw@, bluhm@, tedu@
|
#
1.76 |
|
20-Nov-2014 |
mpi |
What have no need for a variable that holds the maximum MTU size of interfaces with an IPv6 address.
ok henning@, mikeb@, deraadt@
|
#
1.75 |
|
31-Aug-2014 |
bluhm |
Make the in6addr constant declarations and definitions consistent in kernel and user land. OK florian@ mpi@
|
#
1.74 |
|
26-Aug-2014 |
florian |
Do not hand-roll all routers link local address. pointed out & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.73 |
|
11-Jul-2014 |
henning |
introduce the IFXF_AUTOCONF6 interface flag which controls wether we accept rtadvs on that interface. the global net.inet6.ip6.accept_rtadv sysctl just doesn't cut it, even tho the spec wants that - but in their little absurd world, a host just has one interface by definition anyway... the sysctlgoes away. lots of head scratching, brain cell elemination etc from bluhm benno stsp florian, excitement from simon and todd, ok bluhm stsp benno florian
|
#
1.72 |
|
13-Jun-2014 |
chrisz |
Remove deprecated RFC2292 ancillary data convenience functions. They are obsoleted by the RFC3542 api.
ok mpi@
|
#
1.71 |
|
20-Apr-2014 |
naddy |
move in6_cksum_phdr from in6.h to ip6_output.c to mirror in_cksum_phdr ok henning@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.70 |
|
22-Jan-2014 |
naddy |
Split the checksum calculation for IPv6 like for IPv4: Always calculate the pseudo-header checksum. Complete the checksum if hardware offload is not available.
Parts originally from NetBSD; ok henning@
|
#
1.69 |
|
28-Oct-2013 |
deraadt |
kill kame version symbols and sysctl ports tree grep run by sthen
|
#
1.68 |
|
24-Oct-2013 |
mpi |
Remove the number of in6_var.h inclusions by moving some functions and global variables to in6.h.
ok deraadt@
|
#
1.67 |
|
24-Oct-2013 |
deraadt |
Significant namespace cleanup of netinet6 symbols.
One worrying bit is in icmp6.h where some htols() and htonl() are added, which may affect compatibility down the line. This component can be reverted if issues show up. Ports tree greps indicate no issue.
ok claudio mpi etc
|
#
1.66 |
|
21-Oct-2013 |
deraadt |
There are gasps of shock! Add a pmtu delay sysctl BUTTON for netinet6, making the code the same as netinet4 along the way. ok bluhm phessler
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.65 |
|
26-Jun-2013 |
henning |
put the cksum diff back, of course with the bug fixed where we could under some circumstances repair broken checksums on the way. ok ryan naddy mikeb . redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers.
|
#
1.64 |
|
28-Mar-2013 |
bluhm |
Convert the satosin, sintosa, ifatoia, satosin6, sin6tosa, ifatoia6 defines into static inline functions. This allows the compiler to check the source type before casting. liked by many; OK mpi@ haesbaert@
|
#
1.63 |
|
14-Mar-2013 |
mpi |
My lack of faith... These lines should stay, reported by ajacoutot@.
ok sthen@
|
#
1.62 |
|
14-Mar-2013 |
mpi |
tedu faith(4), suggested by todd@ some weeks ago after a submission by dhill.
ok krw@, mikeb@, tedu@ (implicit)
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.61 |
|
06-Nov-2012 |
henning |
backout csum diff for the moment, requested by theo
|
#
1.60 |
|
01-Nov-2012 |
henning |
redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers. ok camield sthen claudio, testing by many, thanks!
|
#
1.59 |
|
17-Sep-2012 |
yasuoka |
add IPV6_RECVDSTPORT socket option, which enables us to get original (= before divert) destination port of a UDP packet. The way to use this option is same as IP_RECVDSTPORT.
from UMEZAWA Takeshi tweaks from jmc; ok henning bluhm
|
#
1.58 |
|
15-Sep-2012 |
guenther |
Improve POSIX/SUS compliance of <netdb.h>, <sys/socket.h>, and <sys/un.h>.
Much ports testing of various versions by naddy@ and jasper@ ok matthew@, miller@
|
Revision tags: OPENBSD_5_2_BASE
|
#
1.57 |
|
10-Jul-2012 |
guenther |
Instead of <arpa/inet.h> pulling in <netinet/in.h>, just copy in the three things that it needed from there: INET_ADDRSTRLEN, INET6_ADDRSTRLEN, and struct in_addr. Add protecting #ifndefs to netinet6?/in6?.h for those.
ok deraadt@
|
#
1.56 |
|
26-Jun-2012 |
guenther |
Improve compliance for <arpa/inet.h> and <netinet/in.h> to define/declare all the symbols that POSIX says they must and fewer that they can't and, most importantly, to not require a specific ordering of headers.
ports testing by naddy@ ok millert@ deraadt@
|
Revision tags: OPENBSD_5_1_BASE
|
#
1.55 |
|
24-Nov-2011 |
sperreault |
rdomain support for IPv6 ok mikeb
|
#
1.54 |
|
13-Oct-2011 |
claudio |
Since the IPv6 madness is not enough introduce NAT64 -- which is actually "af-to" a generic IP version translator for pf(4). Not everything perfect yet but lets fix these things in the tree. Insane amount of work done by sperreault@, mikeb@ and reyk@. Looked over by mcbride@ henning@ and myself at eurobsdcon. OK mcbride@ and general put it in from deraadt@
|
Revision tags: OPENBSD_5_0_BASE
|
#
1.53 |
|
02-May-2011 |
mikeb |
recognize SO_RTABLE socket option at the SOL_SOCKET level; discussed with and ok claudio
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.52 |
|
23-Sep-2010 |
yasuoka |
add a new IP level socket option IP_PIPEX. This option is used for L2TP support by pipex. OK henning@, "Carry on" blambert@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.51 |
|
08-Jul-2010 |
jsg |
remove some unused netinet6 code ok stsp@ henning@ claudio@
|
#
1.50 |
|
07-May-2010 |
claudio |
Start cleaning up the mess called rtalloc*. Kill rtalloc2, make rtalloc1 accept flags for report and nocloning. Move the rtableid into struct route (with a minor twist for now) and make a few more codepathes rdomain aware. Appart from the pf.c and route.c bits the diff is mostly mechanical. More to come... OK michele, henning
|
#
1.49 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.48 |
|
05-Nov-2009 |
michele |
IPv6 support for divert sockets.
tested by phessler@ pyr@ ok claudio@ "go ahead" deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.47 |
|
25-Nov-2008 |
markus |
delay /etc/netstart until IPv6-DAD (dup-address-detection) is completed. ok fries, hshoexer, claudio
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.46 |
|
11-Jun-2008 |
mcbride |
From KAME, allow adjustable limits on NDP entries and discovered routes.
ok mpf naddy
|
#
1.45 |
|
09-Mar-2008 |
sobrado |
use the right capitalization for platform names
ok jsing@
|
Revision tags: OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.44 |
|
22-Jan-2007 |
miod |
Fix KAME cvsweb urls
|
#
1.43 |
|
09-Dec-2006 |
itojun |
switch IPv6 advanced API from RFC2292 to RFC3542 (2292 is superseded by 3542). the kernel still handles RFC2292 set/getsockopts, so that compiled binary has no trouble running. userland sees RFC3542 symbols only on header file so new code has to use RFC3542 API.
bump libc shlib minor for function additions.
tested on i386/amd64 by jmc, i386 by brad. checked by deraadt.
|
#
1.42 |
|
21-Nov-2006 |
itojun |
introduce sysctl net.inet6.ip6.multicast_mtudisc (for multicast routers). deraadt ok. manpage nit by jmc.
|
#
1.41 |
|
17-Nov-2006 |
itojun |
move comment to a line where it makes more sense
|
#
1.40 |
|
17-Nov-2006 |
itojun |
change semantics of ff01::/16 to interface local multicast (to sync up with more recent IPv6 spec)
ok from: deraadt mcbride
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.39 |
|
18-Jun-2006 |
pascoe |
Add support for equal-cost multipath IP.
To minimise path disruptions, this implements recommendations made in RFC2992 - the hash-threshold mechanism to select paths based on source/destination IP address pairs, and inserts multipath routes in the middle of the route table.
To enable multipath distribution, use: sysctl net.inet.ip.multipath=1 and/or: sysctl net.inet6.ip6.multipath=1
testing norby@ ok claudio@ henning@ hshoexer@
|
#
1.38 |
|
27-May-2006 |
claudio |
Do the same thing as for IPv4. Use a sysctl to enable/disable mfrowarding and additionaly make the code part of the MROUTING option. Put it in deraadt@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.37 |
|
13-Dec-2005 |
millert |
First step in include files overhaul. Use __FOO_VISIBLE (as defined in sys/cdefs.h) instead of _FOO_SOURCE. Also fix several namespace pollution issues, including the byte order defines. OK deraadt@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.36 |
|
21-Jun-2004 |
tholo |
First step towards more sane time handling in the kernel -- this changes things such that code that only need a second-resolution uptime or wall time, and used to get that from time.tv_secs or mono_time.tv_secs now get this from separate time_t globals time_second and time_uptime.
ok art@ niklas@ nordin@
|
Revision tags: SMP_SYNC_A
|
#
1.35 |
|
12-Jun-2004 |
itojun |
support IPV6_USE_MIN_MTU, to make BIND9 better. (sorry about the mess yesterday)
|
#
1.34 |
|
11-Jun-2004 |
deraadt |
back out tree breakage. Like, come on
|
#
1.33 |
|
11-Jun-2004 |
itojun |
support IPV6_USE_MIN_MTU, which is needed to run BIND9 well. from kame markus ok
|
Revision tags: OPENBSD_3_5_BASE SMP_SYNC_B
|
#
1.32 |
|
15-Feb-2004 |
markus |
switch to sysctl_int_arr(); ok itojun, henning, miod, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.31 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_A UBC_SYNC_B
|
#
1.30 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.29 |
|
07-Jun-2002 |
itojun |
mistake in sysctl table
|
#
1.28 |
|
07-Jun-2002 |
itojun |
just for consistency/compatibility, have net.inet6.ip6.v6only sysctl MIB, as well as set/getsockopt(IPV6_V6ONLY).
|
#
1.27 |
|
28-May-2002 |
itojun |
limit number of IPv6 fragments (not the fragment queue size) to fight against lots-of-frags DoS attacks. sync w/kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.26 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.25 |
|
07-Dec-2001 |
itojun |
branches: 1.25.2; whitespace/comment sync with kame
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.24 |
|
19-Sep-2001 |
itojun |
comment; sockopt # 57-59 are also reserved
|
#
1.23 |
|
22-Aug-2001 |
niklas |
Add IPCOMP setsockopt policy controls. While here fix the other policies too
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.22 |
|
30-Mar-2001 |
itojun |
fix constness of IN6_{IS,ARE}_xx macros to conform to RFC2553. sync with kame.
|
#
1.21 |
|
02-Mar-2001 |
itojun |
remove date string from KAME version identification, it is getting meaningless as we merge random items daily. have comment that refers to kame COVERAGE document. sync with kame
|
#
1.20 |
|
16-Feb-2001 |
itojun |
get rid of #ifdef IPV6FIREWALL (never used, will never be used)
|
#
1.19 |
|
16-Feb-2001 |
itojun |
pull in new pcb notification code from kame. better handling of scope address.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.18 |
|
17-Oct-2000 |
itojun |
use __P() in prototype for non-ansi compilers. From: Michael Shalayeff <mickey@lucifier.remote.dti.net>
|
#
1.17 |
|
27-Aug-2000 |
itojun |
move IPv6 IPsec sysctl # downward, to avoid number conflict in *BSD. angelos ok
|
#
1.16 |
|
16-Jul-2000 |
itojun |
don't pull sys/queue.h in. sync better with kame.
|
#
1.15 |
|
25-Jun-2000 |
aaron |
Fix typo; ds@ds.primasoft.bg
|
#
1.14 |
|
18-Jun-2000 |
itojun |
allow IPsec-related get/setsockopt on IPv6 socket. due to number conflict they must be IPV6_xx instead of IP_xx.
actually, since in_ctloutput() does not check address family of inpcb, getsockopt(IPPROTO_IP, IP_xx) may work - never tested this.
|
#
1.13 |
|
25-May-2000 |
itojun |
net.inet.ip.gif_ttl (and IPv6 counterpart) is never used. enforce type checking on IN6_ARE_ADDR_EQUAL.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.12 |
|
28-Feb-2000 |
itojun |
bring in recent KAME changes (only important and stable ones, as usual). - remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works just like "arp -s". - revise source address selection. be more careful about use of yet-to-be-valid addresses as source. - as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope packet forwarding attempt. - path MTU discovery takes care of routing header properly. - be more strict about mbuf chain parsing. - nuke xxCTL_VARS #define, they are for BSDI. - disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit IPv6 model where multiple address on interface is normal. (kernel side supports them for a while for backward compat, the support will be nuked shortly) - introduce "default outgoing interface" (for spec conformance in very rare case)
|
#
1.11 |
|
19-Feb-2000 |
deraadt |
use more modern types
|
Revision tags: SMP_BASE
|
#
1.10 |
|
09-Feb-2000 |
itojun |
branches: 1.10.2; improve RFC2553/2292 conformance. netinet6/{ip6,icmp6,in6}.h should not be included. neitnet6/{ip6,icmp6}.h includes #error statements only - i'll remove them couple of days later.
|
#
1.9 |
|
10-Dec-1999 |
angelos |
Add RCS tags, remove unused header files and code, remove a few unnecessary ifdefs...
|
Revision tags: kame_19991208
|
#
1.8 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
Revision tags: OPENBSD_2_5_BASE OPENBSD_2_6_BASE
|
#
1.7 |
|
24-Mar-1999 |
cmetz |
Replace 'in6a_words' (old NRL convention) with 's6_addr32' (new BSDI et al. convention that is more common and more specific as to the access size)
|
#
1.6 |
|
09-Mar-1999 |
cmetz |
Demangled the INET6 stuff so as not to require any extra options and not to be mutually exclusive with the IPSEC option.
|
#
1.5 |
|
24-Feb-1999 |
cmetz |
Synchronized changes needed to integrate into OpenBSD with the NRL source tree so we can have a unified netinet6 directory.
|
#
1.4 |
|
11-Jan-1999 |
deraadt |
_KERNEL, and other cleanup
|
#
1.3 |
|
10-Jan-1999 |
deraadt |
merge INPROTO_* tables
|
#
1.2 |
|
08-Jan-1999 |
deraadt |
use _KERNEL, add ipv6intrq decl
|
#
1.1 |
|
07-Jan-1999 |
deraadt |
missed file
|
#
1.111 |
|
28-Nov-2023 |
bluhm |
Remove struct inpcb from in6_embedscope() parameters.
rip6_output() did modify inp_outputopts6 temporarily to provide different ip6_pktopts to in6_embedscope(). Better pass inp_outputopts6 and inp_moptions6 as separate arguments to in6_embedscope(). Simplify the code that deals with these options in in6_embedscope(). Doucument inp_moptions and inp_moptions6 as protected by net lock.
OK kn@
|
#
1.110 |
|
10-Nov-2023 |
bluhm |
rtable_match() takes constant destination.
For implementing MP safe route lookup, it helps to know which function parameters are constant. Add some const declarations, so that the compiler guarantees that sockaddr dst parameter of rtable_match() does not change.
OK dlg@
|
Revision tags: OPENBSD_7_0_BASE OPENBSD_7_1_BASE OPENBSD_7_2_BASE OPENBSD_7_3_BASE OPENBSD_7_4_BASE
|
#
1.109 |
|
02-Jun-2021 |
dlg |
factor out the code that does sanity checks on ipv6 headers and addresses.
this will allow these checks to be reused for ip packet inspection in bridge, veb, and tpmr.
ok bluhm@ sashan@
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.108 |
|
10-Mar-2021 |
jsg |
spelling
ok gnezdo@ semarie@ mpi@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.107 |
|
24-Aug-2020 |
gnezdo |
Convert ip6_sysctl to sysctl_bounded_args
Tighter limits and OK by sashan
|
#
1.106 |
|
24-Jun-2020 |
cheloha |
kernel: use gettime(9)/getuptime(9) in lieu of time_second(9)/time_uptime(9)
time_second(9) and time_uptime(9) are widely used in the kernel to quickly get the system UTC or system uptime as a time_t. However, time_t is 64-bit everywhere, so it is not generally safe to use them on 32-bit platforms: you have a split-read problem if your hardware cannot perform atomic 64-bit reads.
This patch replaces time_second(9) with gettime(9), a safer successor interface, throughout the kernel. Similarly, time_uptime(9) is replaced with getuptime(9).
There is a performance cost on 32-bit platforms in exchange for eliminating the split-read problem: instead of two register reads you now have a lockless read loop to pull the values from the timehands. This is really not *too* bad in the grand scheme of things, but compared to what we were doing before it is several times slower.
There is no performance cost on 64-bit (__LP64__) platforms.
With input from visa@, dlg@, and tedu@.
Several bugs squashed by visa@.
ok kettenis@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.105 |
|
11-Nov-2019 |
bluhm |
Kernel is missing propper input validation when configuring IPv6 addresses. Implement in6_sa2sin6() to validate inet6 address family and address length. The SIOCGIFDSTADDR_IN6, SIOCGIFNETMASK_IN6, SIOCGIFAFLAG_IN6, SIOCGIFALIFETIME_IN6, and SIOCDIFADDR_IN6 ioctl(2) are safe now. OK visa@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.104 |
|
22-Apr-2019 |
bluhm |
In in_cksum() and in6_cksum() convert types to C99 style and make both functions consistent. In in_cksum() panic if len is longer than mbuf, but in in6_cksum() do not panic if off and len match exactly to the end of mbuf. OK claudio@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.103 |
|
11-Sep-2018 |
bluhm |
Convert inetctlerrmap to u_char like inet6ctlerrmap. That is also what FreeBSD does. Remove old #if 0 version of inet6ctlerrmap. OK mpi@
|
#
1.102 |
|
07-Jun-2018 |
bluhm |
The global zero addresses must not change, mark them constant. OK tb@ visa@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.101 |
|
10-Feb-2018 |
florian |
Implement RFC 7217: "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration."
"An IPv6 address configured using this method is stable within each subnet, but the corresponding Interface Identifier changes when the host moves from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware addresses."
OK naddy, sthen
|
#
1.100 |
|
20-Nov-2017 |
mpi |
Sprinkle some NET_ASSERT_LOCKED(), const and co to prepare running pr_input handlers without KERNEL_LOCK().
ok visa@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.99 |
|
01-Sep-2017 |
florian |
Use in6_get_rand_ifid() instead of get_last_resort_ifid() and delete the get_last_resort_ifid() function because eww. Also if your system is so constraint that you end up in in6_get_rand_ifid() you don't deserve a random ifid that stays stable over reboots. Simplify code a bit since get_ifid() can no longer fail. It couldn't fail before either because that code path was #if 0'ed. While here sprinkle in some in6_ prefixes, pointed out by stsp. OK stsp
|
#
1.98 |
|
11-Aug-2017 |
bluhm |
Validate sockaddr from userland in central functions. This results in common checks for unix, inet, inet6 instead of partial checks here and there. Some checks are already done at a higher layer, but better be paranoid with user input. OK claudio@ millert@
|
#
1.97 |
|
13-Jul-2017 |
florian |
Get rid of ip6.maxifprefixes and ip6.maxifdefrouters, the kernel no longer tracks prefixes or default routers from router advertisements. Pointed out by jmc. ports tree grepping sthen, who only found nsh OK mpi, sthen
|
#
1.96 |
|
30-May-2017 |
mpi |
Keep ipv6_input() definition inside _KERNEL.
Unbreak userland, found the hardway by deraadt@
|
#
1.95 |
|
30-May-2017 |
mpi |
Introduce ipv{4,6}_input(), two wrappers around IP queues.
This will help transitionning to an un-KERNEL_LOCK()ed IP forwarding path.
Disucssed with bluhm@, ok claudio@
|
#
1.94 |
|
04-May-2017 |
bluhm |
Introduce sstosa() for converting sockaddr_storage with a type safe inline function instead of casting it to sockaddr. While there, use inline instead of __inline for all these conversions. Some struct sockaddr casts can be avoided completely. OK dhill@ mpi@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.93 |
|
22-Feb-2017 |
renato |
Fix comments about a few ipv6 sockoptions
OK millert@ florian@
|
#
1.92 |
|
22-Dec-2016 |
rzalamena |
Remove PIM support from the multicast stack.
ok mpi@
|
#
1.91 |
|
03-Oct-2016 |
mpi |
Convert some of the remaining usages of time_second to time_uptime.
time_second is unix time so it can be affected by clock changes. time_uptime is monotonic so it isnt affected by clock changes. that in turn means route expiries wont jump with clock changes if set against time_uptime.
the expiry is translated into unix time for export to userland though.
Should fix mismatch between route timers that were already converted and ND default routers that were still using time_second.
Tested by matthieu@ and sthen@
ok sthen@, dlg@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.90 |
|
27-Jun-2016 |
jca |
Implement IPV6_MINHOPCOUNT support.
Useful to implement GTSM support in daemons such as bgpd(8). Diff from 2013 revived by renato@. Input from bluhm@, ok bluhm@ deraadt@
|
#
1.89 |
|
01-Jun-2016 |
jca |
Kill sysctl net.inet6.ip6.rr_prune
We don't support Router Renumbering and there are no plans to change that. ok mpi@
|
#
1.88 |
|
19-May-2016 |
jca |
Remove sysctl net.inet6.ip6.v6only
This sysctl is a no-op, read-only since it was introduced. There are no plans to support IPv4-mapped addresses on OpenBSD, thus this sysctl is meaningless.
Noticed by djm@, ok claudio@ mpi@ sthen@ henning@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.87 |
|
03-Dec-2015 |
tedu |
rm unused kernel only IPV6_RECVRTHDRDSTOPTS sockopt. ok deraadt sthen
|
#
1.86 |
|
29-Oct-2015 |
tedu |
RFC 2292 API support was removed 9 years ago, but left in a binary compat ABI form for the sake of existing programs. no programs from that era have been able to run for quite some time. Kill it all. ok deraadt florian millert mpi (I believe this is my first IPv6 diff. Future, here I come!)
|
#
1.85 |
|
11-Sep-2015 |
claudio |
in6_embedscope() needs to lose some weight. Remove the last argument. In all but two calls NULL is passed and in the other 2 cases the ifp is only used to maybe feed it to in6_selecthlim() to select the hoplimit for the link. Since in6_embedscope() only works on link-local addresses it does not matter what hop limit we select since the destination is directly reachable. OK florian@ mpi@
|
#
1.84 |
|
10-Sep-2015 |
claudio |
It is time to put inet6 on a diet. Use the flensing knife and cut out the 3rd argument of in6_recoverscope() and make it return void. OK dlg@ mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.83 |
|
08-Jun-2015 |
krw |
More damned eye searing whitespace. No change to .o files.
|
#
1.82 |
|
14-Apr-2015 |
mikeb |
ip6_sprintf is long gone; noticed by blambert
|
#
1.81 |
|
10-Apr-2015 |
dlg |
replace the use of ifqueues for most input queues serviced by netisr with niqueues.
this change is so big because there's a lot of code that takes pointers to different input queues (eg, ether_input picks between ipv4, ipv6, pppoe, arp, and mpls input queues) and falls through to code to enqueue packets against the pointer. if i changed only one of the input queues id have to add sepearate code paths, one for ifqueues and one for niqueues in each of these places
by flipping all these input queues at once i can keep the currently common code common.
testing by mpi@ sthen@ and rafael zalamena ok mpi@ sthen@ claudio@ henning@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.80 |
|
09-Feb-2015 |
claudio |
Implement 2 sysctl to retrieve the multicast forwarding cache (mf6c) and the multicast interface table (mif6). Will be used by netstat soon. Looked over by guenther@
|
#
1.79 |
|
09-Feb-2015 |
dlg |
provide a net.inet6.ip6.ifq sysctl so people can see and fiddle with the ip6intrq.
ok claudio@
|
#
1.78 |
|
10-Jan-2015 |
mpi |
Correct some comments and merge in6_if_up() into in6_ifattach() to reflect that IPv6 link-local addresses are no longer automagically configured the first time an interface is brought up.
ok henning@, stsp@
|
#
1.77 |
|
05-Dec-2014 |
mpi |
Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.
ok mikeb@, krw@, bluhm@, tedu@
|
#
1.76 |
|
20-Nov-2014 |
mpi |
What have no need for a variable that holds the maximum MTU size of interfaces with an IPv6 address.
ok henning@, mikeb@, deraadt@
|
#
1.75 |
|
31-Aug-2014 |
bluhm |
Make the in6addr constant declarations and definitions consistent in kernel and user land. OK florian@ mpi@
|
#
1.74 |
|
26-Aug-2014 |
florian |
Do not hand-roll all routers link local address. pointed out & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.73 |
|
11-Jul-2014 |
henning |
introduce the IFXF_AUTOCONF6 interface flag which controls wether we accept rtadvs on that interface. the global net.inet6.ip6.accept_rtadv sysctl just doesn't cut it, even tho the spec wants that - but in their little absurd world, a host just has one interface by definition anyway... the sysctlgoes away. lots of head scratching, brain cell elemination etc from bluhm benno stsp florian, excitement from simon and todd, ok bluhm stsp benno florian
|
#
1.72 |
|
13-Jun-2014 |
chrisz |
Remove deprecated RFC2292 ancillary data convenience functions. They are obsoleted by the RFC3542 api.
ok mpi@
|
#
1.71 |
|
20-Apr-2014 |
naddy |
move in6_cksum_phdr from in6.h to ip6_output.c to mirror in_cksum_phdr ok henning@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.70 |
|
22-Jan-2014 |
naddy |
Split the checksum calculation for IPv6 like for IPv4: Always calculate the pseudo-header checksum. Complete the checksum if hardware offload is not available.
Parts originally from NetBSD; ok henning@
|
#
1.69 |
|
28-Oct-2013 |
deraadt |
kill kame version symbols and sysctl ports tree grep run by sthen
|
#
1.68 |
|
24-Oct-2013 |
mpi |
Remove the number of in6_var.h inclusions by moving some functions and global variables to in6.h.
ok deraadt@
|
#
1.67 |
|
24-Oct-2013 |
deraadt |
Significant namespace cleanup of netinet6 symbols.
One worrying bit is in icmp6.h where some htols() and htonl() are added, which may affect compatibility down the line. This component can be reverted if issues show up. Ports tree greps indicate no issue.
ok claudio mpi etc
|
#
1.66 |
|
21-Oct-2013 |
deraadt |
There are gasps of shock! Add a pmtu delay sysctl BUTTON for netinet6, making the code the same as netinet4 along the way. ok bluhm phessler
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.65 |
|
26-Jun-2013 |
henning |
put the cksum diff back, of course with the bug fixed where we could under some circumstances repair broken checksums on the way. ok ryan naddy mikeb . redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers.
|
#
1.64 |
|
28-Mar-2013 |
bluhm |
Convert the satosin, sintosa, ifatoia, satosin6, sin6tosa, ifatoia6 defines into static inline functions. This allows the compiler to check the source type before casting. liked by many; OK mpi@ haesbaert@
|
#
1.63 |
|
14-Mar-2013 |
mpi |
My lack of faith... These lines should stay, reported by ajacoutot@.
ok sthen@
|
#
1.62 |
|
14-Mar-2013 |
mpi |
tedu faith(4), suggested by todd@ some weeks ago after a submission by dhill.
ok krw@, mikeb@, tedu@ (implicit)
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.61 |
|
06-Nov-2012 |
henning |
backout csum diff for the moment, requested by theo
|
#
1.60 |
|
01-Nov-2012 |
henning |
redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers. ok camield sthen claudio, testing by many, thanks!
|
#
1.59 |
|
17-Sep-2012 |
yasuoka |
add IPV6_RECVDSTPORT socket option, which enables us to get original (= before divert) destination port of a UDP packet. The way to use this option is same as IP_RECVDSTPORT.
from UMEZAWA Takeshi tweaks from jmc; ok henning bluhm
|
#
1.58 |
|
15-Sep-2012 |
guenther |
Improve POSIX/SUS compliance of <netdb.h>, <sys/socket.h>, and <sys/un.h>.
Much ports testing of various versions by naddy@ and jasper@ ok matthew@, miller@
|
Revision tags: OPENBSD_5_2_BASE
|
#
1.57 |
|
10-Jul-2012 |
guenther |
Instead of <arpa/inet.h> pulling in <netinet/in.h>, just copy in the three things that it needed from there: INET_ADDRSTRLEN, INET6_ADDRSTRLEN, and struct in_addr. Add protecting #ifndefs to netinet6?/in6?.h for those.
ok deraadt@
|
#
1.56 |
|
26-Jun-2012 |
guenther |
Improve compliance for <arpa/inet.h> and <netinet/in.h> to define/declare all the symbols that POSIX says they must and fewer that they can't and, most importantly, to not require a specific ordering of headers.
ports testing by naddy@ ok millert@ deraadt@
|
Revision tags: OPENBSD_5_1_BASE
|
#
1.55 |
|
24-Nov-2011 |
sperreault |
rdomain support for IPv6 ok mikeb
|
#
1.54 |
|
13-Oct-2011 |
claudio |
Since the IPv6 madness is not enough introduce NAT64 -- which is actually "af-to" a generic IP version translator for pf(4). Not everything perfect yet but lets fix these things in the tree. Insane amount of work done by sperreault@, mikeb@ and reyk@. Looked over by mcbride@ henning@ and myself at eurobsdcon. OK mcbride@ and general put it in from deraadt@
|
Revision tags: OPENBSD_5_0_BASE
|
#
1.53 |
|
02-May-2011 |
mikeb |
recognize SO_RTABLE socket option at the SOL_SOCKET level; discussed with and ok claudio
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.52 |
|
23-Sep-2010 |
yasuoka |
add a new IP level socket option IP_PIPEX. This option is used for L2TP support by pipex. OK henning@, "Carry on" blambert@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.51 |
|
08-Jul-2010 |
jsg |
remove some unused netinet6 code ok stsp@ henning@ claudio@
|
#
1.50 |
|
07-May-2010 |
claudio |
Start cleaning up the mess called rtalloc*. Kill rtalloc2, make rtalloc1 accept flags for report and nocloning. Move the rtableid into struct route (with a minor twist for now) and make a few more codepathes rdomain aware. Appart from the pf.c and route.c bits the diff is mostly mechanical. More to come... OK michele, henning
|
#
1.49 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.48 |
|
05-Nov-2009 |
michele |
IPv6 support for divert sockets.
tested by phessler@ pyr@ ok claudio@ "go ahead" deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.47 |
|
25-Nov-2008 |
markus |
delay /etc/netstart until IPv6-DAD (dup-address-detection) is completed. ok fries, hshoexer, claudio
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.46 |
|
11-Jun-2008 |
mcbride |
From KAME, allow adjustable limits on NDP entries and discovered routes.
ok mpf naddy
|
#
1.45 |
|
09-Mar-2008 |
sobrado |
use the right capitalization for platform names
ok jsing@
|
Revision tags: OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.44 |
|
22-Jan-2007 |
miod |
Fix KAME cvsweb urls
|
#
1.43 |
|
09-Dec-2006 |
itojun |
switch IPv6 advanced API from RFC2292 to RFC3542 (2292 is superseded by 3542). the kernel still handles RFC2292 set/getsockopts, so that compiled binary has no trouble running. userland sees RFC3542 symbols only on header file so new code has to use RFC3542 API.
bump libc shlib minor for function additions.
tested on i386/amd64 by jmc, i386 by brad. checked by deraadt.
|
#
1.42 |
|
21-Nov-2006 |
itojun |
introduce sysctl net.inet6.ip6.multicast_mtudisc (for multicast routers). deraadt ok. manpage nit by jmc.
|
#
1.41 |
|
17-Nov-2006 |
itojun |
move comment to a line where it makes more sense
|
#
1.40 |
|
17-Nov-2006 |
itojun |
change semantics of ff01::/16 to interface local multicast (to sync up with more recent IPv6 spec)
ok from: deraadt mcbride
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.39 |
|
18-Jun-2006 |
pascoe |
Add support for equal-cost multipath IP.
To minimise path disruptions, this implements recommendations made in RFC2992 - the hash-threshold mechanism to select paths based on source/destination IP address pairs, and inserts multipath routes in the middle of the route table.
