#
1.122 |
|
09-Jul-2023 |
bluhm |
Fix route entry leak.
In in6_ifdetach() two struct rtentry were leaked. This was triggered by regress/sbin/route and detected with btrace(8) refcnt. The reference returned by rtalloc() must be freed with rtfree() in all cases.
OK phessler@ mvs@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.121 |
|
15-Nov-2022 |
claudio |
Not assigning a link local address by default breaks various things. A lot of code depends on a eui64 address to be present. So revert this bit of the last commit. OK florian@
|
#
1.120 |
|
14-Nov-2022 |
claudio |
Relax the list of interfaces which support IPv6 a bit.
No longer require IFF_MULTICAST for all interfaces. It is save to skip this for interfaces that don't require a ND cache. Also do not assign a link-local address in such cases. This affects point-to-point interfaces and the NBMA / point-to-multipoint interfaces like mpe(4), mgre(4) and wg(4). The NBMA interfaces need some alternative way to figure out the address mapping. In the end this allows non-multicast interfaces to work with IPv6. OK dlg@ kn@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.119 |
|
08-Sep-2022 |
kn |
Rename global ifnet TAILQ
Naming the list like the struct itself makes for awful grepping. Call the global variable "ifnetlist" from now on.
There used to be kvm(3) consumers in base picking up this symbol, but those have long been converted to other interfaces.
A few potential ports users remain, same deal as sys/net/if_var.h r1.116 "Remove struct ifnet's unused if_switchport member": they get bumped.
Previous users pointed out by deraadt OK bluhm
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE
|
#
1.118 |
|
15-Mar-2021 |
florian |
Clear AUTOCONF6TEMP flag when we detach inet6.
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.117 |
|
21-Jun-2020 |
dlg |
wireguard can do ipv6, but doesnt do link local addresses.
i feel like i should add IFT_L3IPVLAN here so mgre(4) can take advantage of this too.
from Matt Dunwoodie and Jason A. Donenfeld
ok deraadt@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.116 |
|
17-Mar-2020 |
tobhe |
Use strlcpy instead of strncpy to ensure results are NUL terminated.
ok mpi@
|
#
1.115 |
|
08-Nov-2019 |
dlg |
convert interface address change hooks to tasks and a task_list.
this follows what's been done for detach and link state hooks, and makes handling of hooks generally more robust.
address hooks are a bit different to detach/link state hooks in that there's only a few things that register hooks (carp, pf, vxlan), but a lot of places to run the hooks (lots of ipv4 and ipv6 address configuration).
an address hook cookie was in struct pfi_kif, which is part of the pf abi. rather than break pfctl -sI, this maintains the void * used for the cookie and uses it to store a task, which is then used as intended with the new api.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.114 |
|
21-Aug-2019 |
florian |
Remove support for semantically opace interface identifiers (RFC 7217) for IPv6 link local addresses.
Some hosting and VM providers route customer IPv6 prefixes to link local addresses derived from ethernet MAC addresses (RFC 2464). This leads to hard to debug IPv6 connectivity problems and is probably not worth the effort.
RFC 7721 lists 4 weaknesses:
3.1. Correlation of Activities over Time & 3.2. Location Tracking These are still possible with RFC 7217 addresses for an adversary connected to the same layer 2 network (think conference wifi). Since the link local prefix stays the same (fe80::/64) the link local addresses do not change between different networks. An adversary on the same layer 2 network can probably track ethernet MAC addresses via different means, too.
3.3. Address Scanning & 3.4. Device-Specific Vulnerability Exploitation These now become possible, however, as noted above a layer 2 adversary was probably able to do this via different means.
People concerned with these weaknesses are advised to use ifconfig lladdr random. OK benno input & OK kn
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.113 |
|
13-Feb-2019 |
dlg |
change rt_ifa_add and rt_ifa_del so they take an rdomain argument.
this allows mpls interfaces (mpe, mpw) to pass the rdomain they wish the local label to be in, rather than have it implicitly forced to 0 by these functions. right now they'll pass 0, but it will soon be possible to have them rx packets in other rdomains.
previously the functions used ifp->if_rdomain for the rdomain. everything other than mpls still passes ifp->if_rdomain.
ok mpi@
|
#
1.112 |
|
10-Feb-2019 |
dlg |
remove the implict RTF_MPATH flag that rt_ifa_add() sets on new routes.
MPLS interfaces (ab)use rt_ifa_add for adding the local MPLS label that they listen on for incoming packets, while every other use of rt_ifa_add is for adding addresses on local interfaces. MPLS does this cos the addresses involved are in basically the same shape as ones used for setting up local addresses.
It is appropriate for interfaces to want RTF_MPATH on local addresses, but in the MPLS case it means you can have multiple local things listening on the same label, which doesn't actually work. mpe in particular keeps track of in use labels to it can handle collisions, however, mpw does not. It is currently possible to have multiple mpw interfaces on the same local label, and sharing the same label as mpe or possible normal forwarding labels.
Moving the RTF_MPATH flag out of rt_ifa_add means all the callers that still want it need to pass it themselves. The mpe and mpw callers are left alone without the flag, and will now get EEXIST from rt_ifa_add when a label is already in use.
ok (and a huge amount of patience and help) mpi@ claudio@ is ok with the idea, but saw a much much earlier solution to the problem
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.111 |
|
05-Oct-2018 |
florian |
Do not join node information multicast group (RFC 4620). Benno removed code to answer ICMP queries over 4 years ago. Aham Brahmasmi (aham.brahmasmi AT gmx.com) points out that we still joined the group though.
OK sthen, bluhm, kn
|
#
1.110 |
|
26-Aug-2018 |
mpi |
Do not add ::1 on non-default lo(4) as intended.
Reported by and ok sthen@
|
#
1.109 |
|
10-Jul-2018 |
florian |
When an interface doesn't have a layer 2 address in6_get_soii_ifid() failes and then later on a in in6_get_ifid() a layer 2 address is "borrowed" from from another interface.
Do the "borrowing" in in6_get_soii_ifid(), too so that semantically opaque interface identifiers work for these kind of interfaces, too.
OK phessler, benno
|
#
1.108 |
|
10-Jul-2018 |
florian |
When an interface doesn't have a layer 2 address in6_get_ifid() tries to "borrow" one from another interface. But then it checks if the U bit is set int the generated EUI64 address and rejects it. On the other hand for interfaces that do have a layer 2 address this check is skipped, so relax it for the "borrowing" case, too.
With this one gets stable link local addresses on e.g. gre(4) interfaces on certain virtualisation environments depending which mac addresses get picked for the vio(4) interfaces while previously we would end up with a random IP on every reboot.
Reported by Aaron A. Glenn via phessler.
OK phessler, benno
|
#
1.107 |
|
27-Mar-2018 |
dhill |
Use memcpy instead of bcopy when the memory does not overlap.
OK deraadt@ florian@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.106 |
|
13-Mar-2018 |
florian |
Calculate RFC7217 link-local style addresses the same way as slaacd(8).
RFC 7217 states (section 5, page 9): | The Interface Identifier is finally obtained by taking as many | bits from the RID value (computed in the previous step) as | necessary, starting from the least significant bit.
Problem in slaacd pointed out by semarie@.
OK sthen, phessler
|
#
1.105 |
|
10-Feb-2018 |
florian |
Implement RFC 7217: "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration."
"An IPv6 address configured using this method is stable within each subnet, but the corresponding Interface Identifier changes when the host moves from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware addresses."
OK naddy, sthen
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.104 |
|
01-Sep-2017 |
florian |
Use in6_get_rand_ifid() instead of get_last_resort_ifid() and delete the get_last_resort_ifid() function because eww. Also if your system is so constraint that you end up in in6_get_rand_ifid() you don't deserve a random ifid that stays stable over reboots. Simplify code a bit since get_ifid() can no longer fail. It couldn't fail before either because that code path was #if 0'ed. While here sprinkle in some in6_ prefixes, pointed out by stsp. OK stsp
|
#
1.103 |
|
11-Jul-2017 |
florian |
Purging is at last at hand. Day of Doom is here. All that is evil shall all be cleansed.
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Input & OK bluhm@, mpi@
|
#
1.102 |
|
16-May-2017 |
mpi |
Replace remaining splsoftassert(IPL_SOFTNET) by NET_ASSERT_LOCKED().
ok visa@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.101 |
|
29-Dec-2016 |
mpi |
Get rid of recursive splsoftnet() in in6_ifattach_linklocal().
ok visa@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.100 |
|
30-Jun-2016 |
mpi |
Restore the automagically added /64 route on p2p interfaces in order to send traffic to link-local addresses without default route.
Fix a regression reported by Michael Lechtermann, ok stsp@, sthen@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.99 |
|
02-Dec-2015 |
bluhm |
When destroying an interface, we have to wait until all references are not used anymore. This has to be done before any interface fields become invalid. As the route delete request cannot call if_get() anymore, pass down the interface. Split rtrequest_delete() into a separate function that may take an existing inteface. OK mpi@
|
#
1.98 |
|
24-Oct-2015 |
mpi |
Convert to rt_ifidx.
ok bluhm@
|
#
1.97 |
|
22-Oct-2015 |
bluhm |
Inspired by satosin(), use inline functions to convert sockaddr dl. Instead of casts they check wether the incoming object has the expected type. So introduce satosdl() and sdltosa() in the kernel. OK mpi@
|
#
1.96 |
|
12-Sep-2015 |
mpi |
Now that rtrequest1(9) properly sets RTF_UP for newly added route, stop passing it in every rt_ifa_add(9) calls.
ok claudio@
|
#
1.95 |
|
03-Sep-2015 |
mpi |
Change the order of operations for loopback interfaces to have ::1 configured before fe80::1.
(lo0:0) in pf should resolve to 127.0.0.1 ::1.
reported by and ok mikeb@
|
#
1.94 |
|
31-Aug-2015 |
mpi |
Do not install connected routes on loopback interfaces.
Previously loopback connected routes were managed via the global list of prefixes, which mean that systems with AUTOCONF'd addresses did not see them in the routing table.
This also makes inet6 route creation coherent with inet.
|
#
1.93 |
|
24-Aug-2015 |
mpi |
Start moving away from the global prefix list by limiting its usage to AUTOCONF'd addresses.
This prevent the kernel from removing connected (/64) routes as soon as it configures an AUTOCONF'd address based on a RA.
Tested by sebastia@, ok sthen@
|
#
1.92 |
|
24-Aug-2015 |
mpi |
Rework the code to decide when to perform DAD to no longer rely on the IN6_IFF_NODAD pseudo-flag not being set.
This was just a flag for spaghetti code that should not exist in the first place.
Tested by sebastia@, ok sthen@
|
#
1.91 |
|
17-Aug-2015 |
mpi |
Remove anoying comment about in6_update_ifa().
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.90 |
|
18-Jul-2015 |
mpi |
Merge two identical chunks to add new prefixes to the global data structures into a function.
ok florian@
|
#
1.89 |
|
16-Jul-2015 |
mpi |
Properly layer Router Solicitation code.
Tweak and ok florian@
|
#
1.88 |
|
08-Jun-2015 |
krw |
More damned eye searing whitespace. No change to .o files.
|
#
1.87 |
|
27-Apr-2015 |
mpi |
Do not call nd6_purge() before purging the IPv6 addresses of a detached interface.
Fix a use after free introduced in r1.98 of netinet6/in6.c and recently exposed by a crazy pool/malloc damage finder being currently refined by dlg@ and deraadt@.
ok mikeb@, henning@
|
#
1.86 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.85 |
|
05-Feb-2015 |
mpi |
Convert various rtrequest1(RTM_DELETE,...) calls to rtdeletemsg(9).
This unify some code and notify userland for free.
blambert@ agrees, ok bluhm@
|
#
1.84 |
|
28-Jan-2015 |
mpi |
Revert rtdeletemsg conversion. It was not ok'd, I misunderstood bluhm@'s email.
|
#
1.83 |
|
27-Jan-2015 |
mpi |
Ensure that link-local addresses are correctly configured on loopback interfaces.
When the kernel automagically configures IPv6 addresses on loopback interfaces, start by assigning a link-local address and then try to assign "::1".
Only the first configured loopback interface per rdomain can have the "::1" address. But even if other loopback interfaces failed to get this address, because it is already taken, give them a chance to have a link-local address.
While here change in6_ifattach() to return an error value and remove duplicated code.
Fix a regression introduced by the NOINET6 flag removal.
ok henning@, stsp@, florian@, benno@
|
#
1.82 |
|
26-Jan-2015 |
mpi |
Call rtdeletemsg(9) instead of rerolling its code. As a bonus you'll get userland notification for free.
ok blambert@, bluhm@
|
#
1.81 |
|
10-Jan-2015 |
mpi |
Correct some comments and merge in6_if_up() into in6_ifattach() to reflect that IPv6 link-local addresses are no longer automagically configured the first time an interface is brought up.
ok henning@, stsp@
|
#
1.80 |
|
08-Jan-2015 |
florian |
Clear autoconf6 flag after autoconf6 cleanup happened, not before. Otherwise clean up code will never run. OK mpi@, benno@, henning@
|
#
1.79 |
|
06-Jan-2015 |
stsp |
Remove the NOINET6 interface flag, a left-over from the times when IPv6 was enabled by default. Add AFATTACH/AFDETACH ioctls which enable/disable an address family for an interface (currently used for IPv6 only).
New kernel needs new ifconfig for IPv6 configuration (address assignment still works with old ifconfig making this easy to cross over).
Committing on behalf of henning@ who is currently lebensmittelvergiftet. ok stsp, benno, mpi
|
#
1.78 |
|
04-Dec-2014 |
tedu |
replace md5 with sha512. ok deraadt
|
#
1.77 |
|
20-Nov-2014 |
mpi |
What have no need for a variable that holds the maximum MTU size of interfaces with an IPv6 address.
ok henning@, mikeb@, deraadt@
|
#
1.76 |
|
18-Nov-2014 |
krw |
Nuke yet more obvious #include duplications.
ok miod@
|
#
1.75 |
|
18-Nov-2014 |
tedu |
move arc4random prototype to systm.h. more appropriate for most code to include that than rdnvar.h. ok deraadt dlg
|
#
1.74 |
|
01-Nov-2014 |
mpi |
Rename rtalloc1() into rtalloc(9) and convert its flags to only enable functionnality instead of a mix of enable/disable.
ok bluhm@, jca@
|
#
1.73 |
|
25-Aug-2014 |
florian |
Move sending of router solicitations to the kernel; receiving and processing of router advertisements was already in the kernel. With this rtsol{,d}(8) is no longer necessary.
The kernel starts sending solicitations with # ifconfig $IF inet6 autoconf or inet6 autoconf in /etc/hostname.$IF.
input stsp@ much help & OK mpi@ tweaks & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.72 |
|
01-Jul-2014 |
benno |
When a carp interface is created with IFXF_NOINET6 flag, no link-local address will be created when the vhid (and MAC) is set. Depending on the order of the configuration the interface can end up with a ipv6 address, but no v6 link-local and no working neigbor discovery.
Removing this case statement will result in the link-local address being configured by "ifconfig up" if the inet6 address was configured before. If you are using inet6 on carp, put an "up" at the end of your hostname.if. I will work on a better solution at g2k14.
ok henning, mpi
|
#
1.71 |
|
26-Jun-2014 |
mpi |
Calling in{6,}_purgeaddr() is not enough to remove an address from an interface. Two other operations are performed when issuing a SIOCDIFADDR{_IN6,} ioctl: call the address hook and the per-driver ioctl function.
Since carp(4) relies on an address hook to recalculate its hash, make sure to call this hook when IFXF_NOINET6 is set or when the rdomain is changed.
ok henning@, mikeb@
|
#
1.70 |
|
03-Jun-2014 |
mpi |
Do not include <sys/malloc.h> where it is not needed.
|
#
1.69 |
|
20-May-2014 |
mpi |
Fix eui64 address generation, broken since the removal of the link-layer address from the per-ifp list.
Found the hard way by weerd@, florian@ and stsp@, ok florian@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.68 |
|
21-Jan-2014 |
mpi |
Do not clean the multicast records of an interface when it is destroyed (unplugged). Even if it makes no sense to keep them around if the interface is no more, we cannot safely remove them since pcb multicast options might keep a pointer to them.
Fixes a user after free introduced by the multicast address linking rewrite and reported by Alexey Suslikov, thanks!
ok claudio@
|
#
1.67 |
|
13-Jan-2014 |
bluhm |
Call all local valiables of type struct in6_ifaddr "ia6". This is consistent with struct ifaddr "ifa" and struct in_ifaddr "ia". OK mpi@
|
#
1.66 |
|
07-Jan-2014 |
stsp |
Some follow-up fixes for IFID collision handling in IPv6CP.
Really change the link-local address in the unlikely event of an IFID collision, instead of going into an infinite conf-nak loop with the peer.
To make the netinet6 code use the IPv6CP IFID in a new link-local address, in6_ifattach_linklocal() must accept a provided IFID. Replace the unused 'altifp' parameter with a new 'ifid' parameter for this purpose.
Always use the latest suggested address in IPv6CP replies, even if the task to update the interface's address hasn't run yet. Also, clear the ifindex (KAME hack) in addresses sent during IPv6CP.
ok mpi
|
#
1.65 |
|
06-Jan-2014 |
stsp |
Make in6_ifdetach() remove the ff01::1 route for the detaching interface, too. The route used to linger after an interface detached from IPv6. ok mikeb
|
#
1.64 |
|
28-Nov-2013 |
mpi |
Change the way protocol multicast addresses are linked to an interface.
Instead of linking multicast records to the first configured address of the corresponding protocol, making this address and its position in the global list special, add them to a new list directly linked to the interface descriptor.
This new multicast address list is similar to the address list, all its elements contain a protocol agnostic part. This design allows us to be able to join a multicast group without necessarily having a configured address. That means IPv6 multicast kludges are no longer needed.
Another benefit is to be able to add and remove an IP address from an interface without worrying about multicast records. That means that the global IPv4 list is no longer needed since the first configured address of an interface is no longer special.
This new list might also be extended in the future to contain the link-layer addresses used to configure hardware filters.
Tested by sthen@ and weerd@, ok mikeb@
|
#
1.63 |
|
19-Nov-2013 |
mpi |
Remove some FDDI/ATM leftovers.
ok mikeb@, henning@, deraadt@, brad@, miod@
|
#
1.62 |
|
17-Oct-2013 |
bluhm |
The header file netinet/in_var.h included netinet6/in6_var.h. This created a bunch of useless dependencies. Remove this implicit inclusion and do an explicit #include <netinet6/in6_var.h> when it is needed. OK mpi@ henning@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.61 |
|
31-May-2013 |
bluhm |
Remove a bunch of sockaddr_in6 pointer casts and replace others with sin6tosa() or satosin6() inline functions. This allows the compiler to check the types more strictly. OK mpi@
|
#
1.60 |
|
26-Mar-2013 |
bluhm |
Remove a block of dead code in in6_ifdetach(). It was never executed due to the wrong & in satosin6(&ifa->ifa_addr). The link local prefix fe80 was not checked within the IPv6 address, but within some pointers of the interface address struct. The whole loop around this was also never executed as all IPv6 addresses had already been purged. OK sperreault@ mpi@ mikeb@
|
#
1.59 |
|
25-Mar-2013 |
mpi |
Substitute the handcrafted list of IPv6 addresses by a proper TAILQ.
ok bluhm@, mikeb@
|
#
1.58 |
|
07-Mar-2013 |
mpi |
Remove the IFAFREE() macro, the ifafree() function it was calling already check for the reference counter.
ok mikeb@, miod@, pelikan@, kettenis@, krw@
|
#
1.57 |
|
04-Mar-2013 |
bluhm |
Replace the cast to struct in6_ifaddr pointer with the ifatoia6() macro. No binary change. OK claudio@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.56 |
|
19-Sep-2012 |
bluhm |
Use TAILQ_FOREACH macro for loops. No binary diff. OK henning@
|
#
1.55 |
|
21-Aug-2012 |
bluhm |
Reverse the name and meaning of the IFXF_INET6_PRIVACY interface flag. It is now called IFXF_INET6_NOPRIVACY. So IPv6 privacy addresses are on by default without resetting the flag during ifconfig down/up. OK stsp@, sperreault@ (who wrote the same diff)
|
#
1.54 |
|
15-Aug-2012 |
sperreault |
Enable IPv6 autoconfprivacy by default
diff originally by stsp@ "please commit it" deraadt@ "don't care" stsp@ "don't like" bluhm@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.53 |
|
03-Jan-2012 |
bluhm |
To access the ifaddr of an in_ifaddr or in6_ifaddr struct, it is cleaner to access the first member via ia_ifa instead of casting. No binary change. ok henning@ krw@
|
#
1.52 |
|
24-Nov-2011 |
sperreault |
rdomain support for IPv6 ok mikeb
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.51 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.50 |
|
08-Feb-2010 |
jsing |
More destatic and ansification.
ok claudio@ naddy@
|
#
1.49 |
|
13-Jan-2010 |
henning |
instead of fiddling with the per-interface address lists directly in many places create a proper API (ifa_add / ifa_del) and use it. ok theo ryan dlg
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.48 |
|
30-Jan-2009 |
mcbride |
"XXX: should this be performed under splnet()?"... Yes, yes it should. Interface configuration causes neighbour discoverery, which runs packets through parts of the stack that require at least splsoftnet(), like pf and pfsync.
ok dlg
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.47 |
|
11-Jun-2008 |
mcbride |
ANSIfy to sync with KAME. From Karl Sjodahl <dunceor@gmail.com>.
ok todd deraadt naddy bluhm
|
#
1.46 |
|
11-May-2008 |
claudio |
rtrequest to rtrequest1 conversion in inet6. With that no rtrequest should be left over. OK henning@
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.45 |
|
08-Jun-2007 |
henning |
kill arcnet leftovers, some pt out by Mike Belopuhov <mkb@crypt.org.ru>, some I found afterwards, ok dlg
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.44 |
|
15-Nov-2006 |
itojun |
unifdef -USCOPEDROUTING
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.43 |
|
31-Aug-2006 |
mcbride |
Automatically add a IPv6 link-local address to carp interfaces when the virtual MAC address is set. Among other things, this makes route6d work correctly on systems with carp interfaces.
In order to ensure backwards compatibility, we do not include IPv6 link-local addresses in generating the HMAC, but we accept HMACs with AND without the link-local addresses. They will be added to the HMAC in a future release.
In short: this change should only affect backwards compatibility for IPv6 users who are manually adding link-local addresses on carp interfaces.
testing mtu@ todd@ ok mpf@ henning@ deraadt@
|
#
1.42 |
|
16-Jun-2006 |
henning |
adjust functions dealing with the routing table to take a table ID as parameter so they can work on alternate tables. table 0 hardcoded for many callers yet, that will be adapted step by step. input + ok claudio norby hshoexer
|
#
1.41 |
|
27-May-2006 |
claudio |
Do the same thing as for IPv4. Use a sysctl to enable/disable mfrowarding and additionaly make the code part of the MROUTING option. Put it in deraadt@
|
#
1.40 |
|
05-Mar-2006 |
miod |
Use more queue macros rather than doing it by hand; ok otto@ krw@
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.39 |
|
23-May-2005 |
mpf |
carp needs a multicast kludge storage. Fixes PR 4211. OK mcbride@
|
#
1.38 |
|
21-Apr-2005 |
itojun |
remove (now obsolete) handling of IFT_PROPVIRTUAL/bridge*. tested by camield@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.37 |
|
07-Dec-2004 |
mcbride |
Convert carp(4) to behave more like a regular interface, much in the same style as vlan(4). carp interfaces no longer require the physical interface to be on the same subnet as the carp interface, or even that the physical interface has an adress at all, so CARP can now be used on /30 networks.
ok deraadt@ henning@
|
Revision tags: OPENBSD_3_6_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.36 |
|
07-May-2004 |
millert |
Replace RSA-derived md5 code with code derived from Colin Plumb's PD version. This moves md5.c out of libkern and into sys/crypto where it belongs (as requested by markus@). Note that md5.c is still mandatory (dev/rnd.c uses it). Verified with IPsec + hmac-md5 and tcp md5sig. OK henning@ and hshoexer@
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE
|
#
1.35 |
|
08-Jul-2003 |
itojun |
on interface removal, clear multicast forwarding stuff. from kame
|
#
1.34 |
|
28-Jun-2003 |
itojun |
i don't think pfsync needs a link-local addr.
|
Revision tags: UBC_SYNC_A
|
#
1.33 |
|
14-May-2003 |
itojun |
it is unlikely that we introduce 6to4 interface (IFT_STF) to openbsd.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_B
|
#
1.32 |
|
12-Sep-2002 |
itojun |
configure "next" pointer correctly. from j@pureftpd.org
|
#
1.31 |
|
11-Sep-2002 |
itojun |
fix pointer signedness mixup. sync w/kame
|
#
1.30 |
|
11-Sep-2002 |
itojun |
KNF - return is not a function. sync w/kame
|
#
1.29 |
|
11-Jun-2002 |
itojun |
silence some of log(), as the codepath will be visited for IPv6-non-capable interfaces too and can be annoying. net.inet6.icmp6.nd6_debug will re-enable them.
|
#
1.28 |
|
11-Jun-2002 |
itojun |
whitespace
|
#
1.27 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.26 |
|
07-Jun-2002 |
itojun |
whitespace sync w/kame
|
#
1.25 |
|
29-May-2002 |
itojun |
attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
|
#
1.24 |
|
29-May-2002 |
itojun |
move per-interface ip6/icmp6 stat to ifnet->if_afdata. sync w/kame
|
#
1.23 |
|
23-May-2002 |
itojun |
simplify condition to perform DAD. sync w/kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.22 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.21 |
|
07-Dec-2001 |
itojun |
branches: 1.21.2; whitespace/comment sync with kame
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.20 |
|
23-Aug-2001 |
itojun |
suppress printf() on non-multicast interface. suppress ipv6 initialization for IFT_PFLOG.
|
#
1.19 |
|
23-Aug-2001 |
itojun |
don't try to enable IPv6 on IFT_PFLOG.
|
#
1.18 |
|
18-Jul-2001 |
itojun |
avoid using malloc() during interupt context for multicast kludge entry. allocate it on interface initialization.
|
#
1.17 |
|
09-Jun-2001 |
angelos |
No need for net/net_osdep.h
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.16 |
|
16-Feb-2001 |
itojun |
cosmetic sync with kame
|
#
1.15 |
|
07-Feb-2001 |
itojun |
by default, don't bark on inbound ND messages, as outsider may be able to fill up /var with bogus packets. setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid ND packet and other occasions.
improve icmp6 stats.
|
#
1.14 |
|
18-Jan-2001 |
itojun |
do not remove default route by mistake, on interface removal.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.13 |
|
25-Oct-2000 |
jason |
silence the "no multicast" warning for IFT_ENC, too deraadt ok
|
#
1.12 |
|
18-Oct-2000 |
itojun |
don't try to configure IPv6 on bridge*. comment from deraadt
|
#
1.11 |
|
02-Oct-2000 |
itojun |
fix missing \n. from doug@freebsd (sync with kame)
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.10 |
|
05-May-2000 |
itojun |
cope with interface detach (like pcmcia card removal). remove any IPv6 addresses assigned to the interface. reported by ho, bunch of help from niklas. KAME PR 231.
|
#
1.9 |
|
27-Apr-2000 |
itojun |
correct in6_ifdetach(). free oia, not ia. Lennart says there are more problems to go (I don't own openbsd-current laptop). From: Lennart Augustsson <augustss@augustsson.net>
|
#
1.8 |
|
17-Apr-2000 |
itojun |
revisit in6_ifattach(). (1) make it more persistent about initializaing an interface (2) cleanup interface id selection. run NUD on p2p interface (required by spec for bidir p2p interface). add "ndp -i interface" (can tweak per-interface ND flag). (sync with more recent kame)
|
#
1.7 |
|
02-Mar-2000 |
itojun |
do not add ifa_dstaddr for non-pointopoint interface. IPv6 has no concept for "broadcast".
|
Revision tags: SMP_BASE
|
#
1.6 |
|
07-Feb-2000 |
itojun |
branches: 1.6.2; fix include file path related to ip6.
|
#
1.5 |
|
04-Feb-2000 |
itojun |
more coverage of in6_ifdetach()'s cleanup process. bug fix in SIOCGIFADDR_IN6 (point to point case).
|
#
1.4 |
|
02-Feb-2000 |
itojun |
- improve in6_ifdetach to remove (1) multicast kludge list (2) route to link-local allnode multicast (ff02:x::/32) - fix ifnet refcnt'ing in multicast kludge list management. - avoid dangling pointer in multicast kludge management.
(angelos, try this version of in6_ifdetach() - it should be better)
|
#
1.3 |
|
10-Dec-1999 |
itojun |
use proper type for in6_first_ifid (char -> u_int8_t) suggested by: deraadt
|
#
1.2 |
|
10-Dec-1999 |
angelos |
Remove remaining unnecessary ifdefs (itojun will hate me for this :-)
|
Revision tags: kame_19991208
|
#
1.1 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
#
1.121 |
|
15-Nov-2022 |
claudio |
Not assigning a link local address by default breaks various things. A lot of code depends on a eui64 address to be present. So revert this bit of the last commit. OK florian@
|
#
1.120 |
|
14-Nov-2022 |
claudio |
Relax the list of interfaces which support IPv6 a bit.
No longer require IFF_MULTICAST for all interfaces. It is save to skip this for interfaces that don't require a ND cache. Also do not assign a link-local address in such cases. This affects point-to-point interfaces and the NBMA / point-to-multipoint interfaces like mpe(4), mgre(4) and wg(4). The NBMA interfaces need some alternative way to figure out the address mapping. In the end this allows non-multicast interfaces to work with IPv6. OK dlg@ kn@
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.119 |
|
08-Sep-2022 |
kn |
Rename global ifnet TAILQ
Naming the list like the struct itself makes for awful grepping. Call the global variable "ifnetlist" from now on.
There used to be kvm(3) consumers in base picking up this symbol, but those have long been converted to other interfaces.
A few potential ports users remain, same deal as sys/net/if_var.h r1.116 "Remove struct ifnet's unused if_switchport member": they get bumped.
Previous users pointed out by deraadt OK bluhm
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE
|
#
1.118 |
|
15-Mar-2021 |
florian |
Clear AUTOCONF6TEMP flag when we detach inet6.
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.117 |
|
21-Jun-2020 |
dlg |
wireguard can do ipv6, but doesnt do link local addresses.
i feel like i should add IFT_L3IPVLAN here so mgre(4) can take advantage of this too.
from Matt Dunwoodie and Jason A. Donenfeld
ok deraadt@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.116 |
|
17-Mar-2020 |
tobhe |
Use strlcpy instead of strncpy to ensure results are NUL terminated.
ok mpi@
|
#
1.115 |
|
08-Nov-2019 |
dlg |
convert interface address change hooks to tasks and a task_list.
this follows what's been done for detach and link state hooks, and makes handling of hooks generally more robust.
address hooks are a bit different to detach/link state hooks in that there's only a few things that register hooks (carp, pf, vxlan), but a lot of places to run the hooks (lots of ipv4 and ipv6 address configuration).
an address hook cookie was in struct pfi_kif, which is part of the pf abi. rather than break pfctl -sI, this maintains the void * used for the cookie and uses it to store a task, which is then used as intended with the new api.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.114 |
|
21-Aug-2019 |
florian |
Remove support for semantically opace interface identifiers (RFC 7217) for IPv6 link local addresses.
Some hosting and VM providers route customer IPv6 prefixes to link local addresses derived from ethernet MAC addresses (RFC 2464). This leads to hard to debug IPv6 connectivity problems and is probably not worth the effort.
RFC 7721 lists 4 weaknesses:
3.1. Correlation of Activities over Time & 3.2. Location Tracking These are still possible with RFC 7217 addresses for an adversary connected to the same layer 2 network (think conference wifi). Since the link local prefix stays the same (fe80::/64) the link local addresses do not change between different networks. An adversary on the same layer 2 network can probably track ethernet MAC addresses via different means, too.
3.3. Address Scanning & 3.4. Device-Specific Vulnerability Exploitation These now become possible, however, as noted above a layer 2 adversary was probably able to do this via different means.
People concerned with these weaknesses are advised to use ifconfig lladdr random. OK benno input & OK kn
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.113 |
|
13-Feb-2019 |
dlg |
change rt_ifa_add and rt_ifa_del so they take an rdomain argument.
this allows mpls interfaces (mpe, mpw) to pass the rdomain they wish the local label to be in, rather than have it implicitly forced to 0 by these functions. right now they'll pass 0, but it will soon be possible to have them rx packets in other rdomains.
previously the functions used ifp->if_rdomain for the rdomain. everything other than mpls still passes ifp->if_rdomain.
ok mpi@
|
#
1.112 |
|
10-Feb-2019 |
dlg |
remove the implict RTF_MPATH flag that rt_ifa_add() sets on new routes.
MPLS interfaces (ab)use rt_ifa_add for adding the local MPLS label that they listen on for incoming packets, while every other use of rt_ifa_add is for adding addresses on local interfaces. MPLS does this cos the addresses involved are in basically the same shape as ones used for setting up local addresses.
It is appropriate for interfaces to want RTF_MPATH on local addresses, but in the MPLS case it means you can have multiple local things listening on the same label, which doesn't actually work. mpe in particular keeps track of in use labels to it can handle collisions, however, mpw does not. It is currently possible to have multiple mpw interfaces on the same local label, and sharing the same label as mpe or possible normal forwarding labels.
Moving the RTF_MPATH flag out of rt_ifa_add means all the callers that still want it need to pass it themselves. The mpe and mpw callers are left alone without the flag, and will now get EEXIST from rt_ifa_add when a label is already in use.
ok (and a huge amount of patience and help) mpi@ claudio@ is ok with the idea, but saw a much much earlier solution to the problem
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.111 |
|
05-Oct-2018 |
florian |
Do not join node information multicast group (RFC 4620). Benno removed code to answer ICMP queries over 4 years ago. Aham Brahmasmi (aham.brahmasmi AT gmx.com) points out that we still joined the group though.
OK sthen, bluhm, kn
|
#
1.110 |
|
26-Aug-2018 |
mpi |
Do not add ::1 on non-default lo(4) as intended.
Reported by and ok sthen@
|
#
1.109 |
|
10-Jul-2018 |
florian |
When an interface doesn't have a layer 2 address in6_get_soii_ifid() failes and then later on a in in6_get_ifid() a layer 2 address is "borrowed" from from another interface.
Do the "borrowing" in in6_get_soii_ifid(), too so that semantically opaque interface identifiers work for these kind of interfaces, too.
OK phessler, benno
|
#
1.108 |
|
10-Jul-2018 |
florian |
When an interface doesn't have a layer 2 address in6_get_ifid() tries to "borrow" one from another interface. But then it checks if the U bit is set int the generated EUI64 address and rejects it. On the other hand for interfaces that do have a layer 2 address this check is skipped, so relax it for the "borrowing" case, too.
With this one gets stable link local addresses on e.g. gre(4) interfaces on certain virtualisation environments depending which mac addresses get picked for the vio(4) interfaces while previously we would end up with a random IP on every reboot.
Reported by Aaron A. Glenn via phessler.
OK phessler, benno
|
#
1.107 |
|
27-Mar-2018 |
dhill |
Use memcpy instead of bcopy when the memory does not overlap.
OK deraadt@ florian@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.106 |
|
13-Mar-2018 |
florian |
Calculate RFC7217 link-local style addresses the same way as slaacd(8).
RFC 7217 states (section 5, page 9): | The Interface Identifier is finally obtained by taking as many | bits from the RID value (computed in the previous step) as | necessary, starting from the least significant bit.
Problem in slaacd pointed out by semarie@.
OK sthen, phessler
|
#
1.105 |
|
10-Feb-2018 |
florian |
Implement RFC 7217: "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration."
"An IPv6 address configured using this method is stable within each subnet, but the corresponding Interface Identifier changes when the host moves from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware addresses."
OK naddy, sthen
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.104 |
|
01-Sep-2017 |
florian |
Use in6_get_rand_ifid() instead of get_last_resort_ifid() and delete the get_last_resort_ifid() function because eww. Also if your system is so constraint that you end up in in6_get_rand_ifid() you don't deserve a random ifid that stays stable over reboots. Simplify code a bit since get_ifid() can no longer fail. It couldn't fail before either because that code path was #if 0'ed. While here sprinkle in some in6_ prefixes, pointed out by stsp. OK stsp
|
#
1.103 |
|
11-Jul-2017 |
florian |
Purging is at last at hand. Day of Doom is here. All that is evil shall all be cleansed.
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Input & OK bluhm@, mpi@
|
#
1.102 |
|
16-May-2017 |
mpi |
Replace remaining splsoftassert(IPL_SOFTNET) by NET_ASSERT_LOCKED().
ok visa@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.101 |
|
29-Dec-2016 |
mpi |
Get rid of recursive splsoftnet() in in6_ifattach_linklocal().
ok visa@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.100 |
|
30-Jun-2016 |
mpi |
Restore the automagically added /64 route on p2p interfaces in order to send traffic to link-local addresses without default route.
Fix a regression reported by Michael Lechtermann, ok stsp@, sthen@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.99 |
|
02-Dec-2015 |
bluhm |
When destroying an interface, we have to wait until all references are not used anymore. This has to be done before any interface fields become invalid. As the route delete request cannot call if_get() anymore, pass down the interface. Split rtrequest_delete() into a separate function that may take an existing inteface. OK mpi@
|
#
1.98 |
|
24-Oct-2015 |
mpi |
Convert to rt_ifidx.
ok bluhm@
|
#
1.97 |
|
22-Oct-2015 |
bluhm |
Inspired by satosin(), use inline functions to convert sockaddr dl. Instead of casts they check wether the incoming object has the expected type. So introduce satosdl() and sdltosa() in the kernel. OK mpi@
|
#
1.96 |
|
12-Sep-2015 |
mpi |
Now that rtrequest1(9) properly sets RTF_UP for newly added route, stop passing it in every rt_ifa_add(9) calls.
ok claudio@
|
#
1.95 |
|
03-Sep-2015 |
mpi |
Change the order of operations for loopback interfaces to have ::1 configured before fe80::1.
(lo0:0) in pf should resolve to 127.0.0.1 ::1.
reported by and ok mikeb@
|
#
1.94 |
|
31-Aug-2015 |
mpi |
Do not install connected routes on loopback interfaces.
Previously loopback connected routes were managed via the global list of prefixes, which mean that systems with AUTOCONF'd addresses did not see them in the routing table.
This also makes inet6 route creation coherent with inet.
|
#
1.93 |
|
24-Aug-2015 |
mpi |
Start moving away from the global prefix list by limiting its usage to AUTOCONF'd addresses.
This prevent the kernel from removing connected (/64) routes as soon as it configures an AUTOCONF'd address based on a RA.
Tested by sebastia@, ok sthen@
|
#
1.92 |
|
24-Aug-2015 |
mpi |
Rework the code to decide when to perform DAD to no longer rely on the IN6_IFF_NODAD pseudo-flag not being set.
This was just a flag for spaghetti code that should not exist in the first place.
Tested by sebastia@, ok sthen@
|
#
1.91 |
|
17-Aug-2015 |
mpi |
Remove anoying comment about in6_update_ifa().
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.90 |
|
18-Jul-2015 |
mpi |
Merge two identical chunks to add new prefixes to the global data structures into a function.
ok florian@
|
#
1.89 |
|
16-Jul-2015 |
mpi |
Properly layer Router Solicitation code.
Tweak and ok florian@
|
#
1.88 |
|
08-Jun-2015 |
krw |
More damned eye searing whitespace. No change to .o files.
|
#
1.87 |
|
27-Apr-2015 |
mpi |
Do not call nd6_purge() before purging the IPv6 addresses of a detached interface.
Fix a use after free introduced in r1.98 of netinet6/in6.c and recently exposed by a crazy pool/malloc damage finder being currently refined by dlg@ and deraadt@.
ok mikeb@, henning@
|
#
1.86 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.85 |
|
05-Feb-2015 |
mpi |
Convert various rtrequest1(RTM_DELETE,...) calls to rtdeletemsg(9).
This unify some code and notify userland for free.
blambert@ agrees, ok bluhm@
|
#
1.84 |
|
28-Jan-2015 |
mpi |
Revert rtdeletemsg conversion. It was not ok'd, I misunderstood bluhm@'s email.
|
#
1.83 |
|
27-Jan-2015 |
mpi |
Ensure that link-local addresses are correctly configured on loopback interfaces.
When the kernel automagically configures IPv6 addresses on loopback interfaces, start by assigning a link-local address and then try to assign "::1".
Only the first configured loopback interface per rdomain can have the "::1" address. But even if other loopback interfaces failed to get this address, because it is already taken, give them a chance to have a link-local address.
While here change in6_ifattach() to return an error value and remove duplicated code.
Fix a regression introduced by the NOINET6 flag removal.
ok henning@, stsp@, florian@, benno@
|
#
1.82 |
|
26-Jan-2015 |
mpi |
Call rtdeletemsg(9) instead of rerolling its code. As a bonus you'll get userland notification for free.
ok blambert@, bluhm@
|
#
1.81 |
|
10-Jan-2015 |
mpi |
Correct some comments and merge in6_if_up() into in6_ifattach() to reflect that IPv6 link-local addresses are no longer automagically configured the first time an interface is brought up.
ok henning@, stsp@
|
#
1.80 |
|
08-Jan-2015 |
florian |
Clear autoconf6 flag after autoconf6 cleanup happened, not before. Otherwise clean up code will never run. OK mpi@, benno@, henning@
|
#
1.79 |
|
06-Jan-2015 |
stsp |
Remove the NOINET6 interface flag, a left-over from the times when IPv6 was enabled by default. Add AFATTACH/AFDETACH ioctls which enable/disable an address family for an interface (currently used for IPv6 only).
New kernel needs new ifconfig for IPv6 configuration (address assignment still works with old ifconfig making this easy to cross over).
Committing on behalf of henning@ who is currently lebensmittelvergiftet. ok stsp, benno, mpi
|
#
1.78 |
|
04-Dec-2014 |
tedu |
replace md5 with sha512. ok deraadt
|
#
1.77 |
|
20-Nov-2014 |
mpi |
What have no need for a variable that holds the maximum MTU size of interfaces with an IPv6 address.
ok henning@, mikeb@, deraadt@
|
#
1.76 |
|
18-Nov-2014 |
krw |
Nuke yet more obvious #include duplications.
ok miod@
|
#
1.75 |
|
18-Nov-2014 |
tedu |
move arc4random prototype to systm.h. more appropriate for most code to include that than rdnvar.h. ok deraadt dlg
|
#
1.74 |
|
01-Nov-2014 |
mpi |
Rename rtalloc1() into rtalloc(9) and convert its flags to only enable functionnality instead of a mix of enable/disable.
ok bluhm@, jca@
|
#
1.73 |
|
25-Aug-2014 |
florian |
Move sending of router solicitations to the kernel; receiving and processing of router advertisements was already in the kernel. With this rtsol{,d}(8) is no longer necessary.
The kernel starts sending solicitations with # ifconfig $IF inet6 autoconf or inet6 autoconf in /etc/hostname.$IF.
input stsp@ much help & OK mpi@ tweaks & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.72 |
|
01-Jul-2014 |
benno |
When a carp interface is created with IFXF_NOINET6 flag, no link-local address will be created when the vhid (and MAC) is set. Depending on the order of the configuration the interface can end up with a ipv6 address, but no v6 link-local and no working neigbor discovery.
Removing this case statement will result in the link-local address being configured by "ifconfig up" if the inet6 address was configured before. If you are using inet6 on carp, put an "up" at the end of your hostname.if. I will work on a better solution at g2k14.
ok henning, mpi
|
#
1.71 |
|
26-Jun-2014 |
mpi |
Calling in{6,}_purgeaddr() is not enough to remove an address from an interface. Two other operations are performed when issuing a SIOCDIFADDR{_IN6,} ioctl: call the address hook and the per-driver ioctl function.
Since carp(4) relies on an address hook to recalculate its hash, make sure to call this hook when IFXF_NOINET6 is set or when the rdomain is changed.
ok henning@, mikeb@
|
#
1.70 |
|
03-Jun-2014 |
mpi |
Do not include <sys/malloc.h> where it is not needed.
|
#
1.69 |
|
20-May-2014 |
mpi |
Fix eui64 address generation, broken since the removal of the link-layer address from the per-ifp list.
Found the hard way by weerd@, florian@ and stsp@, ok florian@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.68 |
|
21-Jan-2014 |
mpi |
Do not clean the multicast records of an interface when it is destroyed (unplugged). Even if it makes no sense to keep them around if the interface is no more, we cannot safely remove them since pcb multicast options might keep a pointer to them.
Fixes a user after free introduced by the multicast address linking rewrite and reported by Alexey Suslikov, thanks!
ok claudio@
|
#
1.67 |
|
13-Jan-2014 |
bluhm |
Call all local valiables of type struct in6_ifaddr "ia6". This is consistent with struct ifaddr "ifa" and struct in_ifaddr "ia". OK mpi@
|
#
1.66 |
|
07-Jan-2014 |
stsp |
Some follow-up fixes for IFID collision handling in IPv6CP.
Really change the link-local address in the unlikely event of an IFID collision, instead of going into an infinite conf-nak loop with the peer.
To make the netinet6 code use the IPv6CP IFID in a new link-local address, in6_ifattach_linklocal() must accept a provided IFID. Replace the unused 'altifp' parameter with a new 'ifid' parameter for this purpose.
Always use the latest suggested address in IPv6CP replies, even if the task to update the interface's address hasn't run yet. Also, clear the ifindex (KAME hack) in addresses sent during IPv6CP.
ok mpi
|
#
1.65 |
|
06-Jan-2014 |
stsp |
Make in6_ifdetach() remove the ff01::1 route for the detaching interface, too. The route used to linger after an interface detached from IPv6. ok mikeb
|
#
1.64 |
|
28-Nov-2013 |
mpi |
Change the way protocol multicast addresses are linked to an interface.
Instead of linking multicast records to the first configured address of the corresponding protocol, making this address and its position in the global list special, add them to a new list directly linked to the interface descriptor.
This new multicast address list is similar to the address list, all its elements contain a protocol agnostic part. This design allows us to be able to join a multicast group without necessarily having a configured address. That means IPv6 multicast kludges are no longer needed.
Another benefit is to be able to add and remove an IP address from an interface without worrying about multicast records. That means that the global IPv4 list is no longer needed since the first configured address of an interface is no longer special.
This new list might also be extended in the future to contain the link-layer addresses used to configure hardware filters.
Tested by sthen@ and weerd@, ok mikeb@
|
#
1.63 |
|
19-Nov-2013 |
mpi |
Remove some FDDI/ATM leftovers.
ok mikeb@, henning@, deraadt@, brad@, miod@
|
#
1.62 |
|
17-Oct-2013 |
bluhm |
The header file netinet/in_var.h included netinet6/in6_var.h. This created a bunch of useless dependencies. Remove this implicit inclusion and do an explicit #include <netinet6/in6_var.h> when it is needed. OK mpi@ henning@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.61 |
|
31-May-2013 |
bluhm |
Remove a bunch of sockaddr_in6 pointer casts and replace others with sin6tosa() or satosin6() inline functions. This allows the compiler to check the types more strictly. OK mpi@
|
#
1.60 |
|
26-Mar-2013 |
bluhm |
Remove a block of dead code in in6_ifdetach(). It was never executed due to the wrong & in satosin6(&ifa->ifa_addr). The link local prefix fe80 was not checked within the IPv6 address, but within some pointers of the interface address struct. The whole loop around this was also never executed as all IPv6 addresses had already been purged. OK sperreault@ mpi@ mikeb@
|
#
1.59 |
|
25-Mar-2013 |
mpi |
Substitute the handcrafted list of IPv6 addresses by a proper TAILQ.
ok bluhm@, mikeb@
|
#
1.58 |
|
07-Mar-2013 |
mpi |
Remove the IFAFREE() macro, the ifafree() function it was calling already check for the reference counter.
ok mikeb@, miod@, pelikan@, kettenis@, krw@
|
#
1.57 |
|
04-Mar-2013 |
bluhm |
Replace the cast to struct in6_ifaddr pointer with the ifatoia6() macro. No binary change. OK claudio@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.56 |
|
19-Sep-2012 |
bluhm |
Use TAILQ_FOREACH macro for loops. No binary diff. OK henning@
|
#
1.55 |
|
21-Aug-2012 |
bluhm |
Reverse the name and meaning of the IFXF_INET6_PRIVACY interface flag. It is now called IFXF_INET6_NOPRIVACY. So IPv6 privacy addresses are on by default without resetting the flag during ifconfig down/up. OK stsp@, sperreault@ (who wrote the same diff)
|
#
1.54 |
|
15-Aug-2012 |
sperreault |
Enable IPv6 autoconfprivacy by default
diff originally by stsp@ "please commit it" deraadt@ "don't care" stsp@ "don't like" bluhm@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.53 |
|
03-Jan-2012 |
bluhm |
To access the ifaddr of an in_ifaddr or in6_ifaddr struct, it is cleaner to access the first member via ia_ifa instead of casting. No binary change. ok henning@ krw@
|
#
1.52 |
|
24-Nov-2011 |
sperreault |
rdomain support for IPv6 ok mikeb
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.51 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.50 |
|
08-Feb-2010 |
jsing |
More destatic and ansification.
ok claudio@ naddy@
|
#
1.49 |
|
13-Jan-2010 |
henning |
instead of fiddling with the per-interface address lists directly in many places create a proper API (ifa_add / ifa_del) and use it. ok theo ryan dlg
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.48 |
|
30-Jan-2009 |
mcbride |
"XXX: should this be performed under splnet()?"... Yes, yes it should. Interface configuration causes neighbour discoverery, which runs packets through parts of the stack that require at least splsoftnet(), like pf and pfsync.
ok dlg
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.47 |
|
11-Jun-2008 |
mcbride |
ANSIfy to sync with KAME. From Karl Sjodahl <dunceor@gmail.com>.
ok todd deraadt naddy bluhm
|
#
1.46 |
|
11-May-2008 |
claudio |
rtrequest to rtrequest1 conversion in inet6. With that no rtrequest should be left over. OK henning@
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.45 |
|
08-Jun-2007 |
henning |
kill arcnet leftovers, some pt out by Mike Belopuhov <mkb@crypt.org.ru>, some I found afterwards, ok dlg
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.44 |
|
15-Nov-2006 |
itojun |
unifdef -USCOPEDROUTING
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.43 |
|
31-Aug-2006 |
mcbride |
Automatically add a IPv6 link-local address to carp interfaces when the virtual MAC address is set. Among other things, this makes route6d work correctly on systems with carp interfaces.
In order to ensure backwards compatibility, we do not include IPv6 link-local addresses in generating the HMAC, but we accept HMACs with AND without the link-local addresses. They will be added to the HMAC in a future release.
