#
1.99 |
|
04-May-2023 |
bluhm |
Introduce a neighbor discovery mutex like ARP uses it. For now it only protects nd6_list. It does not unlock ND6 from kernel lock yet. OK kn@
|
#
1.98 |
|
02-May-2023 |
bluhm |
Call nd6_ns_output() without kernel lock from nd6_resolve(). OK kn@
|
#
1.97 |
|
05-Apr-2023 |
bluhm |
ARP has a sysctl to show the number of packets waiting for an arp response. Implement analog sysctl net.inet6.icmp6.nd6_queued for ND6 to reduce places where mbufs can hide within the kernel. Atomic operations operate on unsigned int. Make the type of total hold queue length consistent. Use atomic load to read the value for the sysctl. This clarifies why no lock around sysctl_rdint() is needed. OK mvs@ kn@
|
#
1.96 |
|
05-Apr-2023 |
bluhm |
ARP has a queue of packets that should be sent after name resolution. ND6 did only hold a single packet. Unify the logic and add a mbuf hold queue to struct llinfo_nd6. This is MP safe and queue limits are tracked with atomic operations. New function if_mqoutput() has common code for ARP and ND6. ln_saddr6 holds the source address of the requesting packet. That is easier than fiddling with mbuf queue in nd6_ns_output(). OK kn@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.95 |
|
06-Jan-2023 |
kn |
Clean up struct nd_opts, use nd6_options() function local variables
nd_opts_search is really the next option, so call it next_opt.
nd_opts_done == 1 means next_opt == NULL, i.e. no more option to handle, so zap the former and use the latter to stop.
Finally drop the useless struct members, all under _KERNEL.
OK claudio
|
#
1.94 |
|
10-Dec-2022 |
kn |
Merge nd6_option_init() into nd6_options()
All call-sites call nd6_options() directly after nd6_option_init(). Fold them to simplify the logic and do less pointing around.
Feedback OK bluhm florian
|
#
1.93 |
|
09-Dec-2022 |
claudio |
Switch nd_opts from a union to just a struct. The ND6 option handling in the kernel got a lot simpler since only the tgt and src lladdr option are inspected by the kernel. The magic of assigning options via one side of the union and accessing them via the other is total overkill and actually quite error prone. OK florian@
|
#
1.92 |
|
07-Dec-2022 |
kn |
Do not store unused ICMPv6 Option PREFIX_INFORMATION
Dead since 2017 sys/netinet6/nd6_rtr.c r1.163 Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
sysctl(2) net.inet6.icmp6.nd6_debug does not warn about it like it does for, e.g., duplicate MTU options, so don't do anything with this option.
Remove access macros for other unused options while here. Eventually, union nd_opts should be removed completely. All under _KERNEL.
tcpdump(8)/rad(8)/slaacd(8) keep showing/sending/receiving this option when running this diff on both router and client.
OK claudio
|
#
1.91 |
|
02-Dec-2022 |
kn |
Remove constant basereachable and retrans members from struct nd_ifinfo
Both are initalised with compile-time constants and never written to.
They are part of the Neighbour Discovery machinery and only surface through the single-user SIOCGIFINFO_IN6: $ ndp -i lo0 basereachable=30s0ms, reachable=39s, retrans=1s0ms
These values are read-only since 2017 sys/netinet6/nd6.c r1.217 usr.sbin/ndp/ndp.c r1.85 Remove knob and always do neighbor unreachable detection
Inline the macros (to keep meaningful names), shrink the per-interface allocated struct nd_ifinfo to what is actually needed and inline nd6_dad_starttimer()'s constant `msec' argument.
Nothing else in base, incl. regress, uses SIOCGIFINFO_IN6 or `ndp -i'.
OK bluhm
|
#
1.90 |
|
28-Nov-2022 |
kn |
Document struct nd_ifinfo protection, remove obsolete .initialized member
All access to struct ifnet's member *if_nd is read-only, with the one write exception being nd6_slowtimo() updating ND information.
IPv6 Neighbour Discovery information is fully protected by the net lock. --- nd6_ifattach() allocates and unconditionally initialises struct ifnet's *if_nd member, so early in if_attachsetup() that there is no way to query unitialised Neighour Unreachable Detection bits.
Only SIOCGIFINFO_IN6 through ndp(8) used the .initialized member: Added/set since 2002 sys/netinet6/nd6.c r1.42 attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
Read since 2002 usr.sbin/ndp/ndp.c r1.16 use new SIOCGIFINFO_IN6. random other cleanups. sync w/kame.
Obsolete since 2017 sys/netinet6/nd6.c r1.217 usr.sbin/ndp/ndp.c r1.85 Remove knob and always do neighbor unreachable detection.
Feedback OK bluhm
|
#
1.89 |
|
23-Nov-2022 |
kn |
Remove unused NDPRF_* defines; dead since 2017 sys/netinet6/nd6.c r1.210
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Outside of _KERNEL, but nothing in base uses it, either. codesearch.debian.net seems to agree.
OK mvs claudio bluhm
|
#
1.88 |
|
23-Nov-2022 |
kn |
Remove unused struct in6_ndifreq; dead since 2013 sys/netinet6/in6_var.h r1.37
Remove unused code manipulating a default interface and its index This is a leftover from the on-link assumption behavior removal, which has been deprecated by RFC4861 anyway.
Outside of _KERNEL, but nothing in base uses it, either. codesearch.debian.net seems to agree.
OK mvs claudio bluhm
|
#
1.87 |
|
23-Nov-2022 |
kn |
Remove unused struct prf_ra; dead since 2017 sys/netinet/icmp6.h r1.45
Get rid of ICMPV6CTL_ND6_DRLIST and ICMPV6CTL_ND6_PRLIST sysctls With this we can also get rid of in6_prefix and in6_defrouter. They are meaningless, the kernel no longer tracks this information.
Outside of _KERNEL, but nothing in base uses it, either. codesearch.debian.net seems to agree.
OK mvs claudio bluhm
|
#
1.86 |
|
23-Nov-2022 |
kn |
Inline useless ND_IFINFO() macro
A single cast-free struct pointer dereference needs no indirection. ND_IFINFO() is under _KERNEL.