To enable multipath distribution, use: sysctl net.inet.ip.multipath=1 and/or: sysctl net.inet6.ip6.multipath=1
testing norby@ ok claudio@ henning@ hshoexer@
|
#
1.38 |
|
27-May-2006 |
claudio |
Do the same thing as for IPv4. Use a sysctl to enable/disable mfrowarding and additionaly make the code part of the MROUTING option. Put it in deraadt@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.37 |
|
13-Dec-2005 |
millert |
First step in include files overhaul. Use __FOO_VISIBLE (as defined in sys/cdefs.h) instead of _FOO_SOURCE. Also fix several namespace pollution issues, including the byte order defines. OK deraadt@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.36 |
|
21-Jun-2004 |
tholo |
First step towards more sane time handling in the kernel -- this changes things such that code that only need a second-resolution uptime or wall time, and used to get that from time.tv_secs or mono_time.tv_secs now get this from separate time_t globals time_second and time_uptime.
ok art@ niklas@ nordin@
|
Revision tags: SMP_SYNC_A
|
#
1.35 |
|
12-Jun-2004 |
itojun |
support IPV6_USE_MIN_MTU, to make BIND9 better. (sorry about the mess yesterday)
|
#
1.34 |
|
11-Jun-2004 |
deraadt |
back out tree breakage. Like, come on
|
#
1.33 |
|
11-Jun-2004 |
itojun |
support IPV6_USE_MIN_MTU, which is needed to run BIND9 well. from kame markus ok
|
Revision tags: OPENBSD_3_5_BASE SMP_SYNC_B
|
#
1.32 |
|
15-Feb-2004 |
markus |
switch to sysctl_int_arr(); ok itojun, henning, miod, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.31 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_A UBC_SYNC_B
|
#
1.30 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.29 |
|
07-Jun-2002 |
itojun |
mistake in sysctl table
|
#
1.28 |
|
07-Jun-2002 |
itojun |
just for consistency/compatibility, have net.inet6.ip6.v6only sysctl MIB, as well as set/getsockopt(IPV6_V6ONLY).
|
#
1.27 |
|
28-May-2002 |
itojun |
limit number of IPv6 fragments (not the fragment queue size) to fight against lots-of-frags DoS attacks. sync w/kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.26 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.25 |
|
07-Dec-2001 |
itojun |
branches: 1.25.2; whitespace/comment sync with kame
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.24 |
|
19-Sep-2001 |
itojun |
comment; sockopt # 57-59 are also reserved
|
#
1.23 |
|
22-Aug-2001 |
niklas |
Add IPCOMP setsockopt policy controls. While here fix the other policies too
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.22 |
|
30-Mar-2001 |
itojun |
fix constness of IN6_{IS,ARE}_xx macros to conform to RFC2553. sync with kame.
|
#
1.21 |
|
02-Mar-2001 |
itojun |
remove date string from KAME version identification, it is getting meaningless as we merge random items daily. have comment that refers to kame COVERAGE document. sync with kame
|
#
1.20 |
|
16-Feb-2001 |
itojun |
get rid of #ifdef IPV6FIREWALL (never used, will never be used)
|
#
1.19 |
|
16-Feb-2001 |
itojun |
pull in new pcb notification code from kame. better handling of scope address.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.18 |
|
17-Oct-2000 |
itojun |
use __P() in prototype for non-ansi compilers. From: Michael Shalayeff <mickey@lucifier.remote.dti.net>
|
#
1.17 |
|
27-Aug-2000 |
itojun |
move IPv6 IPsec sysctl # downward, to avoid number conflict in *BSD. angelos ok
|
#
1.16 |
|
16-Jul-2000 |
itojun |
don't pull sys/queue.h in. sync better with kame.
|
#
1.15 |
|
25-Jun-2000 |
aaron |
Fix typo; ds@ds.primasoft.bg
|
#
1.14 |
|
18-Jun-2000 |
itojun |
allow IPsec-related get/setsockopt on IPv6 socket. due to number conflict they must be IPV6_xx instead of IP_xx.
actually, since in_ctloutput() does not check address family of inpcb, getsockopt(IPPROTO_IP, IP_xx) may work - never tested this.
|
#
1.13 |
|
25-May-2000 |
itojun |
net.inet.ip.gif_ttl (and IPv6 counterpart) is never used. enforce type checking on IN6_ARE_ADDR_EQUAL.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.12 |
|
28-Feb-2000 |
itojun |
bring in recent KAME changes (only important and stable ones, as usual). - remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works just like "arp -s". - revise source address selection. be more careful about use of yet-to-be-valid addresses as source. - as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope packet forwarding attempt. - path MTU discovery takes care of routing header properly. - be more strict about mbuf chain parsing. - nuke xxCTL_VARS #define, they are for BSDI. - disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit IPv6 model where multiple address on interface is normal. (kernel side supports them for a while for backward compat, the support will be nuked shortly) - introduce "default outgoing interface" (for spec conformance in very rare case)
|
#
1.11 |
|
19-Feb-2000 |
deraadt |
use more modern types
|
Revision tags: SMP_BASE
|
#
1.10 |
|
09-Feb-2000 |
itojun |
branches: 1.10.2; improve RFC2553/2292 conformance. netinet6/{ip6,icmp6,in6}.h should not be included. neitnet6/{ip6,icmp6}.h includes #error statements only - i'll remove them couple of days later.
|
#
1.9 |
|
10-Dec-1999 |
angelos |
Add RCS tags, remove unused header files and code, remove a few unnecessary ifdefs...
|
Revision tags: kame_19991208
|
#
1.8 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
Revision tags: OPENBSD_2_5_BASE OPENBSD_2_6_BASE
|
#
1.7 |
|
24-Mar-1999 |
cmetz |
Replace 'in6a_words' (old NRL convention) with 's6_addr32' (new BSDI et al. convention that is more common and more specific as to the access size)
|
#
1.6 |
|
09-Mar-1999 |
cmetz |
Demangled the INET6 stuff so as not to require any extra options and not to be mutually exclusive with the IPSEC option.
|
#
1.5 |
|
24-Feb-1999 |
cmetz |
Synchronized changes needed to integrate into OpenBSD with the NRL source tree so we can have a unified netinet6 directory.
|
#
1.4 |
|
11-Jan-1999 |
deraadt |
_KERNEL, and other cleanup
|
#
1.3 |
|
10-Jan-1999 |
deraadt |
merge INPROTO_* tables
|
#
1.2 |
|
08-Jan-1999 |
deraadt |
use _KERNEL, add ipv6intrq decl
|
#
1.1 |
|
07-Jan-1999 |
deraadt |
missed file
|
#
1.110 |
|
10-Nov-2023 |
bluhm |
rtable_match() takes constant destination.
For implementing MP safe route lookup, it helps to know which function parameters are constant. Add some const declarations, so that the compiler guarantees that sockaddr dst parameter of rtable_match() does not change.
OK dlg@
|
Revision tags: OPENBSD_7_0_BASE OPENBSD_7_1_BASE OPENBSD_7_2_BASE OPENBSD_7_3_BASE OPENBSD_7_4_BASE
|
#
1.109 |
|
02-Jun-2021 |
dlg |
factor out the code that does sanity checks on ipv6 headers and addresses.
this will allow these checks to be reused for ip packet inspection in bridge, veb, and tpmr.
ok bluhm@ sashan@
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.108 |
|
10-Mar-2021 |
jsg |
spelling
ok gnezdo@ semarie@ mpi@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.107 |
|
24-Aug-2020 |
gnezdo |
Convert ip6_sysctl to sysctl_bounded_args
Tighter limits and OK by sashan
|
#
1.106 |
|
24-Jun-2020 |
cheloha |
kernel: use gettime(9)/getuptime(9) in lieu of time_second(9)/time_uptime(9)
time_second(9) and time_uptime(9) are widely used in the kernel to quickly get the system UTC or system uptime as a time_t. However, time_t is 64-bit everywhere, so it is not generally safe to use them on 32-bit platforms: you have a split-read problem if your hardware cannot perform atomic 64-bit reads.
This patch replaces time_second(9) with gettime(9), a safer successor interface, throughout the kernel. Similarly, time_uptime(9) is replaced with getuptime(9).
There is a performance cost on 32-bit platforms in exchange for eliminating the split-read problem: instead of two register reads you now have a lockless read loop to pull the values from the timehands. This is really not *too* bad in the grand scheme of things, but compared to what we were doing before it is several times slower.
There is no performance cost on 64-bit (__LP64__) platforms.
With input from visa@, dlg@, and tedu@.
Several bugs squashed by visa@.
ok kettenis@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.105 |
|
11-Nov-2019 |
bluhm |
Kernel is missing propper input validation when configuring IPv6 addresses. Implement in6_sa2sin6() to validate inet6 address family and address length. The SIOCGIFDSTADDR_IN6, SIOCGIFNETMASK_IN6, SIOCGIFAFLAG_IN6, SIOCGIFALIFETIME_IN6, and SIOCDIFADDR_IN6 ioctl(2) are safe now. OK visa@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.104 |
|
22-Apr-2019 |
bluhm |
In in_cksum() and in6_cksum() convert types to C99 style and make both functions consistent. In in_cksum() panic if len is longer than mbuf, but in in6_cksum() do not panic if off and len match exactly to the end of mbuf. OK claudio@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.103 |
|
11-Sep-2018 |
bluhm |
Convert inetctlerrmap to u_char like inet6ctlerrmap. That is also what FreeBSD does. Remove old #if 0 version of inet6ctlerrmap. OK mpi@
|
#
1.102 |
|
07-Jun-2018 |
bluhm |
The global zero addresses must not change, mark them constant. OK tb@ visa@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.101 |
|
10-Feb-2018 |
florian |
Implement RFC 7217: "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration."
"An IPv6 address configured using this method is stable within each subnet, but the corresponding Interface Identifier changes when the host moves from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware addresses."
OK naddy, sthen
|
#
1.100 |
|
20-Nov-2017 |
mpi |
Sprinkle some NET_ASSERT_LOCKED(), const and co to prepare running pr_input handlers without KERNEL_LOCK().
ok visa@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.99 |
|
01-Sep-2017 |
florian |
Use in6_get_rand_ifid() instead of get_last_resort_ifid() and delete the get_last_resort_ifid() function because eww. Also if your system is so constraint that you end up in in6_get_rand_ifid() you don't deserve a random ifid that stays stable over reboots. Simplify code a bit since get_ifid() can no longer fail. It couldn't fail before either because that code path was #if 0'ed. While here sprinkle in some in6_ prefixes, pointed out by stsp. OK stsp
|
#
1.98 |
|
11-Aug-2017 |
bluhm |
Validate sockaddr from userland in central functions. This results in common checks for unix, inet, inet6 instead of partial checks here and there. Some checks are already done at a higher layer, but better be paranoid with user input. OK claudio@ millert@
|
#
1.97 |
|
13-Jul-2017 |
florian |
Get rid of ip6.maxifprefixes and ip6.maxifdefrouters, the kernel no longer tracks prefixes or default routers from router advertisements. Pointed out by jmc. ports tree grepping sthen, who only found nsh OK mpi, sthen
|
#
1.96 |
|
30-May-2017 |
mpi |
Keep ipv6_input() definition inside _KERNEL.
Unbreak userland, found the hardway by deraadt@
|
#
1.95 |
|
30-May-2017 |
mpi |
Introduce ipv{4,6}_input(), two wrappers around IP queues.
This will help transitionning to an un-KERNEL_LOCK()ed IP forwarding path.
Disucssed with bluhm@, ok claudio@
|
#
1.94 |
|
04-May-2017 |
bluhm |
Introduce sstosa() for converting sockaddr_storage with a type safe inline function instead of casting it to sockaddr. While there, use inline instead of __inline for all these conversions. Some struct sockaddr casts can be avoided completely. OK dhill@ mpi@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.93 |
|
22-Feb-2017 |
renato |
Fix comments about a few ipv6 sockoptions
OK millert@ florian@
|
#
1.92 |
|
22-Dec-2016 |
rzalamena |
Remove PIM support from the multicast stack.
ok mpi@
|
#
1.91 |
|
03-Oct-2016 |
mpi |
Convert some of the remaining usages of time_second to time_uptime.
time_second is unix time so it can be affected by clock changes. time_uptime is monotonic so it isnt affected by clock changes. that in turn means route expiries wont jump with clock changes if set against time_uptime.
the expiry is translated into unix time for export to userland though.
Should fix mismatch between route timers that were already converted and ND default routers that were still using time_second.
Tested by matthieu@ and sthen@
ok sthen@, dlg@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.90 |
|
27-Jun-2016 |
jca |
Implement IPV6_MINHOPCOUNT support.
Useful to implement GTSM support in daemons such as bgpd(8). Diff from 2013 revived by renato@. Input from bluhm@, ok bluhm@ deraadt@
|
#
1.89 |
|
01-Jun-2016 |
jca |
Kill sysctl net.inet6.ip6.rr_prune
We don't support Router Renumbering and there are no plans to change that. ok mpi@
|
#
1.88 |
|
19-May-2016 |
jca |
Remove sysctl net.inet6.ip6.v6only
This sysctl is a no-op, read-only since it was introduced. There are no plans to support IPv4-mapped addresses on OpenBSD, thus this sysctl is meaningless.
Noticed by djm@, ok claudio@ mpi@ sthen@ henning@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.87 |
|
03-Dec-2015 |
tedu |
rm unused kernel only IPV6_RECVRTHDRDSTOPTS sockopt. ok deraadt sthen
|
#
1.86 |
|
29-Oct-2015 |
tedu |
RFC 2292 API support was removed 9 years ago, but left in a binary compat ABI form for the sake of existing programs. no programs from that era have been able to run for quite some time. Kill it all. ok deraadt florian millert mpi (I believe this is my first IPv6 diff. Future, here I come!)
|
#
1.85 |
|
11-Sep-2015 |
claudio |
in6_embedscope() needs to lose some weight. Remove the last argument. In all but two calls NULL is passed and in the other 2 cases the ifp is only used to maybe feed it to in6_selecthlim() to select the hoplimit for the link. Since in6_embedscope() only works on link-local addresses it does not matter what hop limit we select since the destination is directly reachable. OK florian@ mpi@
|
#
1.84 |
|
10-Sep-2015 |
claudio |
It is time to put inet6 on a diet. Use the flensing knife and cut out the 3rd argument of in6_recoverscope() and make it return void. OK dlg@ mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.83 |
|
08-Jun-2015 |
krw |
More damned eye searing whitespace. No change to .o files.
|
#
1.82 |
|
14-Apr-2015 |
mikeb |
ip6_sprintf is long gone; noticed by blambert
|
#
1.81 |
|
10-Apr-2015 |
dlg |
replace the use of ifqueues for most input queues serviced by netisr with niqueues.
this change is so big because there's a lot of code that takes pointers to different input queues (eg, ether_input picks between ipv4, ipv6, pppoe, arp, and mpls input queues) and falls through to code to enqueue packets against the pointer. if i changed only one of the input queues id have to add sepearate code paths, one for ifqueues and one for niqueues in each of these places
by flipping all these input queues at once i can keep the currently common code common.
testing by mpi@ sthen@ and rafael zalamena ok mpi@ sthen@ claudio@ henning@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.80 |
|
09-Feb-2015 |
claudio |
Implement 2 sysctl to retrieve the multicast forwarding cache (mf6c) and the multicast interface table (mif6). Will be used by netstat soon. Looked over by guenther@
|
#
1.79 |
|
09-Feb-2015 |
dlg |
provide a net.inet6.ip6.ifq sysctl so people can see and fiddle with the ip6intrq.
ok claudio@
|
#
1.78 |
|
10-Jan-2015 |
mpi |
Correct some comments and merge in6_if_up() into in6_ifattach() to reflect that IPv6 link-local addresses are no longer automagically configured the first time an interface is brought up.
ok henning@, stsp@
|
#
1.77 |
|
05-Dec-2014 |
mpi |
Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.
ok mikeb@, krw@, bluhm@, tedu@
|
#
1.76 |
|
20-Nov-2014 |
mpi |
What have no need for a variable that holds the maximum MTU size of interfaces with an IPv6 address.
ok henning@, mikeb@, deraadt@
|
#
1.75 |
|
31-Aug-2014 |
bluhm |
Make the in6addr constant declarations and definitions consistent in kernel and user land. OK florian@ mpi@
|
#
1.74 |
|
26-Aug-2014 |
florian |
Do not hand-roll all routers link local address. pointed out & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.73 |
|
11-Jul-2014 |
henning |
introduce the IFXF_AUTOCONF6 interface flag which controls wether we accept rtadvs on that interface. the global net.inet6.ip6.accept_rtadv sysctl just doesn't cut it, even tho the spec wants that - but in their little absurd world, a host just has one interface by definition anyway... the sysctlgoes away. lots of head scratching, brain cell elemination etc from bluhm benno stsp florian, excitement from simon and todd, ok bluhm stsp benno florian
|
#
1.72 |
|
13-Jun-2014 |
chrisz |
Remove deprecated RFC2292 ancillary data convenience functions. They are obsoleted by the RFC3542 api.
ok mpi@
|
#
1.71 |
|
20-Apr-2014 |
naddy |
move in6_cksum_phdr from in6.h to ip6_output.c to mirror in_cksum_phdr ok henning@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.70 |
|
22-Jan-2014 |
naddy |
Split the checksum calculation for IPv6 like for IPv4: Always calculate the pseudo-header checksum. Complete the checksum if hardware offload is not available.
Parts originally from NetBSD; ok henning@
|
#
1.69 |
|
28-Oct-2013 |
deraadt |
kill kame version symbols and sysctl ports tree grep run by sthen
|
#
1.68 |
|
24-Oct-2013 |
mpi |
Remove the number of in6_var.h inclusions by moving some functions and global variables to in6.h.
ok deraadt@
|
#
1.67 |
|
24-Oct-2013 |
deraadt |
Significant namespace cleanup of netinet6 symbols.
One worrying bit is in icmp6.h where some htols() and htonl() are added, which may affect compatibility down the line. This component can be reverted if issues show up. Ports tree greps indicate no issue.
ok claudio mpi etc
|
#
1.66 |
|
21-Oct-2013 |
deraadt |
There are gasps of shock! Add a pmtu delay sysctl BUTTON for netinet6, making the code the same as netinet4 along the way. ok bluhm phessler
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.65 |
|
26-Jun-2013 |
henning |
put the cksum diff back, of course with the bug fixed where we could under some circumstances repair broken checksums on the way. ok ryan naddy mikeb . redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers.
|
#
1.64 |
|
28-Mar-2013 |
bluhm |
Convert the satosin, sintosa, ifatoia, satosin6, sin6tosa, ifatoia6 defines into static inline functions. This allows the compiler to check the source type before casting. liked by many; OK mpi@ haesbaert@
|
#
1.63 |
|
14-Mar-2013 |
mpi |
My lack of faith... These lines should stay, reported by ajacoutot@.
ok sthen@
|
#
1.62 |
|
14-Mar-2013 |
mpi |
tedu faith(4), suggested by todd@ some weeks ago after a submission by dhill.
ok krw@, mikeb@, tedu@ (implicit)
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.61 |
|
06-Nov-2012 |
henning |
backout csum diff for the moment, requested by theo
|
#
1.60 |
|
01-Nov-2012 |
henning |
redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers. ok camield sthen claudio, testing by many, thanks!
|
#
1.59 |
|
17-Sep-2012 |
yasuoka |
add IPV6_RECVDSTPORT socket option, which enables us to get original (= before divert) destination port of a UDP packet. The way to use this option is same as IP_RECVDSTPORT.
from UMEZAWA Takeshi tweaks from jmc; ok henning bluhm
|
#
1.58 |
|
15-Sep-2012 |
guenther |
Improve POSIX/SUS compliance of <netdb.h>, <sys/socket.h>, and <sys/un.h>.
Much ports testing of various versions by naddy@ and jasper@ ok matthew@, miller@
|
Revision tags: OPENBSD_5_2_BASE
|
#
1.57 |
|
10-Jul-2012 |
guenther |
Instead of <arpa/inet.h> pulling in <netinet/in.h>, just copy in the three things that it needed from there: INET_ADDRSTRLEN, INET6_ADDRSTRLEN, and struct in_addr. Add protecting #ifndefs to netinet6?/in6?.h for those.
ok deraadt@
|
#
1.56 |
|
26-Jun-2012 |
guenther |
Improve compliance for <arpa/inet.h> and <netinet/in.h> to define/declare all the symbols that POSIX says they must and fewer that they can't and, most importantly, to not require a specific ordering of headers.
ports testing by naddy@ ok millert@ deraadt@
|
Revision tags: OPENBSD_5_1_BASE
|
#
1.55 |
|
24-Nov-2011 |
sperreault |
rdomain support for IPv6 ok mikeb
|
#
1.54 |
|
13-Oct-2011 |
claudio |
Since the IPv6 madness is not enough introduce NAT64 -- which is actually "af-to" a generic IP version translator for pf(4). Not everything perfect yet but lets fix these things in the tree. Insane amount of work done by sperreault@, mikeb@ and reyk@. Looked over by mcbride@ henning@ and myself at eurobsdcon. OK mcbride@ and general put it in from deraadt@
|
Revision tags: OPENBSD_5_0_BASE
|
#
1.53 |
|
02-May-2011 |
mikeb |
recognize SO_RTABLE socket option at the SOL_SOCKET level; discussed with and ok claudio
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.52 |
|
23-Sep-2010 |
yasuoka |
add a new IP level socket option IP_PIPEX. This option is used for L2TP support by pipex. OK henning@, "Carry on" blambert@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.51 |
|
08-Jul-2010 |
jsg |
remove some unused netinet6 code ok stsp@ henning@ claudio@
|
#
1.50 |
|
07-May-2010 |
claudio |
Start cleaning up the mess called rtalloc*. Kill rtalloc2, make rtalloc1 accept flags for report and nocloning. Move the rtableid into struct route (with a minor twist for now) and make a few more codepathes rdomain aware. Appart from the pf.c and route.c bits the diff is mostly mechanical. More to come... OK michele, henning
|
#
1.49 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.48 |
|
05-Nov-2009 |
michele |
IPv6 support for divert sockets.
tested by phessler@ pyr@ ok claudio@ "go ahead" deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.47 |
|
25-Nov-2008 |
markus |
delay /etc/netstart until IPv6-DAD (dup-address-detection) is completed. ok fries, hshoexer, claudio
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.46 |
|
11-Jun-2008 |
mcbride |
From KAME, allow adjustable limits on NDP entries and discovered routes.
ok mpf naddy
|
#
1.45 |
|
09-Mar-2008 |
sobrado |
use the right capitalization for platform names
ok jsing@
|
Revision tags: OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.44 |
|
22-Jan-2007 |
miod |
Fix KAME cvsweb urls
|
#
1.43 |
|
09-Dec-2006 |
itojun |
switch IPv6 advanced API from RFC2292 to RFC3542 (2292 is superseded by 3542). the kernel still handles RFC2292 set/getsockopts, so that compiled binary has no trouble running. userland sees RFC3542 symbols only on header file so new code has to use RFC3542 API.
bump libc shlib minor for function additions.
tested on i386/amd64 by jmc, i386 by brad. checked by deraadt.
|
#
1.42 |
|
21-Nov-2006 |
itojun |
introduce sysctl net.inet6.ip6.multicast_mtudisc (for multicast routers). deraadt ok. manpage nit by jmc.
|
#
1.41 |
|
17-Nov-2006 |
itojun |
move comment to a line where it makes more sense
|
#
1.40 |
|
17-Nov-2006 |
itojun |
change semantics of ff01::/16 to interface local multicast (to sync up with more recent IPv6 spec)
ok from: deraadt mcbride
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.39 |
|
18-Jun-2006 |
pascoe |
Add support for equal-cost multipath IP.
To minimise path disruptions, this implements recommendations made in RFC2992 - the hash-threshold mechanism to select paths based on source/destination IP address pairs, and inserts multipath routes in the middle of the route table.
To enable multipath distribution, use: sysctl net.inet.ip.multipath=1 and/or: sysctl net.inet6.ip6.multipath=1
testing norby@ ok claudio@ henning@ hshoexer@
|
#
1.38 |
|
27-May-2006 |
claudio |
Do the same thing as for IPv4. Use a sysctl to enable/disable mfrowarding and additionaly make the code part of the MROUTING option. Put it in deraadt@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.37 |
|
13-Dec-2005 |
millert |
First step in include files overhaul. Use __FOO_VISIBLE (as defined in sys/cdefs.h) instead of _FOO_SOURCE. Also fix several namespace pollution issues, including the byte order defines. OK deraadt@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.36 |
|
21-Jun-2004 |
tholo |
First step towards more sane time handling in the kernel -- this changes things such that code that only need a second-resolution uptime or wall time, and used to get that from time.tv_secs or mono_time.tv_secs now get this from separate time_t globals time_second and time_uptime.
ok art@ niklas@ nordin@
|
Revision tags: SMP_SYNC_A
|
#
1.35 |
|
12-Jun-2004 |
itojun |
support IPV6_USE_MIN_MTU, to make BIND9 better. (sorry about the mess yesterday)
|
#
1.34 |
|
11-Jun-2004 |
deraadt |
back out tree breakage. Like, come on
|
#
1.33 |
|
11-Jun-2004 |
itojun |
support IPV6_USE_MIN_MTU, which is needed to run BIND9 well. from kame markus ok
|
Revision tags: OPENBSD_3_5_BASE SMP_SYNC_B
|
#
1.32 |
|
15-Feb-2004 |
markus |
switch to sysctl_int_arr(); ok itojun, henning, miod, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.31 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_A UBC_SYNC_B
|
#
1.30 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.29 |
|
07-Jun-2002 |
itojun |
mistake in sysctl table
|
#
1.28 |
|
07-Jun-2002 |
itojun |
just for consistency/compatibility, have net.inet6.ip6.v6only sysctl MIB, as well as set/getsockopt(IPV6_V6ONLY).
|
#
1.27 |
|
28-May-2002 |
itojun |
limit number of IPv6 fragments (not the fragment queue size) to fight against lots-of-frags DoS attacks. sync w/kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.26 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.25 |
|
07-Dec-2001 |
itojun |
branches: 1.25.2; whitespace/comment sync with kame
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.24 |
|
19-Sep-2001 |
itojun |
comment; sockopt # 57-59 are also reserved
|
#
1.23 |
|
22-Aug-2001 |
niklas |
Add IPCOMP setsockopt policy controls. While here fix the other policies too
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.22 |
|
30-Mar-2001 |
itojun |
fix constness of IN6_{IS,ARE}_xx macros to conform to RFC2553. sync with kame.
|
#
1.21 |
|
02-Mar-2001 |
itojun |
remove date string from KAME version identification, it is getting meaningless as we merge random items daily. have comment that refers to kame COVERAGE document. sync with kame
|
#
1.20 |
|
16-Feb-2001 |
itojun |
get rid of #ifdef IPV6FIREWALL (never used, will never be used)
|
#
1.19 |
|
16-Feb-2001 |
itojun |
pull in new pcb notification code from kame. better handling of scope address.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.18 |
|
17-Oct-2000 |
itojun |
use __P() in prototype for non-ansi compilers. From: Michael Shalayeff <mickey@lucifier.remote.dti.net>
|
#
1.17 |
|
27-Aug-2000 |
itojun |
move IPv6 IPsec sysctl # downward, to avoid number conflict in *BSD. angelos ok
|
#
1.16 |
|
16-Jul-2000 |
itojun |
don't pull sys/queue.h in. sync better with kame.
|
#
1.15 |
|
25-Jun-2000 |
aaron |
Fix typo; ds@ds.primasoft.bg
|
#
1.14 |
|
18-Jun-2000 |
itojun |
allow IPsec-related get/setsockopt on IPv6 socket. due to number conflict they must be IPV6_xx instead of IP_xx.
actually, since in_ctloutput() does not check address family of inpcb, getsockopt(IPPROTO_IP, IP_xx) may work - never tested this.
|
#
1.13 |
|
25-May-2000 |
itojun |
net.inet.ip.gif_ttl (and IPv6 counterpart) is never used. enforce type checking on IN6_ARE_ADDR_EQUAL.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.12 |
|
28-Feb-2000 |
itojun |
bring in recent KAME changes (only important and stable ones, as usual). - remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works just like "arp -s". - revise source address selection. be more careful about use of yet-to-be-valid addresses as source. - as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope packet forwarding attempt. - path MTU discovery takes care of routing header properly. - be more strict about mbuf chain parsing. - nuke xxCTL_VARS #define, they are for BSDI. - disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit IPv6 model where multiple address on interface is normal. (kernel side supports them for a while for backward compat, the support will be nuked shortly) - introduce "default outgoing interface" (for spec conformance in very rare case)
|
#
1.11 |
|
19-Feb-2000 |
deraadt |
use more modern types
|
Revision tags: SMP_BASE
|
#
1.10 |
|
09-Feb-2000 |
itojun |
branches: 1.10.2; improve RFC2553/2292 conformance. netinet6/{ip6,icmp6,in6}.h should not be included. neitnet6/{ip6,icmp6}.h includes #error statements only - i'll remove them couple of days later.
|
#
1.9 |
|
10-Dec-1999 |
angelos |
Add RCS tags, remove unused header files and code, remove a few unnecessary ifdefs...
|
Revision tags: kame_19991208
|
#
1.8 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
Revision tags: OPENBSD_2_5_BASE OPENBSD_2_6_BASE
|
#
1.7 |
|
24-Mar-1999 |
cmetz |
Replace 'in6a_words' (old NRL convention) with 's6_addr32' (new BSDI et al. convention that is more common and more specific as to the access size)
|
#
1.6 |
|
09-Mar-1999 |
cmetz |
Demangled the INET6 stuff so as not to require any extra options and not to be mutually exclusive with the IPSEC option.
|
#
1.5 |
|
24-Feb-1999 |
cmetz |
Synchronized changes needed to integrate into OpenBSD with the NRL source tree so we can have a unified netinet6 directory.
|
#
1.4 |
|
11-Jan-1999 |
deraadt |
_KERNEL, and other cleanup
|
#
1.3 |
|
10-Jan-1999 |
deraadt |
merge INPROTO_* tables
|
#
1.2 |
|
08-Jan-1999 |
deraadt |
use _KERNEL, add ipv6intrq decl
|
#
1.1 |
|
07-Jan-1999 |
deraadt |
missed file
|
#
1.109 |
|
02-Jun-2021 |
dlg |
factor out the code that does sanity checks on ipv6 headers and addresses.
this will allow these checks to be reused for ip packet inspection in bridge, veb, and tpmr.
ok bluhm@ sashan@
|
Revision tags: OPENBSD_6_9_BASE
|
#
1.108 |
|
10-Mar-2021 |
jsg |
spelling
ok gnezdo@ semarie@ mpi@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.107 |
|
24-Aug-2020 |
gnezdo |
Convert ip6_sysctl to sysctl_bounded_args
Tighter limits and OK by sashan
|
#
1.106 |
|
24-Jun-2020 |
cheloha |
kernel: use gettime(9)/getuptime(9) in lieu of time_second(9)/time_uptime(9)
time_second(9) and time_uptime(9) are widely used in the kernel to quickly get the system UTC or system uptime as a time_t. However, time_t is 64-bit everywhere, so it is not generally safe to use them on 32-bit platforms: you have a split-read problem if your hardware cannot perform atomic 64-bit reads.
This patch replaces time_second(9) with gettime(9), a safer successor interface, throughout the kernel. Similarly, time_uptime(9) is replaced with getuptime(9).
There is a performance cost on 32-bit platforms in exchange for eliminating the split-read problem: instead of two register reads you now have a lockless read loop to pull the values from the timehands. This is really not *too* bad in the grand scheme of things, but compared to what we were doing before it is several times slower.
There is no performance cost on 64-bit (__LP64__) platforms.
With input from visa@, dlg@, and tedu@.
Several bugs squashed by visa@.
ok kettenis@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.105 |
|
11-Nov-2019 |
bluhm |
Kernel is missing propper input validation when configuring IPv6 addresses. Implement in6_sa2sin6() to validate inet6 address family and address length. The SIOCGIFDSTADDR_IN6, SIOCGIFNETMASK_IN6, SIOCGIFAFLAG_IN6, SIOCGIFALIFETIME_IN6, and SIOCDIFADDR_IN6 ioctl(2) are safe now. OK visa@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.104 |
|
22-Apr-2019 |
bluhm |
In in_cksum() and in6_cksum() convert types to C99 style and make both functions consistent. In in_cksum() panic if len is longer than mbuf, but in in6_cksum() do not panic if off and len match exactly to the end of mbuf. OK claudio@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.103 |
|
11-Sep-2018 |
bluhm |
Convert inetctlerrmap to u_char like inet6ctlerrmap. That is also what FreeBSD does. Remove old #if 0 version of inet6ctlerrmap. OK mpi@
|
#
1.102 |
|
07-Jun-2018 |
bluhm |
The global zero addresses must not change, mark them constant. OK tb@ visa@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.101 |
|
10-Feb-2018 |
florian |
Implement RFC 7217: "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration."
"An IPv6 address configured using this method is stable within each subnet, but the corresponding Interface Identifier changes when the host moves from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware addresses."
OK naddy, sthen
|
#
1.100 |
|
20-Nov-2017 |
mpi |
Sprinkle some NET_ASSERT_LOCKED(), const and co to prepare running pr_input handlers without KERNEL_LOCK().
ok visa@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.99 |
|
01-Sep-2017 |
florian |
Use in6_get_rand_ifid() instead of get_last_resort_ifid() and delete the get_last_resort_ifid() function because eww. Also if your system is so constraint that you end up in in6_get_rand_ifid() you don't deserve a random ifid that stays stable over reboots. Simplify code a bit since get_ifid() can no longer fail. It couldn't fail before either because that code path was #if 0'ed. While here sprinkle in some in6_ prefixes, pointed out by stsp. OK stsp
|
#
1.98 |
|
11-Aug-2017 |
bluhm |
Validate sockaddr from userland in central functions. This results in common checks for unix, inet, inet6 instead of partial checks here and there. Some checks are already done at a higher layer, but better be paranoid with user input. OK claudio@ millert@
|
#
1.97 |
|
13-Jul-2017 |
florian |
Get rid of ip6.maxifprefixes and ip6.maxifdefrouters, the kernel no longer tracks prefixes or default routers from router advertisements. Pointed out by jmc. ports tree grepping sthen, who only found nsh OK mpi, sthen
|
#
1.96 |
|
30-May-2017 |
mpi |
Keep ipv6_input() definition inside _KERNEL.
Unbreak userland, found the hardway by deraadt@
|
#
1.95 |
|
30-May-2017 |
mpi |
Introduce ipv{4,6}_input(), two wrappers around IP queues.
This will help transitionning to an un-KERNEL_LOCK()ed IP forwarding path.
Disucssed with bluhm@, ok claudio@
|
#
1.94 |
|
04-May-2017 |
bluhm |
Introduce sstosa() for converting sockaddr_storage with a type safe inline function instead of casting it to sockaddr. While there, use inline instead of __inline for all these conversions. Some struct sockaddr casts can be avoided completely. OK dhill@ mpi@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.93 |
|
22-Feb-2017 |
renato |
Fix comments about a few ipv6 sockoptions
OK millert@ florian@
|
#
1.92 |
|
22-Dec-2016 |
rzalamena |
Remove PIM support from the multicast stack.
ok mpi@
|
#
1.91 |
|
03-Oct-2016 |
mpi |
Convert some of the remaining usages of time_second to time_uptime.
time_second is unix time so it can be affected by clock changes. time_uptime is monotonic so it isnt affected by clock changes. that in turn means route expiries wont jump with clock changes if set against time_uptime.
the expiry is translated into unix time for export to userland though.
Should fix mismatch between route timers that were already converted and ND default routers that were still using time_second.
Tested by matthieu@ and sthen@
ok sthen@, dlg@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.90 |
|
27-Jun-2016 |
jca |
Implement IPV6_MINHOPCOUNT support.
Useful to implement GTSM support in daemons such as bgpd(8). Diff from 2013 revived by renato@. Input from bluhm@, ok bluhm@ deraadt@
|
#
1.89 |
|
01-Jun-2016 |
jca |
Kill sysctl net.inet6.ip6.rr_prune
We don't support Router Renumbering and there are no plans to change that. ok mpi@
|
#
1.88 |
|
19-May-2016 |
jca |
Remove sysctl net.inet6.ip6.v6only
This sysctl is a no-op, read-only since it was introduced. There are no plans to support IPv4-mapped addresses on OpenBSD, thus this sysctl is meaningless.