In short: this change should only affect backwards compatibility for IPv6 users who are manually adding link-local addresses on carp interfaces.
testing mtu@ todd@ ok mpf@ henning@ deraadt@
|
#
1.42 |
|
16-Jun-2006 |
henning |
adjust functions dealing with the routing table to take a table ID as parameter so they can work on alternate tables. table 0 hardcoded for many callers yet, that will be adapted step by step. input + ok claudio norby hshoexer
|
#
1.41 |
|
27-May-2006 |
claudio |
Do the same thing as for IPv4. Use a sysctl to enable/disable mfrowarding and additionaly make the code part of the MROUTING option. Put it in deraadt@
|
#
1.40 |
|
05-Mar-2006 |
miod |
Use more queue macros rather than doing it by hand; ok otto@ krw@
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.39 |
|
23-May-2005 |
mpf |
carp needs a multicast kludge storage. Fixes PR 4211. OK mcbride@
|
#
1.38 |
|
21-Apr-2005 |
itojun |
remove (now obsolete) handling of IFT_PROPVIRTUAL/bridge*. tested by camield@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.37 |
|
07-Dec-2004 |
mcbride |
Convert carp(4) to behave more like a regular interface, much in the same style as vlan(4). carp interfaces no longer require the physical interface to be on the same subnet as the carp interface, or even that the physical interface has an adress at all, so CARP can now be used on /30 networks.
ok deraadt@ henning@
|
Revision tags: OPENBSD_3_6_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.36 |
|
07-May-2004 |
millert |
Replace RSA-derived md5 code with code derived from Colin Plumb's PD version. This moves md5.c out of libkern and into sys/crypto where it belongs (as requested by markus@). Note that md5.c is still mandatory (dev/rnd.c uses it). Verified with IPsec + hmac-md5 and tcp md5sig. OK henning@ and hshoexer@
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE
|
#
1.35 |
|
08-Jul-2003 |
itojun |
on interface removal, clear multicast forwarding stuff. from kame
|
#
1.34 |
|
28-Jun-2003 |
itojun |
i don't think pfsync needs a link-local addr.
|
Revision tags: UBC_SYNC_A
|
#
1.33 |
|
14-May-2003 |
itojun |
it is unlikely that we introduce 6to4 interface (IFT_STF) to openbsd.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_B
|
#
1.32 |
|
12-Sep-2002 |
itojun |
configure "next" pointer correctly. from j@pureftpd.org
|
#
1.31 |
|
11-Sep-2002 |
itojun |
fix pointer signedness mixup. sync w/kame
|
#
1.30 |
|
11-Sep-2002 |
itojun |
KNF - return is not a function. sync w/kame
|
#
1.29 |
|
11-Jun-2002 |
itojun |
silence some of log(), as the codepath will be visited for IPv6-non-capable interfaces too and can be annoying. net.inet6.icmp6.nd6_debug will re-enable them.
|
#
1.28 |
|
11-Jun-2002 |
itojun |
whitespace
|
#
1.27 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.26 |
|
07-Jun-2002 |
itojun |
whitespace sync w/kame
|
#
1.25 |
|
29-May-2002 |
itojun |
attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
|
#
1.24 |
|
29-May-2002 |
itojun |
move per-interface ip6/icmp6 stat to ifnet->if_afdata. sync w/kame
|
#
1.23 |
|
23-May-2002 |
itojun |
simplify condition to perform DAD. sync w/kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.22 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.21 |
|
07-Dec-2001 |
itojun |
branches: 1.21.2; whitespace/comment sync with kame
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.20 |
|
23-Aug-2001 |
itojun |
suppress printf() on non-multicast interface. suppress ipv6 initialization for IFT_PFLOG.
|
#
1.19 |
|
23-Aug-2001 |
itojun |
don't try to enable IPv6 on IFT_PFLOG.
|
#
1.18 |
|
18-Jul-2001 |
itojun |
avoid using malloc() during interupt context for multicast kludge entry. allocate it on interface initialization.
|
#
1.17 |
|
09-Jun-2001 |
angelos |
No need for net/net_osdep.h
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.16 |
|
16-Feb-2001 |
itojun |
cosmetic sync with kame
|
#
1.15 |
|
07-Feb-2001 |
itojun |
by default, don't bark on inbound ND messages, as outsider may be able to fill up /var with bogus packets. setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid ND packet and other occasions.
improve icmp6 stats.
|
#
1.14 |
|
18-Jan-2001 |
itojun |
do not remove default route by mistake, on interface removal.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.13 |
|
25-Oct-2000 |
jason |
silence the "no multicast" warning for IFT_ENC, too deraadt ok
|
#
1.12 |
|
18-Oct-2000 |
itojun |
don't try to configure IPv6 on bridge*. comment from deraadt
|
#
1.11 |
|
02-Oct-2000 |
itojun |
fix missing \n. from doug@freebsd (sync with kame)
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.10 |
|
05-May-2000 |
itojun |
cope with interface detach (like pcmcia card removal). remove any IPv6 addresses assigned to the interface. reported by ho, bunch of help from niklas. KAME PR 231.
|
#
1.9 |
|
27-Apr-2000 |
itojun |
correct in6_ifdetach(). free oia, not ia. Lennart says there are more problems to go (I don't own openbsd-current laptop). From: Lennart Augustsson <augustss@augustsson.net>
|
#
1.8 |
|
17-Apr-2000 |
itojun |
revisit in6_ifattach(). (1) make it more persistent about initializaing an interface (2) cleanup interface id selection. run NUD on p2p interface (required by spec for bidir p2p interface). add "ndp -i interface" (can tweak per-interface ND flag). (sync with more recent kame)
|
#
1.7 |
|
02-Mar-2000 |
itojun |
do not add ifa_dstaddr for non-pointopoint interface. IPv6 has no concept for "broadcast".
|
Revision tags: SMP_BASE
|
#
1.6 |
|
07-Feb-2000 |
itojun |
branches: 1.6.2; fix include file path related to ip6.
|
#
1.5 |
|
04-Feb-2000 |
itojun |
more coverage of in6_ifdetach()'s cleanup process. bug fix in SIOCGIFADDR_IN6 (point to point case).
|
#
1.4 |
|
02-Feb-2000 |
itojun |
- improve in6_ifdetach to remove (1) multicast kludge list (2) route to link-local allnode multicast (ff02:x::/32) - fix ifnet refcnt'ing in multicast kludge list management. - avoid dangling pointer in multicast kludge management.
(angelos, try this version of in6_ifdetach() - it should be better)
|
#
1.3 |
|
10-Dec-1999 |
itojun |
use proper type for in6_first_ifid (char -> u_int8_t) suggested by: deraadt
|
#
1.2 |
|
10-Dec-1999 |
angelos |
Remove remaining unnecessary ifdefs (itojun will hate me for this :-)
|
Revision tags: kame_19991208
|
#
1.1 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
#
1.119 |
|
08-Sep-2022 |
kn |
Rename global ifnet TAILQ
Naming the list like the struct itself makes for awful grepping. Call the global variable "ifnetlist" from now on.
There used to be kvm(3) consumers in base picking up this symbol, but those have long been converted to other interfaces.
A few potential ports users remain, same deal as sys/net/if_var.h r1.116 "Remove struct ifnet's unused if_switchport member": they get bumped.
Previous users pointed out by deraadt OK bluhm
|
Revision tags: OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE
|
#
1.118 |
|
15-Mar-2021 |
florian |
Clear AUTOCONF6TEMP flag when we detach inet6.
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.117 |
|
21-Jun-2020 |
dlg |
wireguard can do ipv6, but doesnt do link local addresses.
i feel like i should add IFT_L3IPVLAN here so mgre(4) can take advantage of this too.
from Matt Dunwoodie and Jason A. Donenfeld
ok deraadt@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.116 |
|
17-Mar-2020 |
tobhe |
Use strlcpy instead of strncpy to ensure results are NUL terminated.
ok mpi@
|
#
1.115 |
|
08-Nov-2019 |
dlg |
convert interface address change hooks to tasks and a task_list.
this follows what's been done for detach and link state hooks, and makes handling of hooks generally more robust.
address hooks are a bit different to detach/link state hooks in that there's only a few things that register hooks (carp, pf, vxlan), but a lot of places to run the hooks (lots of ipv4 and ipv6 address configuration).
an address hook cookie was in struct pfi_kif, which is part of the pf abi. rather than break pfctl -sI, this maintains the void * used for the cookie and uses it to store a task, which is then used as intended with the new api.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.114 |
|
21-Aug-2019 |
florian |
Remove support for semantically opace interface identifiers (RFC 7217) for IPv6 link local addresses.
Some hosting and VM providers route customer IPv6 prefixes to link local addresses derived from ethernet MAC addresses (RFC 2464). This leads to hard to debug IPv6 connectivity problems and is probably not worth the effort.
RFC 7721 lists 4 weaknesses:
3.1. Correlation of Activities over Time & 3.2. Location Tracking These are still possible with RFC 7217 addresses for an adversary connected to the same layer 2 network (think conference wifi). Since the link local prefix stays the same (fe80::/64) the link local addresses do not change between different networks. An adversary on the same layer 2 network can probably track ethernet MAC addresses via different means, too.
3.3. Address Scanning & 3.4. Device-Specific Vulnerability Exploitation These now become possible, however, as noted above a layer 2 adversary was probably able to do this via different means.
People concerned with these weaknesses are advised to use ifconfig lladdr random. OK benno input & OK kn
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.113 |
|
13-Feb-2019 |
dlg |
change rt_ifa_add and rt_ifa_del so they take an rdomain argument.
this allows mpls interfaces (mpe, mpw) to pass the rdomain they wish the local label to be in, rather than have it implicitly forced to 0 by these functions. right now they'll pass 0, but it will soon be possible to have them rx packets in other rdomains.
previously the functions used ifp->if_rdomain for the rdomain. everything other than mpls still passes ifp->if_rdomain.
ok mpi@
|
#
1.112 |
|
10-Feb-2019 |
dlg |
remove the implict RTF_MPATH flag that rt_ifa_add() sets on new routes.
MPLS interfaces (ab)use rt_ifa_add for adding the local MPLS label that they listen on for incoming packets, while every other use of rt_ifa_add is for adding addresses on local interfaces. MPLS does this cos the addresses involved are in basically the same shape as ones used for setting up local addresses.
It is appropriate for interfaces to want RTF_MPATH on local addresses, but in the MPLS case it means you can have multiple local things listening on the same label, which doesn't actually work. mpe in particular keeps track of in use labels to it can handle collisions, however, mpw does not. It is currently possible to have multiple mpw interfaces on the same local label, and sharing the same label as mpe or possible normal forwarding labels.
Moving the RTF_MPATH flag out of rt_ifa_add means all the callers that still want it need to pass it themselves. The mpe and mpw callers are left alone without the flag, and will now get EEXIST from rt_ifa_add when a label is already in use.
ok (and a huge amount of patience and help) mpi@ claudio@ is ok with the idea, but saw a much much earlier solution to the problem
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.111 |
|
05-Oct-2018 |
florian |
Do not join node information multicast group (RFC 4620). Benno removed code to answer ICMP queries over 4 years ago. Aham Brahmasmi (aham.brahmasmi AT gmx.com) points out that we still joined the group though.
OK sthen, bluhm, kn
|
#
1.110 |
|
26-Aug-2018 |
mpi |
Do not add ::1 on non-default lo(4) as intended.
Reported by and ok sthen@
|
#
1.109 |
|
10-Jul-2018 |
florian |
When an interface doesn't have a layer 2 address in6_get_soii_ifid() failes and then later on a in in6_get_ifid() a layer 2 address is "borrowed" from from another interface.
Do the "borrowing" in in6_get_soii_ifid(), too so that semantically opaque interface identifiers work for these kind of interfaces, too.
OK phessler, benno
|
#
1.108 |
|
10-Jul-2018 |
florian |
When an interface doesn't have a layer 2 address in6_get_ifid() tries to "borrow" one from another interface. But then it checks if the U bit is set int the generated EUI64 address and rejects it. On the other hand for interfaces that do have a layer 2 address this check is skipped, so relax it for the "borrowing" case, too.
With this one gets stable link local addresses on e.g. gre(4) interfaces on certain virtualisation environments depending which mac addresses get picked for the vio(4) interfaces while previously we would end up with a random IP on every reboot.
Reported by Aaron A. Glenn via phessler.
OK phessler, benno
|
#
1.107 |
|
27-Mar-2018 |
dhill |
Use memcpy instead of bcopy when the memory does not overlap.
OK deraadt@ florian@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.106 |
|
13-Mar-2018 |
florian |
Calculate RFC7217 link-local style addresses the same way as slaacd(8).
RFC 7217 states (section 5, page 9): | The Interface Identifier is finally obtained by taking as many | bits from the RID value (computed in the previous step) as | necessary, starting from the least significant bit.
Problem in slaacd pointed out by semarie@.
OK sthen, phessler
|
#
1.105 |
|
10-Feb-2018 |
florian |
Implement RFC 7217: "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration."
"An IPv6 address configured using this method is stable within each subnet, but the corresponding Interface Identifier changes when the host moves from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware addresses."
OK naddy, sthen
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.104 |
|
01-Sep-2017 |
florian |
Use in6_get_rand_ifid() instead of get_last_resort_ifid() and delete the get_last_resort_ifid() function because eww. Also if your system is so constraint that you end up in in6_get_rand_ifid() you don't deserve a random ifid that stays stable over reboots. Simplify code a bit since get_ifid() can no longer fail. It couldn't fail before either because that code path was #if 0'ed. While here sprinkle in some in6_ prefixes, pointed out by stsp. OK stsp
|
#
1.103 |
|
11-Jul-2017 |
florian |
Purging is at last at hand. Day of Doom is here. All that is evil shall all be cleansed.
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Input & OK bluhm@, mpi@
|
#
1.102 |
|
16-May-2017 |
mpi |
Replace remaining splsoftassert(IPL_SOFTNET) by NET_ASSERT_LOCKED().
ok visa@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.101 |
|
29-Dec-2016 |
mpi |
Get rid of recursive splsoftnet() in in6_ifattach_linklocal().
ok visa@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.100 |
|
30-Jun-2016 |
mpi |
Restore the automagically added /64 route on p2p interfaces in order to send traffic to link-local addresses without default route.
Fix a regression reported by Michael Lechtermann, ok stsp@, sthen@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.99 |
|
02-Dec-2015 |
bluhm |
When destroying an interface, we have to wait until all references are not used anymore. This has to be done before any interface fields become invalid. As the route delete request cannot call if_get() anymore, pass down the interface. Split rtrequest_delete() into a separate function that may take an existing inteface. OK mpi@
|
#
1.98 |
|
24-Oct-2015 |
mpi |
Convert to rt_ifidx.
ok bluhm@
|
#
1.97 |
|
22-Oct-2015 |
bluhm |
Inspired by satosin(), use inline functions to convert sockaddr dl. Instead of casts they check wether the incoming object has the expected type. So introduce satosdl() and sdltosa() in the kernel. OK mpi@
|
#
1.96 |
|
12-Sep-2015 |
mpi |
Now that rtrequest1(9) properly sets RTF_UP for newly added route, stop passing it in every rt_ifa_add(9) calls.
ok claudio@
|
#
1.95 |
|
03-Sep-2015 |
mpi |
Change the order of operations for loopback interfaces to have ::1 configured before fe80::1.
(lo0:0) in pf should resolve to 127.0.0.1 ::1.
reported by and ok mikeb@
|
#
1.94 |
|
31-Aug-2015 |
mpi |
Do not install connected routes on loopback interfaces.
Previously loopback connected routes were managed via the global list of prefixes, which mean that systems with AUTOCONF'd addresses did not see them in the routing table.
This also makes inet6 route creation coherent with inet.
|
#
1.93 |
|
24-Aug-2015 |
mpi |
Start moving away from the global prefix list by limiting its usage to AUTOCONF'd addresses.
This prevent the kernel from removing connected (/64) routes as soon as it configures an AUTOCONF'd address based on a RA.
Tested by sebastia@, ok sthen@
|
#
1.92 |
|
24-Aug-2015 |
mpi |
Rework the code to decide when to perform DAD to no longer rely on the IN6_IFF_NODAD pseudo-flag not being set.
This was just a flag for spaghetti code that should not exist in the first place.
Tested by sebastia@, ok sthen@
|
#
1.91 |
|
17-Aug-2015 |
mpi |
Remove anoying comment about in6_update_ifa().
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.90 |
|
18-Jul-2015 |
mpi |
Merge two identical chunks to add new prefixes to the global data structures into a function.
ok florian@
|
#
1.89 |
|
16-Jul-2015 |
mpi |
Properly layer Router Solicitation code.
Tweak and ok florian@
|
#
1.88 |
|
08-Jun-2015 |
krw |
More damned eye searing whitespace. No change to .o files.
|
#
1.87 |
|
27-Apr-2015 |
mpi |
Do not call nd6_purge() before purging the IPv6 addresses of a detached interface.
Fix a use after free introduced in r1.98 of netinet6/in6.c and recently exposed by a crazy pool/malloc damage finder being currently refined by dlg@ and deraadt@.
ok mikeb@, henning@
|
#
1.86 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.85 |
|
05-Feb-2015 |
mpi |
Convert various rtrequest1(RTM_DELETE,...) calls to rtdeletemsg(9).
This unify some code and notify userland for free.
blambert@ agrees, ok bluhm@
|
#
1.84 |
|
28-Jan-2015 |
mpi |
Revert rtdeletemsg conversion. It was not ok'd, I misunderstood bluhm@'s email.
|
#
1.83 |
|
27-Jan-2015 |
mpi |
Ensure that link-local addresses are correctly configured on loopback interfaces.
When the kernel automagically configures IPv6 addresses on loopback interfaces, start by assigning a link-local address and then try to assign "::1".
Only the first configured loopback interface per rdomain can have the "::1" address. But even if other loopback interfaces failed to get this address, because it is already taken, give them a chance to have a link-local address.
While here change in6_ifattach() to return an error value and remove duplicated code.
Fix a regression introduced by the NOINET6 flag removal.
ok henning@, stsp@, florian@, benno@
|
#
1.82 |
|
26-Jan-2015 |
mpi |
Call rtdeletemsg(9) instead of rerolling its code. As a bonus you'll get userland notification for free.
ok blambert@, bluhm@
|
#
1.81 |
|
10-Jan-2015 |
mpi |
Correct some comments and merge in6_if_up() into in6_ifattach() to reflect that IPv6 link-local addresses are no longer automagically configured the first time an interface is brought up.
ok henning@, stsp@
|
#
1.80 |
|
08-Jan-2015 |
florian |
Clear autoconf6 flag after autoconf6 cleanup happened, not before. Otherwise clean up code will never run. OK mpi@, benno@, henning@
|
#
1.79 |
|
06-Jan-2015 |
stsp |
Remove the NOINET6 interface flag, a left-over from the times when IPv6 was enabled by default. Add AFATTACH/AFDETACH ioctls which enable/disable an address family for an interface (currently used for IPv6 only).
New kernel needs new ifconfig for IPv6 configuration (address assignment still works with old ifconfig making this easy to cross over).
Committing on behalf of henning@ who is currently lebensmittelvergiftet. ok stsp, benno, mpi
|
#
1.78 |
|
04-Dec-2014 |
tedu |
replace md5 with sha512. ok deraadt
|
#
1.77 |
|
20-Nov-2014 |
mpi |
What have no need for a variable that holds the maximum MTU size of interfaces with an IPv6 address.
ok henning@, mikeb@, deraadt@
|
#
1.76 |
|
18-Nov-2014 |
krw |
Nuke yet more obvious #include duplications.
ok miod@
|
#
1.75 |
|
18-Nov-2014 |
tedu |
move arc4random prototype to systm.h. more appropriate for most code to include that than rdnvar.h. ok deraadt dlg
|
#
1.74 |
|
01-Nov-2014 |
mpi |
Rename rtalloc1() into rtalloc(9) and convert its flags to only enable functionnality instead of a mix of enable/disable.
ok bluhm@, jca@
|
#
1.73 |
|
25-Aug-2014 |
florian |
Move sending of router solicitations to the kernel; receiving and processing of router advertisements was already in the kernel. With this rtsol{,d}(8) is no longer necessary.
The kernel starts sending solicitations with # ifconfig $IF inet6 autoconf or inet6 autoconf in /etc/hostname.$IF.
input stsp@ much help & OK mpi@ tweaks & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.72 |
|
01-Jul-2014 |
benno |
When a carp interface is created with IFXF_NOINET6 flag, no link-local address will be created when the vhid (and MAC) is set. Depending on the order of the configuration the interface can end up with a ipv6 address, but no v6 link-local and no working neigbor discovery.
Removing this case statement will result in the link-local address being configured by "ifconfig up" if the inet6 address was configured before. If you are using inet6 on carp, put an "up" at the end of your hostname.if. I will work on a better solution at g2k14.
ok henning, mpi
|
#
1.71 |
|
26-Jun-2014 |
mpi |
Calling in{6,}_purgeaddr() is not enough to remove an address from an interface. Two other operations are performed when issuing a SIOCDIFADDR{_IN6,} ioctl: call the address hook and the per-driver ioctl function.
Since carp(4) relies on an address hook to recalculate its hash, make sure to call this hook when IFXF_NOINET6 is set or when the rdomain is changed.
ok henning@, mikeb@
|
#
1.70 |
|
03-Jun-2014 |
mpi |
Do not include <sys/malloc.h> where it is not needed.
|
#
1.69 |
|
20-May-2014 |
mpi |
Fix eui64 address generation, broken since the removal of the link-layer address from the per-ifp list.
Found the hard way by weerd@, florian@ and stsp@, ok florian@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.68 |
|
21-Jan-2014 |
mpi |
Do not clean the multicast records of an interface when it is destroyed (unplugged). Even if it makes no sense to keep them around if the interface is no more, we cannot safely remove them since pcb multicast options might keep a pointer to them.
Fixes a user after free introduced by the multicast address linking rewrite and reported by Alexey Suslikov, thanks!
ok claudio@
|
#
1.67 |
|
13-Jan-2014 |
bluhm |
Call all local valiables of type struct in6_ifaddr "ia6". This is consistent with struct ifaddr "ifa" and struct in_ifaddr "ia". OK mpi@
|
#
1.66 |
|
07-Jan-2014 |
stsp |
Some follow-up fixes for IFID collision handling in IPv6CP.
Really change the link-local address in the unlikely event of an IFID collision, instead of going into an infinite conf-nak loop with the peer.
To make the netinet6 code use the IPv6CP IFID in a new link-local address, in6_ifattach_linklocal() must accept a provided IFID. Replace the unused 'altifp' parameter with a new 'ifid' parameter for this purpose.
Always use the latest suggested address in IPv6CP replies, even if the task to update the interface's address hasn't run yet. Also, clear the ifindex (KAME hack) in addresses sent during IPv6CP.
ok mpi
|
#
1.65 |
|
06-Jan-2014 |
stsp |
Make in6_ifdetach() remove the ff01::1 route for the detaching interface, too. The route used to linger after an interface detached from IPv6. ok mikeb
|
#
1.64 |
|
28-Nov-2013 |
mpi |
Change the way protocol multicast addresses are linked to an interface.
Instead of linking multicast records to the first configured address of the corresponding protocol, making this address and its position in the global list special, add them to a new list directly linked to the interface descriptor.
This new multicast address list is similar to the address list, all its elements contain a protocol agnostic part. This design allows us to be able to join a multicast group without necessarily having a configured address. That means IPv6 multicast kludges are no longer needed.
Another benefit is to be able to add and remove an IP address from an interface without worrying about multicast records. That means that the global IPv4 list is no longer needed since the first configured address of an interface is no longer special.
This new list might also be extended in the future to contain the link-layer addresses used to configure hardware filters.
Tested by sthen@ and weerd@, ok mikeb@
|
#
1.63 |
|
19-Nov-2013 |
mpi |
Remove some FDDI/ATM leftovers.
ok mikeb@, henning@, deraadt@, brad@, miod@
|
#
1.62 |
|
17-Oct-2013 |
bluhm |
The header file netinet/in_var.h included netinet6/in6_var.h. This created a bunch of useless dependencies. Remove this implicit inclusion and do an explicit #include <netinet6/in6_var.h> when it is needed. OK mpi@ henning@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.61 |
|
31-May-2013 |
bluhm |
Remove a bunch of sockaddr_in6 pointer casts and replace others with sin6tosa() or satosin6() inline functions. This allows the compiler to check the types more strictly. OK mpi@
|
#
1.60 |
|
26-Mar-2013 |
bluhm |
Remove a block of dead code in in6_ifdetach(). It was never executed due to the wrong & in satosin6(&ifa->ifa_addr). The link local prefix fe80 was not checked within the IPv6 address, but within some pointers of the interface address struct. The whole loop around this was also never executed as all IPv6 addresses had already been purged. OK sperreault@ mpi@ mikeb@
|
#
1.59 |
|
25-Mar-2013 |
mpi |
Substitute the handcrafted list of IPv6 addresses by a proper TAILQ.
ok bluhm@, mikeb@
|
#
1.58 |
|
07-Mar-2013 |
mpi |
Remove the IFAFREE() macro, the ifafree() function it was calling already check for the reference counter.
ok mikeb@, miod@, pelikan@, kettenis@, krw@
|
#
1.57 |
|
04-Mar-2013 |
bluhm |
Replace the cast to struct in6_ifaddr pointer with the ifatoia6() macro. No binary change. OK claudio@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.56 |
|
19-Sep-2012 |
bluhm |
Use TAILQ_FOREACH macro for loops. No binary diff. OK henning@
|
#
1.55 |
|
21-Aug-2012 |
bluhm |
Reverse the name and meaning of the IFXF_INET6_PRIVACY interface flag. It is now called IFXF_INET6_NOPRIVACY. So IPv6 privacy addresses are on by default without resetting the flag during ifconfig down/up. OK stsp@, sperreault@ (who wrote the same diff)
|
#
1.54 |
|
15-Aug-2012 |
sperreault |
Enable IPv6 autoconfprivacy by default
diff originally by stsp@ "please commit it" deraadt@ "don't care" stsp@ "don't like" bluhm@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.53 |
|
03-Jan-2012 |
bluhm |
To access the ifaddr of an in_ifaddr or in6_ifaddr struct, it is cleaner to access the first member via ia_ifa instead of casting. No binary change. ok henning@ krw@
|
#
1.52 |
|
24-Nov-2011 |
sperreault |
rdomain support for IPv6 ok mikeb
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.51 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.50 |
|
08-Feb-2010 |
jsing |
More destatic and ansification.
ok claudio@ naddy@
|
#
1.49 |
|
13-Jan-2010 |
henning |
instead of fiddling with the per-interface address lists directly in many places create a proper API (ifa_add / ifa_del) and use it. ok theo ryan dlg
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.48 |
|
30-Jan-2009 |
mcbride |
"XXX: should this be performed under splnet()?"... Yes, yes it should. Interface configuration causes neighbour discoverery, which runs packets through parts of the stack that require at least splsoftnet(), like pf and pfsync.
ok dlg
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.47 |
|
11-Jun-2008 |
mcbride |
ANSIfy to sync with KAME. From Karl Sjodahl <dunceor@gmail.com>.
ok todd deraadt naddy bluhm
|
#
1.46 |
|
11-May-2008 |
claudio |
rtrequest to rtrequest1 conversion in inet6. With that no rtrequest should be left over. OK henning@
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.45 |
|
08-Jun-2007 |
henning |
kill arcnet leftovers, some pt out by Mike Belopuhov <mkb@crypt.org.ru>, some I found afterwards, ok dlg
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.44 |
|
15-Nov-2006 |
itojun |
unifdef -USCOPEDROUTING
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.43 |
|
31-Aug-2006 |
mcbride |
Automatically add a IPv6 link-local address to carp interfaces when the virtual MAC address is set. Among other things, this makes route6d work correctly on systems with carp interfaces.
In order to ensure backwards compatibility, we do not include IPv6 link-local addresses in generating the HMAC, but we accept HMACs with AND without the link-local addresses. They will be added to the HMAC in a future release.
In short: this change should only affect backwards compatibility for IPv6 users who are manually adding link-local addresses on carp interfaces.
testing mtu@ todd@ ok mpf@ henning@ deraadt@
|
#
1.42 |
|
16-Jun-2006 |
henning |
adjust functions dealing with the routing table to take a table ID as parameter so they can work on alternate tables. table 0 hardcoded for many callers yet, that will be adapted step by step. input + ok claudio norby hshoexer
|
#
1.41 |
|
27-May-2006 |
claudio |
Do the same thing as for IPv4. Use a sysctl to enable/disable mfrowarding and additionaly make the code part of the MROUTING option. Put it in deraadt@
|
#
1.40 |
|
05-Mar-2006 |
miod |
Use more queue macros rather than doing it by hand; ok otto@ krw@
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.39 |
|
23-May-2005 |
mpf |
carp needs a multicast kludge storage. Fixes PR 4211. OK mcbride@
|
#
1.38 |
|
21-Apr-2005 |
itojun |
remove (now obsolete) handling of IFT_PROPVIRTUAL/bridge*. tested by camield@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.37 |
|
07-Dec-2004 |
mcbride |
Convert carp(4) to behave more like a regular interface, much in the same style as vlan(4). carp interfaces no longer require the physical interface to be on the same subnet as the carp interface, or even that the physical interface has an adress at all, so CARP can now be used on /30 networks.
ok deraadt@ henning@
|
Revision tags: OPENBSD_3_6_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.36 |
|
07-May-2004 |
millert |
Replace RSA-derived md5 code with code derived from Colin Plumb's PD version. This moves md5.c out of libkern and into sys/crypto where it belongs (as requested by markus@). Note that md5.c is still mandatory (dev/rnd.c uses it). Verified with IPsec + hmac-md5 and tcp md5sig. OK henning@ and hshoexer@
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE
|
#
1.35 |
|
08-Jul-2003 |
itojun |
on interface removal, clear multicast forwarding stuff. from kame
|
#
1.34 |
|
28-Jun-2003 |
itojun |
i don't think pfsync needs a link-local addr.
|
Revision tags: UBC_SYNC_A
|
#
1.33 |
|
14-May-2003 |
itojun |
it is unlikely that we introduce 6to4 interface (IFT_STF) to openbsd.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_B
|
#
1.32 |
|
12-Sep-2002 |
itojun |
configure "next" pointer correctly. from j@pureftpd.org
|
#
1.31 |
|
11-Sep-2002 |
itojun |
fix pointer signedness mixup. sync w/kame
|
#
1.30 |
|
11-Sep-2002 |
itojun |
KNF - return is not a function. sync w/kame
|
#
1.29 |
|
11-Jun-2002 |
itojun |
silence some of log(), as the codepath will be visited for IPv6-non-capable interfaces too and can be annoying. net.inet6.icmp6.nd6_debug will re-enable them.
|
#
1.28 |
|
11-Jun-2002 |
itojun |
whitespace
|
#
1.27 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.26 |
|
07-Jun-2002 |
itojun |
whitespace sync w/kame
|
#
1.25 |
|
29-May-2002 |
itojun |
attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
|
#
1.24 |
|
29-May-2002 |
itojun |
move per-interface ip6/icmp6 stat to ifnet->if_afdata. sync w/kame
|
#
1.23 |
|
23-May-2002 |
itojun |
simplify condition to perform DAD. sync w/kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.22 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.21 |
|
07-Dec-2001 |
itojun |
branches: 1.21.2; whitespace/comment sync with kame
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.20 |
|
23-Aug-2001 |
itojun |
suppress printf() on non-multicast interface. suppress ipv6 initialization for IFT_PFLOG.
|
#
1.19 |
|
23-Aug-2001 |
itojun |
don't try to enable IPv6 on IFT_PFLOG.
|
#
1.18 |
|
18-Jul-2001 |
itojun |
avoid using malloc() during interupt context for multicast kludge entry. allocate it on interface initialization.
|
#
1.17 |
|
09-Jun-2001 |
angelos |
No need for net/net_osdep.h
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.16 |
|
16-Feb-2001 |
itojun |
cosmetic sync with kame
|
#
1.15 |
|
07-Feb-2001 |
itojun |
by default, don't bark on inbound ND messages, as outsider may be able to fill up /var with bogus packets. setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid ND packet and other occasions.
improve icmp6 stats.
|
#
1.14 |
|
18-Jan-2001 |
itojun |
do not remove default route by mistake, on interface removal.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.13 |
|
25-Oct-2000 |
jason |
silence the "no multicast" warning for IFT_ENC, too deraadt ok
|
#
1.12 |
|
18-Oct-2000 |
itojun |
don't try to configure IPv6 on bridge*. comment from deraadt
|
#
1.11 |
|
02-Oct-2000 |
itojun |
fix missing \n. from doug@freebsd (sync with kame)
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.10 |
|
05-May-2000 |
itojun |
cope with interface detach (like pcmcia card removal). remove any IPv6 addresses assigned to the interface. reported by ho, bunch of help from niklas. KAME PR 231.
|
#
1.9 |
|
27-Apr-2000 |
itojun |
correct in6_ifdetach(). free oia, not ia. Lennart says there are more problems to go (I don't own openbsd-current laptop). From: Lennart Augustsson <augustss@augustsson.net>
|
#
1.8 |
|
17-Apr-2000 |
itojun |
revisit in6_ifattach(). (1) make it more persistent about initializaing an interface (2) cleanup interface id selection. run NUD on p2p interface (required by spec for bidir p2p interface). add "ndp -i interface" (can tweak per-interface ND flag). (sync with more recent kame)
|
#
1.7 |
|
02-Mar-2000 |
itojun |
do not add ifa_dstaddr for non-pointopoint interface. IPv6 has no concept for "broadcast".
|
Revision tags: SMP_BASE
|
#
1.6 |
|
07-Feb-2000 |
itojun |
branches: 1.6.2; fix include file path related to ip6.
|
#
1.5 |
|
04-Feb-2000 |
itojun |
more coverage of in6_ifdetach()'s cleanup process. bug fix in SIOCGIFADDR_IN6 (point to point case).
|
#
1.4 |
|
02-Feb-2000 |
itojun |
- improve in6_ifdetach to remove (1) multicast kludge list (2) route to link-local allnode multicast (ff02:x::/32) - fix ifnet refcnt'ing in multicast kludge list management. - avoid dangling pointer in multicast kludge management.
(angelos, try this version of in6_ifdetach() - it should be better)
|
#
1.3 |
|
10-Dec-1999 |
itojun |
use proper type for in6_first_ifid (char -> u_int8_t) suggested by: deraadt
|
#
1.2 |
|
10-Dec-1999 |
angelos |
Remove remaining unnecessary ifdefs (itojun will hate me for this :-)
|
Revision tags: kame_19991208
|
#
1.1 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
#
1.118 |
|
15-Mar-2021 |
florian |
Clear AUTOCONF6TEMP flag when we detach inet6.
|
Revision tags: OPENBSD_6_8_BASE
|
#
1.117 |
|
21-Jun-2020 |
dlg |
wireguard can do ipv6, but doesnt do link local addresses.
i feel like i should add IFT_L3IPVLAN here so mgre(4) can take advantage of this too.
from Matt Dunwoodie and Jason A. Donenfeld
ok deraadt@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.116 |
|
17-Mar-2020 |
tobhe |
Use strlcpy instead of strncpy to ensure results are NUL terminated.
ok mpi@
|
#
1.115 |
|
08-Nov-2019 |
dlg |
convert interface address change hooks to tasks and a task_list.
this follows what's been done for detach and link state hooks, and makes handling of hooks generally more robust.
address hooks are a bit different to detach/link state hooks in that there's only a few things that register hooks (carp, pf, vxlan), but a lot of places to run the hooks (lots of ipv4 and ipv6 address configuration).
an address hook cookie was in struct pfi_kif, which is part of the pf abi. rather than break pfctl -sI, this maintains the void * used for the cookie and uses it to store a task, which is then used as intended with the new api.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.114 |
|
21-Aug-2019 |
florian |
Remove support for semantically opace interface identifiers (RFC 7217) for IPv6 link local addresses.
Some hosting and VM providers route customer IPv6 prefixes to link local addresses derived from ethernet MAC addresses (RFC 2464). This leads to hard to debug IPv6 connectivity problems and is probably not worth the effort.
RFC 7721 lists 4 weaknesses:
3.1. Correlation of Activities over Time & 3.2. Location Tracking These are still possible with RFC 7217 addresses for an adversary connected to the same layer 2 network (think conference wifi). Since the link local prefix stays the same (fe80::/64) the link local addresses do not change between different networks. An adversary on the same layer 2 network can probably track ethernet MAC addresses via different means, too.
3.3. Address Scanning & 3.4. Device-Specific Vulnerability Exploitation These now become possible, however, as noted above a layer 2 adversary was probably able to do this via different means.
People concerned with these weaknesses are advised to use ifconfig lladdr random. OK benno input & OK kn
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.113 |
|
13-Feb-2019 |
dlg |
change rt_ifa_add and rt_ifa_del so they take an rdomain argument.
this allows mpls interfaces (mpe, mpw) to pass the rdomain they wish the local label to be in, rather than have it implicitly forced to 0 by these functions. right now they'll pass 0, but it will soon be possible to have them rx packets in other rdomains.
previously the functions used ifp->if_rdomain for the rdomain. everything other than mpls still passes ifp->if_rdomain.
ok mpi@
|
#
1.112 |
|
10-Feb-2019 |
dlg |
remove the implict RTF_MPATH flag that rt_ifa_add() sets on new routes.
MPLS interfaces (ab)use rt_ifa_add for adding the local MPLS label that they listen on for incoming packets, while every other use of rt_ifa_add is for adding addresses on local interfaces. MPLS does this cos the addresses involved are in basically the same shape as ones used for setting up local addresses.
It is appropriate for interfaces to want RTF_MPATH on local addresses, but in the MPLS case it means you can have multiple local things listening on the same label, which doesn't actually work. mpe in particular keeps track of in use labels to it can handle collisions, however, mpw does not. It is currently possible to have multiple mpw interfaces on the same local label, and sharing the same label as mpe or possible normal forwarding labels.
Moving the RTF_MPATH flag out of rt_ifa_add means all the callers that still want it need to pass it themselves. The mpe and mpw callers are left alone without the flag, and will now get EEXIST from rt_ifa_add when a label is already in use.
ok (and a huge amount of patience and help) mpi@ claudio@ is ok with the idea, but saw a much much earlier solution to the problem
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.111 |
|
05-Oct-2018 |
florian |
Do not join node information multicast group (RFC 4620). Benno removed code to answer ICMP queries over 4 years ago. Aham Brahmasmi (aham.brahmasmi AT gmx.com) points out that we still joined the group though.
OK sthen, bluhm, kn
|
#
1.110 |
|
26-Aug-2018 |
mpi |
Do not add ::1 on non-default lo(4) as intended.
Reported by and ok sthen@
|
#
1.109 |
|
10-Jul-2018 |
florian |
When an interface doesn't have a layer 2 address in6_get_soii_ifid() failes and then later on a in in6_get_ifid() a layer 2 address is "borrowed" from from another interface.
Do the "borrowing" in in6_get_soii_ifid(), too so that semantically opaque interface identifiers work for these kind of interfaces, too.
OK phessler, benno
|
#
1.108 |
|
10-Jul-2018 |
florian |
When an interface doesn't have a layer 2 address in6_get_ifid() tries to "borrow" one from another interface. But then it checks if the U bit is set int the generated EUI64 address and rejects it. On the other hand for interfaces that do have a layer 2 address this check is skipped, so relax it for the "borrowing" case, too.
With this one gets stable link local addresses on e.g. gre(4) interfaces on certain virtualisation environments depending which mac addresses get picked for the vio(4) interfaces while previously we would end up with a random IP on every reboot.
Reported by Aaron A. Glenn via phessler.
OK phessler, benno
|
#
1.107 |
|
27-Mar-2018 |
dhill |
Use memcpy instead of bcopy when the memory does not overlap.
OK deraadt@ florian@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.106 |
|
13-Mar-2018 |
florian |
Calculate RFC7217 link-local style addresses the same way as slaacd(8).
RFC 7217 states (section 5, page 9): | The Interface Identifier is finally obtained by taking as many | bits from the RID value (computed in the previous step) as | necessary, starting from the least significant bit.
Problem in slaacd pointed out by semarie@.
OK sthen, phessler
|
#
1.105 |
|
10-Feb-2018 |
florian |
Implement RFC 7217: "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration."
"An IPv6 address configured using this method is stable within each subnet, but the corresponding Interface Identifier changes when the host moves from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware addresses."
OK naddy, sthen
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.104 |
|
01-Sep-2017 |
florian |
Use in6_get_rand_ifid() instead of get_last_resort_ifid() and delete the get_last_resort_ifid() function because eww. Also if your system is so constraint that you end up in in6_get_rand_ifid() you don't deserve a random ifid that stays stable over reboots. Simplify code a bit since get_ifid() can no longer fail. It couldn't fail before either because that code path was #if 0'ed. While here sprinkle in some in6_ prefixes, pointed out by stsp. OK stsp
|
#
1.103 |
|
11-Jul-2017 |
florian |
Purging is at last at hand. Day of Doom is here. All that is evil shall all be cleansed.
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Input & OK bluhm@, mpi@
|
#
1.102 |
|
16-May-2017 |
mpi |
Replace remaining splsoftassert(IPL_SOFTNET) by NET_ASSERT_LOCKED().
ok visa@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.101 |
|
29-Dec-2016 |
mpi |
Get rid of recursive splsoftnet() in in6_ifattach_linklocal().
ok visa@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.100 |
|
30-Jun-2016 |
mpi |
Restore the automagically added /64 route on p2p interfaces in order to send traffic to link-local addresses without default route.
Fix a regression reported by Michael Lechtermann, ok stsp@, sthen@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.99 |
|
02-Dec-2015 |
bluhm |
When destroying an interface, we have to wait until all references are not used anymore. This has to be done before any interface fields become invalid. As the route delete request cannot call if_get() anymore, pass down the interface. Split rtrequest_delete() into a separate function that may take an existing inteface. OK mpi@
|
#
1.98 |
|
24-Oct-2015 |
mpi |
Convert to rt_ifidx.
ok bluhm@
|
#
1.97 |
|
22-Oct-2015 |
bluhm |
Inspired by satosin(), use inline functions to convert sockaddr dl. Instead of casts they check wether the incoming object has the expected type. So introduce satosdl() and sdltosa() in the kernel. OK mpi@
|
#
1.96 |
|
12-Sep-2015 |
mpi |
Now that rtrequest1(9) properly sets RTF_UP for newly added route, stop passing it in every rt_ifa_add(9) calls.
ok claudio@
|
#
1.95 |
|
03-Sep-2015 |
mpi |
Change the order of operations for loopback interfaces to have ::1 configured before fe80::1.
(lo0:0) in pf should resolve to 127.0.0.1 ::1.
reported by and ok mikeb@
|
#
1.94 |
|
31-Aug-2015 |
mpi |
Do not install connected routes on loopback interfaces.
Previously loopback connected routes were managed via the global list of prefixes, which mean that systems with AUTOCONF'd addresses did not see them in the routing table.
This also makes inet6 route creation coherent with inet.
|
#
1.93 |
|
24-Aug-2015 |
mpi |
Start moving away from the global prefix list by limiting its usage to AUTOCONF'd addresses.
This prevent the kernel from removing connected (/64) routes as soon as it configures an AUTOCONF'd address based on a RA.
Tested by sebastia@, ok sthen@
|
#
1.92 |
|
24-Aug-2015 |
mpi |
Rework the code to decide when to perform DAD to no longer rely on the IN6_IFF_NODAD pseudo-flag not being set.
This was just a flag for spaghetti code that should not exist in the first place.
Tested by sebastia@, ok sthen@
|
#
1.91 |
|
17-Aug-2015 |
mpi |
Remove anoying comment about in6_update_ifa().
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.90 |
|
18-Jul-2015 |
mpi |
Merge two identical chunks to add new prefixes to the global data structures into a function.
ok florian@
|
#
1.89 |
|
16-Jul-2015 |
mpi |
Properly layer Router Solicitation code.
Tweak and ok florian@
|
#
1.88 |
|
08-Jun-2015 |
krw |
More damned eye searing whitespace. No change to .o files.
|
#
1.87 |
|
27-Apr-2015 |
mpi |
Do not call nd6_purge() before purging the IPv6 addresses of a detached interface.
Fix a use after free introduced in r1.98 of netinet6/in6.c and recently exposed by a crazy pool/malloc damage finder being currently refined by dlg@ and deraadt@.
ok mikeb@, henning@
|
#
1.86 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.85 |
|
05-Feb-2015 |
mpi |
Convert various rtrequest1(RTM_DELETE,...) calls to rtdeletemsg(9).
This unify some code and notify userland for free.
blambert@ agrees, ok bluhm@
|
#
1.84 |
|
28-Jan-2015 |
mpi |
Revert rtdeletemsg conversion. It was not ok'd, I misunderstood bluhm@'s email.
|
#
1.83 |
|
27-Jan-2015 |
mpi |
Ensure that link-local addresses are correctly configured on loopback interfaces.
When the kernel automagically configures IPv6 addresses on loopback interfaces, start by assigning a link-local address and then try to assign "::1".
Only the first configured loopback interface per rdomain can have the "::1" address. But even if other loopback interfaces failed to get this address, because it is already taken, give them a chance to have a link-local address.
While here change in6_ifattach() to return an error value and remove duplicated code.
Fix a regression introduced by the NOINET6 flag removal.
ok henning@, stsp@, florian@, benno@
|
#
1.82 |
|
26-Jan-2015 |
mpi |
Call rtdeletemsg(9) instead of rerolling its code. As a bonus you'll get userland notification for free.
ok blambert@, bluhm@
|
#
1.81 |
|
10-Jan-2015 |
mpi |
Correct some comments and merge in6_if_up() into in6_ifattach() to reflect that IPv6 link-local addresses are no longer automagically configured the first time an interface is brought up.
ok henning@, stsp@
|
#
1.80 |
|
08-Jan-2015 |
florian |
Clear autoconf6 flag after autoconf6 cleanup happened, not before. Otherwise clean up code will never run. OK mpi@, benno@, henning@
|
#
1.79 |
|
06-Jan-2015 |
stsp |
Remove the NOINET6 interface flag, a left-over from the times when IPv6 was enabled by default. Add AFATTACH/AFDETACH ioctls which enable/disable an address family for an interface (currently used for IPv6 only).
New kernel needs new ifconfig for IPv6 configuration (address assignment still works with old ifconfig making this easy to cross over).
Committing on behalf of henning@ who is currently lebensmittelvergiftet. ok stsp, benno, mpi
|
#
1.78 |
|
04-Dec-2014 |
tedu |
replace md5 with sha512. ok deraadt
|
#
1.77 |
|
20-Nov-2014 |
mpi |
What have no need for a variable that holds the maximum MTU size of interfaces with an IPv6 address.
ok henning@, mikeb@, deraadt@
|
#
1.76 |
|
18-Nov-2014 |
krw |
Nuke yet more obvious #include duplications.
ok miod@
|
#
1.75 |
|
18-Nov-2014 |
tedu |
move arc4random prototype to systm.h. more appropriate for most code to include that than rdnvar.h. ok deraadt dlg
|
#
1.74 |
|
01-Nov-2014 |
mpi |
Rename rtalloc1() into rtalloc(9) and convert its flags to only enable functionnality instead of a mix of enable/disable.
ok bluhm@, jca@
|
#
1.73 |
|
25-Aug-2014 |
florian |
Move sending of router solicitations to the kernel; receiving and processing of router advertisements was already in the kernel. With this rtsol{,d}(8) is no longer necessary.
The kernel starts sending solicitations with # ifconfig $IF inet6 autoconf or inet6 autoconf in /etc/hostname.$IF.
input stsp@ much help & OK mpi@ tweaks & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.72 |
|
01-Jul-2014 |
benno |
When a carp interface is created with IFXF_NOINET6 flag, no link-local address will be created when the vhid (and MAC) is set. Depending on the order of the configuration the interface can end up with a ipv6 address, but no v6 link-local and no working neigbor discovery.
Removing this case statement will result in the link-local address being configured by "ifconfig up" if the inet6 address was configured before. If you are using inet6 on carp, put an "up" at the end of your hostname.if. I will work on a better solution at g2k14.
ok henning, mpi
|
#
1.71 |
|
26-Jun-2014 |
mpi |
Calling in{6,}_purgeaddr() is not enough to remove an address from an interface. Two other operations are performed when issuing a SIOCDIFADDR{_IN6,} ioctl: call the address hook and the per-driver ioctl function.
Since carp(4) relies on an address hook to recalculate its hash, make sure to call this hook when IFXF_NOINET6 is set or when the rdomain is changed.
ok henning@, mikeb@
|
#
1.70 |
|
03-Jun-2014 |
mpi |
Do not include <sys/malloc.h> where it is not needed.
|
#
1.69 |
|
20-May-2014 |
mpi |
Fix eui64 address generation, broken since the removal of the link-layer address from the per-ifp list.
Found the hard way by weerd@, florian@ and stsp@, ok florian@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.68 |
|
21-Jan-2014 |
mpi |
Do not clean the multicast records of an interface when it is destroyed (unplugged). Even if it makes no sense to keep them around if the interface is no more, we cannot safely remove them since pcb multicast options might keep a pointer to them.
Fixes a user after free introduced by the multicast address linking rewrite and reported by Alexey Suslikov, thanks!
ok claudio@
|
#
1.67 |
|
13-Jan-2014 |
bluhm |
Call all local valiables of type struct in6_ifaddr "ia6". This is consistent with struct ifaddr "ifa" and struct in_ifaddr "ia". OK mpi@
|
#
1.66 |
|
07-Jan-2014 |
stsp |
Some follow-up fixes for IFID collision handling in IPv6CP.
Really change the link-local address in the unlikely event of an IFID collision, instead of going into an infinite conf-nak loop with the peer.
To make the netinet6 code use the IPv6CP IFID in a new link-local address, in6_ifattach_linklocal() must accept a provided IFID. Replace the unused 'altifp' parameter with a new 'ifid' parameter for this purpose.
Always use the latest suggested address in IPv6CP replies, even if the task to update the interface's address hasn't run yet. Also, clear the ifindex (KAME hack) in addresses sent during IPv6CP.
ok mpi
|
#
1.65 |
|
06-Jan-2014 |
stsp |
Make in6_ifdetach() remove the ff01::1 route for the detaching interface, too. The route used to linger after an interface detached from IPv6. ok mikeb
|
#
1.64 |
|
28-Nov-2013 |
mpi |
Change the way protocol multicast addresses are linked to an interface.
Instead of linking multicast records to the first configured address of the corresponding protocol, making this address and its position in the global list special, add them to a new list directly linked to the interface descriptor.
This new multicast address list is similar to the address list, all its elements contain a protocol agnostic part. This design allows us to be able to join a multicast group without necessarily having a configured address. That means IPv6 multicast kludges are no longer needed.
Another benefit is to be able to add and remove an IP address from an interface without worrying about multicast records. That means that the global IPv4 list is no longer needed since the first configured address of an interface is no longer special.
This new list might also be extended in the future to contain the link-layer addresses used to configure hardware filters.