OK mvs
|
#
1.85 |
|
23-Nov-2022 |
kn |
Let nd6_if{at,de}tach() be void and take an ifp argument
Do it like the rest of at/detach routines which modify a struct ifnet pointer without returning anything.
OK mvs
|
#
1.84 |
|
23-Nov-2022 |
kn |
Add *if_nd to struct ifnet, call nd6_if{at,de}tach() directly
*if_afdata[] and struct domain's dom_if{at,de}tach() are only used with IPv6 Neighbour Discovery in6_dom{at,de}tach(), which allocate/init and free single struct nd_ifinfo.
Set up a new ND-specific *if_nd member directly to avoid yet another layer of indirection and thus make the generic domain API obsolete.
The per-interface data is only accessed in nd6.c and nd6_nbr.c through the ND_IFINFO() macro; it is allocated and freed exactly once during interface at/detach, so document it as [I]mmutable.
OK bluhm mvs claudio
|
#
1.83 |
|
23-Nov-2022 |
kn |
Recommit previous "Remove useless struct in6_ifextra"
This was the right diff after all, I just confused myself between trees.
OK bluhm --- Remove useless struct in6_ifextra
in6_var.h r1.75 removed all other struct members.
Now It only contains a single struct nd_ifinfo pointer, so address family specific data might as well be just that.
ND_IFINFO() is the only way nd6_nbr.c and nd6.c access this data, there is no other usage of if_afdata[].
One allocation and unhelpful indirection less per interface.
All under _KERNEL.
OK claudio
|
#
1.82 |
|
22-Nov-2022 |
kn |
Backout "Remove useless struct in6_ifextra" commit
I committed the wrong iteration of this diff, sorry for the noise.
|
#
1.81 |
|
22-Nov-2022 |
kn |
Remove useless struct in6_ifextra
in6_var.h r1.75 removed all other struct members.
Now It only contains a single struct nd_ifinfo pointer, so address family specific data might as well be just that.
ND_IFINFO() is the only way nd6_nbr.c and nd6.c access this data, there is no other usage of if_afdata[].
One allocation and unhelpful indirection less per interface.
All under _KERNEL.
OK claudio
|
#
1.80 |
|
12-Nov-2022 |
kn |
Remove unused RS_LHCOOKIE macro
Added in 2014 110585f259f4974284e531f0a1e121b001a580dc Move sending of router solicitations to the kernel; [...] but never used.
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.79 |
|
08-Aug-2022 |
kn |
Constify in6_addr pointer arguments in nd6_*() functions
All of them are passed to inspect/copy out fields, none of the functions writes to the struct.
This makes it easier to argue about code (in MP context).
OK bluhm
|
#
1.78 |
|
28-Jul-2022 |
kn |
Zap prototypes for nonexistent nd6_setmtu() and in6_ifdel()
Removed in 2015 and 2002, respectively.
OK claudio
|
#
1.77 |
|
22-Jul-2022 |
kn |
Leftovers from florian's RS/NA purge from the kernel in 2017.
OK bluhm
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE
|
#
1.76 |
|
28-Mar-2020 |
florian |
Move ND6_PRIV_* constants from nd6.h to slaacd the only place where they are used. Nobody in the wider eco system uses these. While here reduce temporary address valid lifetime to 2 days as per draft-ietf-6man-rfc4941bis. This should considerably reduce the amount of addresses configured on an interface - a common complaint. Original diff from Fernando Gont (fernando AT gont.com.ar), thanks! Ports tree scanning by sthen@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.75 |
|
21-Jun-2019 |
mpi |
Prevent recursions by not deleting entries inside rtable_walk(9).
rtable_walk(9) now passes a routing entry back to the caller when a non zero value is returned and if it asked for it. This allows us to call rtdeletemsg()/rtrequest_delete() from the caller without creating a recursion because of rtflushclone().
Multicast code hasn't been adapted and is still possibly creating recursions. However multicast route entries aren't cloned so if a recursion exists it isn't because of rtflushclone().
Fix stack exhaustion triggered by the use of "-msave-args".
Issue reported by D��niel L��vai on bugs@ confirmed by and ok bluhm@.
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.74 |
|
27-Nov-2017 |
mpi |
Use a single timer for all ND6 entries.
This prevents a use-after-free reported by Hrvoje Popovski where the timeout function was already sleeping on the NET_LOCK() when ifconfig(8) removed the enry from the table.
By iterating on a global list in the timeout routine we ensure that the items are still valid when we process them. This also reduce differences with ARP.
ok bluhm@, visa@
|
#
1.73 |
|
03-Nov-2017 |
florian |
We are processing Router Solicitation / Advertisement messages only for the Source Link-layer Address Options. Merge nd6_rs_input() and nd6_ra_input() into one generic function that does just that.
input & OK mpi
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.72 |
|
09-Aug-2017 |
florian |
Remove knob and always do neighbor unreachable detection.
|
#
1.71 |
|
09-Aug-2017 |
florian |
accept_rtadv doesn't do anything since some time. OK mpi
|
#
1.70 |
|
09-Aug-2017 |
florian |
We are no longer generating privacy addresses in the kernel. OK mpi
|
#
1.69 |
|
08-Aug-2017 |
florian |
Stop running nd6_expire every second. We know when pltime or vltime decrease to zero. Run nd6_expire then. Input & OK mpi, bluhm
|
#
1.68 |
|
12-Jul-2017 |
florian |
Get rid of ICMPV6CTL_ND6_DRLIST and ICMPV6CTL_ND6_PRLIST sysctls With this we can also get rid of in6_prefix and in6_defrouter. They are meaningless, the kernel no longer tracks this information.
Pointed out by & OK mpi
|
#
1.67 |
|
11-Jul-2017 |
florian |
Purging is at last at hand. Day of Doom is here. All that is evil shall all be cleansed.