Noticed by djm@, ok claudio@ mpi@ sthen@ henning@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.87 |
|
03-Dec-2015 |
tedu |
rm unused kernel only IPV6_RECVRTHDRDSTOPTS sockopt. ok deraadt sthen
|
#
1.86 |
|
29-Oct-2015 |
tedu |
RFC 2292 API support was removed 9 years ago, but left in a binary compat ABI form for the sake of existing programs. no programs from that era have been able to run for quite some time. Kill it all. ok deraadt florian millert mpi (I believe this is my first IPv6 diff. Future, here I come!)
|
#
1.85 |
|
11-Sep-2015 |
claudio |
in6_embedscope() needs to lose some weight. Remove the last argument. In all but two calls NULL is passed and in the other 2 cases the ifp is only used to maybe feed it to in6_selecthlim() to select the hoplimit for the link. Since in6_embedscope() only works on link-local addresses it does not matter what hop limit we select since the destination is directly reachable. OK florian@ mpi@
|
#
1.84 |
|
10-Sep-2015 |
claudio |
It is time to put inet6 on a diet. Use the flensing knife and cut out the 3rd argument of in6_recoverscope() and make it return void. OK dlg@ mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.83 |
|
08-Jun-2015 |
krw |
More damned eye searing whitespace. No change to .o files.
|
#
1.82 |
|
14-Apr-2015 |
mikeb |
ip6_sprintf is long gone; noticed by blambert
|
#
1.81 |
|
10-Apr-2015 |
dlg |
replace the use of ifqueues for most input queues serviced by netisr with niqueues.
this change is so big because there's a lot of code that takes pointers to different input queues (eg, ether_input picks between ipv4, ipv6, pppoe, arp, and mpls input queues) and falls through to code to enqueue packets against the pointer. if i changed only one of the input queues id have to add sepearate code paths, one for ifqueues and one for niqueues in each of these places
by flipping all these input queues at once i can keep the currently common code common.
testing by mpi@ sthen@ and rafael zalamena ok mpi@ sthen@ claudio@ henning@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.80 |
|
09-Feb-2015 |
claudio |
Implement 2 sysctl to retrieve the multicast forwarding cache (mf6c) and the multicast interface table (mif6). Will be used by netstat soon. Looked over by guenther@
|
#
1.79 |
|
09-Feb-2015 |
dlg |
provide a net.inet6.ip6.ifq sysctl so people can see and fiddle with the ip6intrq.
ok claudio@
|
#
1.78 |
|
10-Jan-2015 |
mpi |
Correct some comments and merge in6_if_up() into in6_ifattach() to reflect that IPv6 link-local addresses are no longer automagically configured the first time an interface is brought up.
ok henning@, stsp@
|
#
1.77 |
|
05-Dec-2014 |
mpi |
Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.
ok mikeb@, krw@, bluhm@, tedu@
|
#
1.76 |
|
20-Nov-2014 |
mpi |
What have no need for a variable that holds the maximum MTU size of interfaces with an IPv6 address.
ok henning@, mikeb@, deraadt@
|
#
1.75 |
|
31-Aug-2014 |
bluhm |
Make the in6addr constant declarations and definitions consistent in kernel and user land. OK florian@ mpi@
|
#
1.74 |
|
26-Aug-2014 |
florian |
Do not hand-roll all routers link local address. pointed out & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.73 |
|
11-Jul-2014 |
henning |
introduce the IFXF_AUTOCONF6 interface flag which controls wether we accept rtadvs on that interface. the global net.inet6.ip6.accept_rtadv sysctl just doesn't cut it, even tho the spec wants that - but in their little absurd world, a host just has one interface by definition anyway... the sysctlgoes away. lots of head scratching, brain cell elemination etc from bluhm benno stsp florian, excitement from simon and todd, ok bluhm stsp benno florian
|
#
1.72 |
|
13-Jun-2014 |
chrisz |
Remove deprecated RFC2292 ancillary data convenience functions. They are obsoleted by the RFC3542 api.
ok mpi@
|
#
1.71 |
|
20-Apr-2014 |
naddy |
move in6_cksum_phdr from in6.h to ip6_output.c to mirror in_cksum_phdr ok henning@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.70 |
|
22-Jan-2014 |
naddy |
Split the checksum calculation for IPv6 like for IPv4: Always calculate the pseudo-header checksum. Complete the checksum if hardware offload is not available.
Parts originally from NetBSD; ok henning@
|
#
1.69 |
|
28-Oct-2013 |
deraadt |
kill kame version symbols and sysctl ports tree grep run by sthen
|
#
1.68 |
|
24-Oct-2013 |
mpi |
Remove the number of in6_var.h inclusions by moving some functions and global variables to in6.h.
ok deraadt@
|
#
1.67 |
|
24-Oct-2013 |
deraadt |
Significant namespace cleanup of netinet6 symbols.
One worrying bit is in icmp6.h where some htols() and htonl() are added, which may affect compatibility down the line. This component can be reverted if issues show up. Ports tree greps indicate no issue.
ok claudio mpi etc
|
#
1.66 |
|
21-Oct-2013 |
deraadt |
There are gasps of shock! Add a pmtu delay sysctl BUTTON for netinet6, making the code the same as netinet4 along the way. ok bluhm phessler
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.65 |
|
26-Jun-2013 |
henning |
put the cksum diff back, of course with the bug fixed where we could under some circumstances repair broken checksums on the way. ok ryan naddy mikeb . redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers.
|
#
1.64 |
|
28-Mar-2013 |
bluhm |
Convert the satosin, sintosa, ifatoia, satosin6, sin6tosa, ifatoia6 defines into static inline functions. This allows the compiler to check the source type before casting. liked by many; OK mpi@ haesbaert@
|
#
1.63 |
|
14-Mar-2013 |
mpi |
My lack of faith... These lines should stay, reported by ajacoutot@.
ok sthen@
|
#
1.62 |
|
14-Mar-2013 |
mpi |
tedu faith(4), suggested by todd@ some weeks ago after a submission by dhill.
ok krw@, mikeb@, tedu@ (implicit)
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.61 |
|
06-Nov-2012 |
henning |
backout csum diff for the moment, requested by theo
|
#
1.60 |
|
01-Nov-2012 |
henning |
redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers. ok camield sthen claudio, testing by many, thanks!
|
#
1.59 |
|
17-Sep-2012 |
yasuoka |
add IPV6_RECVDSTPORT socket option, which enables us to get original (= before divert) destination port of a UDP packet. The way to use this option is same as IP_RECVDSTPORT.
from UMEZAWA Takeshi tweaks from jmc; ok henning bluhm
|
#
1.58 |
|
15-Sep-2012 |
guenther |
Improve POSIX/SUS compliance of <netdb.h>, <sys/socket.h>, and <sys/un.h>.
Much ports testing of various versions by naddy@ and jasper@ ok matthew@, miller@
|
Revision tags: OPENBSD_5_2_BASE
|
#
1.57 |
|
10-Jul-2012 |
guenther |
Instead of <arpa/inet.h> pulling in <netinet/in.h>, just copy in the three things that it needed from there: INET_ADDRSTRLEN, INET6_ADDRSTRLEN, and struct in_addr. Add protecting #ifndefs to netinet6?/in6?.h for those.
ok deraadt@
|
#
1.56 |
|
26-Jun-2012 |
guenther |
Improve compliance for <arpa/inet.h> and <netinet/in.h> to define/declare all the symbols that POSIX says they must and fewer that they can't and, most importantly, to not require a specific ordering of headers.
ports testing by naddy@ ok millert@ deraadt@
|
Revision tags: OPENBSD_5_1_BASE
|
#
1.55 |
|
24-Nov-2011 |
sperreault |
rdomain support for IPv6 ok mikeb
|
#
1.54 |
|
13-Oct-2011 |
claudio |
Since the IPv6 madness is not enough introduce NAT64 -- which is actually "af-to" a generic IP version translator for pf(4). Not everything perfect yet but lets fix these things in the tree. Insane amount of work done by sperreault@, mikeb@ and reyk@. Looked over by mcbride@ henning@ and myself at eurobsdcon. OK mcbride@ and general put it in from deraadt@
|
Revision tags: OPENBSD_5_0_BASE
|
#
1.53 |
|
02-May-2011 |
mikeb |
recognize SO_RTABLE socket option at the SOL_SOCKET level; discussed with and ok claudio
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.52 |
|
23-Sep-2010 |
yasuoka |
add a new IP level socket option IP_PIPEX. This option is used for L2TP support by pipex. OK henning@, "Carry on" blambert@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.51 |
|
08-Jul-2010 |
jsg |
remove some unused netinet6 code ok stsp@ henning@ claudio@
|
#
1.50 |
|
07-May-2010 |
claudio |
Start cleaning up the mess called rtalloc*. Kill rtalloc2, make rtalloc1 accept flags for report and nocloning. Move the rtableid into struct route (with a minor twist for now) and make a few more codepathes rdomain aware. Appart from the pf.c and route.c bits the diff is mostly mechanical. More to come... OK michele, henning
|
#
1.49 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.48 |
|
05-Nov-2009 |
michele |
IPv6 support for divert sockets.
tested by phessler@ pyr@ ok claudio@ "go ahead" deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.47 |
|
25-Nov-2008 |
markus |
delay /etc/netstart until IPv6-DAD (dup-address-detection) is completed. ok fries, hshoexer, claudio
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.46 |
|
11-Jun-2008 |
mcbride |
From KAME, allow adjustable limits on NDP entries and discovered routes.
ok mpf naddy
|
#
1.45 |
|
09-Mar-2008 |
sobrado |
use the right capitalization for platform names
ok jsing@
|
Revision tags: OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.44 |
|
22-Jan-2007 |
miod |
Fix KAME cvsweb urls
|
#
1.43 |
|
09-Dec-2006 |
itojun |
switch IPv6 advanced API from RFC2292 to RFC3542 (2292 is superseded by 3542). the kernel still handles RFC2292 set/getsockopts, so that compiled binary has no trouble running. userland sees RFC3542 symbols only on header file so new code has to use RFC3542 API.
bump libc shlib minor for function additions.
tested on i386/amd64 by jmc, i386 by brad. checked by deraadt.
|
#
1.42 |
|
21-Nov-2006 |
itojun |
introduce sysctl net.inet6.ip6.multicast_mtudisc (for multicast routers). deraadt ok. manpage nit by jmc.
|
#
1.41 |
|
17-Nov-2006 |
itojun |
move comment to a line where it makes more sense
|
#
1.40 |
|
17-Nov-2006 |
itojun |
change semantics of ff01::/16 to interface local multicast (to sync up with more recent IPv6 spec)
ok from: deraadt mcbride
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.39 |
|
18-Jun-2006 |
pascoe |
Add support for equal-cost multipath IP.
To minimise path disruptions, this implements recommendations made in RFC2992 - the hash-threshold mechanism to select paths based on source/destination IP address pairs, and inserts multipath routes in the middle of the route table.
To enable multipath distribution, use: sysctl net.inet.ip.multipath=1 and/or: sysctl net.inet6.ip6.multipath=1
testing norby@ ok claudio@ henning@ hshoexer@
|
#
1.38 |
|
27-May-2006 |
claudio |
Do the same thing as for IPv4. Use a sysctl to enable/disable mfrowarding and additionaly make the code part of the MROUTING option. Put it in deraadt@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.37 |
|
13-Dec-2005 |
millert |
First step in include files overhaul. Use __FOO_VISIBLE (as defined in sys/cdefs.h) instead of _FOO_SOURCE. Also fix several namespace pollution issues, including the byte order defines. OK deraadt@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.36 |
|
21-Jun-2004 |
tholo |
First step towards more sane time handling in the kernel -- this changes things such that code that only need a second-resolution uptime or wall time, and used to get that from time.tv_secs or mono_time.tv_secs now get this from separate time_t globals time_second and time_uptime.
ok art@ niklas@ nordin@
|
Revision tags: SMP_SYNC_A
|
#
1.35 |
|
12-Jun-2004 |
itojun |
support IPV6_USE_MIN_MTU, to make BIND9 better. (sorry about the mess yesterday)
|
#
1.34 |
|
11-Jun-2004 |
deraadt |
back out tree breakage. Like, come on
|
#
1.33 |
|
11-Jun-2004 |
itojun |
support IPV6_USE_MIN_MTU, which is needed to run BIND9 well. from kame markus ok
|
Revision tags: OPENBSD_3_5_BASE SMP_SYNC_B
|
#
1.32 |
|
15-Feb-2004 |
markus |
switch to sysctl_int_arr(); ok itojun, henning, miod, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.31 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_A UBC_SYNC_B
|
#
1.30 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.29 |
|
07-Jun-2002 |
itojun |
mistake in sysctl table
|
#
1.28 |
|
07-Jun-2002 |
itojun |
just for consistency/compatibility, have net.inet6.ip6.v6only sysctl MIB, as well as set/getsockopt(IPV6_V6ONLY).
|
#
1.27 |
|
28-May-2002 |
itojun |
limit number of IPv6 fragments (not the fragment queue size) to fight against lots-of-frags DoS attacks. sync w/kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.26 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.25 |
|
07-Dec-2001 |
itojun |
branches: 1.25.2; whitespace/comment sync with kame
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.24 |
|
19-Sep-2001 |
itojun |
comment; sockopt # 57-59 are also reserved
|
#
1.23 |
|
22-Aug-2001 |
niklas |
Add IPCOMP setsockopt policy controls. While here fix the other policies too
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.22 |
|
30-Mar-2001 |
itojun |
fix constness of IN6_{IS,ARE}_xx macros to conform to RFC2553. sync with kame.
|
#
1.21 |
|
02-Mar-2001 |
itojun |
remove date string from KAME version identification, it is getting meaningless as we merge random items daily. have comment that refers to kame COVERAGE document. sync with kame
|
#
1.20 |
|
16-Feb-2001 |
itojun |
get rid of #ifdef IPV6FIREWALL (never used, will never be used)
|
#
1.19 |
|
16-Feb-2001 |
itojun |
pull in new pcb notification code from kame. better handling of scope address.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.18 |
|
17-Oct-2000 |
itojun |
use __P() in prototype for non-ansi compilers. From: Michael Shalayeff <mickey@lucifier.remote.dti.net>
|
#
1.17 |
|
27-Aug-2000 |
itojun |
move IPv6 IPsec sysctl # downward, to avoid number conflict in *BSD. angelos ok
|
#
1.16 |
|
16-Jul-2000 |
itojun |
don't pull sys/queue.h in. sync better with kame.
|
#
1.15 |
|
25-Jun-2000 |
aaron |
Fix typo; ds@ds.primasoft.bg
|
#
1.14 |
|
18-Jun-2000 |
itojun |
allow IPsec-related get/setsockopt on IPv6 socket. due to number conflict they must be IPV6_xx instead of IP_xx.
actually, since in_ctloutput() does not check address family of inpcb, getsockopt(IPPROTO_IP, IP_xx) may work - never tested this.
|
#
1.13 |
|
25-May-2000 |
itojun |
net.inet.ip.gif_ttl (and IPv6 counterpart) is never used. enforce type checking on IN6_ARE_ADDR_EQUAL.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.12 |
|
28-Feb-2000 |
itojun |
bring in recent KAME changes (only important and stable ones, as usual). - remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works just like "arp -s". - revise source address selection. be more careful about use of yet-to-be-valid addresses as source. - as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope packet forwarding attempt. - path MTU discovery takes care of routing header properly. - be more strict about mbuf chain parsing. - nuke xxCTL_VARS #define, they are for BSDI. - disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit IPv6 model where multiple address on interface is normal. (kernel side supports them for a while for backward compat, the support will be nuked shortly) - introduce "default outgoing interface" (for spec conformance in very rare case)
|
#
1.11 |
|
19-Feb-2000 |
deraadt |
use more modern types
|
Revision tags: SMP_BASE
|
#
1.10 |
|
09-Feb-2000 |
itojun |
branches: 1.10.2; improve RFC2553/2292 conformance. netinet6/{ip6,icmp6,in6}.h should not be included. neitnet6/{ip6,icmp6}.h includes #error statements only - i'll remove them couple of days later.
|
#
1.9 |
|
10-Dec-1999 |
angelos |
Add RCS tags, remove unused header files and code, remove a few unnecessary ifdefs...
|
Revision tags: kame_19991208
|
#
1.8 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
Revision tags: OPENBSD_2_5_BASE OPENBSD_2_6_BASE
|
#
1.7 |
|
24-Mar-1999 |
cmetz |
Replace 'in6a_words' (old NRL convention) with 's6_addr32' (new BSDI et al. convention that is more common and more specific as to the access size)
|
#
1.6 |
|
09-Mar-1999 |
cmetz |
Demangled the INET6 stuff so as not to require any extra options and not to be mutually exclusive with the IPSEC option.
|
#
1.5 |
|
24-Feb-1999 |
cmetz |
Synchronized changes needed to integrate into OpenBSD with the NRL source tree so we can have a unified netinet6 directory.
|
#
1.4 |
|
11-Jan-1999 |
deraadt |
_KERNEL, and other cleanup
|
#
1.3 |
|
10-Jan-1999 |
deraadt |
merge INPROTO_* tables
|
#
1.2 |
|
08-Jan-1999 |
deraadt |
use _KERNEL, add ipv6intrq decl
|
#
1.1 |
|
07-Jan-1999 |
deraadt |
missed file
|
#
1.108 |
|
10-Mar-2021 |
jsg |
spelling
ok gnezdo@ semarie@ mpi@
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.107 |
|
24-Aug-2020 |
gnezdo |
Convert ip6_sysctl to sysctl_bounded_args
Tighter limits and OK by sashan
|
#
1.106 |
|
24-Jun-2020 |
cheloha |
kernel: use gettime(9)/getuptime(9) in lieu of time_second(9)/time_uptime(9)
time_second(9) and time_uptime(9) are widely used in the kernel to quickly get the system UTC or system uptime as a time_t. However, time_t is 64-bit everywhere, so it is not generally safe to use them on 32-bit platforms: you have a split-read problem if your hardware cannot perform atomic 64-bit reads.
This patch replaces time_second(9) with gettime(9), a safer successor interface, throughout the kernel. Similarly, time_uptime(9) is replaced with getuptime(9).
There is a performance cost on 32-bit platforms in exchange for eliminating the split-read problem: instead of two register reads you now have a lockless read loop to pull the values from the timehands. This is really not *too* bad in the grand scheme of things, but compared to what we were doing before it is several times slower.
There is no performance cost on 64-bit (__LP64__) platforms.
With input from visa@, dlg@, and tedu@.
Several bugs squashed by visa@.
ok kettenis@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.105 |
|
11-Nov-2019 |
bluhm |
Kernel is missing propper input validation when configuring IPv6 addresses. Implement in6_sa2sin6() to validate inet6 address family and address length. The SIOCGIFDSTADDR_IN6, SIOCGIFNETMASK_IN6, SIOCGIFAFLAG_IN6, SIOCGIFALIFETIME_IN6, and SIOCDIFADDR_IN6 ioctl(2) are safe now. OK visa@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.104 |
|
22-Apr-2019 |
bluhm |
In in_cksum() and in6_cksum() convert types to C99 style and make both functions consistent. In in_cksum() panic if len is longer than mbuf, but in in6_cksum() do not panic if off and len match exactly to the end of mbuf. OK claudio@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.103 |
|
11-Sep-2018 |
bluhm |
Convert inetctlerrmap to u_char like inet6ctlerrmap. That is also what FreeBSD does. Remove old #if 0 version of inet6ctlerrmap. OK mpi@
|
#
1.102 |
|
07-Jun-2018 |
bluhm |
The global zero addresses must not change, mark them constant. OK tb@ visa@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.101 |
|
10-Feb-2018 |
florian |
Implement RFC 7217: "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration."
"An IPv6 address configured using this method is stable within each subnet, but the corresponding Interface Identifier changes when the host moves from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware addresses."
OK naddy, sthen
|
#
1.100 |
|
20-Nov-2017 |
mpi |
Sprinkle some NET_ASSERT_LOCKED(), const and co to prepare running pr_input handlers without KERNEL_LOCK().
ok visa@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.99 |
|
01-Sep-2017 |
florian |
Use in6_get_rand_ifid() instead of get_last_resort_ifid() and delete the get_last_resort_ifid() function because eww. Also if your system is so constraint that you end up in in6_get_rand_ifid() you don't deserve a random ifid that stays stable over reboots. Simplify code a bit since get_ifid() can no longer fail. It couldn't fail before either because that code path was #if 0'ed. While here sprinkle in some in6_ prefixes, pointed out by stsp. OK stsp
|
#
1.98 |
|
11-Aug-2017 |
bluhm |
Validate sockaddr from userland in central functions. This results in common checks for unix, inet, inet6 instead of partial checks here and there. Some checks are already done at a higher layer, but better be paranoid with user input. OK claudio@ millert@
|
#
1.97 |
|
13-Jul-2017 |
florian |
Get rid of ip6.maxifprefixes and ip6.maxifdefrouters, the kernel no longer tracks prefixes or default routers from router advertisements. Pointed out by jmc. ports tree grepping sthen, who only found nsh OK mpi, sthen
|
#
1.96 |
|
30-May-2017 |
mpi |
Keep ipv6_input() definition inside _KERNEL.
Unbreak userland, found the hardway by deraadt@
|
#
1.95 |
|
30-May-2017 |
mpi |
Introduce ipv{4,6}_input(), two wrappers around IP queues.
This will help transitionning to an un-KERNEL_LOCK()ed IP forwarding path.
Disucssed with bluhm@, ok claudio@
|
#
1.94 |
|
04-May-2017 |
bluhm |
Introduce sstosa() for converting sockaddr_storage with a type safe inline function instead of casting it to sockaddr. While there, use inline instead of __inline for all these conversions. Some struct sockaddr casts can be avoided completely. OK dhill@ mpi@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.93 |
|
22-Feb-2017 |
renato |
Fix comments about a few ipv6 sockoptions
OK millert@ florian@
|
#
1.92 |
|
22-Dec-2016 |
rzalamena |
Remove PIM support from the multicast stack.
ok mpi@
|
#
1.91 |
|
03-Oct-2016 |
mpi |
Convert some of the remaining usages of time_second to time_uptime.
time_second is unix time so it can be affected by clock changes. time_uptime is monotonic so it isnt affected by clock changes. that in turn means route expiries wont jump with clock changes if set against time_uptime.
the expiry is translated into unix time for export to userland though.
Should fix mismatch between route timers that were already converted and ND default routers that were still using time_second.
Tested by matthieu@ and sthen@
ok sthen@, dlg@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.90 |
|
27-Jun-2016 |
jca |
Implement IPV6_MINHOPCOUNT support.
Useful to implement GTSM support in daemons such as bgpd(8). Diff from 2013 revived by renato@. Input from bluhm@, ok bluhm@ deraadt@
|
#
1.89 |
|
01-Jun-2016 |
jca |
Kill sysctl net.inet6.ip6.rr_prune
We don't support Router Renumbering and there are no plans to change that. ok mpi@
|
#
1.88 |
|
19-May-2016 |
jca |
Remove sysctl net.inet6.ip6.v6only
This sysctl is a no-op, read-only since it was introduced. There are no plans to support IPv4-mapped addresses on OpenBSD, thus this sysctl is meaningless.
Noticed by djm@, ok claudio@ mpi@ sthen@ henning@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.87 |
|
03-Dec-2015 |
tedu |
rm unused kernel only IPV6_RECVRTHDRDSTOPTS sockopt. ok deraadt sthen
|
#
1.86 |
|
29-Oct-2015 |
tedu |
RFC 2292 API support was removed 9 years ago, but left in a binary compat ABI form for the sake of existing programs. no programs from that era have been able to run for quite some time. Kill it all. ok deraadt florian millert mpi (I believe this is my first IPv6 diff. Future, here I come!)
|
#
1.85 |
|
11-Sep-2015 |
claudio |
in6_embedscope() needs to lose some weight. Remove the last argument. In all but two calls NULL is passed and in the other 2 cases the ifp is only used to maybe feed it to in6_selecthlim() to select the hoplimit for the link. Since in6_embedscope() only works on link-local addresses it does not matter what hop limit we select since the destination is directly reachable. OK florian@ mpi@
|
#
1.84 |
|
10-Sep-2015 |
claudio |
It is time to put inet6 on a diet. Use the flensing knife and cut out the 3rd argument of in6_recoverscope() and make it return void. OK dlg@ mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.83 |
|
08-Jun-2015 |
krw |
More damned eye searing whitespace. No change to .o files.
|
#
1.82 |
|
14-Apr-2015 |
mikeb |
ip6_sprintf is long gone; noticed by blambert
|
#
1.81 |
|
10-Apr-2015 |
dlg |
replace the use of ifqueues for most input queues serviced by netisr with niqueues.
this change is so big because there's a lot of code that takes pointers to different input queues (eg, ether_input picks between ipv4, ipv6, pppoe, arp, and mpls input queues) and falls through to code to enqueue packets against the pointer. if i changed only one of the input queues id have to add sepearate code paths, one for ifqueues and one for niqueues in each of these places
by flipping all these input queues at once i can keep the currently common code common.
testing by mpi@ sthen@ and rafael zalamena ok mpi@ sthen@ claudio@ henning@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.80 |
|
09-Feb-2015 |
claudio |
Implement 2 sysctl to retrieve the multicast forwarding cache (mf6c) and the multicast interface table (mif6). Will be used by netstat soon. Looked over by guenther@
|
#
1.79 |
|
09-Feb-2015 |
dlg |
provide a net.inet6.ip6.ifq sysctl so people can see and fiddle with the ip6intrq.
ok claudio@
|
#
1.78 |
|
10-Jan-2015 |
mpi |
Correct some comments and merge in6_if_up() into in6_ifattach() to reflect that IPv6 link-local addresses are no longer automagically configured the first time an interface is brought up.
ok henning@, stsp@
|
#
1.77 |
|
05-Dec-2014 |
mpi |
Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.
ok mikeb@, krw@, bluhm@, tedu@
|
#
1.76 |
|
20-Nov-2014 |
mpi |
What have no need for a variable that holds the maximum MTU size of interfaces with an IPv6 address.
ok henning@, mikeb@, deraadt@
|
#
1.75 |
|
31-Aug-2014 |
bluhm |
Make the in6addr constant declarations and definitions consistent in kernel and user land. OK florian@ mpi@
|
#
1.74 |
|
26-Aug-2014 |
florian |
Do not hand-roll all routers link local address. pointed out & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.73 |
|
11-Jul-2014 |
henning |
introduce the IFXF_AUTOCONF6 interface flag which controls wether we accept rtadvs on that interface. the global net.inet6.ip6.accept_rtadv sysctl just doesn't cut it, even tho the spec wants that - but in their little absurd world, a host just has one interface by definition anyway... the sysctlgoes away. lots of head scratching, brain cell elemination etc from bluhm benno stsp florian, excitement from simon and todd, ok bluhm stsp benno florian
|
#
1.72 |
|
13-Jun-2014 |
chrisz |
Remove deprecated RFC2292 ancillary data convenience functions. They are obsoleted by the RFC3542 api.
ok mpi@
|
#
1.71 |
|
20-Apr-2014 |
naddy |
move in6_cksum_phdr from in6.h to ip6_output.c to mirror in_cksum_phdr ok henning@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.70 |
|
22-Jan-2014 |
naddy |
Split the checksum calculation for IPv6 like for IPv4: Always calculate the pseudo-header checksum. Complete the checksum if hardware offload is not available.
Parts originally from NetBSD; ok henning@
|
#
1.69 |
|
28-Oct-2013 |
deraadt |
kill kame version symbols and sysctl ports tree grep run by sthen
|
#
1.68 |
|
24-Oct-2013 |
mpi |
Remove the number of in6_var.h inclusions by moving some functions and global variables to in6.h.
ok deraadt@
|
#
1.67 |
|
24-Oct-2013 |
deraadt |
Significant namespace cleanup of netinet6 symbols.
One worrying bit is in icmp6.h where some htols() and htonl() are added, which may affect compatibility down the line. This component can be reverted if issues show up. Ports tree greps indicate no issue.
ok claudio mpi etc
|
#
1.66 |
|
21-Oct-2013 |
deraadt |
There are gasps of shock! Add a pmtu delay sysctl BUTTON for netinet6, making the code the same as netinet4 along the way. ok bluhm phessler
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.65 |
|
26-Jun-2013 |
henning |
put the cksum diff back, of course with the bug fixed where we could under some circumstances repair broken checksums on the way. ok ryan naddy mikeb . redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers.
|
#
1.64 |
|
28-Mar-2013 |
bluhm |
Convert the satosin, sintosa, ifatoia, satosin6, sin6tosa, ifatoia6 defines into static inline functions. This allows the compiler to check the source type before casting. liked by many; OK mpi@ haesbaert@
|
#
1.63 |
|
14-Mar-2013 |
mpi |
My lack of faith... These lines should stay, reported by ajacoutot@.
ok sthen@
|
#
1.62 |
|
14-Mar-2013 |
mpi |
tedu faith(4), suggested by todd@ some weeks ago after a submission by dhill.
ok krw@, mikeb@, tedu@ (implicit)
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.61 |
|
06-Nov-2012 |
henning |
backout csum diff for the moment, requested by theo
|
#
1.60 |
|
01-Nov-2012 |
henning |
redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers. ok camield sthen claudio, testing by many, thanks!
|
#
1.59 |
|
17-Sep-2012 |
yasuoka |
add IPV6_RECVDSTPORT socket option, which enables us to get original (= before divert) destination port of a UDP packet. The way to use this option is same as IP_RECVDSTPORT.
from UMEZAWA Takeshi tweaks from jmc; ok henning bluhm
|
#
1.58 |
|
15-Sep-2012 |
guenther |
Improve POSIX/SUS compliance of <netdb.h>, <sys/socket.h>, and <sys/un.h>.
Much ports testing of various versions by naddy@ and jasper@ ok matthew@, miller@
|
Revision tags: OPENBSD_5_2_BASE
|
#
1.57 |
|
10-Jul-2012 |
guenther |
Instead of <arpa/inet.h> pulling in <netinet/in.h>, just copy in the three things that it needed from there: INET_ADDRSTRLEN, INET6_ADDRSTRLEN, and struct in_addr. Add protecting #ifndefs to netinet6?/in6?.h for those.
ok deraadt@
|
#
1.56 |
|
26-Jun-2012 |
guenther |
Improve compliance for <arpa/inet.h> and <netinet/in.h> to define/declare all the symbols that POSIX says they must and fewer that they can't and, most importantly, to not require a specific ordering of headers.
ports testing by naddy@ ok millert@ deraadt@
|
Revision tags: OPENBSD_5_1_BASE
|
#
1.55 |
|
24-Nov-2011 |
sperreault |
rdomain support for IPv6 ok mikeb
|
#
1.54 |
|
13-Oct-2011 |
claudio |
Since the IPv6 madness is not enough introduce NAT64 -- which is actually "af-to" a generic IP version translator for pf(4). Not everything perfect yet but lets fix these things in the tree. Insane amount of work done by sperreault@, mikeb@ and reyk@. Looked over by mcbride@ henning@ and myself at eurobsdcon. OK mcbride@ and general put it in from deraadt@
|
Revision tags: OPENBSD_5_0_BASE
|
#
1.53 |
|
02-May-2011 |
mikeb |
recognize SO_RTABLE socket option at the SOL_SOCKET level; discussed with and ok claudio
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.52 |
|
23-Sep-2010 |
yasuoka |
add a new IP level socket option IP_PIPEX. This option is used for L2TP support by pipex. OK henning@, "Carry on" blambert@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.51 |
|
08-Jul-2010 |
jsg |
remove some unused netinet6 code ok stsp@ henning@ claudio@
|
#
1.50 |
|
07-May-2010 |
claudio |
Start cleaning up the mess called rtalloc*. Kill rtalloc2, make rtalloc1 accept flags for report and nocloning. Move the rtableid into struct route (with a minor twist for now) and make a few more codepathes rdomain aware. Appart from the pf.c and route.c bits the diff is mostly mechanical. More to come... OK michele, henning
|
#
1.49 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.48 |
|
05-Nov-2009 |
michele |
IPv6 support for divert sockets.
tested by phessler@ pyr@ ok claudio@ "go ahead" deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.47 |
|
25-Nov-2008 |
markus |
delay /etc/netstart until IPv6-DAD (dup-address-detection) is completed. ok fries, hshoexer, claudio
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.46 |
|
11-Jun-2008 |
mcbride |
From KAME, allow adjustable limits on NDP entries and discovered routes.
ok mpf naddy
|
#
1.45 |
|
09-Mar-2008 |
sobrado |
use the right capitalization for platform names
ok jsing@
|
Revision tags: OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.44 |
|
22-Jan-2007 |
miod |
Fix KAME cvsweb urls
|
#
1.43 |
|
09-Dec-2006 |
itojun |
switch IPv6 advanced API from RFC2292 to RFC3542 (2292 is superseded by 3542). the kernel still handles RFC2292 set/getsockopts, so that compiled binary has no trouble running. userland sees RFC3542 symbols only on header file so new code has to use RFC3542 API.
bump libc shlib minor for function additions.
tested on i386/amd64 by jmc, i386 by brad. checked by deraadt.
|
#
1.42 |
|
21-Nov-2006 |
itojun |
introduce sysctl net.inet6.ip6.multicast_mtudisc (for multicast routers). deraadt ok. manpage nit by jmc.
|
#
1.41 |
|
17-Nov-2006 |
itojun |
move comment to a line where it makes more sense
|
#
1.40 |
|
17-Nov-2006 |
itojun |
change semantics of ff01::/16 to interface local multicast (to sync up with more recent IPv6 spec)
ok from: deraadt mcbride
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.39 |
|
18-Jun-2006 |
pascoe |
Add support for equal-cost multipath IP.
To minimise path disruptions, this implements recommendations made in RFC2992 - the hash-threshold mechanism to select paths based on source/destination IP address pairs, and inserts multipath routes in the middle of the route table.