Tested by sthen@ and weerd@, ok mikeb@
|
#
1.63 |
|
19-Nov-2013 |
mpi |
Remove some FDDI/ATM leftovers.
ok mikeb@, henning@, deraadt@, brad@, miod@
|
#
1.62 |
|
17-Oct-2013 |
bluhm |
The header file netinet/in_var.h included netinet6/in6_var.h. This created a bunch of useless dependencies. Remove this implicit inclusion and do an explicit #include <netinet6/in6_var.h> when it is needed. OK mpi@ henning@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.61 |
|
31-May-2013 |
bluhm |
Remove a bunch of sockaddr_in6 pointer casts and replace others with sin6tosa() or satosin6() inline functions. This allows the compiler to check the types more strictly. OK mpi@
|
#
1.60 |
|
26-Mar-2013 |
bluhm |
Remove a block of dead code in in6_ifdetach(). It was never executed due to the wrong & in satosin6(&ifa->ifa_addr). The link local prefix fe80 was not checked within the IPv6 address, but within some pointers of the interface address struct. The whole loop around this was also never executed as all IPv6 addresses had already been purged. OK sperreault@ mpi@ mikeb@
|
#
1.59 |
|
25-Mar-2013 |
mpi |
Substitute the handcrafted list of IPv6 addresses by a proper TAILQ.
ok bluhm@, mikeb@
|
#
1.58 |
|
07-Mar-2013 |
mpi |
Remove the IFAFREE() macro, the ifafree() function it was calling already check for the reference counter.
ok mikeb@, miod@, pelikan@, kettenis@, krw@
|
#
1.57 |
|
04-Mar-2013 |
bluhm |
Replace the cast to struct in6_ifaddr pointer with the ifatoia6() macro. No binary change. OK claudio@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.56 |
|
19-Sep-2012 |
bluhm |
Use TAILQ_FOREACH macro for loops. No binary diff. OK henning@
|
#
1.55 |
|
21-Aug-2012 |
bluhm |
Reverse the name and meaning of the IFXF_INET6_PRIVACY interface flag. It is now called IFXF_INET6_NOPRIVACY. So IPv6 privacy addresses are on by default without resetting the flag during ifconfig down/up. OK stsp@, sperreault@ (who wrote the same diff)
|
#
1.54 |
|
15-Aug-2012 |
sperreault |
Enable IPv6 autoconfprivacy by default
diff originally by stsp@ "please commit it" deraadt@ "don't care" stsp@ "don't like" bluhm@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.53 |
|
03-Jan-2012 |
bluhm |
To access the ifaddr of an in_ifaddr or in6_ifaddr struct, it is cleaner to access the first member via ia_ifa instead of casting. No binary change. ok henning@ krw@
|
#
1.52 |
|
24-Nov-2011 |
sperreault |
rdomain support for IPv6 ok mikeb
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.51 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.50 |
|
08-Feb-2010 |
jsing |
More destatic and ansification.
ok claudio@ naddy@
|
#
1.49 |
|
13-Jan-2010 |
henning |
instead of fiddling with the per-interface address lists directly in many places create a proper API (ifa_add / ifa_del) and use it. ok theo ryan dlg
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.48 |
|
30-Jan-2009 |
mcbride |
"XXX: should this be performed under splnet()?"... Yes, yes it should. Interface configuration causes neighbour discoverery, which runs packets through parts of the stack that require at least splsoftnet(), like pf and pfsync.
ok dlg
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.47 |
|
11-Jun-2008 |
mcbride |
ANSIfy to sync with KAME. From Karl Sjodahl <dunceor@gmail.com>.
ok todd deraadt naddy bluhm
|
#
1.46 |
|
11-May-2008 |
claudio |
rtrequest to rtrequest1 conversion in inet6. With that no rtrequest should be left over. OK henning@
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.45 |
|
08-Jun-2007 |
henning |
kill arcnet leftovers, some pt out by Mike Belopuhov <mkb@crypt.org.ru>, some I found afterwards, ok dlg
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.44 |
|
15-Nov-2006 |
itojun |
unifdef -USCOPEDROUTING
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.43 |
|
31-Aug-2006 |
mcbride |
Automatically add a IPv6 link-local address to carp interfaces when the virtual MAC address is set. Among other things, this makes route6d work correctly on systems with carp interfaces.
In order to ensure backwards compatibility, we do not include IPv6 link-local addresses in generating the HMAC, but we accept HMACs with AND without the link-local addresses. They will be added to the HMAC in a future release.
In short: this change should only affect backwards compatibility for IPv6 users who are manually adding link-local addresses on carp interfaces.
testing mtu@ todd@ ok mpf@ henning@ deraadt@
|
#
1.42 |
|
16-Jun-2006 |
henning |
adjust functions dealing with the routing table to take a table ID as parameter so they can work on alternate tables. table 0 hardcoded for many callers yet, that will be adapted step by step. input + ok claudio norby hshoexer
|
#
1.41 |
|
27-May-2006 |
claudio |
Do the same thing as for IPv4. Use a sysctl to enable/disable mfrowarding and additionaly make the code part of the MROUTING option. Put it in deraadt@
|
#
1.40 |
|
05-Mar-2006 |
miod |
Use more queue macros rather than doing it by hand; ok otto@ krw@
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.39 |
|
23-May-2005 |
mpf |
carp needs a multicast kludge storage. Fixes PR 4211. OK mcbride@
|
#
1.38 |
|
21-Apr-2005 |
itojun |
remove (now obsolete) handling of IFT_PROPVIRTUAL/bridge*. tested by camield@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.37 |
|
07-Dec-2004 |
mcbride |
Convert carp(4) to behave more like a regular interface, much in the same style as vlan(4). carp interfaces no longer require the physical interface to be on the same subnet as the carp interface, or even that the physical interface has an adress at all, so CARP can now be used on /30 networks.
ok deraadt@ henning@
|
Revision tags: OPENBSD_3_6_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.36 |
|
07-May-2004 |
millert |
Replace RSA-derived md5 code with code derived from Colin Plumb's PD version. This moves md5.c out of libkern and into sys/crypto where it belongs (as requested by markus@). Note that md5.c is still mandatory (dev/rnd.c uses it). Verified with IPsec + hmac-md5 and tcp md5sig. OK henning@ and hshoexer@
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE
|
#
1.35 |
|
08-Jul-2003 |
itojun |
on interface removal, clear multicast forwarding stuff. from kame
|
#
1.34 |
|
28-Jun-2003 |
itojun |
i don't think pfsync needs a link-local addr.
|
Revision tags: UBC_SYNC_A
|
#
1.33 |
|
14-May-2003 |
itojun |
it is unlikely that we introduce 6to4 interface (IFT_STF) to openbsd.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_B
|
#
1.32 |
|
12-Sep-2002 |
itojun |
configure "next" pointer correctly. from j@pureftpd.org
|
#
1.31 |
|
11-Sep-2002 |
itojun |
fix pointer signedness mixup. sync w/kame
|
#
1.30 |
|
11-Sep-2002 |
itojun |
KNF - return is not a function. sync w/kame
|
#
1.29 |
|
11-Jun-2002 |
itojun |
silence some of log(), as the codepath will be visited for IPv6-non-capable interfaces too and can be annoying. net.inet6.icmp6.nd6_debug will re-enable them.
|
#
1.28 |
|
11-Jun-2002 |
itojun |
whitespace
|
#
1.27 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.26 |
|
07-Jun-2002 |
itojun |
whitespace sync w/kame
|
#
1.25 |
|
29-May-2002 |
itojun |
attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
|
#
1.24 |
|
29-May-2002 |
itojun |
move per-interface ip6/icmp6 stat to ifnet->if_afdata. sync w/kame
|
#
1.23 |
|
23-May-2002 |
itojun |
simplify condition to perform DAD. sync w/kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.22 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.21 |
|
07-Dec-2001 |
itojun |
branches: 1.21.2; whitespace/comment sync with kame
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.20 |
|
23-Aug-2001 |
itojun |
suppress printf() on non-multicast interface. suppress ipv6 initialization for IFT_PFLOG.
|
#
1.19 |
|
23-Aug-2001 |
itojun |
don't try to enable IPv6 on IFT_PFLOG.
|
#
1.18 |
|
18-Jul-2001 |
itojun |
avoid using malloc() during interupt context for multicast kludge entry. allocate it on interface initialization.
|
#
1.17 |
|
09-Jun-2001 |
angelos |
No need for net/net_osdep.h
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.16 |
|
16-Feb-2001 |
itojun |
cosmetic sync with kame
|
#
1.15 |
|
07-Feb-2001 |
itojun |
by default, don't bark on inbound ND messages, as outsider may be able to fill up /var with bogus packets. setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid ND packet and other occasions.
improve icmp6 stats.
|
#
1.14 |
|
18-Jan-2001 |
itojun |
do not remove default route by mistake, on interface removal.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.13 |
|
25-Oct-2000 |
jason |
silence the "no multicast" warning for IFT_ENC, too deraadt ok
|
#
1.12 |
|
18-Oct-2000 |
itojun |
don't try to configure IPv6 on bridge*. comment from deraadt
|
#
1.11 |
|
02-Oct-2000 |
itojun |
fix missing \n. from doug@freebsd (sync with kame)
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.10 |
|
05-May-2000 |
itojun |
cope with interface detach (like pcmcia card removal). remove any IPv6 addresses assigned to the interface. reported by ho, bunch of help from niklas. KAME PR 231.
|
#
1.9 |
|
27-Apr-2000 |
itojun |
correct in6_ifdetach(). free oia, not ia. Lennart says there are more problems to go (I don't own openbsd-current laptop). From: Lennart Augustsson <augustss@augustsson.net>
|
#
1.8 |
|
17-Apr-2000 |
itojun |
revisit in6_ifattach(). (1) make it more persistent about initializaing an interface (2) cleanup interface id selection. run NUD on p2p interface (required by spec for bidir p2p interface). add "ndp -i interface" (can tweak per-interface ND flag). (sync with more recent kame)
|
#
1.7 |
|
02-Mar-2000 |
itojun |
do not add ifa_dstaddr for non-pointopoint interface. IPv6 has no concept for "broadcast".
|
Revision tags: SMP_BASE
|
#
1.6 |
|
07-Feb-2000 |
itojun |
branches: 1.6.2; fix include file path related to ip6.
|
#
1.5 |
|
04-Feb-2000 |
itojun |
more coverage of in6_ifdetach()'s cleanup process. bug fix in SIOCGIFADDR_IN6 (point to point case).
|
#
1.4 |
|
02-Feb-2000 |
itojun |
- improve in6_ifdetach to remove (1) multicast kludge list (2) route to link-local allnode multicast (ff02:x::/32) - fix ifnet refcnt'ing in multicast kludge list management. - avoid dangling pointer in multicast kludge management.
(angelos, try this version of in6_ifdetach() - it should be better)
|
#
1.3 |
|
10-Dec-1999 |
itojun |
use proper type for in6_first_ifid (char -> u_int8_t) suggested by: deraadt
|
#
1.2 |
|
10-Dec-1999 |
angelos |
Remove remaining unnecessary ifdefs (itojun will hate me for this :-)
|
Revision tags: kame_19991208
|
#
1.1 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
#
1.117 |
|
21-Jun-2020 |
dlg |
wireguard can do ipv6, but doesnt do link local addresses.
i feel like i should add IFT_L3IPVLAN here so mgre(4) can take advantage of this too.
from Matt Dunwoodie and Jason A. Donenfeld
ok deraadt@
|
Revision tags: OPENBSD_6_7_BASE
|
#
1.116 |
|
17-Mar-2020 |
tobhe |
Use strlcpy instead of strncpy to ensure results are NUL terminated.
ok mpi@
|
#
1.115 |
|
08-Nov-2019 |
dlg |
convert interface address change hooks to tasks and a task_list.
this follows what's been done for detach and link state hooks, and makes handling of hooks generally more robust.
address hooks are a bit different to detach/link state hooks in that there's only a few things that register hooks (carp, pf, vxlan), but a lot of places to run the hooks (lots of ipv4 and ipv6 address configuration).
an address hook cookie was in struct pfi_kif, which is part of the pf abi. rather than break pfctl -sI, this maintains the void * used for the cookie and uses it to store a task, which is then used as intended with the new api.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.114 |
|
21-Aug-2019 |
florian |
Remove support for semantically opace interface identifiers (RFC 7217) for IPv6 link local addresses.
Some hosting and VM providers route customer IPv6 prefixes to link local addresses derived from ethernet MAC addresses (RFC 2464). This leads to hard to debug IPv6 connectivity problems and is probably not worth the effort.
RFC 7721 lists 4 weaknesses:
3.1. Correlation of Activities over Time & 3.2. Location Tracking These are still possible with RFC 7217 addresses for an adversary connected to the same layer 2 network (think conference wifi). Since the link local prefix stays the same (fe80::/64) the link local addresses do not change between different networks. An adversary on the same layer 2 network can probably track ethernet MAC addresses via different means, too.
3.3. Address Scanning & 3.4. Device-Specific Vulnerability Exploitation These now become possible, however, as noted above a layer 2 adversary was probably able to do this via different means.
People concerned with these weaknesses are advised to use ifconfig lladdr random. OK benno input & OK kn
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.113 |
|
13-Feb-2019 |
dlg |
change rt_ifa_add and rt_ifa_del so they take an rdomain argument.
this allows mpls interfaces (mpe, mpw) to pass the rdomain they wish the local label to be in, rather than have it implicitly forced to 0 by these functions. right now they'll pass 0, but it will soon be possible to have them rx packets in other rdomains.
previously the functions used ifp->if_rdomain for the rdomain. everything other than mpls still passes ifp->if_rdomain.
ok mpi@
|
#
1.112 |
|
10-Feb-2019 |
dlg |
remove the implict RTF_MPATH flag that rt_ifa_add() sets on new routes.
MPLS interfaces (ab)use rt_ifa_add for adding the local MPLS label that they listen on for incoming packets, while every other use of rt_ifa_add is for adding addresses on local interfaces. MPLS does this cos the addresses involved are in basically the same shape as ones used for setting up local addresses.
It is appropriate for interfaces to want RTF_MPATH on local addresses, but in the MPLS case it means you can have multiple local things listening on the same label, which doesn't actually work. mpe in particular keeps track of in use labels to it can handle collisions, however, mpw does not. It is currently possible to have multiple mpw interfaces on the same local label, and sharing the same label as mpe or possible normal forwarding labels.
Moving the RTF_MPATH flag out of rt_ifa_add means all the callers that still want it need to pass it themselves. The mpe and mpw callers are left alone without the flag, and will now get EEXIST from rt_ifa_add when a label is already in use.
ok (and a huge amount of patience and help) mpi@ claudio@ is ok with the idea, but saw a much much earlier solution to the problem
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.111 |
|
05-Oct-2018 |
florian |
Do not join node information multicast group (RFC 4620). Benno removed code to answer ICMP queries over 4 years ago. Aham Brahmasmi (aham.brahmasmi AT gmx.com) points out that we still joined the group though.
OK sthen, bluhm, kn
|
#
1.110 |
|
26-Aug-2018 |
mpi |
Do not add ::1 on non-default lo(4) as intended.
Reported by and ok sthen@
|
#
1.109 |
|
10-Jul-2018 |
florian |
When an interface doesn't have a layer 2 address in6_get_soii_ifid() failes and then later on a in in6_get_ifid() a layer 2 address is "borrowed" from from another interface.
Do the "borrowing" in in6_get_soii_ifid(), too so that semantically opaque interface identifiers work for these kind of interfaces, too.
OK phessler, benno
|
#
1.108 |
|
10-Jul-2018 |
florian |
When an interface doesn't have a layer 2 address in6_get_ifid() tries to "borrow" one from another interface. But then it checks if the U bit is set int the generated EUI64 address and rejects it. On the other hand for interfaces that do have a layer 2 address this check is skipped, so relax it for the "borrowing" case, too.
With this one gets stable link local addresses on e.g. gre(4) interfaces on certain virtualisation environments depending which mac addresses get picked for the vio(4) interfaces while previously we would end up with a random IP on every reboot.
Reported by Aaron A. Glenn via phessler.
OK phessler, benno
|
#
1.107 |
|
27-Mar-2018 |
dhill |
Use memcpy instead of bcopy when the memory does not overlap.
OK deraadt@ florian@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.106 |
|
13-Mar-2018 |
florian |
Calculate RFC7217 link-local style addresses the same way as slaacd(8).
RFC 7217 states (section 5, page 9): | The Interface Identifier is finally obtained by taking as many | bits from the RID value (computed in the previous step) as | necessary, starting from the least significant bit.
Problem in slaacd pointed out by semarie@.
OK sthen, phessler
|
#
1.105 |
|
10-Feb-2018 |
florian |
Implement RFC 7217: "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration."
"An IPv6 address configured using this method is stable within each subnet, but the corresponding Interface Identifier changes when the host moves from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware addresses."
OK naddy, sthen
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.104 |
|
01-Sep-2017 |
florian |
Use in6_get_rand_ifid() instead of get_last_resort_ifid() and delete the get_last_resort_ifid() function because eww. Also if your system is so constraint that you end up in in6_get_rand_ifid() you don't deserve a random ifid that stays stable over reboots. Simplify code a bit since get_ifid() can no longer fail. It couldn't fail before either because that code path was #if 0'ed. While here sprinkle in some in6_ prefixes, pointed out by stsp. OK stsp
|
#
1.103 |
|
11-Jul-2017 |
florian |
Purging is at last at hand. Day of Doom is here. All that is evil shall all be cleansed.
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Input & OK bluhm@, mpi@
|
#
1.102 |
|
16-May-2017 |
mpi |
Replace remaining splsoftassert(IPL_SOFTNET) by NET_ASSERT_LOCKED().
ok visa@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.101 |
|
29-Dec-2016 |
mpi |
Get rid of recursive splsoftnet() in in6_ifattach_linklocal().
ok visa@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.100 |
|
30-Jun-2016 |
mpi |
Restore the automagically added /64 route on p2p interfaces in order to send traffic to link-local addresses without default route.
Fix a regression reported by Michael Lechtermann, ok stsp@, sthen@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.99 |
|
02-Dec-2015 |
bluhm |
When destroying an interface, we have to wait until all references are not used anymore. This has to be done before any interface fields become invalid. As the route delete request cannot call if_get() anymore, pass down the interface. Split rtrequest_delete() into a separate function that may take an existing inteface. OK mpi@
|
#
1.98 |
|
24-Oct-2015 |
mpi |
Convert to rt_ifidx.
ok bluhm@
|
#
1.97 |
|
22-Oct-2015 |
bluhm |
Inspired by satosin(), use inline functions to convert sockaddr dl. Instead of casts they check wether the incoming object has the expected type. So introduce satosdl() and sdltosa() in the kernel. OK mpi@
|
#
1.96 |
|
12-Sep-2015 |
mpi |
Now that rtrequest1(9) properly sets RTF_UP for newly added route, stop passing it in every rt_ifa_add(9) calls.
ok claudio@
|
#
1.95 |
|
03-Sep-2015 |
mpi |
Change the order of operations for loopback interfaces to have ::1 configured before fe80::1.
(lo0:0) in pf should resolve to 127.0.0.1 ::1.
reported by and ok mikeb@
|
#
1.94 |
|
31-Aug-2015 |
mpi |
Do not install connected routes on loopback interfaces.
Previously loopback connected routes were managed via the global list of prefixes, which mean that systems with AUTOCONF'd addresses did not see them in the routing table.
This also makes inet6 route creation coherent with inet.
|
#
1.93 |
|
24-Aug-2015 |
mpi |
Start moving away from the global prefix list by limiting its usage to AUTOCONF'd addresses.
This prevent the kernel from removing connected (/64) routes as soon as it configures an AUTOCONF'd address based on a RA.
Tested by sebastia@, ok sthen@
|
#
1.92 |
|
24-Aug-2015 |
mpi |
Rework the code to decide when to perform DAD to no longer rely on the IN6_IFF_NODAD pseudo-flag not being set.
This was just a flag for spaghetti code that should not exist in the first place.
Tested by sebastia@, ok sthen@
|
#
1.91 |
|
17-Aug-2015 |
mpi |
Remove anoying comment about in6_update_ifa().
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.90 |
|
18-Jul-2015 |
mpi |
Merge two identical chunks to add new prefixes to the global data structures into a function.
ok florian@
|
#
1.89 |
|
16-Jul-2015 |
mpi |
Properly layer Router Solicitation code.
Tweak and ok florian@
|
#
1.88 |
|
08-Jun-2015 |
krw |
More damned eye searing whitespace. No change to .o files.
|
#
1.87 |
|
27-Apr-2015 |
mpi |
Do not call nd6_purge() before purging the IPv6 addresses of a detached interface.
Fix a use after free introduced in r1.98 of netinet6/in6.c and recently exposed by a crazy pool/malloc damage finder being currently refined by dlg@ and deraadt@.
ok mikeb@, henning@
|
#
1.86 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.85 |
|
05-Feb-2015 |
mpi |
Convert various rtrequest1(RTM_DELETE,...) calls to rtdeletemsg(9).
This unify some code and notify userland for free.
blambert@ agrees, ok bluhm@
|
#
1.84 |
|
28-Jan-2015 |
mpi |
Revert rtdeletemsg conversion. It was not ok'd, I misunderstood bluhm@'s email.
|
#
1.83 |
|
27-Jan-2015 |
mpi |
Ensure that link-local addresses are correctly configured on loopback interfaces.
When the kernel automagically configures IPv6 addresses on loopback interfaces, start by assigning a link-local address and then try to assign "::1".
Only the first configured loopback interface per rdomain can have the "::1" address. But even if other loopback interfaces failed to get this address, because it is already taken, give them a chance to have a link-local address.
While here change in6_ifattach() to return an error value and remove duplicated code.
Fix a regression introduced by the NOINET6 flag removal.
ok henning@, stsp@, florian@, benno@
|
#
1.82 |
|
26-Jan-2015 |
mpi |
Call rtdeletemsg(9) instead of rerolling its code. As a bonus you'll get userland notification for free.
ok blambert@, bluhm@
|
#
1.81 |
|
10-Jan-2015 |
mpi |
Correct some comments and merge in6_if_up() into in6_ifattach() to reflect that IPv6 link-local addresses are no longer automagically configured the first time an interface is brought up.
ok henning@, stsp@
|
#
1.80 |
|
08-Jan-2015 |
florian |
Clear autoconf6 flag after autoconf6 cleanup happened, not before. Otherwise clean up code will never run. OK mpi@, benno@, henning@
|
#
1.79 |
|
06-Jan-2015 |
stsp |
Remove the NOINET6 interface flag, a left-over from the times when IPv6 was enabled by default. Add AFATTACH/AFDETACH ioctls which enable/disable an address family for an interface (currently used for IPv6 only).
New kernel needs new ifconfig for IPv6 configuration (address assignment still works with old ifconfig making this easy to cross over).
Committing on behalf of henning@ who is currently lebensmittelvergiftet. ok stsp, benno, mpi
|
#
1.78 |
|
04-Dec-2014 |
tedu |
replace md5 with sha512. ok deraadt
|
#
1.77 |
|
20-Nov-2014 |
mpi |
What have no need for a variable that holds the maximum MTU size of interfaces with an IPv6 address.
ok henning@, mikeb@, deraadt@
|
#
1.76 |
|
18-Nov-2014 |
krw |
Nuke yet more obvious #include duplications.
ok miod@
|
#
1.75 |
|
18-Nov-2014 |
tedu |
move arc4random prototype to systm.h. more appropriate for most code to include that than rdnvar.h. ok deraadt dlg
|
#
1.74 |
|
01-Nov-2014 |
mpi |
Rename rtalloc1() into rtalloc(9) and convert its flags to only enable functionnality instead of a mix of enable/disable.
ok bluhm@, jca@
|
#
1.73 |
|
25-Aug-2014 |
florian |
Move sending of router solicitations to the kernel; receiving and processing of router advertisements was already in the kernel. With this rtsol{,d}(8) is no longer necessary.
The kernel starts sending solicitations with # ifconfig $IF inet6 autoconf or inet6 autoconf in /etc/hostname.$IF.
input stsp@ much help & OK mpi@ tweaks & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.72 |
|
01-Jul-2014 |
benno |
When a carp interface is created with IFXF_NOINET6 flag, no link-local address will be created when the vhid (and MAC) is set. Depending on the order of the configuration the interface can end up with a ipv6 address, but no v6 link-local and no working neigbor discovery.
Removing this case statement will result in the link-local address being configured by "ifconfig up" if the inet6 address was configured before. If you are using inet6 on carp, put an "up" at the end of your hostname.if. I will work on a better solution at g2k14.
ok henning, mpi
|
#
1.71 |
|
26-Jun-2014 |
mpi |
Calling in{6,}_purgeaddr() is not enough to remove an address from an interface. Two other operations are performed when issuing a SIOCDIFADDR{_IN6,} ioctl: call the address hook and the per-driver ioctl function.
Since carp(4) relies on an address hook to recalculate its hash, make sure to call this hook when IFXF_NOINET6 is set or when the rdomain is changed.
ok henning@, mikeb@
|
#
1.70 |
|
03-Jun-2014 |
mpi |
Do not include <sys/malloc.h> where it is not needed.
|
#
1.69 |
|
20-May-2014 |
mpi |
Fix eui64 address generation, broken since the removal of the link-layer address from the per-ifp list.
Found the hard way by weerd@, florian@ and stsp@, ok florian@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.68 |
|
21-Jan-2014 |
mpi |
Do not clean the multicast records of an interface when it is destroyed (unplugged). Even if it makes no sense to keep them around if the interface is no more, we cannot safely remove them since pcb multicast options might keep a pointer to them.
Fixes a user after free introduced by the multicast address linking rewrite and reported by Alexey Suslikov, thanks!
ok claudio@
|
#
1.67 |
|
13-Jan-2014 |
bluhm |
Call all local valiables of type struct in6_ifaddr "ia6". This is consistent with struct ifaddr "ifa" and struct in_ifaddr "ia". OK mpi@
|
#
1.66 |
|
07-Jan-2014 |
stsp |
Some follow-up fixes for IFID collision handling in IPv6CP.
Really change the link-local address in the unlikely event of an IFID collision, instead of going into an infinite conf-nak loop with the peer.
To make the netinet6 code use the IPv6CP IFID in a new link-local address, in6_ifattach_linklocal() must accept a provided IFID. Replace the unused 'altifp' parameter with a new 'ifid' parameter for this purpose.
Always use the latest suggested address in IPv6CP replies, even if the task to update the interface's address hasn't run yet. Also, clear the ifindex (KAME hack) in addresses sent during IPv6CP.
ok mpi
|
#
1.65 |
|
06-Jan-2014 |
stsp |
Make in6_ifdetach() remove the ff01::1 route for the detaching interface, too. The route used to linger after an interface detached from IPv6. ok mikeb
|
#
1.64 |
|
28-Nov-2013 |
mpi |
Change the way protocol multicast addresses are linked to an interface.
Instead of linking multicast records to the first configured address of the corresponding protocol, making this address and its position in the global list special, add them to a new list directly linked to the interface descriptor.
This new multicast address list is similar to the address list, all its elements contain a protocol agnostic part. This design allows us to be able to join a multicast group without necessarily having a configured address. That means IPv6 multicast kludges are no longer needed.
Another benefit is to be able to add and remove an IP address from an interface without worrying about multicast records. That means that the global IPv4 list is no longer needed since the first configured address of an interface is no longer special.
This new list might also be extended in the future to contain the link-layer addresses used to configure hardware filters.
Tested by sthen@ and weerd@, ok mikeb@
|
#
1.63 |
|
19-Nov-2013 |
mpi |
Remove some FDDI/ATM leftovers.
ok mikeb@, henning@, deraadt@, brad@, miod@
|
#
1.62 |
|
17-Oct-2013 |
bluhm |
The header file netinet/in_var.h included netinet6/in6_var.h. This created a bunch of useless dependencies. Remove this implicit inclusion and do an explicit #include <netinet6/in6_var.h> when it is needed. OK mpi@ henning@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.61 |
|
31-May-2013 |
bluhm |
Remove a bunch of sockaddr_in6 pointer casts and replace others with sin6tosa() or satosin6() inline functions. This allows the compiler to check the types more strictly. OK mpi@
|
#
1.60 |
|
26-Mar-2013 |
bluhm |
Remove a block of dead code in in6_ifdetach(). It was never executed due to the wrong & in satosin6(&ifa->ifa_addr). The link local prefix fe80 was not checked within the IPv6 address, but within some pointers of the interface address struct. The whole loop around this was also never executed as all IPv6 addresses had already been purged. OK sperreault@ mpi@ mikeb@
|
#
1.59 |
|
25-Mar-2013 |
mpi |
Substitute the handcrafted list of IPv6 addresses by a proper TAILQ.
ok bluhm@, mikeb@
|
#
1.58 |
|
07-Mar-2013 |
mpi |
Remove the IFAFREE() macro, the ifafree() function it was calling already check for the reference counter.
ok mikeb@, miod@, pelikan@, kettenis@, krw@
|
#
1.57 |
|
04-Mar-2013 |
bluhm |
Replace the cast to struct in6_ifaddr pointer with the ifatoia6() macro. No binary change. OK claudio@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.56 |
|
19-Sep-2012 |
bluhm |
Use TAILQ_FOREACH macro for loops. No binary diff. OK henning@
|
#
1.55 |
|
21-Aug-2012 |
bluhm |
Reverse the name and meaning of the IFXF_INET6_PRIVACY interface flag. It is now called IFXF_INET6_NOPRIVACY. So IPv6 privacy addresses are on by default without resetting the flag during ifconfig down/up. OK stsp@, sperreault@ (who wrote the same diff)
|
#
1.54 |
|
15-Aug-2012 |
sperreault |
Enable IPv6 autoconfprivacy by default
diff originally by stsp@ "please commit it" deraadt@ "don't care" stsp@ "don't like" bluhm@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.53 |
|
03-Jan-2012 |
bluhm |
To access the ifaddr of an in_ifaddr or in6_ifaddr struct, it is cleaner to access the first member via ia_ifa instead of casting. No binary change. ok henning@ krw@
|
#
1.52 |
|
24-Nov-2011 |
sperreault |
rdomain support for IPv6 ok mikeb
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.51 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.50 |
|
08-Feb-2010 |
jsing |
More destatic and ansification.
ok claudio@ naddy@
|
#
1.49 |
|
13-Jan-2010 |
henning |
instead of fiddling with the per-interface address lists directly in many places create a proper API (ifa_add / ifa_del) and use it. ok theo ryan dlg
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.48 |
|
30-Jan-2009 |
mcbride |
"XXX: should this be performed under splnet()?"... Yes, yes it should. Interface configuration causes neighbour discoverery, which runs packets through parts of the stack that require at least splsoftnet(), like pf and pfsync.
ok dlg
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.47 |
|
11-Jun-2008 |
mcbride |
ANSIfy to sync with KAME. From Karl Sjodahl <dunceor@gmail.com>.
ok todd deraadt naddy bluhm
|
#
1.46 |
|
11-May-2008 |
claudio |
rtrequest to rtrequest1 conversion in inet6. With that no rtrequest should be left over. OK henning@
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.45 |
|
08-Jun-2007 |
henning |
kill arcnet leftovers, some pt out by Mike Belopuhov <mkb@crypt.org.ru>, some I found afterwards, ok dlg
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.44 |
|
15-Nov-2006 |
itojun |
unifdef -USCOPEDROUTING
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.43 |
|
31-Aug-2006 |
mcbride |
Automatically add a IPv6 link-local address to carp interfaces when the virtual MAC address is set. Among other things, this makes route6d work correctly on systems with carp interfaces.
In order to ensure backwards compatibility, we do not include IPv6 link-local addresses in generating the HMAC, but we accept HMACs with AND without the link-local addresses. They will be added to the HMAC in a future release.
In short: this change should only affect backwards compatibility for IPv6 users who are manually adding link-local addresses on carp interfaces.
testing mtu@ todd@ ok mpf@ henning@ deraadt@
|
#
1.42 |
|
16-Jun-2006 |
henning |
adjust functions dealing with the routing table to take a table ID as parameter so they can work on alternate tables. table 0 hardcoded for many callers yet, that will be adapted step by step. input + ok claudio norby hshoexer
|
#
1.41 |
|
27-May-2006 |
claudio |
Do the same thing as for IPv4. Use a sysctl to enable/disable mfrowarding and additionaly make the code part of the MROUTING option. Put it in deraadt@
|
#
1.40 |
|
05-Mar-2006 |
miod |
Use more queue macros rather than doing it by hand; ok otto@ krw@
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.39 |
|
23-May-2005 |
mpf |
carp needs a multicast kludge storage. Fixes PR 4211. OK mcbride@
|
#
1.38 |
|
21-Apr-2005 |
itojun |
remove (now obsolete) handling of IFT_PROPVIRTUAL/bridge*. tested by camield@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.37 |
|
07-Dec-2004 |
mcbride |
Convert carp(4) to behave more like a regular interface, much in the same style as vlan(4). carp interfaces no longer require the physical interface to be on the same subnet as the carp interface, or even that the physical interface has an adress at all, so CARP can now be used on /30 networks.
ok deraadt@ henning@
|
Revision tags: OPENBSD_3_6_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.36 |
|
07-May-2004 |
millert |
Replace RSA-derived md5 code with code derived from Colin Plumb's PD version. This moves md5.c out of libkern and into sys/crypto where it belongs (as requested by markus@). Note that md5.c is still mandatory (dev/rnd.c uses it). Verified with IPsec + hmac-md5 and tcp md5sig. OK henning@ and hshoexer@
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE
|
#
1.35 |
|
08-Jul-2003 |
itojun |
on interface removal, clear multicast forwarding stuff. from kame
|
#
1.34 |
|
28-Jun-2003 |
itojun |
i don't think pfsync needs a link-local addr.
|
Revision tags: UBC_SYNC_A
|
#
1.33 |
|
14-May-2003 |
itojun |
it is unlikely that we introduce 6to4 interface (IFT_STF) to openbsd.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_B
|
#
1.32 |
|
12-Sep-2002 |
itojun |
configure "next" pointer correctly. from j@pureftpd.org
|
#
1.31 |
|
11-Sep-2002 |
itojun |
fix pointer signedness mixup. sync w/kame
|
#
1.30 |
|
11-Sep-2002 |
itojun |
KNF - return is not a function. sync w/kame
|
#
1.29 |
|
11-Jun-2002 |
itojun |
silence some of log(), as the codepath will be visited for IPv6-non-capable interfaces too and can be annoying. net.inet6.icmp6.nd6_debug will re-enable them.
|
#
1.28 |
|
11-Jun-2002 |
itojun |
whitespace
|
#
1.27 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.26 |
|
07-Jun-2002 |
itojun |
whitespace sync w/kame
|
#
1.25 |
|
29-May-2002 |
itojun |
attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
|
#
1.24 |
|
29-May-2002 |
itojun |
move per-interface ip6/icmp6 stat to ifnet->if_afdata. sync w/kame
|
#
1.23 |
|
23-May-2002 |
itojun |
simplify condition to perform DAD. sync w/kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.22 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.21 |
|
07-Dec-2001 |
itojun |
branches: 1.21.2; whitespace/comment sync with kame
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.20 |
|
23-Aug-2001 |
itojun |
suppress printf() on non-multicast interface. suppress ipv6 initialization for IFT_PFLOG.
|
#
1.19 |
|
23-Aug-2001 |
itojun |
don't try to enable IPv6 on IFT_PFLOG.
|
#
1.18 |
|
18-Jul-2001 |
itojun |
avoid using malloc() during interupt context for multicast kludge entry. allocate it on interface initialization.
|
#
1.17 |
|
09-Jun-2001 |
angelos |
No need for net/net_osdep.h
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.16 |
|
16-Feb-2001 |
itojun |
cosmetic sync with kame
|
#
1.15 |
|
07-Feb-2001 |
itojun |
by default, don't bark on inbound ND messages, as outsider may be able to fill up /var with bogus packets. setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid ND packet and other occasions.
improve icmp6 stats.
|
#
1.14 |
|
18-Jan-2001 |
itojun |
do not remove default route by mistake, on interface removal.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.13 |
|
25-Oct-2000 |
jason |
silence the "no multicast" warning for IFT_ENC, too deraadt ok
|
#
1.12 |
|
18-Oct-2000 |
itojun |
don't try to configure IPv6 on bridge*. comment from deraadt
|
#
1.11 |
|
02-Oct-2000 |
itojun |
fix missing \n. from doug@freebsd (sync with kame)
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.10 |
|
05-May-2000 |
itojun |
cope with interface detach (like pcmcia card removal). remove any IPv6 addresses assigned to the interface. reported by ho, bunch of help from niklas. KAME PR 231.
|
#
1.9 |
|
27-Apr-2000 |
itojun |
correct in6_ifdetach(). free oia, not ia. Lennart says there are more problems to go (I don't own openbsd-current laptop). From: Lennart Augustsson <augustss@augustsson.net>
|
#
1.8 |
|
17-Apr-2000 |
itojun |
revisit in6_ifattach(). (1) make it more persistent about initializaing an interface (2) cleanup interface id selection. run NUD on p2p interface (required by spec for bidir p2p interface). add "ndp -i interface" (can tweak per-interface ND flag). (sync with more recent kame)
|
#
1.7 |
|
02-Mar-2000 |
itojun |
do not add ifa_dstaddr for non-pointopoint interface. IPv6 has no concept for "broadcast".
|
Revision tags: SMP_BASE
|
#
1.6 |
|
07-Feb-2000 |
itojun |
branches: 1.6.2; fix include file path related to ip6.
|
#
1.5 |
|
04-Feb-2000 |
itojun |
more coverage of in6_ifdetach()'s cleanup process. bug fix in SIOCGIFADDR_IN6 (point to point case).
|
#
1.4 |
|
02-Feb-2000 |
itojun |
- improve in6_ifdetach to remove (1) multicast kludge list (2) route to link-local allnode multicast (ff02:x::/32) - fix ifnet refcnt'ing in multicast kludge list management. - avoid dangling pointer in multicast kludge management.
(angelos, try this version of in6_ifdetach() - it should be better)
|
#
1.3 |
|
10-Dec-1999 |
itojun |
use proper type for in6_first_ifid (char -> u_int8_t) suggested by: deraadt
|
#
1.2 |
|
10-Dec-1999 |
angelos |
Remove remaining unnecessary ifdefs (itojun will hate me for this :-)
|
Revision tags: kame_19991208
|
#
1.1 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
#
1.116 |
|
17-Mar-2020 |
tobhe |
Use strlcpy instead of strncpy to ensure results are NUL terminated.
ok mpi@
|
#
1.115 |
|
08-Nov-2019 |
dlg |
convert interface address change hooks to tasks and a task_list.
this follows what's been done for detach and link state hooks, and makes handling of hooks generally more robust.
address hooks are a bit different to detach/link state hooks in that there's only a few things that register hooks (carp, pf, vxlan), but a lot of places to run the hooks (lots of ipv4 and ipv6 address configuration).
an address hook cookie was in struct pfi_kif, which is part of the pf abi. rather than break pfctl -sI, this maintains the void * used for the cookie and uses it to store a task, which is then used as intended with the new api.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.114 |
|
21-Aug-2019 |
florian |
Remove support for semantically opace interface identifiers (RFC 7217) for IPv6 link local addresses.
Some hosting and VM providers route customer IPv6 prefixes to link local addresses derived from ethernet MAC addresses (RFC 2464). This leads to hard to debug IPv6 connectivity problems and is probably not worth the effort.
RFC 7721 lists 4 weaknesses:
3.1. Correlation of Activities over Time & 3.2. Location Tracking These are still possible with RFC 7217 addresses for an adversary connected to the same layer 2 network (think conference wifi). Since the link local prefix stays the same (fe80::/64) the link local addresses do not change between different networks. An adversary on the same layer 2 network can probably track ethernet MAC addresses via different means, too.
3.3. Address Scanning & 3.4. Device-Specific Vulnerability Exploitation These now become possible, however, as noted above a layer 2 adversary was probably able to do this via different means.
People concerned with these weaknesses are advised to use ifconfig lladdr random. OK benno input & OK kn
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.113 |
|
13-Feb-2019 |
dlg |
change rt_ifa_add and rt_ifa_del so they take an rdomain argument.
this allows mpls interfaces (mpe, mpw) to pass the rdomain they wish the local label to be in, rather than have it implicitly forced to 0 by these functions. right now they'll pass 0, but it will soon be possible to have them rx packets in other rdomains.
previously the functions used ifp->if_rdomain for the rdomain. everything other than mpls still passes ifp->if_rdomain.
ok mpi@
|
#
1.112 |
|
10-Feb-2019 |
dlg |
remove the implict RTF_MPATH flag that rt_ifa_add() sets on new routes.
MPLS interfaces (ab)use rt_ifa_add for adding the local MPLS label that they listen on for incoming packets, while every other use of rt_ifa_add is for adding addresses on local interfaces. MPLS does this cos the addresses involved are in basically the same shape as ones used for setting up local addresses.
It is appropriate for interfaces to want RTF_MPATH on local addresses, but in the MPLS case it means you can have multiple local things listening on the same label, which doesn't actually work. mpe in particular keeps track of in use labels to it can handle collisions, however, mpw does not. It is currently possible to have multiple mpw interfaces on the same local label, and sharing the same label as mpe or possible normal forwarding labels.
Moving the RTF_MPATH flag out of rt_ifa_add means all the callers that still want it need to pass it themselves. The mpe and mpw callers are left alone without the flag, and will now get EEXIST from rt_ifa_add when a label is already in use.
ok (and a huge amount of patience and help) mpi@ claudio@ is ok with the idea, but saw a much much earlier solution to the problem
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.111 |
|
05-Oct-2018 |
florian |
Do not join node information multicast group (RFC 4620). Benno removed code to answer ICMP queries over 4 years ago. Aham Brahmasmi (aham.brahmasmi AT gmx.com) points out that we still joined the group though.
OK sthen, bluhm, kn
|
#
1.110 |
|
26-Aug-2018 |
mpi |
Do not add ::1 on non-default lo(4) as intended.
Reported by and ok sthen@
|
#
1.109 |
|
10-Jul-2018 |
florian |
When an interface doesn't have a layer 2 address in6_get_soii_ifid() failes and then later on a in in6_get_ifid() a layer 2 address is "borrowed" from from another interface.
Do the "borrowing" in in6_get_soii_ifid(), too so that semantically opaque interface identifiers work for these kind of interfaces, too.
OK phessler, benno
|
#
1.108 |
|
10-Jul-2018 |
florian |
When an interface doesn't have a layer 2 address in6_get_ifid() tries to "borrow" one from another interface. But then it checks if the U bit is set int the generated EUI64 address and rejects it. On the other hand for interfaces that do have a layer 2 address this check is skipped, so relax it for the "borrowing" case, too.
With this one gets stable link local addresses on e.g. gre(4) interfaces on certain virtualisation environments depending which mac addresses get picked for the vio(4) interfaces while previously we would end up with a random IP on every reboot.
Reported by Aaron A. Glenn via phessler.
OK phessler, benno
|
#
1.107 |
|
27-Mar-2018 |
dhill |
Use memcpy instead of bcopy when the memory does not overlap.
OK deraadt@ florian@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.106 |
|
13-Mar-2018 |
florian |
Calculate RFC7217 link-local style addresses the same way as slaacd(8).
RFC 7217 states (section 5, page 9): | The Interface Identifier is finally obtained by taking as many | bits from the RID value (computed in the previous step) as | necessary, starting from the least significant bit.
Problem in slaacd pointed out by semarie@.
OK sthen, phessler
|
#
1.105 |
|
10-Feb-2018 |
florian |
Implement RFC 7217: "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration."
"An IPv6 address configured using this method is stable within each subnet, but the corresponding Interface Identifier changes when the host moves from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware addresses."
OK naddy, sthen
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.104 |
|
01-Sep-2017 |
florian |
Use in6_get_rand_ifid() instead of get_last_resort_ifid() and delete the get_last_resort_ifid() function because eww. Also if your system is so constraint that you end up in in6_get_rand_ifid() you don't deserve a random ifid that stays stable over reboots. Simplify code a bit since get_ifid() can no longer fail. It couldn't fail before either because that code path was #if 0'ed. While here sprinkle in some in6_ prefixes, pointed out by stsp. OK stsp
|
#
1.103 |
|
11-Jul-2017 |
florian |
Purging is at last at hand. Day of Doom is here. All that is evil shall all be cleansed.
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Input & OK bluhm@, mpi@
|
#
1.102 |
|
16-May-2017 |
mpi |
Replace remaining splsoftassert(IPL_SOFTNET) by NET_ASSERT_LOCKED().
ok visa@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.101 |
|
29-Dec-2016 |
mpi |
Get rid of recursive splsoftnet() in in6_ifattach_linklocal().
ok visa@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.100 |
|
30-Jun-2016 |
mpi |
Restore the automagically added /64 route on p2p interfaces in order to send traffic to link-local addresses without default route.
Fix a regression reported by Michael Lechtermann, ok stsp@, sthen@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.99 |
|
02-Dec-2015 |
bluhm |
When destroying an interface, we have to wait until all references are not used anymore. This has to be done before any interface fields become invalid. As the route delete request cannot call if_get() anymore, pass down the interface. Split rtrequest_delete() into a separate function that may take an existing inteface. OK mpi@
|
#
1.98 |
|
24-Oct-2015 |
mpi |
Convert to rt_ifidx.
ok bluhm@
|
#
1.97 |
|
22-Oct-2015 |
bluhm |
Inspired by satosin(), use inline functions to convert sockaddr dl. Instead of casts they check wether the incoming object has the expected type. So introduce satosdl() and sdltosa() in the kernel. OK mpi@
|
#
1.96 |
|
12-Sep-2015 |
mpi |
Now that rtrequest1(9) properly sets RTF_UP for newly added route, stop passing it in every rt_ifa_add(9) calls.
ok claudio@
|
#
1.95 |
|
03-Sep-2015 |
mpi |
Change the order of operations for loopback interfaces to have ::1 configured before fe80::1.
(lo0:0) in pf should resolve to 127.0.0.1 ::1.
reported by and ok mikeb@
|
#
1.94 |
|
31-Aug-2015 |
mpi |
Do not install connected routes on loopback interfaces.
Previously loopback connected routes were managed via the global list of prefixes, which mean that systems with AUTOCONF'd addresses did not see them in the routing table.
This also makes inet6 route creation coherent with inet.
|
#
1.93 |
|
24-Aug-2015 |
mpi |
Start moving away from the global prefix list by limiting its usage to AUTOCONF'd addresses.
This prevent the kernel from removing connected (/64) routes as soon as it configures an AUTOCONF'd address based on a RA.
Tested by sebastia@, ok sthen@
|
#
1.92 |
|
24-Aug-2015 |
mpi |
Rework the code to decide when to perform DAD to no longer rely on the IN6_IFF_NODAD pseudo-flag not being set.
This was just a flag for spaghetti code that should not exist in the first place.
Tested by sebastia@, ok sthen@
|
#
1.91 |
|
17-Aug-2015 |
mpi |
Remove anoying comment about in6_update_ifa().
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.90 |
|
18-Jul-2015 |
mpi |
Merge two identical chunks to add new prefixes to the global data structures into a function.
ok florian@
|
#
1.89 |
|
16-Jul-2015 |
mpi |
Properly layer Router Solicitation code.
Tweak and ok florian@
|
#
1.88 |
|
08-Jun-2015 |
krw |
More damned eye searing whitespace. No change to .o files.
|
#
1.87 |
|
27-Apr-2015 |
mpi |
Do not call nd6_purge() before purging the IPv6 addresses of a detached interface.
Fix a use after free introduced in r1.98 of netinet6/in6.c and recently exposed by a crazy pool/malloc damage finder being currently refined by dlg@ and deraadt@.
ok mikeb@, henning@
|
#
1.86 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.85 |
|
05-Feb-2015 |
mpi |
Convert various rtrequest1(RTM_DELETE,...) calls to rtdeletemsg(9).
This unify some code and notify userland for free.
blambert@ agrees, ok bluhm@
|
#
1.84 |
|
28-Jan-2015 |
mpi |
Revert rtdeletemsg conversion. It was not ok'd, I misunderstood bluhm@'s email.
|
#
1.83 |
|
27-Jan-2015 |
mpi |
Ensure that link-local addresses are correctly configured on loopback interfaces.
When the kernel automagically configures IPv6 addresses on loopback interfaces, start by assigning a link-local address and then try to assign "::1".
Only the first configured loopback interface per rdomain can have the "::1" address. But even if other loopback interfaces failed to get this address, because it is already taken, give them a chance to have a link-local address.
While here change in6_ifattach() to return an error value and remove duplicated code.
Fix a regression introduced by the NOINET6 flag removal.
ok henning@, stsp@, florian@, benno@
|
#
1.82 |
|
26-Jan-2015 |
mpi |
Call rtdeletemsg(9) instead of rerolling its code. As a bonus you'll get userland notification for free.
ok blambert@, bluhm@
|
#
1.81 |
|
10-Jan-2015 |
mpi |
Correct some comments and merge in6_if_up() into in6_ifattach() to reflect that IPv6 link-local addresses are no longer automagically configured the first time an interface is brought up.
ok henning@, stsp@
|
#
1.80 |
|
08-Jan-2015 |
florian |
Clear autoconf6 flag after autoconf6 cleanup happened, not before. Otherwise clean up code will never run. OK mpi@, benno@, henning@
|
#
1.79 |
|
06-Jan-2015 |
stsp |
Remove the NOINET6 interface flag, a left-over from the times when IPv6 was enabled by default. Add AFATTACH/AFDETACH ioctls which enable/disable an address family for an interface (currently used for IPv6 only).
New kernel needs new ifconfig for IPv6 configuration (address assignment still works with old ifconfig making this easy to cross over).
Committing on behalf of henning@ who is currently lebensmittelvergiftet. ok stsp, benno, mpi
|
#
1.78 |
|
04-Dec-2014 |
tedu |
replace md5 with sha512. ok deraadt
|
#
1.77 |
|
20-Nov-2014 |
mpi |
What have no need for a variable that holds the maximum MTU size of interfaces with an IPv6 address.
ok henning@, mikeb@, deraadt@
|
#
1.76 |
|
18-Nov-2014 |
krw |
Nuke yet more obvious #include duplications.
ok miod@
|
#
1.75 |
|
18-Nov-2014 |
tedu |
move arc4random prototype to systm.h. more appropriate for most code to include that than rdnvar.h. ok deraadt dlg
|
#
1.74 |
|
01-Nov-2014 |
mpi |
Rename rtalloc1() into rtalloc(9) and convert its flags to only enable functionnality instead of a mix of enable/disable.
ok bluhm@, jca@
|
#
1.73 |
|
25-Aug-2014 |
florian |
Move sending of router solicitations to the kernel; receiving and processing of router advertisements was already in the kernel. With this rtsol{,d}(8) is no longer necessary.
The kernel starts sending solicitations with # ifconfig $IF inet6 autoconf or inet6 autoconf in /etc/hostname.$IF.
input stsp@ much help & OK mpi@ tweaks & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.72 |
|
01-Jul-2014 |
benno |
When a carp interface is created with IFXF_NOINET6 flag, no link-local address will be created when the vhid (and MAC) is set. Depending on the order of the configuration the interface can end up with a ipv6 address, but no v6 link-local and no working neigbor discovery.