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Input & OK bluhm@, mpi@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.66 |
|
27-Dec-2016 |
bluhm |
Move nd6 timer initialisation to nd6_init() and call timeout_set() only once during init. OK mpi@
|
#
1.65 |
|
28-Nov-2016 |
mpi |
Remove multiple recursive splsoftnet().
ok bluhm@
|
#
1.64 |
|
21-Nov-2016 |
mpi |
Assert that prelist_update() is always called at IPL_SOFTNET.
While here use __func__ in debug strings to reduce noise when grepping.
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.63 |
|
13-Jul-2016 |
dlg |
store nd6 expiries in the route, not separately in the llinfo struct.
this makes it more consistent with arp, and makes expiries visible via route(8) get as well as ndp(8).
ok mpi@ florian@
|
#
1.62 |
|
15-Jun-2016 |
mpi |
Kill nd6_output(), it doesn't do anything since the resolution logic has been moved to nd6_resolve().
ok visa@, millert@, florian@, sthen@
|
#
1.61 |
|
08-Jun-2016 |
mpi |
Move ND resoluton logic from nd6_output() to nd6_storelladdr() and rename it to nd6_resolve().
This allows us to get rid of non-Ethernet hacks by moving Ethernet specific logic in the appropriate layer.
ok sthen@
|
#
1.60 |
|
01-Jun-2016 |
dlg |
make nd6_llinfo_settimer take seconds instead of ticks.
most callers are working in seconds, internally it uses seconds, and you can call timeout_add_sec as easily as timeout_add.
this also fixes an issue with an nd_defrouter expire which was incorrectly scaled with ticks in a comparison.
ok mpi@
|
#
1.59 |
|
30-May-2016 |
dlg |
remove code compensating for the "short" range of timeouts.
the nd6 code for managing expiries is never asked to handle intervals greater than what timeouts can handle, so we dont need to overcompensate.
the code was also incorrect by using a long, which isnt that long on ILP32 machines.
ok mpi@ millert@ benno@
|
#
1.58 |
|
30-Mar-2016 |
mpi |
Implement proxy ARP for ART based on mpath support.
Since mpath is not enabled in RAMDISK, proxy ARP won't work there either.
ok bluhm@
|
#
1.57 |
|
03-Mar-2016 |
jca |
Kill IPv6 prefix and router renumbering ioctls.
Router renumbering was never supported, prefix ioctls were deprecated ~15 years ago. Move some items in netinet6/nd6.h where they are still used.
ok mikeb@ mpi@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.56 |
|
18-Dec-2015 |
tb |
Convert arc4random() to arc4random_uniorm(). Diff by Matthew Martin.
Ensure that arc4random_uniform() doesn't loop by redefining ND6_MAX_DESYNC_FACTOR to be 512, the largest power of two smaller than the RFC-specified 600 seconds. Suggested by florian@ and deraadt@
ok florian@, sthen@ in this form, arc4random change ok djm@, tedu@
|
#
1.55 |
|
06-Nov-2015 |
mpi |
Change nd6_nud_hint() to no longer manipulate rt_ifp directly.
While here remove unused argument and convert the route check to rtisvalid(9).
ok bluhm@
|
#
1.54 |
|
02-Nov-2015 |
bluhm |
Implement the list of nd6 llinfo entries with a TAILQ. OK millert@ mpi@
|
#
1.53 |
|
02-Nov-2015 |
mpi |
Prefer an existing refcounted ``ifp'' to rt_ifp when possible or use the interface index directly.
ok bluhm@
|
#
1.52 |
|
28-Oct-2015 |
florian |
Remove linkmtu and maxmtu from struct nd_ifinfo. IN6_LINKMTU can now die and ifp->if_mtu is the one true mtu. Suggested by and OK mpi@
|
#
1.51 |
|
25-Oct-2015 |
mpi |
Introduce if_rtrequest() the successor of ifa_rtrequest().
L2 resolution depends on the protocol (encoded in the route entry) and an ``ifp''. Not having to care about an ``ifa'' makes our life easier in our MP effort. Fewer dependencies between data structures implies fewer headaches.
Discussed with bluhm@, ok claudio@
|
#
1.50 |
|
24-Oct-2015 |
mpi |
Ignore Router Advertisment's current hop limit.
Appart from the usual inet6 axe murdering exercise to keep you fit, this allows us to get rid of a lot of layer violation due to the use of per- ifp variables to store the current hop limit.
Imputs from bluhm@, ok phessler@, florian@, bluhm@
|
#
1.49 |
|
31-Aug-2015 |
mpi |
The return value of nd6_cache_lladdr() is never used so make it a void.
Fewer "struct rtentry" left in the wild!
|
#
1.48 |
|
24-Aug-2015 |
mpi |
nd6_prefix_add() is no longer used and die.
|
#
1.47 |
|
24-Aug-2015 |
mpi |
Start moving away from the global prefix list by limiting its usage to AUTOCONF'd addresses.
This prevent the kernel from removing connected (/64) routes as soon as it configures an AUTOCONF'd address based on a RA.
Tested by sebastia@, ok sthen@
|
#
1.46 |
|
24-Aug-2015 |
mpi |
Rework the code to decide when to perform DAD to no longer rely on the IN6_IFF_NODAD pseudo-flag not being set.
This was just a flag for spaghetti code that should not exist in the first place.
Tested by sebastia@, ok sthen@
|
#
1.45 |
|
18-Aug-2015 |
mpi |
Call rtfree(9) when we no longer need the route entry rather than decrementing rt_refcnt just after rtrequest1(9).
While here reduce the differences with rt_ifa_add(9). There's still an ambiguity about rtrequest1(9)'s return value, but bluhm@ will address that in a different diff.
Discussed with and ok bluhm@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.44 |
|
18-Jul-2015 |
mpi |
Merge two identical chunks to add new prefixes to the global data structures into a function.
ok florian@
|
#
1.43 |
|
16-Jul-2015 |
mpi |
Properly layer Router Solicitation code.
Tweak and ok florian@
|
#
1.42 |
|
09-Jul-2015 |
mpi |
Remove unused arguments and the associated code from nd6_nud_hint().
ok claudio@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.41 |
|
20-Nov-2014 |
mpi |
Rework the handling of interfaces and IPv6 addresses for local delivery.