To enable multipath distribution, use: sysctl net.inet.ip.multipath=1 and/or: sysctl net.inet6.ip6.multipath=1
testing norby@ ok claudio@ henning@ hshoexer@
|
#
1.38 |
|
27-May-2006 |
claudio |
Do the same thing as for IPv4. Use a sysctl to enable/disable mfrowarding and additionaly make the code part of the MROUTING option. Put it in deraadt@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.37 |
|
13-Dec-2005 |
millert |
First step in include files overhaul. Use __FOO_VISIBLE (as defined in sys/cdefs.h) instead of _FOO_SOURCE. Also fix several namespace pollution issues, including the byte order defines. OK deraadt@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.36 |
|
21-Jun-2004 |
tholo |
First step towards more sane time handling in the kernel -- this changes things such that code that only need a second-resolution uptime or wall time, and used to get that from time.tv_secs or mono_time.tv_secs now get this from separate time_t globals time_second and time_uptime.
ok art@ niklas@ nordin@
|
Revision tags: SMP_SYNC_A
|
#
1.35 |
|
12-Jun-2004 |
itojun |
support IPV6_USE_MIN_MTU, to make BIND9 better. (sorry about the mess yesterday)
|
#
1.34 |
|
11-Jun-2004 |
deraadt |
back out tree breakage. Like, come on
|
#
1.33 |
|
11-Jun-2004 |
itojun |
support IPV6_USE_MIN_MTU, which is needed to run BIND9 well. from kame markus ok
|
Revision tags: OPENBSD_3_5_BASE SMP_SYNC_B
|
#
1.32 |
|
15-Feb-2004 |
markus |
switch to sysctl_int_arr(); ok itojun, henning, miod, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.31 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_A UBC_SYNC_B
|
#
1.30 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.29 |
|
07-Jun-2002 |
itojun |
mistake in sysctl table
|
#
1.28 |
|
07-Jun-2002 |
itojun |
just for consistency/compatibility, have net.inet6.ip6.v6only sysctl MIB, as well as set/getsockopt(IPV6_V6ONLY).
|
#
1.27 |
|
28-May-2002 |
itojun |
limit number of IPv6 fragments (not the fragment queue size) to fight against lots-of-frags DoS attacks. sync w/kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.26 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.25 |
|
07-Dec-2001 |
itojun |
branches: 1.25.2; whitespace/comment sync with kame
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.24 |
|
19-Sep-2001 |
itojun |
comment; sockopt # 57-59 are also reserved
|
#
1.23 |
|
22-Aug-2001 |
niklas |
Add IPCOMP setsockopt policy controls. While here fix the other policies too
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.22 |
|
30-Mar-2001 |
itojun |
fix constness of IN6_{IS,ARE}_xx macros to conform to RFC2553. sync with kame.
|
#
1.21 |
|
02-Mar-2001 |
itojun |
remove date string from KAME version identification, it is getting meaningless as we merge random items daily. have comment that refers to kame COVERAGE document. sync with kame
|
#
1.20 |
|
16-Feb-2001 |
itojun |
get rid of #ifdef IPV6FIREWALL (never used, will never be used)
|
#
1.19 |
|
16-Feb-2001 |
itojun |
pull in new pcb notification code from kame. better handling of scope address.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.18 |
|
17-Oct-2000 |
itojun |
use __P() in prototype for non-ansi compilers. From: Michael Shalayeff <mickey@lucifier.remote.dti.net>
|
#
1.17 |
|
27-Aug-2000 |
itojun |
move IPv6 IPsec sysctl # downward, to avoid number conflict in *BSD. angelos ok
|
#
1.16 |
|
16-Jul-2000 |
itojun |
don't pull sys/queue.h in. sync better with kame.
|
#
1.15 |
|
25-Jun-2000 |
aaron |
Fix typo; ds@ds.primasoft.bg
|
#
1.14 |
|
18-Jun-2000 |
itojun |
allow IPsec-related get/setsockopt on IPv6 socket. due to number conflict they must be IPV6_xx instead of IP_xx.
actually, since in_ctloutput() does not check address family of inpcb, getsockopt(IPPROTO_IP, IP_xx) may work - never tested this.
|
#
1.13 |
|
25-May-2000 |
itojun |
net.inet.ip.gif_ttl (and IPv6 counterpart) is never used. enforce type checking on IN6_ARE_ADDR_EQUAL.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.12 |
|
28-Feb-2000 |
itojun |
bring in recent KAME changes (only important and stable ones, as usual). - remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works just like "arp -s". - revise source address selection. be more careful about use of yet-to-be-valid addresses as source. - as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope packet forwarding attempt. - path MTU discovery takes care of routing header properly. - be more strict about mbuf chain parsing. - nuke xxCTL_VARS #define, they are for BSDI. - disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit IPv6 model where multiple address on interface is normal. (kernel side supports them for a while for backward compat, the support will be nuked shortly) - introduce "default outgoing interface" (for spec conformance in very rare case)
|
#
1.11 |
|
19-Feb-2000 |
deraadt |
use more modern types
|
Revision tags: SMP_BASE
|
#
1.10 |
|
09-Feb-2000 |
itojun |
branches: 1.10.2; improve RFC2553/2292 conformance. netinet6/{ip6,icmp6,in6}.h should not be included. neitnet6/{ip6,icmp6}.h includes #error statements only - i'll remove them couple of days later.
|
#
1.9 |
|
10-Dec-1999 |
angelos |
Add RCS tags, remove unused header files and code, remove a few unnecessary ifdefs...
|
Revision tags: kame_19991208
|
#
1.8 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
Revision tags: OPENBSD_2_5_BASE OPENBSD_2_6_BASE
|
#
1.7 |
|
24-Mar-1999 |
cmetz |
Replace 'in6a_words' (old NRL convention) with 's6_addr32' (new BSDI et al. convention that is more common and more specific as to the access size)
|
#
1.6 |
|
09-Mar-1999 |
cmetz |
Demangled the INET6 stuff so as not to require any extra options and not to be mutually exclusive with the IPSEC option.
|
#
1.5 |
|
24-Feb-1999 |
cmetz |
Synchronized changes needed to integrate into OpenBSD with the NRL source tree so we can have a unified netinet6 directory.
|
#
1.4 |
|
11-Jan-1999 |
deraadt |
_KERNEL, and other cleanup
|
#
1.3 |
|
10-Jan-1999 |
deraadt |
merge INPROTO_* tables
|
#
1.2 |
|
08-Jan-1999 |
deraadt |
use _KERNEL, add ipv6intrq decl
|
#
1.1 |
|
07-Jan-1999 |
deraadt |
missed file
|
#
1.107 |
|
24-Aug-2020 |
gnezdo |
Convert ip6_sysctl to sysctl_bounded_args
Tighter limits and OK by sashan
|
#
1.106 |
|
24-Jun-2020 |
cheloha |
kernel: use gettime(9)/getuptime(9) in lieu of time_second(9)/time_uptime(9)
time_second(9) and time_uptime(9) are widely used in the kernel to quickly get the system UTC or system uptime as a time_t. However, time_t is 64-bit everywhere, so it is not generally safe to use them on 32-bit platforms: you have a split-read problem if your hardware cannot perform atomic 64-bit reads.
This patch replaces time_second(9) with gettime(9), a safer successor interface, throughout the kernel. Similarly, time_uptime(9) is replaced with getuptime(9).
There is a performance cost on 32-bit platforms in exchange for eliminating the split-read problem: instead of two register reads you now have a lockless read loop to pull the values from the timehands. This is really not *too* bad in the grand scheme of things, but compared to what we were doing before it is several times slower.
There is no performance cost on 64-bit (__LP64__) platforms.
With input from visa@, dlg@, and tedu@.
Several bugs squashed by visa@.
ok kettenis@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.105 |
|
11-Nov-2019 |
bluhm |
Kernel is missing propper input validation when configuring IPv6 addresses. Implement in6_sa2sin6() to validate inet6 address family and address length. The SIOCGIFDSTADDR_IN6, SIOCGIFNETMASK_IN6, SIOCGIFAFLAG_IN6, SIOCGIFALIFETIME_IN6, and SIOCDIFADDR_IN6 ioctl(2) are safe now. OK visa@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.104 |
|
22-Apr-2019 |
bluhm |
In in_cksum() and in6_cksum() convert types to C99 style and make both functions consistent. In in_cksum() panic if len is longer than mbuf, but in in6_cksum() do not panic if off and len match exactly to the end of mbuf. OK claudio@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.103 |
|
11-Sep-2018 |
bluhm |
Convert inetctlerrmap to u_char like inet6ctlerrmap. That is also what FreeBSD does. Remove old #if 0 version of inet6ctlerrmap. OK mpi@
|
#
1.102 |
|
07-Jun-2018 |
bluhm |
The global zero addresses must not change, mark them constant. OK tb@ visa@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.101 |
|
10-Feb-2018 |
florian |
Implement RFC 7217: "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration."
"An IPv6 address configured using this method is stable within each subnet, but the corresponding Interface Identifier changes when the host moves from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware addresses."
OK naddy, sthen
|
#
1.100 |
|
20-Nov-2017 |
mpi |
Sprinkle some NET_ASSERT_LOCKED(), const and co to prepare running pr_input handlers without KERNEL_LOCK().
ok visa@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.99 |
|
01-Sep-2017 |
florian |
Use in6_get_rand_ifid() instead of get_last_resort_ifid() and delete the get_last_resort_ifid() function because eww. Also if your system is so constraint that you end up in in6_get_rand_ifid() you don't deserve a random ifid that stays stable over reboots. Simplify code a bit since get_ifid() can no longer fail. It couldn't fail before either because that code path was #if 0'ed. While here sprinkle in some in6_ prefixes, pointed out by stsp. OK stsp
|
#
1.98 |
|
11-Aug-2017 |
bluhm |
Validate sockaddr from userland in central functions. This results in common checks for unix, inet, inet6 instead of partial checks here and there. Some checks are already done at a higher layer, but better be paranoid with user input. OK claudio@ millert@
|
#
1.97 |
|
13-Jul-2017 |
florian |
Get rid of ip6.maxifprefixes and ip6.maxifdefrouters, the kernel no longer tracks prefixes or default routers from router advertisements. Pointed out by jmc. ports tree grepping sthen, who only found nsh OK mpi, sthen
|
#
1.96 |
|
30-May-2017 |
mpi |
Keep ipv6_input() definition inside _KERNEL.
Unbreak userland, found the hardway by deraadt@
|
#
1.95 |
|
30-May-2017 |
mpi |
Introduce ipv{4,6}_input(), two wrappers around IP queues.
This will help transitionning to an un-KERNEL_LOCK()ed IP forwarding path.
Disucssed with bluhm@, ok claudio@
|
#
1.94 |
|
04-May-2017 |
bluhm |
Introduce sstosa() for converting sockaddr_storage with a type safe inline function instead of casting it to sockaddr. While there, use inline instead of __inline for all these conversions. Some struct sockaddr casts can be avoided completely. OK dhill@ mpi@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.93 |
|
22-Feb-2017 |
renato |
Fix comments about a few ipv6 sockoptions
OK millert@ florian@
|
#
1.92 |
|
22-Dec-2016 |
rzalamena |
Remove PIM support from the multicast stack.
ok mpi@
|
#
1.91 |
|
03-Oct-2016 |
mpi |
Convert some of the remaining usages of time_second to time_uptime.
time_second is unix time so it can be affected by clock changes. time_uptime is monotonic so it isnt affected by clock changes. that in turn means route expiries wont jump with clock changes if set against time_uptime.
the expiry is translated into unix time for export to userland though.
Should fix mismatch between route timers that were already converted and ND default routers that were still using time_second.
Tested by matthieu@ and sthen@
ok sthen@, dlg@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.90 |
|
27-Jun-2016 |
jca |
Implement IPV6_MINHOPCOUNT support.
Useful to implement GTSM support in daemons such as bgpd(8). Diff from 2013 revived by renato@. Input from bluhm@, ok bluhm@ deraadt@
|
#
1.89 |
|
01-Jun-2016 |
jca |
Kill sysctl net.inet6.ip6.rr_prune
We don't support Router Renumbering and there are no plans to change that. ok mpi@
|
#
1.88 |
|
19-May-2016 |
jca |
Remove sysctl net.inet6.ip6.v6only
This sysctl is a no-op, read-only since it was introduced. There are no plans to support IPv4-mapped addresses on OpenBSD, thus this sysctl is meaningless.
Noticed by djm@, ok claudio@ mpi@ sthen@ henning@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.87 |
|
03-Dec-2015 |
tedu |
rm unused kernel only IPV6_RECVRTHDRDSTOPTS sockopt. ok deraadt sthen
|
#
1.86 |
|
29-Oct-2015 |
tedu |
RFC 2292 API support was removed 9 years ago, but left in a binary compat ABI form for the sake of existing programs. no programs from that era have been able to run for quite some time. Kill it all. ok deraadt florian millert mpi (I believe this is my first IPv6 diff. Future, here I come!)
|
#
1.85 |
|
11-Sep-2015 |
claudio |
in6_embedscope() needs to lose some weight. Remove the last argument. In all but two calls NULL is passed and in the other 2 cases the ifp is only used to maybe feed it to in6_selecthlim() to select the hoplimit for the link. Since in6_embedscope() only works on link-local addresses it does not matter what hop limit we select since the destination is directly reachable. OK florian@ mpi@
|
#
1.84 |
|
10-Sep-2015 |
claudio |
It is time to put inet6 on a diet. Use the flensing knife and cut out the 3rd argument of in6_recoverscope() and make it return void. OK dlg@ mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.83 |
|
08-Jun-2015 |
krw |
More damned eye searing whitespace. No change to .o files.
|
#
1.82 |
|
14-Apr-2015 |
mikeb |
ip6_sprintf is long gone; noticed by blambert
|
#
1.81 |
|
10-Apr-2015 |
dlg |
replace the use of ifqueues for most input queues serviced by netisr with niqueues.
this change is so big because there's a lot of code that takes pointers to different input queues (eg, ether_input picks between ipv4, ipv6, pppoe, arp, and mpls input queues) and falls through to code to enqueue packets against the pointer. if i changed only one of the input queues id have to add sepearate code paths, one for ifqueues and one for niqueues in each of these places
by flipping all these input queues at once i can keep the currently common code common.
testing by mpi@ sthen@ and rafael zalamena ok mpi@ sthen@ claudio@ henning@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.80 |
|
09-Feb-2015 |
claudio |
Implement 2 sysctl to retrieve the multicast forwarding cache (mf6c) and the multicast interface table (mif6). Will be used by netstat soon. Looked over by guenther@
|
#
1.79 |
|
09-Feb-2015 |
dlg |
provide a net.inet6.ip6.ifq sysctl so people can see and fiddle with the ip6intrq.
ok claudio@
|
#
1.78 |
|
10-Jan-2015 |
mpi |
Correct some comments and merge in6_if_up() into in6_ifattach() to reflect that IPv6 link-local addresses are no longer automagically configured the first time an interface is brought up.
ok henning@, stsp@
|
#
1.77 |
|
05-Dec-2014 |
mpi |
Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.
ok mikeb@, krw@, bluhm@, tedu@
|
#
1.76 |
|
20-Nov-2014 |
mpi |
What have no need for a variable that holds the maximum MTU size of interfaces with an IPv6 address.
ok henning@, mikeb@, deraadt@
|
#
1.75 |
|
31-Aug-2014 |
bluhm |
Make the in6addr constant declarations and definitions consistent in kernel and user land. OK florian@ mpi@
|
#
1.74 |
|
26-Aug-2014 |
florian |
Do not hand-roll all routers link local address. pointed out & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.73 |
|
11-Jul-2014 |
henning |
introduce the IFXF_AUTOCONF6 interface flag which controls wether we accept rtadvs on that interface. the global net.inet6.ip6.accept_rtadv sysctl just doesn't cut it, even tho the spec wants that - but in their little absurd world, a host just has one interface by definition anyway... the sysctlgoes away. lots of head scratching, brain cell elemination etc from bluhm benno stsp florian, excitement from simon and todd, ok bluhm stsp benno florian
|
#
1.72 |
|
13-Jun-2014 |
chrisz |
Remove deprecated RFC2292 ancillary data convenience functions. They are obsoleted by the RFC3542 api.
ok mpi@
|
#
1.71 |
|
20-Apr-2014 |
naddy |
move in6_cksum_phdr from in6.h to ip6_output.c to mirror in_cksum_phdr ok henning@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.70 |
|
22-Jan-2014 |
naddy |
Split the checksum calculation for IPv6 like for IPv4: Always calculate the pseudo-header checksum. Complete the checksum if hardware offload is not available.
Parts originally from NetBSD; ok henning@
|
#
1.69 |
|
28-Oct-2013 |
deraadt |
kill kame version symbols and sysctl ports tree grep run by sthen
|
#
1.68 |
|
24-Oct-2013 |
mpi |
Remove the number of in6_var.h inclusions by moving some functions and global variables to in6.h.
ok deraadt@
|
#
1.67 |
|
24-Oct-2013 |
deraadt |
Significant namespace cleanup of netinet6 symbols.
One worrying bit is in icmp6.h where some htols() and htonl() are added, which may affect compatibility down the line. This component can be reverted if issues show up. Ports tree greps indicate no issue.
ok claudio mpi etc
|
#
1.66 |
|
21-Oct-2013 |
deraadt |
There are gasps of shock! Add a pmtu delay sysctl BUTTON for netinet6, making the code the same as netinet4 along the way. ok bluhm phessler
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.65 |
|
26-Jun-2013 |
henning |
put the cksum diff back, of course with the bug fixed where we could under some circumstances repair broken checksums on the way. ok ryan naddy mikeb . redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers.
|
#
1.64 |
|
28-Mar-2013 |
bluhm |
Convert the satosin, sintosa, ifatoia, satosin6, sin6tosa, ifatoia6 defines into static inline functions. This allows the compiler to check the source type before casting. liked by many; OK mpi@ haesbaert@
|
#
1.63 |
|
14-Mar-2013 |
mpi |
My lack of faith... These lines should stay, reported by ajacoutot@.
ok sthen@
|
#
1.62 |
|
14-Mar-2013 |
mpi |
tedu faith(4), suggested by todd@ some weeks ago after a submission by dhill.
ok krw@, mikeb@, tedu@ (implicit)
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.61 |
|
06-Nov-2012 |
henning |
backout csum diff for the moment, requested by theo
|
#
1.60 |
|
01-Nov-2012 |
henning |
redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers. ok camield sthen claudio, testing by many, thanks!
|
#
1.59 |
|
17-Sep-2012 |
yasuoka |
add IPV6_RECVDSTPORT socket option, which enables us to get original (= before divert) destination port of a UDP packet. The way to use this option is same as IP_RECVDSTPORT.
from UMEZAWA Takeshi tweaks from jmc; ok henning bluhm
|
#
1.58 |
|
15-Sep-2012 |
guenther |
Improve POSIX/SUS compliance of <netdb.h>, <sys/socket.h>, and <sys/un.h>.
Much ports testing of various versions by naddy@ and jasper@ ok matthew@, miller@
|
Revision tags: OPENBSD_5_2_BASE
|
#
1.57 |
|
10-Jul-2012 |
guenther |
Instead of <arpa/inet.h> pulling in <netinet/in.h>, just copy in the three things that it needed from there: INET_ADDRSTRLEN, INET6_ADDRSTRLEN, and struct in_addr. Add protecting #ifndefs to netinet6?/in6?.h for those.
ok deraadt@
|
#
1.56 |
|
26-Jun-2012 |
guenther |
Improve compliance for <arpa/inet.h> and <netinet/in.h> to define/declare all the symbols that POSIX says they must and fewer that they can't and, most importantly, to not require a specific ordering of headers.
ports testing by naddy@ ok millert@ deraadt@
|
Revision tags: OPENBSD_5_1_BASE
|
#
1.55 |
|
24-Nov-2011 |
sperreault |
rdomain support for IPv6 ok mikeb
|
#
1.54 |
|
13-Oct-2011 |
claudio |
Since the IPv6 madness is not enough introduce NAT64 -- which is actually "af-to" a generic IP version translator for pf(4). Not everything perfect yet but lets fix these things in the tree. Insane amount of work done by sperreault@, mikeb@ and reyk@. Looked over by mcbride@ henning@ and myself at eurobsdcon. OK mcbride@ and general put it in from deraadt@
|
Revision tags: OPENBSD_5_0_BASE
|
#
1.53 |
|
02-May-2011 |
mikeb |
recognize SO_RTABLE socket option at the SOL_SOCKET level; discussed with and ok claudio
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.52 |
|
23-Sep-2010 |
yasuoka |
add a new IP level socket option IP_PIPEX. This option is used for L2TP support by pipex. OK henning@, "Carry on" blambert@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.51 |
|
08-Jul-2010 |
jsg |
remove some unused netinet6 code ok stsp@ henning@ claudio@
|
#
1.50 |
|
07-May-2010 |
claudio |
Start cleaning up the mess called rtalloc*. Kill rtalloc2, make rtalloc1 accept flags for report and nocloning. Move the rtableid into struct route (with a minor twist for now) and make a few more codepathes rdomain aware. Appart from the pf.c and route.c bits the diff is mostly mechanical. More to come... OK michele, henning
|
#
1.49 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.48 |
|
05-Nov-2009 |
michele |
IPv6 support for divert sockets.
tested by phessler@ pyr@ ok claudio@ "go ahead" deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.47 |
|
25-Nov-2008 |
markus |
delay /etc/netstart until IPv6-DAD (dup-address-detection) is completed. ok fries, hshoexer, claudio
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.46 |
|
11-Jun-2008 |
mcbride |
From KAME, allow adjustable limits on NDP entries and discovered routes.
ok mpf naddy
|
#
1.45 |
|
09-Mar-2008 |
sobrado |
use the right capitalization for platform names
ok jsing@
|
Revision tags: OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.44 |
|
22-Jan-2007 |
miod |
Fix KAME cvsweb urls
|
#
1.43 |
|
09-Dec-2006 |
itojun |
switch IPv6 advanced API from RFC2292 to RFC3542 (2292 is superseded by 3542). the kernel still handles RFC2292 set/getsockopts, so that compiled binary has no trouble running. userland sees RFC3542 symbols only on header file so new code has to use RFC3542 API.
bump libc shlib minor for function additions.
tested on i386/amd64 by jmc, i386 by brad. checked by deraadt.
|
#
1.42 |
|
21-Nov-2006 |
itojun |
introduce sysctl net.inet6.ip6.multicast_mtudisc (for multicast routers). deraadt ok. manpage nit by jmc.
|
#
1.41 |
|
17-Nov-2006 |
itojun |
move comment to a line where it makes more sense
|
#
1.40 |
|
17-Nov-2006 |
itojun |
change semantics of ff01::/16 to interface local multicast (to sync up with more recent IPv6 spec)
ok from: deraadt mcbride
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.39 |
|
18-Jun-2006 |
pascoe |
Add support for equal-cost multipath IP.
To minimise path disruptions, this implements recommendations made in RFC2992 - the hash-threshold mechanism to select paths based on source/destination IP address pairs, and inserts multipath routes in the middle of the route table.
To enable multipath distribution, use: sysctl net.inet.ip.multipath=1 and/or: sysctl net.inet6.ip6.multipath=1
testing norby@ ok claudio@ henning@ hshoexer@
|
#
1.38 |
|
27-May-2006 |
claudio |
Do the same thing as for IPv4. Use a sysctl to enable/disable mfrowarding and additionaly make the code part of the MROUTING option. Put it in deraadt@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.37 |
|
13-Dec-2005 |
millert |
First step in include files overhaul. Use __FOO_VISIBLE (as defined in sys/cdefs.h) instead of _FOO_SOURCE. Also fix several namespace pollution issues, including the byte order defines. OK deraadt@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.36 |
|
21-Jun-2004 |
tholo |
First step towards more sane time handling in the kernel -- this changes things such that code that only need a second-resolution uptime or wall time, and used to get that from time.tv_secs or mono_time.tv_secs now get this from separate time_t globals time_second and time_uptime.
ok art@ niklas@ nordin@
|
Revision tags: SMP_SYNC_A
|
#
1.35 |
|
12-Jun-2004 |
itojun |
support IPV6_USE_MIN_MTU, to make BIND9 better. (sorry about the mess yesterday)
|
#
1.34 |
|
11-Jun-2004 |
deraadt |
back out tree breakage. Like, come on
|
#
1.33 |
|
11-Jun-2004 |
itojun |
support IPV6_USE_MIN_MTU, which is needed to run BIND9 well. from kame markus ok
|
Revision tags: OPENBSD_3_5_BASE SMP_SYNC_B
|
#
1.32 |
|
15-Feb-2004 |
markus |
switch to sysctl_int_arr(); ok itojun, henning, miod, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.31 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_A UBC_SYNC_B
|
#
1.30 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.29 |
|
07-Jun-2002 |
itojun |
mistake in sysctl table
|
#
1.28 |
|
07-Jun-2002 |
itojun |
just for consistency/compatibility, have net.inet6.ip6.v6only sysctl MIB, as well as set/getsockopt(IPV6_V6ONLY).
|
#
1.27 |
|
28-May-2002 |
itojun |
limit number of IPv6 fragments (not the fragment queue size) to fight against lots-of-frags DoS attacks. sync w/kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.26 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.25 |
|
07-Dec-2001 |
itojun |
branches: 1.25.2; whitespace/comment sync with kame
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.24 |
|
19-Sep-2001 |
itojun |
comment; sockopt # 57-59 are also reserved
|
#
1.23 |
|
22-Aug-2001 |
niklas |
Add IPCOMP setsockopt policy controls. While here fix the other policies too
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.22 |
|
30-Mar-2001 |
itojun |
fix constness of IN6_{IS,ARE}_xx macros to conform to RFC2553. sync with kame.
|
#
1.21 |
|
02-Mar-2001 |
itojun |
remove date string from KAME version identification, it is getting meaningless as we merge random items daily. have comment that refers to kame COVERAGE document. sync with kame
|
#
1.20 |
|
16-Feb-2001 |
itojun |
get rid of #ifdef IPV6FIREWALL (never used, will never be used)
|
#
1.19 |
|
16-Feb-2001 |
itojun |
pull in new pcb notification code from kame. better handling of scope address.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.18 |
|
17-Oct-2000 |
itojun |
use __P() in prototype for non-ansi compilers. From: Michael Shalayeff <mickey@lucifier.remote.dti.net>
|
#
1.17 |
|
27-Aug-2000 |
itojun |
move IPv6 IPsec sysctl # downward, to avoid number conflict in *BSD. angelos ok
|
#
1.16 |
|
16-Jul-2000 |
itojun |
don't pull sys/queue.h in. sync better with kame.
|
#
1.15 |
|
25-Jun-2000 |
aaron |
Fix typo; ds@ds.primasoft.bg
|
#
1.14 |
|
18-Jun-2000 |
itojun |
allow IPsec-related get/setsockopt on IPv6 socket. due to number conflict they must be IPV6_xx instead of IP_xx.
actually, since in_ctloutput() does not check address family of inpcb, getsockopt(IPPROTO_IP, IP_xx) may work - never tested this.
|
#
1.13 |
|
25-May-2000 |
itojun |
net.inet.ip.gif_ttl (and IPv6 counterpart) is never used. enforce type checking on IN6_ARE_ADDR_EQUAL.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.12 |
|
28-Feb-2000 |
itojun |
bring in recent KAME changes (only important and stable ones, as usual). - remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works just like "arp -s". - revise source address selection. be more careful about use of yet-to-be-valid addresses as source. - as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope packet forwarding attempt. - path MTU discovery takes care of routing header properly. - be more strict about mbuf chain parsing. - nuke xxCTL_VARS #define, they are for BSDI. - disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit IPv6 model where multiple address on interface is normal. (kernel side supports them for a while for backward compat, the support will be nuked shortly) - introduce "default outgoing interface" (for spec conformance in very rare case)
|
#
1.11 |
|
19-Feb-2000 |
deraadt |
use more modern types
|
Revision tags: SMP_BASE
|
#
1.10 |
|
09-Feb-2000 |
itojun |
branches: 1.10.2; improve RFC2553/2292 conformance. netinet6/{ip6,icmp6,in6}.h should not be included. neitnet6/{ip6,icmp6}.h includes #error statements only - i'll remove them couple of days later.
|
#
1.9 |
|
10-Dec-1999 |
angelos |
Add RCS tags, remove unused header files and code, remove a few unnecessary ifdefs...
|
Revision tags: kame_19991208
|
#
1.8 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
Revision tags: OPENBSD_2_5_BASE OPENBSD_2_6_BASE
|
#
1.7 |
|
24-Mar-1999 |
cmetz |
Replace 'in6a_words' (old NRL convention) with 's6_addr32' (new BSDI et al. convention that is more common and more specific as to the access size)
|
#
1.6 |
|
09-Mar-1999 |
cmetz |
Demangled the INET6 stuff so as not to require any extra options and not to be mutually exclusive with the IPSEC option.
|
#
1.5 |
|
24-Feb-1999 |
cmetz |
Synchronized changes needed to integrate into OpenBSD with the NRL source tree so we can have a unified netinet6 directory.
|
#
1.4 |
|
11-Jan-1999 |
deraadt |
_KERNEL, and other cleanup
|
#
1.3 |
|
10-Jan-1999 |
deraadt |
merge INPROTO_* tables
|
#
1.2 |
|
08-Jan-1999 |
deraadt |
use _KERNEL, add ipv6intrq decl
|
#
1.1 |
|
07-Jan-1999 |
deraadt |
missed file
|
#
1.106 |
|
24-Jun-2020 |
cheloha |
kernel: use gettime(9)/getuptime(9) in lieu of time_second(9)/time_uptime(9)
time_second(9) and time_uptime(9) are widely used in the kernel to quickly get the system UTC or system uptime as a time_t. However, time_t is 64-bit everywhere, so it is not generally safe to use them on 32-bit platforms: you have a split-read problem if your hardware cannot perform atomic 64-bit reads.
This patch replaces time_second(9) with gettime(9), a safer successor interface, throughout the kernel. Similarly, time_uptime(9) is replaced with getuptime(9).
There is a performance cost on 32-bit platforms in exchange for eliminating the split-read problem: instead of two register reads you now have a lockless read loop to pull the values from the timehands. This is really not *too* bad in the grand scheme of things, but compared to what we were doing before it is several times slower.
There is no performance cost on 64-bit (__LP64__) platforms.
With input from visa@, dlg@, and tedu@.
Several bugs squashed by visa@.
ok kettenis@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.105 |
|
11-Nov-2019 |
bluhm |
Kernel is missing propper input validation when configuring IPv6 addresses. Implement in6_sa2sin6() to validate inet6 address family and address length. The SIOCGIFDSTADDR_IN6, SIOCGIFNETMASK_IN6, SIOCGIFAFLAG_IN6, SIOCGIFALIFETIME_IN6, and SIOCDIFADDR_IN6 ioctl(2) are safe now. OK visa@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.104 |
|
22-Apr-2019 |
bluhm |
In in_cksum() and in6_cksum() convert types to C99 style and make both functions consistent. In in_cksum() panic if len is longer than mbuf, but in in6_cksum() do not panic if off and len match exactly to the end of mbuf. OK claudio@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.103 |
|
11-Sep-2018 |
bluhm |
Convert inetctlerrmap to u_char like inet6ctlerrmap. That is also what FreeBSD does. Remove old #if 0 version of inet6ctlerrmap. OK mpi@
|
#
1.102 |
|
07-Jun-2018 |
bluhm |
The global zero addresses must not change, mark them constant. OK tb@ visa@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.101 |
|
10-Feb-2018 |
florian |
Implement RFC 7217: "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration."
"An IPv6 address configured using this method is stable within each subnet, but the corresponding Interface Identifier changes when the host moves from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware addresses."
OK naddy, sthen
|
#
1.100 |
|
20-Nov-2017 |
mpi |
Sprinkle some NET_ASSERT_LOCKED(), const and co to prepare running pr_input handlers without KERNEL_LOCK().
ok visa@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.99 |
|
01-Sep-2017 |
florian |
Use in6_get_rand_ifid() instead of get_last_resort_ifid() and delete the get_last_resort_ifid() function because eww. Also if your system is so constraint that you end up in in6_get_rand_ifid() you don't deserve a random ifid that stays stable over reboots. Simplify code a bit since get_ifid() can no longer fail. It couldn't fail before either because that code path was #if 0'ed. While here sprinkle in some in6_ prefixes, pointed out by stsp. OK stsp
|
#
1.98 |
|
11-Aug-2017 |
bluhm |
Validate sockaddr from userland in central functions. This results in common checks for unix, inet, inet6 instead of partial checks here and there. Some checks are already done at a higher layer, but better be paranoid with user input. OK claudio@ millert@
|
#
1.97 |
|
13-Jul-2017 |
florian |
Get rid of ip6.maxifprefixes and ip6.maxifdefrouters, the kernel no longer tracks prefixes or default routers from router advertisements. Pointed out by jmc. ports tree grepping sthen, who only found nsh OK mpi, sthen
|
#
1.96 |
|
30-May-2017 |
mpi |
Keep ipv6_input() definition inside _KERNEL.
Unbreak userland, found the hardway by deraadt@
|
#
1.95 |
|
30-May-2017 |
mpi |
Introduce ipv{4,6}_input(), two wrappers around IP queues.
This will help transitionning to an un-KERNEL_LOCK()ed IP forwarding path.
Disucssed with bluhm@, ok claudio@
|
#
1.94 |
|
04-May-2017 |
bluhm |
Introduce sstosa() for converting sockaddr_storage with a type safe inline function instead of casting it to sockaddr. While there, use inline instead of __inline for all these conversions. Some struct sockaddr casts can be avoided completely. OK dhill@ mpi@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.93 |
|
22-Feb-2017 |
renato |
Fix comments about a few ipv6 sockoptions
OK millert@ florian@
|
#
1.92 |
|
22-Dec-2016 |
rzalamena |
Remove PIM support from the multicast stack.
ok mpi@
|
#
1.91 |
|
03-Oct-2016 |
mpi |
Convert some of the remaining usages of time_second to time_uptime.
time_second is unix time so it can be affected by clock changes. time_uptime is monotonic so it isnt affected by clock changes. that in turn means route expiries wont jump with clock changes if set against time_uptime.
the expiry is translated into unix time for export to userland though.
Should fix mismatch between route timers that were already converted and ND default routers that were still using time_second.
Tested by matthieu@ and sthen@
ok sthen@, dlg@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.90 |
|
27-Jun-2016 |
jca |
Implement IPV6_MINHOPCOUNT support.
Useful to implement GTSM support in daemons such as bgpd(8). Diff from 2013 revived by renato@. Input from bluhm@, ok bluhm@ deraadt@
|
#
1.89 |
|
01-Jun-2016 |
jca |
Kill sysctl net.inet6.ip6.rr_prune
We don't support Router Renumbering and there are no plans to change that. ok mpi@
|
#
1.88 |
|
19-May-2016 |
jca |
Remove sysctl net.inet6.ip6.v6only
This sysctl is a no-op, read-only since it was introduced. There are no plans to support IPv4-mapped addresses on OpenBSD, thus this sysctl is meaningless.
Noticed by djm@, ok claudio@ mpi@ sthen@ henning@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.87 |
|
03-Dec-2015 |
tedu |
rm unused kernel only IPV6_RECVRTHDRDSTOPTS sockopt. ok deraadt sthen
|
#
1.86 |
|
29-Oct-2015 |
tedu |
RFC 2292 API support was removed 9 years ago, but left in a binary compat ABI form for the sake of existing programs. no programs from that era have been able to run for quite some time. Kill it all. ok deraadt florian millert mpi (I believe this is my first IPv6 diff. Future, here I come!)
|
#
1.85 |
|
11-Sep-2015 |
claudio |
in6_embedscope() needs to lose some weight. Remove the last argument. In all but two calls NULL is passed and in the other 2 cases the ifp is only used to maybe feed it to in6_selecthlim() to select the hoplimit for the link. Since in6_embedscope() only works on link-local addresses it does not matter what hop limit we select since the destination is directly reachable. OK florian@ mpi@
|
#
1.84 |
|
10-Sep-2015 |
claudio |
It is time to put inet6 on a diet. Use the flensing knife and cut out the 3rd argument of in6_recoverscope() and make it return void. OK dlg@ mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.83 |
|
08-Jun-2015 |
krw |
More damned eye searing whitespace. No change to .o files.
|
#
1.82 |
|
14-Apr-2015 |
mikeb |
ip6_sprintf is long gone; noticed by blambert
|
#
1.81 |
|
10-Apr-2015 |
dlg |
replace the use of ifqueues for most input queues serviced by netisr with niqueues.
this change is so big because there's a lot of code that takes pointers to different input queues (eg, ether_input picks between ipv4, ipv6, pppoe, arp, and mpls input queues) and falls through to code to enqueue packets against the pointer. if i changed only one of the input queues id have to add sepearate code paths, one for ifqueues and one for niqueues in each of these places
by flipping all these input queues at once i can keep the currently common code common.
testing by mpi@ sthen@ and rafael zalamena ok mpi@ sthen@ claudio@ henning@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.80 |
|
09-Feb-2015 |
claudio |
Implement 2 sysctl to retrieve the multicast forwarding cache (mf6c) and the multicast interface table (mif6). Will be used by netstat soon. Looked over by guenther@
|
#
1.79 |
|
09-Feb-2015 |
dlg |
provide a net.inet6.ip6.ifq sysctl so people can see and fiddle with the ip6intrq.
ok claudio@
|
#
1.78 |
|
10-Jan-2015 |
mpi |
Correct some comments and merge in6_if_up() into in6_ifattach() to reflect that IPv6 link-local addresses are no longer automagically configured the first time an interface is brought up.
ok henning@, stsp@
|
#
1.77 |
|
05-Dec-2014 |
mpi |
Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.
ok mikeb@, krw@, bluhm@, tedu@
|
#
1.76 |
|
20-Nov-2014 |
mpi |
What have no need for a variable that holds the maximum MTU size of interfaces with an IPv6 address.
ok henning@, mikeb@, deraadt@
|
#
1.75 |
|
31-Aug-2014 |
bluhm |
Make the in6addr constant declarations and definitions consistent in kernel and user land. OK florian@ mpi@
|
#
1.74 |
|
26-Aug-2014 |
florian |
Do not hand-roll all routers link local address. pointed out & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.73 |
|
11-Jul-2014 |
henning |
introduce the IFXF_AUTOCONF6 interface flag which controls wether we accept rtadvs on that interface. the global net.inet6.ip6.accept_rtadv sysctl just doesn't cut it, even tho the spec wants that - but in their little absurd world, a host just has one interface by definition anyway... the sysctlgoes away. lots of head scratching, brain cell elemination etc from bluhm benno stsp florian, excitement from simon and todd, ok bluhm stsp benno florian
|
#
1.72 |
|
13-Jun-2014 |
chrisz |
Remove deprecated RFC2292 ancillary data convenience functions. They are obsoleted by the RFC3542 api.
ok mpi@
|
#
1.71 |
|
20-Apr-2014 |
naddy |
move in6_cksum_phdr from in6.h to ip6_output.c to mirror in_cksum_phdr ok henning@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.70 |
|
22-Jan-2014 |
naddy |
Split the checksum calculation for IPv6 like for IPv4: Always calculate the pseudo-header checksum. Complete the checksum if hardware offload is not available.