Removing this case statement will result in the link-local address being configured by "ifconfig up" if the inet6 address was configured before. If you are using inet6 on carp, put an "up" at the end of your hostname.if. I will work on a better solution at g2k14.
ok henning, mpi
|
#
1.71 |
|
26-Jun-2014 |
mpi |
Calling in{6,}_purgeaddr() is not enough to remove an address from an interface. Two other operations are performed when issuing a SIOCDIFADDR{_IN6,} ioctl: call the address hook and the per-driver ioctl function.
Since carp(4) relies on an address hook to recalculate its hash, make sure to call this hook when IFXF_NOINET6 is set or when the rdomain is changed.
ok henning@, mikeb@
|
#
1.70 |
|
03-Jun-2014 |
mpi |
Do not include <sys/malloc.h> where it is not needed.
|
#
1.69 |
|
20-May-2014 |
mpi |
Fix eui64 address generation, broken since the removal of the link-layer address from the per-ifp list.
Found the hard way by weerd@, florian@ and stsp@, ok florian@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.68 |
|
21-Jan-2014 |
mpi |
Do not clean the multicast records of an interface when it is destroyed (unplugged). Even if it makes no sense to keep them around if the interface is no more, we cannot safely remove them since pcb multicast options might keep a pointer to them.
Fixes a user after free introduced by the multicast address linking rewrite and reported by Alexey Suslikov, thanks!
ok claudio@
|
#
1.67 |
|
13-Jan-2014 |
bluhm |
Call all local valiables of type struct in6_ifaddr "ia6". This is consistent with struct ifaddr "ifa" and struct in_ifaddr "ia". OK mpi@
|
#
1.66 |
|
07-Jan-2014 |
stsp |
Some follow-up fixes for IFID collision handling in IPv6CP.
Really change the link-local address in the unlikely event of an IFID collision, instead of going into an infinite conf-nak loop with the peer.
To make the netinet6 code use the IPv6CP IFID in a new link-local address, in6_ifattach_linklocal() must accept a provided IFID. Replace the unused 'altifp' parameter with a new 'ifid' parameter for this purpose.
Always use the latest suggested address in IPv6CP replies, even if the task to update the interface's address hasn't run yet. Also, clear the ifindex (KAME hack) in addresses sent during IPv6CP.
ok mpi
|
#
1.65 |
|
06-Jan-2014 |
stsp |
Make in6_ifdetach() remove the ff01::1 route for the detaching interface, too. The route used to linger after an interface detached from IPv6. ok mikeb
|
#
1.64 |
|
28-Nov-2013 |
mpi |
Change the way protocol multicast addresses are linked to an interface.
Instead of linking multicast records to the first configured address of the corresponding protocol, making this address and its position in the global list special, add them to a new list directly linked to the interface descriptor.
This new multicast address list is similar to the address list, all its elements contain a protocol agnostic part. This design allows us to be able to join a multicast group without necessarily having a configured address. That means IPv6 multicast kludges are no longer needed.
Another benefit is to be able to add and remove an IP address from an interface without worrying about multicast records. That means that the global IPv4 list is no longer needed since the first configured address of an interface is no longer special.
This new list might also be extended in the future to contain the link-layer addresses used to configure hardware filters.
Tested by sthen@ and weerd@, ok mikeb@
|
#
1.63 |
|
19-Nov-2013 |
mpi |
Remove some FDDI/ATM leftovers.
ok mikeb@, henning@, deraadt@, brad@, miod@
|
#
1.62 |
|
17-Oct-2013 |
bluhm |
The header file netinet/in_var.h included netinet6/in6_var.h. This created a bunch of useless dependencies. Remove this implicit inclusion and do an explicit #include <netinet6/in6_var.h> when it is needed. OK mpi@ henning@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.61 |
|
31-May-2013 |
bluhm |
Remove a bunch of sockaddr_in6 pointer casts and replace others with sin6tosa() or satosin6() inline functions. This allows the compiler to check the types more strictly. OK mpi@
|
#
1.60 |
|
26-Mar-2013 |
bluhm |
Remove a block of dead code in in6_ifdetach(). It was never executed due to the wrong & in satosin6(&ifa->ifa_addr). The link local prefix fe80 was not checked within the IPv6 address, but within some pointers of the interface address struct. The whole loop around this was also never executed as all IPv6 addresses had already been purged. OK sperreault@ mpi@ mikeb@
|
#
1.59 |
|
25-Mar-2013 |
mpi |
Substitute the handcrafted list of IPv6 addresses by a proper TAILQ.
ok bluhm@, mikeb@
|
#
1.58 |
|
07-Mar-2013 |
mpi |
Remove the IFAFREE() macro, the ifafree() function it was calling already check for the reference counter.
ok mikeb@, miod@, pelikan@, kettenis@, krw@
|
#
1.57 |
|
04-Mar-2013 |
bluhm |
Replace the cast to struct in6_ifaddr pointer with the ifatoia6() macro. No binary change. OK claudio@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.56 |
|
19-Sep-2012 |
bluhm |
Use TAILQ_FOREACH macro for loops. No binary diff. OK henning@
|
#
1.55 |
|
21-Aug-2012 |
bluhm |
Reverse the name and meaning of the IFXF_INET6_PRIVACY interface flag. It is now called IFXF_INET6_NOPRIVACY. So IPv6 privacy addresses are on by default without resetting the flag during ifconfig down/up. OK stsp@, sperreault@ (who wrote the same diff)
|
#
1.54 |
|
15-Aug-2012 |
sperreault |
Enable IPv6 autoconfprivacy by default
diff originally by stsp@ "please commit it" deraadt@ "don't care" stsp@ "don't like" bluhm@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.53 |
|
03-Jan-2012 |
bluhm |
To access the ifaddr of an in_ifaddr or in6_ifaddr struct, it is cleaner to access the first member via ia_ifa instead of casting. No binary change. ok henning@ krw@
|
#
1.52 |
|
24-Nov-2011 |
sperreault |
rdomain support for IPv6 ok mikeb
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.51 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.50 |
|
08-Feb-2010 |
jsing |
More destatic and ansification.
ok claudio@ naddy@
|
#
1.49 |
|
13-Jan-2010 |
henning |
instead of fiddling with the per-interface address lists directly in many places create a proper API (ifa_add / ifa_del) and use it. ok theo ryan dlg
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.48 |
|
30-Jan-2009 |
mcbride |
"XXX: should this be performed under splnet()?"... Yes, yes it should. Interface configuration causes neighbour discoverery, which runs packets through parts of the stack that require at least splsoftnet(), like pf and pfsync.
ok dlg
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.47 |
|
11-Jun-2008 |
mcbride |
ANSIfy to sync with KAME. From Karl Sjodahl <dunceor@gmail.com>.
ok todd deraadt naddy bluhm
|
#
1.46 |
|
11-May-2008 |
claudio |
rtrequest to rtrequest1 conversion in inet6. With that no rtrequest should be left over. OK henning@
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.45 |
|
08-Jun-2007 |
henning |
kill arcnet leftovers, some pt out by Mike Belopuhov <mkb@crypt.org.ru>, some I found afterwards, ok dlg
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.44 |
|
15-Nov-2006 |
itojun |
unifdef -USCOPEDROUTING
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.43 |
|
31-Aug-2006 |
mcbride |
Automatically add a IPv6 link-local address to carp interfaces when the virtual MAC address is set. Among other things, this makes route6d work correctly on systems with carp interfaces.
In order to ensure backwards compatibility, we do not include IPv6 link-local addresses in generating the HMAC, but we accept HMACs with AND without the link-local addresses. They will be added to the HMAC in a future release.
In short: this change should only affect backwards compatibility for IPv6 users who are manually adding link-local addresses on carp interfaces.
testing mtu@ todd@ ok mpf@ henning@ deraadt@
|
#
1.42 |
|
16-Jun-2006 |
henning |
adjust functions dealing with the routing table to take a table ID as parameter so they can work on alternate tables. table 0 hardcoded for many callers yet, that will be adapted step by step. input + ok claudio norby hshoexer
|
#
1.41 |
|
27-May-2006 |
claudio |
Do the same thing as for IPv4. Use a sysctl to enable/disable mfrowarding and additionaly make the code part of the MROUTING option. Put it in deraadt@
|
#
1.40 |
|
05-Mar-2006 |
miod |
Use more queue macros rather than doing it by hand; ok otto@ krw@
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.39 |
|
23-May-2005 |
mpf |
carp needs a multicast kludge storage. Fixes PR 4211. OK mcbride@
|
#
1.38 |
|
21-Apr-2005 |
itojun |
remove (now obsolete) handling of IFT_PROPVIRTUAL/bridge*. tested by camield@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.37 |
|
07-Dec-2004 |
mcbride |
Convert carp(4) to behave more like a regular interface, much in the same style as vlan(4). carp interfaces no longer require the physical interface to be on the same subnet as the carp interface, or even that the physical interface has an adress at all, so CARP can now be used on /30 networks.
ok deraadt@ henning@
|
Revision tags: OPENBSD_3_6_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.36 |
|
07-May-2004 |
millert |
Replace RSA-derived md5 code with code derived from Colin Plumb's PD version. This moves md5.c out of libkern and into sys/crypto where it belongs (as requested by markus@). Note that md5.c is still mandatory (dev/rnd.c uses it). Verified with IPsec + hmac-md5 and tcp md5sig. OK henning@ and hshoexer@
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE
|
#
1.35 |
|
08-Jul-2003 |
itojun |
on interface removal, clear multicast forwarding stuff. from kame
|
#
1.34 |
|
28-Jun-2003 |
itojun |
i don't think pfsync needs a link-local addr.
|
Revision tags: UBC_SYNC_A
|
#
1.33 |
|
14-May-2003 |
itojun |
it is unlikely that we introduce 6to4 interface (IFT_STF) to openbsd.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_B
|
#
1.32 |
|
12-Sep-2002 |
itojun |
configure "next" pointer correctly. from j@pureftpd.org
|
#
1.31 |
|
11-Sep-2002 |
itojun |
fix pointer signedness mixup. sync w/kame
|
#
1.30 |
|
11-Sep-2002 |
itojun |
KNF - return is not a function. sync w/kame
|
#
1.29 |
|
11-Jun-2002 |
itojun |
silence some of log(), as the codepath will be visited for IPv6-non-capable interfaces too and can be annoying. net.inet6.icmp6.nd6_debug will re-enable them.
|
#
1.28 |
|
11-Jun-2002 |
itojun |
whitespace
|
#
1.27 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.26 |
|
07-Jun-2002 |
itojun |
whitespace sync w/kame
|
#
1.25 |
|
29-May-2002 |
itojun |
attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
|
#
1.24 |
|
29-May-2002 |
itojun |
move per-interface ip6/icmp6 stat to ifnet->if_afdata. sync w/kame
|
#
1.23 |
|
23-May-2002 |
itojun |
simplify condition to perform DAD. sync w/kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.22 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.21 |
|
07-Dec-2001 |
itojun |
branches: 1.21.2; whitespace/comment sync with kame
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.20 |
|
23-Aug-2001 |
itojun |
suppress printf() on non-multicast interface. suppress ipv6 initialization for IFT_PFLOG.
|
#
1.19 |
|
23-Aug-2001 |
itojun |
don't try to enable IPv6 on IFT_PFLOG.
|
#
1.18 |
|
18-Jul-2001 |
itojun |
avoid using malloc() during interupt context for multicast kludge entry. allocate it on interface initialization.
|
#
1.17 |
|
09-Jun-2001 |
angelos |
No need for net/net_osdep.h
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.16 |
|
16-Feb-2001 |
itojun |
cosmetic sync with kame
|
#
1.15 |
|
07-Feb-2001 |
itojun |
by default, don't bark on inbound ND messages, as outsider may be able to fill up /var with bogus packets. setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid ND packet and other occasions.
improve icmp6 stats.
|
#
1.14 |
|
18-Jan-2001 |
itojun |
do not remove default route by mistake, on interface removal.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.13 |
|
25-Oct-2000 |
jason |
silence the "no multicast" warning for IFT_ENC, too deraadt ok
|
#
1.12 |
|
18-Oct-2000 |
itojun |
don't try to configure IPv6 on bridge*. comment from deraadt
|
#
1.11 |
|
02-Oct-2000 |
itojun |
fix missing \n. from doug@freebsd (sync with kame)
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.10 |
|
05-May-2000 |
itojun |
cope with interface detach (like pcmcia card removal). remove any IPv6 addresses assigned to the interface. reported by ho, bunch of help from niklas. KAME PR 231.
|
#
1.9 |
|
27-Apr-2000 |
itojun |
correct in6_ifdetach(). free oia, not ia. Lennart says there are more problems to go (I don't own openbsd-current laptop). From: Lennart Augustsson <augustss@augustsson.net>
|
#
1.8 |
|
17-Apr-2000 |
itojun |
revisit in6_ifattach(). (1) make it more persistent about initializaing an interface (2) cleanup interface id selection. run NUD on p2p interface (required by spec for bidir p2p interface). add "ndp -i interface" (can tweak per-interface ND flag). (sync with more recent kame)
|
#
1.7 |
|
02-Mar-2000 |
itojun |
do not add ifa_dstaddr for non-pointopoint interface. IPv6 has no concept for "broadcast".
|
Revision tags: SMP_BASE
|
#
1.6 |
|
07-Feb-2000 |
itojun |
branches: 1.6.2; fix include file path related to ip6.
|
#
1.5 |
|
04-Feb-2000 |
itojun |
more coverage of in6_ifdetach()'s cleanup process. bug fix in SIOCGIFADDR_IN6 (point to point case).
|
#
1.4 |
|
02-Feb-2000 |
itojun |
- improve in6_ifdetach to remove (1) multicast kludge list (2) route to link-local allnode multicast (ff02:x::/32) - fix ifnet refcnt'ing in multicast kludge list management. - avoid dangling pointer in multicast kludge management.
(angelos, try this version of in6_ifdetach() - it should be better)
|
#
1.3 |
|
10-Dec-1999 |
itojun |
use proper type for in6_first_ifid (char -> u_int8_t) suggested by: deraadt
|
#
1.2 |
|
10-Dec-1999 |
angelos |
Remove remaining unnecessary ifdefs (itojun will hate me for this :-)
|
Revision tags: kame_19991208
|
#
1.1 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
#
1.115 |
|
08-Nov-2019 |
dlg |
convert interface address change hooks to tasks and a task_list.
this follows what's been done for detach and link state hooks, and makes handling of hooks generally more robust.
address hooks are a bit different to detach/link state hooks in that there's only a few things that register hooks (carp, pf, vxlan), but a lot of places to run the hooks (lots of ipv4 and ipv6 address configuration).
an address hook cookie was in struct pfi_kif, which is part of the pf abi. rather than break pfctl -sI, this maintains the void * used for the cookie and uses it to store a task, which is then used as intended with the new api.
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.114 |
|
21-Aug-2019 |
florian |
Remove support for semantically opace interface identifiers (RFC 7217) for IPv6 link local addresses.
Some hosting and VM providers route customer IPv6 prefixes to link local addresses derived from ethernet MAC addresses (RFC 2464). This leads to hard to debug IPv6 connectivity problems and is probably not worth the effort.
RFC 7721 lists 4 weaknesses:
3.1. Correlation of Activities over Time & 3.2. Location Tracking These are still possible with RFC 7217 addresses for an adversary connected to the same layer 2 network (think conference wifi). Since the link local prefix stays the same (fe80::/64) the link local addresses do not change between different networks. An adversary on the same layer 2 network can probably track ethernet MAC addresses via different means, too.
3.3. Address Scanning & 3.4. Device-Specific Vulnerability Exploitation These now become possible, however, as noted above a layer 2 adversary was probably able to do this via different means.
People concerned with these weaknesses are advised to use ifconfig lladdr random. OK benno input & OK kn
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.113 |
|
13-Feb-2019 |
dlg |
change rt_ifa_add and rt_ifa_del so they take an rdomain argument.
this allows mpls interfaces (mpe, mpw) to pass the rdomain they wish the local label to be in, rather than have it implicitly forced to 0 by these functions. right now they'll pass 0, but it will soon be possible to have them rx packets in other rdomains.
previously the functions used ifp->if_rdomain for the rdomain. everything other than mpls still passes ifp->if_rdomain.
ok mpi@
|
#
1.112 |
|
10-Feb-2019 |
dlg |
remove the implict RTF_MPATH flag that rt_ifa_add() sets on new routes.
MPLS interfaces (ab)use rt_ifa_add for adding the local MPLS label that they listen on for incoming packets, while every other use of rt_ifa_add is for adding addresses on local interfaces. MPLS does this cos the addresses involved are in basically the same shape as ones used for setting up local addresses.
It is appropriate for interfaces to want RTF_MPATH on local addresses, but in the MPLS case it means you can have multiple local things listening on the same label, which doesn't actually work. mpe in particular keeps track of in use labels to it can handle collisions, however, mpw does not. It is currently possible to have multiple mpw interfaces on the same local label, and sharing the same label as mpe or possible normal forwarding labels.
Moving the RTF_MPATH flag out of rt_ifa_add means all the callers that still want it need to pass it themselves. The mpe and mpw callers are left alone without the flag, and will now get EEXIST from rt_ifa_add when a label is already in use.
ok (and a huge amount of patience and help) mpi@ claudio@ is ok with the idea, but saw a much much earlier solution to the problem
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.111 |
|
05-Oct-2018 |
florian |
Do not join node information multicast group (RFC 4620). Benno removed code to answer ICMP queries over 4 years ago. Aham Brahmasmi (aham.brahmasmi AT gmx.com) points out that we still joined the group though.
OK sthen, bluhm, kn
|
#
1.110 |
|
26-Aug-2018 |
mpi |
Do not add ::1 on non-default lo(4) as intended.
Reported by and ok sthen@
|
#
1.109 |
|
10-Jul-2018 |
florian |
When an interface doesn't have a layer 2 address in6_get_soii_ifid() failes and then later on a in in6_get_ifid() a layer 2 address is "borrowed" from from another interface.
Do the "borrowing" in in6_get_soii_ifid(), too so that semantically opaque interface identifiers work for these kind of interfaces, too.
OK phessler, benno
|
#
1.108 |
|
10-Jul-2018 |
florian |
When an interface doesn't have a layer 2 address in6_get_ifid() tries to "borrow" one from another interface. But then it checks if the U bit is set int the generated EUI64 address and rejects it. On the other hand for interfaces that do have a layer 2 address this check is skipped, so relax it for the "borrowing" case, too.
With this one gets stable link local addresses on e.g. gre(4) interfaces on certain virtualisation environments depending which mac addresses get picked for the vio(4) interfaces while previously we would end up with a random IP on every reboot.
Reported by Aaron A. Glenn via phessler.
OK phessler, benno
|
#
1.107 |
|
27-Mar-2018 |
dhill |
Use memcpy instead of bcopy when the memory does not overlap.
OK deraadt@ florian@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.106 |
|
13-Mar-2018 |
florian |
Calculate RFC7217 link-local style addresses the same way as slaacd(8).
RFC 7217 states (section 5, page 9): | The Interface Identifier is finally obtained by taking as many | bits from the RID value (computed in the previous step) as | necessary, starting from the least significant bit.
Problem in slaacd pointed out by semarie@.
OK sthen, phessler
|
#
1.105 |
|
10-Feb-2018 |
florian |
Implement RFC 7217: "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration."
"An IPv6 address configured using this method is stable within each subnet, but the corresponding Interface Identifier changes when the host moves from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware addresses."
OK naddy, sthen
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.104 |
|
01-Sep-2017 |
florian |
Use in6_get_rand_ifid() instead of get_last_resort_ifid() and delete the get_last_resort_ifid() function because eww. Also if your system is so constraint that you end up in in6_get_rand_ifid() you don't deserve a random ifid that stays stable over reboots. Simplify code a bit since get_ifid() can no longer fail. It couldn't fail before either because that code path was #if 0'ed. While here sprinkle in some in6_ prefixes, pointed out by stsp. OK stsp
|
#
1.103 |
|
11-Jul-2017 |
florian |
Purging is at last at hand. Day of Doom is here. All that is evil shall all be cleansed.
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Input & OK bluhm@, mpi@
|
#
1.102 |
|
16-May-2017 |
mpi |
Replace remaining splsoftassert(IPL_SOFTNET) by NET_ASSERT_LOCKED().
ok visa@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.101 |
|
29-Dec-2016 |
mpi |
Get rid of recursive splsoftnet() in in6_ifattach_linklocal().
ok visa@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.100 |
|
30-Jun-2016 |
mpi |
Restore the automagically added /64 route on p2p interfaces in order to send traffic to link-local addresses without default route.
Fix a regression reported by Michael Lechtermann, ok stsp@, sthen@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.99 |
|
02-Dec-2015 |
bluhm |
When destroying an interface, we have to wait until all references are not used anymore. This has to be done before any interface fields become invalid. As the route delete request cannot call if_get() anymore, pass down the interface. Split rtrequest_delete() into a separate function that may take an existing inteface. OK mpi@
|
#
1.98 |
|
24-Oct-2015 |
mpi |
Convert to rt_ifidx.
ok bluhm@
|
#
1.97 |
|
22-Oct-2015 |
bluhm |
Inspired by satosin(), use inline functions to convert sockaddr dl. Instead of casts they check wether the incoming object has the expected type. So introduce satosdl() and sdltosa() in the kernel. OK mpi@
|
#
1.96 |
|
12-Sep-2015 |
mpi |
Now that rtrequest1(9) properly sets RTF_UP for newly added route, stop passing it in every rt_ifa_add(9) calls.
ok claudio@
|
#
1.95 |
|
03-Sep-2015 |
mpi |
Change the order of operations for loopback interfaces to have ::1 configured before fe80::1.
(lo0:0) in pf should resolve to 127.0.0.1 ::1.
reported by and ok mikeb@
|
#
1.94 |
|
31-Aug-2015 |
mpi |
Do not install connected routes on loopback interfaces.
Previously loopback connected routes were managed via the global list of prefixes, which mean that systems with AUTOCONF'd addresses did not see them in the routing table.
This also makes inet6 route creation coherent with inet.
|
#
1.93 |
|
24-Aug-2015 |
mpi |
Start moving away from the global prefix list by limiting its usage to AUTOCONF'd addresses.
This prevent the kernel from removing connected (/64) routes as soon as it configures an AUTOCONF'd address based on a RA.
Tested by sebastia@, ok sthen@
|
#
1.92 |
|
24-Aug-2015 |
mpi |
Rework the code to decide when to perform DAD to no longer rely on the IN6_IFF_NODAD pseudo-flag not being set.
This was just a flag for spaghetti code that should not exist in the first place.
Tested by sebastia@, ok sthen@
|
#
1.91 |
|
17-Aug-2015 |
mpi |
Remove anoying comment about in6_update_ifa().
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.90 |
|
18-Jul-2015 |
mpi |
Merge two identical chunks to add new prefixes to the global data structures into a function.
ok florian@
|
#
1.89 |
|
16-Jul-2015 |
mpi |
Properly layer Router Solicitation code.
Tweak and ok florian@
|
#
1.88 |
|
08-Jun-2015 |
krw |
More damned eye searing whitespace. No change to .o files.
|
#
1.87 |
|
27-Apr-2015 |
mpi |
Do not call nd6_purge() before purging the IPv6 addresses of a detached interface.
Fix a use after free introduced in r1.98 of netinet6/in6.c and recently exposed by a crazy pool/malloc damage finder being currently refined by dlg@ and deraadt@.
ok mikeb@, henning@
|
#
1.86 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.85 |
|
05-Feb-2015 |
mpi |
Convert various rtrequest1(RTM_DELETE,...) calls to rtdeletemsg(9).
This unify some code and notify userland for free.
blambert@ agrees, ok bluhm@
|
#
1.84 |
|
28-Jan-2015 |
mpi |
Revert rtdeletemsg conversion. It was not ok'd, I misunderstood bluhm@'s email.
|
#
1.83 |
|
27-Jan-2015 |
mpi |
Ensure that link-local addresses are correctly configured on loopback interfaces.
When the kernel automagically configures IPv6 addresses on loopback interfaces, start by assigning a link-local address and then try to assign "::1".
Only the first configured loopback interface per rdomain can have the "::1" address. But even if other loopback interfaces failed to get this address, because it is already taken, give them a chance to have a link-local address.
While here change in6_ifattach() to return an error value and remove duplicated code.
Fix a regression introduced by the NOINET6 flag removal.
ok henning@, stsp@, florian@, benno@
|
#
1.82 |
|
26-Jan-2015 |
mpi |
Call rtdeletemsg(9) instead of rerolling its code. As a bonus you'll get userland notification for free.
ok blambert@, bluhm@
|
#
1.81 |
|
10-Jan-2015 |
mpi |
Correct some comments and merge in6_if_up() into in6_ifattach() to reflect that IPv6 link-local addresses are no longer automagically configured the first time an interface is brought up.
ok henning@, stsp@
|
#
1.80 |
|
08-Jan-2015 |
florian |
Clear autoconf6 flag after autoconf6 cleanup happened, not before. Otherwise clean up code will never run. OK mpi@, benno@, henning@
|
#
1.79 |
|
06-Jan-2015 |
stsp |
Remove the NOINET6 interface flag, a left-over from the times when IPv6 was enabled by default. Add AFATTACH/AFDETACH ioctls which enable/disable an address family for an interface (currently used for IPv6 only).
New kernel needs new ifconfig for IPv6 configuration (address assignment still works with old ifconfig making this easy to cross over).
Committing on behalf of henning@ who is currently lebensmittelvergiftet. ok stsp, benno, mpi
|
#
1.78 |
|
04-Dec-2014 |
tedu |
replace md5 with sha512. ok deraadt
|
#
1.77 |
|
20-Nov-2014 |
mpi |
What have no need for a variable that holds the maximum MTU size of interfaces with an IPv6 address.
ok henning@, mikeb@, deraadt@
|
#
1.76 |
|
18-Nov-2014 |
krw |
Nuke yet more obvious #include duplications.
ok miod@
|
#
1.75 |
|
18-Nov-2014 |
tedu |
move arc4random prototype to systm.h. more appropriate for most code to include that than rdnvar.h. ok deraadt dlg
|
#
1.74 |
|
01-Nov-2014 |
mpi |
Rename rtalloc1() into rtalloc(9) and convert its flags to only enable functionnality instead of a mix of enable/disable.
ok bluhm@, jca@
|
#
1.73 |
|
25-Aug-2014 |
florian |
Move sending of router solicitations to the kernel; receiving and processing of router advertisements was already in the kernel. With this rtsol{,d}(8) is no longer necessary.
The kernel starts sending solicitations with # ifconfig $IF inet6 autoconf or inet6 autoconf in /etc/hostname.$IF.
input stsp@ much help & OK mpi@ tweaks & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.72 |
|
01-Jul-2014 |
benno |
When a carp interface is created with IFXF_NOINET6 flag, no link-local address will be created when the vhid (and MAC) is set. Depending on the order of the configuration the interface can end up with a ipv6 address, but no v6 link-local and no working neigbor discovery.
Removing this case statement will result in the link-local address being configured by "ifconfig up" if the inet6 address was configured before. If you are using inet6 on carp, put an "up" at the end of your hostname.if. I will work on a better solution at g2k14.
ok henning, mpi
|
#
1.71 |
|
26-Jun-2014 |
mpi |
Calling in{6,}_purgeaddr() is not enough to remove an address from an interface. Two other operations are performed when issuing a SIOCDIFADDR{_IN6,} ioctl: call the address hook and the per-driver ioctl function.
Since carp(4) relies on an address hook to recalculate its hash, make sure to call this hook when IFXF_NOINET6 is set or when the rdomain is changed.
ok henning@, mikeb@
|
#
1.70 |
|
03-Jun-2014 |
mpi |
Do not include <sys/malloc.h> where it is not needed.
|
#
1.69 |
|
20-May-2014 |
mpi |
Fix eui64 address generation, broken since the removal of the link-layer address from the per-ifp list.
Found the hard way by weerd@, florian@ and stsp@, ok florian@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.68 |
|
21-Jan-2014 |
mpi |
Do not clean the multicast records of an interface when it is destroyed (unplugged). Even if it makes no sense to keep them around if the interface is no more, we cannot safely remove them since pcb multicast options might keep a pointer to them.
Fixes a user after free introduced by the multicast address linking rewrite and reported by Alexey Suslikov, thanks!
ok claudio@
|
#
1.67 |
|
13-Jan-2014 |
bluhm |
Call all local valiables of type struct in6_ifaddr "ia6". This is consistent with struct ifaddr "ifa" and struct in_ifaddr "ia". OK mpi@
|
#
1.66 |
|
07-Jan-2014 |
stsp |
Some follow-up fixes for IFID collision handling in IPv6CP.
Really change the link-local address in the unlikely event of an IFID collision, instead of going into an infinite conf-nak loop with the peer.
To make the netinet6 code use the IPv6CP IFID in a new link-local address, in6_ifattach_linklocal() must accept a provided IFID. Replace the unused 'altifp' parameter with a new 'ifid' parameter for this purpose.
Always use the latest suggested address in IPv6CP replies, even if the task to update the interface's address hasn't run yet. Also, clear the ifindex (KAME hack) in addresses sent during IPv6CP.
ok mpi
|
#
1.65 |
|
06-Jan-2014 |
stsp |
Make in6_ifdetach() remove the ff01::1 route for the detaching interface, too. The route used to linger after an interface detached from IPv6. ok mikeb
|
#
1.64 |
|
28-Nov-2013 |
mpi |
Change the way protocol multicast addresses are linked to an interface.
Instead of linking multicast records to the first configured address of the corresponding protocol, making this address and its position in the global list special, add them to a new list directly linked to the interface descriptor.
This new multicast address list is similar to the address list, all its elements contain a protocol agnostic part. This design allows us to be able to join a multicast group without necessarily having a configured address. That means IPv6 multicast kludges are no longer needed.
Another benefit is to be able to add and remove an IP address from an interface without worrying about multicast records. That means that the global IPv4 list is no longer needed since the first configured address of an interface is no longer special.
This new list might also be extended in the future to contain the link-layer addresses used to configure hardware filters.
Tested by sthen@ and weerd@, ok mikeb@
|
#
1.63 |
|
19-Nov-2013 |
mpi |
Remove some FDDI/ATM leftovers.
ok mikeb@, henning@, deraadt@, brad@, miod@
|
#
1.62 |
|
17-Oct-2013 |
bluhm |
The header file netinet/in_var.h included netinet6/in6_var.h. This created a bunch of useless dependencies. Remove this implicit inclusion and do an explicit #include <netinet6/in6_var.h> when it is needed. OK mpi@ henning@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.61 |
|
31-May-2013 |
bluhm |
Remove a bunch of sockaddr_in6 pointer casts and replace others with sin6tosa() or satosin6() inline functions. This allows the compiler to check the types more strictly. OK mpi@
|
#
1.60 |
|
26-Mar-2013 |
bluhm |
Remove a block of dead code in in6_ifdetach(). It was never executed due to the wrong & in satosin6(&ifa->ifa_addr). The link local prefix fe80 was not checked within the IPv6 address, but within some pointers of the interface address struct. The whole loop around this was also never executed as all IPv6 addresses had already been purged. OK sperreault@ mpi@ mikeb@
|
#
1.59 |
|
25-Mar-2013 |
mpi |
Substitute the handcrafted list of IPv6 addresses by a proper TAILQ.
ok bluhm@, mikeb@
|
#
1.58 |
|
07-Mar-2013 |
mpi |
Remove the IFAFREE() macro, the ifafree() function it was calling already check for the reference counter.
ok mikeb@, miod@, pelikan@, kettenis@, krw@
|
#
1.57 |
|
04-Mar-2013 |
bluhm |
Replace the cast to struct in6_ifaddr pointer with the ifatoia6() macro. No binary change. OK claudio@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.56 |
|
19-Sep-2012 |
bluhm |
Use TAILQ_FOREACH macro for loops. No binary diff. OK henning@
|
#
1.55 |
|
21-Aug-2012 |
bluhm |
Reverse the name and meaning of the IFXF_INET6_PRIVACY interface flag. It is now called IFXF_INET6_NOPRIVACY. So IPv6 privacy addresses are on by default without resetting the flag during ifconfig down/up. OK stsp@, sperreault@ (who wrote the same diff)
|
#
1.54 |
|
15-Aug-2012 |
sperreault |
Enable IPv6 autoconfprivacy by default
diff originally by stsp@ "please commit it" deraadt@ "don't care" stsp@ "don't like" bluhm@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.53 |
|
03-Jan-2012 |
bluhm |
To access the ifaddr of an in_ifaddr or in6_ifaddr struct, it is cleaner to access the first member via ia_ifa instead of casting. No binary change. ok henning@ krw@
|
#
1.52 |
|
24-Nov-2011 |
sperreault |
rdomain support for IPv6 ok mikeb
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.51 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.50 |
|
08-Feb-2010 |
jsing |
More destatic and ansification.
ok claudio@ naddy@
|
#
1.49 |
|
13-Jan-2010 |
henning |
instead of fiddling with the per-interface address lists directly in many places create a proper API (ifa_add / ifa_del) and use it. ok theo ryan dlg
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.48 |
|
30-Jan-2009 |
mcbride |
"XXX: should this be performed under splnet()?"... Yes, yes it should. Interface configuration causes neighbour discoverery, which runs packets through parts of the stack that require at least splsoftnet(), like pf and pfsync.
ok dlg
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.47 |
|
11-Jun-2008 |
mcbride |
ANSIfy to sync with KAME. From Karl Sjodahl <dunceor@gmail.com>.
ok todd deraadt naddy bluhm
|
#
1.46 |
|
11-May-2008 |
claudio |
rtrequest to rtrequest1 conversion in inet6. With that no rtrequest should be left over. OK henning@
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.45 |
|
08-Jun-2007 |
henning |
kill arcnet leftovers, some pt out by Mike Belopuhov <mkb@crypt.org.ru>, some I found afterwards, ok dlg
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.44 |
|
15-Nov-2006 |
itojun |
unifdef -USCOPEDROUTING
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.43 |
|
31-Aug-2006 |
mcbride |
Automatically add a IPv6 link-local address to carp interfaces when the virtual MAC address is set. Among other things, this makes route6d work correctly on systems with carp interfaces.
In order to ensure backwards compatibility, we do not include IPv6 link-local addresses in generating the HMAC, but we accept HMACs with AND without the link-local addresses. They will be added to the HMAC in a future release.
In short: this change should only affect backwards compatibility for IPv6 users who are manually adding link-local addresses on carp interfaces.
testing mtu@ todd@ ok mpf@ henning@ deraadt@
|
#
1.42 |
|
16-Jun-2006 |
henning |
adjust functions dealing with the routing table to take a table ID as parameter so they can work on alternate tables. table 0 hardcoded for many callers yet, that will be adapted step by step. input + ok claudio norby hshoexer
|
#
1.41 |
|
27-May-2006 |
claudio |
Do the same thing as for IPv4. Use a sysctl to enable/disable mfrowarding and additionaly make the code part of the MROUTING option. Put it in deraadt@
|
#
1.40 |
|
05-Mar-2006 |
miod |
Use more queue macros rather than doing it by hand; ok otto@ krw@
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.39 |
|
23-May-2005 |
mpf |
carp needs a multicast kludge storage. Fixes PR 4211. OK mcbride@
|
#
1.38 |
|
21-Apr-2005 |
itojun |
remove (now obsolete) handling of IFT_PROPVIRTUAL/bridge*. tested by camield@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.37 |
|
07-Dec-2004 |
mcbride |
Convert carp(4) to behave more like a regular interface, much in the same style as vlan(4). carp interfaces no longer require the physical interface to be on the same subnet as the carp interface, or even that the physical interface has an adress at all, so CARP can now be used on /30 networks.
ok deraadt@ henning@
|
Revision tags: OPENBSD_3_6_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.36 |
|
07-May-2004 |
millert |
Replace RSA-derived md5 code with code derived from Colin Plumb's PD version. This moves md5.c out of libkern and into sys/crypto where it belongs (as requested by markus@). Note that md5.c is still mandatory (dev/rnd.c uses it). Verified with IPsec + hmac-md5 and tcp md5sig. OK henning@ and hshoexer@
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE
|
#
1.35 |
|
08-Jul-2003 |
itojun |
on interface removal, clear multicast forwarding stuff. from kame
|
#
1.34 |
|
28-Jun-2003 |
itojun |
i don't think pfsync needs a link-local addr.
|
Revision tags: UBC_SYNC_A
|
#
1.33 |
|
14-May-2003 |
itojun |
it is unlikely that we introduce 6to4 interface (IFT_STF) to openbsd.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_B
|
#
1.32 |
|
12-Sep-2002 |
itojun |
configure "next" pointer correctly. from j@pureftpd.org
|
#
1.31 |
|
11-Sep-2002 |
itojun |
fix pointer signedness mixup. sync w/kame
|
#
1.30 |
|
11-Sep-2002 |
itojun |
KNF - return is not a function. sync w/kame
|
#
1.29 |
|
11-Jun-2002 |
itojun |
silence some of log(), as the codepath will be visited for IPv6-non-capable interfaces too and can be annoying. net.inet6.icmp6.nd6_debug will re-enable them.
|
#
1.28 |
|
11-Jun-2002 |
itojun |
whitespace
|
#
1.27 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.26 |
|
07-Jun-2002 |
itojun |
whitespace sync w/kame
|
#
1.25 |
|
29-May-2002 |
itojun |
attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
|
#
1.24 |
|
29-May-2002 |
itojun |
move per-interface ip6/icmp6 stat to ifnet->if_afdata. sync w/kame
|
#
1.23 |
|
23-May-2002 |
itojun |
simplify condition to perform DAD. sync w/kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.22 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.21 |
|
07-Dec-2001 |
itojun |
branches: 1.21.2; whitespace/comment sync with kame
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.20 |
|
23-Aug-2001 |
itojun |
suppress printf() on non-multicast interface. suppress ipv6 initialization for IFT_PFLOG.
|
#
1.19 |
|
23-Aug-2001 |
itojun |
don't try to enable IPv6 on IFT_PFLOG.
|
#
1.18 |
|
18-Jul-2001 |
itojun |
avoid using malloc() during interupt context for multicast kludge entry. allocate it on interface initialization.
|
#
1.17 |
|
09-Jun-2001 |
angelos |
No need for net/net_osdep.h
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.16 |
|
16-Feb-2001 |
itojun |
cosmetic sync with kame
|
#
1.15 |
|
07-Feb-2001 |
itojun |
by default, don't bark on inbound ND messages, as outsider may be able to fill up /var with bogus packets. setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid ND packet and other occasions.
improve icmp6 stats.
|
#
1.14 |
|
18-Jan-2001 |
itojun |
do not remove default route by mistake, on interface removal.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.13 |
|
25-Oct-2000 |
jason |
silence the "no multicast" warning for IFT_ENC, too deraadt ok
|
#
1.12 |
|
18-Oct-2000 |
itojun |
don't try to configure IPv6 on bridge*. comment from deraadt
|
#
1.11 |
|
02-Oct-2000 |
itojun |
fix missing \n. from doug@freebsd (sync with kame)
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.10 |
|
05-May-2000 |
itojun |
cope with interface detach (like pcmcia card removal). remove any IPv6 addresses assigned to the interface. reported by ho, bunch of help from niklas. KAME PR 231.
|
#
1.9 |
|
27-Apr-2000 |
itojun |
correct in6_ifdetach(). free oia, not ia. Lennart says there are more problems to go (I don't own openbsd-current laptop). From: Lennart Augustsson <augustss@augustsson.net>
|
#
1.8 |
|
17-Apr-2000 |
itojun |
revisit in6_ifattach(). (1) make it more persistent about initializaing an interface (2) cleanup interface id selection. run NUD on p2p interface (required by spec for bidir p2p interface). add "ndp -i interface" (can tweak per-interface ND flag). (sync with more recent kame)
|
#
1.7 |
|
02-Mar-2000 |
itojun |
do not add ifa_dstaddr for non-pointopoint interface. IPv6 has no concept for "broadcast".
|
Revision tags: SMP_BASE
|
#
1.6 |
|
07-Feb-2000 |
itojun |
branches: 1.6.2; fix include file path related to ip6.
|
#
1.5 |
|
04-Feb-2000 |
itojun |
more coverage of in6_ifdetach()'s cleanup process. bug fix in SIOCGIFADDR_IN6 (point to point case).
|
#
1.4 |
|
02-Feb-2000 |
itojun |
- improve in6_ifdetach to remove (1) multicast kludge list (2) route to link-local allnode multicast (ff02:x::/32) - fix ifnet refcnt'ing in multicast kludge list management. - avoid dangling pointer in multicast kludge management.
(angelos, try this version of in6_ifdetach() - it should be better)
|
#
1.3 |
|
10-Dec-1999 |
itojun |
use proper type for in6_first_ifid (char -> u_int8_t) suggested by: deraadt
|
#
1.2 |
|
10-Dec-1999 |
angelos |
Remove remaining unnecessary ifdefs (itojun will hate me for this :-)
|
Revision tags: kame_19991208
|
#
1.1 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
#
1.114 |
|
21-Aug-2019 |
florian |
Remove support for semantically opace interface identifiers (RFC 7217) for IPv6 link local addresses.
Some hosting and VM providers route customer IPv6 prefixes to link local addresses derived from ethernet MAC addresses (RFC 2464). This leads to hard to debug IPv6 connectivity problems and is probably not worth the effort.
RFC 7721 lists 4 weaknesses:
3.1. Correlation of Activities over Time & 3.2. Location Tracking These are still possible with RFC 7217 addresses for an adversary connected to the same layer 2 network (think conference wifi). Since the link local prefix stays the same (fe80::/64) the link local addresses do not change between different networks. An adversary on the same layer 2 network can probably track ethernet MAC addresses via different means, too.
3.3. Address Scanning & 3.4. Device-Specific Vulnerability Exploitation These now become possible, however, as noted above a layer 2 adversary was probably able to do this via different means.
People concerned with these weaknesses are advised to use ifconfig lladdr random. OK benno input & OK kn
|
Revision tags: OPENBSD_6_5_BASE
|
#
1.113 |
|
13-Feb-2019 |
dlg |
change rt_ifa_add and rt_ifa_del so they take an rdomain argument.
this allows mpls interfaces (mpe, mpw) to pass the rdomain they wish the local label to be in, rather than have it implicitly forced to 0 by these functions. right now they'll pass 0, but it will soon be possible to have them rx packets in other rdomains.
previously the functions used ifp->if_rdomain for the rdomain. everything other than mpls still passes ifp->if_rdomain.
ok mpi@
|
#
1.112 |
|
10-Feb-2019 |
dlg |
remove the implict RTF_MPATH flag that rt_ifa_add() sets on new routes.
MPLS interfaces (ab)use rt_ifa_add for adding the local MPLS label that they listen on for incoming packets, while every other use of rt_ifa_add is for adding addresses on local interfaces. MPLS does this cos the addresses involved are in basically the same shape as ones used for setting up local addresses.
It is appropriate for interfaces to want RTF_MPATH on local addresses, but in the MPLS case it means you can have multiple local things listening on the same label, which doesn't actually work. mpe in particular keeps track of in use labels to it can handle collisions, however, mpw does not. It is currently possible to have multiple mpw interfaces on the same local label, and sharing the same label as mpe or possible normal forwarding labels.
Moving the RTF_MPATH flag out of rt_ifa_add means all the callers that still want it need to pass it themselves. The mpe and mpw callers are left alone without the flag, and will now get EEXIST from rt_ifa_add when a label is already in use.
ok (and a huge amount of patience and help) mpi@ claudio@ is ok with the idea, but saw a much much earlier solution to the problem
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.111 |
|
05-Oct-2018 |
florian |
Do not join node information multicast group (RFC 4620). Benno removed code to answer ICMP queries over 4 years ago. Aham Brahmasmi (aham.brahmasmi AT gmx.com) points out that we still joined the group though.
OK sthen, bluhm, kn
|
#
1.110 |
|
26-Aug-2018 |
mpi |
Do not add ::1 on non-default lo(4) as intended.
Reported by and ok sthen@
|
#
1.109 |
|
10-Jul-2018 |
florian |
When an interface doesn't have a layer 2 address in6_get_soii_ifid() failes and then later on a in in6_get_ifid() a layer 2 address is "borrowed" from from another interface.
Do the "borrowing" in in6_get_soii_ifid(), too so that semantically opaque interface identifiers work for these kind of interfaces, too.
OK phessler, benno
|
#
1.108 |
|
10-Jul-2018 |
florian |
When an interface doesn't have a layer 2 address in6_get_ifid() tries to "borrow" one from another interface. But then it checks if the U bit is set int the generated EUI64 address and rejects it. On the other hand for interfaces that do have a layer 2 address this check is skipped, so relax it for the "borrowing" case, too.
With this one gets stable link local addresses on e.g. gre(4) interfaces on certain virtualisation environments depending which mac addresses get picked for the vio(4) interfaces while previously we would end up with a random IP on every reboot.
Reported by Aaron A. Glenn via phessler.
OK phessler, benno
|
#
1.107 |
|
27-Mar-2018 |
dhill |
Use memcpy instead of bcopy when the memory does not overlap.
OK deraadt@ florian@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.106 |
|
13-Mar-2018 |
florian |
Calculate RFC7217 link-local style addresses the same way as slaacd(8).
RFC 7217 states (section 5, page 9): | The Interface Identifier is finally obtained by taking as many | bits from the RID value (computed in the previous step) as | necessary, starting from the least significant bit.
Problem in slaacd pointed out by semarie@.
OK sthen, phessler
|
#
1.105 |
|
10-Feb-2018 |
florian |
Implement RFC 7217: "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration."
"An IPv6 address configured using this method is stable within each subnet, but the corresponding Interface Identifier changes when the host moves from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware addresses."
OK naddy, sthen
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.104 |
|
01-Sep-2017 |
florian |
Use in6_get_rand_ifid() instead of get_last_resort_ifid() and delete the get_last_resort_ifid() function because eww. Also if your system is so constraint that you end up in in6_get_rand_ifid() you don't deserve a random ifid that stays stable over reboots. Simplify code a bit since get_ifid() can no longer fail. It couldn't fail before either because that code path was #if 0'ed. While here sprinkle in some in6_ prefixes, pointed out by stsp. OK stsp
|
#
1.103 |
|
11-Jul-2017 |
florian |
Purging is at last at hand. Day of Doom is here. All that is evil shall all be cleansed.
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Input & OK bluhm@, mpi@
|
#
1.102 |
|
16-May-2017 |
mpi |
Replace remaining splsoftassert(IPL_SOFTNET) by NET_ASSERT_LOCKED().
ok visa@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.101 |
|
29-Dec-2016 |
mpi |
Get rid of recursive splsoftnet() in in6_ifattach_linklocal().
ok visa@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.100 |
|
30-Jun-2016 |
mpi |
Restore the automagically added /64 route on p2p interfaces in order to send traffic to link-local addresses without default route.
Fix a regression reported by Michael Lechtermann, ok stsp@, sthen@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.99 |
|
02-Dec-2015 |
bluhm |
When destroying an interface, we have to wait until all references are not used anymore. This has to be done before any interface fields become invalid. As the route delete request cannot call if_get() anymore, pass down the interface. Split rtrequest_delete() into a separate function that may take an existing inteface. OK mpi@
|
#
1.98 |
|
24-Oct-2015 |
mpi |
Convert to rt_ifidx.
ok bluhm@
|
#
1.97 |
|
22-Oct-2015 |
bluhm |
Inspired by satosin(), use inline functions to convert sockaddr dl. Instead of casts they check wether the incoming object has the expected type. So introduce satosdl() and sdltosa() in the kernel. OK mpi@
|
#
1.96 |
|
12-Sep-2015 |
mpi |
Now that rtrequest1(9) properly sets RTF_UP for newly added route, stop passing it in every rt_ifa_add(9) calls.
ok claudio@
|
#
1.95 |
|
03-Sep-2015 |
mpi |
Change the order of operations for loopback interfaces to have ::1 configured before fe80::1.
(lo0:0) in pf should resolve to 127.0.0.1 ::1.
reported by and ok mikeb@
|
#
1.94 |
|
31-Aug-2015 |
mpi |
Do not install connected routes on loopback interfaces.
Previously loopback connected routes were managed via the global list of prefixes, which mean that systems with AUTOCONF'd addresses did not see them in the routing table.
This also makes inet6 route creation coherent with inet.
|
#
1.93 |
|
24-Aug-2015 |
mpi |
Start moving away from the global prefix list by limiting its usage to AUTOCONF'd addresses.
This prevent the kernel from removing connected (/64) routes as soon as it configures an AUTOCONF'd address based on a RA.
Tested by sebastia@, ok sthen@
|
#
1.92 |
|
24-Aug-2015 |
mpi |
Rework the code to decide when to perform DAD to no longer rely on the IN6_IFF_NODAD pseudo-flag not being set.
This was just a flag for spaghetti code that should not exist in the first place.
Tested by sebastia@, ok sthen@
|
#
1.91 |
|
17-Aug-2015 |
mpi |
Remove anoying comment about in6_update_ifa().
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.90 |
|
18-Jul-2015 |
mpi |
Merge two identical chunks to add new prefixes to the global data structures into a function.
ok florian@
|
#
1.89 |
|
16-Jul-2015 |
mpi |
Properly layer Router Solicitation code.
Tweak and ok florian@
|
#
1.88 |
|
08-Jun-2015 |
krw |
More damned eye searing whitespace. No change to .o files.
|
#
1.87 |
|
27-Apr-2015 |
mpi |
Do not call nd6_purge() before purging the IPv6 addresses of a detached interface.
Fix a use after free introduced in r1.98 of netinet6/in6.c and recently exposed by a crazy pool/malloc damage finder being currently refined by dlg@ and deraadt@.
ok mikeb@, henning@
|
#
1.86 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.85 |
|
05-Feb-2015 |
mpi |
Convert various rtrequest1(RTM_DELETE,...) calls to rtdeletemsg(9).
This unify some code and notify userland for free.
blambert@ agrees, ok bluhm@
|
#
1.84 |
|
28-Jan-2015 |
mpi |
Revert rtdeletemsg conversion. It was not ok'd, I misunderstood bluhm@'s email.
|
#
1.83 |
|
27-Jan-2015 |
mpi |
Ensure that link-local addresses are correctly configured on loopback interfaces.
When the kernel automagically configures IPv6 addresses on loopback interfaces, start by assigning a link-local address and then try to assign "::1".
Only the first configured loopback interface per rdomain can have the "::1" address. But even if other loopback interfaces failed to get this address, because it is already taken, give them a chance to have a link-local address.
While here change in6_ifattach() to return an error value and remove duplicated code.
Fix a regression introduced by the NOINET6 flag removal.
ok henning@, stsp@, florian@, benno@
|
#
1.82 |
|
26-Jan-2015 |
mpi |
Call rtdeletemsg(9) instead of rerolling its code. As a bonus you'll get userland notification for free.
ok blambert@, bluhm@
|
#
1.81 |
|
10-Jan-2015 |
mpi |
Correct some comments and merge in6_if_up() into in6_ifattach() to reflect that IPv6 link-local addresses are no longer automagically configured the first time an interface is brought up.
ok henning@, stsp@
|
#
1.80 |
|
08-Jan-2015 |
florian |
Clear autoconf6 flag after autoconf6 cleanup happened, not before. Otherwise clean up code will never run. OK mpi@, benno@, henning@
|
#
1.79 |
|
06-Jan-2015 |
stsp |
Remove the NOINET6 interface flag, a left-over from the times when IPv6 was enabled by default. Add AFATTACH/AFDETACH ioctls which enable/disable an address family for an interface (currently used for IPv6 only).