- Unicast packets sent to any local address will have their interface set to loobpack.
- In order to differentiate traffic from interfaces having identical link-local addresses, provide the scoped addresses to pf(4).
- Update the icmp6 state lookup logic to match scoped MLL addresses.
- Remove a shortcut in ip6_input() that bypasses pf and always look for an RTF_LOCAL route.
Packets sent to multicast addresses still retain their original interface due to the fact that local multicast packet delivering does not use if_output.
This makes ping6 to link-local addresses work even with pf enabled and "set skip" on loopbacks, reported by Pieter Verberne.
Debugged, analysed and tested with mikeb@.
ok mikeb@, henning@, sthen@
|
#
1.40 |
|
10-Nov-2014 |
mpi |
Do not pass an ifa pointer when we already have a DAD descriptor.
Tweaks and ok florian@
|
#
1.39 |
|
25-Aug-2014 |
florian |
Move sending of router solicitations to the kernel; receiving and processing of router advertisements was already in the kernel. With this rtsol{,d}(8) is no longer necessary.
The kernel starts sending solicitations with # ifconfig $IF inet6 autoconf or inet6 autoconf in /etc/hostname.$IF.
input stsp@ much help & OK mpi@ tweaks & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.38 |
|
11-Jul-2014 |
blambert |
move IPv6 prefix adding from workq to taskq; as a happy benefit, we can delete 2 dozen or so lines that check to see if we've queued up a prefix addition multiple times.
ok stsp@
|
#
1.37 |
|
07-May-2014 |
mpi |
Kill the {nd6_,}useloopback buttons, using the loopback interface for local traffic is not optional.
ok mikeb@, stsp@, jca@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.36 |
|
07-Jan-2014 |
mikeb |
Propagate an rdomain number to the nd6_lookup independently from the ifp pointer which can be NULL. This prevents a crash reported by David Hill <dhill at mindcry ! org>. OK bluhm
|
#
1.35 |
|
25-Oct-2013 |
deraadt |
More _KERNEL namespace cleanup, just in case something out there includes this.
|
#
1.34 |
|
28-Aug-2013 |
mpi |
Remove unused argument from *rtrequest()
ok krw@, mikeb@
|
#
1.33 |
|
26-Aug-2013 |
bluhm |
No one uses the obsolete IPv6 ioctls SIOCGDRLST_IN6, SIOCGPRLST_IN6, OSIOCGIFINFO_IN6 anymore. Remove them together with the structs in6_drlist, in6_oprlist, in6_prlist, in6_ondireq and the kernel implementation. OK mikeb@ henning@
|
#
1.32 |
|
11-Aug-2013 |
bluhm |
To control the lifetime of IPv6 addresses, prefixes and default routers, the kernel and ndp use a bunch of expire fields. Before they were int or u_long, convert expire to time_t in all structs. Move vltime and pltime to u_int32_t everywhere. Sort struct fields by size. Struct inet6_ndpr_msghdr is not used at all, so remove it.
Binary compatibility of rtsold and ndp break with this change as rtsold uses in6_drlist and ndp uses in6_defrouter and in6_prefix to interact with the kernel.
OK mpi@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.31 |
|
01-Jul-2013 |
bluhm |
Do not access queue fields directly, use FOREACH() macro instead. No binary change. OK mikeb@ mpi@
|
#
1.30 |
|
11-Mar-2013 |
mpi |
Remove unused code manipulating a default interface and its index, This is a leftover from the on-link assumption behavior removal, which has been deprecated by RFC4861 anyway.
ok mikeb@, bluhm@, florian@
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.29 |
|
14-Feb-2012 |
sthen |
typo in comment.
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.28 |
|
03-Apr-2011 |
stsp |
fix typos in comments ok deraadt henning sthen thib (though thib says he can't spell)
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE
|
#
1.27 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE
|
#
1.26 |
|
11-Jun-2008 |
mcbride |
From KAME, allow adjustable limits on NDP entries and discovered routes.
ok mpf naddy
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.25 |
|
08-Jul-2003 |
itojun |
unifdef -U__otherBSD__
|
#
1.24 |
|
27-Jun-2003 |
itojun |
split ND6 cache timer management to per-entry. increased accuracy, no O(N) loop. sync w/ kame. marc tested, daniel ok
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_A UBC_SYNC_B
|
#
1.23 |
|
08-Jun-2002 |
itojun |
gc
|
#
1.22 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.21 |
|
07-Jun-2002 |
itojun |
cope with cases where maxmtu == 0 (shouldn't happen)
|
#
1.20 |
|
05-Jun-2002 |
itojun |
be sure to use L3 MTU, not L2 MTU, when specified in spec (affects FDDI/ARCnet)
|
#
1.19 |
|
30-May-2002 |
itojun |
improve nd6_setmtu(), to warn too-small MTU on SIOCSIFMTU. sync w/kame
|
#
1.18 |
|
29-May-2002 |
itojun |
no need to supply obsolete field name "receivedra"
|
#
1.17 |
|
29-May-2002 |
itojun |
attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.16 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
#
1.15 |
|
23-Jan-2002 |
fgsch |
compatability -> compatibility.
|
Revision tags: OPENBSD_2_9_BASE OPENBSD_3_0_BASE UBC_BASE
|
#
1.14 |
|
23-Feb-2001 |
itojun |
branches: 1.14.6; garbage-collect stale ND entries (default: 1 day). RFC 2461 5.3. sync with kame.
|
#
1.13 |
|
23-Feb-2001 |
itojun |
remove unnecessary state, ND6_LLINFO_WAITDELETE, from neighbor cache state machine. no need for RTF_REJECT on neighbor cache entires, they are leftover from ARP code. sync with kame.
|
#
1.12 |
|
08-Feb-2001 |
itojun |
when chasing nd6_llinfo chain, make sure we do not touch dangling pointer (due to RTM_DELETE during default router list management). from kame
|
#
1.11 |
|
08-Feb-2001 |
itojun |
use timeout_xx() throughout sys/netinet6. sync with kame.
|
#
1.10 |
|
07-Feb-2001 |
itojun |
by default, don't bark on inbound ND messages, as outsider may be able to fill up /var with bogus packets. setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid ND packet and other occasions.
improve icmp6 stats.
|
#
1.9 |
|
19-Jan-2001 |
itojun |
pull post-4.4BSD change to sys/net/route.c from BSD/OS 4.2 (UCB copyrighted).
have sys/net/route.c:rtrequest1(), which takes rt_addrinfo * as the argument. pass rt_addrinfo all the way down to rtrequest, and ifa->ifa_rtrequest. 3rd arg of ifa->ifa_rtrequest is now rt_addrinfo * instead of sockaddr * (almost noone is using it anyways).
benefit: the follwoing command now works. previously we need two route(8) invocations, "add" then "change". # route add -inet6 default ::1 -ifp gif0
remove unsafe typecast in rtrequest(), from rtentry * to sockaddr *. it was introduced by 4.3BSD-reno and never corrected.