Parts originally from NetBSD; ok henning@
|
#
1.69 |
|
28-Oct-2013 |
deraadt |
kill kame version symbols and sysctl ports tree grep run by sthen
|
#
1.68 |
|
24-Oct-2013 |
mpi |
Remove the number of in6_var.h inclusions by moving some functions and global variables to in6.h.
ok deraadt@
|
#
1.67 |
|
24-Oct-2013 |
deraadt |
Significant namespace cleanup of netinet6 symbols.
One worrying bit is in icmp6.h where some htols() and htonl() are added, which may affect compatibility down the line. This component can be reverted if issues show up. Ports tree greps indicate no issue.
ok claudio mpi etc
|
#
1.66 |
|
21-Oct-2013 |
deraadt |
There are gasps of shock! Add a pmtu delay sysctl BUTTON for netinet6, making the code the same as netinet4 along the way. ok bluhm phessler
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.65 |
|
26-Jun-2013 |
henning |
put the cksum diff back, of course with the bug fixed where we could under some circumstances repair broken checksums on the way. ok ryan naddy mikeb . redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers.
|
#
1.64 |
|
28-Mar-2013 |
bluhm |
Convert the satosin, sintosa, ifatoia, satosin6, sin6tosa, ifatoia6 defines into static inline functions. This allows the compiler to check the source type before casting. liked by many; OK mpi@ haesbaert@
|
#
1.63 |
|
14-Mar-2013 |
mpi |
My lack of faith... These lines should stay, reported by ajacoutot@.
ok sthen@
|
#
1.62 |
|
14-Mar-2013 |
mpi |
tedu faith(4), suggested by todd@ some weeks ago after a submission by dhill.
ok krw@, mikeb@, tedu@ (implicit)
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.61 |
|
06-Nov-2012 |
henning |
backout csum diff for the moment, requested by theo
|
#
1.60 |
|
01-Nov-2012 |
henning |
redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers. ok camield sthen claudio, testing by many, thanks!
|
#
1.59 |
|
17-Sep-2012 |
yasuoka |
add IPV6_RECVDSTPORT socket option, which enables us to get original (= before divert) destination port of a UDP packet. The way to use this option is same as IP_RECVDSTPORT.
from UMEZAWA Takeshi tweaks from jmc; ok henning bluhm
|
#
1.58 |
|
15-Sep-2012 |
guenther |
Improve POSIX/SUS compliance of <netdb.h>, <sys/socket.h>, and <sys/un.h>.
Much ports testing of various versions by naddy@ and jasper@ ok matthew@, miller@
|
Revision tags: OPENBSD_5_2_BASE
|
#
1.57 |
|
10-Jul-2012 |
guenther |
Instead of <arpa/inet.h> pulling in <netinet/in.h>, just copy in the three things that it needed from there: INET_ADDRSTRLEN, INET6_ADDRSTRLEN, and struct in_addr. Add protecting #ifndefs to netinet6?/in6?.h for those.
ok deraadt@
|
#
1.56 |
|
26-Jun-2012 |
guenther |
Improve compliance for <arpa/inet.h> and <netinet/in.h> to define/declare all the symbols that POSIX says they must and fewer that they can't and, most importantly, to not require a specific ordering of headers.
ports testing by naddy@ ok millert@ deraadt@
|
Revision tags: OPENBSD_5_1_BASE
|
#
1.55 |
|
24-Nov-2011 |
sperreault |
rdomain support for IPv6 ok mikeb
|
#
1.54 |
|
13-Oct-2011 |
claudio |
Since the IPv6 madness is not enough introduce NAT64 -- which is actually "af-to" a generic IP version translator for pf(4). Not everything perfect yet but lets fix these things in the tree. Insane amount of work done by sperreault@, mikeb@ and reyk@. Looked over by mcbride@ henning@ and myself at eurobsdcon. OK mcbride@ and general put it in from deraadt@
|
Revision tags: OPENBSD_5_0_BASE
|
#
1.53 |
|
02-May-2011 |
mikeb |
recognize SO_RTABLE socket option at the SOL_SOCKET level; discussed with and ok claudio
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.52 |
|
23-Sep-2010 |
yasuoka |
add a new IP level socket option IP_PIPEX. This option is used for L2TP support by pipex. OK henning@, "Carry on" blambert@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.51 |
|
08-Jul-2010 |
jsg |
remove some unused netinet6 code ok stsp@ henning@ claudio@
|
#
1.50 |
|
07-May-2010 |
claudio |
Start cleaning up the mess called rtalloc*. Kill rtalloc2, make rtalloc1 accept flags for report and nocloning. Move the rtableid into struct route (with a minor twist for now) and make a few more codepathes rdomain aware. Appart from the pf.c and route.c bits the diff is mostly mechanical. More to come... OK michele, henning
|
#
1.49 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.48 |
|
05-Nov-2009 |
michele |
IPv6 support for divert sockets.
tested by phessler@ pyr@ ok claudio@ "go ahead" deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.47 |
|
25-Nov-2008 |
markus |
delay /etc/netstart until IPv6-DAD (dup-address-detection) is completed. ok fries, hshoexer, claudio
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.46 |
|
11-Jun-2008 |
mcbride |
From KAME, allow adjustable limits on NDP entries and discovered routes.
ok mpf naddy
|
#
1.45 |
|
09-Mar-2008 |
sobrado |
use the right capitalization for platform names
ok jsing@
|
Revision tags: OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.44 |
|
22-Jan-2007 |
miod |
Fix KAME cvsweb urls
|
#
1.43 |
|
09-Dec-2006 |
itojun |
switch IPv6 advanced API from RFC2292 to RFC3542 (2292 is superseded by 3542). the kernel still handles RFC2292 set/getsockopts, so that compiled binary has no trouble running. userland sees RFC3542 symbols only on header file so new code has to use RFC3542 API.
bump libc shlib minor for function additions.
tested on i386/amd64 by jmc, i386 by brad. checked by deraadt.
|
#
1.42 |
|
21-Nov-2006 |
itojun |
introduce sysctl net.inet6.ip6.multicast_mtudisc (for multicast routers). deraadt ok. manpage nit by jmc.
|
#
1.41 |
|
17-Nov-2006 |
itojun |
move comment to a line where it makes more sense
|
#
1.40 |
|
17-Nov-2006 |
itojun |
change semantics of ff01::/16 to interface local multicast (to sync up with more recent IPv6 spec)
ok from: deraadt mcbride
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.39 |
|
18-Jun-2006 |
pascoe |
Add support for equal-cost multipath IP.
To minimise path disruptions, this implements recommendations made in RFC2992 - the hash-threshold mechanism to select paths based on source/destination IP address pairs, and inserts multipath routes in the middle of the route table.
To enable multipath distribution, use: sysctl net.inet.ip.multipath=1 and/or: sysctl net.inet6.ip6.multipath=1
testing norby@ ok claudio@ henning@ hshoexer@
|
#
1.38 |
|
27-May-2006 |
claudio |
Do the same thing as for IPv4. Use a sysctl to enable/disable mfrowarding and additionaly make the code part of the MROUTING option. Put it in deraadt@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.37 |
|
13-Dec-2005 |
millert |
First step in include files overhaul. Use __FOO_VISIBLE (as defined in sys/cdefs.h) instead of _FOO_SOURCE. Also fix several namespace pollution issues, including the byte order defines. OK deraadt@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.36 |
|
21-Jun-2004 |
tholo |
First step towards more sane time handling in the kernel -- this changes things such that code that only need a second-resolution uptime or wall time, and used to get that from time.tv_secs or mono_time.tv_secs now get this from separate time_t globals time_second and time_uptime.
ok art@ niklas@ nordin@
|
Revision tags: SMP_SYNC_A
|
#
1.35 |
|
12-Jun-2004 |
itojun |
support IPV6_USE_MIN_MTU, to make BIND9 better. (sorry about the mess yesterday)
|
#
1.34 |
|
11-Jun-2004 |
deraadt |
back out tree breakage. Like, come on
|
#
1.33 |
|
11-Jun-2004 |
itojun |
support IPV6_USE_MIN_MTU, which is needed to run BIND9 well. from kame markus ok
|
Revision tags: OPENBSD_3_5_BASE SMP_SYNC_B
|
#
1.32 |
|
15-Feb-2004 |
markus |
switch to sysctl_int_arr(); ok itojun, henning, miod, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.31 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_A UBC_SYNC_B
|
#
1.30 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.29 |
|
07-Jun-2002 |
itojun |
mistake in sysctl table
|
#
1.28 |
|
07-Jun-2002 |
itojun |
just for consistency/compatibility, have net.inet6.ip6.v6only sysctl MIB, as well as set/getsockopt(IPV6_V6ONLY).
|
#
1.27 |
|
28-May-2002 |
itojun |
limit number of IPv6 fragments (not the fragment queue size) to fight against lots-of-frags DoS attacks. sync w/kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.26 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.25 |
|
07-Dec-2001 |
itojun |
branches: 1.25.2; whitespace/comment sync with kame
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.24 |
|
19-Sep-2001 |
itojun |
comment; sockopt # 57-59 are also reserved
|
#
1.23 |
|
22-Aug-2001 |
niklas |
Add IPCOMP setsockopt policy controls. While here fix the other policies too
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.22 |
|
30-Mar-2001 |
itojun |
fix constness of IN6_{IS,ARE}_xx macros to conform to RFC2553. sync with kame.
|
#
1.21 |
|
02-Mar-2001 |
itojun |
remove date string from KAME version identification, it is getting meaningless as we merge random items daily. have comment that refers to kame COVERAGE document. sync with kame
|
#
1.20 |
|
16-Feb-2001 |
itojun |
get rid of #ifdef IPV6FIREWALL (never used, will never be used)
|
#
1.19 |
|
16-Feb-2001 |
itojun |
pull in new pcb notification code from kame. better handling of scope address.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.18 |
|
17-Oct-2000 |
itojun |
use __P() in prototype for non-ansi compilers. From: Michael Shalayeff <mickey@lucifier.remote.dti.net>
|
#
1.17 |
|
27-Aug-2000 |
itojun |
move IPv6 IPsec sysctl # downward, to avoid number conflict in *BSD. angelos ok
|
#
1.16 |
|
16-Jul-2000 |
itojun |
don't pull sys/queue.h in. sync better with kame.
|
#
1.15 |
|
25-Jun-2000 |
aaron |
Fix typo; ds@ds.primasoft.bg
|
#
1.14 |
|
18-Jun-2000 |
itojun |
allow IPsec-related get/setsockopt on IPv6 socket. due to number conflict they must be IPV6_xx instead of IP_xx.
actually, since in_ctloutput() does not check address family of inpcb, getsockopt(IPPROTO_IP, IP_xx) may work - never tested this.
|
#
1.13 |
|
25-May-2000 |
itojun |
net.inet.ip.gif_ttl (and IPv6 counterpart) is never used. enforce type checking on IN6_ARE_ADDR_EQUAL.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.12 |
|
28-Feb-2000 |
itojun |
bring in recent KAME changes (only important and stable ones, as usual). - remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works just like "arp -s". - revise source address selection. be more careful about use of yet-to-be-valid addresses as source. - as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope packet forwarding attempt. - path MTU discovery takes care of routing header properly. - be more strict about mbuf chain parsing. - nuke xxCTL_VARS #define, they are for BSDI. - disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit IPv6 model where multiple address on interface is normal. (kernel side supports them for a while for backward compat, the support will be nuked shortly) - introduce "default outgoing interface" (for spec conformance in very rare case)
|
#
1.11 |
|
19-Feb-2000 |
deraadt |
use more modern types
|
Revision tags: SMP_BASE
|
#
1.10 |
|
09-Feb-2000 |
itojun |
branches: 1.10.2; improve RFC2553/2292 conformance. netinet6/{ip6,icmp6,in6}.h should not be included. neitnet6/{ip6,icmp6}.h includes #error statements only - i'll remove them couple of days later.
|
#
1.9 |
|
10-Dec-1999 |
angelos |
Add RCS tags, remove unused header files and code, remove a few unnecessary ifdefs...
|
Revision tags: kame_19991208
|
#
1.8 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
Revision tags: OPENBSD_2_5_BASE OPENBSD_2_6_BASE
|
#
1.7 |
|
24-Mar-1999 |
cmetz |
Replace 'in6a_words' (old NRL convention) with 's6_addr32' (new BSDI et al. convention that is more common and more specific as to the access size)
|
#
1.6 |
|
09-Mar-1999 |
cmetz |
Demangled the INET6 stuff so as not to require any extra options and not to be mutually exclusive with the IPSEC option.
|
#
1.5 |
|
24-Feb-1999 |
cmetz |
Synchronized changes needed to integrate into OpenBSD with the NRL source tree so we can have a unified netinet6 directory.
|
#
1.4 |
|
11-Jan-1999 |
deraadt |
_KERNEL, and other cleanup
|
#
1.3 |
|
10-Jan-1999 |
deraadt |
merge INPROTO_* tables
|
#
1.2 |
|
08-Jan-1999 |
deraadt |
use _KERNEL, add ipv6intrq decl
|
#
1.1 |
|
07-Jan-1999 |
deraadt |
missed file
|
#
1.105 |
|
11-Nov-2019 |
bluhm |
Kernel is missing propper input validation when configuring IPv6 addresses. Implement in6_sa2sin6() to validate inet6 address family and address length. The SIOCGIFDSTADDR_IN6, SIOCGIFNETMASK_IN6, SIOCGIFAFLAG_IN6, SIOCGIFALIFETIME_IN6, and SIOCDIFADDR_IN6 ioctl(2) are safe now. OK visa@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.104 |
|
22-Apr-2019 |
bluhm |
In in_cksum() and in6_cksum() convert types to C99 style and make both functions consistent. In in_cksum() panic if len is longer than mbuf, but in in6_cksum() do not panic if off and len match exactly to the end of mbuf. OK claudio@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.103 |
|
11-Sep-2018 |
bluhm |
Convert inetctlerrmap to u_char like inet6ctlerrmap. That is also what FreeBSD does. Remove old #if 0 version of inet6ctlerrmap. OK mpi@
|
#
1.102 |
|
07-Jun-2018 |
bluhm |
The global zero addresses must not change, mark them constant. OK tb@ visa@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.101 |
|
10-Feb-2018 |
florian |
Implement RFC 7217: "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration."
"An IPv6 address configured using this method is stable within each subnet, but the corresponding Interface Identifier changes when the host moves from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware addresses."
OK naddy, sthen
|
#
1.100 |
|
20-Nov-2017 |
mpi |
Sprinkle some NET_ASSERT_LOCKED(), const and co to prepare running pr_input handlers without KERNEL_LOCK().
ok visa@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.99 |
|
01-Sep-2017 |
florian |
Use in6_get_rand_ifid() instead of get_last_resort_ifid() and delete the get_last_resort_ifid() function because eww. Also if your system is so constraint that you end up in in6_get_rand_ifid() you don't deserve a random ifid that stays stable over reboots. Simplify code a bit since get_ifid() can no longer fail. It couldn't fail before either because that code path was #if 0'ed. While here sprinkle in some in6_ prefixes, pointed out by stsp. OK stsp
|
#
1.98 |
|
11-Aug-2017 |
bluhm |
Validate sockaddr from userland in central functions. This results in common checks for unix, inet, inet6 instead of partial checks here and there. Some checks are already done at a higher layer, but better be paranoid with user input. OK claudio@ millert@
|
#
1.97 |
|
13-Jul-2017 |
florian |
Get rid of ip6.maxifprefixes and ip6.maxifdefrouters, the kernel no longer tracks prefixes or default routers from router advertisements. Pointed out by jmc. ports tree grepping sthen, who only found nsh OK mpi, sthen
|
#
1.96 |
|
30-May-2017 |
mpi |
Keep ipv6_input() definition inside _KERNEL.
Unbreak userland, found the hardway by deraadt@
|
#
1.95 |
|
30-May-2017 |
mpi |
Introduce ipv{4,6}_input(), two wrappers around IP queues.
This will help transitionning to an un-KERNEL_LOCK()ed IP forwarding path.
Disucssed with bluhm@, ok claudio@
|
#
1.94 |
|
04-May-2017 |
bluhm |
Introduce sstosa() for converting sockaddr_storage with a type safe inline function instead of casting it to sockaddr. While there, use inline instead of __inline for all these conversions. Some struct sockaddr casts can be avoided completely. OK dhill@ mpi@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.93 |
|
22-Feb-2017 |
renato |
Fix comments about a few ipv6 sockoptions
OK millert@ florian@
|
#
1.92 |
|
22-Dec-2016 |
rzalamena |
Remove PIM support from the multicast stack.
ok mpi@
|
#
1.91 |
|
03-Oct-2016 |
mpi |
Convert some of the remaining usages of time_second to time_uptime.
time_second is unix time so it can be affected by clock changes. time_uptime is monotonic so it isnt affected by clock changes. that in turn means route expiries wont jump with clock changes if set against time_uptime.
the expiry is translated into unix time for export to userland though.
Should fix mismatch between route timers that were already converted and ND default routers that were still using time_second.
Tested by matthieu@ and sthen@
ok sthen@, dlg@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.90 |
|
27-Jun-2016 |
jca |
Implement IPV6_MINHOPCOUNT support.
Useful to implement GTSM support in daemons such as bgpd(8). Diff from 2013 revived by renato@. Input from bluhm@, ok bluhm@ deraadt@
|
#
1.89 |
|
01-Jun-2016 |
jca |
Kill sysctl net.inet6.ip6.rr_prune
We don't support Router Renumbering and there are no plans to change that. ok mpi@
|
#
1.88 |
|
19-May-2016 |
jca |
Remove sysctl net.inet6.ip6.v6only
This sysctl is a no-op, read-only since it was introduced. There are no plans to support IPv4-mapped addresses on OpenBSD, thus this sysctl is meaningless.
Noticed by djm@, ok claudio@ mpi@ sthen@ henning@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.87 |
|
03-Dec-2015 |
tedu |
rm unused kernel only IPV6_RECVRTHDRDSTOPTS sockopt. ok deraadt sthen
|
#
1.86 |
|
29-Oct-2015 |
tedu |
RFC 2292 API support was removed 9 years ago, but left in a binary compat ABI form for the sake of existing programs. no programs from that era have been able to run for quite some time. Kill it all. ok deraadt florian millert mpi (I believe this is my first IPv6 diff. Future, here I come!)
|
#
1.85 |
|
11-Sep-2015 |
claudio |
in6_embedscope() needs to lose some weight. Remove the last argument. In all but two calls NULL is passed and in the other 2 cases the ifp is only used to maybe feed it to in6_selecthlim() to select the hoplimit for the link. Since in6_embedscope() only works on link-local addresses it does not matter what hop limit we select since the destination is directly reachable. OK florian@ mpi@
|
#
1.84 |
|
10-Sep-2015 |
claudio |
It is time to put inet6 on a diet. Use the flensing knife and cut out the 3rd argument of in6_recoverscope() and make it return void. OK dlg@ mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.83 |
|
08-Jun-2015 |
krw |
More damned eye searing whitespace. No change to .o files.
|
#
1.82 |
|
14-Apr-2015 |
mikeb |
ip6_sprintf is long gone; noticed by blambert
|
#
1.81 |
|
10-Apr-2015 |
dlg |
replace the use of ifqueues for most input queues serviced by netisr with niqueues.
this change is so big because there's a lot of code that takes pointers to different input queues (eg, ether_input picks between ipv4, ipv6, pppoe, arp, and mpls input queues) and falls through to code to enqueue packets against the pointer. if i changed only one of the input queues id have to add sepearate code paths, one for ifqueues and one for niqueues in each of these places
by flipping all these input queues at once i can keep the currently common code common.
testing by mpi@ sthen@ and rafael zalamena ok mpi@ sthen@ claudio@ henning@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.80 |
|
09-Feb-2015 |
claudio |
Implement 2 sysctl to retrieve the multicast forwarding cache (mf6c) and the multicast interface table (mif6). Will be used by netstat soon. Looked over by guenther@
|
#
1.79 |
|
09-Feb-2015 |
dlg |
provide a net.inet6.ip6.ifq sysctl so people can see and fiddle with the ip6intrq.
ok claudio@
|
#
1.78 |
|
10-Jan-2015 |
mpi |
Correct some comments and merge in6_if_up() into in6_ifattach() to reflect that IPv6 link-local addresses are no longer automagically configured the first time an interface is brought up.
ok henning@, stsp@
|
#
1.77 |
|
05-Dec-2014 |
mpi |
Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.
ok mikeb@, krw@, bluhm@, tedu@
|
#
1.76 |
|
20-Nov-2014 |
mpi |
What have no need for a variable that holds the maximum MTU size of interfaces with an IPv6 address.
ok henning@, mikeb@, deraadt@
|
#
1.75 |
|
31-Aug-2014 |
bluhm |
Make the in6addr constant declarations and definitions consistent in kernel and user land. OK florian@ mpi@
|
#
1.74 |
|
26-Aug-2014 |
florian |
Do not hand-roll all routers link local address. pointed out & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.73 |
|
11-Jul-2014 |
henning |
introduce the IFXF_AUTOCONF6 interface flag which controls wether we accept rtadvs on that interface. the global net.inet6.ip6.accept_rtadv sysctl just doesn't cut it, even tho the spec wants that - but in their little absurd world, a host just has one interface by definition anyway... the sysctlgoes away. lots of head scratching, brain cell elemination etc from bluhm benno stsp florian, excitement from simon and todd, ok bluhm stsp benno florian
|
#
1.72 |
|
13-Jun-2014 |
chrisz |
Remove deprecated RFC2292 ancillary data convenience functions. They are obsoleted by the RFC3542 api.
ok mpi@
|
#
1.71 |
|
20-Apr-2014 |
naddy |
move in6_cksum_phdr from in6.h to ip6_output.c to mirror in_cksum_phdr ok henning@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.70 |
|
22-Jan-2014 |
naddy |
Split the checksum calculation for IPv6 like for IPv4: Always calculate the pseudo-header checksum. Complete the checksum if hardware offload is not available.
Parts originally from NetBSD; ok henning@
|
#
1.69 |
|
28-Oct-2013 |
deraadt |
kill kame version symbols and sysctl ports tree grep run by sthen
|
#
1.68 |
|
24-Oct-2013 |
mpi |
Remove the number of in6_var.h inclusions by moving some functions and global variables to in6.h.
ok deraadt@
|
#
1.67 |
|
24-Oct-2013 |
deraadt |
Significant namespace cleanup of netinet6 symbols.
One worrying bit is in icmp6.h where some htols() and htonl() are added, which may affect compatibility down the line. This component can be reverted if issues show up. Ports tree greps indicate no issue.
ok claudio mpi etc
|
#
1.66 |
|
21-Oct-2013 |
deraadt |
There are gasps of shock! Add a pmtu delay sysctl BUTTON for netinet6, making the code the same as netinet4 along the way. ok bluhm phessler
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.65 |
|
26-Jun-2013 |
henning |
put the cksum diff back, of course with the bug fixed where we could under some circumstances repair broken checksums on the way. ok ryan naddy mikeb . redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers.
|
#
1.64 |
|
28-Mar-2013 |
bluhm |
Convert the satosin, sintosa, ifatoia, satosin6, sin6tosa, ifatoia6 defines into static inline functions. This allows the compiler to check the source type before casting. liked by many; OK mpi@ haesbaert@
|
#
1.63 |
|
14-Mar-2013 |
mpi |
My lack of faith... These lines should stay, reported by ajacoutot@.
ok sthen@
|
#
1.62 |
|
14-Mar-2013 |
mpi |
tedu faith(4), suggested by todd@ some weeks ago after a submission by dhill.
ok krw@, mikeb@, tedu@ (implicit)
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.61 |
|
06-Nov-2012 |
henning |
backout csum diff for the moment, requested by theo
|
#
1.60 |
|
01-Nov-2012 |
henning |
redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers. ok camield sthen claudio, testing by many, thanks!
|
#
1.59 |
|
17-Sep-2012 |
yasuoka |
add IPV6_RECVDSTPORT socket option, which enables us to get original (= before divert) destination port of a UDP packet. The way to use this option is same as IP_RECVDSTPORT.
from UMEZAWA Takeshi tweaks from jmc; ok henning bluhm
|
#
1.58 |
|
15-Sep-2012 |
guenther |
Improve POSIX/SUS compliance of <netdb.h>, <sys/socket.h>, and <sys/un.h>.
Much ports testing of various versions by naddy@ and jasper@ ok matthew@, miller@
|
Revision tags: OPENBSD_5_2_BASE
|
#
1.57 |
|
10-Jul-2012 |
guenther |
Instead of <arpa/inet.h> pulling in <netinet/in.h>, just copy in the three things that it needed from there: INET_ADDRSTRLEN, INET6_ADDRSTRLEN, and struct in_addr. Add protecting #ifndefs to netinet6?/in6?.h for those.
ok deraadt@
|
#
1.56 |
|
26-Jun-2012 |
guenther |
Improve compliance for <arpa/inet.h> and <netinet/in.h> to define/declare all the symbols that POSIX says they must and fewer that they can't and, most importantly, to not require a specific ordering of headers.
ports testing by naddy@ ok millert@ deraadt@
|
Revision tags: OPENBSD_5_1_BASE
|
#
1.55 |
|
24-Nov-2011 |
sperreault |
rdomain support for IPv6 ok mikeb
|
#
1.54 |
|
13-Oct-2011 |
claudio |
Since the IPv6 madness is not enough introduce NAT64 -- which is actually "af-to" a generic IP version translator for pf(4). Not everything perfect yet but lets fix these things in the tree. Insane amount of work done by sperreault@, mikeb@ and reyk@. Looked over by mcbride@ henning@ and myself at eurobsdcon. OK mcbride@ and general put it in from deraadt@
|
Revision tags: OPENBSD_5_0_BASE
|
#
1.53 |
|
02-May-2011 |
mikeb |
recognize SO_RTABLE socket option at the SOL_SOCKET level; discussed with and ok claudio
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.52 |
|
23-Sep-2010 |
yasuoka |
add a new IP level socket option IP_PIPEX. This option is used for L2TP support by pipex. OK henning@, "Carry on" blambert@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.51 |
|
08-Jul-2010 |
jsg |
remove some unused netinet6 code ok stsp@ henning@ claudio@
|
#
1.50 |
|
07-May-2010 |
claudio |
Start cleaning up the mess called rtalloc*. Kill rtalloc2, make rtalloc1 accept flags for report and nocloning. Move the rtableid into struct route (with a minor twist for now) and make a few more codepathes rdomain aware. Appart from the pf.c and route.c bits the diff is mostly mechanical. More to come... OK michele, henning
|
#
1.49 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.48 |
|
05-Nov-2009 |
michele |
IPv6 support for divert sockets.
tested by phessler@ pyr@ ok claudio@ "go ahead" deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.47 |
|
25-Nov-2008 |
markus |
delay /etc/netstart until IPv6-DAD (dup-address-detection) is completed. ok fries, hshoexer, claudio
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.46 |
|
11-Jun-2008 |
mcbride |
From KAME, allow adjustable limits on NDP entries and discovered routes.
ok mpf naddy
|
#
1.45 |
|
09-Mar-2008 |
sobrado |
use the right capitalization for platform names
ok jsing@
|
Revision tags: OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.44 |
|
22-Jan-2007 |
miod |
Fix KAME cvsweb urls
|
#
1.43 |
|
09-Dec-2006 |
itojun |
switch IPv6 advanced API from RFC2292 to RFC3542 (2292 is superseded by 3542). the kernel still handles RFC2292 set/getsockopts, so that compiled binary has no trouble running. userland sees RFC3542 symbols only on header file so new code has to use RFC3542 API.
bump libc shlib minor for function additions.
tested on i386/amd64 by jmc, i386 by brad. checked by deraadt.
|
#
1.42 |
|
21-Nov-2006 |
itojun |
introduce sysctl net.inet6.ip6.multicast_mtudisc (for multicast routers). deraadt ok. manpage nit by jmc.
|
#
1.41 |
|
17-Nov-2006 |
itojun |
move comment to a line where it makes more sense
|
#
1.40 |
|
17-Nov-2006 |
itojun |
change semantics of ff01::/16 to interface local multicast (to sync up with more recent IPv6 spec)
ok from: deraadt mcbride
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.39 |
|
18-Jun-2006 |
pascoe |
Add support for equal-cost multipath IP.
To minimise path disruptions, this implements recommendations made in RFC2992 - the hash-threshold mechanism to select paths based on source/destination IP address pairs, and inserts multipath routes in the middle of the route table.
To enable multipath distribution, use: sysctl net.inet.ip.multipath=1 and/or: sysctl net.inet6.ip6.multipath=1
testing norby@ ok claudio@ henning@ hshoexer@
|
#
1.38 |
|
27-May-2006 |
claudio |
Do the same thing as for IPv4. Use a sysctl to enable/disable mfrowarding and additionaly make the code part of the MROUTING option. Put it in deraadt@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.37 |
|
13-Dec-2005 |
millert |
First step in include files overhaul. Use __FOO_VISIBLE (as defined in sys/cdefs.h) instead of _FOO_SOURCE. Also fix several namespace pollution issues, including the byte order defines. OK deraadt@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.36 |
|
21-Jun-2004 |
tholo |
First step towards more sane time handling in the kernel -- this changes things such that code that only need a second-resolution uptime or wall time, and used to get that from time.tv_secs or mono_time.tv_secs now get this from separate time_t globals time_second and time_uptime.
ok art@ niklas@ nordin@
|
Revision tags: SMP_SYNC_A
|
#
1.35 |
|
12-Jun-2004 |
itojun |
support IPV6_USE_MIN_MTU, to make BIND9 better. (sorry about the mess yesterday)
|
#
1.34 |
|
11-Jun-2004 |
deraadt |
back out tree breakage. Like, come on
|
#
1.33 |
|
11-Jun-2004 |
itojun |
support IPV6_USE_MIN_MTU, which is needed to run BIND9 well. from kame markus ok
|
Revision tags: OPENBSD_3_5_BASE SMP_SYNC_B
|
#
1.32 |
|
15-Feb-2004 |
markus |
switch to sysctl_int_arr(); ok itojun, henning, miod, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.31 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_A UBC_SYNC_B
|
#
1.30 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.29 |
|
07-Jun-2002 |
itojun |
mistake in sysctl table
|
#
1.28 |
|
07-Jun-2002 |
itojun |
just for consistency/compatibility, have net.inet6.ip6.v6only sysctl MIB, as well as set/getsockopt(IPV6_V6ONLY).
|
#
1.27 |
|
28-May-2002 |
itojun |
limit number of IPv6 fragments (not the fragment queue size) to fight against lots-of-frags DoS attacks. sync w/kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.26 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.25 |
|
07-Dec-2001 |
itojun |
branches: 1.25.2; whitespace/comment sync with kame
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.24 |
|
19-Sep-2001 |
itojun |
comment; sockopt # 57-59 are also reserved
|
#
1.23 |
|
22-Aug-2001 |
niklas |
Add IPCOMP setsockopt policy controls. While here fix the other policies too
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.22 |
|
30-Mar-2001 |
itojun |
fix constness of IN6_{IS,ARE}_xx macros to conform to RFC2553. sync with kame.
|
#
1.21 |
|
02-Mar-2001 |
itojun |
remove date string from KAME version identification, it is getting meaningless as we merge random items daily. have comment that refers to kame COVERAGE document. sync with kame
|
#
1.20 |
|
16-Feb-2001 |
itojun |
get rid of #ifdef IPV6FIREWALL (never used, will never be used)
|
#
1.19 |
|
16-Feb-2001 |
itojun |
pull in new pcb notification code from kame. better handling of scope address.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.18 |
|
17-Oct-2000 |
itojun |
use __P() in prototype for non-ansi compilers. From: Michael Shalayeff <mickey@lucifier.remote.dti.net>
|
#
1.17 |
|
27-Aug-2000 |
itojun |
move IPv6 IPsec sysctl # downward, to avoid number conflict in *BSD. angelos ok
|
#
1.16 |
|
16-Jul-2000 |
itojun |
don't pull sys/queue.h in. sync better with kame.
|
#
1.15 |
|
25-Jun-2000 |
aaron |
Fix typo; ds@ds.primasoft.bg
|
#
1.14 |
|
18-Jun-2000 |
itojun |
allow IPsec-related get/setsockopt on IPv6 socket. due to number conflict they must be IPV6_xx instead of IP_xx.
actually, since in_ctloutput() does not check address family of inpcb, getsockopt(IPPROTO_IP, IP_xx) may work - never tested this.
|
#
1.13 |
|
25-May-2000 |
itojun |
net.inet.ip.gif_ttl (and IPv6 counterpart) is never used. enforce type checking on IN6_ARE_ADDR_EQUAL.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.12 |
|
28-Feb-2000 |
itojun |
bring in recent KAME changes (only important and stable ones, as usual). - remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works just like "arp -s". - revise source address selection. be more careful about use of yet-to-be-valid addresses as source. - as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope packet forwarding attempt. - path MTU discovery takes care of routing header properly. - be more strict about mbuf chain parsing. - nuke xxCTL_VARS #define, they are for BSDI. - disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit IPv6 model where multiple address on interface is normal. (kernel side supports them for a while for backward compat, the support will be nuked shortly) - introduce "default outgoing interface" (for spec conformance in very rare case)
|
#
1.11 |
|
19-Feb-2000 |
deraadt |
use more modern types
|
Revision tags: SMP_BASE
|
#
1.10 |
|
09-Feb-2000 |
itojun |
branches: 1.10.2; improve RFC2553/2292 conformance. netinet6/{ip6,icmp6,in6}.h should not be included. neitnet6/{ip6,icmp6}.h includes #error statements only - i'll remove them couple of days later.
|
#
1.9 |
|
10-Dec-1999 |
angelos |
Add RCS tags, remove unused header files and code, remove a few unnecessary ifdefs...
|
Revision tags: kame_19991208
|
#
1.8 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
Revision tags: OPENBSD_2_5_BASE OPENBSD_2_6_BASE
|
#
1.7 |
|
24-Mar-1999 |
cmetz |
Replace 'in6a_words' (old NRL convention) with 's6_addr32' (new BSDI et al. convention that is more common and more specific as to the access size)
|
#
1.6 |
|
09-Mar-1999 |
cmetz |
Demangled the INET6 stuff so as not to require any extra options and not to be mutually exclusive with the IPSEC option.
|
#
1.5 |
|
24-Feb-1999 |
cmetz |
Synchronized changes needed to integrate into OpenBSD with the NRL source tree so we can have a unified netinet6 directory.
|
#
1.4 |
|
11-Jan-1999 |
deraadt |
_KERNEL, and other cleanup
|
#
1.3 |
|
10-Jan-1999 |
deraadt |
merge INPROTO_* tables
|
#
1.2 |
|
08-Jan-1999 |
deraadt |
use _KERNEL, add ipv6intrq decl
|
#
1.1 |
|
07-Jan-1999 |
deraadt |
missed file
|
#
1.104 |
|
22-Apr-2019 |
bluhm |
In in_cksum() and in6_cksum() convert types to C99 style and make both functions consistent. In in_cksum() panic if len is longer than mbuf, but in in6_cksum() do not panic if off and len match exactly to the end of mbuf. OK claudio@
|
Revision tags: OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.103 |
|
11-Sep-2018 |
bluhm |
Convert inetctlerrmap to u_char like inet6ctlerrmap. That is also what FreeBSD does. Remove old #if 0 version of inet6ctlerrmap. OK mpi@
|
#
1.102 |
|
07-Jun-2018 |
bluhm |
The global zero addresses must not change, mark them constant. OK tb@ visa@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.101 |
|
10-Feb-2018 |
florian |
Implement RFC 7217: "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration."