New kernel needs new ifconfig for IPv6 configuration (address assignment still works with old ifconfig making this easy to cross over).
Committing on behalf of henning@ who is currently lebensmittelvergiftet. ok stsp, benno, mpi
|
#
1.78 |
|
04-Dec-2014 |
tedu |
replace md5 with sha512. ok deraadt
|
#
1.77 |
|
20-Nov-2014 |
mpi |
What have no need for a variable that holds the maximum MTU size of interfaces with an IPv6 address.
ok henning@, mikeb@, deraadt@
|
#
1.76 |
|
18-Nov-2014 |
krw |
Nuke yet more obvious #include duplications.
ok miod@
|
#
1.75 |
|
18-Nov-2014 |
tedu |
move arc4random prototype to systm.h. more appropriate for most code to include that than rdnvar.h. ok deraadt dlg
|
#
1.74 |
|
01-Nov-2014 |
mpi |
Rename rtalloc1() into rtalloc(9) and convert its flags to only enable functionnality instead of a mix of enable/disable.
ok bluhm@, jca@
|
#
1.73 |
|
25-Aug-2014 |
florian |
Move sending of router solicitations to the kernel; receiving and processing of router advertisements was already in the kernel. With this rtsol{,d}(8) is no longer necessary.
The kernel starts sending solicitations with # ifconfig $IF inet6 autoconf or inet6 autoconf in /etc/hostname.$IF.
input stsp@ much help & OK mpi@ tweaks & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.72 |
|
01-Jul-2014 |
benno |
When a carp interface is created with IFXF_NOINET6 flag, no link-local address will be created when the vhid (and MAC) is set. Depending on the order of the configuration the interface can end up with a ipv6 address, but no v6 link-local and no working neigbor discovery.
Removing this case statement will result in the link-local address being configured by "ifconfig up" if the inet6 address was configured before. If you are using inet6 on carp, put an "up" at the end of your hostname.if. I will work on a better solution at g2k14.
ok henning, mpi
|
#
1.71 |
|
26-Jun-2014 |
mpi |
Calling in{6,}_purgeaddr() is not enough to remove an address from an interface. Two other operations are performed when issuing a SIOCDIFADDR{_IN6,} ioctl: call the address hook and the per-driver ioctl function.
Since carp(4) relies on an address hook to recalculate its hash, make sure to call this hook when IFXF_NOINET6 is set or when the rdomain is changed.
ok henning@, mikeb@
|
#
1.70 |
|
03-Jun-2014 |
mpi |
Do not include <sys/malloc.h> where it is not needed.
|
#
1.69 |
|
20-May-2014 |
mpi |
Fix eui64 address generation, broken since the removal of the link-layer address from the per-ifp list.
Found the hard way by weerd@, florian@ and stsp@, ok florian@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.68 |
|
21-Jan-2014 |
mpi |
Do not clean the multicast records of an interface when it is destroyed (unplugged). Even if it makes no sense to keep them around if the interface is no more, we cannot safely remove them since pcb multicast options might keep a pointer to them.
Fixes a user after free introduced by the multicast address linking rewrite and reported by Alexey Suslikov, thanks!
ok claudio@
|
#
1.67 |
|
13-Jan-2014 |
bluhm |
Call all local valiables of type struct in6_ifaddr "ia6". This is consistent with struct ifaddr "ifa" and struct in_ifaddr "ia". OK mpi@
|
#
1.66 |
|
07-Jan-2014 |
stsp |
Some follow-up fixes for IFID collision handling in IPv6CP.
Really change the link-local address in the unlikely event of an IFID collision, instead of going into an infinite conf-nak loop with the peer.
To make the netinet6 code use the IPv6CP IFID in a new link-local address, in6_ifattach_linklocal() must accept a provided IFID. Replace the unused 'altifp' parameter with a new 'ifid' parameter for this purpose.
Always use the latest suggested address in IPv6CP replies, even if the task to update the interface's address hasn't run yet. Also, clear the ifindex (KAME hack) in addresses sent during IPv6CP.
ok mpi
|
#
1.65 |
|
06-Jan-2014 |
stsp |
Make in6_ifdetach() remove the ff01::1 route for the detaching interface, too. The route used to linger after an interface detached from IPv6. ok mikeb
|
#
1.64 |
|
28-Nov-2013 |
mpi |
Change the way protocol multicast addresses are linked to an interface.
Instead of linking multicast records to the first configured address of the corresponding protocol, making this address and its position in the global list special, add them to a new list directly linked to the interface descriptor.
This new multicast address list is similar to the address list, all its elements contain a protocol agnostic part. This design allows us to be able to join a multicast group without necessarily having a configured address. That means IPv6 multicast kludges are no longer needed.
Another benefit is to be able to add and remove an IP address from an interface without worrying about multicast records. That means that the global IPv4 list is no longer needed since the first configured address of an interface is no longer special.
This new list might also be extended in the future to contain the link-layer addresses used to configure hardware filters.
Tested by sthen@ and weerd@, ok mikeb@
|
#
1.63 |
|
19-Nov-2013 |
mpi |
Remove some FDDI/ATM leftovers.
ok mikeb@, henning@, deraadt@, brad@, miod@
|
#
1.62 |
|
17-Oct-2013 |
bluhm |
The header file netinet/in_var.h included netinet6/in6_var.h. This created a bunch of useless dependencies. Remove this implicit inclusion and do an explicit #include <netinet6/in6_var.h> when it is needed. OK mpi@ henning@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.61 |
|
31-May-2013 |
bluhm |
Remove a bunch of sockaddr_in6 pointer casts and replace others with sin6tosa() or satosin6() inline functions. This allows the compiler to check the types more strictly. OK mpi@
|
#
1.60 |
|
26-Mar-2013 |
bluhm |
Remove a block of dead code in in6_ifdetach(). It was never executed due to the wrong & in satosin6(&ifa->ifa_addr). The link local prefix fe80 was not checked within the IPv6 address, but within some pointers of the interface address struct. The whole loop around this was also never executed as all IPv6 addresses had already been purged. OK sperreault@ mpi@ mikeb@
|
#
1.59 |
|
25-Mar-2013 |
mpi |
Substitute the handcrafted list of IPv6 addresses by a proper TAILQ.
ok bluhm@, mikeb@
|
#
1.58 |
|
07-Mar-2013 |
mpi |
Remove the IFAFREE() macro, the ifafree() function it was calling already check for the reference counter.
ok mikeb@, miod@, pelikan@, kettenis@, krw@
|
#
1.57 |
|
04-Mar-2013 |
bluhm |
Replace the cast to struct in6_ifaddr pointer with the ifatoia6() macro. No binary change. OK claudio@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.56 |
|
19-Sep-2012 |
bluhm |
Use TAILQ_FOREACH macro for loops. No binary diff. OK henning@
|
#
1.55 |
|
21-Aug-2012 |
bluhm |
Reverse the name and meaning of the IFXF_INET6_PRIVACY interface flag. It is now called IFXF_INET6_NOPRIVACY. So IPv6 privacy addresses are on by default without resetting the flag during ifconfig down/up. OK stsp@, sperreault@ (who wrote the same diff)
|
#
1.54 |
|
15-Aug-2012 |
sperreault |
Enable IPv6 autoconfprivacy by default
diff originally by stsp@ "please commit it" deraadt@ "don't care" stsp@ "don't like" bluhm@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.53 |
|
03-Jan-2012 |
bluhm |
To access the ifaddr of an in_ifaddr or in6_ifaddr struct, it is cleaner to access the first member via ia_ifa instead of casting. No binary change. ok henning@ krw@
|
#
1.52 |
|
24-Nov-2011 |
sperreault |
rdomain support for IPv6 ok mikeb
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.51 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.50 |
|
08-Feb-2010 |
jsing |
More destatic and ansification.
ok claudio@ naddy@
|
#
1.49 |
|
13-Jan-2010 |
henning |
instead of fiddling with the per-interface address lists directly in many places create a proper API (ifa_add / ifa_del) and use it. ok theo ryan dlg
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.48 |
|
30-Jan-2009 |
mcbride |
"XXX: should this be performed under splnet()?"... Yes, yes it should. Interface configuration causes neighbour discoverery, which runs packets through parts of the stack that require at least splsoftnet(), like pf and pfsync.
ok dlg
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.47 |
|
11-Jun-2008 |
mcbride |
ANSIfy to sync with KAME. From Karl Sjodahl <dunceor@gmail.com>.
ok todd deraadt naddy bluhm
|
#
1.46 |
|
11-May-2008 |
claudio |
rtrequest to rtrequest1 conversion in inet6. With that no rtrequest should be left over. OK henning@
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.45 |
|
08-Jun-2007 |
henning |
kill arcnet leftovers, some pt out by Mike Belopuhov <mkb@crypt.org.ru>, some I found afterwards, ok dlg
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.44 |
|
15-Nov-2006 |
itojun |
unifdef -USCOPEDROUTING
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.43 |
|
31-Aug-2006 |
mcbride |
Automatically add a IPv6 link-local address to carp interfaces when the virtual MAC address is set. Among other things, this makes route6d work correctly on systems with carp interfaces.
In order to ensure backwards compatibility, we do not include IPv6 link-local addresses in generating the HMAC, but we accept HMACs with AND without the link-local addresses. They will be added to the HMAC in a future release.
In short: this change should only affect backwards compatibility for IPv6 users who are manually adding link-local addresses on carp interfaces.
testing mtu@ todd@ ok mpf@ henning@ deraadt@
|
#
1.42 |
|
16-Jun-2006 |
henning |
adjust functions dealing with the routing table to take a table ID as parameter so they can work on alternate tables. table 0 hardcoded for many callers yet, that will be adapted step by step. input + ok claudio norby hshoexer
|
#
1.41 |
|
27-May-2006 |
claudio |
Do the same thing as for IPv4. Use a sysctl to enable/disable mfrowarding and additionaly make the code part of the MROUTING option. Put it in deraadt@
|
#
1.40 |
|
05-Mar-2006 |
miod |
Use more queue macros rather than doing it by hand; ok otto@ krw@
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.39 |
|
23-May-2005 |
mpf |
carp needs a multicast kludge storage. Fixes PR 4211. OK mcbride@
|
#
1.38 |
|
21-Apr-2005 |
itojun |
remove (now obsolete) handling of IFT_PROPVIRTUAL/bridge*. tested by camield@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.37 |
|
07-Dec-2004 |
mcbride |
Convert carp(4) to behave more like a regular interface, much in the same style as vlan(4). carp interfaces no longer require the physical interface to be on the same subnet as the carp interface, or even that the physical interface has an adress at all, so CARP can now be used on /30 networks.
ok deraadt@ henning@
|
Revision tags: OPENBSD_3_6_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.36 |
|
07-May-2004 |
millert |
Replace RSA-derived md5 code with code derived from Colin Plumb's PD version. This moves md5.c out of libkern and into sys/crypto where it belongs (as requested by markus@). Note that md5.c is still mandatory (dev/rnd.c uses it). Verified with IPsec + hmac-md5 and tcp md5sig. OK henning@ and hshoexer@
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE
|
#
1.35 |
|
08-Jul-2003 |
itojun |
on interface removal, clear multicast forwarding stuff. from kame
|
#
1.34 |
|
28-Jun-2003 |
itojun |
i don't think pfsync needs a link-local addr.
|
Revision tags: UBC_SYNC_A
|
#
1.33 |
|
14-May-2003 |
itojun |
it is unlikely that we introduce 6to4 interface (IFT_STF) to openbsd.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_B
|
#
1.32 |
|
12-Sep-2002 |
itojun |
configure "next" pointer correctly. from j@pureftpd.org
|
#
1.31 |
|
11-Sep-2002 |
itojun |
fix pointer signedness mixup. sync w/kame
|
#
1.30 |
|
11-Sep-2002 |
itojun |
KNF - return is not a function. sync w/kame
|
#
1.29 |
|
11-Jun-2002 |
itojun |
silence some of log(), as the codepath will be visited for IPv6-non-capable interfaces too and can be annoying. net.inet6.icmp6.nd6_debug will re-enable them.
|
#
1.28 |
|
11-Jun-2002 |
itojun |
whitespace
|
#
1.27 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.26 |
|
07-Jun-2002 |
itojun |
whitespace sync w/kame
|
#
1.25 |
|
29-May-2002 |
itojun |
attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
|
#
1.24 |
|
29-May-2002 |
itojun |
move per-interface ip6/icmp6 stat to ifnet->if_afdata. sync w/kame
|
#
1.23 |
|
23-May-2002 |
itojun |
simplify condition to perform DAD. sync w/kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.22 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.21 |
|
07-Dec-2001 |
itojun |
branches: 1.21.2; whitespace/comment sync with kame
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.20 |
|
23-Aug-2001 |
itojun |
suppress printf() on non-multicast interface. suppress ipv6 initialization for IFT_PFLOG.
|
#
1.19 |
|
23-Aug-2001 |
itojun |
don't try to enable IPv6 on IFT_PFLOG.
|
#
1.18 |
|
18-Jul-2001 |
itojun |
avoid using malloc() during interupt context for multicast kludge entry. allocate it on interface initialization.
|
#
1.17 |
|
09-Jun-2001 |
angelos |
No need for net/net_osdep.h
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.16 |
|
16-Feb-2001 |
itojun |
cosmetic sync with kame
|
#
1.15 |
|
07-Feb-2001 |
itojun |
by default, don't bark on inbound ND messages, as outsider may be able to fill up /var with bogus packets. setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid ND packet and other occasions.
improve icmp6 stats.
|
#
1.14 |
|
18-Jan-2001 |
itojun |
do not remove default route by mistake, on interface removal.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.13 |
|
25-Oct-2000 |
jason |
silence the "no multicast" warning for IFT_ENC, too deraadt ok
|
#
1.12 |
|
18-Oct-2000 |
itojun |
don't try to configure IPv6 on bridge*. comment from deraadt
|
#
1.11 |
|
02-Oct-2000 |
itojun |
fix missing \n. from doug@freebsd (sync with kame)
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.10 |
|
05-May-2000 |
itojun |
cope with interface detach (like pcmcia card removal). remove any IPv6 addresses assigned to the interface. reported by ho, bunch of help from niklas. KAME PR 231.
|
#
1.9 |
|
27-Apr-2000 |
itojun |
correct in6_ifdetach(). free oia, not ia. Lennart says there are more problems to go (I don't own openbsd-current laptop). From: Lennart Augustsson <augustss@augustsson.net>
|
#
1.8 |
|
17-Apr-2000 |
itojun |
revisit in6_ifattach(). (1) make it more persistent about initializaing an interface (2) cleanup interface id selection. run NUD on p2p interface (required by spec for bidir p2p interface). add "ndp -i interface" (can tweak per-interface ND flag). (sync with more recent kame)
|
#
1.7 |
|
02-Mar-2000 |
itojun |
do not add ifa_dstaddr for non-pointopoint interface. IPv6 has no concept for "broadcast".
|
Revision tags: SMP_BASE
|
#
1.6 |
|
07-Feb-2000 |
itojun |
branches: 1.6.2; fix include file path related to ip6.
|
#
1.5 |
|
04-Feb-2000 |
itojun |
more coverage of in6_ifdetach()'s cleanup process. bug fix in SIOCGIFADDR_IN6 (point to point case).
|
#
1.4 |
|
02-Feb-2000 |
itojun |
- improve in6_ifdetach to remove (1) multicast kludge list (2) route to link-local allnode multicast (ff02:x::/32) - fix ifnet refcnt'ing in multicast kludge list management. - avoid dangling pointer in multicast kludge management.
(angelos, try this version of in6_ifdetach() - it should be better)
|
#
1.3 |
|
10-Dec-1999 |
itojun |
use proper type for in6_first_ifid (char -> u_int8_t) suggested by: deraadt
|
#
1.2 |
|
10-Dec-1999 |
angelos |
Remove remaining unnecessary ifdefs (itojun will hate me for this :-)
|
Revision tags: kame_19991208
|
#
1.1 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
#
1.113 |
|
13-Feb-2019 |
dlg |
change rt_ifa_add and rt_ifa_del so they take an rdomain argument.
this allows mpls interfaces (mpe, mpw) to pass the rdomain they wish the local label to be in, rather than have it implicitly forced to 0 by these functions. right now they'll pass 0, but it will soon be possible to have them rx packets in other rdomains.
previously the functions used ifp->if_rdomain for the rdomain. everything other than mpls still passes ifp->if_rdomain.
ok mpi@
|
#
1.112 |
|
10-Feb-2019 |
dlg |
remove the implict RTF_MPATH flag that rt_ifa_add() sets on new routes.
MPLS interfaces (ab)use rt_ifa_add for adding the local MPLS label that they listen on for incoming packets, while every other use of rt_ifa_add is for adding addresses on local interfaces. MPLS does this cos the addresses involved are in basically the same shape as ones used for setting up local addresses.
It is appropriate for interfaces to want RTF_MPATH on local addresses, but in the MPLS case it means you can have multiple local things listening on the same label, which doesn't actually work. mpe in particular keeps track of in use labels to it can handle collisions, however, mpw does not. It is currently possible to have multiple mpw interfaces on the same local label, and sharing the same label as mpe or possible normal forwarding labels.
Moving the RTF_MPATH flag out of rt_ifa_add means all the callers that still want it need to pass it themselves. The mpe and mpw callers are left alone without the flag, and will now get EEXIST from rt_ifa_add when a label is already in use.
ok (and a huge amount of patience and help) mpi@ claudio@ is ok with the idea, but saw a much much earlier solution to the problem
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.111 |
|
05-Oct-2018 |
florian |
Do not join node information multicast group (RFC 4620). Benno removed code to answer ICMP queries over 4 years ago. Aham Brahmasmi (aham.brahmasmi AT gmx.com) points out that we still joined the group though.
OK sthen, bluhm, kn
|
#
1.110 |
|
26-Aug-2018 |
mpi |
Do not add ::1 on non-default lo(4) as intended.
Reported by and ok sthen@
|
#
1.109 |
|
10-Jul-2018 |
florian |
When an interface doesn't have a layer 2 address in6_get_soii_ifid() failes and then later on a in in6_get_ifid() a layer 2 address is "borrowed" from from another interface.
Do the "borrowing" in in6_get_soii_ifid(), too so that semantically opaque interface identifiers work for these kind of interfaces, too.
OK phessler, benno
|
#
1.108 |
|
10-Jul-2018 |
florian |
When an interface doesn't have a layer 2 address in6_get_ifid() tries to "borrow" one from another interface. But then it checks if the U bit is set int the generated EUI64 address and rejects it. On the other hand for interfaces that do have a layer 2 address this check is skipped, so relax it for the "borrowing" case, too.
With this one gets stable link local addresses on e.g. gre(4) interfaces on certain virtualisation environments depending which mac addresses get picked for the vio(4) interfaces while previously we would end up with a random IP on every reboot.
Reported by Aaron A. Glenn via phessler.
OK phessler, benno
|
#
1.107 |
|
27-Mar-2018 |
dhill |
Use memcpy instead of bcopy when the memory does not overlap.
OK deraadt@ florian@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.106 |
|
13-Mar-2018 |
florian |
Calculate RFC7217 link-local style addresses the same way as slaacd(8).
RFC 7217 states (section 5, page 9): | The Interface Identifier is finally obtained by taking as many | bits from the RID value (computed in the previous step) as | necessary, starting from the least significant bit.
Problem in slaacd pointed out by semarie@.
OK sthen, phessler
|
#
1.105 |
|
10-Feb-2018 |
florian |
Implement RFC 7217: "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration."
"An IPv6 address configured using this method is stable within each subnet, but the corresponding Interface Identifier changes when the host moves from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware addresses."
OK naddy, sthen
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.104 |
|
01-Sep-2017 |
florian |
Use in6_get_rand_ifid() instead of get_last_resort_ifid() and delete the get_last_resort_ifid() function because eww. Also if your system is so constraint that you end up in in6_get_rand_ifid() you don't deserve a random ifid that stays stable over reboots. Simplify code a bit since get_ifid() can no longer fail. It couldn't fail before either because that code path was #if 0'ed. While here sprinkle in some in6_ prefixes, pointed out by stsp. OK stsp
|
#
1.103 |
|
11-Jul-2017 |
florian |
Purging is at last at hand. Day of Doom is here. All that is evil shall all be cleansed.
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Input & OK bluhm@, mpi@
|
#
1.102 |
|
16-May-2017 |
mpi |
Replace remaining splsoftassert(IPL_SOFTNET) by NET_ASSERT_LOCKED().
ok visa@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.101 |
|
29-Dec-2016 |
mpi |
Get rid of recursive splsoftnet() in in6_ifattach_linklocal().
ok visa@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.100 |
|
30-Jun-2016 |
mpi |
Restore the automagically added /64 route on p2p interfaces in order to send traffic to link-local addresses without default route.
Fix a regression reported by Michael Lechtermann, ok stsp@, sthen@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.99 |
|
02-Dec-2015 |
bluhm |
When destroying an interface, we have to wait until all references are not used anymore. This has to be done before any interface fields become invalid. As the route delete request cannot call if_get() anymore, pass down the interface. Split rtrequest_delete() into a separate function that may take an existing inteface. OK mpi@
|
#
1.98 |
|
24-Oct-2015 |
mpi |
Convert to rt_ifidx.
ok bluhm@
|
#
1.97 |
|
22-Oct-2015 |
bluhm |
Inspired by satosin(), use inline functions to convert sockaddr dl. Instead of casts they check wether the incoming object has the expected type. So introduce satosdl() and sdltosa() in the kernel. OK mpi@
|
#
1.96 |
|
12-Sep-2015 |
mpi |
Now that rtrequest1(9) properly sets RTF_UP for newly added route, stop passing it in every rt_ifa_add(9) calls.
ok claudio@
|
#
1.95 |
|
03-Sep-2015 |
mpi |
Change the order of operations for loopback interfaces to have ::1 configured before fe80::1.
(lo0:0) in pf should resolve to 127.0.0.1 ::1.
reported by and ok mikeb@
|
#
1.94 |
|
31-Aug-2015 |
mpi |
Do not install connected routes on loopback interfaces.
Previously loopback connected routes were managed via the global list of prefixes, which mean that systems with AUTOCONF'd addresses did not see them in the routing table.
This also makes inet6 route creation coherent with inet.
|
#
1.93 |
|
24-Aug-2015 |
mpi |
Start moving away from the global prefix list by limiting its usage to AUTOCONF'd addresses.
This prevent the kernel from removing connected (/64) routes as soon as it configures an AUTOCONF'd address based on a RA.
Tested by sebastia@, ok sthen@
|
#
1.92 |
|
24-Aug-2015 |
mpi |
Rework the code to decide when to perform DAD to no longer rely on the IN6_IFF_NODAD pseudo-flag not being set.
This was just a flag for spaghetti code that should not exist in the first place.
Tested by sebastia@, ok sthen@
|
#
1.91 |
|
17-Aug-2015 |
mpi |
Remove anoying comment about in6_update_ifa().
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.90 |
|
18-Jul-2015 |
mpi |
Merge two identical chunks to add new prefixes to the global data structures into a function.
ok florian@
|
#
1.89 |
|
16-Jul-2015 |
mpi |
Properly layer Router Solicitation code.
Tweak and ok florian@
|
#
1.88 |
|
08-Jun-2015 |
krw |
More damned eye searing whitespace. No change to .o files.
|
#
1.87 |
|
27-Apr-2015 |
mpi |
Do not call nd6_purge() before purging the IPv6 addresses of a detached interface.
Fix a use after free introduced in r1.98 of netinet6/in6.c and recently exposed by a crazy pool/malloc damage finder being currently refined by dlg@ and deraadt@.
ok mikeb@, henning@
|
#
1.86 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.85 |
|
05-Feb-2015 |
mpi |
Convert various rtrequest1(RTM_DELETE,...) calls to rtdeletemsg(9).
This unify some code and notify userland for free.
blambert@ agrees, ok bluhm@
|
#
1.84 |
|
28-Jan-2015 |
mpi |
Revert rtdeletemsg conversion. It was not ok'd, I misunderstood bluhm@'s email.
|
#
1.83 |
|
27-Jan-2015 |
mpi |
Ensure that link-local addresses are correctly configured on loopback interfaces.
When the kernel automagically configures IPv6 addresses on loopback interfaces, start by assigning a link-local address and then try to assign "::1".
Only the first configured loopback interface per rdomain can have the "::1" address. But even if other loopback interfaces failed to get this address, because it is already taken, give them a chance to have a link-local address.
While here change in6_ifattach() to return an error value and remove duplicated code.
Fix a regression introduced by the NOINET6 flag removal.
ok henning@, stsp@, florian@, benno@
|
#
1.82 |
|
26-Jan-2015 |
mpi |
Call rtdeletemsg(9) instead of rerolling its code. As a bonus you'll get userland notification for free.
ok blambert@, bluhm@
|
#
1.81 |
|
10-Jan-2015 |
mpi |
Correct some comments and merge in6_if_up() into in6_ifattach() to reflect that IPv6 link-local addresses are no longer automagically configured the first time an interface is brought up.
ok henning@, stsp@
|
#
1.80 |
|
08-Jan-2015 |
florian |
Clear autoconf6 flag after autoconf6 cleanup happened, not before. Otherwise clean up code will never run. OK mpi@, benno@, henning@
|
#
1.79 |
|
06-Jan-2015 |
stsp |
Remove the NOINET6 interface flag, a left-over from the times when IPv6 was enabled by default. Add AFATTACH/AFDETACH ioctls which enable/disable an address family for an interface (currently used for IPv6 only).
New kernel needs new ifconfig for IPv6 configuration (address assignment still works with old ifconfig making this easy to cross over).
Committing on behalf of henning@ who is currently lebensmittelvergiftet. ok stsp, benno, mpi
|
#
1.78 |
|
04-Dec-2014 |
tedu |
replace md5 with sha512. ok deraadt
|
#
1.77 |
|
20-Nov-2014 |
mpi |
What have no need for a variable that holds the maximum MTU size of interfaces with an IPv6 address.
ok henning@, mikeb@, deraadt@
|
#
1.76 |
|
18-Nov-2014 |
krw |
Nuke yet more obvious #include duplications.
ok miod@
|
#
1.75 |
|
18-Nov-2014 |
tedu |
move arc4random prototype to systm.h. more appropriate for most code to include that than rdnvar.h. ok deraadt dlg
|
#
1.74 |
|
01-Nov-2014 |
mpi |
Rename rtalloc1() into rtalloc(9) and convert its flags to only enable functionnality instead of a mix of enable/disable.
ok bluhm@, jca@
|
#
1.73 |
|
25-Aug-2014 |
florian |
Move sending of router solicitations to the kernel; receiving and processing of router advertisements was already in the kernel. With this rtsol{,d}(8) is no longer necessary.
The kernel starts sending solicitations with # ifconfig $IF inet6 autoconf or inet6 autoconf in /etc/hostname.$IF.
input stsp@ much help & OK mpi@ tweaks & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.72 |
|
01-Jul-2014 |
benno |
When a carp interface is created with IFXF_NOINET6 flag, no link-local address will be created when the vhid (and MAC) is set. Depending on the order of the configuration the interface can end up with a ipv6 address, but no v6 link-local and no working neigbor discovery.
Removing this case statement will result in the link-local address being configured by "ifconfig up" if the inet6 address was configured before. If you are using inet6 on carp, put an "up" at the end of your hostname.if. I will work on a better solution at g2k14.
ok henning, mpi
|
#
1.71 |
|
26-Jun-2014 |
mpi |
Calling in{6,}_purgeaddr() is not enough to remove an address from an interface. Two other operations are performed when issuing a SIOCDIFADDR{_IN6,} ioctl: call the address hook and the per-driver ioctl function.
Since carp(4) relies on an address hook to recalculate its hash, make sure to call this hook when IFXF_NOINET6 is set or when the rdomain is changed.
ok henning@, mikeb@
|
#
1.70 |
|
03-Jun-2014 |
mpi |
Do not include <sys/malloc.h> where it is not needed.
|
#
1.69 |
|
20-May-2014 |
mpi |
Fix eui64 address generation, broken since the removal of the link-layer address from the per-ifp list.
Found the hard way by weerd@, florian@ and stsp@, ok florian@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.68 |
|
21-Jan-2014 |
mpi |
Do not clean the multicast records of an interface when it is destroyed (unplugged). Even if it makes no sense to keep them around if the interface is no more, we cannot safely remove them since pcb multicast options might keep a pointer to them.
Fixes a user after free introduced by the multicast address linking rewrite and reported by Alexey Suslikov, thanks!
ok claudio@
|
#
1.67 |
|
13-Jan-2014 |
bluhm |
Call all local valiables of type struct in6_ifaddr "ia6". This is consistent with struct ifaddr "ifa" and struct in_ifaddr "ia". OK mpi@
|
#
1.66 |
|
07-Jan-2014 |
stsp |
Some follow-up fixes for IFID collision handling in IPv6CP.
Really change the link-local address in the unlikely event of an IFID collision, instead of going into an infinite conf-nak loop with the peer.
To make the netinet6 code use the IPv6CP IFID in a new link-local address, in6_ifattach_linklocal() must accept a provided IFID. Replace the unused 'altifp' parameter with a new 'ifid' parameter for this purpose.
Always use the latest suggested address in IPv6CP replies, even if the task to update the interface's address hasn't run yet. Also, clear the ifindex (KAME hack) in addresses sent during IPv6CP.
ok mpi
|
#
1.65 |
|
06-Jan-2014 |
stsp |
Make in6_ifdetach() remove the ff01::1 route for the detaching interface, too. The route used to linger after an interface detached from IPv6. ok mikeb
|
#
1.64 |
|
28-Nov-2013 |
mpi |
Change the way protocol multicast addresses are linked to an interface.
Instead of linking multicast records to the first configured address of the corresponding protocol, making this address and its position in the global list special, add them to a new list directly linked to the interface descriptor.
This new multicast address list is similar to the address list, all its elements contain a protocol agnostic part. This design allows us to be able to join a multicast group without necessarily having a configured address. That means IPv6 multicast kludges are no longer needed.
Another benefit is to be able to add and remove an IP address from an interface without worrying about multicast records. That means that the global IPv4 list is no longer needed since the first configured address of an interface is no longer special.
This new list might also be extended in the future to contain the link-layer addresses used to configure hardware filters.
Tested by sthen@ and weerd@, ok mikeb@
|
#
1.63 |
|
19-Nov-2013 |
mpi |
Remove some FDDI/ATM leftovers.
ok mikeb@, henning@, deraadt@, brad@, miod@
|
#
1.62 |
|
17-Oct-2013 |
bluhm |
The header file netinet/in_var.h included netinet6/in6_var.h. This created a bunch of useless dependencies. Remove this implicit inclusion and do an explicit #include <netinet6/in6_var.h> when it is needed. OK mpi@ henning@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.61 |
|
31-May-2013 |
bluhm |
Remove a bunch of sockaddr_in6 pointer casts and replace others with sin6tosa() or satosin6() inline functions. This allows the compiler to check the types more strictly. OK mpi@
|
#
1.60 |
|
26-Mar-2013 |
bluhm |
Remove a block of dead code in in6_ifdetach(). It was never executed due to the wrong & in satosin6(&ifa->ifa_addr). The link local prefix fe80 was not checked within the IPv6 address, but within some pointers of the interface address struct. The whole loop around this was also never executed as all IPv6 addresses had already been purged. OK sperreault@ mpi@ mikeb@
|
#
1.59 |
|
25-Mar-2013 |
mpi |
Substitute the handcrafted list of IPv6 addresses by a proper TAILQ.
ok bluhm@, mikeb@
|
#
1.58 |
|
07-Mar-2013 |
mpi |
Remove the IFAFREE() macro, the ifafree() function it was calling already check for the reference counter.
ok mikeb@, miod@, pelikan@, kettenis@, krw@
|
#
1.57 |
|
04-Mar-2013 |
bluhm |
Replace the cast to struct in6_ifaddr pointer with the ifatoia6() macro. No binary change. OK claudio@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.56 |
|
19-Sep-2012 |
bluhm |
Use TAILQ_FOREACH macro for loops. No binary diff. OK henning@
|
#
1.55 |
|
21-Aug-2012 |
bluhm |
Reverse the name and meaning of the IFXF_INET6_PRIVACY interface flag. It is now called IFXF_INET6_NOPRIVACY. So IPv6 privacy addresses are on by default without resetting the flag during ifconfig down/up. OK stsp@, sperreault@ (who wrote the same diff)
|
#
1.54 |
|
15-Aug-2012 |
sperreault |
Enable IPv6 autoconfprivacy by default
diff originally by stsp@ "please commit it" deraadt@ "don't care" stsp@ "don't like" bluhm@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.53 |
|
03-Jan-2012 |
bluhm |
To access the ifaddr of an in_ifaddr or in6_ifaddr struct, it is cleaner to access the first member via ia_ifa instead of casting. No binary change. ok henning@ krw@
|
#
1.52 |
|
24-Nov-2011 |
sperreault |
rdomain support for IPv6 ok mikeb
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.51 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.50 |
|
08-Feb-2010 |
jsing |
More destatic and ansification.
ok claudio@ naddy@
|
#
1.49 |
|
13-Jan-2010 |
henning |
instead of fiddling with the per-interface address lists directly in many places create a proper API (ifa_add / ifa_del) and use it. ok theo ryan dlg
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.48 |
|
30-Jan-2009 |
mcbride |
"XXX: should this be performed under splnet()?"... Yes, yes it should. Interface configuration causes neighbour discoverery, which runs packets through parts of the stack that require at least splsoftnet(), like pf and pfsync.
ok dlg
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.47 |
|
11-Jun-2008 |
mcbride |
ANSIfy to sync with KAME. From Karl Sjodahl <dunceor@gmail.com>.
ok todd deraadt naddy bluhm
|
#
1.46 |
|
11-May-2008 |
claudio |
rtrequest to rtrequest1 conversion in inet6. With that no rtrequest should be left over. OK henning@
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.45 |
|
08-Jun-2007 |
henning |
kill arcnet leftovers, some pt out by Mike Belopuhov <mkb@crypt.org.ru>, some I found afterwards, ok dlg
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.44 |
|
15-Nov-2006 |
itojun |
unifdef -USCOPEDROUTING
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.43 |
|
31-Aug-2006 |
mcbride |
Automatically add a IPv6 link-local address to carp interfaces when the virtual MAC address is set. Among other things, this makes route6d work correctly on systems with carp interfaces.
In order to ensure backwards compatibility, we do not include IPv6 link-local addresses in generating the HMAC, but we accept HMACs with AND without the link-local addresses. They will be added to the HMAC in a future release.
In short: this change should only affect backwards compatibility for IPv6 users who are manually adding link-local addresses on carp interfaces.
testing mtu@ todd@ ok mpf@ henning@ deraadt@
|
#
1.42 |
|
16-Jun-2006 |
henning |
adjust functions dealing with the routing table to take a table ID as parameter so they can work on alternate tables. table 0 hardcoded for many callers yet, that will be adapted step by step. input + ok claudio norby hshoexer
|
#
1.41 |
|
27-May-2006 |
claudio |
Do the same thing as for IPv4. Use a sysctl to enable/disable mfrowarding and additionaly make the code part of the MROUTING option. Put it in deraadt@
|
#
1.40 |
|
05-Mar-2006 |
miod |
Use more queue macros rather than doing it by hand; ok otto@ krw@
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.39 |
|
23-May-2005 |
mpf |
carp needs a multicast kludge storage. Fixes PR 4211. OK mcbride@
|
#
1.38 |
|
21-Apr-2005 |
itojun |
remove (now obsolete) handling of IFT_PROPVIRTUAL/bridge*. tested by camield@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.37 |
|
07-Dec-2004 |
mcbride |
Convert carp(4) to behave more like a regular interface, much in the same style as vlan(4). carp interfaces no longer require the physical interface to be on the same subnet as the carp interface, or even that the physical interface has an adress at all, so CARP can now be used on /30 networks.
ok deraadt@ henning@
|
Revision tags: OPENBSD_3_6_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.36 |
|
07-May-2004 |
millert |
Replace RSA-derived md5 code with code derived from Colin Plumb's PD version. This moves md5.c out of libkern and into sys/crypto where it belongs (as requested by markus@). Note that md5.c is still mandatory (dev/rnd.c uses it). Verified with IPsec + hmac-md5 and tcp md5sig. OK henning@ and hshoexer@
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE
|
#
1.35 |
|
08-Jul-2003 |
itojun |
on interface removal, clear multicast forwarding stuff. from kame
|
#
1.34 |
|
28-Jun-2003 |
itojun |
i don't think pfsync needs a link-local addr.
|
Revision tags: UBC_SYNC_A
|
#
1.33 |
|
14-May-2003 |
itojun |
it is unlikely that we introduce 6to4 interface (IFT_STF) to openbsd.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_B
|
#
1.32 |
|
12-Sep-2002 |
itojun |
configure "next" pointer correctly. from j@pureftpd.org
|
#
1.31 |
|
11-Sep-2002 |
itojun |
fix pointer signedness mixup. sync w/kame
|
#
1.30 |
|
11-Sep-2002 |
itojun |
KNF - return is not a function. sync w/kame
|
#
1.29 |
|
11-Jun-2002 |
itojun |
silence some of log(), as the codepath will be visited for IPv6-non-capable interfaces too and can be annoying. net.inet6.icmp6.nd6_debug will re-enable them.
|
#
1.28 |
|
11-Jun-2002 |
itojun |
whitespace
|
#
1.27 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.26 |
|
07-Jun-2002 |
itojun |
whitespace sync w/kame
|
#
1.25 |
|
29-May-2002 |
itojun |
attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
|
#
1.24 |
|
29-May-2002 |
itojun |
move per-interface ip6/icmp6 stat to ifnet->if_afdata. sync w/kame
|
#
1.23 |
|
23-May-2002 |
itojun |
simplify condition to perform DAD. sync w/kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.22 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.21 |
|
07-Dec-2001 |
itojun |
branches: 1.21.2; whitespace/comment sync with kame
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.20 |
|
23-Aug-2001 |
itojun |
suppress printf() on non-multicast interface. suppress ipv6 initialization for IFT_PFLOG.
|
#
1.19 |
|
23-Aug-2001 |
itojun |
don't try to enable IPv6 on IFT_PFLOG.
|
#
1.18 |
|
18-Jul-2001 |
itojun |
avoid using malloc() during interupt context for multicast kludge entry. allocate it on interface initialization.
|
#
1.17 |
|
09-Jun-2001 |
angelos |
No need for net/net_osdep.h
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.16 |
|
16-Feb-2001 |
itojun |
cosmetic sync with kame
|
#
1.15 |
|
07-Feb-2001 |
itojun |
by default, don't bark on inbound ND messages, as outsider may be able to fill up /var with bogus packets. setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid ND packet and other occasions.
improve icmp6 stats.
|
#
1.14 |
|
18-Jan-2001 |
itojun |
do not remove default route by mistake, on interface removal.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.13 |
|
25-Oct-2000 |
jason |
silence the "no multicast" warning for IFT_ENC, too deraadt ok
|
#
1.12 |
|
18-Oct-2000 |
itojun |
don't try to configure IPv6 on bridge*. comment from deraadt
|
#
1.11 |
|
02-Oct-2000 |
itojun |
fix missing \n. from doug@freebsd (sync with kame)
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.10 |
|
05-May-2000 |
itojun |
cope with interface detach (like pcmcia card removal). remove any IPv6 addresses assigned to the interface. reported by ho, bunch of help from niklas. KAME PR 231.
|
#
1.9 |
|
27-Apr-2000 |
itojun |
correct in6_ifdetach(). free oia, not ia. Lennart says there are more problems to go (I don't own openbsd-current laptop). From: Lennart Augustsson <augustss@augustsson.net>
|
#
1.8 |
|
17-Apr-2000 |
itojun |
revisit in6_ifattach(). (1) make it more persistent about initializaing an interface (2) cleanup interface id selection. run NUD on p2p interface (required by spec for bidir p2p interface). add "ndp -i interface" (can tweak per-interface ND flag). (sync with more recent kame)
|
#
1.7 |
|
02-Mar-2000 |
itojun |
do not add ifa_dstaddr for non-pointopoint interface. IPv6 has no concept for "broadcast".
|
Revision tags: SMP_BASE
|
#
1.6 |
|
07-Feb-2000 |
itojun |
branches: 1.6.2; fix include file path related to ip6.
|
#
1.5 |
|
04-Feb-2000 |
itojun |
more coverage of in6_ifdetach()'s cleanup process. bug fix in SIOCGIFADDR_IN6 (point to point case).
|
#
1.4 |
|
02-Feb-2000 |
itojun |
- improve in6_ifdetach to remove (1) multicast kludge list (2) route to link-local allnode multicast (ff02:x::/32) - fix ifnet refcnt'ing in multicast kludge list management. - avoid dangling pointer in multicast kludge management.
(angelos, try this version of in6_ifdetach() - it should be better)
|
#
1.3 |
|
10-Dec-1999 |
itojun |
use proper type for in6_first_ifid (char -> u_int8_t) suggested by: deraadt
|
#
1.2 |
|
10-Dec-1999 |
angelos |
Remove remaining unnecessary ifdefs (itojun will hate me for this :-)
|
Revision tags: kame_19991208
|
#
1.1 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
#
1.112 |
|
10-Feb-2019 |
dlg |
remove the implict RTF_MPATH flag that rt_ifa_add() sets on new routes.
MPLS interfaces (ab)use rt_ifa_add for adding the local MPLS label that they listen on for incoming packets, while every other use of rt_ifa_add is for adding addresses on local interfaces. MPLS does this cos the addresses involved are in basically the same shape as ones used for setting up local addresses.
It is appropriate for interfaces to want RTF_MPATH on local addresses, but in the MPLS case it means you can have multiple local things listening on the same label, which doesn't actually work. mpe in particular keeps track of in use labels to it can handle collisions, however, mpw does not. It is currently possible to have multiple mpw interfaces on the same local label, and sharing the same label as mpe or possible normal forwarding labels.
Moving the RTF_MPATH flag out of rt_ifa_add means all the callers that still want it need to pass it themselves. The mpe and mpw callers are left alone without the flag, and will now get EEXIST from rt_ifa_add when a label is already in use.
ok (and a huge amount of patience and help) mpi@ claudio@ is ok with the idea, but saw a much much earlier solution to the problem
|
Revision tags: OPENBSD_6_4_BASE
|
#
1.111 |
|
05-Oct-2018 |
florian |
Do not join node information multicast group (RFC 4620). Benno removed code to answer ICMP queries over 4 years ago. Aham Brahmasmi (aham.brahmasmi AT gmx.com) points out that we still joined the group though.
OK sthen, bluhm, kn
|
#
1.110 |
|
26-Aug-2018 |
mpi |
Do not add ::1 on non-default lo(4) as intended.
Reported by and ok sthen@
|
#
1.109 |
|
10-Jul-2018 |
florian |
When an interface doesn't have a layer 2 address in6_get_soii_ifid() failes and then later on a in in6_get_ifid() a layer 2 address is "borrowed" from from another interface.
Do the "borrowing" in in6_get_soii_ifid(), too so that semantically opaque interface identifiers work for these kind of interfaces, too.
OK phessler, benno
|
#
1.108 |
|
10-Jul-2018 |
florian |
When an interface doesn't have a layer 2 address in6_get_ifid() tries to "borrow" one from another interface. But then it checks if the U bit is set int the generated EUI64 address and rejects it. On the other hand for interfaces that do have a layer 2 address this check is skipped, so relax it for the "borrowing" case, too.
With this one gets stable link local addresses on e.g. gre(4) interfaces on certain virtualisation environments depending which mac addresses get picked for the vio(4) interfaces while previously we would end up with a random IP on every reboot.
Reported by Aaron A. Glenn via phessler.
OK phessler, benno
|
#
1.107 |
|
27-Mar-2018 |
dhill |
Use memcpy instead of bcopy when the memory does not overlap.
OK deraadt@ florian@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.106 |
|
13-Mar-2018 |
florian |
Calculate RFC7217 link-local style addresses the same way as slaacd(8).
RFC 7217 states (section 5, page 9): | The Interface Identifier is finally obtained by taking as many | bits from the RID value (computed in the previous step) as | necessary, starting from the least significant bit.
Problem in slaacd pointed out by semarie@.
OK sthen, phessler
|
#
1.105 |
|
10-Feb-2018 |
florian |
Implement RFC 7217: "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration."
"An IPv6 address configured using this method is stable within each subnet, but the corresponding Interface Identifier changes when the host moves from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware addresses."
OK naddy, sthen
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.104 |
|
01-Sep-2017 |
florian |
Use in6_get_rand_ifid() instead of get_last_resort_ifid() and delete the get_last_resort_ifid() function because eww. Also if your system is so constraint that you end up in in6_get_rand_ifid() you don't deserve a random ifid that stays stable over reboots. Simplify code a bit since get_ifid() can no longer fail. It couldn't fail before either because that code path was #if 0'ed. While here sprinkle in some in6_ prefixes, pointed out by stsp. OK stsp
|
#
1.103 |
|
11-Jul-2017 |
florian |
Purging is at last at hand. Day of Doom is here. All that is evil shall all be cleansed.
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Input & OK bluhm@, mpi@
|
#
1.102 |
|
16-May-2017 |
mpi |
Replace remaining splsoftassert(IPL_SOFTNET) by NET_ASSERT_LOCKED().
ok visa@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.101 |
|
29-Dec-2016 |
mpi |
Get rid of recursive splsoftnet() in in6_ifattach_linklocal().
ok visa@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.100 |
|
30-Jun-2016 |
mpi |
Restore the automagically added /64 route on p2p interfaces in order to send traffic to link-local addresses without default route.
Fix a regression reported by Michael Lechtermann, ok stsp@, sthen@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.99 |
|
02-Dec-2015 |
bluhm |
When destroying an interface, we have to wait until all references are not used anymore. This has to be done before any interface fields become invalid. As the route delete request cannot call if_get() anymore, pass down the interface. Split rtrequest_delete() into a separate function that may take an existing inteface. OK mpi@
|
#
1.98 |
|
24-Oct-2015 |
mpi |
Convert to rt_ifidx.
ok bluhm@
|
#
1.97 |
|
22-Oct-2015 |
bluhm |
Inspired by satosin(), use inline functions to convert sockaddr dl. Instead of casts they check wether the incoming object has the expected type. So introduce satosdl() and sdltosa() in the kernel. OK mpi@
|
#
1.96 |
|
12-Sep-2015 |
mpi |
Now that rtrequest1(9) properly sets RTF_UP for newly added route, stop passing it in every rt_ifa_add(9) calls.
ok claudio@
|
#
1.95 |
|
03-Sep-2015 |
mpi |
Change the order of operations for loopback interfaces to have ::1 configured before fe80::1.
(lo0:0) in pf should resolve to 127.0.0.1 ::1.
reported by and ok mikeb@
|
#
1.94 |
|
31-Aug-2015 |
mpi |
Do not install connected routes on loopback interfaces.
Previously loopback connected routes were managed via the global list of prefixes, which mean that systems with AUTOCONF'd addresses did not see them in the routing table.
This also makes inet6 route creation coherent with inet.
|
#
1.93 |
|
24-Aug-2015 |
mpi |
Start moving away from the global prefix list by limiting its usage to AUTOCONF'd addresses.
This prevent the kernel from removing connected (/64) routes as soon as it configures an AUTOCONF'd address based on a RA.
Tested by sebastia@, ok sthen@
|
#
1.92 |
|
24-Aug-2015 |
mpi |
Rework the code to decide when to perform DAD to no longer rely on the IN6_IFF_NODAD pseudo-flag not being set.
This was just a flag for spaghetti code that should not exist in the first place.
Tested by sebastia@, ok sthen@
|
#
1.91 |
|
17-Aug-2015 |
mpi |
Remove anoying comment about in6_update_ifa().
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.90 |
|
18-Jul-2015 |
mpi |
Merge two identical chunks to add new prefixes to the global data structures into a function.
ok florian@
|
#
1.89 |
|
16-Jul-2015 |
mpi |
Properly layer Router Solicitation code.
Tweak and ok florian@
|
#
1.88 |
|
08-Jun-2015 |
krw |
More damned eye searing whitespace. No change to .o files.
|
#
1.87 |
|
27-Apr-2015 |
mpi |
Do not call nd6_purge() before purging the IPv6 addresses of a detached interface.
Fix a use after free introduced in r1.98 of netinet6/in6.c and recently exposed by a crazy pool/malloc damage finder being currently refined by dlg@ and deraadt@.
ok mikeb@, henning@
|
#
1.86 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.85 |
|
05-Feb-2015 |
mpi |
Convert various rtrequest1(RTM_DELETE,...) calls to rtdeletemsg(9).
This unify some code and notify userland for free.
blambert@ agrees, ok bluhm@
|
#
1.84 |
|
28-Jan-2015 |
mpi |
Revert rtdeletemsg conversion. It was not ok'd, I misunderstood bluhm@'s email.
|
#
1.83 |
|
27-Jan-2015 |
mpi |
Ensure that link-local addresses are correctly configured on loopback interfaces.
When the kernel automagically configures IPv6 addresses on loopback interfaces, start by assigning a link-local address and then try to assign "::1".
Only the first configured loopback interface per rdomain can have the "::1" address. But even if other loopback interfaces failed to get this address, because it is already taken, give them a chance to have a link-local address.
While here change in6_ifattach() to return an error value and remove duplicated code.
Fix a regression introduced by the NOINET6 flag removal.
ok henning@, stsp@, florian@, benno@
|
#
1.82 |
|
26-Jan-2015 |
mpi |
Call rtdeletemsg(9) instead of rerolling its code. As a bonus you'll get userland notification for free.
ok blambert@, bluhm@
|
#
1.81 |
|
10-Jan-2015 |
mpi |
Correct some comments and merge in6_if_up() into in6_ifattach() to reflect that IPv6 link-local addresses are no longer automagically configured the first time an interface is brought up.
ok henning@, stsp@
|
#
1.80 |
|
08-Jan-2015 |
florian |
Clear autoconf6 flag after autoconf6 cleanup happened, not before. Otherwise clean up code will never run. OK mpi@, benno@, henning@
|
#
1.79 |
|
06-Jan-2015 |
stsp |
Remove the NOINET6 interface flag, a left-over from the times when IPv6 was enabled by default. Add AFATTACH/AFDETACH ioctls which enable/disable an address family for an interface (currently used for IPv6 only).
New kernel needs new ifconfig for IPv6 configuration (address assignment still works with old ifconfig making this easy to cross over).