XXX is eon_rtrequest() change correct regarding to 3rd arg? eon_rtrequest() and rtrequest() were incorrect since 4.3BSD-reno, so i do not have correct answer in the source code. someone with more clue about netiso-over-ip, please help.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.8 |
|
06-Jul-2000 |
itojun |
- more icmp6/ip6 stats. - protect IPv6 ND from being hosed (due to neighbor unreachability detection hint) by wrong tcp traffic. still not sure if there's real attack, but it is good to be cautious. - avoid bitfield for router renumbering header decl. - implement packet-per-sec limitation for icmp6 errors, turn interval limit off (it is not very useful due to unix timer resolution).
|
#
1.7 |
|
19-May-2000 |
itojun |
never forward packet with link-local address. experimental support for new loopback packet handling (with FAKE_LOOPBACK_IF, rcvif will be set to real outgoing interface, not the loopback, to honor scope) sync with kame.
|
#
1.6 |
|
15-May-2000 |
itojun |
perform NUD on p2p link, only if the destination/gateway is real neighbor. this removes temporary workaround (no NUD on p2p link). KAME PR 245.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.5 |
|
17-Apr-2000 |
itojun |
revisit in6_ifattach(). (1) make it more persistent about initializaing an interface (2) cleanup interface id selection. run NUD on p2p interface (required by spec for bidir p2p interface). add "ndp -i interface" (can tweak per-interface ND flag). (sync with more recent kame)
|
#
1.4 |
|
28-Feb-2000 |
itojun |
bring in recent KAME changes (only important and stable ones, as usual). - remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works just like "arp -s". - revise source address selection. be more careful about use of yet-to-be-valid addresses as source. - as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope packet forwarding attempt. - path MTU discovery takes care of routing header properly. - be more strict about mbuf chain parsing. - nuke xxCTL_VARS #define, they are for BSDI. - disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit IPv6 model where multiple address on interface is normal. (kernel side supports them for a while for backward compat, the support will be nuked shortly) - introduce "default outgoing interface" (for spec conformance in very rare case)
|
Revision tags: SMP_BASE
|
#
1.3 |
|
04-Feb-2000 |
itojun |
branches: 1.3.2; more coverage of in6_ifdetach()'s cleanup process. bug fix in SIOCGIFADDR_IN6 (point to point case).
|
#
1.2 |
|
08-Jan-2000 |
deraadt |
use arc4random() instead of random for two reasons. 1) on some architectures, random() should only be used by the scheduler (ie. statintr() because it is uniformly distributed 2) arc4random() is actually strong, random() is not at all
|
Revision tags: kame_19991208
|
#
1.1 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
#
1.98 |
|
02-May-2023 |
bluhm |
Call nd6_ns_output() without kernel lock from nd6_resolve(). OK kn@
|
#
1.97 |
|
05-Apr-2023 |
bluhm |
ARP has a sysctl to show the number of packets waiting for an arp response. Implement analog sysctl net.inet6.icmp6.nd6_queued for ND6 to reduce places where mbufs can hide within the kernel. Atomic operations operate on unsigned int. Make the type of total hold queue length consistent. Use atomic load to read the value for the sysctl. This clarifies why no lock around sysctl_rdint() is needed. OK mvs@ kn@
|
#
1.96 |
|
05-Apr-2023 |
bluhm |
ARP has a queue of packets that should be sent after name resolution. ND6 did only hold a single packet. Unify the logic and add a mbuf hold queue to struct llinfo_nd6. This is MP safe and queue limits are tracked with atomic operations. New function if_mqoutput() has common code for ARP and ND6. ln_saddr6 holds the source address of the requesting packet. That is easier than fiddling with mbuf queue in nd6_ns_output(). OK kn@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.95 |
|
06-Jan-2023 |
kn |
Clean up struct nd_opts, use nd6_options() function local variables
nd_opts_search is really the next option, so call it next_opt.
nd_opts_done == 1 means next_opt == NULL, i.e. no more option to handle, so zap the former and use the latter to stop.
Finally drop the useless struct members, all under _KERNEL.
OK claudio
|
#
1.94 |
|
10-Dec-2022 |
kn |
Merge nd6_option_init() into nd6_options()
All call-sites call nd6_options() directly after nd6_option_init(). Fold them to simplify the logic and do less pointing around.
Feedback OK bluhm florian
|
#
1.93 |
|
09-Dec-2022 |
claudio |
Switch nd_opts from a union to just a struct. The ND6 option handling in the kernel got a lot simpler since only the tgt and src lladdr option are inspected by the kernel. The magic of assigning options via one side of the union and accessing them via the other is total overkill and actually quite error prone. OK florian@
|
#
1.92 |
|
07-Dec-2022 |
kn |
Do not store unused ICMPv6 Option PREFIX_INFORMATION
Dead since 2017 sys/netinet6/nd6_rtr.c r1.163 Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
sysctl(2) net.inet6.icmp6.nd6_debug does not warn about it like it does for, e.g., duplicate MTU options, so don't do anything with this option.
Remove access macros for other unused options while here. Eventually, union nd_opts should be removed completely. All under _KERNEL.
tcpdump(8)/rad(8)/slaacd(8) keep showing/sending/receiving this option when running this diff on both router and client.