"An IPv6 address configured using this method is stable within each subnet, but the corresponding Interface Identifier changes when the host moves from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware addresses."
OK naddy, sthen
|
#
1.100 |
|
20-Nov-2017 |
mpi |
Sprinkle some NET_ASSERT_LOCKED(), const and co to prepare running pr_input handlers without KERNEL_LOCK().
ok visa@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.99 |
|
01-Sep-2017 |
florian |
Use in6_get_rand_ifid() instead of get_last_resort_ifid() and delete the get_last_resort_ifid() function because eww. Also if your system is so constraint that you end up in in6_get_rand_ifid() you don't deserve a random ifid that stays stable over reboots. Simplify code a bit since get_ifid() can no longer fail. It couldn't fail before either because that code path was #if 0'ed. While here sprinkle in some in6_ prefixes, pointed out by stsp. OK stsp
|
#
1.98 |
|
11-Aug-2017 |
bluhm |
Validate sockaddr from userland in central functions. This results in common checks for unix, inet, inet6 instead of partial checks here and there. Some checks are already done at a higher layer, but better be paranoid with user input. OK claudio@ millert@
|
#
1.97 |
|
13-Jul-2017 |
florian |
Get rid of ip6.maxifprefixes and ip6.maxifdefrouters, the kernel no longer tracks prefixes or default routers from router advertisements. Pointed out by jmc. ports tree grepping sthen, who only found nsh OK mpi, sthen
|
#
1.96 |
|
30-May-2017 |
mpi |
Keep ipv6_input() definition inside _KERNEL.
Unbreak userland, found the hardway by deraadt@
|
#
1.95 |
|
30-May-2017 |
mpi |
Introduce ipv{4,6}_input(), two wrappers around IP queues.
This will help transitionning to an un-KERNEL_LOCK()ed IP forwarding path.
Disucssed with bluhm@, ok claudio@
|
#
1.94 |
|
04-May-2017 |
bluhm |
Introduce sstosa() for converting sockaddr_storage with a type safe inline function instead of casting it to sockaddr. While there, use inline instead of __inline for all these conversions. Some struct sockaddr casts can be avoided completely. OK dhill@ mpi@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.93 |
|
22-Feb-2017 |
renato |
Fix comments about a few ipv6 sockoptions
OK millert@ florian@
|
#
1.92 |
|
22-Dec-2016 |
rzalamena |
Remove PIM support from the multicast stack.
ok mpi@
|
#
1.91 |
|
03-Oct-2016 |
mpi |
Convert some of the remaining usages of time_second to time_uptime.
time_second is unix time so it can be affected by clock changes. time_uptime is monotonic so it isnt affected by clock changes. that in turn means route expiries wont jump with clock changes if set against time_uptime.
the expiry is translated into unix time for export to userland though.
Should fix mismatch between route timers that were already converted and ND default routers that were still using time_second.
Tested by matthieu@ and sthen@
ok sthen@, dlg@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.90 |
|
27-Jun-2016 |
jca |
Implement IPV6_MINHOPCOUNT support.
Useful to implement GTSM support in daemons such as bgpd(8). Diff from 2013 revived by renato@. Input from bluhm@, ok bluhm@ deraadt@
|
#
1.89 |
|
01-Jun-2016 |
jca |
Kill sysctl net.inet6.ip6.rr_prune
We don't support Router Renumbering and there are no plans to change that. ok mpi@
|
#
1.88 |
|
19-May-2016 |
jca |
Remove sysctl net.inet6.ip6.v6only
This sysctl is a no-op, read-only since it was introduced. There are no plans to support IPv4-mapped addresses on OpenBSD, thus this sysctl is meaningless.
Noticed by djm@, ok claudio@ mpi@ sthen@ henning@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.87 |
|
03-Dec-2015 |
tedu |
rm unused kernel only IPV6_RECVRTHDRDSTOPTS sockopt. ok deraadt sthen
|
#
1.86 |
|
29-Oct-2015 |
tedu |
RFC 2292 API support was removed 9 years ago, but left in a binary compat ABI form for the sake of existing programs. no programs from that era have been able to run for quite some time. Kill it all. ok deraadt florian millert mpi (I believe this is my first IPv6 diff. Future, here I come!)
|
#
1.85 |
|
11-Sep-2015 |
claudio |
in6_embedscope() needs to lose some weight. Remove the last argument. In all but two calls NULL is passed and in the other 2 cases the ifp is only used to maybe feed it to in6_selecthlim() to select the hoplimit for the link. Since in6_embedscope() only works on link-local addresses it does not matter what hop limit we select since the destination is directly reachable. OK florian@ mpi@
|
#
1.84 |
|
10-Sep-2015 |
claudio |
It is time to put inet6 on a diet. Use the flensing knife and cut out the 3rd argument of in6_recoverscope() and make it return void. OK dlg@ mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.83 |
|
08-Jun-2015 |
krw |
More damned eye searing whitespace. No change to .o files.
|
#
1.82 |
|
14-Apr-2015 |
mikeb |
ip6_sprintf is long gone; noticed by blambert
|
#
1.81 |
|
10-Apr-2015 |
dlg |
replace the use of ifqueues for most input queues serviced by netisr with niqueues.
this change is so big because there's a lot of code that takes pointers to different input queues (eg, ether_input picks between ipv4, ipv6, pppoe, arp, and mpls input queues) and falls through to code to enqueue packets against the pointer. if i changed only one of the input queues id have to add sepearate code paths, one for ifqueues and one for niqueues in each of these places
by flipping all these input queues at once i can keep the currently common code common.
testing by mpi@ sthen@ and rafael zalamena ok mpi@ sthen@ claudio@ henning@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.80 |
|
09-Feb-2015 |
claudio |
Implement 2 sysctl to retrieve the multicast forwarding cache (mf6c) and the multicast interface table (mif6). Will be used by netstat soon. Looked over by guenther@
|
#
1.79 |
|
09-Feb-2015 |
dlg |
provide a net.inet6.ip6.ifq sysctl so people can see and fiddle with the ip6intrq.
ok claudio@
|
#
1.78 |
|
10-Jan-2015 |
mpi |
Correct some comments and merge in6_if_up() into in6_ifattach() to reflect that IPv6 link-local addresses are no longer automagically configured the first time an interface is brought up.
ok henning@, stsp@
|
#
1.77 |
|
05-Dec-2014 |
mpi |
Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.
ok mikeb@, krw@, bluhm@, tedu@
|
#
1.76 |
|
20-Nov-2014 |
mpi |
What have no need for a variable that holds the maximum MTU size of interfaces with an IPv6 address.
ok henning@, mikeb@, deraadt@
|
#
1.75 |
|
31-Aug-2014 |
bluhm |
Make the in6addr constant declarations and definitions consistent in kernel and user land. OK florian@ mpi@
|
#
1.74 |
|
26-Aug-2014 |
florian |
Do not hand-roll all routers link local address. pointed out & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.73 |
|
11-Jul-2014 |
henning |
introduce the IFXF_AUTOCONF6 interface flag which controls wether we accept rtadvs on that interface. the global net.inet6.ip6.accept_rtadv sysctl just doesn't cut it, even tho the spec wants that - but in their little absurd world, a host just has one interface by definition anyway... the sysctlgoes away. lots of head scratching, brain cell elemination etc from bluhm benno stsp florian, excitement from simon and todd, ok bluhm stsp benno florian
|
#
1.72 |
|
13-Jun-2014 |
chrisz |
Remove deprecated RFC2292 ancillary data convenience functions. They are obsoleted by the RFC3542 api.
ok mpi@
|
#
1.71 |
|
20-Apr-2014 |
naddy |
move in6_cksum_phdr from in6.h to ip6_output.c to mirror in_cksum_phdr ok henning@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.70 |
|
22-Jan-2014 |
naddy |
Split the checksum calculation for IPv6 like for IPv4: Always calculate the pseudo-header checksum. Complete the checksum if hardware offload is not available.
Parts originally from NetBSD; ok henning@
|
#
1.69 |
|
28-Oct-2013 |
deraadt |
kill kame version symbols and sysctl ports tree grep run by sthen
|
#
1.68 |
|
24-Oct-2013 |
mpi |
Remove the number of in6_var.h inclusions by moving some functions and global variables to in6.h.
ok deraadt@
|
#
1.67 |
|
24-Oct-2013 |
deraadt |
Significant namespace cleanup of netinet6 symbols.
One worrying bit is in icmp6.h where some htols() and htonl() are added, which may affect compatibility down the line. This component can be reverted if issues show up. Ports tree greps indicate no issue.
ok claudio mpi etc
|
#
1.66 |
|
21-Oct-2013 |
deraadt |
There are gasps of shock! Add a pmtu delay sysctl BUTTON for netinet6, making the code the same as netinet4 along the way. ok bluhm phessler
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.65 |
|
26-Jun-2013 |
henning |
put the cksum diff back, of course with the bug fixed where we could under some circumstances repair broken checksums on the way. ok ryan naddy mikeb . redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers.
|
#
1.64 |
|
28-Mar-2013 |
bluhm |
Convert the satosin, sintosa, ifatoia, satosin6, sin6tosa, ifatoia6 defines into static inline functions. This allows the compiler to check the source type before casting. liked by many; OK mpi@ haesbaert@
|
#
1.63 |
|
14-Mar-2013 |
mpi |
My lack of faith... These lines should stay, reported by ajacoutot@.
ok sthen@
|
#
1.62 |
|
14-Mar-2013 |
mpi |
tedu faith(4), suggested by todd@ some weeks ago after a submission by dhill.
ok krw@, mikeb@, tedu@ (implicit)
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.61 |
|
06-Nov-2012 |
henning |
backout csum diff for the moment, requested by theo
|
#
1.60 |
|
01-Nov-2012 |
henning |
redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers. ok camield sthen claudio, testing by many, thanks!
|
#
1.59 |
|
17-Sep-2012 |
yasuoka |
add IPV6_RECVDSTPORT socket option, which enables us to get original (= before divert) destination port of a UDP packet. The way to use this option is same as IP_RECVDSTPORT.
from UMEZAWA Takeshi tweaks from jmc; ok henning bluhm
|
#
1.58 |
|
15-Sep-2012 |
guenther |
Improve POSIX/SUS compliance of <netdb.h>, <sys/socket.h>, and <sys/un.h>.
Much ports testing of various versions by naddy@ and jasper@ ok matthew@, miller@
|
Revision tags: OPENBSD_5_2_BASE
|
#
1.57 |
|
10-Jul-2012 |
guenther |
Instead of <arpa/inet.h> pulling in <netinet/in.h>, just copy in the three things that it needed from there: INET_ADDRSTRLEN, INET6_ADDRSTRLEN, and struct in_addr. Add protecting #ifndefs to netinet6?/in6?.h for those.
ok deraadt@
|
#
1.56 |
|
26-Jun-2012 |
guenther |
Improve compliance for <arpa/inet.h> and <netinet/in.h> to define/declare all the symbols that POSIX says they must and fewer that they can't and, most importantly, to not require a specific ordering of headers.
ports testing by naddy@ ok millert@ deraadt@
|
Revision tags: OPENBSD_5_1_BASE
|
#
1.55 |
|
24-Nov-2011 |
sperreault |
rdomain support for IPv6 ok mikeb
|
#
1.54 |
|
13-Oct-2011 |
claudio |
Since the IPv6 madness is not enough introduce NAT64 -- which is actually "af-to" a generic IP version translator for pf(4). Not everything perfect yet but lets fix these things in the tree. Insane amount of work done by sperreault@, mikeb@ and reyk@. Looked over by mcbride@ henning@ and myself at eurobsdcon. OK mcbride@ and general put it in from deraadt@
|
Revision tags: OPENBSD_5_0_BASE
|
#
1.53 |
|
02-May-2011 |
mikeb |
recognize SO_RTABLE socket option at the SOL_SOCKET level; discussed with and ok claudio
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.52 |
|
23-Sep-2010 |
yasuoka |
add a new IP level socket option IP_PIPEX. This option is used for L2TP support by pipex. OK henning@, "Carry on" blambert@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.51 |
|
08-Jul-2010 |
jsg |
remove some unused netinet6 code ok stsp@ henning@ claudio@
|
#
1.50 |
|
07-May-2010 |
claudio |
Start cleaning up the mess called rtalloc*. Kill rtalloc2, make rtalloc1 accept flags for report and nocloning. Move the rtableid into struct route (with a minor twist for now) and make a few more codepathes rdomain aware. Appart from the pf.c and route.c bits the diff is mostly mechanical. More to come... OK michele, henning
|
#
1.49 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.48 |
|
05-Nov-2009 |
michele |
IPv6 support for divert sockets.
tested by phessler@ pyr@ ok claudio@ "go ahead" deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.47 |
|
25-Nov-2008 |
markus |
delay /etc/netstart until IPv6-DAD (dup-address-detection) is completed. ok fries, hshoexer, claudio
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.46 |
|
11-Jun-2008 |
mcbride |
From KAME, allow adjustable limits on NDP entries and discovered routes.
ok mpf naddy
|
#
1.45 |
|
09-Mar-2008 |
sobrado |
use the right capitalization for platform names
ok jsing@
|
Revision tags: OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.44 |
|
22-Jan-2007 |
miod |
Fix KAME cvsweb urls
|
#
1.43 |
|
09-Dec-2006 |
itojun |
switch IPv6 advanced API from RFC2292 to RFC3542 (2292 is superseded by 3542). the kernel still handles RFC2292 set/getsockopts, so that compiled binary has no trouble running. userland sees RFC3542 symbols only on header file so new code has to use RFC3542 API.
bump libc shlib minor for function additions.
tested on i386/amd64 by jmc, i386 by brad. checked by deraadt.
|
#
1.42 |
|
21-Nov-2006 |
itojun |
introduce sysctl net.inet6.ip6.multicast_mtudisc (for multicast routers). deraadt ok. manpage nit by jmc.
|
#
1.41 |
|
17-Nov-2006 |
itojun |
move comment to a line where it makes more sense
|
#
1.40 |
|
17-Nov-2006 |
itojun |
change semantics of ff01::/16 to interface local multicast (to sync up with more recent IPv6 spec)
ok from: deraadt mcbride
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.39 |
|
18-Jun-2006 |
pascoe |
Add support for equal-cost multipath IP.
To minimise path disruptions, this implements recommendations made in RFC2992 - the hash-threshold mechanism to select paths based on source/destination IP address pairs, and inserts multipath routes in the middle of the route table.
To enable multipath distribution, use: sysctl net.inet.ip.multipath=1 and/or: sysctl net.inet6.ip6.multipath=1
testing norby@ ok claudio@ henning@ hshoexer@
|
#
1.38 |
|
27-May-2006 |
claudio |
Do the same thing as for IPv4. Use a sysctl to enable/disable mfrowarding and additionaly make the code part of the MROUTING option. Put it in deraadt@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.37 |
|
13-Dec-2005 |
millert |
First step in include files overhaul. Use __FOO_VISIBLE (as defined in sys/cdefs.h) instead of _FOO_SOURCE. Also fix several namespace pollution issues, including the byte order defines. OK deraadt@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.36 |
|
21-Jun-2004 |
tholo |
First step towards more sane time handling in the kernel -- this changes things such that code that only need a second-resolution uptime or wall time, and used to get that from time.tv_secs or mono_time.tv_secs now get this from separate time_t globals time_second and time_uptime.
ok art@ niklas@ nordin@
|
Revision tags: SMP_SYNC_A
|
#
1.35 |
|
12-Jun-2004 |
itojun |
support IPV6_USE_MIN_MTU, to make BIND9 better. (sorry about the mess yesterday)
|
#
1.34 |
|
11-Jun-2004 |
deraadt |
back out tree breakage. Like, come on
|
#
1.33 |
|
11-Jun-2004 |
itojun |
support IPV6_USE_MIN_MTU, which is needed to run BIND9 well. from kame markus ok
|
Revision tags: OPENBSD_3_5_BASE SMP_SYNC_B
|
#
1.32 |
|
15-Feb-2004 |
markus |
switch to sysctl_int_arr(); ok itojun, henning, miod, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.31 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_A UBC_SYNC_B
|
#
1.30 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.29 |
|
07-Jun-2002 |
itojun |
mistake in sysctl table
|
#
1.28 |
|
07-Jun-2002 |
itojun |
just for consistency/compatibility, have net.inet6.ip6.v6only sysctl MIB, as well as set/getsockopt(IPV6_V6ONLY).
|
#
1.27 |
|
28-May-2002 |
itojun |
limit number of IPv6 fragments (not the fragment queue size) to fight against lots-of-frags DoS attacks. sync w/kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.26 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.25 |
|
07-Dec-2001 |
itojun |
branches: 1.25.2; whitespace/comment sync with kame
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.24 |
|
19-Sep-2001 |
itojun |
comment; sockopt # 57-59 are also reserved
|
#
1.23 |
|
22-Aug-2001 |
niklas |
Add IPCOMP setsockopt policy controls. While here fix the other policies too
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.22 |
|
30-Mar-2001 |
itojun |
fix constness of IN6_{IS,ARE}_xx macros to conform to RFC2553. sync with kame.
|
#
1.21 |
|
02-Mar-2001 |
itojun |
remove date string from KAME version identification, it is getting meaningless as we merge random items daily. have comment that refers to kame COVERAGE document. sync with kame
|
#
1.20 |
|
16-Feb-2001 |
itojun |
get rid of #ifdef IPV6FIREWALL (never used, will never be used)
|
#
1.19 |
|
16-Feb-2001 |
itojun |
pull in new pcb notification code from kame. better handling of scope address.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.18 |
|
17-Oct-2000 |
itojun |
use __P() in prototype for non-ansi compilers. From: Michael Shalayeff <mickey@lucifier.remote.dti.net>
|
#
1.17 |
|
27-Aug-2000 |
itojun |
move IPv6 IPsec sysctl # downward, to avoid number conflict in *BSD. angelos ok
|
#
1.16 |
|
16-Jul-2000 |
itojun |
don't pull sys/queue.h in. sync better with kame.
|
#
1.15 |
|
25-Jun-2000 |
aaron |
Fix typo; ds@ds.primasoft.bg
|
#
1.14 |
|
18-Jun-2000 |
itojun |
allow IPsec-related get/setsockopt on IPv6 socket. due to number conflict they must be IPV6_xx instead of IP_xx.
actually, since in_ctloutput() does not check address family of inpcb, getsockopt(IPPROTO_IP, IP_xx) may work - never tested this.
|
#
1.13 |
|
25-May-2000 |
itojun |
net.inet.ip.gif_ttl (and IPv6 counterpart) is never used. enforce type checking on IN6_ARE_ADDR_EQUAL.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.12 |
|
28-Feb-2000 |
itojun |
bring in recent KAME changes (only important and stable ones, as usual). - remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works just like "arp -s". - revise source address selection. be more careful about use of yet-to-be-valid addresses as source. - as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope packet forwarding attempt. - path MTU discovery takes care of routing header properly. - be more strict about mbuf chain parsing. - nuke xxCTL_VARS #define, they are for BSDI. - disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit IPv6 model where multiple address on interface is normal. (kernel side supports them for a while for backward compat, the support will be nuked shortly) - introduce "default outgoing interface" (for spec conformance in very rare case)
|
#
1.11 |
|
19-Feb-2000 |
deraadt |
use more modern types
|
Revision tags: SMP_BASE
|
#
1.10 |
|
09-Feb-2000 |
itojun |
branches: 1.10.2; improve RFC2553/2292 conformance. netinet6/{ip6,icmp6,in6}.h should not be included. neitnet6/{ip6,icmp6}.h includes #error statements only - i'll remove them couple of days later.
|
#
1.9 |
|
10-Dec-1999 |
angelos |
Add RCS tags, remove unused header files and code, remove a few unnecessary ifdefs...
|
Revision tags: kame_19991208
|
#
1.8 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
Revision tags: OPENBSD_2_5_BASE OPENBSD_2_6_BASE
|
#
1.7 |
|
24-Mar-1999 |
cmetz |
Replace 'in6a_words' (old NRL convention) with 's6_addr32' (new BSDI et al. convention that is more common and more specific as to the access size)
|
#
1.6 |
|
09-Mar-1999 |
cmetz |
Demangled the INET6 stuff so as not to require any extra options and not to be mutually exclusive with the IPSEC option.
|
#
1.5 |
|
24-Feb-1999 |
cmetz |
Synchronized changes needed to integrate into OpenBSD with the NRL source tree so we can have a unified netinet6 directory.
|
#
1.4 |
|
11-Jan-1999 |
deraadt |
_KERNEL, and other cleanup
|
#
1.3 |
|
10-Jan-1999 |
deraadt |
merge INPROTO_* tables
|
#
1.2 |
|
08-Jan-1999 |
deraadt |
use _KERNEL, add ipv6intrq decl
|
#
1.1 |
|
07-Jan-1999 |
deraadt |
missed file
|
#
1.103 |
|
11-Sep-2018 |
bluhm |
Convert inetctlerrmap to u_char like inet6ctlerrmap. That is also what FreeBSD does. Remove old #if 0 version of inet6ctlerrmap. OK mpi@
|
#
1.102 |
|
07-Jun-2018 |
bluhm |
The global zero addresses must not change, mark them constant. OK tb@ visa@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.101 |
|
10-Feb-2018 |
florian |
Implement RFC 7217: "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration."
"An IPv6 address configured using this method is stable within each subnet, but the corresponding Interface Identifier changes when the host moves from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware addresses."
OK naddy, sthen
|
#
1.100 |
|
20-Nov-2017 |
mpi |
Sprinkle some NET_ASSERT_LOCKED(), const and co to prepare running pr_input handlers without KERNEL_LOCK().
ok visa@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.99 |
|
01-Sep-2017 |
florian |
Use in6_get_rand_ifid() instead of get_last_resort_ifid() and delete the get_last_resort_ifid() function because eww. Also if your system is so constraint that you end up in in6_get_rand_ifid() you don't deserve a random ifid that stays stable over reboots. Simplify code a bit since get_ifid() can no longer fail. It couldn't fail before either because that code path was #if 0'ed. While here sprinkle in some in6_ prefixes, pointed out by stsp. OK stsp
|
#
1.98 |
|
11-Aug-2017 |
bluhm |
Validate sockaddr from userland in central functions. This results in common checks for unix, inet, inet6 instead of partial checks here and there. Some checks are already done at a higher layer, but better be paranoid with user input. OK claudio@ millert@
|
#
1.97 |
|
13-Jul-2017 |
florian |
Get rid of ip6.maxifprefixes and ip6.maxifdefrouters, the kernel no longer tracks prefixes or default routers from router advertisements. Pointed out by jmc. ports tree grepping sthen, who only found nsh OK mpi, sthen
|
#
1.96 |
|
30-May-2017 |
mpi |
Keep ipv6_input() definition inside _KERNEL.
Unbreak userland, found the hardway by deraadt@
|
#
1.95 |
|
30-May-2017 |
mpi |
Introduce ipv{4,6}_input(), two wrappers around IP queues.
This will help transitionning to an un-KERNEL_LOCK()ed IP forwarding path.
Disucssed with bluhm@, ok claudio@
|
#
1.94 |
|
04-May-2017 |
bluhm |
Introduce sstosa() for converting sockaddr_storage with a type safe inline function instead of casting it to sockaddr. While there, use inline instead of __inline for all these conversions. Some struct sockaddr casts can be avoided completely. OK dhill@ mpi@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.93 |
|
22-Feb-2017 |
renato |
Fix comments about a few ipv6 sockoptions
OK millert@ florian@
|
#
1.92 |
|
22-Dec-2016 |
rzalamena |
Remove PIM support from the multicast stack.
ok mpi@
|
#
1.91 |
|
03-Oct-2016 |
mpi |
Convert some of the remaining usages of time_second to time_uptime.
time_second is unix time so it can be affected by clock changes. time_uptime is monotonic so it isnt affected by clock changes. that in turn means route expiries wont jump with clock changes if set against time_uptime.
the expiry is translated into unix time for export to userland though.
Should fix mismatch between route timers that were already converted and ND default routers that were still using time_second.
Tested by matthieu@ and sthen@
ok sthen@, dlg@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.90 |
|
27-Jun-2016 |
jca |
Implement IPV6_MINHOPCOUNT support.
Useful to implement GTSM support in daemons such as bgpd(8). Diff from 2013 revived by renato@. Input from bluhm@, ok bluhm@ deraadt@
|
#
1.89 |
|
01-Jun-2016 |
jca |
Kill sysctl net.inet6.ip6.rr_prune
We don't support Router Renumbering and there are no plans to change that. ok mpi@
|
#
1.88 |
|
19-May-2016 |
jca |
Remove sysctl net.inet6.ip6.v6only
This sysctl is a no-op, read-only since it was introduced. There are no plans to support IPv4-mapped addresses on OpenBSD, thus this sysctl is meaningless.
Noticed by djm@, ok claudio@ mpi@ sthen@ henning@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.87 |
|
03-Dec-2015 |
tedu |
rm unused kernel only IPV6_RECVRTHDRDSTOPTS sockopt. ok deraadt sthen
|
#
1.86 |
|
29-Oct-2015 |
tedu |
RFC 2292 API support was removed 9 years ago, but left in a binary compat ABI form for the sake of existing programs. no programs from that era have been able to run for quite some time. Kill it all. ok deraadt florian millert mpi (I believe this is my first IPv6 diff. Future, here I come!)
|
#
1.85 |
|
11-Sep-2015 |
claudio |
in6_embedscope() needs to lose some weight. Remove the last argument. In all but two calls NULL is passed and in the other 2 cases the ifp is only used to maybe feed it to in6_selecthlim() to select the hoplimit for the link. Since in6_embedscope() only works on link-local addresses it does not matter what hop limit we select since the destination is directly reachable. OK florian@ mpi@
|
#
1.84 |
|
10-Sep-2015 |
claudio |
It is time to put inet6 on a diet. Use the flensing knife and cut out the 3rd argument of in6_recoverscope() and make it return void. OK dlg@ mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.83 |
|
08-Jun-2015 |
krw |
More damned eye searing whitespace. No change to .o files.
|
#
1.82 |
|
14-Apr-2015 |
mikeb |
ip6_sprintf is long gone; noticed by blambert
|
#
1.81 |
|
10-Apr-2015 |
dlg |
replace the use of ifqueues for most input queues serviced by netisr with niqueues.
this change is so big because there's a lot of code that takes pointers to different input queues (eg, ether_input picks between ipv4, ipv6, pppoe, arp, and mpls input queues) and falls through to code to enqueue packets against the pointer. if i changed only one of the input queues id have to add sepearate code paths, one for ifqueues and one for niqueues in each of these places
by flipping all these input queues at once i can keep the currently common code common.
testing by mpi@ sthen@ and rafael zalamena ok mpi@ sthen@ claudio@ henning@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.80 |
|
09-Feb-2015 |
claudio |
Implement 2 sysctl to retrieve the multicast forwarding cache (mf6c) and the multicast interface table (mif6). Will be used by netstat soon. Looked over by guenther@
|
#
1.79 |
|
09-Feb-2015 |
dlg |
provide a net.inet6.ip6.ifq sysctl so people can see and fiddle with the ip6intrq.
ok claudio@
|
#
1.78 |
|
10-Jan-2015 |
mpi |
Correct some comments and merge in6_if_up() into in6_ifattach() to reflect that IPv6 link-local addresses are no longer automagically configured the first time an interface is brought up.
ok henning@, stsp@
|
#
1.77 |
|
05-Dec-2014 |
mpi |
Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.
ok mikeb@, krw@, bluhm@, tedu@
|
#
1.76 |
|
20-Nov-2014 |
mpi |
What have no need for a variable that holds the maximum MTU size of interfaces with an IPv6 address.
ok henning@, mikeb@, deraadt@
|
#
1.75 |
|
31-Aug-2014 |
bluhm |
Make the in6addr constant declarations and definitions consistent in kernel and user land. OK florian@ mpi@
|
#
1.74 |
|
26-Aug-2014 |
florian |
Do not hand-roll all routers link local address. pointed out & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.73 |
|
11-Jul-2014 |
henning |
introduce the IFXF_AUTOCONF6 interface flag which controls wether we accept rtadvs on that interface. the global net.inet6.ip6.accept_rtadv sysctl just doesn't cut it, even tho the spec wants that - but in their little absurd world, a host just has one interface by definition anyway... the sysctlgoes away. lots of head scratching, brain cell elemination etc from bluhm benno stsp florian, excitement from simon and todd, ok bluhm stsp benno florian
|
#
1.72 |
|
13-Jun-2014 |
chrisz |
Remove deprecated RFC2292 ancillary data convenience functions. They are obsoleted by the RFC3542 api.
ok mpi@
|
#
1.71 |
|
20-Apr-2014 |
naddy |
move in6_cksum_phdr from in6.h to ip6_output.c to mirror in_cksum_phdr ok henning@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.70 |
|
22-Jan-2014 |
naddy |
Split the checksum calculation for IPv6 like for IPv4: Always calculate the pseudo-header checksum. Complete the checksum if hardware offload is not available.
Parts originally from NetBSD; ok henning@
|
#
1.69 |
|
28-Oct-2013 |
deraadt |
kill kame version symbols and sysctl ports tree grep run by sthen
|
#
1.68 |
|
24-Oct-2013 |
mpi |
Remove the number of in6_var.h inclusions by moving some functions and global variables to in6.h.
ok deraadt@
|
#
1.67 |
|
24-Oct-2013 |
deraadt |
Significant namespace cleanup of netinet6 symbols.
One worrying bit is in icmp6.h where some htols() and htonl() are added, which may affect compatibility down the line. This component can be reverted if issues show up. Ports tree greps indicate no issue.
ok claudio mpi etc
|
#
1.66 |
|
21-Oct-2013 |
deraadt |
There are gasps of shock! Add a pmtu delay sysctl BUTTON for netinet6, making the code the same as netinet4 along the way. ok bluhm phessler
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.65 |
|
26-Jun-2013 |
henning |
put the cksum diff back, of course with the bug fixed where we could under some circumstances repair broken checksums on the way. ok ryan naddy mikeb . redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers.
|
#
1.64 |
|
28-Mar-2013 |
bluhm |
Convert the satosin, sintosa, ifatoia, satosin6, sin6tosa, ifatoia6 defines into static inline functions. This allows the compiler to check the source type before casting. liked by many; OK mpi@ haesbaert@
|
#
1.63 |
|
14-Mar-2013 |
mpi |
My lack of faith... These lines should stay, reported by ajacoutot@.
ok sthen@
|
#
1.62 |
|
14-Mar-2013 |
mpi |
tedu faith(4), suggested by todd@ some weeks ago after a submission by dhill.
ok krw@, mikeb@, tedu@ (implicit)
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.61 |
|
06-Nov-2012 |
henning |
backout csum diff for the moment, requested by theo
|
#
1.60 |
|
01-Nov-2012 |
henning |
redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers. ok camield sthen claudio, testing by many, thanks!
|
#
1.59 |
|
17-Sep-2012 |
yasuoka |
add IPV6_RECVDSTPORT socket option, which enables us to get original (= before divert) destination port of a UDP packet. The way to use this option is same as IP_RECVDSTPORT.
from UMEZAWA Takeshi tweaks from jmc; ok henning bluhm
|
#
1.58 |
|
15-Sep-2012 |
guenther |
Improve POSIX/SUS compliance of <netdb.h>, <sys/socket.h>, and <sys/un.h>.
Much ports testing of various versions by naddy@ and jasper@ ok matthew@, miller@
|
Revision tags: OPENBSD_5_2_BASE
|
#
1.57 |
|
10-Jul-2012 |
guenther |
Instead of <arpa/inet.h> pulling in <netinet/in.h>, just copy in the three things that it needed from there: INET_ADDRSTRLEN, INET6_ADDRSTRLEN, and struct in_addr. Add protecting #ifndefs to netinet6?/in6?.h for those.
ok deraadt@
|
#
1.56 |
|
26-Jun-2012 |
guenther |
Improve compliance for <arpa/inet.h> and <netinet/in.h> to define/declare all the symbols that POSIX says they must and fewer that they can't and, most importantly, to not require a specific ordering of headers.
ports testing by naddy@ ok millert@ deraadt@
|
Revision tags: OPENBSD_5_1_BASE
|
#
1.55 |
|
24-Nov-2011 |
sperreault |
rdomain support for IPv6 ok mikeb
|
#
1.54 |
|
13-Oct-2011 |
claudio |
Since the IPv6 madness is not enough introduce NAT64 -- which is actually "af-to" a generic IP version translator for pf(4). Not everything perfect yet but lets fix these things in the tree. Insane amount of work done by sperreault@, mikeb@ and reyk@. Looked over by mcbride@ henning@ and myself at eurobsdcon. OK mcbride@ and general put it in from deraadt@
|
Revision tags: OPENBSD_5_0_BASE
|
#
1.53 |
|
02-May-2011 |
mikeb |
recognize SO_RTABLE socket option at the SOL_SOCKET level; discussed with and ok claudio
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.52 |
|
23-Sep-2010 |
yasuoka |
add a new IP level socket option IP_PIPEX. This option is used for L2TP support by pipex. OK henning@, "Carry on" blambert@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.51 |
|
08-Jul-2010 |
jsg |
remove some unused netinet6 code ok stsp@ henning@ claudio@
|
#
1.50 |
|
07-May-2010 |
claudio |
Start cleaning up the mess called rtalloc*. Kill rtalloc2, make rtalloc1 accept flags for report and nocloning. Move the rtableid into struct route (with a minor twist for now) and make a few more codepathes rdomain aware. Appart from the pf.c and route.c bits the diff is mostly mechanical. More to come... OK michele, henning
|
#
1.49 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.48 |
|
05-Nov-2009 |
michele |
IPv6 support for divert sockets.
tested by phessler@ pyr@ ok claudio@ "go ahead" deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.47 |
|
25-Nov-2008 |
markus |
delay /etc/netstart until IPv6-DAD (dup-address-detection) is completed. ok fries, hshoexer, claudio
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.46 |
|
11-Jun-2008 |
mcbride |
From KAME, allow adjustable limits on NDP entries and discovered routes.
ok mpf naddy
|
#
1.45 |
|
09-Mar-2008 |
sobrado |
use the right capitalization for platform names
ok jsing@
|
Revision tags: OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.44 |
|
22-Jan-2007 |
miod |
Fix KAME cvsweb urls
|
#
1.43 |
|
09-Dec-2006 |
itojun |
switch IPv6 advanced API from RFC2292 to RFC3542 (2292 is superseded by 3542). the kernel still handles RFC2292 set/getsockopts, so that compiled binary has no trouble running. userland sees RFC3542 symbols only on header file so new code has to use RFC3542 API.
bump libc shlib minor for function additions.
tested on i386/amd64 by jmc, i386 by brad. checked by deraadt.
|
#
1.42 |
|
21-Nov-2006 |
itojun |
introduce sysctl net.inet6.ip6.multicast_mtudisc (for multicast routers). deraadt ok. manpage nit by jmc.
|
#
1.41 |
|
17-Nov-2006 |
itojun |
move comment to a line where it makes more sense
|
#
1.40 |
|
17-Nov-2006 |
itojun |
change semantics of ff01::/16 to interface local multicast (to sync up with more recent IPv6 spec)
ok from: deraadt mcbride
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.39 |
|
18-Jun-2006 |
pascoe |
Add support for equal-cost multipath IP.