Committing on behalf of henning@ who is currently lebensmittelvergiftet. ok stsp, benno, mpi
|
#
1.78 |
|
04-Dec-2014 |
tedu |
replace md5 with sha512. ok deraadt
|
#
1.77 |
|
20-Nov-2014 |
mpi |
What have no need for a variable that holds the maximum MTU size of interfaces with an IPv6 address.
ok henning@, mikeb@, deraadt@
|
#
1.76 |
|
18-Nov-2014 |
krw |
Nuke yet more obvious #include duplications.
ok miod@
|
#
1.75 |
|
18-Nov-2014 |
tedu |
move arc4random prototype to systm.h. more appropriate for most code to include that than rdnvar.h. ok deraadt dlg
|
#
1.74 |
|
01-Nov-2014 |
mpi |
Rename rtalloc1() into rtalloc(9) and convert its flags to only enable functionnality instead of a mix of enable/disable.
ok bluhm@, jca@
|
#
1.73 |
|
25-Aug-2014 |
florian |
Move sending of router solicitations to the kernel; receiving and processing of router advertisements was already in the kernel. With this rtsol{,d}(8) is no longer necessary.
The kernel starts sending solicitations with # ifconfig $IF inet6 autoconf or inet6 autoconf in /etc/hostname.$IF.
input stsp@ much help & OK mpi@ tweaks & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.72 |
|
01-Jul-2014 |
benno |
When a carp interface is created with IFXF_NOINET6 flag, no link-local address will be created when the vhid (and MAC) is set. Depending on the order of the configuration the interface can end up with a ipv6 address, but no v6 link-local and no working neigbor discovery.
Removing this case statement will result in the link-local address being configured by "ifconfig up" if the inet6 address was configured before. If you are using inet6 on carp, put an "up" at the end of your hostname.if. I will work on a better solution at g2k14.
ok henning, mpi
|
#
1.71 |
|
26-Jun-2014 |
mpi |
Calling in{6,}_purgeaddr() is not enough to remove an address from an interface. Two other operations are performed when issuing a SIOCDIFADDR{_IN6,} ioctl: call the address hook and the per-driver ioctl function.
Since carp(4) relies on an address hook to recalculate its hash, make sure to call this hook when IFXF_NOINET6 is set or when the rdomain is changed.
ok henning@, mikeb@
|
#
1.70 |
|
03-Jun-2014 |
mpi |
Do not include <sys/malloc.h> where it is not needed.
|
#
1.69 |
|
20-May-2014 |
mpi |
Fix eui64 address generation, broken since the removal of the link-layer address from the per-ifp list.
Found the hard way by weerd@, florian@ and stsp@, ok florian@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.68 |
|
21-Jan-2014 |
mpi |
Do not clean the multicast records of an interface when it is destroyed (unplugged). Even if it makes no sense to keep them around if the interface is no more, we cannot safely remove them since pcb multicast options might keep a pointer to them.
Fixes a user after free introduced by the multicast address linking rewrite and reported by Alexey Suslikov, thanks!
ok claudio@
|
#
1.67 |
|
13-Jan-2014 |
bluhm |
Call all local valiables of type struct in6_ifaddr "ia6". This is consistent with struct ifaddr "ifa" and struct in_ifaddr "ia". OK mpi@
|
#
1.66 |
|
07-Jan-2014 |
stsp |
Some follow-up fixes for IFID collision handling in IPv6CP.
Really change the link-local address in the unlikely event of an IFID collision, instead of going into an infinite conf-nak loop with the peer.
To make the netinet6 code use the IPv6CP IFID in a new link-local address, in6_ifattach_linklocal() must accept a provided IFID. Replace the unused 'altifp' parameter with a new 'ifid' parameter for this purpose.
Always use the latest suggested address in IPv6CP replies, even if the task to update the interface's address hasn't run yet. Also, clear the ifindex (KAME hack) in addresses sent during IPv6CP.
ok mpi
|
#
1.65 |
|
06-Jan-2014 |
stsp |
Make in6_ifdetach() remove the ff01::1 route for the detaching interface, too. The route used to linger after an interface detached from IPv6. ok mikeb
|
#
1.64 |
|
28-Nov-2013 |
mpi |
Change the way protocol multicast addresses are linked to an interface.
Instead of linking multicast records to the first configured address of the corresponding protocol, making this address and its position in the global list special, add them to a new list directly linked to the interface descriptor.
This new multicast address list is similar to the address list, all its elements contain a protocol agnostic part. This design allows us to be able to join a multicast group without necessarily having a configured address. That means IPv6 multicast kludges are no longer needed.
Another benefit is to be able to add and remove an IP address from an interface without worrying about multicast records. That means that the global IPv4 list is no longer needed since the first configured address of an interface is no longer special.
This new list might also be extended in the future to contain the link-layer addresses used to configure hardware filters.
Tested by sthen@ and weerd@, ok mikeb@
|
#
1.63 |
|
19-Nov-2013 |
mpi |
Remove some FDDI/ATM leftovers.
ok mikeb@, henning@, deraadt@, brad@, miod@
|
#
1.62 |
|
17-Oct-2013 |
bluhm |
The header file netinet/in_var.h included netinet6/in6_var.h. This created a bunch of useless dependencies. Remove this implicit inclusion and do an explicit #include <netinet6/in6_var.h> when it is needed. OK mpi@ henning@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.61 |
|
31-May-2013 |
bluhm |
Remove a bunch of sockaddr_in6 pointer casts and replace others with sin6tosa() or satosin6() inline functions. This allows the compiler to check the types more strictly. OK mpi@
|
#
1.60 |
|
26-Mar-2013 |
bluhm |
Remove a block of dead code in in6_ifdetach(). It was never executed due to the wrong & in satosin6(&ifa->ifa_addr). The link local prefix fe80 was not checked within the IPv6 address, but within some pointers of the interface address struct. The whole loop around this was also never executed as all IPv6 addresses had already been purged. OK sperreault@ mpi@ mikeb@
|
#
1.59 |
|
25-Mar-2013 |
mpi |
Substitute the handcrafted list of IPv6 addresses by a proper TAILQ.
ok bluhm@, mikeb@
|
#
1.58 |
|
07-Mar-2013 |
mpi |
Remove the IFAFREE() macro, the ifafree() function it was calling already check for the reference counter.
ok mikeb@, miod@, pelikan@, kettenis@, krw@
|
#
1.57 |
|
04-Mar-2013 |
bluhm |
Replace the cast to struct in6_ifaddr pointer with the ifatoia6() macro. No binary change. OK claudio@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.56 |
|
19-Sep-2012 |
bluhm |
Use TAILQ_FOREACH macro for loops. No binary diff. OK henning@
|
#
1.55 |
|
21-Aug-2012 |
bluhm |
Reverse the name and meaning of the IFXF_INET6_PRIVACY interface flag. It is now called IFXF_INET6_NOPRIVACY. So IPv6 privacy addresses are on by default without resetting the flag during ifconfig down/up. OK stsp@, sperreault@ (who wrote the same diff)
|
#
1.54 |
|
15-Aug-2012 |
sperreault |
Enable IPv6 autoconfprivacy by default
diff originally by stsp@ "please commit it" deraadt@ "don't care" stsp@ "don't like" bluhm@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.53 |
|
03-Jan-2012 |
bluhm |
To access the ifaddr of an in_ifaddr or in6_ifaddr struct, it is cleaner to access the first member via ia_ifa instead of casting. No binary change. ok henning@ krw@
|
#
1.52 |
|
24-Nov-2011 |
sperreault |
rdomain support for IPv6 ok mikeb
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.51 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.50 |
|
08-Feb-2010 |
jsing |
More destatic and ansification.
ok claudio@ naddy@
|
#
1.49 |
|
13-Jan-2010 |
henning |
instead of fiddling with the per-interface address lists directly in many places create a proper API (ifa_add / ifa_del) and use it. ok theo ryan dlg
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.48 |
|
30-Jan-2009 |
mcbride |
"XXX: should this be performed under splnet()?"... Yes, yes it should. Interface configuration causes neighbour discoverery, which runs packets through parts of the stack that require at least splsoftnet(), like pf and pfsync.
ok dlg
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.47 |
|
11-Jun-2008 |
mcbride |
ANSIfy to sync with KAME. From Karl Sjodahl <dunceor@gmail.com>.
ok todd deraadt naddy bluhm
|
#
1.46 |
|
11-May-2008 |
claudio |
rtrequest to rtrequest1 conversion in inet6. With that no rtrequest should be left over. OK henning@
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.45 |
|
08-Jun-2007 |
henning |
kill arcnet leftovers, some pt out by Mike Belopuhov <mkb@crypt.org.ru>, some I found afterwards, ok dlg
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.44 |
|
15-Nov-2006 |
itojun |
unifdef -USCOPEDROUTING
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.43 |
|
31-Aug-2006 |
mcbride |
Automatically add a IPv6 link-local address to carp interfaces when the virtual MAC address is set. Among other things, this makes route6d work correctly on systems with carp interfaces.
In order to ensure backwards compatibility, we do not include IPv6 link-local addresses in generating the HMAC, but we accept HMACs with AND without the link-local addresses. They will be added to the HMAC in a future release.
In short: this change should only affect backwards compatibility for IPv6 users who are manually adding link-local addresses on carp interfaces.
testing mtu@ todd@ ok mpf@ henning@ deraadt@
|
#
1.42 |
|
16-Jun-2006 |
henning |
adjust functions dealing with the routing table to take a table ID as parameter so they can work on alternate tables. table 0 hardcoded for many callers yet, that will be adapted step by step. input + ok claudio norby hshoexer
|
#
1.41 |
|
27-May-2006 |
claudio |
Do the same thing as for IPv4. Use a sysctl to enable/disable mfrowarding and additionaly make the code part of the MROUTING option. Put it in deraadt@
|
#
1.40 |
|
05-Mar-2006 |
miod |
Use more queue macros rather than doing it by hand; ok otto@ krw@
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.39 |
|
23-May-2005 |
mpf |
carp needs a multicast kludge storage. Fixes PR 4211. OK mcbride@
|
#
1.38 |
|
21-Apr-2005 |
itojun |
remove (now obsolete) handling of IFT_PROPVIRTUAL/bridge*. tested by camield@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.37 |
|
07-Dec-2004 |
mcbride |
Convert carp(4) to behave more like a regular interface, much in the same style as vlan(4). carp interfaces no longer require the physical interface to be on the same subnet as the carp interface, or even that the physical interface has an adress at all, so CARP can now be used on /30 networks.
ok deraadt@ henning@
|
Revision tags: OPENBSD_3_6_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.36 |
|
07-May-2004 |
millert |
Replace RSA-derived md5 code with code derived from Colin Plumb's PD version. This moves md5.c out of libkern and into sys/crypto where it belongs (as requested by markus@). Note that md5.c is still mandatory (dev/rnd.c uses it). Verified with IPsec + hmac-md5 and tcp md5sig. OK henning@ and hshoexer@
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE
|
#
1.35 |
|
08-Jul-2003 |
itojun |
on interface removal, clear multicast forwarding stuff. from kame
|
#
1.34 |
|
28-Jun-2003 |
itojun |
i don't think pfsync needs a link-local addr.
|
Revision tags: UBC_SYNC_A
|
#
1.33 |
|
14-May-2003 |
itojun |
it is unlikely that we introduce 6to4 interface (IFT_STF) to openbsd.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_B
|
#
1.32 |
|
12-Sep-2002 |
itojun |
configure "next" pointer correctly. from j@pureftpd.org
|
#
1.31 |
|
11-Sep-2002 |
itojun |
fix pointer signedness mixup. sync w/kame
|
#
1.30 |
|
11-Sep-2002 |
itojun |
KNF - return is not a function. sync w/kame
|
#
1.29 |
|
11-Jun-2002 |
itojun |
silence some of log(), as the codepath will be visited for IPv6-non-capable interfaces too and can be annoying. net.inet6.icmp6.nd6_debug will re-enable them.
|
#
1.28 |
|
11-Jun-2002 |
itojun |
whitespace
|
#
1.27 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.26 |
|
07-Jun-2002 |
itojun |
whitespace sync w/kame
|
#
1.25 |
|
29-May-2002 |
itojun |
attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
|
#
1.24 |
|
29-May-2002 |
itojun |
move per-interface ip6/icmp6 stat to ifnet->if_afdata. sync w/kame
|
#
1.23 |
|
23-May-2002 |
itojun |
simplify condition to perform DAD. sync w/kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.22 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.21 |
|
07-Dec-2001 |
itojun |
branches: 1.21.2; whitespace/comment sync with kame
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.20 |
|
23-Aug-2001 |
itojun |
suppress printf() on non-multicast interface. suppress ipv6 initialization for IFT_PFLOG.
|
#
1.19 |
|
23-Aug-2001 |
itojun |
don't try to enable IPv6 on IFT_PFLOG.
|
#
1.18 |
|
18-Jul-2001 |
itojun |
avoid using malloc() during interupt context for multicast kludge entry. allocate it on interface initialization.
|
#
1.17 |
|
09-Jun-2001 |
angelos |
No need for net/net_osdep.h
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.16 |
|
16-Feb-2001 |
itojun |
cosmetic sync with kame
|
#
1.15 |
|
07-Feb-2001 |
itojun |
by default, don't bark on inbound ND messages, as outsider may be able to fill up /var with bogus packets. setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid ND packet and other occasions.
improve icmp6 stats.
|
#
1.14 |
|
18-Jan-2001 |
itojun |
do not remove default route by mistake, on interface removal.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.13 |
|
25-Oct-2000 |
jason |
silence the "no multicast" warning for IFT_ENC, too deraadt ok
|
#
1.12 |
|
18-Oct-2000 |
itojun |
don't try to configure IPv6 on bridge*. comment from deraadt
|
#
1.11 |
|
02-Oct-2000 |
itojun |
fix missing \n. from doug@freebsd (sync with kame)
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.10 |
|
05-May-2000 |
itojun |
cope with interface detach (like pcmcia card removal). remove any IPv6 addresses assigned to the interface. reported by ho, bunch of help from niklas. KAME PR 231.
|
#
1.9 |
|
27-Apr-2000 |
itojun |
correct in6_ifdetach(). free oia, not ia. Lennart says there are more problems to go (I don't own openbsd-current laptop). From: Lennart Augustsson <augustss@augustsson.net>
|
#
1.8 |
|
17-Apr-2000 |
itojun |
revisit in6_ifattach(). (1) make it more persistent about initializaing an interface (2) cleanup interface id selection. run NUD on p2p interface (required by spec for bidir p2p interface). add "ndp -i interface" (can tweak per-interface ND flag). (sync with more recent kame)
|
#
1.7 |
|
02-Mar-2000 |
itojun |
do not add ifa_dstaddr for non-pointopoint interface. IPv6 has no concept for "broadcast".
|
Revision tags: SMP_BASE
|
#
1.6 |
|
07-Feb-2000 |
itojun |
branches: 1.6.2; fix include file path related to ip6.
|
#
1.5 |
|
04-Feb-2000 |
itojun |
more coverage of in6_ifdetach()'s cleanup process. bug fix in SIOCGIFADDR_IN6 (point to point case).
|
#
1.4 |
|
02-Feb-2000 |
itojun |
- improve in6_ifdetach to remove (1) multicast kludge list (2) route to link-local allnode multicast (ff02:x::/32) - fix ifnet refcnt'ing in multicast kludge list management. - avoid dangling pointer in multicast kludge management.
(angelos, try this version of in6_ifdetach() - it should be better)
|
#
1.3 |
|
10-Dec-1999 |
itojun |
use proper type for in6_first_ifid (char -> u_int8_t) suggested by: deraadt
|
#
1.2 |
|
10-Dec-1999 |
angelos |
Remove remaining unnecessary ifdefs (itojun will hate me for this :-)
|
Revision tags: kame_19991208
|
#
1.1 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
#
1.111 |
|
05-Oct-2018 |
florian |
Do not join node information multicast group (RFC 4620). Benno removed code to answer ICMP queries over 4 years ago. Aham Brahmasmi (aham.brahmasmi AT gmx.com) points out that we still joined the group though.
OK sthen, bluhm, kn
|
#
1.110 |
|
26-Aug-2018 |
mpi |
Do not add ::1 on non-default lo(4) as intended.
Reported by and ok sthen@
|
#
1.109 |
|
10-Jul-2018 |
florian |
When an interface doesn't have a layer 2 address in6_get_soii_ifid() failes and then later on a in in6_get_ifid() a layer 2 address is "borrowed" from from another interface.
Do the "borrowing" in in6_get_soii_ifid(), too so that semantically opaque interface identifiers work for these kind of interfaces, too.
OK phessler, benno
|
#
1.108 |
|
10-Jul-2018 |
florian |
When an interface doesn't have a layer 2 address in6_get_ifid() tries to "borrow" one from another interface. But then it checks if the U bit is set int the generated EUI64 address and rejects it. On the other hand for interfaces that do have a layer 2 address this check is skipped, so relax it for the "borrowing" case, too.
With this one gets stable link local addresses on e.g. gre(4) interfaces on certain virtualisation environments depending which mac addresses get picked for the vio(4) interfaces while previously we would end up with a random IP on every reboot.
Reported by Aaron A. Glenn via phessler.
OK phessler, benno
|
#
1.107 |
|
27-Mar-2018 |
dhill |
Use memcpy instead of bcopy when the memory does not overlap.
OK deraadt@ florian@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.106 |
|
13-Mar-2018 |
florian |
Calculate RFC7217 link-local style addresses the same way as slaacd(8).
RFC 7217 states (section 5, page 9): | The Interface Identifier is finally obtained by taking as many | bits from the RID value (computed in the previous step) as | necessary, starting from the least significant bit.
Problem in slaacd pointed out by semarie@.
OK sthen, phessler
|
#
1.105 |
|
10-Feb-2018 |
florian |
Implement RFC 7217: "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration."
"An IPv6 address configured using this method is stable within each subnet, but the corresponding Interface Identifier changes when the host moves from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware addresses."
OK naddy, sthen
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.104 |
|
01-Sep-2017 |
florian |
Use in6_get_rand_ifid() instead of get_last_resort_ifid() and delete the get_last_resort_ifid() function because eww. Also if your system is so constraint that you end up in in6_get_rand_ifid() you don't deserve a random ifid that stays stable over reboots. Simplify code a bit since get_ifid() can no longer fail. It couldn't fail before either because that code path was #if 0'ed. While here sprinkle in some in6_ prefixes, pointed out by stsp. OK stsp
|
#
1.103 |
|
11-Jul-2017 |
florian |
Purging is at last at hand. Day of Doom is here. All that is evil shall all be cleansed.
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Input & OK bluhm@, mpi@
|
#
1.102 |
|
16-May-2017 |
mpi |
Replace remaining splsoftassert(IPL_SOFTNET) by NET_ASSERT_LOCKED().
ok visa@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.101 |
|
29-Dec-2016 |
mpi |
Get rid of recursive splsoftnet() in in6_ifattach_linklocal().
ok visa@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.100 |
|
30-Jun-2016 |
mpi |
Restore the automagically added /64 route on p2p interfaces in order to send traffic to link-local addresses without default route.
Fix a regression reported by Michael Lechtermann, ok stsp@, sthen@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.99 |
|
02-Dec-2015 |
bluhm |
When destroying an interface, we have to wait until all references are not used anymore. This has to be done before any interface fields become invalid. As the route delete request cannot call if_get() anymore, pass down the interface. Split rtrequest_delete() into a separate function that may take an existing inteface. OK mpi@
|
#
1.98 |
|
24-Oct-2015 |
mpi |
Convert to rt_ifidx.
ok bluhm@
|
#
1.97 |
|
22-Oct-2015 |
bluhm |
Inspired by satosin(), use inline functions to convert sockaddr dl. Instead of casts they check wether the incoming object has the expected type. So introduce satosdl() and sdltosa() in the kernel. OK mpi@
|
#
1.96 |
|
12-Sep-2015 |
mpi |
Now that rtrequest1(9) properly sets RTF_UP for newly added route, stop passing it in every rt_ifa_add(9) calls.
ok claudio@
|
#
1.95 |
|
03-Sep-2015 |
mpi |
Change the order of operations for loopback interfaces to have ::1 configured before fe80::1.
(lo0:0) in pf should resolve to 127.0.0.1 ::1.
reported by and ok mikeb@
|
#
1.94 |
|
31-Aug-2015 |
mpi |
Do not install connected routes on loopback interfaces.
Previously loopback connected routes were managed via the global list of prefixes, which mean that systems with AUTOCONF'd addresses did not see them in the routing table.
This also makes inet6 route creation coherent with inet.
|
#
1.93 |
|
24-Aug-2015 |
mpi |
Start moving away from the global prefix list by limiting its usage to AUTOCONF'd addresses.
This prevent the kernel from removing connected (/64) routes as soon as it configures an AUTOCONF'd address based on a RA.
Tested by sebastia@, ok sthen@
|
#
1.92 |
|
24-Aug-2015 |
mpi |
Rework the code to decide when to perform DAD to no longer rely on the IN6_IFF_NODAD pseudo-flag not being set.
This was just a flag for spaghetti code that should not exist in the first place.
Tested by sebastia@, ok sthen@
|
#
1.91 |
|
17-Aug-2015 |
mpi |
Remove anoying comment about in6_update_ifa().
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.90 |
|
18-Jul-2015 |
mpi |
Merge two identical chunks to add new prefixes to the global data structures into a function.
ok florian@
|
#
1.89 |
|
16-Jul-2015 |
mpi |
Properly layer Router Solicitation code.
Tweak and ok florian@
|
#
1.88 |
|
08-Jun-2015 |
krw |
More damned eye searing whitespace. No change to .o files.
|
#
1.87 |
|
27-Apr-2015 |
mpi |
Do not call nd6_purge() before purging the IPv6 addresses of a detached interface.
Fix a use after free introduced in r1.98 of netinet6/in6.c and recently exposed by a crazy pool/malloc damage finder being currently refined by dlg@ and deraadt@.
ok mikeb@, henning@
|
#
1.86 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.85 |
|
05-Feb-2015 |
mpi |
Convert various rtrequest1(RTM_DELETE,...) calls to rtdeletemsg(9).
This unify some code and notify userland for free.
blambert@ agrees, ok bluhm@
|
#
1.84 |
|
28-Jan-2015 |
mpi |
Revert rtdeletemsg conversion. It was not ok'd, I misunderstood bluhm@'s email.
|
#
1.83 |
|
27-Jan-2015 |
mpi |
Ensure that link-local addresses are correctly configured on loopback interfaces.
When the kernel automagically configures IPv6 addresses on loopback interfaces, start by assigning a link-local address and then try to assign "::1".
Only the first configured loopback interface per rdomain can have the "::1" address. But even if other loopback interfaces failed to get this address, because it is already taken, give them a chance to have a link-local address.
While here change in6_ifattach() to return an error value and remove duplicated code.
Fix a regression introduced by the NOINET6 flag removal.
ok henning@, stsp@, florian@, benno@
|
#
1.82 |
|
26-Jan-2015 |
mpi |
Call rtdeletemsg(9) instead of rerolling its code. As a bonus you'll get userland notification for free.
ok blambert@, bluhm@
|
#
1.81 |
|
10-Jan-2015 |
mpi |
Correct some comments and merge in6_if_up() into in6_ifattach() to reflect that IPv6 link-local addresses are no longer automagically configured the first time an interface is brought up.
ok henning@, stsp@
|
#
1.80 |
|
08-Jan-2015 |
florian |
Clear autoconf6 flag after autoconf6 cleanup happened, not before. Otherwise clean up code will never run. OK mpi@, benno@, henning@
|
#
1.79 |
|
06-Jan-2015 |
stsp |
Remove the NOINET6 interface flag, a left-over from the times when IPv6 was enabled by default. Add AFATTACH/AFDETACH ioctls which enable/disable an address family for an interface (currently used for IPv6 only).
New kernel needs new ifconfig for IPv6 configuration (address assignment still works with old ifconfig making this easy to cross over).
Committing on behalf of henning@ who is currently lebensmittelvergiftet. ok stsp, benno, mpi
|
#
1.78 |
|
04-Dec-2014 |
tedu |
replace md5 with sha512. ok deraadt
|
#
1.77 |
|
20-Nov-2014 |
mpi |
What have no need for a variable that holds the maximum MTU size of interfaces with an IPv6 address.
ok henning@, mikeb@, deraadt@
|
#
1.76 |
|
18-Nov-2014 |
krw |
Nuke yet more obvious #include duplications.
ok miod@
|
#
1.75 |
|
18-Nov-2014 |
tedu |
move arc4random prototype to systm.h. more appropriate for most code to include that than rdnvar.h. ok deraadt dlg
|
#
1.74 |
|
01-Nov-2014 |
mpi |
Rename rtalloc1() into rtalloc(9) and convert its flags to only enable functionnality instead of a mix of enable/disable.
ok bluhm@, jca@
|
#
1.73 |
|
25-Aug-2014 |
florian |
Move sending of router solicitations to the kernel; receiving and processing of router advertisements was already in the kernel. With this rtsol{,d}(8) is no longer necessary.
The kernel starts sending solicitations with # ifconfig $IF inet6 autoconf or inet6 autoconf in /etc/hostname.$IF.
input stsp@ much help & OK mpi@ tweaks & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.72 |
|
01-Jul-2014 |
benno |
When a carp interface is created with IFXF_NOINET6 flag, no link-local address will be created when the vhid (and MAC) is set. Depending on the order of the configuration the interface can end up with a ipv6 address, but no v6 link-local and no working neigbor discovery.
Removing this case statement will result in the link-local address being configured by "ifconfig up" if the inet6 address was configured before. If you are using inet6 on carp, put an "up" at the end of your hostname.if. I will work on a better solution at g2k14.
ok henning, mpi
|
#
1.71 |
|
26-Jun-2014 |
mpi |
Calling in{6,}_purgeaddr() is not enough to remove an address from an interface. Two other operations are performed when issuing a SIOCDIFADDR{_IN6,} ioctl: call the address hook and the per-driver ioctl function.
Since carp(4) relies on an address hook to recalculate its hash, make sure to call this hook when IFXF_NOINET6 is set or when the rdomain is changed.
ok henning@, mikeb@
|
#
1.70 |
|
03-Jun-2014 |
mpi |
Do not include <sys/malloc.h> where it is not needed.
|
#
1.69 |
|
20-May-2014 |
mpi |
Fix eui64 address generation, broken since the removal of the link-layer address from the per-ifp list.
Found the hard way by weerd@, florian@ and stsp@, ok florian@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.68 |
|
21-Jan-2014 |
mpi |
Do not clean the multicast records of an interface when it is destroyed (unplugged). Even if it makes no sense to keep them around if the interface is no more, we cannot safely remove them since pcb multicast options might keep a pointer to them.
Fixes a user after free introduced by the multicast address linking rewrite and reported by Alexey Suslikov, thanks!
ok claudio@
|
#
1.67 |
|
13-Jan-2014 |
bluhm |
Call all local valiables of type struct in6_ifaddr "ia6". This is consistent with struct ifaddr "ifa" and struct in_ifaddr "ia". OK mpi@
|
#
1.66 |
|
07-Jan-2014 |
stsp |
Some follow-up fixes for IFID collision handling in IPv6CP.
Really change the link-local address in the unlikely event of an IFID collision, instead of going into an infinite conf-nak loop with the peer.
To make the netinet6 code use the IPv6CP IFID in a new link-local address, in6_ifattach_linklocal() must accept a provided IFID. Replace the unused 'altifp' parameter with a new 'ifid' parameter for this purpose.
Always use the latest suggested address in IPv6CP replies, even if the task to update the interface's address hasn't run yet. Also, clear the ifindex (KAME hack) in addresses sent during IPv6CP.
ok mpi
|
#
1.65 |
|
06-Jan-2014 |
stsp |
Make in6_ifdetach() remove the ff01::1 route for the detaching interface, too. The route used to linger after an interface detached from IPv6. ok mikeb
|
#
1.64 |
|
28-Nov-2013 |
mpi |
Change the way protocol multicast addresses are linked to an interface.
Instead of linking multicast records to the first configured address of the corresponding protocol, making this address and its position in the global list special, add them to a new list directly linked to the interface descriptor.
This new multicast address list is similar to the address list, all its elements contain a protocol agnostic part. This design allows us to be able to join a multicast group without necessarily having a configured address. That means IPv6 multicast kludges are no longer needed.
Another benefit is to be able to add and remove an IP address from an interface without worrying about multicast records. That means that the global IPv4 list is no longer needed since the first configured address of an interface is no longer special.
This new list might also be extended in the future to contain the link-layer addresses used to configure hardware filters.
Tested by sthen@ and weerd@, ok mikeb@
|
#
1.63 |
|
19-Nov-2013 |
mpi |
Remove some FDDI/ATM leftovers.
ok mikeb@, henning@, deraadt@, brad@, miod@
|
#
1.62 |
|
17-Oct-2013 |
bluhm |
The header file netinet/in_var.h included netinet6/in6_var.h. This created a bunch of useless dependencies. Remove this implicit inclusion and do an explicit #include <netinet6/in6_var.h> when it is needed. OK mpi@ henning@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.61 |
|
31-May-2013 |
bluhm |
Remove a bunch of sockaddr_in6 pointer casts and replace others with sin6tosa() or satosin6() inline functions. This allows the compiler to check the types more strictly. OK mpi@
|
#
1.60 |
|
26-Mar-2013 |
bluhm |
Remove a block of dead code in in6_ifdetach(). It was never executed due to the wrong & in satosin6(&ifa->ifa_addr). The link local prefix fe80 was not checked within the IPv6 address, but within some pointers of the interface address struct. The whole loop around this was also never executed as all IPv6 addresses had already been purged. OK sperreault@ mpi@ mikeb@
|
#
1.59 |
|
25-Mar-2013 |
mpi |
Substitute the handcrafted list of IPv6 addresses by a proper TAILQ.
ok bluhm@, mikeb@
|
#
1.58 |
|
07-Mar-2013 |
mpi |
Remove the IFAFREE() macro, the ifafree() function it was calling already check for the reference counter.
ok mikeb@, miod@, pelikan@, kettenis@, krw@
|
#
1.57 |
|
04-Mar-2013 |
bluhm |
Replace the cast to struct in6_ifaddr pointer with the ifatoia6() macro. No binary change. OK claudio@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.56 |
|
19-Sep-2012 |
bluhm |
Use TAILQ_FOREACH macro for loops. No binary diff. OK henning@
|
#
1.55 |
|
21-Aug-2012 |
bluhm |
Reverse the name and meaning of the IFXF_INET6_PRIVACY interface flag. It is now called IFXF_INET6_NOPRIVACY. So IPv6 privacy addresses are on by default without resetting the flag during ifconfig down/up. OK stsp@, sperreault@ (who wrote the same diff)
|
#
1.54 |
|
15-Aug-2012 |
sperreault |
Enable IPv6 autoconfprivacy by default
diff originally by stsp@ "please commit it" deraadt@ "don't care" stsp@ "don't like" bluhm@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.53 |
|
03-Jan-2012 |
bluhm |
To access the ifaddr of an in_ifaddr or in6_ifaddr struct, it is cleaner to access the first member via ia_ifa instead of casting. No binary change. ok henning@ krw@
|
#
1.52 |
|
24-Nov-2011 |
sperreault |
rdomain support for IPv6 ok mikeb
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.51 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.50 |
|
08-Feb-2010 |
jsing |
More destatic and ansification.
ok claudio@ naddy@
|
#
1.49 |
|
13-Jan-2010 |
henning |
instead of fiddling with the per-interface address lists directly in many places create a proper API (ifa_add / ifa_del) and use it. ok theo ryan dlg
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.48 |
|
30-Jan-2009 |
mcbride |
"XXX: should this be performed under splnet()?"... Yes, yes it should. Interface configuration causes neighbour discoverery, which runs packets through parts of the stack that require at least splsoftnet(), like pf and pfsync.
ok dlg
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.47 |
|
11-Jun-2008 |
mcbride |
ANSIfy to sync with KAME. From Karl Sjodahl <dunceor@gmail.com>.
ok todd deraadt naddy bluhm
|
#
1.46 |
|
11-May-2008 |
claudio |
rtrequest to rtrequest1 conversion in inet6. With that no rtrequest should be left over. OK henning@
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.45 |
|
08-Jun-2007 |
henning |
kill arcnet leftovers, some pt out by Mike Belopuhov <mkb@crypt.org.ru>, some I found afterwards, ok dlg
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.44 |
|
15-Nov-2006 |
itojun |
unifdef -USCOPEDROUTING
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.43 |
|
31-Aug-2006 |
mcbride |
Automatically add a IPv6 link-local address to carp interfaces when the virtual MAC address is set. Among other things, this makes route6d work correctly on systems with carp interfaces.
In order to ensure backwards compatibility, we do not include IPv6 link-local addresses in generating the HMAC, but we accept HMACs with AND without the link-local addresses. They will be added to the HMAC in a future release.
In short: this change should only affect backwards compatibility for IPv6 users who are manually adding link-local addresses on carp interfaces.
testing mtu@ todd@ ok mpf@ henning@ deraadt@
|
#
1.42 |
|
16-Jun-2006 |
henning |
adjust functions dealing with the routing table to take a table ID as parameter so they can work on alternate tables. table 0 hardcoded for many callers yet, that will be adapted step by step. input + ok claudio norby hshoexer
|
#
1.41 |
|
27-May-2006 |
claudio |
Do the same thing as for IPv4. Use a sysctl to enable/disable mfrowarding and additionaly make the code part of the MROUTING option. Put it in deraadt@
|
#
1.40 |
|
05-Mar-2006 |
miod |
Use more queue macros rather than doing it by hand; ok otto@ krw@
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.39 |
|
23-May-2005 |
mpf |
carp needs a multicast kludge storage. Fixes PR 4211. OK mcbride@
|
#
1.38 |
|
21-Apr-2005 |
itojun |
remove (now obsolete) handling of IFT_PROPVIRTUAL/bridge*. tested by camield@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.37 |
|
07-Dec-2004 |
mcbride |
Convert carp(4) to behave more like a regular interface, much in the same style as vlan(4). carp interfaces no longer require the physical interface to be on the same subnet as the carp interface, or even that the physical interface has an adress at all, so CARP can now be used on /30 networks.
ok deraadt@ henning@
|
Revision tags: OPENBSD_3_6_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.36 |
|
07-May-2004 |
millert |
Replace RSA-derived md5 code with code derived from Colin Plumb's PD version. This moves md5.c out of libkern and into sys/crypto where it belongs (as requested by markus@). Note that md5.c is still mandatory (dev/rnd.c uses it). Verified with IPsec + hmac-md5 and tcp md5sig. OK henning@ and hshoexer@
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE
|
#
1.35 |
|
08-Jul-2003 |
itojun |
on interface removal, clear multicast forwarding stuff. from kame
|
#
1.34 |
|
28-Jun-2003 |
itojun |
i don't think pfsync needs a link-local addr.
|
Revision tags: UBC_SYNC_A
|
#
1.33 |
|
14-May-2003 |
itojun |
it is unlikely that we introduce 6to4 interface (IFT_STF) to openbsd.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_B
|
#
1.32 |
|
12-Sep-2002 |
itojun |
configure "next" pointer correctly. from j@pureftpd.org
|
#
1.31 |
|
11-Sep-2002 |
itojun |
fix pointer signedness mixup. sync w/kame
|
#
1.30 |
|
11-Sep-2002 |
itojun |
KNF - return is not a function. sync w/kame
|
#
1.29 |
|
11-Jun-2002 |
itojun |
silence some of log(), as the codepath will be visited for IPv6-non-capable interfaces too and can be annoying. net.inet6.icmp6.nd6_debug will re-enable them.
|
#
1.28 |
|
11-Jun-2002 |
itojun |
whitespace
|
#
1.27 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.26 |
|
07-Jun-2002 |
itojun |
whitespace sync w/kame
|
#
1.25 |
|
29-May-2002 |
itojun |
attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
|
#
1.24 |
|
29-May-2002 |
itojun |
move per-interface ip6/icmp6 stat to ifnet->if_afdata. sync w/kame
|
#
1.23 |
|
23-May-2002 |
itojun |
simplify condition to perform DAD. sync w/kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.22 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.21 |
|
07-Dec-2001 |
itojun |
branches: 1.21.2; whitespace/comment sync with kame
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.20 |
|
23-Aug-2001 |
itojun |
suppress printf() on non-multicast interface. suppress ipv6 initialization for IFT_PFLOG.
|
#
1.19 |
|
23-Aug-2001 |
itojun |
don't try to enable IPv6 on IFT_PFLOG.
|
#
1.18 |
|
18-Jul-2001 |
itojun |
avoid using malloc() during interupt context for multicast kludge entry. allocate it on interface initialization.
|
#
1.17 |
|
09-Jun-2001 |
angelos |
No need for net/net_osdep.h
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.16 |
|
16-Feb-2001 |
itojun |
cosmetic sync with kame
|
#
1.15 |
|
07-Feb-2001 |
itojun |
by default, don't bark on inbound ND messages, as outsider may be able to fill up /var with bogus packets. setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid ND packet and other occasions.
improve icmp6 stats.
|
#
1.14 |
|
18-Jan-2001 |
itojun |
do not remove default route by mistake, on interface removal.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.13 |
|
25-Oct-2000 |
jason |
silence the "no multicast" warning for IFT_ENC, too deraadt ok
|
#
1.12 |
|
18-Oct-2000 |
itojun |
don't try to configure IPv6 on bridge*. comment from deraadt
|
#
1.11 |
|
02-Oct-2000 |
itojun |
fix missing \n. from doug@freebsd (sync with kame)
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.10 |
|
05-May-2000 |
itojun |
cope with interface detach (like pcmcia card removal). remove any IPv6 addresses assigned to the interface. reported by ho, bunch of help from niklas. KAME PR 231.
|
#
1.9 |
|
27-Apr-2000 |
itojun |
correct in6_ifdetach(). free oia, not ia. Lennart says there are more problems to go (I don't own openbsd-current laptop). From: Lennart Augustsson <augustss@augustsson.net>
|
#
1.8 |
|
17-Apr-2000 |
itojun |
revisit in6_ifattach(). (1) make it more persistent about initializaing an interface (2) cleanup interface id selection. run NUD on p2p interface (required by spec for bidir p2p interface). add "ndp -i interface" (can tweak per-interface ND flag). (sync with more recent kame)
|
#
1.7 |
|
02-Mar-2000 |
itojun |
do not add ifa_dstaddr for non-pointopoint interface. IPv6 has no concept for "broadcast".
|
Revision tags: SMP_BASE
|
#
1.6 |
|
07-Feb-2000 |
itojun |
branches: 1.6.2; fix include file path related to ip6.
|
#
1.5 |
|
04-Feb-2000 |
itojun |
more coverage of in6_ifdetach()'s cleanup process. bug fix in SIOCGIFADDR_IN6 (point to point case).
|
#
1.4 |
|
02-Feb-2000 |
itojun |
- improve in6_ifdetach to remove (1) multicast kludge list (2) route to link-local allnode multicast (ff02:x::/32) - fix ifnet refcnt'ing in multicast kludge list management. - avoid dangling pointer in multicast kludge management.
(angelos, try this version of in6_ifdetach() - it should be better)
|
#
1.3 |
|
10-Dec-1999 |
itojun |
use proper type for in6_first_ifid (char -> u_int8_t) suggested by: deraadt
|
#
1.2 |
|
10-Dec-1999 |
angelos |
Remove remaining unnecessary ifdefs (itojun will hate me for this :-)
|
Revision tags: kame_19991208
|
#
1.1 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
#
1.110 |
|
26-Aug-2018 |
mpi |
Do not add ::1 on non-default lo(4) as intended.
Reported by and ok sthen@
|
#
1.109 |
|
10-Jul-2018 |
florian |
When an interface doesn't have a layer 2 address in6_get_soii_ifid() failes and then later on a in in6_get_ifid() a layer 2 address is "borrowed" from from another interface.
Do the "borrowing" in in6_get_soii_ifid(), too so that semantically opaque interface identifiers work for these kind of interfaces, too.
OK phessler, benno
|
#
1.108 |
|
10-Jul-2018 |
florian |
When an interface doesn't have a layer 2 address in6_get_ifid() tries to "borrow" one from another interface. But then it checks if the U bit is set int the generated EUI64 address and rejects it. On the other hand for interfaces that do have a layer 2 address this check is skipped, so relax it for the "borrowing" case, too.
With this one gets stable link local addresses on e.g. gre(4) interfaces on certain virtualisation environments depending which mac addresses get picked for the vio(4) interfaces while previously we would end up with a random IP on every reboot.
Reported by Aaron A. Glenn via phessler.
OK phessler, benno
|
#
1.107 |
|
27-Mar-2018 |
dhill |
Use memcpy instead of bcopy when the memory does not overlap.
OK deraadt@ florian@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.106 |
|
13-Mar-2018 |
florian |
Calculate RFC7217 link-local style addresses the same way as slaacd(8).
RFC 7217 states (section 5, page 9): | The Interface Identifier is finally obtained by taking as many | bits from the RID value (computed in the previous step) as | necessary, starting from the least significant bit.
Problem in slaacd pointed out by semarie@.
OK sthen, phessler
|
#
1.105 |
|
10-Feb-2018 |
florian |
Implement RFC 7217: "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration."
"An IPv6 address configured using this method is stable within each subnet, but the corresponding Interface Identifier changes when the host moves from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware addresses."
OK naddy, sthen
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.104 |
|
01-Sep-2017 |
florian |
Use in6_get_rand_ifid() instead of get_last_resort_ifid() and delete the get_last_resort_ifid() function because eww. Also if your system is so constraint that you end up in in6_get_rand_ifid() you don't deserve a random ifid that stays stable over reboots. Simplify code a bit since get_ifid() can no longer fail. It couldn't fail before either because that code path was #if 0'ed. While here sprinkle in some in6_ prefixes, pointed out by stsp. OK stsp
|
#
1.103 |
|
11-Jul-2017 |
florian |
Purging is at last at hand. Day of Doom is here. All that is evil shall all be cleansed.
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Input & OK bluhm@, mpi@
|
#
1.102 |
|
16-May-2017 |
mpi |
Replace remaining splsoftassert(IPL_SOFTNET) by NET_ASSERT_LOCKED().
ok visa@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.101 |
|
29-Dec-2016 |
mpi |
Get rid of recursive splsoftnet() in in6_ifattach_linklocal().
ok visa@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.100 |
|
30-Jun-2016 |
mpi |
Restore the automagically added /64 route on p2p interfaces in order to send traffic to link-local addresses without default route.
Fix a regression reported by Michael Lechtermann, ok stsp@, sthen@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.99 |
|
02-Dec-2015 |
bluhm |
When destroying an interface, we have to wait until all references are not used anymore. This has to be done before any interface fields become invalid. As the route delete request cannot call if_get() anymore, pass down the interface. Split rtrequest_delete() into a separate function that may take an existing inteface. OK mpi@
|
#
1.98 |
|
24-Oct-2015 |
mpi |
Convert to rt_ifidx.
ok bluhm@
|
#
1.97 |
|
22-Oct-2015 |
bluhm |
Inspired by satosin(), use inline functions to convert sockaddr dl. Instead of casts they check wether the incoming object has the expected type. So introduce satosdl() and sdltosa() in the kernel. OK mpi@
|
#
1.96 |
|
12-Sep-2015 |
mpi |
Now that rtrequest1(9) properly sets RTF_UP for newly added route, stop passing it in every rt_ifa_add(9) calls.
ok claudio@
|
#
1.95 |
|
03-Sep-2015 |
mpi |
Change the order of operations for loopback interfaces to have ::1 configured before fe80::1.
(lo0:0) in pf should resolve to 127.0.0.1 ::1.
reported by and ok mikeb@
|
#
1.94 |
|
31-Aug-2015 |
mpi |
Do not install connected routes on loopback interfaces.
Previously loopback connected routes were managed via the global list of prefixes, which mean that systems with AUTOCONF'd addresses did not see them in the routing table.
This also makes inet6 route creation coherent with inet.
|
#
1.93 |
|
24-Aug-2015 |
mpi |
Start moving away from the global prefix list by limiting its usage to AUTOCONF'd addresses.
This prevent the kernel from removing connected (/64) routes as soon as it configures an AUTOCONF'd address based on a RA.
Tested by sebastia@, ok sthen@
|
#
1.92 |
|
24-Aug-2015 |
mpi |
Rework the code to decide when to perform DAD to no longer rely on the IN6_IFF_NODAD pseudo-flag not being set.
This was just a flag for spaghetti code that should not exist in the first place.
Tested by sebastia@, ok sthen@
|
#
1.91 |
|
17-Aug-2015 |
mpi |
Remove anoying comment about in6_update_ifa().
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.90 |
|
18-Jul-2015 |
mpi |
Merge two identical chunks to add new prefixes to the global data structures into a function.
ok florian@
|
#
1.89 |
|
16-Jul-2015 |
mpi |
Properly layer Router Solicitation code.
Tweak and ok florian@
|
#
1.88 |
|
08-Jun-2015 |
krw |
More damned eye searing whitespace. No change to .o files.
|
#
1.87 |
|
27-Apr-2015 |
mpi |
Do not call nd6_purge() before purging the IPv6 addresses of a detached interface.
Fix a use after free introduced in r1.98 of netinet6/in6.c and recently exposed by a crazy pool/malloc damage finder being currently refined by dlg@ and deraadt@.
ok mikeb@, henning@
|
#
1.86 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.85 |
|
05-Feb-2015 |
mpi |
Convert various rtrequest1(RTM_DELETE,...) calls to rtdeletemsg(9).
This unify some code and notify userland for free.
blambert@ agrees, ok bluhm@
|
#
1.84 |
|
28-Jan-2015 |
mpi |
Revert rtdeletemsg conversion. It was not ok'd, I misunderstood bluhm@'s email.
|
#
1.83 |
|
27-Jan-2015 |
mpi |
Ensure that link-local addresses are correctly configured on loopback interfaces.
When the kernel automagically configures IPv6 addresses on loopback interfaces, start by assigning a link-local address and then try to assign "::1".
Only the first configured loopback interface per rdomain can have the "::1" address. But even if other loopback interfaces failed to get this address, because it is already taken, give them a chance to have a link-local address.
While here change in6_ifattach() to return an error value and remove duplicated code.
Fix a regression introduced by the NOINET6 flag removal.
ok henning@, stsp@, florian@, benno@
|
#
1.82 |
|
26-Jan-2015 |
mpi |
Call rtdeletemsg(9) instead of rerolling its code. As a bonus you'll get userland notification for free.
ok blambert@, bluhm@
|
#
1.81 |
|
10-Jan-2015 |
mpi |
Correct some comments and merge in6_if_up() into in6_ifattach() to reflect that IPv6 link-local addresses are no longer automagically configured the first time an interface is brought up.
ok henning@, stsp@
|
#
1.80 |
|
08-Jan-2015 |
florian |
Clear autoconf6 flag after autoconf6 cleanup happened, not before. Otherwise clean up code will never run. OK mpi@, benno@, henning@
|
#
1.79 |
|
06-Jan-2015 |
stsp |
Remove the NOINET6 interface flag, a left-over from the times when IPv6 was enabled by default. Add AFATTACH/AFDETACH ioctls which enable/disable an address family for an interface (currently used for IPv6 only).
New kernel needs new ifconfig for IPv6 configuration (address assignment still works with old ifconfig making this easy to cross over).
Committing on behalf of henning@ who is currently lebensmittelvergiftet. ok stsp, benno, mpi
|
#
1.78 |
|
04-Dec-2014 |
tedu |
replace md5 with sha512. ok deraadt
|
#
1.77 |
|
20-Nov-2014 |
mpi |
What have no need for a variable that holds the maximum MTU size of interfaces with an IPv6 address.
ok henning@, mikeb@, deraadt@
|
#
1.76 |
|
18-Nov-2014 |
krw |
Nuke yet more obvious #include duplications.
ok miod@
|
#
1.75 |
|
18-Nov-2014 |
tedu |
move arc4random prototype to systm.h. more appropriate for most code to include that than rdnvar.h. ok deraadt dlg
|
#
1.74 |
|
01-Nov-2014 |
mpi |
Rename rtalloc1() into rtalloc(9) and convert its flags to only enable functionnality instead of a mix of enable/disable.
ok bluhm@, jca@
|
#
1.73 |
|
25-Aug-2014 |
florian |
Move sending of router solicitations to the kernel; receiving and processing of router advertisements was already in the kernel. With this rtsol{,d}(8) is no longer necessary.
The kernel starts sending solicitations with # ifconfig $IF inet6 autoconf or inet6 autoconf in /etc/hostname.$IF.
input stsp@ much help & OK mpi@ tweaks & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.72 |
|
01-Jul-2014 |
benno |
When a carp interface is created with IFXF_NOINET6 flag, no link-local address will be created when the vhid (and MAC) is set. Depending on the order of the configuration the interface can end up with a ipv6 address, but no v6 link-local and no working neigbor discovery.
Removing this case statement will result in the link-local address being configured by "ifconfig up" if the inet6 address was configured before. If you are using inet6 on carp, put an "up" at the end of your hostname.if. I will work on a better solution at g2k14.
ok henning, mpi
|
#
1.71 |
|
26-Jun-2014 |
mpi |
Calling in{6,}_purgeaddr() is not enough to remove an address from an interface. Two other operations are performed when issuing a SIOCDIFADDR{_IN6,} ioctl: call the address hook and the per-driver ioctl function.
Since carp(4) relies on an address hook to recalculate its hash, make sure to call this hook when IFXF_NOINET6 is set or when the rdomain is changed.
ok henning@, mikeb@
|
#
1.70 |
|
03-Jun-2014 |
mpi |
Do not include <sys/malloc.h> where it is not needed.
|
#
1.69 |
|
20-May-2014 |
mpi |
Fix eui64 address generation, broken since the removal of the link-layer address from the per-ifp list.
Found the hard way by weerd@, florian@ and stsp@, ok florian@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.68 |
|
21-Jan-2014 |
mpi |
Do not clean the multicast records of an interface when it is destroyed (unplugged). Even if it makes no sense to keep them around if the interface is no more, we cannot safely remove them since pcb multicast options might keep a pointer to them.
Fixes a user after free introduced by the multicast address linking rewrite and reported by Alexey Suslikov, thanks!
ok claudio@
|
#
1.67 |
|
13-Jan-2014 |
bluhm |
Call all local valiables of type struct in6_ifaddr "ia6". This is consistent with struct ifaddr "ifa" and struct in_ifaddr "ia". OK mpi@
|
#
1.66 |
|
07-Jan-2014 |
stsp |
Some follow-up fixes for IFID collision handling in IPv6CP.
Really change the link-local address in the unlikely event of an IFID collision, instead of going into an infinite conf-nak loop with the peer.
To make the netinet6 code use the IPv6CP IFID in a new link-local address, in6_ifattach_linklocal() must accept a provided IFID. Replace the unused 'altifp' parameter with a new 'ifid' parameter for this purpose.
Always use the latest suggested address in IPv6CP replies, even if the task to update the interface's address hasn't run yet. Also, clear the ifindex (KAME hack) in addresses sent during IPv6CP.
ok mpi
|
#
1.65 |
|
06-Jan-2014 |
stsp |
Make in6_ifdetach() remove the ff01::1 route for the detaching interface, too. The route used to linger after an interface detached from IPv6. ok mikeb
|
#
1.64 |
|
28-Nov-2013 |
mpi |
Change the way protocol multicast addresses are linked to an interface.