OK claudio
|
#
1.91 |
|
02-Dec-2022 |
kn |
Remove constant basereachable and retrans members from struct nd_ifinfo
Both are initalised with compile-time constants and never written to.
They are part of the Neighbour Discovery machinery and only surface through the single-user SIOCGIFINFO_IN6: $ ndp -i lo0 basereachable=30s0ms, reachable=39s, retrans=1s0ms
These values are read-only since 2017 sys/netinet6/nd6.c r1.217 usr.sbin/ndp/ndp.c r1.85 Remove knob and always do neighbor unreachable detection
Inline the macros (to keep meaningful names), shrink the per-interface allocated struct nd_ifinfo to what is actually needed and inline nd6_dad_starttimer()'s constant `msec' argument.
Nothing else in base, incl. regress, uses SIOCGIFINFO_IN6 or `ndp -i'.
OK bluhm
|
#
1.90 |
|
28-Nov-2022 |
kn |
Document struct nd_ifinfo protection, remove obsolete .initialized member
All access to struct ifnet's member *if_nd is read-only, with the one write exception being nd6_slowtimo() updating ND information.
IPv6 Neighbour Discovery information is fully protected by the net lock. --- nd6_ifattach() allocates and unconditionally initialises struct ifnet's *if_nd member, so early in if_attachsetup() that there is no way to query unitialised Neighour Unreachable Detection bits.
Only SIOCGIFINFO_IN6 through ndp(8) used the .initialized member: Added/set since 2002 sys/netinet6/nd6.c r1.42 attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
Read since 2002 usr.sbin/ndp/ndp.c r1.16 use new SIOCGIFINFO_IN6. random other cleanups. sync w/kame.
Obsolete since 2017 sys/netinet6/nd6.c r1.217 usr.sbin/ndp/ndp.c r1.85 Remove knob and always do neighbor unreachable detection.
Feedback OK bluhm
|
#
1.89 |
|
23-Nov-2022 |
kn |
Remove unused NDPRF_* defines; dead since 2017 sys/netinet6/nd6.c r1.210
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Outside of _KERNEL, but nothing in base uses it, either. codesearch.debian.net seems to agree.
OK mvs claudio bluhm
|
#
1.88 |
|
23-Nov-2022 |
kn |
Remove unused struct in6_ndifreq; dead since 2013 sys/netinet6/in6_var.h r1.37
Remove unused code manipulating a default interface and its index This is a leftover from the on-link assumption behavior removal, which has been deprecated by RFC4861 anyway.
Outside of _KERNEL, but nothing in base uses it, either. codesearch.debian.net seems to agree.
OK mvs claudio bluhm
|
#
1.87 |
|
23-Nov-2022 |
kn |
Remove unused struct prf_ra; dead since 2017 sys/netinet/icmp6.h r1.45
Get rid of ICMPV6CTL_ND6_DRLIST and ICMPV6CTL_ND6_PRLIST sysctls With this we can also get rid of in6_prefix and in6_defrouter. They are meaningless, the kernel no longer tracks this information.
Outside of _KERNEL, but nothing in base uses it, either. codesearch.debian.net seems to agree.
OK mvs claudio bluhm
|
#
1.86 |
|
23-Nov-2022 |
kn |
Inline useless ND_IFINFO() macro
A single cast-free struct pointer dereference needs no indirection. ND_IFINFO() is under _KERNEL.
OK mvs
|
#
1.85 |
|
23-Nov-2022 |
kn |
Let nd6_if{at,de}tach() be void and take an ifp argument
Do it like the rest of at/detach routines which modify a struct ifnet pointer without returning anything.
OK mvs
|
#
1.84 |
|
23-Nov-2022 |
kn |
Add *if_nd to struct ifnet, call nd6_if{at,de}tach() directly
*if_afdata[] and struct domain's dom_if{at,de}tach() are only used with IPv6 Neighbour Discovery in6_dom{at,de}tach(), which allocate/init and free single struct nd_ifinfo.
Set up a new ND-specific *if_nd member directly to avoid yet another layer of indirection and thus make the generic domain API obsolete.
The per-interface data is only accessed in nd6.c and nd6_nbr.c through the ND_IFINFO() macro; it is allocated and freed exactly once during interface at/detach, so document it as [I]mmutable.
OK bluhm mvs claudio
|
#
1.83 |
|
23-Nov-2022 |
kn |
Recommit previous "Remove useless struct in6_ifextra"
This was the right diff after all, I just confused myself between trees.
OK bluhm --- Remove useless struct in6_ifextra
in6_var.h r1.75 removed all other struct members.
Now It only contains a single struct nd_ifinfo pointer, so address family specific data might as well be just that.
ND_IFINFO() is the only way nd6_nbr.c and nd6.c access this data, there is no other usage of if_afdata[].
One allocation and unhelpful indirection less per interface.
All under _KERNEL.
OK claudio
|
#
1.82 |
|
22-Nov-2022 |
kn |
Backout "Remove useless struct in6_ifextra" commit
I committed the wrong iteration of this diff, sorry for the noise.
|
#
1.81 |
|
22-Nov-2022 |
kn |
Remove useless struct in6_ifextra
in6_var.h r1.75 removed all other struct members.
Now It only contains a single struct nd_ifinfo pointer, so address family specific data might as well be just that.
ND_IFINFO() is the only way nd6_nbr.c and nd6.c access this data, there is no other usage of if_afdata[].
One allocation and unhelpful indirection less per interface.
All under _KERNEL.
OK claudio
|
#
1.80 |
|
12-Nov-2022 |
kn |
Remove unused RS_LHCOOKIE macro
Added in 2014 110585f259f4974284e531f0a1e121b001a580dc Move sending of router solicitations to the kernel; [...] but never used.
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.79 |
|
08-Aug-2022 |
kn |
Constify in6_addr pointer arguments in nd6_*() functions
All of them are passed to inspect/copy out fields, none of the functions writes to the struct.
This makes it easier to argue about code (in MP context).
OK bluhm
|
#
1.78 |
|
28-Jul-2022 |
kn |
Zap prototypes for nonexistent nd6_setmtu() and in6_ifdel()
Removed in 2015 and 2002, respectively.