To minimise path disruptions, this implements recommendations made in RFC2992 - the hash-threshold mechanism to select paths based on source/destination IP address pairs, and inserts multipath routes in the middle of the route table.
To enable multipath distribution, use: sysctl net.inet.ip.multipath=1 and/or: sysctl net.inet6.ip6.multipath=1
testing norby@ ok claudio@ henning@ hshoexer@
|
#
1.38 |
|
27-May-2006 |
claudio |
Do the same thing as for IPv4. Use a sysctl to enable/disable mfrowarding and additionaly make the code part of the MROUTING option. Put it in deraadt@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.37 |
|
13-Dec-2005 |
millert |
First step in include files overhaul. Use __FOO_VISIBLE (as defined in sys/cdefs.h) instead of _FOO_SOURCE. Also fix several namespace pollution issues, including the byte order defines. OK deraadt@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.36 |
|
21-Jun-2004 |
tholo |
First step towards more sane time handling in the kernel -- this changes things such that code that only need a second-resolution uptime or wall time, and used to get that from time.tv_secs or mono_time.tv_secs now get this from separate time_t globals time_second and time_uptime.
ok art@ niklas@ nordin@
|
Revision tags: SMP_SYNC_A
|
#
1.35 |
|
12-Jun-2004 |
itojun |
support IPV6_USE_MIN_MTU, to make BIND9 better. (sorry about the mess yesterday)
|
#
1.34 |
|
11-Jun-2004 |
deraadt |
back out tree breakage. Like, come on
|
#
1.33 |
|
11-Jun-2004 |
itojun |
support IPV6_USE_MIN_MTU, which is needed to run BIND9 well. from kame markus ok
|
Revision tags: OPENBSD_3_5_BASE SMP_SYNC_B
|
#
1.32 |
|
15-Feb-2004 |
markus |
switch to sysctl_int_arr(); ok itojun, henning, miod, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.31 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_A UBC_SYNC_B
|
#
1.30 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.29 |
|
07-Jun-2002 |
itojun |
mistake in sysctl table
|
#
1.28 |
|
07-Jun-2002 |
itojun |
just for consistency/compatibility, have net.inet6.ip6.v6only sysctl MIB, as well as set/getsockopt(IPV6_V6ONLY).
|
#
1.27 |
|
28-May-2002 |
itojun |
limit number of IPv6 fragments (not the fragment queue size) to fight against lots-of-frags DoS attacks. sync w/kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.26 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.25 |
|
07-Dec-2001 |
itojun |
branches: 1.25.2; whitespace/comment sync with kame
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.24 |
|
19-Sep-2001 |
itojun |
comment; sockopt # 57-59 are also reserved
|
#
1.23 |
|
22-Aug-2001 |
niklas |
Add IPCOMP setsockopt policy controls. While here fix the other policies too
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.22 |
|
30-Mar-2001 |
itojun |
fix constness of IN6_{IS,ARE}_xx macros to conform to RFC2553. sync with kame.
|
#
1.21 |
|
02-Mar-2001 |
itojun |
remove date string from KAME version identification, it is getting meaningless as we merge random items daily. have comment that refers to kame COVERAGE document. sync with kame
|
#
1.20 |
|
16-Feb-2001 |
itojun |
get rid of #ifdef IPV6FIREWALL (never used, will never be used)
|
#
1.19 |
|
16-Feb-2001 |
itojun |
pull in new pcb notification code from kame. better handling of scope address.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.18 |
|
17-Oct-2000 |
itojun |
use __P() in prototype for non-ansi compilers. From: Michael Shalayeff <mickey@lucifier.remote.dti.net>
|
#
1.17 |
|
27-Aug-2000 |
itojun |
move IPv6 IPsec sysctl # downward, to avoid number conflict in *BSD. angelos ok
|
#
1.16 |
|
16-Jul-2000 |
itojun |
don't pull sys/queue.h in. sync better with kame.
|
#
1.15 |
|
25-Jun-2000 |
aaron |
Fix typo; ds@ds.primasoft.bg
|
#
1.14 |
|
18-Jun-2000 |
itojun |
allow IPsec-related get/setsockopt on IPv6 socket. due to number conflict they must be IPV6_xx instead of IP_xx.
actually, since in_ctloutput() does not check address family of inpcb, getsockopt(IPPROTO_IP, IP_xx) may work - never tested this.
|
#
1.13 |
|
25-May-2000 |
itojun |
net.inet.ip.gif_ttl (and IPv6 counterpart) is never used. enforce type checking on IN6_ARE_ADDR_EQUAL.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.12 |
|
28-Feb-2000 |
itojun |
bring in recent KAME changes (only important and stable ones, as usual). - remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works just like "arp -s". - revise source address selection. be more careful about use of yet-to-be-valid addresses as source. - as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope packet forwarding attempt. - path MTU discovery takes care of routing header properly. - be more strict about mbuf chain parsing. - nuke xxCTL_VARS #define, they are for BSDI. - disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit IPv6 model where multiple address on interface is normal. (kernel side supports them for a while for backward compat, the support will be nuked shortly) - introduce "default outgoing interface" (for spec conformance in very rare case)
|
#
1.11 |
|
19-Feb-2000 |
deraadt |
use more modern types
|
Revision tags: SMP_BASE
|
#
1.10 |
|
09-Feb-2000 |
itojun |
branches: 1.10.2; improve RFC2553/2292 conformance. netinet6/{ip6,icmp6,in6}.h should not be included. neitnet6/{ip6,icmp6}.h includes #error statements only - i'll remove them couple of days later.
|
#
1.9 |
|
10-Dec-1999 |
angelos |
Add RCS tags, remove unused header files and code, remove a few unnecessary ifdefs...
|
Revision tags: kame_19991208
|
#
1.8 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
Revision tags: OPENBSD_2_5_BASE OPENBSD_2_6_BASE
|
#
1.7 |
|
24-Mar-1999 |
cmetz |
Replace 'in6a_words' (old NRL convention) with 's6_addr32' (new BSDI et al. convention that is more common and more specific as to the access size)
|
#
1.6 |
|
09-Mar-1999 |
cmetz |
Demangled the INET6 stuff so as not to require any extra options and not to be mutually exclusive with the IPSEC option.
|
#
1.5 |
|
24-Feb-1999 |
cmetz |
Synchronized changes needed to integrate into OpenBSD with the NRL source tree so we can have a unified netinet6 directory.
|
#
1.4 |
|
11-Jan-1999 |
deraadt |
_KERNEL, and other cleanup
|
#
1.3 |
|
10-Jan-1999 |
deraadt |
merge INPROTO_* tables
|
#
1.2 |
|
08-Jan-1999 |
deraadt |
use _KERNEL, add ipv6intrq decl
|
#
1.1 |
|
07-Jan-1999 |
deraadt |
missed file
|
#
1.102 |
|
07-Jun-2018 |
bluhm |
The global zero addresses must not change, mark them constant. OK tb@ visa@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.101 |
|
10-Feb-2018 |
florian |
Implement RFC 7217: "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration."
"An IPv6 address configured using this method is stable within each subnet, but the corresponding Interface Identifier changes when the host moves from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware addresses."
OK naddy, sthen
|
#
1.100 |
|
20-Nov-2017 |
mpi |
Sprinkle some NET_ASSERT_LOCKED(), const and co to prepare running pr_input handlers without KERNEL_LOCK().
ok visa@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.99 |
|
01-Sep-2017 |
florian |
Use in6_get_rand_ifid() instead of get_last_resort_ifid() and delete the get_last_resort_ifid() function because eww. Also if your system is so constraint that you end up in in6_get_rand_ifid() you don't deserve a random ifid that stays stable over reboots. Simplify code a bit since get_ifid() can no longer fail. It couldn't fail before either because that code path was #if 0'ed. While here sprinkle in some in6_ prefixes, pointed out by stsp. OK stsp
|
#
1.98 |
|
11-Aug-2017 |
bluhm |
Validate sockaddr from userland in central functions. This results in common checks for unix, inet, inet6 instead of partial checks here and there. Some checks are already done at a higher layer, but better be paranoid with user input. OK claudio@ millert@
|
#
1.97 |
|
13-Jul-2017 |
florian |
Get rid of ip6.maxifprefixes and ip6.maxifdefrouters, the kernel no longer tracks prefixes or default routers from router advertisements. Pointed out by jmc. ports tree grepping sthen, who only found nsh OK mpi, sthen
|
#
1.96 |
|
30-May-2017 |
mpi |
Keep ipv6_input() definition inside _KERNEL.
Unbreak userland, found the hardway by deraadt@
|
#
1.95 |
|
30-May-2017 |
mpi |
Introduce ipv{4,6}_input(), two wrappers around IP queues.
This will help transitionning to an un-KERNEL_LOCK()ed IP forwarding path.
Disucssed with bluhm@, ok claudio@
|
#
1.94 |
|
04-May-2017 |
bluhm |
Introduce sstosa() for converting sockaddr_storage with a type safe inline function instead of casting it to sockaddr. While there, use inline instead of __inline for all these conversions. Some struct sockaddr casts can be avoided completely. OK dhill@ mpi@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.93 |
|
22-Feb-2017 |
renato |
Fix comments about a few ipv6 sockoptions
OK millert@ florian@
|
#
1.92 |
|
22-Dec-2016 |
rzalamena |
Remove PIM support from the multicast stack.
ok mpi@
|
#
1.91 |
|
03-Oct-2016 |
mpi |
Convert some of the remaining usages of time_second to time_uptime.
time_second is unix time so it can be affected by clock changes. time_uptime is monotonic so it isnt affected by clock changes. that in turn means route expiries wont jump with clock changes if set against time_uptime.
the expiry is translated into unix time for export to userland though.
Should fix mismatch between route timers that were already converted and ND default routers that were still using time_second.
Tested by matthieu@ and sthen@
ok sthen@, dlg@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.90 |
|
27-Jun-2016 |
jca |
Implement IPV6_MINHOPCOUNT support.
Useful to implement GTSM support in daemons such as bgpd(8). Diff from 2013 revived by renato@. Input from bluhm@, ok bluhm@ deraadt@
|
#
1.89 |
|
01-Jun-2016 |
jca |
Kill sysctl net.inet6.ip6.rr_prune
We don't support Router Renumbering and there are no plans to change that. ok mpi@
|
#
1.88 |
|
19-May-2016 |
jca |
Remove sysctl net.inet6.ip6.v6only
This sysctl is a no-op, read-only since it was introduced. There are no plans to support IPv4-mapped addresses on OpenBSD, thus this sysctl is meaningless.
Noticed by djm@, ok claudio@ mpi@ sthen@ henning@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.87 |
|
03-Dec-2015 |
tedu |
rm unused kernel only IPV6_RECVRTHDRDSTOPTS sockopt. ok deraadt sthen
|
#
1.86 |
|
29-Oct-2015 |
tedu |
RFC 2292 API support was removed 9 years ago, but left in a binary compat ABI form for the sake of existing programs. no programs from that era have been able to run for quite some time. Kill it all. ok deraadt florian millert mpi (I believe this is my first IPv6 diff. Future, here I come!)
|
#
1.85 |
|
11-Sep-2015 |
claudio |
in6_embedscope() needs to lose some weight. Remove the last argument. In all but two calls NULL is passed and in the other 2 cases the ifp is only used to maybe feed it to in6_selecthlim() to select the hoplimit for the link. Since in6_embedscope() only works on link-local addresses it does not matter what hop limit we select since the destination is directly reachable. OK florian@ mpi@
|
#
1.84 |
|
10-Sep-2015 |
claudio |
It is time to put inet6 on a diet. Use the flensing knife and cut out the 3rd argument of in6_recoverscope() and make it return void. OK dlg@ mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.83 |
|
08-Jun-2015 |
krw |
More damned eye searing whitespace. No change to .o files.
|
#
1.82 |
|
14-Apr-2015 |
mikeb |
ip6_sprintf is long gone; noticed by blambert
|
#
1.81 |
|
10-Apr-2015 |
dlg |
replace the use of ifqueues for most input queues serviced by netisr with niqueues.
this change is so big because there's a lot of code that takes pointers to different input queues (eg, ether_input picks between ipv4, ipv6, pppoe, arp, and mpls input queues) and falls through to code to enqueue packets against the pointer. if i changed only one of the input queues id have to add sepearate code paths, one for ifqueues and one for niqueues in each of these places
by flipping all these input queues at once i can keep the currently common code common.
testing by mpi@ sthen@ and rafael zalamena ok mpi@ sthen@ claudio@ henning@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.80 |
|
09-Feb-2015 |
claudio |
Implement 2 sysctl to retrieve the multicast forwarding cache (mf6c) and the multicast interface table (mif6). Will be used by netstat soon. Looked over by guenther@
|
#
1.79 |
|
09-Feb-2015 |
dlg |
provide a net.inet6.ip6.ifq sysctl so people can see and fiddle with the ip6intrq.
ok claudio@
|
#
1.78 |
|
10-Jan-2015 |
mpi |
Correct some comments and merge in6_if_up() into in6_ifattach() to reflect that IPv6 link-local addresses are no longer automagically configured the first time an interface is brought up.
ok henning@, stsp@
|
#
1.77 |
|
05-Dec-2014 |
mpi |
Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.
ok mikeb@, krw@, bluhm@, tedu@
|
#
1.76 |
|
20-Nov-2014 |
mpi |
What have no need for a variable that holds the maximum MTU size of interfaces with an IPv6 address.
ok henning@, mikeb@, deraadt@
|
#
1.75 |
|
31-Aug-2014 |
bluhm |
Make the in6addr constant declarations and definitions consistent in kernel and user land. OK florian@ mpi@
|
#
1.74 |
|
26-Aug-2014 |
florian |
Do not hand-roll all routers link local address. pointed out & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.73 |
|
11-Jul-2014 |
henning |
introduce the IFXF_AUTOCONF6 interface flag which controls wether we accept rtadvs on that interface. the global net.inet6.ip6.accept_rtadv sysctl just doesn't cut it, even tho the spec wants that - but in their little absurd world, a host just has one interface by definition anyway... the sysctlgoes away. lots of head scratching, brain cell elemination etc from bluhm benno stsp florian, excitement from simon and todd, ok bluhm stsp benno florian
|
#
1.72 |
|
13-Jun-2014 |
chrisz |
Remove deprecated RFC2292 ancillary data convenience functions. They are obsoleted by the RFC3542 api.
ok mpi@
|
#
1.71 |
|
20-Apr-2014 |
naddy |
move in6_cksum_phdr from in6.h to ip6_output.c to mirror in_cksum_phdr ok henning@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.70 |
|
22-Jan-2014 |
naddy |
Split the checksum calculation for IPv6 like for IPv4: Always calculate the pseudo-header checksum. Complete the checksum if hardware offload is not available.
Parts originally from NetBSD; ok henning@
|
#
1.69 |
|
28-Oct-2013 |
deraadt |
kill kame version symbols and sysctl ports tree grep run by sthen
|
#
1.68 |
|
24-Oct-2013 |
mpi |
Remove the number of in6_var.h inclusions by moving some functions and global variables to in6.h.
ok deraadt@
|
#
1.67 |
|
24-Oct-2013 |
deraadt |
Significant namespace cleanup of netinet6 symbols.
One worrying bit is in icmp6.h where some htols() and htonl() are added, which may affect compatibility down the line. This component can be reverted if issues show up. Ports tree greps indicate no issue.
ok claudio mpi etc
|
#
1.66 |
|
21-Oct-2013 |
deraadt |
There are gasps of shock! Add a pmtu delay sysctl BUTTON for netinet6, making the code the same as netinet4 along the way. ok bluhm phessler
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.65 |
|
26-Jun-2013 |
henning |
put the cksum diff back, of course with the bug fixed where we could under some circumstances repair broken checksums on the way. ok ryan naddy mikeb . redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers.
|
#
1.64 |
|
28-Mar-2013 |
bluhm |
Convert the satosin, sintosa, ifatoia, satosin6, sin6tosa, ifatoia6 defines into static inline functions. This allows the compiler to check the source type before casting. liked by many; OK mpi@ haesbaert@
|
#
1.63 |
|
14-Mar-2013 |
mpi |
My lack of faith... These lines should stay, reported by ajacoutot@.
ok sthen@
|
#
1.62 |
|
14-Mar-2013 |
mpi |
tedu faith(4), suggested by todd@ some weeks ago after a submission by dhill.
ok krw@, mikeb@, tedu@ (implicit)
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.61 |
|
06-Nov-2012 |
henning |
backout csum diff for the moment, requested by theo
|
#
1.60 |
|
01-Nov-2012 |
henning |
redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers. ok camield sthen claudio, testing by many, thanks!
|
#
1.59 |
|
17-Sep-2012 |
yasuoka |
add IPV6_RECVDSTPORT socket option, which enables us to get original (= before divert) destination port of a UDP packet. The way to use this option is same as IP_RECVDSTPORT.
from UMEZAWA Takeshi tweaks from jmc; ok henning bluhm
|
#
1.58 |
|
15-Sep-2012 |
guenther |
Improve POSIX/SUS compliance of <netdb.h>, <sys/socket.h>, and <sys/un.h>.
Much ports testing of various versions by naddy@ and jasper@ ok matthew@, miller@
|
Revision tags: OPENBSD_5_2_BASE
|
#
1.57 |
|
10-Jul-2012 |
guenther |
Instead of <arpa/inet.h> pulling in <netinet/in.h>, just copy in the three things that it needed from there: INET_ADDRSTRLEN, INET6_ADDRSTRLEN, and struct in_addr. Add protecting #ifndefs to netinet6?/in6?.h for those.
ok deraadt@
|
#
1.56 |
|
26-Jun-2012 |
guenther |
Improve compliance for <arpa/inet.h> and <netinet/in.h> to define/declare all the symbols that POSIX says they must and fewer that they can't and, most importantly, to not require a specific ordering of headers.
ports testing by naddy@ ok millert@ deraadt@
|
Revision tags: OPENBSD_5_1_BASE
|
#
1.55 |
|
24-Nov-2011 |
sperreault |
rdomain support for IPv6 ok mikeb
|
#
1.54 |
|
13-Oct-2011 |
claudio |
Since the IPv6 madness is not enough introduce NAT64 -- which is actually "af-to" a generic IP version translator for pf(4). Not everything perfect yet but lets fix these things in the tree. Insane amount of work done by sperreault@, mikeb@ and reyk@. Looked over by mcbride@ henning@ and myself at eurobsdcon. OK mcbride@ and general put it in from deraadt@
|
Revision tags: OPENBSD_5_0_BASE
|
#
1.53 |
|
02-May-2011 |
mikeb |
recognize SO_RTABLE socket option at the SOL_SOCKET level; discussed with and ok claudio
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.52 |
|
23-Sep-2010 |
yasuoka |
add a new IP level socket option IP_PIPEX. This option is used for L2TP support by pipex. OK henning@, "Carry on" blambert@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.51 |
|
08-Jul-2010 |
jsg |
remove some unused netinet6 code ok stsp@ henning@ claudio@
|
#
1.50 |
|
07-May-2010 |
claudio |
Start cleaning up the mess called rtalloc*. Kill rtalloc2, make rtalloc1 accept flags for report and nocloning. Move the rtableid into struct route (with a minor twist for now) and make a few more codepathes rdomain aware. Appart from the pf.c and route.c bits the diff is mostly mechanical. More to come... OK michele, henning
|
#
1.49 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.48 |
|
05-Nov-2009 |
michele |
IPv6 support for divert sockets.
tested by phessler@ pyr@ ok claudio@ "go ahead" deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.47 |
|
25-Nov-2008 |
markus |
delay /etc/netstart until IPv6-DAD (dup-address-detection) is completed. ok fries, hshoexer, claudio
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.46 |
|
11-Jun-2008 |
mcbride |
From KAME, allow adjustable limits on NDP entries and discovered routes.
ok mpf naddy
|
#
1.45 |
|
09-Mar-2008 |
sobrado |
use the right capitalization for platform names
ok jsing@
|
Revision tags: OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.44 |
|
22-Jan-2007 |
miod |
Fix KAME cvsweb urls
|
#
1.43 |
|
09-Dec-2006 |
itojun |
switch IPv6 advanced API from RFC2292 to RFC3542 (2292 is superseded by 3542). the kernel still handles RFC2292 set/getsockopts, so that compiled binary has no trouble running. userland sees RFC3542 symbols only on header file so new code has to use RFC3542 API.
bump libc shlib minor for function additions.
tested on i386/amd64 by jmc, i386 by brad. checked by deraadt.
|
#
1.42 |
|
21-Nov-2006 |
itojun |
introduce sysctl net.inet6.ip6.multicast_mtudisc (for multicast routers). deraadt ok. manpage nit by jmc.
|
#
1.41 |
|
17-Nov-2006 |
itojun |
move comment to a line where it makes more sense
|
#
1.40 |
|
17-Nov-2006 |
itojun |
change semantics of ff01::/16 to interface local multicast (to sync up with more recent IPv6 spec)
ok from: deraadt mcbride
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.39 |
|
18-Jun-2006 |
pascoe |
Add support for equal-cost multipath IP.
To minimise path disruptions, this implements recommendations made in RFC2992 - the hash-threshold mechanism to select paths based on source/destination IP address pairs, and inserts multipath routes in the middle of the route table.
To enable multipath distribution, use: sysctl net.inet.ip.multipath=1 and/or: sysctl net.inet6.ip6.multipath=1
testing norby@ ok claudio@ henning@ hshoexer@
|
#
1.38 |
|
27-May-2006 |
claudio |
Do the same thing as for IPv4. Use a sysctl to enable/disable mfrowarding and additionaly make the code part of the MROUTING option. Put it in deraadt@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.37 |
|
13-Dec-2005 |
millert |
First step in include files overhaul. Use __FOO_VISIBLE (as defined in sys/cdefs.h) instead of _FOO_SOURCE. Also fix several namespace pollution issues, including the byte order defines. OK deraadt@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.36 |
|
21-Jun-2004 |
tholo |
First step towards more sane time handling in the kernel -- this changes things such that code that only need a second-resolution uptime or wall time, and used to get that from time.tv_secs or mono_time.tv_secs now get this from separate time_t globals time_second and time_uptime.
ok art@ niklas@ nordin@
|
Revision tags: SMP_SYNC_A
|
#
1.35 |
|
12-Jun-2004 |
itojun |
support IPV6_USE_MIN_MTU, to make BIND9 better. (sorry about the mess yesterday)
|
#
1.34 |
|
11-Jun-2004 |
deraadt |
back out tree breakage. Like, come on
|
#
1.33 |
|
11-Jun-2004 |
itojun |
support IPV6_USE_MIN_MTU, which is needed to run BIND9 well. from kame markus ok
|
Revision tags: OPENBSD_3_5_BASE SMP_SYNC_B
|
#
1.32 |
|
15-Feb-2004 |
markus |
switch to sysctl_int_arr(); ok itojun, henning, miod, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.31 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_A UBC_SYNC_B
|
#
1.30 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.29 |
|
07-Jun-2002 |
itojun |
mistake in sysctl table
|
#
1.28 |
|
07-Jun-2002 |
itojun |
just for consistency/compatibility, have net.inet6.ip6.v6only sysctl MIB, as well as set/getsockopt(IPV6_V6ONLY).
|
#
1.27 |
|
28-May-2002 |
itojun |
limit number of IPv6 fragments (not the fragment queue size) to fight against lots-of-frags DoS attacks. sync w/kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.26 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.25 |
|
07-Dec-2001 |
itojun |
branches: 1.25.2; whitespace/comment sync with kame
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.24 |
|
19-Sep-2001 |
itojun |
comment; sockopt # 57-59 are also reserved
|
#
1.23 |
|
22-Aug-2001 |
niklas |
Add IPCOMP setsockopt policy controls. While here fix the other policies too
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.22 |
|
30-Mar-2001 |
itojun |
fix constness of IN6_{IS,ARE}_xx macros to conform to RFC2553. sync with kame.
|
#
1.21 |
|
02-Mar-2001 |
itojun |
remove date string from KAME version identification, it is getting meaningless as we merge random items daily. have comment that refers to kame COVERAGE document. sync with kame
|
#
1.20 |
|
16-Feb-2001 |
itojun |
get rid of #ifdef IPV6FIREWALL (never used, will never be used)
|
#
1.19 |
|
16-Feb-2001 |
itojun |
pull in new pcb notification code from kame. better handling of scope address.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.18 |
|
17-Oct-2000 |
itojun |
use __P() in prototype for non-ansi compilers. From: Michael Shalayeff <mickey@lucifier.remote.dti.net>
|
#
1.17 |
|
27-Aug-2000 |
itojun |
move IPv6 IPsec sysctl # downward, to avoid number conflict in *BSD. angelos ok
|
#
1.16 |
|
16-Jul-2000 |
itojun |
don't pull sys/queue.h in. sync better with kame.
|
#
1.15 |
|
25-Jun-2000 |
aaron |
Fix typo; ds@ds.primasoft.bg
|
#
1.14 |
|
18-Jun-2000 |
itojun |
allow IPsec-related get/setsockopt on IPv6 socket. due to number conflict they must be IPV6_xx instead of IP_xx.
actually, since in_ctloutput() does not check address family of inpcb, getsockopt(IPPROTO_IP, IP_xx) may work - never tested this.
|
#
1.13 |
|
25-May-2000 |
itojun |
net.inet.ip.gif_ttl (and IPv6 counterpart) is never used. enforce type checking on IN6_ARE_ADDR_EQUAL.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.12 |
|
28-Feb-2000 |
itojun |
bring in recent KAME changes (only important and stable ones, as usual). - remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works just like "arp -s". - revise source address selection. be more careful about use of yet-to-be-valid addresses as source. - as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope packet forwarding attempt. - path MTU discovery takes care of routing header properly. - be more strict about mbuf chain parsing. - nuke xxCTL_VARS #define, they are for BSDI. - disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit IPv6 model where multiple address on interface is normal. (kernel side supports them for a while for backward compat, the support will be nuked shortly) - introduce "default outgoing interface" (for spec conformance in very rare case)
|
#
1.11 |
|
19-Feb-2000 |
deraadt |
use more modern types
|
Revision tags: SMP_BASE
|
#
1.10 |
|
09-Feb-2000 |
itojun |
branches: 1.10.2; improve RFC2553/2292 conformance. netinet6/{ip6,icmp6,in6}.h should not be included. neitnet6/{ip6,icmp6}.h includes #error statements only - i'll remove them couple of days later.
|
#
1.9 |
|
10-Dec-1999 |
angelos |
Add RCS tags, remove unused header files and code, remove a few unnecessary ifdefs...
|
Revision tags: kame_19991208
|
#
1.8 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
Revision tags: OPENBSD_2_5_BASE OPENBSD_2_6_BASE
|
#
1.7 |
|
24-Mar-1999 |
cmetz |
Replace 'in6a_words' (old NRL convention) with 's6_addr32' (new BSDI et al. convention that is more common and more specific as to the access size)
|
#
1.6 |
|
09-Mar-1999 |
cmetz |
Demangled the INET6 stuff so as not to require any extra options and not to be mutually exclusive with the IPSEC option.
|
#
1.5 |
|
24-Feb-1999 |
cmetz |
Synchronized changes needed to integrate into OpenBSD with the NRL source tree so we can have a unified netinet6 directory.
|
#
1.4 |
|
11-Jan-1999 |
deraadt |
_KERNEL, and other cleanup
|
#
1.3 |
|
10-Jan-1999 |
deraadt |
merge INPROTO_* tables
|
#
1.2 |
|
08-Jan-1999 |
deraadt |
use _KERNEL, add ipv6intrq decl
|
#
1.1 |
|
07-Jan-1999 |
deraadt |
missed file
|
#
1.101 |
|
10-Feb-2018 |
florian |
Implement RFC 7217: "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration."
"An IPv6 address configured using this method is stable within each subnet, but the corresponding Interface Identifier changes when the host moves from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware addresses."
OK naddy, sthen
|
#
1.100 |
|
20-Nov-2017 |
mpi |
Sprinkle some NET_ASSERT_LOCKED(), const and co to prepare running pr_input handlers without KERNEL_LOCK().
ok visa@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.99 |
|
01-Sep-2017 |
florian |
Use in6_get_rand_ifid() instead of get_last_resort_ifid() and delete the get_last_resort_ifid() function because eww. Also if your system is so constraint that you end up in in6_get_rand_ifid() you don't deserve a random ifid that stays stable over reboots. Simplify code a bit since get_ifid() can no longer fail. It couldn't fail before either because that code path was #if 0'ed. While here sprinkle in some in6_ prefixes, pointed out by stsp. OK stsp
|
#
1.98 |
|
11-Aug-2017 |
bluhm |
Validate sockaddr from userland in central functions. This results in common checks for unix, inet, inet6 instead of partial checks here and there. Some checks are already done at a higher layer, but better be paranoid with user input. OK claudio@ millert@
|
#
1.97 |
|
13-Jul-2017 |
florian |
Get rid of ip6.maxifprefixes and ip6.maxifdefrouters, the kernel no longer tracks prefixes or default routers from router advertisements. Pointed out by jmc. ports tree grepping sthen, who only found nsh OK mpi, sthen
|
#
1.96 |
|
30-May-2017 |
mpi |
Keep ipv6_input() definition inside _KERNEL.
Unbreak userland, found the hardway by deraadt@
|
#
1.95 |
|
30-May-2017 |
mpi |
Introduce ipv{4,6}_input(), two wrappers around IP queues.
This will help transitionning to an un-KERNEL_LOCK()ed IP forwarding path.
Disucssed with bluhm@, ok claudio@
|
#
1.94 |
|
04-May-2017 |
bluhm |
Introduce sstosa() for converting sockaddr_storage with a type safe inline function instead of casting it to sockaddr. While there, use inline instead of __inline for all these conversions. Some struct sockaddr casts can be avoided completely. OK dhill@ mpi@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.93 |
|
22-Feb-2017 |
renato |
Fix comments about a few ipv6 sockoptions
OK millert@ florian@
|
#
1.92 |
|
22-Dec-2016 |
rzalamena |
Remove PIM support from the multicast stack.
ok mpi@
|
#
1.91 |
|
03-Oct-2016 |
mpi |
Convert some of the remaining usages of time_second to time_uptime.
time_second is unix time so it can be affected by clock changes. time_uptime is monotonic so it isnt affected by clock changes. that in turn means route expiries wont jump with clock changes if set against time_uptime.
the expiry is translated into unix time for export to userland though.
Should fix mismatch between route timers that were already converted and ND default routers that were still using time_second.
Tested by matthieu@ and sthen@
ok sthen@, dlg@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.90 |
|
27-Jun-2016 |
jca |
Implement IPV6_MINHOPCOUNT support.
Useful to implement GTSM support in daemons such as bgpd(8). Diff from 2013 revived by renato@. Input from bluhm@, ok bluhm@ deraadt@
|
#
1.89 |
|
01-Jun-2016 |
jca |
Kill sysctl net.inet6.ip6.rr_prune
We don't support Router Renumbering and there are no plans to change that. ok mpi@
|
#
1.88 |
|
19-May-2016 |
jca |
Remove sysctl net.inet6.ip6.v6only
This sysctl is a no-op, read-only since it was introduced. There are no plans to support IPv4-mapped addresses on OpenBSD, thus this sysctl is meaningless.
Noticed by djm@, ok claudio@ mpi@ sthen@ henning@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.87 |
|
03-Dec-2015 |
tedu |
rm unused kernel only IPV6_RECVRTHDRDSTOPTS sockopt. ok deraadt sthen
|
#
1.86 |
|
29-Oct-2015 |
tedu |
RFC 2292 API support was removed 9 years ago, but left in a binary compat ABI form for the sake of existing programs. no programs from that era have been able to run for quite some time. Kill it all. ok deraadt florian millert mpi (I believe this is my first IPv6 diff. Future, here I come!)
|
#
1.85 |
|
11-Sep-2015 |
claudio |
in6_embedscope() needs to lose some weight. Remove the last argument. In all but two calls NULL is passed and in the other 2 cases the ifp is only used to maybe feed it to in6_selecthlim() to select the hoplimit for the link. Since in6_embedscope() only works on link-local addresses it does not matter what hop limit we select since the destination is directly reachable. OK florian@ mpi@
|
#
1.84 |
|
10-Sep-2015 |
claudio |
It is time to put inet6 on a diet. Use the flensing knife and cut out the 3rd argument of in6_recoverscope() and make it return void. OK dlg@ mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.83 |
|
08-Jun-2015 |
krw |
More damned eye searing whitespace. No change to .o files.
|
#
1.82 |
|
14-Apr-2015 |
mikeb |
ip6_sprintf is long gone; noticed by blambert
|
#
1.81 |
|
10-Apr-2015 |
dlg |
replace the use of ifqueues for most input queues serviced by netisr with niqueues.
this change is so big because there's a lot of code that takes pointers to different input queues (eg, ether_input picks between ipv4, ipv6, pppoe, arp, and mpls input queues) and falls through to code to enqueue packets against the pointer. if i changed only one of the input queues id have to add sepearate code paths, one for ifqueues and one for niqueues in each of these places
by flipping all these input queues at once i can keep the currently common code common.
testing by mpi@ sthen@ and rafael zalamena ok mpi@ sthen@ claudio@ henning@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.80 |
|
09-Feb-2015 |
claudio |
Implement 2 sysctl to retrieve the multicast forwarding cache (mf6c) and the multicast interface table (mif6). Will be used by netstat soon. Looked over by guenther@
|
#
1.79 |
|
09-Feb-2015 |
dlg |
provide a net.inet6.ip6.ifq sysctl so people can see and fiddle with the ip6intrq.
ok claudio@
|
#
1.78 |
|
10-Jan-2015 |
mpi |
Correct some comments and merge in6_if_up() into in6_ifattach() to reflect that IPv6 link-local addresses are no longer automagically configured the first time an interface is brought up.
ok henning@, stsp@
|
#
1.77 |
|
05-Dec-2014 |
mpi |
Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.
ok mikeb@, krw@, bluhm@, tedu@
|
#
1.76 |
|
20-Nov-2014 |
mpi |
What have no need for a variable that holds the maximum MTU size of interfaces with an IPv6 address.
ok henning@, mikeb@, deraadt@
|
#
1.75 |
|
31-Aug-2014 |
bluhm |
Make the in6addr constant declarations and definitions consistent in kernel and user land. OK florian@ mpi@
|
#
1.74 |
|
26-Aug-2014 |
florian |
Do not hand-roll all routers link local address. pointed out & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.73 |
|
11-Jul-2014 |
henning |
introduce the IFXF_AUTOCONF6 interface flag which controls wether we accept rtadvs on that interface. the global net.inet6.ip6.accept_rtadv sysctl just doesn't cut it, even tho the spec wants that - but in their little absurd world, a host just has one interface by definition anyway... the sysctlgoes away. lots of head scratching, brain cell elemination etc from bluhm benno stsp florian, excitement from simon and todd, ok bluhm stsp benno florian
|
#
1.72 |
|
13-Jun-2014 |
chrisz |
Remove deprecated RFC2292 ancillary data convenience functions. They are obsoleted by the RFC3542 api.
ok mpi@
|
#
1.71 |
|
20-Apr-2014 |
naddy |
move in6_cksum_phdr from in6.h to ip6_output.c to mirror in_cksum_phdr ok henning@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.70 |
|
22-Jan-2014 |
naddy |
Split the checksum calculation for IPv6 like for IPv4: Always calculate the pseudo-header checksum. Complete the checksum if hardware offload is not available.