Instead of linking multicast records to the first configured address of the corresponding protocol, making this address and its position in the global list special, add them to a new list directly linked to the interface descriptor.
This new multicast address list is similar to the address list, all its elements contain a protocol agnostic part. This design allows us to be able to join a multicast group without necessarily having a configured address. That means IPv6 multicast kludges are no longer needed.
Another benefit is to be able to add and remove an IP address from an interface without worrying about multicast records. That means that the global IPv4 list is no longer needed since the first configured address of an interface is no longer special.
This new list might also be extended in the future to contain the link-layer addresses used to configure hardware filters.
Tested by sthen@ and weerd@, ok mikeb@
|
#
1.63 |
|
19-Nov-2013 |
mpi |
Remove some FDDI/ATM leftovers.
ok mikeb@, henning@, deraadt@, brad@, miod@
|
#
1.62 |
|
17-Oct-2013 |
bluhm |
The header file netinet/in_var.h included netinet6/in6_var.h. This created a bunch of useless dependencies. Remove this implicit inclusion and do an explicit #include <netinet6/in6_var.h> when it is needed. OK mpi@ henning@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.61 |
|
31-May-2013 |
bluhm |
Remove a bunch of sockaddr_in6 pointer casts and replace others with sin6tosa() or satosin6() inline functions. This allows the compiler to check the types more strictly. OK mpi@
|
#
1.60 |
|
26-Mar-2013 |
bluhm |
Remove a block of dead code in in6_ifdetach(). It was never executed due to the wrong & in satosin6(&ifa->ifa_addr). The link local prefix fe80 was not checked within the IPv6 address, but within some pointers of the interface address struct. The whole loop around this was also never executed as all IPv6 addresses had already been purged. OK sperreault@ mpi@ mikeb@
|
#
1.59 |
|
25-Mar-2013 |
mpi |
Substitute the handcrafted list of IPv6 addresses by a proper TAILQ.
ok bluhm@, mikeb@
|
#
1.58 |
|
07-Mar-2013 |
mpi |
Remove the IFAFREE() macro, the ifafree() function it was calling already check for the reference counter.
ok mikeb@, miod@, pelikan@, kettenis@, krw@
|
#
1.57 |
|
04-Mar-2013 |
bluhm |
Replace the cast to struct in6_ifaddr pointer with the ifatoia6() macro. No binary change. OK claudio@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.56 |
|
19-Sep-2012 |
bluhm |
Use TAILQ_FOREACH macro for loops. No binary diff. OK henning@
|
#
1.55 |
|
21-Aug-2012 |
bluhm |
Reverse the name and meaning of the IFXF_INET6_PRIVACY interface flag. It is now called IFXF_INET6_NOPRIVACY. So IPv6 privacy addresses are on by default without resetting the flag during ifconfig down/up. OK stsp@, sperreault@ (who wrote the same diff)
|
#
1.54 |
|
15-Aug-2012 |
sperreault |
Enable IPv6 autoconfprivacy by default
diff originally by stsp@ "please commit it" deraadt@ "don't care" stsp@ "don't like" bluhm@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.53 |
|
03-Jan-2012 |
bluhm |
To access the ifaddr of an in_ifaddr or in6_ifaddr struct, it is cleaner to access the first member via ia_ifa instead of casting. No binary change. ok henning@ krw@
|
#
1.52 |
|
24-Nov-2011 |
sperreault |
rdomain support for IPv6 ok mikeb
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.51 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.50 |
|
08-Feb-2010 |
jsing |
More destatic and ansification.
ok claudio@ naddy@
|
#
1.49 |
|
13-Jan-2010 |
henning |
instead of fiddling with the per-interface address lists directly in many places create a proper API (ifa_add / ifa_del) and use it. ok theo ryan dlg
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.48 |
|
30-Jan-2009 |
mcbride |
"XXX: should this be performed under splnet()?"... Yes, yes it should. Interface configuration causes neighbour discoverery, which runs packets through parts of the stack that require at least splsoftnet(), like pf and pfsync.
ok dlg
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.47 |
|
11-Jun-2008 |
mcbride |
ANSIfy to sync with KAME. From Karl Sjodahl <dunceor@gmail.com>.
ok todd deraadt naddy bluhm
|
#
1.46 |
|
11-May-2008 |
claudio |
rtrequest to rtrequest1 conversion in inet6. With that no rtrequest should be left over. OK henning@
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.45 |
|
08-Jun-2007 |
henning |
kill arcnet leftovers, some pt out by Mike Belopuhov <mkb@crypt.org.ru>, some I found afterwards, ok dlg
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.44 |
|
15-Nov-2006 |
itojun |
unifdef -USCOPEDROUTING
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.43 |
|
31-Aug-2006 |
mcbride |
Automatically add a IPv6 link-local address to carp interfaces when the virtual MAC address is set. Among other things, this makes route6d work correctly on systems with carp interfaces.
In order to ensure backwards compatibility, we do not include IPv6 link-local addresses in generating the HMAC, but we accept HMACs with AND without the link-local addresses. They will be added to the HMAC in a future release.
In short: this change should only affect backwards compatibility for IPv6 users who are manually adding link-local addresses on carp interfaces.
testing mtu@ todd@ ok mpf@ henning@ deraadt@
|
#
1.42 |
|
16-Jun-2006 |
henning |
adjust functions dealing with the routing table to take a table ID as parameter so they can work on alternate tables. table 0 hardcoded for many callers yet, that will be adapted step by step. input + ok claudio norby hshoexer
|
#
1.41 |
|
27-May-2006 |
claudio |
Do the same thing as for IPv4. Use a sysctl to enable/disable mfrowarding and additionaly make the code part of the MROUTING option. Put it in deraadt@
|
#
1.40 |
|
05-Mar-2006 |
miod |
Use more queue macros rather than doing it by hand; ok otto@ krw@
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.39 |
|
23-May-2005 |
mpf |
carp needs a multicast kludge storage. Fixes PR 4211. OK mcbride@
|
#
1.38 |
|
21-Apr-2005 |
itojun |
remove (now obsolete) handling of IFT_PROPVIRTUAL/bridge*. tested by camield@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.37 |
|
07-Dec-2004 |
mcbride |
Convert carp(4) to behave more like a regular interface, much in the same style as vlan(4). carp interfaces no longer require the physical interface to be on the same subnet as the carp interface, or even that the physical interface has an adress at all, so CARP can now be used on /30 networks.
ok deraadt@ henning@
|
Revision tags: OPENBSD_3_6_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.36 |
|
07-May-2004 |
millert |
Replace RSA-derived md5 code with code derived from Colin Plumb's PD version. This moves md5.c out of libkern and into sys/crypto where it belongs (as requested by markus@). Note that md5.c is still mandatory (dev/rnd.c uses it). Verified with IPsec + hmac-md5 and tcp md5sig. OK henning@ and hshoexer@
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE
|
#
1.35 |
|
08-Jul-2003 |
itojun |
on interface removal, clear multicast forwarding stuff. from kame
|
#
1.34 |
|
28-Jun-2003 |
itojun |
i don't think pfsync needs a link-local addr.
|
Revision tags: UBC_SYNC_A
|
#
1.33 |
|
14-May-2003 |
itojun |
it is unlikely that we introduce 6to4 interface (IFT_STF) to openbsd.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_B
|
#
1.32 |
|
12-Sep-2002 |
itojun |
configure "next" pointer correctly. from j@pureftpd.org
|
#
1.31 |
|
11-Sep-2002 |
itojun |
fix pointer signedness mixup. sync w/kame
|
#
1.30 |
|
11-Sep-2002 |
itojun |
KNF - return is not a function. sync w/kame
|
#
1.29 |
|
11-Jun-2002 |
itojun |
silence some of log(), as the codepath will be visited for IPv6-non-capable interfaces too and can be annoying. net.inet6.icmp6.nd6_debug will re-enable them.
|
#
1.28 |
|
11-Jun-2002 |
itojun |
whitespace
|
#
1.27 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.26 |
|
07-Jun-2002 |
itojun |
whitespace sync w/kame
|
#
1.25 |
|
29-May-2002 |
itojun |
attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
|
#
1.24 |
|
29-May-2002 |
itojun |
move per-interface ip6/icmp6 stat to ifnet->if_afdata. sync w/kame
|
#
1.23 |
|
23-May-2002 |
itojun |
simplify condition to perform DAD. sync w/kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.22 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.21 |
|
07-Dec-2001 |
itojun |
branches: 1.21.2; whitespace/comment sync with kame
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.20 |
|
23-Aug-2001 |
itojun |
suppress printf() on non-multicast interface. suppress ipv6 initialization for IFT_PFLOG.
|
#
1.19 |
|
23-Aug-2001 |
itojun |
don't try to enable IPv6 on IFT_PFLOG.
|
#
1.18 |
|
18-Jul-2001 |
itojun |
avoid using malloc() during interupt context for multicast kludge entry. allocate it on interface initialization.
|
#
1.17 |
|
09-Jun-2001 |
angelos |
No need for net/net_osdep.h
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.16 |
|
16-Feb-2001 |
itojun |
cosmetic sync with kame
|
#
1.15 |
|
07-Feb-2001 |
itojun |
by default, don't bark on inbound ND messages, as outsider may be able to fill up /var with bogus packets. setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid ND packet and other occasions.
improve icmp6 stats.
|
#
1.14 |
|
18-Jan-2001 |
itojun |
do not remove default route by mistake, on interface removal.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.13 |
|
25-Oct-2000 |
jason |
silence the "no multicast" warning for IFT_ENC, too deraadt ok
|
#
1.12 |
|
18-Oct-2000 |
itojun |
don't try to configure IPv6 on bridge*. comment from deraadt
|
#
1.11 |
|
02-Oct-2000 |
itojun |
fix missing \n. from doug@freebsd (sync with kame)
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.10 |
|
05-May-2000 |
itojun |
cope with interface detach (like pcmcia card removal). remove any IPv6 addresses assigned to the interface. reported by ho, bunch of help from niklas. KAME PR 231.
|
#
1.9 |
|
27-Apr-2000 |
itojun |
correct in6_ifdetach(). free oia, not ia. Lennart says there are more problems to go (I don't own openbsd-current laptop). From: Lennart Augustsson <augustss@augustsson.net>
|
#
1.8 |
|
17-Apr-2000 |
itojun |
revisit in6_ifattach(). (1) make it more persistent about initializaing an interface (2) cleanup interface id selection. run NUD on p2p interface (required by spec for bidir p2p interface). add "ndp -i interface" (can tweak per-interface ND flag). (sync with more recent kame)
|
#
1.7 |
|
02-Mar-2000 |
itojun |
do not add ifa_dstaddr for non-pointopoint interface. IPv6 has no concept for "broadcast".
|
Revision tags: SMP_BASE
|
#
1.6 |
|
07-Feb-2000 |
itojun |
branches: 1.6.2; fix include file path related to ip6.
|
#
1.5 |
|
04-Feb-2000 |
itojun |
more coverage of in6_ifdetach()'s cleanup process. bug fix in SIOCGIFADDR_IN6 (point to point case).
|
#
1.4 |
|
02-Feb-2000 |
itojun |
- improve in6_ifdetach to remove (1) multicast kludge list (2) route to link-local allnode multicast (ff02:x::/32) - fix ifnet refcnt'ing in multicast kludge list management. - avoid dangling pointer in multicast kludge management.
(angelos, try this version of in6_ifdetach() - it should be better)
|
#
1.3 |
|
10-Dec-1999 |
itojun |
use proper type for in6_first_ifid (char -> u_int8_t) suggested by: deraadt
|
#
1.2 |
|
10-Dec-1999 |
angelos |
Remove remaining unnecessary ifdefs (itojun will hate me for this :-)
|
Revision tags: kame_19991208
|
#
1.1 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
#
1.109 |
|
10-Jul-2018 |
florian |
When an interface doesn't have a layer 2 address in6_get_soii_ifid() failes and then later on a in in6_get_ifid() a layer 2 address is "borrowed" from from another interface.
Do the "borrowing" in in6_get_soii_ifid(), too so that semantically opaque interface identifiers work for these kind of interfaces, too.
OK phessler, benno
|
#
1.108 |
|
10-Jul-2018 |
florian |
When an interface doesn't have a layer 2 address in6_get_ifid() tries to "borrow" one from another interface. But then it checks if the U bit is set int the generated EUI64 address and rejects it. On the other hand for interfaces that do have a layer 2 address this check is skipped, so relax it for the "borrowing" case, too.
With this one gets stable link local addresses on e.g. gre(4) interfaces on certain virtualisation environments depending which mac addresses get picked for the vio(4) interfaces while previously we would end up with a random IP on every reboot.
Reported by Aaron A. Glenn via phessler.
OK phessler, benno
|
#
1.107 |
|
27-Mar-2018 |
dhill |
Use memcpy instead of bcopy when the memory does not overlap.
OK deraadt@ florian@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.106 |
|
13-Mar-2018 |
florian |
Calculate RFC7217 link-local style addresses the same way as slaacd(8).
RFC 7217 states (section 5, page 9): | The Interface Identifier is finally obtained by taking as many | bits from the RID value (computed in the previous step) as | necessary, starting from the least significant bit.
Problem in slaacd pointed out by semarie@.
OK sthen, phessler
|
#
1.105 |
|
10-Feb-2018 |
florian |
Implement RFC 7217: "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration."
"An IPv6 address configured using this method is stable within each subnet, but the corresponding Interface Identifier changes when the host moves from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware addresses."
OK naddy, sthen
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.104 |
|
01-Sep-2017 |
florian |
Use in6_get_rand_ifid() instead of get_last_resort_ifid() and delete the get_last_resort_ifid() function because eww. Also if your system is so constraint that you end up in in6_get_rand_ifid() you don't deserve a random ifid that stays stable over reboots. Simplify code a bit since get_ifid() can no longer fail. It couldn't fail before either because that code path was #if 0'ed. While here sprinkle in some in6_ prefixes, pointed out by stsp. OK stsp
|
#
1.103 |
|
11-Jul-2017 |
florian |
Purging is at last at hand. Day of Doom is here. All that is evil shall all be cleansed.
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Input & OK bluhm@, mpi@
|
#
1.102 |
|
16-May-2017 |
mpi |
Replace remaining splsoftassert(IPL_SOFTNET) by NET_ASSERT_LOCKED().
ok visa@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.101 |
|
29-Dec-2016 |
mpi |
Get rid of recursive splsoftnet() in in6_ifattach_linklocal().
ok visa@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.100 |
|
30-Jun-2016 |
mpi |
Restore the automagically added /64 route on p2p interfaces in order to send traffic to link-local addresses without default route.
Fix a regression reported by Michael Lechtermann, ok stsp@, sthen@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.99 |
|
02-Dec-2015 |
bluhm |
When destroying an interface, we have to wait until all references are not used anymore. This has to be done before any interface fields become invalid. As the route delete request cannot call if_get() anymore, pass down the interface. Split rtrequest_delete() into a separate function that may take an existing inteface. OK mpi@
|
#
1.98 |
|
24-Oct-2015 |
mpi |
Convert to rt_ifidx.
ok bluhm@
|
#
1.97 |
|
22-Oct-2015 |
bluhm |
Inspired by satosin(), use inline functions to convert sockaddr dl. Instead of casts they check wether the incoming object has the expected type. So introduce satosdl() and sdltosa() in the kernel. OK mpi@
|
#
1.96 |
|
12-Sep-2015 |
mpi |
Now that rtrequest1(9) properly sets RTF_UP for newly added route, stop passing it in every rt_ifa_add(9) calls.
ok claudio@
|
#
1.95 |
|
03-Sep-2015 |
mpi |
Change the order of operations for loopback interfaces to have ::1 configured before fe80::1.
(lo0:0) in pf should resolve to 127.0.0.1 ::1.
reported by and ok mikeb@
|
#
1.94 |
|
31-Aug-2015 |
mpi |
Do not install connected routes on loopback interfaces.
Previously loopback connected routes were managed via the global list of prefixes, which mean that systems with AUTOCONF'd addresses did not see them in the routing table.
This also makes inet6 route creation coherent with inet.
|
#
1.93 |
|
24-Aug-2015 |
mpi |
Start moving away from the global prefix list by limiting its usage to AUTOCONF'd addresses.
This prevent the kernel from removing connected (/64) routes as soon as it configures an AUTOCONF'd address based on a RA.
Tested by sebastia@, ok sthen@
|
#
1.92 |
|
24-Aug-2015 |
mpi |
Rework the code to decide when to perform DAD to no longer rely on the IN6_IFF_NODAD pseudo-flag not being set.
This was just a flag for spaghetti code that should not exist in the first place.
Tested by sebastia@, ok sthen@
|
#
1.91 |
|
17-Aug-2015 |
mpi |
Remove anoying comment about in6_update_ifa().
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.90 |
|
18-Jul-2015 |
mpi |
Merge two identical chunks to add new prefixes to the global data structures into a function.
ok florian@
|
#
1.89 |
|
16-Jul-2015 |
mpi |
Properly layer Router Solicitation code.
Tweak and ok florian@
|
#
1.88 |
|
08-Jun-2015 |
krw |
More damned eye searing whitespace. No change to .o files.
|
#
1.87 |
|
27-Apr-2015 |
mpi |
Do not call nd6_purge() before purging the IPv6 addresses of a detached interface.
Fix a use after free introduced in r1.98 of netinet6/in6.c and recently exposed by a crazy pool/malloc damage finder being currently refined by dlg@ and deraadt@.
ok mikeb@, henning@
|
#
1.86 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.85 |
|
05-Feb-2015 |
mpi |
Convert various rtrequest1(RTM_DELETE,...) calls to rtdeletemsg(9).
This unify some code and notify userland for free.
blambert@ agrees, ok bluhm@
|
#
1.84 |
|
28-Jan-2015 |
mpi |
Revert rtdeletemsg conversion. It was not ok'd, I misunderstood bluhm@'s email.
|
#
1.83 |
|
27-Jan-2015 |
mpi |
Ensure that link-local addresses are correctly configured on loopback interfaces.
When the kernel automagically configures IPv6 addresses on loopback interfaces, start by assigning a link-local address and then try to assign "::1".
Only the first configured loopback interface per rdomain can have the "::1" address. But even if other loopback interfaces failed to get this address, because it is already taken, give them a chance to have a link-local address.
While here change in6_ifattach() to return an error value and remove duplicated code.
Fix a regression introduced by the NOINET6 flag removal.
ok henning@, stsp@, florian@, benno@
|
#
1.82 |
|
26-Jan-2015 |
mpi |
Call rtdeletemsg(9) instead of rerolling its code. As a bonus you'll get userland notification for free.
ok blambert@, bluhm@
|
#
1.81 |
|
10-Jan-2015 |
mpi |
Correct some comments and merge in6_if_up() into in6_ifattach() to reflect that IPv6 link-local addresses are no longer automagically configured the first time an interface is brought up.
ok henning@, stsp@
|
#
1.80 |
|
08-Jan-2015 |
florian |
Clear autoconf6 flag after autoconf6 cleanup happened, not before. Otherwise clean up code will never run. OK mpi@, benno@, henning@
|
#
1.79 |
|
06-Jan-2015 |
stsp |
Remove the NOINET6 interface flag, a left-over from the times when IPv6 was enabled by default. Add AFATTACH/AFDETACH ioctls which enable/disable an address family for an interface (currently used for IPv6 only).
New kernel needs new ifconfig for IPv6 configuration (address assignment still works with old ifconfig making this easy to cross over).
Committing on behalf of henning@ who is currently lebensmittelvergiftet. ok stsp, benno, mpi
|
#
1.78 |
|
04-Dec-2014 |
tedu |
replace md5 with sha512. ok deraadt
|
#
1.77 |
|
20-Nov-2014 |
mpi |
What have no need for a variable that holds the maximum MTU size of interfaces with an IPv6 address.
ok henning@, mikeb@, deraadt@
|
#
1.76 |
|
18-Nov-2014 |
krw |
Nuke yet more obvious #include duplications.
ok miod@
|
#
1.75 |
|
18-Nov-2014 |
tedu |
move arc4random prototype to systm.h. more appropriate for most code to include that than rdnvar.h. ok deraadt dlg
|
#
1.74 |
|
01-Nov-2014 |
mpi |
Rename rtalloc1() into rtalloc(9) and convert its flags to only enable functionnality instead of a mix of enable/disable.
ok bluhm@, jca@
|
#
1.73 |
|
25-Aug-2014 |
florian |
Move sending of router solicitations to the kernel; receiving and processing of router advertisements was already in the kernel. With this rtsol{,d}(8) is no longer necessary.
The kernel starts sending solicitations with # ifconfig $IF inet6 autoconf or inet6 autoconf in /etc/hostname.$IF.
input stsp@ much help & OK mpi@ tweaks & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.72 |
|
01-Jul-2014 |
benno |
When a carp interface is created with IFXF_NOINET6 flag, no link-local address will be created when the vhid (and MAC) is set. Depending on the order of the configuration the interface can end up with a ipv6 address, but no v6 link-local and no working neigbor discovery.
Removing this case statement will result in the link-local address being configured by "ifconfig up" if the inet6 address was configured before. If you are using inet6 on carp, put an "up" at the end of your hostname.if. I will work on a better solution at g2k14.
ok henning, mpi
|
#
1.71 |
|
26-Jun-2014 |
mpi |
Calling in{6,}_purgeaddr() is not enough to remove an address from an interface. Two other operations are performed when issuing a SIOCDIFADDR{_IN6,} ioctl: call the address hook and the per-driver ioctl function.
Since carp(4) relies on an address hook to recalculate its hash, make sure to call this hook when IFXF_NOINET6 is set or when the rdomain is changed.
ok henning@, mikeb@
|
#
1.70 |
|
03-Jun-2014 |
mpi |
Do not include <sys/malloc.h> where it is not needed.
|
#
1.69 |
|
20-May-2014 |
mpi |
Fix eui64 address generation, broken since the removal of the link-layer address from the per-ifp list.
Found the hard way by weerd@, florian@ and stsp@, ok florian@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.68 |
|
21-Jan-2014 |
mpi |
Do not clean the multicast records of an interface when it is destroyed (unplugged). Even if it makes no sense to keep them around if the interface is no more, we cannot safely remove them since pcb multicast options might keep a pointer to them.
Fixes a user after free introduced by the multicast address linking rewrite and reported by Alexey Suslikov, thanks!
ok claudio@
|
#
1.67 |
|
13-Jan-2014 |
bluhm |
Call all local valiables of type struct in6_ifaddr "ia6". This is consistent with struct ifaddr "ifa" and struct in_ifaddr "ia". OK mpi@
|
#
1.66 |
|
07-Jan-2014 |
stsp |
Some follow-up fixes for IFID collision handling in IPv6CP.
Really change the link-local address in the unlikely event of an IFID collision, instead of going into an infinite conf-nak loop with the peer.
To make the netinet6 code use the IPv6CP IFID in a new link-local address, in6_ifattach_linklocal() must accept a provided IFID. Replace the unused 'altifp' parameter with a new 'ifid' parameter for this purpose.
Always use the latest suggested address in IPv6CP replies, even if the task to update the interface's address hasn't run yet. Also, clear the ifindex (KAME hack) in addresses sent during IPv6CP.
ok mpi
|
#
1.65 |
|
06-Jan-2014 |
stsp |
Make in6_ifdetach() remove the ff01::1 route for the detaching interface, too. The route used to linger after an interface detached from IPv6. ok mikeb
|
#
1.64 |
|
28-Nov-2013 |
mpi |
Change the way protocol multicast addresses are linked to an interface.
Instead of linking multicast records to the first configured address of the corresponding protocol, making this address and its position in the global list special, add them to a new list directly linked to the interface descriptor.
This new multicast address list is similar to the address list, all its elements contain a protocol agnostic part. This design allows us to be able to join a multicast group without necessarily having a configured address. That means IPv6 multicast kludges are no longer needed.
Another benefit is to be able to add and remove an IP address from an interface without worrying about multicast records. That means that the global IPv4 list is no longer needed since the first configured address of an interface is no longer special.
This new list might also be extended in the future to contain the link-layer addresses used to configure hardware filters.
Tested by sthen@ and weerd@, ok mikeb@
|
#
1.63 |
|
19-Nov-2013 |
mpi |
Remove some FDDI/ATM leftovers.
ok mikeb@, henning@, deraadt@, brad@, miod@
|
#
1.62 |
|
17-Oct-2013 |
bluhm |
The header file netinet/in_var.h included netinet6/in6_var.h. This created a bunch of useless dependencies. Remove this implicit inclusion and do an explicit #include <netinet6/in6_var.h> when it is needed. OK mpi@ henning@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.61 |
|
31-May-2013 |
bluhm |
Remove a bunch of sockaddr_in6 pointer casts and replace others with sin6tosa() or satosin6() inline functions. This allows the compiler to check the types more strictly. OK mpi@
|
#
1.60 |
|
26-Mar-2013 |
bluhm |
Remove a block of dead code in in6_ifdetach(). It was never executed due to the wrong & in satosin6(&ifa->ifa_addr). The link local prefix fe80 was not checked within the IPv6 address, but within some pointers of the interface address struct. The whole loop around this was also never executed as all IPv6 addresses had already been purged. OK sperreault@ mpi@ mikeb@
|
#
1.59 |
|
25-Mar-2013 |
mpi |
Substitute the handcrafted list of IPv6 addresses by a proper TAILQ.
ok bluhm@, mikeb@
|
#
1.58 |
|
07-Mar-2013 |
mpi |
Remove the IFAFREE() macro, the ifafree() function it was calling already check for the reference counter.
ok mikeb@, miod@, pelikan@, kettenis@, krw@
|
#
1.57 |
|
04-Mar-2013 |
bluhm |
Replace the cast to struct in6_ifaddr pointer with the ifatoia6() macro. No binary change. OK claudio@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.56 |
|
19-Sep-2012 |
bluhm |
Use TAILQ_FOREACH macro for loops. No binary diff. OK henning@
|
#
1.55 |
|
21-Aug-2012 |
bluhm |
Reverse the name and meaning of the IFXF_INET6_PRIVACY interface flag. It is now called IFXF_INET6_NOPRIVACY. So IPv6 privacy addresses are on by default without resetting the flag during ifconfig down/up. OK stsp@, sperreault@ (who wrote the same diff)
|
#
1.54 |
|
15-Aug-2012 |
sperreault |
Enable IPv6 autoconfprivacy by default
diff originally by stsp@ "please commit it" deraadt@ "don't care" stsp@ "don't like" bluhm@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.53 |
|
03-Jan-2012 |
bluhm |
To access the ifaddr of an in_ifaddr or in6_ifaddr struct, it is cleaner to access the first member via ia_ifa instead of casting. No binary change. ok henning@ krw@
|
#
1.52 |
|
24-Nov-2011 |
sperreault |
rdomain support for IPv6 ok mikeb
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.51 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.50 |
|
08-Feb-2010 |
jsing |
More destatic and ansification.
ok claudio@ naddy@
|
#
1.49 |
|
13-Jan-2010 |
henning |
instead of fiddling with the per-interface address lists directly in many places create a proper API (ifa_add / ifa_del) and use it. ok theo ryan dlg
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.48 |
|
30-Jan-2009 |
mcbride |
"XXX: should this be performed under splnet()?"... Yes, yes it should. Interface configuration causes neighbour discoverery, which runs packets through parts of the stack that require at least splsoftnet(), like pf and pfsync.
ok dlg
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.47 |
|
11-Jun-2008 |
mcbride |
ANSIfy to sync with KAME. From Karl Sjodahl <dunceor@gmail.com>.
ok todd deraadt naddy bluhm
|
#
1.46 |
|
11-May-2008 |
claudio |
rtrequest to rtrequest1 conversion in inet6. With that no rtrequest should be left over. OK henning@
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.45 |
|
08-Jun-2007 |
henning |
kill arcnet leftovers, some pt out by Mike Belopuhov <mkb@crypt.org.ru>, some I found afterwards, ok dlg
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.44 |
|
15-Nov-2006 |
itojun |
unifdef -USCOPEDROUTING
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.43 |
|
31-Aug-2006 |
mcbride |
Automatically add a IPv6 link-local address to carp interfaces when the virtual MAC address is set. Among other things, this makes route6d work correctly on systems with carp interfaces.
In order to ensure backwards compatibility, we do not include IPv6 link-local addresses in generating the HMAC, but we accept HMACs with AND without the link-local addresses. They will be added to the HMAC in a future release.
In short: this change should only affect backwards compatibility for IPv6 users who are manually adding link-local addresses on carp interfaces.
testing mtu@ todd@ ok mpf@ henning@ deraadt@
|
#
1.42 |
|
16-Jun-2006 |
henning |
adjust functions dealing with the routing table to take a table ID as parameter so they can work on alternate tables. table 0 hardcoded for many callers yet, that will be adapted step by step. input + ok claudio norby hshoexer
|
#
1.41 |
|
27-May-2006 |
claudio |
Do the same thing as for IPv4. Use a sysctl to enable/disable mfrowarding and additionaly make the code part of the MROUTING option. Put it in deraadt@
|
#
1.40 |
|
05-Mar-2006 |
miod |
Use more queue macros rather than doing it by hand; ok otto@ krw@
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.39 |
|
23-May-2005 |
mpf |
carp needs a multicast kludge storage. Fixes PR 4211. OK mcbride@
|
#
1.38 |
|
21-Apr-2005 |
itojun |
remove (now obsolete) handling of IFT_PROPVIRTUAL/bridge*. tested by camield@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.37 |
|
07-Dec-2004 |
mcbride |
Convert carp(4) to behave more like a regular interface, much in the same style as vlan(4). carp interfaces no longer require the physical interface to be on the same subnet as the carp interface, or even that the physical interface has an adress at all, so CARP can now be used on /30 networks.
ok deraadt@ henning@
|
Revision tags: OPENBSD_3_6_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.36 |
|
07-May-2004 |
millert |
Replace RSA-derived md5 code with code derived from Colin Plumb's PD version. This moves md5.c out of libkern and into sys/crypto where it belongs (as requested by markus@). Note that md5.c is still mandatory (dev/rnd.c uses it). Verified with IPsec + hmac-md5 and tcp md5sig. OK henning@ and hshoexer@
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE
|
#
1.35 |
|
08-Jul-2003 |
itojun |
on interface removal, clear multicast forwarding stuff. from kame
|
#
1.34 |
|
28-Jun-2003 |
itojun |
i don't think pfsync needs a link-local addr.
|
Revision tags: UBC_SYNC_A
|
#
1.33 |
|
14-May-2003 |
itojun |
it is unlikely that we introduce 6to4 interface (IFT_STF) to openbsd.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_B
|
#
1.32 |
|
12-Sep-2002 |
itojun |
configure "next" pointer correctly. from j@pureftpd.org
|
#
1.31 |
|
11-Sep-2002 |
itojun |
fix pointer signedness mixup. sync w/kame
|
#
1.30 |
|
11-Sep-2002 |
itojun |
KNF - return is not a function. sync w/kame
|
#
1.29 |
|
11-Jun-2002 |
itojun |
silence some of log(), as the codepath will be visited for IPv6-non-capable interfaces too and can be annoying. net.inet6.icmp6.nd6_debug will re-enable them.
|
#
1.28 |
|
11-Jun-2002 |
itojun |
whitespace
|
#
1.27 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.26 |
|
07-Jun-2002 |
itojun |
whitespace sync w/kame
|
#
1.25 |
|
29-May-2002 |
itojun |
attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
|
#
1.24 |
|
29-May-2002 |
itojun |
move per-interface ip6/icmp6 stat to ifnet->if_afdata. sync w/kame
|
#
1.23 |
|
23-May-2002 |
itojun |
simplify condition to perform DAD. sync w/kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.22 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.21 |
|
07-Dec-2001 |
itojun |
branches: 1.21.2; whitespace/comment sync with kame
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.20 |
|
23-Aug-2001 |
itojun |
suppress printf() on non-multicast interface. suppress ipv6 initialization for IFT_PFLOG.
|
#
1.19 |
|
23-Aug-2001 |
itojun |
don't try to enable IPv6 on IFT_PFLOG.
|
#
1.18 |
|
18-Jul-2001 |
itojun |
avoid using malloc() during interupt context for multicast kludge entry. allocate it on interface initialization.
|
#
1.17 |
|
09-Jun-2001 |
angelos |
No need for net/net_osdep.h
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.16 |
|
16-Feb-2001 |
itojun |
cosmetic sync with kame
|
#
1.15 |
|
07-Feb-2001 |
itojun |
by default, don't bark on inbound ND messages, as outsider may be able to fill up /var with bogus packets. setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid ND packet and other occasions.
improve icmp6 stats.
|
#
1.14 |
|
18-Jan-2001 |
itojun |
do not remove default route by mistake, on interface removal.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.13 |
|
25-Oct-2000 |
jason |
silence the "no multicast" warning for IFT_ENC, too deraadt ok
|
#
1.12 |
|
18-Oct-2000 |
itojun |
don't try to configure IPv6 on bridge*. comment from deraadt
|
#
1.11 |
|
02-Oct-2000 |
itojun |
fix missing \n. from doug@freebsd (sync with kame)
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.10 |
|
05-May-2000 |
itojun |
cope with interface detach (like pcmcia card removal). remove any IPv6 addresses assigned to the interface. reported by ho, bunch of help from niklas. KAME PR 231.
|
#
1.9 |
|
27-Apr-2000 |
itojun |
correct in6_ifdetach(). free oia, not ia. Lennart says there are more problems to go (I don't own openbsd-current laptop). From: Lennart Augustsson <augustss@augustsson.net>
|
#
1.8 |
|
17-Apr-2000 |
itojun |
revisit in6_ifattach(). (1) make it more persistent about initializaing an interface (2) cleanup interface id selection. run NUD on p2p interface (required by spec for bidir p2p interface). add "ndp -i interface" (can tweak per-interface ND flag). (sync with more recent kame)
|
#
1.7 |
|
02-Mar-2000 |
itojun |
do not add ifa_dstaddr for non-pointopoint interface. IPv6 has no concept for "broadcast".
|
Revision tags: SMP_BASE
|
#
1.6 |
|
07-Feb-2000 |
itojun |
branches: 1.6.2; fix include file path related to ip6.
|
#
1.5 |
|
04-Feb-2000 |
itojun |
more coverage of in6_ifdetach()'s cleanup process. bug fix in SIOCGIFADDR_IN6 (point to point case).
|
#
1.4 |
|
02-Feb-2000 |
itojun |
- improve in6_ifdetach to remove (1) multicast kludge list (2) route to link-local allnode multicast (ff02:x::/32) - fix ifnet refcnt'ing in multicast kludge list management. - avoid dangling pointer in multicast kludge management.
(angelos, try this version of in6_ifdetach() - it should be better)
|
#
1.3 |
|
10-Dec-1999 |
itojun |
use proper type for in6_first_ifid (char -> u_int8_t) suggested by: deraadt
|
#
1.2 |
|
10-Dec-1999 |
angelos |
Remove remaining unnecessary ifdefs (itojun will hate me for this :-)
|
Revision tags: kame_19991208
|
#
1.1 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
#
1.107 |
|
27-Mar-2018 |
dhill |
Use memcpy instead of bcopy when the memory does not overlap.
OK deraadt@ florian@
|
Revision tags: OPENBSD_6_3_BASE
|
#
1.106 |
|
13-Mar-2018 |
florian |
Calculate RFC7217 link-local style addresses the same way as slaacd(8).
RFC 7217 states (section 5, page 9): | The Interface Identifier is finally obtained by taking as many | bits from the RID value (computed in the previous step) as | necessary, starting from the least significant bit.
Problem in slaacd pointed out by semarie@.
OK sthen, phessler
|
#
1.105 |
|
10-Feb-2018 |
florian |
Implement RFC 7217: "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration."
"An IPv6 address configured using this method is stable within each subnet, but the corresponding Interface Identifier changes when the host moves from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware addresses."
OK naddy, sthen
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.104 |
|
01-Sep-2017 |
florian |
Use in6_get_rand_ifid() instead of get_last_resort_ifid() and delete the get_last_resort_ifid() function because eww. Also if your system is so constraint that you end up in in6_get_rand_ifid() you don't deserve a random ifid that stays stable over reboots. Simplify code a bit since get_ifid() can no longer fail. It couldn't fail before either because that code path was #if 0'ed. While here sprinkle in some in6_ prefixes, pointed out by stsp. OK stsp
|
#
1.103 |
|
11-Jul-2017 |
florian |
Purging is at last at hand. Day of Doom is here. All that is evil shall all be cleansed.
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Input & OK bluhm@, mpi@
|
#
1.102 |
|
16-May-2017 |
mpi |
Replace remaining splsoftassert(IPL_SOFTNET) by NET_ASSERT_LOCKED().
ok visa@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.101 |
|
29-Dec-2016 |
mpi |
Get rid of recursive splsoftnet() in in6_ifattach_linklocal().
ok visa@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.100 |
|
30-Jun-2016 |
mpi |
Restore the automagically added /64 route on p2p interfaces in order to send traffic to link-local addresses without default route.
Fix a regression reported by Michael Lechtermann, ok stsp@, sthen@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.99 |
|
02-Dec-2015 |
bluhm |
When destroying an interface, we have to wait until all references are not used anymore. This has to be done before any interface fields become invalid. As the route delete request cannot call if_get() anymore, pass down the interface. Split rtrequest_delete() into a separate function that may take an existing inteface. OK mpi@
|
#
1.98 |
|
24-Oct-2015 |
mpi |
Convert to rt_ifidx.
ok bluhm@
|
#
1.97 |
|
22-Oct-2015 |
bluhm |
Inspired by satosin(), use inline functions to convert sockaddr dl. Instead of casts they check wether the incoming object has the expected type. So introduce satosdl() and sdltosa() in the kernel. OK mpi@
|
#
1.96 |
|
12-Sep-2015 |
mpi |
Now that rtrequest1(9) properly sets RTF_UP for newly added route, stop passing it in every rt_ifa_add(9) calls.
ok claudio@
|
#
1.95 |
|
03-Sep-2015 |
mpi |
Change the order of operations for loopback interfaces to have ::1 configured before fe80::1.
(lo0:0) in pf should resolve to 127.0.0.1 ::1.
reported by and ok mikeb@
|
#
1.94 |
|
31-Aug-2015 |
mpi |
Do not install connected routes on loopback interfaces.
Previously loopback connected routes were managed via the global list of prefixes, which mean that systems with AUTOCONF'd addresses did not see them in the routing table.
This also makes inet6 route creation coherent with inet.
|
#
1.93 |
|
24-Aug-2015 |
mpi |
Start moving away from the global prefix list by limiting its usage to AUTOCONF'd addresses.
This prevent the kernel from removing connected (/64) routes as soon as it configures an AUTOCONF'd address based on a RA.
Tested by sebastia@, ok sthen@
|
#
1.92 |
|
24-Aug-2015 |
mpi |
Rework the code to decide when to perform DAD to no longer rely on the IN6_IFF_NODAD pseudo-flag not being set.
This was just a flag for spaghetti code that should not exist in the first place.
Tested by sebastia@, ok sthen@
|
#
1.91 |
|
17-Aug-2015 |
mpi |
Remove anoying comment about in6_update_ifa().
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.90 |
|
18-Jul-2015 |
mpi |
Merge two identical chunks to add new prefixes to the global data structures into a function.
ok florian@
|
#
1.89 |
|
16-Jul-2015 |
mpi |
Properly layer Router Solicitation code.
Tweak and ok florian@
|
#
1.88 |
|
08-Jun-2015 |
krw |
More damned eye searing whitespace. No change to .o files.
|
#
1.87 |
|
27-Apr-2015 |
mpi |
Do not call nd6_purge() before purging the IPv6 addresses of a detached interface.
Fix a use after free introduced in r1.98 of netinet6/in6.c and recently exposed by a crazy pool/malloc damage finder being currently refined by dlg@ and deraadt@.
ok mikeb@, henning@
|
#
1.86 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.85 |
|
05-Feb-2015 |
mpi |
Convert various rtrequest1(RTM_DELETE,...) calls to rtdeletemsg(9).
This unify some code and notify userland for free.
blambert@ agrees, ok bluhm@
|
#
1.84 |
|
28-Jan-2015 |
mpi |
Revert rtdeletemsg conversion. It was not ok'd, I misunderstood bluhm@'s email.
|
#
1.83 |
|
27-Jan-2015 |
mpi |
Ensure that link-local addresses are correctly configured on loopback interfaces.
When the kernel automagically configures IPv6 addresses on loopback interfaces, start by assigning a link-local address and then try to assign "::1".
Only the first configured loopback interface per rdomain can have the "::1" address. But even if other loopback interfaces failed to get this address, because it is already taken, give them a chance to have a link-local address.
While here change in6_ifattach() to return an error value and remove duplicated code.
Fix a regression introduced by the NOINET6 flag removal.
ok henning@, stsp@, florian@, benno@
|
#
1.82 |
|
26-Jan-2015 |
mpi |
Call rtdeletemsg(9) instead of rerolling its code. As a bonus you'll get userland notification for free.
ok blambert@, bluhm@
|
#
1.81 |
|
10-Jan-2015 |
mpi |
Correct some comments and merge in6_if_up() into in6_ifattach() to reflect that IPv6 link-local addresses are no longer automagically configured the first time an interface is brought up.
ok henning@, stsp@
|
#
1.80 |
|
08-Jan-2015 |
florian |
Clear autoconf6 flag after autoconf6 cleanup happened, not before. Otherwise clean up code will never run. OK mpi@, benno@, henning@
|
#
1.79 |
|
06-Jan-2015 |
stsp |
Remove the NOINET6 interface flag, a left-over from the times when IPv6 was enabled by default. Add AFATTACH/AFDETACH ioctls which enable/disable an address family for an interface (currently used for IPv6 only).
New kernel needs new ifconfig for IPv6 configuration (address assignment still works with old ifconfig making this easy to cross over).
Committing on behalf of henning@ who is currently lebensmittelvergiftet. ok stsp, benno, mpi
|
#
1.78 |
|
04-Dec-2014 |
tedu |
replace md5 with sha512. ok deraadt
|
#
1.77 |
|
20-Nov-2014 |
mpi |
What have no need for a variable that holds the maximum MTU size of interfaces with an IPv6 address.
ok henning@, mikeb@, deraadt@
|
#
1.76 |
|
18-Nov-2014 |
krw |
Nuke yet more obvious #include duplications.
ok miod@
|
#
1.75 |
|
18-Nov-2014 |
tedu |
move arc4random prototype to systm.h. more appropriate for most code to include that than rdnvar.h. ok deraadt dlg
|
#
1.74 |
|
01-Nov-2014 |
mpi |
Rename rtalloc1() into rtalloc(9) and convert its flags to only enable functionnality instead of a mix of enable/disable.
ok bluhm@, jca@
|
#
1.73 |
|
25-Aug-2014 |
florian |
Move sending of router solicitations to the kernel; receiving and processing of router advertisements was already in the kernel. With this rtsol{,d}(8) is no longer necessary.
The kernel starts sending solicitations with # ifconfig $IF inet6 autoconf or inet6 autoconf in /etc/hostname.$IF.
input stsp@ much help & OK mpi@ tweaks & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.72 |
|
01-Jul-2014 |
benno |
When a carp interface is created with IFXF_NOINET6 flag, no link-local address will be created when the vhid (and MAC) is set. Depending on the order of the configuration the interface can end up with a ipv6 address, but no v6 link-local and no working neigbor discovery.
Removing this case statement will result in the link-local address being configured by "ifconfig up" if the inet6 address was configured before. If you are using inet6 on carp, put an "up" at the end of your hostname.if. I will work on a better solution at g2k14.
ok henning, mpi
|
#
1.71 |
|
26-Jun-2014 |
mpi |
Calling in{6,}_purgeaddr() is not enough to remove an address from an interface. Two other operations are performed when issuing a SIOCDIFADDR{_IN6,} ioctl: call the address hook and the per-driver ioctl function.
Since carp(4) relies on an address hook to recalculate its hash, make sure to call this hook when IFXF_NOINET6 is set or when the rdomain is changed.
ok henning@, mikeb@
|
#
1.70 |
|
03-Jun-2014 |
mpi |
Do not include <sys/malloc.h> where it is not needed.
|
#
1.69 |
|
20-May-2014 |
mpi |
Fix eui64 address generation, broken since the removal of the link-layer address from the per-ifp list.
Found the hard way by weerd@, florian@ and stsp@, ok florian@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.68 |
|
21-Jan-2014 |
mpi |
Do not clean the multicast records of an interface when it is destroyed (unplugged). Even if it makes no sense to keep them around if the interface is no more, we cannot safely remove them since pcb multicast options might keep a pointer to them.
Fixes a user after free introduced by the multicast address linking rewrite and reported by Alexey Suslikov, thanks!
ok claudio@
|
#
1.67 |
|
13-Jan-2014 |
bluhm |
Call all local valiables of type struct in6_ifaddr "ia6". This is consistent with struct ifaddr "ifa" and struct in_ifaddr "ia". OK mpi@
|
#
1.66 |
|
07-Jan-2014 |
stsp |
Some follow-up fixes for IFID collision handling in IPv6CP.
Really change the link-local address in the unlikely event of an IFID collision, instead of going into an infinite conf-nak loop with the peer.
To make the netinet6 code use the IPv6CP IFID in a new link-local address, in6_ifattach_linklocal() must accept a provided IFID. Replace the unused 'altifp' parameter with a new 'ifid' parameter for this purpose.
Always use the latest suggested address in IPv6CP replies, even if the task to update the interface's address hasn't run yet. Also, clear the ifindex (KAME hack) in addresses sent during IPv6CP.
ok mpi
|
#
1.65 |
|
06-Jan-2014 |
stsp |
Make in6_ifdetach() remove the ff01::1 route for the detaching interface, too. The route used to linger after an interface detached from IPv6. ok mikeb
|
#
1.64 |
|
28-Nov-2013 |
mpi |
Change the way protocol multicast addresses are linked to an interface.
Instead of linking multicast records to the first configured address of the corresponding protocol, making this address and its position in the global list special, add them to a new list directly linked to the interface descriptor.
This new multicast address list is similar to the address list, all its elements contain a protocol agnostic part. This design allows us to be able to join a multicast group without necessarily having a configured address. That means IPv6 multicast kludges are no longer needed.
Another benefit is to be able to add and remove an IP address from an interface without worrying about multicast records. That means that the global IPv4 list is no longer needed since the first configured address of an interface is no longer special.
This new list might also be extended in the future to contain the link-layer addresses used to configure hardware filters.
Tested by sthen@ and weerd@, ok mikeb@
|
#
1.63 |
|
19-Nov-2013 |
mpi |
Remove some FDDI/ATM leftovers.
ok mikeb@, henning@, deraadt@, brad@, miod@
|
#
1.62 |
|
17-Oct-2013 |
bluhm |
The header file netinet/in_var.h included netinet6/in6_var.h. This created a bunch of useless dependencies. Remove this implicit inclusion and do an explicit #include <netinet6/in6_var.h> when it is needed. OK mpi@ henning@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.61 |
|
31-May-2013 |
bluhm |
Remove a bunch of sockaddr_in6 pointer casts and replace others with sin6tosa() or satosin6() inline functions. This allows the compiler to check the types more strictly. OK mpi@
|
#
1.60 |
|
26-Mar-2013 |
bluhm |
Remove a block of dead code in in6_ifdetach(). It was never executed due to the wrong & in satosin6(&ifa->ifa_addr). The link local prefix fe80 was not checked within the IPv6 address, but within some pointers of the interface address struct. The whole loop around this was also never executed as all IPv6 addresses had already been purged. OK sperreault@ mpi@ mikeb@
|
#
1.59 |
|
25-Mar-2013 |
mpi |
Substitute the handcrafted list of IPv6 addresses by a proper TAILQ.
ok bluhm@, mikeb@
|
#
1.58 |
|
07-Mar-2013 |
mpi |
Remove the IFAFREE() macro, the ifafree() function it was calling already check for the reference counter.
ok mikeb@, miod@, pelikan@, kettenis@, krw@
|
#
1.57 |
|
04-Mar-2013 |
bluhm |
Replace the cast to struct in6_ifaddr pointer with the ifatoia6() macro. No binary change. OK claudio@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.56 |
|
19-Sep-2012 |
bluhm |
Use TAILQ_FOREACH macro for loops. No binary diff. OK henning@
|
#
1.55 |
|
21-Aug-2012 |
bluhm |
Reverse the name and meaning of the IFXF_INET6_PRIVACY interface flag. It is now called IFXF_INET6_NOPRIVACY. So IPv6 privacy addresses are on by default without resetting the flag during ifconfig down/up. OK stsp@, sperreault@ (who wrote the same diff)
|
#
1.54 |
|
15-Aug-2012 |
sperreault |
Enable IPv6 autoconfprivacy by default
diff originally by stsp@ "please commit it" deraadt@ "don't care" stsp@ "don't like" bluhm@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.53 |
|
03-Jan-2012 |
bluhm |
To access the ifaddr of an in_ifaddr or in6_ifaddr struct, it is cleaner to access the first member via ia_ifa instead of casting. No binary change. ok henning@ krw@
|
#
1.52 |
|
24-Nov-2011 |
sperreault |
rdomain support for IPv6 ok mikeb
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.51 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.50 |
|
08-Feb-2010 |
jsing |
More destatic and ansification.
ok claudio@ naddy@
|
#
1.49 |
|
13-Jan-2010 |
henning |
instead of fiddling with the per-interface address lists directly in many places create a proper API (ifa_add / ifa_del) and use it. ok theo ryan dlg
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.48 |
|
30-Jan-2009 |
mcbride |
"XXX: should this be performed under splnet()?"... Yes, yes it should. Interface configuration causes neighbour discoverery, which runs packets through parts of the stack that require at least splsoftnet(), like pf and pfsync.
ok dlg
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.47 |
|
11-Jun-2008 |
mcbride |
ANSIfy to sync with KAME. From Karl Sjodahl <dunceor@gmail.com>.
ok todd deraadt naddy bluhm
|
#
1.46 |
|
11-May-2008 |
claudio |
rtrequest to rtrequest1 conversion in inet6. With that no rtrequest should be left over. OK henning@
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.45 |
|
08-Jun-2007 |
henning |
kill arcnet leftovers, some pt out by Mike Belopuhov <mkb@crypt.org.ru>, some I found afterwards, ok dlg
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.44 |
|
15-Nov-2006 |
itojun |
unifdef -USCOPEDROUTING
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.43 |
|
31-Aug-2006 |
mcbride |
Automatically add a IPv6 link-local address to carp interfaces when the virtual MAC address is set. Among other things, this makes route6d work correctly on systems with carp interfaces.
In order to ensure backwards compatibility, we do not include IPv6 link-local addresses in generating the HMAC, but we accept HMACs with AND without the link-local addresses. They will be added to the HMAC in a future release.