OK claudio
|
#
1.77 |
|
22-Jul-2022 |
kn |
Leftovers from florian's RS/NA purge from the kernel in 2017.
OK bluhm
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE
|
#
1.76 |
|
28-Mar-2020 |
florian |
Move ND6_PRIV_* constants from nd6.h to slaacd the only place where they are used. Nobody in the wider eco system uses these. While here reduce temporary address valid lifetime to 2 days as per draft-ietf-6man-rfc4941bis. This should considerably reduce the amount of addresses configured on an interface - a common complaint. Original diff from Fernando Gont (fernando AT gont.com.ar), thanks! Ports tree scanning by sthen@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.75 |
|
21-Jun-2019 |
mpi |
Prevent recursions by not deleting entries inside rtable_walk(9).
rtable_walk(9) now passes a routing entry back to the caller when a non zero value is returned and if it asked for it. This allows us to call rtdeletemsg()/rtrequest_delete() from the caller without creating a recursion because of rtflushclone().
Multicast code hasn't been adapted and is still possibly creating recursions. However multicast route entries aren't cloned so if a recursion exists it isn't because of rtflushclone().
Fix stack exhaustion triggered by the use of "-msave-args".
Issue reported by D��niel L��vai on bugs@ confirmed by and ok bluhm@.
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.74 |
|
27-Nov-2017 |
mpi |
Use a single timer for all ND6 entries.
This prevents a use-after-free reported by Hrvoje Popovski where the timeout function was already sleeping on the NET_LOCK() when ifconfig(8) removed the enry from the table.
By iterating on a global list in the timeout routine we ensure that the items are still valid when we process them. This also reduce differences with ARP.
ok bluhm@, visa@
|
#
1.73 |
|
03-Nov-2017 |
florian |
We are processing Router Solicitation / Advertisement messages only for the Source Link-layer Address Options. Merge nd6_rs_input() and nd6_ra_input() into one generic function that does just that.
input & OK mpi
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.72 |
|
09-Aug-2017 |
florian |
Remove knob and always do neighbor unreachable detection.
|
#
1.71 |
|
09-Aug-2017 |
florian |
accept_rtadv doesn't do anything since some time. OK mpi
|
#
1.70 |
|
09-Aug-2017 |
florian |
We are no longer generating privacy addresses in the kernel. OK mpi
|
#
1.69 |
|
08-Aug-2017 |
florian |
Stop running nd6_expire every second. We know when pltime or vltime decrease to zero. Run nd6_expire then. Input & OK mpi, bluhm
|
#
1.68 |
|
12-Jul-2017 |
florian |
Get rid of ICMPV6CTL_ND6_DRLIST and ICMPV6CTL_ND6_PRLIST sysctls With this we can also get rid of in6_prefix and in6_defrouter. They are meaningless, the kernel no longer tracks this information.
Pointed out by & OK mpi
|
#
1.67 |
|
11-Jul-2017 |
florian |
Purging is at last at hand. Day of Doom is here. All that is evil shall all be cleansed.
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Input & OK bluhm@, mpi@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.66 |
|
27-Dec-2016 |
bluhm |
Move nd6 timer initialisation to nd6_init() and call timeout_set() only once during init. OK mpi@
|
#
1.65 |
|
28-Nov-2016 |
mpi |
Remove multiple recursive splsoftnet().
ok bluhm@
|
#
1.64 |
|
21-Nov-2016 |
mpi |
Assert that prelist_update() is always called at IPL_SOFTNET.
While here use __func__ in debug strings to reduce noise when grepping.
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.63 |
|
13-Jul-2016 |
dlg |
store nd6 expiries in the route, not separately in the llinfo struct.
this makes it more consistent with arp, and makes expiries visible via route(8) get as well as ndp(8).
ok mpi@ florian@
|
#
1.62 |
|
15-Jun-2016 |
mpi |
Kill nd6_output(), it doesn't do anything since the resolution logic has been moved to nd6_resolve().
ok visa@, millert@, florian@, sthen@
|
#
1.61 |
|
08-Jun-2016 |
mpi |
Move ND resoluton logic from nd6_output() to nd6_storelladdr() and rename it to nd6_resolve().
This allows us to get rid of non-Ethernet hacks by moving Ethernet specific logic in the appropriate layer.
ok sthen@
|
#
1.60 |
|
01-Jun-2016 |
dlg |
make nd6_llinfo_settimer take seconds instead of ticks.
most callers are working in seconds, internally it uses seconds, and you can call timeout_add_sec as easily as timeout_add.
this also fixes an issue with an nd_defrouter expire which was incorrectly scaled with ticks in a comparison.
ok mpi@
|
#
1.59 |
|
30-May-2016 |
dlg |
remove code compensating for the "short" range of timeouts.
the nd6 code for managing expiries is never asked to handle intervals greater than what timeouts can handle, so we dont need to overcompensate.
the code was also incorrect by using a long, which isnt that long on ILP32 machines.
ok mpi@ millert@ benno@
|
#
1.58 |
|
30-Mar-2016 |
mpi |
Implement proxy ARP for ART based on mpath support.
Since mpath is not enabled in RAMDISK, proxy ARP won't work there either.
ok bluhm@
|
#
1.57 |
|
03-Mar-2016 |
jca |
Kill IPv6 prefix and router renumbering ioctls.
Router renumbering was never supported, prefix ioctls were deprecated ~15 years ago. Move some items in netinet6/nd6.h where they are still used.
ok mikeb@ mpi@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.56 |
|
18-Dec-2015 |
tb |
Convert arc4random() to arc4random_uniorm(). Diff by Matthew Martin.
Ensure that arc4random_uniform() doesn't loop by redefining ND6_MAX_DESYNC_FACTOR to be 512, the largest power of two smaller than the RFC-specified 600 seconds. Suggested by florian@ and deraadt@
ok florian@, sthen@ in this form, arc4random change ok djm@, tedu@
|
#
1.55 |
|
06-Nov-2015 |
mpi |
Change nd6_nud_hint() to no longer manipulate rt_ifp directly.