Parts originally from NetBSD; ok henning@
|
#
1.69 |
|
28-Oct-2013 |
deraadt |
kill kame version symbols and sysctl ports tree grep run by sthen
|
#
1.68 |
|
24-Oct-2013 |
mpi |
Remove the number of in6_var.h inclusions by moving some functions and global variables to in6.h.
ok deraadt@
|
#
1.67 |
|
24-Oct-2013 |
deraadt |
Significant namespace cleanup of netinet6 symbols.
One worrying bit is in icmp6.h where some htols() and htonl() are added, which may affect compatibility down the line. This component can be reverted if issues show up. Ports tree greps indicate no issue.
ok claudio mpi etc
|
#
1.66 |
|
21-Oct-2013 |
deraadt |
There are gasps of shock! Add a pmtu delay sysctl BUTTON for netinet6, making the code the same as netinet4 along the way. ok bluhm phessler
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.65 |
|
26-Jun-2013 |
henning |
put the cksum diff back, of course with the bug fixed where we could under some circumstances repair broken checksums on the way. ok ryan naddy mikeb . redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers.
|
#
1.64 |
|
28-Mar-2013 |
bluhm |
Convert the satosin, sintosa, ifatoia, satosin6, sin6tosa, ifatoia6 defines into static inline functions. This allows the compiler to check the source type before casting. liked by many; OK mpi@ haesbaert@
|
#
1.63 |
|
14-Mar-2013 |
mpi |
My lack of faith... These lines should stay, reported by ajacoutot@.
ok sthen@
|
#
1.62 |
|
14-Mar-2013 |
mpi |
tedu faith(4), suggested by todd@ some weeks ago after a submission by dhill.
ok krw@, mikeb@, tedu@ (implicit)
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.61 |
|
06-Nov-2012 |
henning |
backout csum diff for the moment, requested by theo
|
#
1.60 |
|
01-Nov-2012 |
henning |
redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers. ok camield sthen claudio, testing by many, thanks!
|
#
1.59 |
|
17-Sep-2012 |
yasuoka |
add IPV6_RECVDSTPORT socket option, which enables us to get original (= before divert) destination port of a UDP packet. The way to use this option is same as IP_RECVDSTPORT.
from UMEZAWA Takeshi tweaks from jmc; ok henning bluhm
|
#
1.58 |
|
15-Sep-2012 |
guenther |
Improve POSIX/SUS compliance of <netdb.h>, <sys/socket.h>, and <sys/un.h>.
Much ports testing of various versions by naddy@ and jasper@ ok matthew@, miller@
|
Revision tags: OPENBSD_5_2_BASE
|
#
1.57 |
|
10-Jul-2012 |
guenther |
Instead of <arpa/inet.h> pulling in <netinet/in.h>, just copy in the three things that it needed from there: INET_ADDRSTRLEN, INET6_ADDRSTRLEN, and struct in_addr. Add protecting #ifndefs to netinet6?/in6?.h for those.
ok deraadt@
|
#
1.56 |
|
26-Jun-2012 |
guenther |
Improve compliance for <arpa/inet.h> and <netinet/in.h> to define/declare all the symbols that POSIX says they must and fewer that they can't and, most importantly, to not require a specific ordering of headers.
ports testing by naddy@ ok millert@ deraadt@
|
Revision tags: OPENBSD_5_1_BASE
|
#
1.55 |
|
24-Nov-2011 |
sperreault |
rdomain support for IPv6 ok mikeb
|
#
1.54 |
|
13-Oct-2011 |
claudio |
Since the IPv6 madness is not enough introduce NAT64 -- which is actually "af-to" a generic IP version translator for pf(4). Not everything perfect yet but lets fix these things in the tree. Insane amount of work done by sperreault@, mikeb@ and reyk@. Looked over by mcbride@ henning@ and myself at eurobsdcon. OK mcbride@ and general put it in from deraadt@
|
Revision tags: OPENBSD_5_0_BASE
|
#
1.53 |
|
02-May-2011 |
mikeb |
recognize SO_RTABLE socket option at the SOL_SOCKET level; discussed with and ok claudio
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.52 |
|
23-Sep-2010 |
yasuoka |
add a new IP level socket option IP_PIPEX. This option is used for L2TP support by pipex. OK henning@, "Carry on" blambert@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.51 |
|
08-Jul-2010 |
jsg |
remove some unused netinet6 code ok stsp@ henning@ claudio@
|
#
1.50 |
|
07-May-2010 |
claudio |
Start cleaning up the mess called rtalloc*. Kill rtalloc2, make rtalloc1 accept flags for report and nocloning. Move the rtableid into struct route (with a minor twist for now) and make a few more codepathes rdomain aware. Appart from the pf.c and route.c bits the diff is mostly mechanical. More to come... OK michele, henning
|
#
1.49 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.48 |
|
05-Nov-2009 |
michele |
IPv6 support for divert sockets.
tested by phessler@ pyr@ ok claudio@ "go ahead" deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.47 |
|
25-Nov-2008 |
markus |
delay /etc/netstart until IPv6-DAD (dup-address-detection) is completed. ok fries, hshoexer, claudio
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.46 |
|
11-Jun-2008 |
mcbride |
From KAME, allow adjustable limits on NDP entries and discovered routes.
ok mpf naddy
|
#
1.45 |
|
09-Mar-2008 |
sobrado |
use the right capitalization for platform names
ok jsing@
|
Revision tags: OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.44 |
|
22-Jan-2007 |
miod |
Fix KAME cvsweb urls
|
#
1.43 |
|
09-Dec-2006 |
itojun |
switch IPv6 advanced API from RFC2292 to RFC3542 (2292 is superseded by 3542). the kernel still handles RFC2292 set/getsockopts, so that compiled binary has no trouble running. userland sees RFC3542 symbols only on header file so new code has to use RFC3542 API.
bump libc shlib minor for function additions.
tested on i386/amd64 by jmc, i386 by brad. checked by deraadt.
|
#
1.42 |
|
21-Nov-2006 |
itojun |
introduce sysctl net.inet6.ip6.multicast_mtudisc (for multicast routers). deraadt ok. manpage nit by jmc.
|
#
1.41 |
|
17-Nov-2006 |
itojun |
move comment to a line where it makes more sense
|
#
1.40 |
|
17-Nov-2006 |
itojun |
change semantics of ff01::/16 to interface local multicast (to sync up with more recent IPv6 spec)
ok from: deraadt mcbride
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.39 |
|
18-Jun-2006 |
pascoe |
Add support for equal-cost multipath IP.
To minimise path disruptions, this implements recommendations made in RFC2992 - the hash-threshold mechanism to select paths based on source/destination IP address pairs, and inserts multipath routes in the middle of the route table.
To enable multipath distribution, use: sysctl net.inet.ip.multipath=1 and/or: sysctl net.inet6.ip6.multipath=1
testing norby@ ok claudio@ henning@ hshoexer@
|
#
1.38 |
|
27-May-2006 |
claudio |
Do the same thing as for IPv4. Use a sysctl to enable/disable mfrowarding and additionaly make the code part of the MROUTING option. Put it in deraadt@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.37 |
|
13-Dec-2005 |
millert |
First step in include files overhaul. Use __FOO_VISIBLE (as defined in sys/cdefs.h) instead of _FOO_SOURCE. Also fix several namespace pollution issues, including the byte order defines. OK deraadt@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.36 |
|
21-Jun-2004 |
tholo |
First step towards more sane time handling in the kernel -- this changes things such that code that only need a second-resolution uptime or wall time, and used to get that from time.tv_secs or mono_time.tv_secs now get this from separate time_t globals time_second and time_uptime.
ok art@ niklas@ nordin@
|
Revision tags: SMP_SYNC_A
|
#
1.35 |
|
12-Jun-2004 |
itojun |
support IPV6_USE_MIN_MTU, to make BIND9 better. (sorry about the mess yesterday)
|
#
1.34 |
|
11-Jun-2004 |
deraadt |
back out tree breakage. Like, come on
|
#
1.33 |
|
11-Jun-2004 |
itojun |
support IPV6_USE_MIN_MTU, which is needed to run BIND9 well. from kame markus ok
|
Revision tags: OPENBSD_3_5_BASE SMP_SYNC_B
|
#
1.32 |
|
15-Feb-2004 |
markus |
switch to sysctl_int_arr(); ok itojun, henning, miod, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.31 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_A UBC_SYNC_B
|
#
1.30 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.29 |
|
07-Jun-2002 |
itojun |
mistake in sysctl table
|
#
1.28 |
|
07-Jun-2002 |
itojun |
just for consistency/compatibility, have net.inet6.ip6.v6only sysctl MIB, as well as set/getsockopt(IPV6_V6ONLY).
|
#
1.27 |
|
28-May-2002 |
itojun |
limit number of IPv6 fragments (not the fragment queue size) to fight against lots-of-frags DoS attacks. sync w/kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.26 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.25 |
|
07-Dec-2001 |
itojun |
branches: 1.25.2; whitespace/comment sync with kame
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.24 |
|
19-Sep-2001 |
itojun |
comment; sockopt # 57-59 are also reserved
|
#
1.23 |
|
22-Aug-2001 |
niklas |
Add IPCOMP setsockopt policy controls. While here fix the other policies too
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.22 |
|
30-Mar-2001 |
itojun |
fix constness of IN6_{IS,ARE}_xx macros to conform to RFC2553. sync with kame.
|
#
1.21 |
|
02-Mar-2001 |
itojun |
remove date string from KAME version identification, it is getting meaningless as we merge random items daily. have comment that refers to kame COVERAGE document. sync with kame
|
#
1.20 |
|
16-Feb-2001 |
itojun |
get rid of #ifdef IPV6FIREWALL (never used, will never be used)
|
#
1.19 |
|
16-Feb-2001 |
itojun |
pull in new pcb notification code from kame. better handling of scope address.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.18 |
|
17-Oct-2000 |
itojun |
use __P() in prototype for non-ansi compilers. From: Michael Shalayeff <mickey@lucifier.remote.dti.net>
|
#
1.17 |
|
27-Aug-2000 |
itojun |
move IPv6 IPsec sysctl # downward, to avoid number conflict in *BSD. angelos ok
|
#
1.16 |
|
16-Jul-2000 |
itojun |
don't pull sys/queue.h in. sync better with kame.
|
#
1.15 |
|
25-Jun-2000 |
aaron |
Fix typo; ds@ds.primasoft.bg
|
#
1.14 |
|
18-Jun-2000 |
itojun |
allow IPsec-related get/setsockopt on IPv6 socket. due to number conflict they must be IPV6_xx instead of IP_xx.
actually, since in_ctloutput() does not check address family of inpcb, getsockopt(IPPROTO_IP, IP_xx) may work - never tested this.
|
#
1.13 |
|
25-May-2000 |
itojun |
net.inet.ip.gif_ttl (and IPv6 counterpart) is never used. enforce type checking on IN6_ARE_ADDR_EQUAL.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.12 |
|
28-Feb-2000 |
itojun |
bring in recent KAME changes (only important and stable ones, as usual). - remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works just like "arp -s". - revise source address selection. be more careful about use of yet-to-be-valid addresses as source. - as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope packet forwarding attempt. - path MTU discovery takes care of routing header properly. - be more strict about mbuf chain parsing. - nuke xxCTL_VARS #define, they are for BSDI. - disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit IPv6 model where multiple address on interface is normal. (kernel side supports them for a while for backward compat, the support will be nuked shortly) - introduce "default outgoing interface" (for spec conformance in very rare case)
|
#
1.11 |
|
19-Feb-2000 |
deraadt |
use more modern types
|
Revision tags: SMP_BASE
|
#
1.10 |
|
09-Feb-2000 |
itojun |
branches: 1.10.2; improve RFC2553/2292 conformance. netinet6/{ip6,icmp6,in6}.h should not be included. neitnet6/{ip6,icmp6}.h includes #error statements only - i'll remove them couple of days later.
|
#
1.9 |
|
10-Dec-1999 |
angelos |
Add RCS tags, remove unused header files and code, remove a few unnecessary ifdefs...
|
Revision tags: kame_19991208
|
#
1.8 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
Revision tags: OPENBSD_2_5_BASE OPENBSD_2_6_BASE
|
#
1.7 |
|
24-Mar-1999 |
cmetz |
Replace 'in6a_words' (old NRL convention) with 's6_addr32' (new BSDI et al. convention that is more common and more specific as to the access size)
|
#
1.6 |
|
09-Mar-1999 |
cmetz |
Demangled the INET6 stuff so as not to require any extra options and not to be mutually exclusive with the IPSEC option.
|
#
1.5 |
|
24-Feb-1999 |
cmetz |
Synchronized changes needed to integrate into OpenBSD with the NRL source tree so we can have a unified netinet6 directory.
|
#
1.4 |
|
11-Jan-1999 |
deraadt |
_KERNEL, and other cleanup
|
#
1.3 |
|
10-Jan-1999 |
deraadt |
merge INPROTO_* tables
|
#
1.2 |
|
08-Jan-1999 |
deraadt |
use _KERNEL, add ipv6intrq decl
|
#
1.1 |
|
07-Jan-1999 |
deraadt |
missed file
|
#
1.100 |
|
20-Nov-2017 |
mpi |
Sprinkle some NET_ASSERT_LOCKED(), const and co to prepare running pr_input handlers without KERNEL_LOCK().
ok visa@
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.99 |
|
01-Sep-2017 |
florian |
Use in6_get_rand_ifid() instead of get_last_resort_ifid() and delete the get_last_resort_ifid() function because eww. Also if your system is so constraint that you end up in in6_get_rand_ifid() you don't deserve a random ifid that stays stable over reboots. Simplify code a bit since get_ifid() can no longer fail. It couldn't fail before either because that code path was #if 0'ed. While here sprinkle in some in6_ prefixes, pointed out by stsp. OK stsp
|
#
1.98 |
|
11-Aug-2017 |
bluhm |
Validate sockaddr from userland in central functions. This results in common checks for unix, inet, inet6 instead of partial checks here and there. Some checks are already done at a higher layer, but better be paranoid with user input. OK claudio@ millert@
|
#
1.97 |
|
13-Jul-2017 |
florian |
Get rid of ip6.maxifprefixes and ip6.maxifdefrouters, the kernel no longer tracks prefixes or default routers from router advertisements. Pointed out by jmc. ports tree grepping sthen, who only found nsh OK mpi, sthen
|
#
1.96 |
|
30-May-2017 |
mpi |
Keep ipv6_input() definition inside _KERNEL.
Unbreak userland, found the hardway by deraadt@
|
#
1.95 |
|
30-May-2017 |
mpi |
Introduce ipv{4,6}_input(), two wrappers around IP queues.
This will help transitionning to an un-KERNEL_LOCK()ed IP forwarding path.
Disucssed with bluhm@, ok claudio@
|
#
1.94 |
|
04-May-2017 |
bluhm |
Introduce sstosa() for converting sockaddr_storage with a type safe inline function instead of casting it to sockaddr. While there, use inline instead of __inline for all these conversions. Some struct sockaddr casts can be avoided completely. OK dhill@ mpi@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.93 |
|
22-Feb-2017 |
renato |
Fix comments about a few ipv6 sockoptions
OK millert@ florian@
|
#
1.92 |
|
22-Dec-2016 |
rzalamena |
Remove PIM support from the multicast stack.
ok mpi@
|
#
1.91 |
|
03-Oct-2016 |
mpi |
Convert some of the remaining usages of time_second to time_uptime.
time_second is unix time so it can be affected by clock changes. time_uptime is monotonic so it isnt affected by clock changes. that in turn means route expiries wont jump with clock changes if set against time_uptime.
the expiry is translated into unix time for export to userland though.
Should fix mismatch between route timers that were already converted and ND default routers that were still using time_second.
Tested by matthieu@ and sthen@
ok sthen@, dlg@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.90 |
|
27-Jun-2016 |
jca |
Implement IPV6_MINHOPCOUNT support.
Useful to implement GTSM support in daemons such as bgpd(8). Diff from 2013 revived by renato@. Input from bluhm@, ok bluhm@ deraadt@
|
#
1.89 |
|
01-Jun-2016 |
jca |
Kill sysctl net.inet6.ip6.rr_prune
We don't support Router Renumbering and there are no plans to change that. ok mpi@
|
#
1.88 |
|
19-May-2016 |
jca |
Remove sysctl net.inet6.ip6.v6only
This sysctl is a no-op, read-only since it was introduced. There are no plans to support IPv4-mapped addresses on OpenBSD, thus this sysctl is meaningless.
Noticed by djm@, ok claudio@ mpi@ sthen@ henning@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.87 |
|
03-Dec-2015 |
tedu |
rm unused kernel only IPV6_RECVRTHDRDSTOPTS sockopt. ok deraadt sthen
|
#
1.86 |
|
29-Oct-2015 |
tedu |
RFC 2292 API support was removed 9 years ago, but left in a binary compat ABI form for the sake of existing programs. no programs from that era have been able to run for quite some time. Kill it all. ok deraadt florian millert mpi (I believe this is my first IPv6 diff. Future, here I come!)
|
#
1.85 |
|
11-Sep-2015 |
claudio |
in6_embedscope() needs to lose some weight. Remove the last argument. In all but two calls NULL is passed and in the other 2 cases the ifp is only used to maybe feed it to in6_selecthlim() to select the hoplimit for the link. Since in6_embedscope() only works on link-local addresses it does not matter what hop limit we select since the destination is directly reachable. OK florian@ mpi@
|
#
1.84 |
|
10-Sep-2015 |
claudio |
It is time to put inet6 on a diet. Use the flensing knife and cut out the 3rd argument of in6_recoverscope() and make it return void. OK dlg@ mikeb@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.83 |
|
08-Jun-2015 |
krw |
More damned eye searing whitespace. No change to .o files.
|
#
1.82 |
|
14-Apr-2015 |
mikeb |
ip6_sprintf is long gone; noticed by blambert
|
#
1.81 |
|
10-Apr-2015 |
dlg |
replace the use of ifqueues for most input queues serviced by netisr with niqueues.
this change is so big because there's a lot of code that takes pointers to different input queues (eg, ether_input picks between ipv4, ipv6, pppoe, arp, and mpls input queues) and falls through to code to enqueue packets against the pointer. if i changed only one of the input queues id have to add sepearate code paths, one for ifqueues and one for niqueues in each of these places
by flipping all these input queues at once i can keep the currently common code common.
testing by mpi@ sthen@ and rafael zalamena ok mpi@ sthen@ claudio@ henning@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.80 |
|
09-Feb-2015 |
claudio |
Implement 2 sysctl to retrieve the multicast forwarding cache (mf6c) and the multicast interface table (mif6). Will be used by netstat soon. Looked over by guenther@
|
#
1.79 |
|
09-Feb-2015 |
dlg |
provide a net.inet6.ip6.ifq sysctl so people can see and fiddle with the ip6intrq.
ok claudio@
|
#
1.78 |
|
10-Jan-2015 |
mpi |
Correct some comments and merge in6_if_up() into in6_ifattach() to reflect that IPv6 link-local addresses are no longer automagically configured the first time an interface is brought up.
ok henning@, stsp@
|
#
1.77 |
|
05-Dec-2014 |
mpi |
Explicitly include <net/if_var.h> instead of pulling it in <net/if.h>.
ok mikeb@, krw@, bluhm@, tedu@
|
#
1.76 |
|
20-Nov-2014 |
mpi |
What have no need for a variable that holds the maximum MTU size of interfaces with an IPv6 address.
ok henning@, mikeb@, deraadt@
|
#
1.75 |
|
31-Aug-2014 |
bluhm |
Make the in6addr constant declarations and definitions consistent in kernel and user land. OK florian@ mpi@
|
#
1.74 |
|
26-Aug-2014 |
florian |
Do not hand-roll all routers link local address. pointed out & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.73 |
|
11-Jul-2014 |
henning |
introduce the IFXF_AUTOCONF6 interface flag which controls wether we accept rtadvs on that interface. the global net.inet6.ip6.accept_rtadv sysctl just doesn't cut it, even tho the spec wants that - but in their little absurd world, a host just has one interface by definition anyway... the sysctlgoes away. lots of head scratching, brain cell elemination etc from bluhm benno stsp florian, excitement from simon and todd, ok bluhm stsp benno florian
|
#
1.72 |
|
13-Jun-2014 |
chrisz |
Remove deprecated RFC2292 ancillary data convenience functions. They are obsoleted by the RFC3542 api.
ok mpi@
|
#
1.71 |
|
20-Apr-2014 |
naddy |
move in6_cksum_phdr from in6.h to ip6_output.c to mirror in_cksum_phdr ok henning@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.70 |
|
22-Jan-2014 |
naddy |
Split the checksum calculation for IPv6 like for IPv4: Always calculate the pseudo-header checksum. Complete the checksum if hardware offload is not available.
Parts originally from NetBSD; ok henning@
|
#
1.69 |
|
28-Oct-2013 |
deraadt |
kill kame version symbols and sysctl ports tree grep run by sthen
|
#
1.68 |
|
24-Oct-2013 |
mpi |
Remove the number of in6_var.h inclusions by moving some functions and global variables to in6.h.
ok deraadt@
|
#
1.67 |
|
24-Oct-2013 |
deraadt |
Significant namespace cleanup of netinet6 symbols.
One worrying bit is in icmp6.h where some htols() and htonl() are added, which may affect compatibility down the line. This component can be reverted if issues show up. Ports tree greps indicate no issue.
ok claudio mpi etc
|
#
1.66 |
|
21-Oct-2013 |
deraadt |
There are gasps of shock! Add a pmtu delay sysctl BUTTON for netinet6, making the code the same as netinet4 along the way. ok bluhm phessler
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.65 |
|
26-Jun-2013 |
henning |
put the cksum diff back, of course with the bug fixed where we could under some circumstances repair broken checksums on the way. ok ryan naddy mikeb . redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers.
|
#
1.64 |
|
28-Mar-2013 |
bluhm |
Convert the satosin, sintosa, ifatoia, satosin6, sin6tosa, ifatoia6 defines into static inline functions. This allows the compiler to check the source type before casting. liked by many; OK mpi@ haesbaert@
|
#
1.63 |
|
14-Mar-2013 |
mpi |
My lack of faith... These lines should stay, reported by ajacoutot@.
ok sthen@
|
#
1.62 |
|
14-Mar-2013 |
mpi |
tedu faith(4), suggested by todd@ some weeks ago after a submission by dhill.
ok krw@, mikeb@, tedu@ (implicit)
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.61 |
|
06-Nov-2012 |
henning |
backout csum diff for the moment, requested by theo
|
#
1.60 |
|
01-Nov-2012 |
henning |
redo most of the protocol (tcp/udp/...) checksum handling -assume we have hardware checksum offloading. stop mucking with the checksum in most of the stack -stop checksum mucking in pf, just set a "needs checksumming" flag if needed -in all output pathes, very late, if we figure out the outbound interface doesn't have hw cksum offloading, do the cksum in software. this especially makes the bridge path behave like a regular output path -little special casing for bridge still required until the broadcast path loses its disgusting shortcut hacks, but at least it's in one place now and not all over the stack in6_proto_cksum_out mostly written by krw@ started at k2k11 in iceland more than 1.5 years ago - yes it took that long, this stuff is everything but easy. this happens to fix the infamous pf rdr bug that made us turn off proto cksum offloading on almost all interface drivers. ok camield sthen claudio, testing by many, thanks!
|
#
1.59 |
|
17-Sep-2012 |
yasuoka |
add IPV6_RECVDSTPORT socket option, which enables us to get original (= before divert) destination port of a UDP packet. The way to use this option is same as IP_RECVDSTPORT.
from UMEZAWA Takeshi tweaks from jmc; ok henning bluhm
|
#
1.58 |
|
15-Sep-2012 |
guenther |
Improve POSIX/SUS compliance of <netdb.h>, <sys/socket.h>, and <sys/un.h>.
Much ports testing of various versions by naddy@ and jasper@ ok matthew@, miller@
|
Revision tags: OPENBSD_5_2_BASE
|
#
1.57 |
|
10-Jul-2012 |
guenther |
Instead of <arpa/inet.h> pulling in <netinet/in.h>, just copy in the three things that it needed from there: INET_ADDRSTRLEN, INET6_ADDRSTRLEN, and struct in_addr. Add protecting #ifndefs to netinet6?/in6?.h for those.
ok deraadt@
|
#
1.56 |
|
26-Jun-2012 |
guenther |
Improve compliance for <arpa/inet.h> and <netinet/in.h> to define/declare all the symbols that POSIX says they must and fewer that they can't and, most importantly, to not require a specific ordering of headers.
ports testing by naddy@ ok millert@ deraadt@
|
Revision tags: OPENBSD_5_1_BASE
|
#
1.55 |
|
24-Nov-2011 |
sperreault |
rdomain support for IPv6 ok mikeb
|
#
1.54 |
|
13-Oct-2011 |
claudio |
Since the IPv6 madness is not enough introduce NAT64 -- which is actually "af-to" a generic IP version translator for pf(4). Not everything perfect yet but lets fix these things in the tree. Insane amount of work done by sperreault@, mikeb@ and reyk@. Looked over by mcbride@ henning@ and myself at eurobsdcon. OK mcbride@ and general put it in from deraadt@
|
Revision tags: OPENBSD_5_0_BASE
|
#
1.53 |
|
02-May-2011 |
mikeb |
recognize SO_RTABLE socket option at the SOL_SOCKET level; discussed with and ok claudio
|
Revision tags: OPENBSD_4_9_BASE
|
#
1.52 |
|
23-Sep-2010 |
yasuoka |
add a new IP level socket option IP_PIPEX. This option is used for L2TP support by pipex. OK henning@, "Carry on" blambert@
|
Revision tags: OPENBSD_4_8_BASE
|
#
1.51 |
|
08-Jul-2010 |
jsg |
remove some unused netinet6 code ok stsp@ henning@ claudio@
|
#
1.50 |
|
07-May-2010 |
claudio |
Start cleaning up the mess called rtalloc*. Kill rtalloc2, make rtalloc1 accept flags for report and nocloning. Move the rtableid into struct route (with a minor twist for now) and make a few more codepathes rdomain aware. Appart from the pf.c and route.c bits the diff is mostly mechanical. More to come... OK michele, henning
|
#
1.49 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.48 |
|
05-Nov-2009 |
michele |
IPv6 support for divert sockets.
tested by phessler@ pyr@ ok claudio@ "go ahead" deraadt@
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.47 |
|
25-Nov-2008 |
markus |
delay /etc/netstart until IPv6-DAD (dup-address-detection) is completed. ok fries, hshoexer, claudio
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.46 |
|
11-Jun-2008 |
mcbride |
From KAME, allow adjustable limits on NDP entries and discovered routes.
ok mpf naddy
|
#
1.45 |
|
09-Mar-2008 |
sobrado |
use the right capitalization for platform names
ok jsing@
|
Revision tags: OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.44 |
|
22-Jan-2007 |
miod |
Fix KAME cvsweb urls
|
#
1.43 |
|
09-Dec-2006 |
itojun |
switch IPv6 advanced API from RFC2292 to RFC3542 (2292 is superseded by 3542). the kernel still handles RFC2292 set/getsockopts, so that compiled binary has no trouble running. userland sees RFC3542 symbols only on header file so new code has to use RFC3542 API.
bump libc shlib minor for function additions.
tested on i386/amd64 by jmc, i386 by brad. checked by deraadt.
|
#
1.42 |
|
21-Nov-2006 |
itojun |
introduce sysctl net.inet6.ip6.multicast_mtudisc (for multicast routers). deraadt ok. manpage nit by jmc.
|
#
1.41 |
|
17-Nov-2006 |
itojun |
move comment to a line where it makes more sense
|
#
1.40 |
|
17-Nov-2006 |
itojun |
change semantics of ff01::/16 to interface local multicast (to sync up with more recent IPv6 spec)
ok from: deraadt mcbride
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.39 |
|
18-Jun-2006 |
pascoe |
Add support for equal-cost multipath IP.
To minimise path disruptions, this implements recommendations made in RFC2992 - the hash-threshold mechanism to select paths based on source/destination IP address pairs, and inserts multipath routes in the middle of the route table.
To enable multipath distribution, use: sysctl net.inet.ip.multipath=1 and/or: sysctl net.inet6.ip6.multipath=1
testing norby@ ok claudio@ henning@ hshoexer@
|
#
1.38 |
|
27-May-2006 |
claudio |
Do the same thing as for IPv4. Use a sysctl to enable/disable mfrowarding and additionaly make the code part of the MROUTING option. Put it in deraadt@
|
Revision tags: OPENBSD_3_9_BASE
|
#
1.37 |
|
13-Dec-2005 |
millert |
First step in include files overhaul. Use __FOO_VISIBLE (as defined in sys/cdefs.h) instead of _FOO_SOURCE. Also fix several namespace pollution issues, including the byte order defines. OK deraadt@
|
Revision tags: OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE
|
#
1.36 |
|
21-Jun-2004 |
tholo |
First step towards more sane time handling in the kernel -- this changes things such that code that only need a second-resolution uptime or wall time, and used to get that from time.tv_secs or mono_time.tv_secs now get this from separate time_t globals time_second and time_uptime.
ok art@ niklas@ nordin@
|
Revision tags: SMP_SYNC_A
|
#
1.35 |
|
12-Jun-2004 |
itojun |
support IPV6_USE_MIN_MTU, to make BIND9 better. (sorry about the mess yesterday)
|
#
1.34 |
|
11-Jun-2004 |
deraadt |
back out tree breakage. Like, come on
|
#
1.33 |
|
11-Jun-2004 |
itojun |
support IPV6_USE_MIN_MTU, which is needed to run BIND9 well. from kame markus ok
|
Revision tags: OPENBSD_3_5_BASE SMP_SYNC_B
|
#
1.32 |
|
15-Feb-2004 |
markus |
switch to sysctl_int_arr(); ok itojun, henning, miod, deraadt
|
Revision tags: OPENBSD_3_4_BASE
|
#
1.31 |
|
02-Jun-2003 |
millert |
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_A UBC_SYNC_B
|
#
1.30 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.29 |
|
07-Jun-2002 |
itojun |
mistake in sysctl table
|
#
1.28 |
|
07-Jun-2002 |
itojun |
just for consistency/compatibility, have net.inet6.ip6.v6only sysctl MIB, as well as set/getsockopt(IPV6_V6ONLY).
|
#
1.27 |
|
28-May-2002 |
itojun |
limit number of IPv6 fragments (not the fragment queue size) to fight against lots-of-frags DoS attacks. sync w/kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.26 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.25 |
|
07-Dec-2001 |
itojun |
branches: 1.25.2; whitespace/comment sync with kame
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.24 |
|
19-Sep-2001 |
itojun |
comment; sockopt # 57-59 are also reserved
|
#
1.23 |
|
22-Aug-2001 |
niklas |
Add IPCOMP setsockopt policy controls. While here fix the other policies too
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.22 |
|
30-Mar-2001 |
itojun |
fix constness of IN6_{IS,ARE}_xx macros to conform to RFC2553. sync with kame.
|
#
1.21 |
|
02-Mar-2001 |
itojun |
remove date string from KAME version identification, it is getting meaningless as we merge random items daily. have comment that refers to kame COVERAGE document. sync with kame
|
#
1.20 |
|
16-Feb-2001 |
itojun |
get rid of #ifdef IPV6FIREWALL (never used, will never be used)
|
#
1.19 |
|
16-Feb-2001 |
itojun |
pull in new pcb notification code from kame. better handling of scope address.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.18 |
|
17-Oct-2000 |
itojun |
use __P() in prototype for non-ansi compilers. From: Michael Shalayeff <mickey@lucifier.remote.dti.net>
|
#
1.17 |
|
27-Aug-2000 |
itojun |
move IPv6 IPsec sysctl # downward, to avoid number conflict in *BSD. angelos ok
|
#
1.16 |
|
16-Jul-2000 |
itojun |
don't pull sys/queue.h in. sync better with kame.
|
#
1.15 |
|
25-Jun-2000 |
aaron |
Fix typo; ds@ds.primasoft.bg
|
#
1.14 |
|
18-Jun-2000 |
itojun |
allow IPsec-related get/setsockopt on IPv6 socket. due to number conflict they must be IPV6_xx instead of IP_xx.
actually, since in_ctloutput() does not check address family of inpcb, getsockopt(IPPROTO_IP, IP_xx) may work - never tested this.
|
#
1.13 |
|
25-May-2000 |
itojun |
net.inet.ip.gif_ttl (and IPv6 counterpart) is never used. enforce type checking on IN6_ARE_ADDR_EQUAL.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.12 |
|
28-Feb-2000 |
itojun |
bring in recent KAME changes (only important and stable ones, as usual). - remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works just like "arp -s". - revise source address selection. be more careful about use of yet-to-be-valid addresses as source. - as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope packet forwarding attempt. - path MTU discovery takes care of routing header properly. - be more strict about mbuf chain parsing. - nuke xxCTL_VARS #define, they are for BSDI. - disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit IPv6 model where multiple address on interface is normal. (kernel side supports them for a while for backward compat, the support will be nuked shortly) - introduce "default outgoing interface" (for spec conformance in very rare case)
|
#
1.11 |
|
19-Feb-2000 |
deraadt |
use more modern types
|
Revision tags: SMP_BASE
|
#
1.10 |
|
09-Feb-2000 |
itojun |
branches: 1.10.2; improve RFC2553/2292 conformance. netinet6/{ip6,icmp6,in6}.h should not be included. neitnet6/{ip6,icmp6}.h includes #error statements only - i'll remove them couple of days later.
|
#
1.9 |
|
10-Dec-1999 |
angelos |
Add RCS tags, remove unused header files and code, remove a few unnecessary ifdefs...
|
Revision tags: kame_19991208
|
#
1.8 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
Revision tags: OPENBSD_2_5_BASE OPENBSD_2_6_BASE
|
#
1.7 |
|
24-Mar-1999 |
cmetz |
Replace 'in6a_words' (old NRL convention) with 's6_addr32' (new BSDI et al. convention that is more common and more specific as to the access size)
|
#
1.6 |
|
09-Mar-1999 |
cmetz |
Demangled the INET6 stuff so as not to require any extra options and not to be mutually exclusive with the IPSEC option.
|
#
1.5 |
|
24-Feb-1999 |
cmetz |
Synchronized changes needed to integrate into OpenBSD with the NRL source tree so we can have a unified netinet6 directory.
|
#
1.4 |
|
11-Jan-1999 |
deraadt |
_KERNEL, and other cleanup
|
#
1.3 |
|
10-Jan-1999 |
deraadt |
merge INPROTO_* tables
|
#
1.2 |
|
08-Jan-1999 |
deraadt |
use _KERNEL, add ipv6intrq decl
|
#
1.1 |
|
07-Jan-1999 |
deraadt |
missed file
|