In short: this change should only affect backwards compatibility for IPv6 users who are manually adding link-local addresses on carp interfaces.
testing mtu@ todd@ ok mpf@ henning@ deraadt@
|
#
1.42 |
|
16-Jun-2006 |
henning |
adjust functions dealing with the routing table to take a table ID as parameter so they can work on alternate tables. table 0 hardcoded for many callers yet, that will be adapted step by step. input + ok claudio norby hshoexer
|
#
1.41 |
|
27-May-2006 |
claudio |
Do the same thing as for IPv4. Use a sysctl to enable/disable mfrowarding and additionaly make the code part of the MROUTING option. Put it in deraadt@
|
#
1.40 |
|
05-Mar-2006 |
miod |
Use more queue macros rather than doing it by hand; ok otto@ krw@
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.39 |
|
23-May-2005 |
mpf |
carp needs a multicast kludge storage. Fixes PR 4211. OK mcbride@
|
#
1.38 |
|
21-Apr-2005 |
itojun |
remove (now obsolete) handling of IFT_PROPVIRTUAL/bridge*. tested by camield@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.37 |
|
07-Dec-2004 |
mcbride |
Convert carp(4) to behave more like a regular interface, much in the same style as vlan(4). carp interfaces no longer require the physical interface to be on the same subnet as the carp interface, or even that the physical interface has an adress at all, so CARP can now be used on /30 networks.
ok deraadt@ henning@
|
Revision tags: OPENBSD_3_6_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.36 |
|
07-May-2004 |
millert |
Replace RSA-derived md5 code with code derived from Colin Plumb's PD version. This moves md5.c out of libkern and into sys/crypto where it belongs (as requested by markus@). Note that md5.c is still mandatory (dev/rnd.c uses it). Verified with IPsec + hmac-md5 and tcp md5sig. OK henning@ and hshoexer@
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE
|
#
1.35 |
|
08-Jul-2003 |
itojun |
on interface removal, clear multicast forwarding stuff. from kame
|
#
1.34 |
|
28-Jun-2003 |
itojun |
i don't think pfsync needs a link-local addr.
|
Revision tags: UBC_SYNC_A
|
#
1.33 |
|
14-May-2003 |
itojun |
it is unlikely that we introduce 6to4 interface (IFT_STF) to openbsd.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_B
|
#
1.32 |
|
12-Sep-2002 |
itojun |
configure "next" pointer correctly. from j@pureftpd.org
|
#
1.31 |
|
11-Sep-2002 |
itojun |
fix pointer signedness mixup. sync w/kame
|
#
1.30 |
|
11-Sep-2002 |
itojun |
KNF - return is not a function. sync w/kame
|
#
1.29 |
|
11-Jun-2002 |
itojun |
silence some of log(), as the codepath will be visited for IPv6-non-capable interfaces too and can be annoying. net.inet6.icmp6.nd6_debug will re-enable them.
|
#
1.28 |
|
11-Jun-2002 |
itojun |
whitespace
|
#
1.27 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.26 |
|
07-Jun-2002 |
itojun |
whitespace sync w/kame
|
#
1.25 |
|
29-May-2002 |
itojun |
attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
|
#
1.24 |
|
29-May-2002 |
itojun |
move per-interface ip6/icmp6 stat to ifnet->if_afdata. sync w/kame
|
#
1.23 |
|
23-May-2002 |
itojun |
simplify condition to perform DAD. sync w/kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.22 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.21 |
|
07-Dec-2001 |
itojun |
branches: 1.21.2; whitespace/comment sync with kame
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.20 |
|
23-Aug-2001 |
itojun |
suppress printf() on non-multicast interface. suppress ipv6 initialization for IFT_PFLOG.
|
#
1.19 |
|
23-Aug-2001 |
itojun |
don't try to enable IPv6 on IFT_PFLOG.
|
#
1.18 |
|
18-Jul-2001 |
itojun |
avoid using malloc() during interupt context for multicast kludge entry. allocate it on interface initialization.
|
#
1.17 |
|
09-Jun-2001 |
angelos |
No need for net/net_osdep.h
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.16 |
|
16-Feb-2001 |
itojun |
cosmetic sync with kame
|
#
1.15 |
|
07-Feb-2001 |
itojun |
by default, don't bark on inbound ND messages, as outsider may be able to fill up /var with bogus packets. setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid ND packet and other occasions.
improve icmp6 stats.
|
#
1.14 |
|
18-Jan-2001 |
itojun |
do not remove default route by mistake, on interface removal.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.13 |
|
25-Oct-2000 |
jason |
silence the "no multicast" warning for IFT_ENC, too deraadt ok
|
#
1.12 |
|
18-Oct-2000 |
itojun |
don't try to configure IPv6 on bridge*. comment from deraadt
|
#
1.11 |
|
02-Oct-2000 |
itojun |
fix missing \n. from doug@freebsd (sync with kame)
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.10 |
|
05-May-2000 |
itojun |
cope with interface detach (like pcmcia card removal). remove any IPv6 addresses assigned to the interface. reported by ho, bunch of help from niklas. KAME PR 231.
|
#
1.9 |
|
27-Apr-2000 |
itojun |
correct in6_ifdetach(). free oia, not ia. Lennart says there are more problems to go (I don't own openbsd-current laptop). From: Lennart Augustsson <augustss@augustsson.net>
|
#
1.8 |
|
17-Apr-2000 |
itojun |
revisit in6_ifattach(). (1) make it more persistent about initializaing an interface (2) cleanup interface id selection. run NUD on p2p interface (required by spec for bidir p2p interface). add "ndp -i interface" (can tweak per-interface ND flag). (sync with more recent kame)
|
#
1.7 |
|
02-Mar-2000 |
itojun |
do not add ifa_dstaddr for non-pointopoint interface. IPv6 has no concept for "broadcast".
|
Revision tags: SMP_BASE
|
#
1.6 |
|
07-Feb-2000 |
itojun |
branches: 1.6.2; fix include file path related to ip6.
|
#
1.5 |
|
04-Feb-2000 |
itojun |
more coverage of in6_ifdetach()'s cleanup process. bug fix in SIOCGIFADDR_IN6 (point to point case).
|
#
1.4 |
|
02-Feb-2000 |
itojun |
- improve in6_ifdetach to remove (1) multicast kludge list (2) route to link-local allnode multicast (ff02:x::/32) - fix ifnet refcnt'ing in multicast kludge list management. - avoid dangling pointer in multicast kludge management.
(angelos, try this version of in6_ifdetach() - it should be better)
|
#
1.3 |
|
10-Dec-1999 |
itojun |
use proper type for in6_first_ifid (char -> u_int8_t) suggested by: deraadt
|
#
1.2 |
|
10-Dec-1999 |
angelos |
Remove remaining unnecessary ifdefs (itojun will hate me for this :-)
|
Revision tags: kame_19991208
|
#
1.1 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
#
1.105 |
|
10-Feb-2018 |
florian |
Implement RFC 7217: "A Method for Generating Semantically Opaque Interface Identifiers with IPv6 Stateless Address Autoconfiguration."
"An IPv6 address configured using this method is stable within each subnet, but the corresponding Interface Identifier changes when the host moves from one network to another. This method is meant to be an alternative to generating Interface Identifiers based on hardware addresses."
OK naddy, sthen
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.104 |
|
01-Sep-2017 |
florian |
Use in6_get_rand_ifid() instead of get_last_resort_ifid() and delete the get_last_resort_ifid() function because eww. Also if your system is so constraint that you end up in in6_get_rand_ifid() you don't deserve a random ifid that stays stable over reboots. Simplify code a bit since get_ifid() can no longer fail. It couldn't fail before either because that code path was #if 0'ed. While here sprinkle in some in6_ prefixes, pointed out by stsp. OK stsp
|
#
1.103 |
|
11-Jul-2017 |
florian |
Purging is at last at hand. Day of Doom is here. All that is evil shall all be cleansed.
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Input & OK bluhm@, mpi@
|
#
1.102 |
|
16-May-2017 |
mpi |
Replace remaining splsoftassert(IPL_SOFTNET) by NET_ASSERT_LOCKED().
ok visa@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.101 |
|
29-Dec-2016 |
mpi |
Get rid of recursive splsoftnet() in in6_ifattach_linklocal().
ok visa@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.100 |
|
30-Jun-2016 |
mpi |
Restore the automagically added /64 route on p2p interfaces in order to send traffic to link-local addresses without default route.
Fix a regression reported by Michael Lechtermann, ok stsp@, sthen@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.99 |
|
02-Dec-2015 |
bluhm |
When destroying an interface, we have to wait until all references are not used anymore. This has to be done before any interface fields become invalid. As the route delete request cannot call if_get() anymore, pass down the interface. Split rtrequest_delete() into a separate function that may take an existing inteface. OK mpi@
|
#
1.98 |
|
24-Oct-2015 |
mpi |
Convert to rt_ifidx.
ok bluhm@
|
#
1.97 |
|
22-Oct-2015 |
bluhm |
Inspired by satosin(), use inline functions to convert sockaddr dl. Instead of casts they check wether the incoming object has the expected type. So introduce satosdl() and sdltosa() in the kernel. OK mpi@
|
#
1.96 |
|
12-Sep-2015 |
mpi |
Now that rtrequest1(9) properly sets RTF_UP for newly added route, stop passing it in every rt_ifa_add(9) calls.
ok claudio@
|
#
1.95 |
|
03-Sep-2015 |
mpi |
Change the order of operations for loopback interfaces to have ::1 configured before fe80::1.
(lo0:0) in pf should resolve to 127.0.0.1 ::1.
reported by and ok mikeb@
|
#
1.94 |
|
31-Aug-2015 |
mpi |
Do not install connected routes on loopback interfaces.
Previously loopback connected routes were managed via the global list of prefixes, which mean that systems with AUTOCONF'd addresses did not see them in the routing table.
This also makes inet6 route creation coherent with inet.
|
#
1.93 |
|
24-Aug-2015 |
mpi |
Start moving away from the global prefix list by limiting its usage to AUTOCONF'd addresses.
This prevent the kernel from removing connected (/64) routes as soon as it configures an AUTOCONF'd address based on a RA.
Tested by sebastia@, ok sthen@
|
#
1.92 |
|
24-Aug-2015 |
mpi |
Rework the code to decide when to perform DAD to no longer rely on the IN6_IFF_NODAD pseudo-flag not being set.
This was just a flag for spaghetti code that should not exist in the first place.
Tested by sebastia@, ok sthen@
|
#
1.91 |
|
17-Aug-2015 |
mpi |
Remove anoying comment about in6_update_ifa().
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.90 |
|
18-Jul-2015 |
mpi |
Merge two identical chunks to add new prefixes to the global data structures into a function.
ok florian@
|
#
1.89 |
|
16-Jul-2015 |
mpi |
Properly layer Router Solicitation code.
Tweak and ok florian@
|
#
1.88 |
|
08-Jun-2015 |
krw |
More damned eye searing whitespace. No change to .o files.
|
#
1.87 |
|
27-Apr-2015 |
mpi |
Do not call nd6_purge() before purging the IPv6 addresses of a detached interface.
Fix a use after free introduced in r1.98 of netinet6/in6.c and recently exposed by a crazy pool/malloc damage finder being currently refined by dlg@ and deraadt@.
ok mikeb@, henning@
|
#
1.86 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.85 |
|
05-Feb-2015 |
mpi |
Convert various rtrequest1(RTM_DELETE,...) calls to rtdeletemsg(9).
This unify some code and notify userland for free.
blambert@ agrees, ok bluhm@
|
#
1.84 |
|
28-Jan-2015 |
mpi |
Revert rtdeletemsg conversion. It was not ok'd, I misunderstood bluhm@'s email.
|
#
1.83 |
|
27-Jan-2015 |
mpi |
Ensure that link-local addresses are correctly configured on loopback interfaces.
When the kernel automagically configures IPv6 addresses on loopback interfaces, start by assigning a link-local address and then try to assign "::1".
Only the first configured loopback interface per rdomain can have the "::1" address. But even if other loopback interfaces failed to get this address, because it is already taken, give them a chance to have a link-local address.
While here change in6_ifattach() to return an error value and remove duplicated code.
Fix a regression introduced by the NOINET6 flag removal.
ok henning@, stsp@, florian@, benno@
|
#
1.82 |
|
26-Jan-2015 |
mpi |
Call rtdeletemsg(9) instead of rerolling its code. As a bonus you'll get userland notification for free.
ok blambert@, bluhm@
|
#
1.81 |
|
10-Jan-2015 |
mpi |
Correct some comments and merge in6_if_up() into in6_ifattach() to reflect that IPv6 link-local addresses are no longer automagically configured the first time an interface is brought up.
ok henning@, stsp@
|
#
1.80 |
|
08-Jan-2015 |
florian |
Clear autoconf6 flag after autoconf6 cleanup happened, not before. Otherwise clean up code will never run. OK mpi@, benno@, henning@
|
#
1.79 |
|
06-Jan-2015 |
stsp |
Remove the NOINET6 interface flag, a left-over from the times when IPv6 was enabled by default. Add AFATTACH/AFDETACH ioctls which enable/disable an address family for an interface (currently used for IPv6 only).
New kernel needs new ifconfig for IPv6 configuration (address assignment still works with old ifconfig making this easy to cross over).
Committing on behalf of henning@ who is currently lebensmittelvergiftet. ok stsp, benno, mpi
|
#
1.78 |
|
04-Dec-2014 |
tedu |
replace md5 with sha512. ok deraadt
|
#
1.77 |
|
20-Nov-2014 |
mpi |
What have no need for a variable that holds the maximum MTU size of interfaces with an IPv6 address.
ok henning@, mikeb@, deraadt@
|
#
1.76 |
|
18-Nov-2014 |
krw |
Nuke yet more obvious #include duplications.
ok miod@
|
#
1.75 |
|
18-Nov-2014 |
tedu |
move arc4random prototype to systm.h. more appropriate for most code to include that than rdnvar.h. ok deraadt dlg
|
#
1.74 |
|
01-Nov-2014 |
mpi |
Rename rtalloc1() into rtalloc(9) and convert its flags to only enable functionnality instead of a mix of enable/disable.
ok bluhm@, jca@
|
#
1.73 |
|
25-Aug-2014 |
florian |
Move sending of router solicitations to the kernel; receiving and processing of router advertisements was already in the kernel. With this rtsol{,d}(8) is no longer necessary.
The kernel starts sending solicitations with # ifconfig $IF inet6 autoconf or inet6 autoconf in /etc/hostname.$IF.
input stsp@ much help & OK mpi@ tweaks & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.72 |
|
01-Jul-2014 |
benno |
When a carp interface is created with IFXF_NOINET6 flag, no link-local address will be created when the vhid (and MAC) is set. Depending on the order of the configuration the interface can end up with a ipv6 address, but no v6 link-local and no working neigbor discovery.
Removing this case statement will result in the link-local address being configured by "ifconfig up" if the inet6 address was configured before. If you are using inet6 on carp, put an "up" at the end of your hostname.if. I will work on a better solution at g2k14.
ok henning, mpi
|
#
1.71 |
|
26-Jun-2014 |
mpi |
Calling in{6,}_purgeaddr() is not enough to remove an address from an interface. Two other operations are performed when issuing a SIOCDIFADDR{_IN6,} ioctl: call the address hook and the per-driver ioctl function.
Since carp(4) relies on an address hook to recalculate its hash, make sure to call this hook when IFXF_NOINET6 is set or when the rdomain is changed.
ok henning@, mikeb@
|
#
1.70 |
|
03-Jun-2014 |
mpi |
Do not include <sys/malloc.h> where it is not needed.
|
#
1.69 |
|
20-May-2014 |
mpi |
Fix eui64 address generation, broken since the removal of the link-layer address from the per-ifp list.
Found the hard way by weerd@, florian@ and stsp@, ok florian@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.68 |
|
21-Jan-2014 |
mpi |
Do not clean the multicast records of an interface when it is destroyed (unplugged). Even if it makes no sense to keep them around if the interface is no more, we cannot safely remove them since pcb multicast options might keep a pointer to them.
Fixes a user after free introduced by the multicast address linking rewrite and reported by Alexey Suslikov, thanks!
ok claudio@
|
#
1.67 |
|
13-Jan-2014 |
bluhm |
Call all local valiables of type struct in6_ifaddr "ia6". This is consistent with struct ifaddr "ifa" and struct in_ifaddr "ia". OK mpi@
|
#
1.66 |
|
07-Jan-2014 |
stsp |
Some follow-up fixes for IFID collision handling in IPv6CP.
Really change the link-local address in the unlikely event of an IFID collision, instead of going into an infinite conf-nak loop with the peer.
To make the netinet6 code use the IPv6CP IFID in a new link-local address, in6_ifattach_linklocal() must accept a provided IFID. Replace the unused 'altifp' parameter with a new 'ifid' parameter for this purpose.
Always use the latest suggested address in IPv6CP replies, even if the task to update the interface's address hasn't run yet. Also, clear the ifindex (KAME hack) in addresses sent during IPv6CP.
ok mpi
|
#
1.65 |
|
06-Jan-2014 |
stsp |
Make in6_ifdetach() remove the ff01::1 route for the detaching interface, too. The route used to linger after an interface detached from IPv6. ok mikeb
|
#
1.64 |
|
28-Nov-2013 |
mpi |
Change the way protocol multicast addresses are linked to an interface.
Instead of linking multicast records to the first configured address of the corresponding protocol, making this address and its position in the global list special, add them to a new list directly linked to the interface descriptor.
This new multicast address list is similar to the address list, all its elements contain a protocol agnostic part. This design allows us to be able to join a multicast group without necessarily having a configured address. That means IPv6 multicast kludges are no longer needed.
Another benefit is to be able to add and remove an IP address from an interface without worrying about multicast records. That means that the global IPv4 list is no longer needed since the first configured address of an interface is no longer special.
This new list might also be extended in the future to contain the link-layer addresses used to configure hardware filters.
Tested by sthen@ and weerd@, ok mikeb@
|
#
1.63 |
|
19-Nov-2013 |
mpi |
Remove some FDDI/ATM leftovers.
ok mikeb@, henning@, deraadt@, brad@, miod@
|
#
1.62 |
|
17-Oct-2013 |
bluhm |
The header file netinet/in_var.h included netinet6/in6_var.h. This created a bunch of useless dependencies. Remove this implicit inclusion and do an explicit #include <netinet6/in6_var.h> when it is needed. OK mpi@ henning@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.61 |
|
31-May-2013 |
bluhm |
Remove a bunch of sockaddr_in6 pointer casts and replace others with sin6tosa() or satosin6() inline functions. This allows the compiler to check the types more strictly. OK mpi@
|
#
1.60 |
|
26-Mar-2013 |
bluhm |
Remove a block of dead code in in6_ifdetach(). It was never executed due to the wrong & in satosin6(&ifa->ifa_addr). The link local prefix fe80 was not checked within the IPv6 address, but within some pointers of the interface address struct. The whole loop around this was also never executed as all IPv6 addresses had already been purged. OK sperreault@ mpi@ mikeb@
|
#
1.59 |
|
25-Mar-2013 |
mpi |
Substitute the handcrafted list of IPv6 addresses by a proper TAILQ.
ok bluhm@, mikeb@
|
#
1.58 |
|
07-Mar-2013 |
mpi |
Remove the IFAFREE() macro, the ifafree() function it was calling already check for the reference counter.
ok mikeb@, miod@, pelikan@, kettenis@, krw@
|
#
1.57 |
|
04-Mar-2013 |
bluhm |
Replace the cast to struct in6_ifaddr pointer with the ifatoia6() macro. No binary change. OK claudio@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.56 |
|
19-Sep-2012 |
bluhm |
Use TAILQ_FOREACH macro for loops. No binary diff. OK henning@
|
#
1.55 |
|
21-Aug-2012 |
bluhm |
Reverse the name and meaning of the IFXF_INET6_PRIVACY interface flag. It is now called IFXF_INET6_NOPRIVACY. So IPv6 privacy addresses are on by default without resetting the flag during ifconfig down/up. OK stsp@, sperreault@ (who wrote the same diff)
|
#
1.54 |
|
15-Aug-2012 |
sperreault |
Enable IPv6 autoconfprivacy by default
diff originally by stsp@ "please commit it" deraadt@ "don't care" stsp@ "don't like" bluhm@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.53 |
|
03-Jan-2012 |
bluhm |
To access the ifaddr of an in_ifaddr or in6_ifaddr struct, it is cleaner to access the first member via ia_ifa instead of casting. No binary change. ok henning@ krw@
|
#
1.52 |
|
24-Nov-2011 |
sperreault |
rdomain support for IPv6 ok mikeb
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.51 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.50 |
|
08-Feb-2010 |
jsing |
More destatic and ansification.
ok claudio@ naddy@
|
#
1.49 |
|
13-Jan-2010 |
henning |
instead of fiddling with the per-interface address lists directly in many places create a proper API (ifa_add / ifa_del) and use it. ok theo ryan dlg
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.48 |
|
30-Jan-2009 |
mcbride |
"XXX: should this be performed under splnet()?"... Yes, yes it should. Interface configuration causes neighbour discoverery, which runs packets through parts of the stack that require at least splsoftnet(), like pf and pfsync.
ok dlg
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.47 |
|
11-Jun-2008 |
mcbride |
ANSIfy to sync with KAME. From Karl Sjodahl <dunceor@gmail.com>.
ok todd deraadt naddy bluhm
|
#
1.46 |
|
11-May-2008 |
claudio |
rtrequest to rtrequest1 conversion in inet6. With that no rtrequest should be left over. OK henning@
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.45 |
|
08-Jun-2007 |
henning |
kill arcnet leftovers, some pt out by Mike Belopuhov <mkb@crypt.org.ru>, some I found afterwards, ok dlg
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.44 |
|
15-Nov-2006 |
itojun |
unifdef -USCOPEDROUTING
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.43 |
|
31-Aug-2006 |
mcbride |
Automatically add a IPv6 link-local address to carp interfaces when the virtual MAC address is set. Among other things, this makes route6d work correctly on systems with carp interfaces.
In order to ensure backwards compatibility, we do not include IPv6 link-local addresses in generating the HMAC, but we accept HMACs with AND without the link-local addresses. They will be added to the HMAC in a future release.
In short: this change should only affect backwards compatibility for IPv6 users who are manually adding link-local addresses on carp interfaces.
testing mtu@ todd@ ok mpf@ henning@ deraadt@
|
#
1.42 |
|
16-Jun-2006 |
henning |
adjust functions dealing with the routing table to take a table ID as parameter so they can work on alternate tables. table 0 hardcoded for many callers yet, that will be adapted step by step. input + ok claudio norby hshoexer
|
#
1.41 |
|
27-May-2006 |
claudio |
Do the same thing as for IPv4. Use a sysctl to enable/disable mfrowarding and additionaly make the code part of the MROUTING option. Put it in deraadt@
|
#
1.40 |
|
05-Mar-2006 |
miod |
Use more queue macros rather than doing it by hand; ok otto@ krw@
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.39 |
|
23-May-2005 |
mpf |
carp needs a multicast kludge storage. Fixes PR 4211. OK mcbride@
|
#
1.38 |
|
21-Apr-2005 |
itojun |
remove (now obsolete) handling of IFT_PROPVIRTUAL/bridge*. tested by camield@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.37 |
|
07-Dec-2004 |
mcbride |
Convert carp(4) to behave more like a regular interface, much in the same style as vlan(4). carp interfaces no longer require the physical interface to be on the same subnet as the carp interface, or even that the physical interface has an adress at all, so CARP can now be used on /30 networks.
ok deraadt@ henning@
|
Revision tags: OPENBSD_3_6_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.36 |
|
07-May-2004 |
millert |
Replace RSA-derived md5 code with code derived from Colin Plumb's PD version. This moves md5.c out of libkern and into sys/crypto where it belongs (as requested by markus@). Note that md5.c is still mandatory (dev/rnd.c uses it). Verified with IPsec + hmac-md5 and tcp md5sig. OK henning@ and hshoexer@
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE
|
#
1.35 |
|
08-Jul-2003 |
itojun |
on interface removal, clear multicast forwarding stuff. from kame
|
#
1.34 |
|
28-Jun-2003 |
itojun |
i don't think pfsync needs a link-local addr.
|
Revision tags: UBC_SYNC_A
|
#
1.33 |
|
14-May-2003 |
itojun |
it is unlikely that we introduce 6to4 interface (IFT_STF) to openbsd.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_B
|
#
1.32 |
|
12-Sep-2002 |
itojun |
configure "next" pointer correctly. from j@pureftpd.org
|
#
1.31 |
|
11-Sep-2002 |
itojun |
fix pointer signedness mixup. sync w/kame
|
#
1.30 |
|
11-Sep-2002 |
itojun |
KNF - return is not a function. sync w/kame
|
#
1.29 |
|
11-Jun-2002 |
itojun |
silence some of log(), as the codepath will be visited for IPv6-non-capable interfaces too and can be annoying. net.inet6.icmp6.nd6_debug will re-enable them.
|
#
1.28 |
|
11-Jun-2002 |
itojun |
whitespace
|
#
1.27 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.26 |
|
07-Jun-2002 |
itojun |
whitespace sync w/kame
|
#
1.25 |
|
29-May-2002 |
itojun |
attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
|
#
1.24 |
|
29-May-2002 |
itojun |
move per-interface ip6/icmp6 stat to ifnet->if_afdata. sync w/kame
|
#
1.23 |
|
23-May-2002 |
itojun |
simplify condition to perform DAD. sync w/kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.22 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.21 |
|
07-Dec-2001 |
itojun |
branches: 1.21.2; whitespace/comment sync with kame
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.20 |
|
23-Aug-2001 |
itojun |
suppress printf() on non-multicast interface. suppress ipv6 initialization for IFT_PFLOG.
|
#
1.19 |
|
23-Aug-2001 |
itojun |
don't try to enable IPv6 on IFT_PFLOG.
|
#
1.18 |
|
18-Jul-2001 |
itojun |
avoid using malloc() during interupt context for multicast kludge entry. allocate it on interface initialization.
|
#
1.17 |
|
09-Jun-2001 |
angelos |
No need for net/net_osdep.h
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.16 |
|
16-Feb-2001 |
itojun |
cosmetic sync with kame
|
#
1.15 |
|
07-Feb-2001 |
itojun |
by default, don't bark on inbound ND messages, as outsider may be able to fill up /var with bogus packets. setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid ND packet and other occasions.
improve icmp6 stats.
|
#
1.14 |
|
18-Jan-2001 |
itojun |
do not remove default route by mistake, on interface removal.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.13 |
|
25-Oct-2000 |
jason |
silence the "no multicast" warning for IFT_ENC, too deraadt ok
|
#
1.12 |
|
18-Oct-2000 |
itojun |
don't try to configure IPv6 on bridge*. comment from deraadt
|
#
1.11 |
|
02-Oct-2000 |
itojun |
fix missing \n. from doug@freebsd (sync with kame)
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.10 |
|
05-May-2000 |
itojun |
cope with interface detach (like pcmcia card removal). remove any IPv6 addresses assigned to the interface. reported by ho, bunch of help from niklas. KAME PR 231.
|
#
1.9 |
|
27-Apr-2000 |
itojun |
correct in6_ifdetach(). free oia, not ia. Lennart says there are more problems to go (I don't own openbsd-current laptop). From: Lennart Augustsson <augustss@augustsson.net>
|
#
1.8 |
|
17-Apr-2000 |
itojun |
revisit in6_ifattach(). (1) make it more persistent about initializaing an interface (2) cleanup interface id selection. run NUD on p2p interface (required by spec for bidir p2p interface). add "ndp -i interface" (can tweak per-interface ND flag). (sync with more recent kame)
|
#
1.7 |
|
02-Mar-2000 |
itojun |
do not add ifa_dstaddr for non-pointopoint interface. IPv6 has no concept for "broadcast".
|
Revision tags: SMP_BASE
|
#
1.6 |
|
07-Feb-2000 |
itojun |
branches: 1.6.2; fix include file path related to ip6.
|
#
1.5 |
|
04-Feb-2000 |
itojun |
more coverage of in6_ifdetach()'s cleanup process. bug fix in SIOCGIFADDR_IN6 (point to point case).
|
#
1.4 |
|
02-Feb-2000 |
itojun |
- improve in6_ifdetach to remove (1) multicast kludge list (2) route to link-local allnode multicast (ff02:x::/32) - fix ifnet refcnt'ing in multicast kludge list management. - avoid dangling pointer in multicast kludge management.
(angelos, try this version of in6_ifdetach() - it should be better)
|
#
1.3 |
|
10-Dec-1999 |
itojun |
use proper type for in6_first_ifid (char -> u_int8_t) suggested by: deraadt
|
#
1.2 |
|
10-Dec-1999 |
angelos |
Remove remaining unnecessary ifdefs (itojun will hate me for this :-)
|
Revision tags: kame_19991208
|
#
1.1 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.104 |
|
01-Sep-2017 |
florian |
Use in6_get_rand_ifid() instead of get_last_resort_ifid() and delete the get_last_resort_ifid() function because eww. Also if your system is so constraint that you end up in in6_get_rand_ifid() you don't deserve a random ifid that stays stable over reboots. Simplify code a bit since get_ifid() can no longer fail. It couldn't fail before either because that code path was #if 0'ed. While here sprinkle in some in6_ prefixes, pointed out by stsp. OK stsp
|
#
1.103 |
|
11-Jul-2017 |
florian |
Purging is at last at hand. Day of Doom is here. All that is evil shall all be cleansed.
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Input & OK bluhm@, mpi@
|
#
1.102 |
|
16-May-2017 |
mpi |
Replace remaining splsoftassert(IPL_SOFTNET) by NET_ASSERT_LOCKED().
ok visa@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.101 |
|
29-Dec-2016 |
mpi |
Get rid of recursive splsoftnet() in in6_ifattach_linklocal().
ok visa@
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.100 |
|
30-Jun-2016 |
mpi |
Restore the automagically added /64 route on p2p interfaces in order to send traffic to link-local addresses without default route.
Fix a regression reported by Michael Lechtermann, ok stsp@, sthen@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.99 |
|
02-Dec-2015 |
bluhm |
When destroying an interface, we have to wait until all references are not used anymore. This has to be done before any interface fields become invalid. As the route delete request cannot call if_get() anymore, pass down the interface. Split rtrequest_delete() into a separate function that may take an existing inteface. OK mpi@
|
#
1.98 |
|
24-Oct-2015 |
mpi |
Convert to rt_ifidx.
ok bluhm@
|
#
1.97 |
|
22-Oct-2015 |
bluhm |
Inspired by satosin(), use inline functions to convert sockaddr dl. Instead of casts they check wether the incoming object has the expected type. So introduce satosdl() and sdltosa() in the kernel. OK mpi@
|
#
1.96 |
|
12-Sep-2015 |
mpi |
Now that rtrequest1(9) properly sets RTF_UP for newly added route, stop passing it in every rt_ifa_add(9) calls.
ok claudio@
|
#
1.95 |
|
03-Sep-2015 |
mpi |
Change the order of operations for loopback interfaces to have ::1 configured before fe80::1.
(lo0:0) in pf should resolve to 127.0.0.1 ::1.
reported by and ok mikeb@
|
#
1.94 |
|
31-Aug-2015 |
mpi |
Do not install connected routes on loopback interfaces.
Previously loopback connected routes were managed via the global list of prefixes, which mean that systems with AUTOCONF'd addresses did not see them in the routing table.
This also makes inet6 route creation coherent with inet.
|
#
1.93 |
|
24-Aug-2015 |
mpi |
Start moving away from the global prefix list by limiting its usage to AUTOCONF'd addresses.
This prevent the kernel from removing connected (/64) routes as soon as it configures an AUTOCONF'd address based on a RA.
Tested by sebastia@, ok sthen@
|
#
1.92 |
|
24-Aug-2015 |
mpi |
Rework the code to decide when to perform DAD to no longer rely on the IN6_IFF_NODAD pseudo-flag not being set.
This was just a flag for spaghetti code that should not exist in the first place.
Tested by sebastia@, ok sthen@
|
#
1.91 |
|
17-Aug-2015 |
mpi |
Remove anoying comment about in6_update_ifa().
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.90 |
|
18-Jul-2015 |
mpi |
Merge two identical chunks to add new prefixes to the global data structures into a function.
ok florian@
|
#
1.89 |
|
16-Jul-2015 |
mpi |
Properly layer Router Solicitation code.
Tweak and ok florian@
|
#
1.88 |
|
08-Jun-2015 |
krw |
More damned eye searing whitespace. No change to .o files.
|
#
1.87 |
|
27-Apr-2015 |
mpi |
Do not call nd6_purge() before purging the IPv6 addresses of a detached interface.
Fix a use after free introduced in r1.98 of netinet6/in6.c and recently exposed by a crazy pool/malloc damage finder being currently refined by dlg@ and deraadt@.
ok mikeb@, henning@
|
#
1.86 |
|
14-Mar-2015 |
jsg |
Remove some includes include-what-you-use claims don't have any direct symbols used. Tested for indirect use by compiling amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.85 |
|
05-Feb-2015 |
mpi |
Convert various rtrequest1(RTM_DELETE,...) calls to rtdeletemsg(9).
This unify some code and notify userland for free.
blambert@ agrees, ok bluhm@
|
#
1.84 |
|
28-Jan-2015 |
mpi |
Revert rtdeletemsg conversion. It was not ok'd, I misunderstood bluhm@'s email.
|
#
1.83 |
|
27-Jan-2015 |
mpi |
Ensure that link-local addresses are correctly configured on loopback interfaces.
When the kernel automagically configures IPv6 addresses on loopback interfaces, start by assigning a link-local address and then try to assign "::1".
Only the first configured loopback interface per rdomain can have the "::1" address. But even if other loopback interfaces failed to get this address, because it is already taken, give them a chance to have a link-local address.
While here change in6_ifattach() to return an error value and remove duplicated code.
Fix a regression introduced by the NOINET6 flag removal.
ok henning@, stsp@, florian@, benno@
|
#
1.82 |
|
26-Jan-2015 |
mpi |
Call rtdeletemsg(9) instead of rerolling its code. As a bonus you'll get userland notification for free.
ok blambert@, bluhm@
|
#
1.81 |
|
10-Jan-2015 |
mpi |
Correct some comments and merge in6_if_up() into in6_ifattach() to reflect that IPv6 link-local addresses are no longer automagically configured the first time an interface is brought up.
ok henning@, stsp@
|
#
1.80 |
|
08-Jan-2015 |
florian |
Clear autoconf6 flag after autoconf6 cleanup happened, not before. Otherwise clean up code will never run. OK mpi@, benno@, henning@
|
#
1.79 |
|
06-Jan-2015 |
stsp |
Remove the NOINET6 interface flag, a left-over from the times when IPv6 was enabled by default. Add AFATTACH/AFDETACH ioctls which enable/disable an address family for an interface (currently used for IPv6 only).
New kernel needs new ifconfig for IPv6 configuration (address assignment still works with old ifconfig making this easy to cross over).
Committing on behalf of henning@ who is currently lebensmittelvergiftet. ok stsp, benno, mpi
|
#
1.78 |
|
04-Dec-2014 |
tedu |
replace md5 with sha512. ok deraadt
|
#
1.77 |
|
20-Nov-2014 |
mpi |
What have no need for a variable that holds the maximum MTU size of interfaces with an IPv6 address.
ok henning@, mikeb@, deraadt@
|
#
1.76 |
|
18-Nov-2014 |
krw |
Nuke yet more obvious #include duplications.
ok miod@
|
#
1.75 |
|
18-Nov-2014 |
tedu |
move arc4random prototype to systm.h. more appropriate for most code to include that than rdnvar.h. ok deraadt dlg
|
#
1.74 |
|
01-Nov-2014 |
mpi |
Rename rtalloc1() into rtalloc(9) and convert its flags to only enable functionnality instead of a mix of enable/disable.
ok bluhm@, jca@
|
#
1.73 |
|
25-Aug-2014 |
florian |
Move sending of router solicitations to the kernel; receiving and processing of router advertisements was already in the kernel. With this rtsol{,d}(8) is no longer necessary.
The kernel starts sending solicitations with # ifconfig $IF inet6 autoconf or inet6 autoconf in /etc/hostname.$IF.
input stsp@ much help & OK mpi@ tweaks & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.72 |
|
01-Jul-2014 |
benno |
When a carp interface is created with IFXF_NOINET6 flag, no link-local address will be created when the vhid (and MAC) is set. Depending on the order of the configuration the interface can end up with a ipv6 address, but no v6 link-local and no working neigbor discovery.
Removing this case statement will result in the link-local address being configured by "ifconfig up" if the inet6 address was configured before. If you are using inet6 on carp, put an "up" at the end of your hostname.if. I will work on a better solution at g2k14.
ok henning, mpi
|
#
1.71 |
|
26-Jun-2014 |
mpi |
Calling in{6,}_purgeaddr() is not enough to remove an address from an interface. Two other operations are performed when issuing a SIOCDIFADDR{_IN6,} ioctl: call the address hook and the per-driver ioctl function.
Since carp(4) relies on an address hook to recalculate its hash, make sure to call this hook when IFXF_NOINET6 is set or when the rdomain is changed.
ok henning@, mikeb@
|
#
1.70 |
|
03-Jun-2014 |
mpi |
Do not include <sys/malloc.h> where it is not needed.
|
#
1.69 |
|
20-May-2014 |
mpi |
Fix eui64 address generation, broken since the removal of the link-layer address from the per-ifp list.
Found the hard way by weerd@, florian@ and stsp@, ok florian@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.68 |
|
21-Jan-2014 |
mpi |
Do not clean the multicast records of an interface when it is destroyed (unplugged). Even if it makes no sense to keep them around if the interface is no more, we cannot safely remove them since pcb multicast options might keep a pointer to them.
Fixes a user after free introduced by the multicast address linking rewrite and reported by Alexey Suslikov, thanks!
ok claudio@
|
#
1.67 |
|
13-Jan-2014 |
bluhm |
Call all local valiables of type struct in6_ifaddr "ia6". This is consistent with struct ifaddr "ifa" and struct in_ifaddr "ia". OK mpi@
|
#
1.66 |
|
07-Jan-2014 |
stsp |
Some follow-up fixes for IFID collision handling in IPv6CP.
Really change the link-local address in the unlikely event of an IFID collision, instead of going into an infinite conf-nak loop with the peer.
To make the netinet6 code use the IPv6CP IFID in a new link-local address, in6_ifattach_linklocal() must accept a provided IFID. Replace the unused 'altifp' parameter with a new 'ifid' parameter for this purpose.
Always use the latest suggested address in IPv6CP replies, even if the task to update the interface's address hasn't run yet. Also, clear the ifindex (KAME hack) in addresses sent during IPv6CP.
ok mpi
|
#
1.65 |
|
06-Jan-2014 |
stsp |
Make in6_ifdetach() remove the ff01::1 route for the detaching interface, too. The route used to linger after an interface detached from IPv6. ok mikeb
|
#
1.64 |
|
28-Nov-2013 |
mpi |
Change the way protocol multicast addresses are linked to an interface.
Instead of linking multicast records to the first configured address of the corresponding protocol, making this address and its position in the global list special, add them to a new list directly linked to the interface descriptor.
This new multicast address list is similar to the address list, all its elements contain a protocol agnostic part. This design allows us to be able to join a multicast group without necessarily having a configured address. That means IPv6 multicast kludges are no longer needed.
Another benefit is to be able to add and remove an IP address from an interface without worrying about multicast records. That means that the global IPv4 list is no longer needed since the first configured address of an interface is no longer special.
This new list might also be extended in the future to contain the link-layer addresses used to configure hardware filters.
Tested by sthen@ and weerd@, ok mikeb@
|
#
1.63 |
|
19-Nov-2013 |
mpi |
Remove some FDDI/ATM leftovers.
ok mikeb@, henning@, deraadt@, brad@, miod@
|
#
1.62 |
|
17-Oct-2013 |
bluhm |
The header file netinet/in_var.h included netinet6/in6_var.h. This created a bunch of useless dependencies. Remove this implicit inclusion and do an explicit #include <netinet6/in6_var.h> when it is needed. OK mpi@ henning@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.61 |
|
31-May-2013 |
bluhm |
Remove a bunch of sockaddr_in6 pointer casts and replace others with sin6tosa() or satosin6() inline functions. This allows the compiler to check the types more strictly. OK mpi@
|
#
1.60 |
|
26-Mar-2013 |
bluhm |
Remove a block of dead code in in6_ifdetach(). It was never executed due to the wrong & in satosin6(&ifa->ifa_addr). The link local prefix fe80 was not checked within the IPv6 address, but within some pointers of the interface address struct. The whole loop around this was also never executed as all IPv6 addresses had already been purged. OK sperreault@ mpi@ mikeb@
|
#
1.59 |
|
25-Mar-2013 |
mpi |
Substitute the handcrafted list of IPv6 addresses by a proper TAILQ.
ok bluhm@, mikeb@
|
#
1.58 |
|
07-Mar-2013 |
mpi |
Remove the IFAFREE() macro, the ifafree() function it was calling already check for the reference counter.
ok mikeb@, miod@, pelikan@, kettenis@, krw@
|
#
1.57 |
|
04-Mar-2013 |
bluhm |
Replace the cast to struct in6_ifaddr pointer with the ifatoia6() macro. No binary change. OK claudio@
|
Revision tags: OPENBSD_5_3_BASE
|
#
1.56 |
|
19-Sep-2012 |
bluhm |
Use TAILQ_FOREACH macro for loops. No binary diff. OK henning@
|
#
1.55 |
|
21-Aug-2012 |
bluhm |
Reverse the name and meaning of the IFXF_INET6_PRIVACY interface flag. It is now called IFXF_INET6_NOPRIVACY. So IPv6 privacy addresses are on by default without resetting the flag during ifconfig down/up. OK stsp@, sperreault@ (who wrote the same diff)
|
#
1.54 |
|
15-Aug-2012 |
sperreault |
Enable IPv6 autoconfprivacy by default
diff originally by stsp@ "please commit it" deraadt@ "don't care" stsp@ "don't like" bluhm@
|
Revision tags: OPENBSD_5_1_BASE OPENBSD_5_2_BASE
|
#
1.53 |
|
03-Jan-2012 |
bluhm |
To access the ifaddr of an in_ifaddr or in6_ifaddr struct, it is cleaner to access the first member via ia_ifa instead of casting. No binary change. ok henning@ krw@
|
#
1.52 |
|
24-Nov-2011 |
sperreault |
rdomain support for IPv6 ok mikeb
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE
|
#
1.51 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_7_BASE
|
#
1.50 |
|
08-Feb-2010 |
jsing |
More destatic and ansification.
ok claudio@ naddy@
|
#
1.49 |
|
13-Jan-2010 |
henning |
instead of fiddling with the per-interface address lists directly in many places create a proper API (ifa_add / ifa_del) and use it. ok theo ryan dlg
|
Revision tags: OPENBSD_4_5_BASE OPENBSD_4_6_BASE
|
#
1.48 |
|
30-Jan-2009 |
mcbride |
"XXX: should this be performed under splnet()?"... Yes, yes it should. Interface configuration causes neighbour discoverery, which runs packets through parts of the stack that require at least splsoftnet(), like pf and pfsync.
ok dlg
|
Revision tags: OPENBSD_4_4_BASE
|
#
1.47 |
|
11-Jun-2008 |
mcbride |
ANSIfy to sync with KAME. From Karl Sjodahl <dunceor@gmail.com>.
ok todd deraadt naddy bluhm
|
#
1.46 |
|
11-May-2008 |
claudio |
rtrequest to rtrequest1 conversion in inet6. With that no rtrequest should be left over. OK henning@
|
Revision tags: OPENBSD_4_2_BASE OPENBSD_4_3_BASE
|
#
1.45 |
|
08-Jun-2007 |
henning |
kill arcnet leftovers, some pt out by Mike Belopuhov <mkb@crypt.org.ru>, some I found afterwards, ok dlg
|
Revision tags: OPENBSD_4_1_BASE
|
#
1.44 |
|
15-Nov-2006 |
itojun |
unifdef -USCOPEDROUTING
|
Revision tags: OPENBSD_4_0_BASE
|
#
1.43 |
|
31-Aug-2006 |
mcbride |
Automatically add a IPv6 link-local address to carp interfaces when the virtual MAC address is set. Among other things, this makes route6d work correctly on systems with carp interfaces.
In order to ensure backwards compatibility, we do not include IPv6 link-local addresses in generating the HMAC, but we accept HMACs with AND without the link-local addresses. They will be added to the HMAC in a future release.
In short: this change should only affect backwards compatibility for IPv6 users who are manually adding link-local addresses on carp interfaces.
testing mtu@ todd@ ok mpf@ henning@ deraadt@
|
#
1.42 |
|
16-Jun-2006 |
henning |
adjust functions dealing with the routing table to take a table ID as parameter so they can work on alternate tables. table 0 hardcoded for many callers yet, that will be adapted step by step. input + ok claudio norby hshoexer
|
#
1.41 |
|
27-May-2006 |
claudio |
Do the same thing as for IPv4. Use a sysctl to enable/disable mfrowarding and additionaly make the code part of the MROUTING option. Put it in deraadt@
|
#
1.40 |
|
05-Mar-2006 |
miod |
Use more queue macros rather than doing it by hand; ok otto@ krw@
|
Revision tags: OPENBSD_3_8_BASE OPENBSD_3_9_BASE
|
#
1.39 |
|
23-May-2005 |
mpf |
carp needs a multicast kludge storage. Fixes PR 4211. OK mcbride@
|
#
1.38 |
|
21-Apr-2005 |
itojun |
remove (now obsolete) handling of IFT_PROPVIRTUAL/bridge*. tested by camield@
|
Revision tags: OPENBSD_3_7_BASE
|
#
1.37 |
|
07-Dec-2004 |
mcbride |
Convert carp(4) to behave more like a regular interface, much in the same style as vlan(4). carp interfaces no longer require the physical interface to be on the same subnet as the carp interface, or even that the physical interface has an adress at all, so CARP can now be used on /30 networks.
ok deraadt@ henning@
|
Revision tags: OPENBSD_3_6_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.36 |
|
07-May-2004 |
millert |
Replace RSA-derived md5 code with code derived from Colin Plumb's PD version. This moves md5.c out of libkern and into sys/crypto where it belongs (as requested by markus@). Note that md5.c is still mandatory (dev/rnd.c uses it). Verified with IPsec + hmac-md5 and tcp md5sig. OK henning@ and hshoexer@
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE
|
#
1.35 |
|
08-Jul-2003 |
itojun |
on interface removal, clear multicast forwarding stuff. from kame
|
#
1.34 |
|
28-Jun-2003 |
itojun |
i don't think pfsync needs a link-local addr.
|
Revision tags: UBC_SYNC_A
|
#
1.33 |
|
14-May-2003 |
itojun |
it is unlikely that we introduce 6to4 interface (IFT_STF) to openbsd.
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_B
|
#
1.32 |
|
12-Sep-2002 |
itojun |
configure "next" pointer correctly. from j@pureftpd.org
|
#
1.31 |
|
11-Sep-2002 |
itojun |
fix pointer signedness mixup. sync w/kame
|
#
1.30 |
|
11-Sep-2002 |
itojun |
KNF - return is not a function. sync w/kame
|
#
1.29 |
|
11-Jun-2002 |
itojun |
silence some of log(), as the codepath will be visited for IPv6-non-capable interfaces too and can be annoying. net.inet6.icmp6.nd6_debug will re-enable them.
|
#
1.28 |
|
11-Jun-2002 |
itojun |
whitespace
|
#
1.27 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.26 |
|
07-Jun-2002 |
itojun |
whitespace sync w/kame
|
#
1.25 |
|
29-May-2002 |
itojun |
attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
|
#
1.24 |
|
29-May-2002 |
itojun |
move per-interface ip6/icmp6 stat to ifnet->if_afdata. sync w/kame
|
#
1.23 |
|
23-May-2002 |
itojun |
simplify condition to perform DAD. sync w/kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.22 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
Revision tags: UBC_BASE
|
#
1.21 |
|
07-Dec-2001 |
itojun |
branches: 1.21.2; whitespace/comment sync with kame
|
Revision tags: OPENBSD_3_0_BASE
|
#
1.20 |
|
23-Aug-2001 |
itojun |
suppress printf() on non-multicast interface. suppress ipv6 initialization for IFT_PFLOG.
|
#
1.19 |
|
23-Aug-2001 |
itojun |
don't try to enable IPv6 on IFT_PFLOG.
|
#
1.18 |
|
18-Jul-2001 |
itojun |
avoid using malloc() during interupt context for multicast kludge entry. allocate it on interface initialization.
|
#
1.17 |
|
09-Jun-2001 |
angelos |
No need for net/net_osdep.h
|
Revision tags: OPENBSD_2_9_BASE
|
#
1.16 |
|
16-Feb-2001 |
itojun |
cosmetic sync with kame
|
#
1.15 |
|
07-Feb-2001 |
itojun |
by default, don't bark on inbound ND messages, as outsider may be able to fill up /var with bogus packets. setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid ND packet and other occasions.
improve icmp6 stats.
|
#
1.14 |
|
18-Jan-2001 |
itojun |
do not remove default route by mistake, on interface removal.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.13 |
|
25-Oct-2000 |
jason |
silence the "no multicast" warning for IFT_ENC, too deraadt ok
|
#
1.12 |
|
18-Oct-2000 |
itojun |
don't try to configure IPv6 on bridge*. comment from deraadt
|
#
1.11 |
|
02-Oct-2000 |
itojun |
fix missing \n. from doug@freebsd (sync with kame)
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.10 |
|
05-May-2000 |
itojun |
cope with interface detach (like pcmcia card removal). remove any IPv6 addresses assigned to the interface. reported by ho, bunch of help from niklas. KAME PR 231.
|
#
1.9 |
|
27-Apr-2000 |
itojun |
correct in6_ifdetach(). free oia, not ia. Lennart says there are more problems to go (I don't own openbsd-current laptop). From: Lennart Augustsson <augustss@augustsson.net>
|
#
1.8 |
|
17-Apr-2000 |
itojun |
revisit in6_ifattach(). (1) make it more persistent about initializaing an interface (2) cleanup interface id selection. run NUD on p2p interface (required by spec for bidir p2p interface). add "ndp -i interface" (can tweak per-interface ND flag). (sync with more recent kame)
|
#
1.7 |
|
02-Mar-2000 |
itojun |
do not add ifa_dstaddr for non-pointopoint interface. IPv6 has no concept for "broadcast".
|
Revision tags: SMP_BASE
|
#
1.6 |
|
07-Feb-2000 |
itojun |
branches: 1.6.2; fix include file path related to ip6.
|
#
1.5 |
|
04-Feb-2000 |
itojun |
more coverage of in6_ifdetach()'s cleanup process. bug fix in SIOCGIFADDR_IN6 (point to point case).
|
#
1.4 |
|
02-Feb-2000 |
itojun |
- improve in6_ifdetach to remove (1) multicast kludge list (2) route to link-local allnode multicast (ff02:x::/32) - fix ifnet refcnt'ing in multicast kludge list management. - avoid dangling pointer in multicast kludge management.
(angelos, try this version of in6_ifdetach() - it should be better)
|
#
1.3 |
|
10-Dec-1999 |
itojun |
use proper type for in6_first_ifid (char -> u_int8_t) suggested by: deraadt
|
#
1.2 |
|
10-Dec-1999 |
angelos |
Remove remaining unnecessary ifdefs (itojun will hate me for this :-)
|
Revision tags: kame_19991208
|
#
1.1 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|