While here remove unused argument and convert the route check to rtisvalid(9).
ok bluhm@
|
#
1.54 |
|
02-Nov-2015 |
bluhm |
Implement the list of nd6 llinfo entries with a TAILQ. OK millert@ mpi@
|
#
1.53 |
|
02-Nov-2015 |
mpi |
Prefer an existing refcounted ``ifp'' to rt_ifp when possible or use the interface index directly.
ok bluhm@
|
#
1.52 |
|
28-Oct-2015 |
florian |
Remove linkmtu and maxmtu from struct nd_ifinfo. IN6_LINKMTU can now die and ifp->if_mtu is the one true mtu. Suggested by and OK mpi@
|
#
1.51 |
|
25-Oct-2015 |
mpi |
Introduce if_rtrequest() the successor of ifa_rtrequest().
L2 resolution depends on the protocol (encoded in the route entry) and an ``ifp''. Not having to care about an ``ifa'' makes our life easier in our MP effort. Fewer dependencies between data structures implies fewer headaches.
Discussed with bluhm@, ok claudio@
|
#
1.50 |
|
24-Oct-2015 |
mpi |
Ignore Router Advertisment's current hop limit.
Appart from the usual inet6 axe murdering exercise to keep you fit, this allows us to get rid of a lot of layer violation due to the use of per- ifp variables to store the current hop limit.
Imputs from bluhm@, ok phessler@, florian@, bluhm@
|
#
1.49 |
|
31-Aug-2015 |
mpi |
The return value of nd6_cache_lladdr() is never used so make it a void.
Fewer "struct rtentry" left in the wild!
|
#
1.48 |
|
24-Aug-2015 |
mpi |
nd6_prefix_add() is no longer used and die.
|
#
1.47 |
|
24-Aug-2015 |
mpi |
Start moving away from the global prefix list by limiting its usage to AUTOCONF'd addresses.
This prevent the kernel from removing connected (/64) routes as soon as it configures an AUTOCONF'd address based on a RA.
Tested by sebastia@, ok sthen@
|
#
1.46 |
|
24-Aug-2015 |
mpi |
Rework the code to decide when to perform DAD to no longer rely on the IN6_IFF_NODAD pseudo-flag not being set.
This was just a flag for spaghetti code that should not exist in the first place.
Tested by sebastia@, ok sthen@
|
#
1.45 |
|
18-Aug-2015 |
mpi |
Call rtfree(9) when we no longer need the route entry rather than decrementing rt_refcnt just after rtrequest1(9).
While here reduce the differences with rt_ifa_add(9). There's still an ambiguity about rtrequest1(9)'s return value, but bluhm@ will address that in a different diff.
Discussed with and ok bluhm@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.44 |
|
18-Jul-2015 |
mpi |
Merge two identical chunks to add new prefixes to the global data structures into a function.
ok florian@
|
#
1.43 |
|
16-Jul-2015 |
mpi |
Properly layer Router Solicitation code.
Tweak and ok florian@
|
#
1.42 |
|
09-Jul-2015 |
mpi |
Remove unused arguments and the associated code from nd6_nud_hint().
ok claudio@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.41 |
|
20-Nov-2014 |
mpi |
Rework the handling of interfaces and IPv6 addresses for local delivery.
- Unicast packets sent to any local address will have their interface set to loobpack.
- In order to differentiate traffic from interfaces having identical link-local addresses, provide the scoped addresses to pf(4).
- Update the icmp6 state lookup logic to match scoped MLL addresses.
- Remove a shortcut in ip6_input() that bypasses pf and always look for an RTF_LOCAL route.
Packets sent to multicast addresses still retain their original interface due to the fact that local multicast packet delivering does not use if_output.
This makes ping6 to link-local addresses work even with pf enabled and "set skip" on loopbacks, reported by Pieter Verberne.
Debugged, analysed and tested with mikeb@.
ok mikeb@, henning@, sthen@
|
#
1.40 |
|
10-Nov-2014 |
mpi |
Do not pass an ifa pointer when we already have a DAD descriptor.
Tweaks and ok florian@
|
#
1.39 |
|
25-Aug-2014 |
florian |
Move sending of router solicitations to the kernel; receiving and processing of router advertisements was already in the kernel. With this rtsol{,d}(8) is no longer necessary.
The kernel starts sending solicitations with # ifconfig $IF inet6 autoconf or inet6 autoconf in /etc/hostname.$IF.
input stsp@ much help & OK mpi@ tweaks & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.38 |
|
11-Jul-2014 |
blambert |
move IPv6 prefix adding from workq to taskq; as a happy benefit, we can delete 2 dozen or so lines that check to see if we've queued up a prefix addition multiple times.
ok stsp@
|
#
1.37 |
|
07-May-2014 |
mpi |
Kill the {nd6_,}useloopback buttons, using the loopback interface for local traffic is not optional.
ok mikeb@, stsp@, jca@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.36 |
|
07-Jan-2014 |
mikeb |
Propagate an rdomain number to the nd6_lookup independently from the ifp pointer which can be NULL. This prevents a crash reported by David Hill <dhill at mindcry ! org>. OK bluhm
|
#
1.35 |
|
25-Oct-2013 |
deraadt |
More _KERNEL namespace cleanup, just in case something out there includes this.
|
#
1.34 |
|
28-Aug-2013 |
mpi |
Remove unused argument from *rtrequest()
ok krw@, mikeb@
|
#
1.33 |
|
26-Aug-2013 |
bluhm |
No one uses the obsolete IPv6 ioctls SIOCGDRLST_IN6, SIOCGPRLST_IN6, OSIOCGIFINFO_IN6 anymore. Remove them together with the structs in6_drlist, in6_oprlist, in6_prlist, in6_ondireq and the kernel implementation. OK mikeb@ henning@
|
#
1.32 |
|
11-Aug-2013 |
bluhm |
To control the lifetime of IPv6 addresses, prefixes and default routers, the kernel and ndp use a bunch of expire fields. Before they were int or u_long, convert expire to time_t in all structs. Move vltime and pltime to u_int32_t everywhere. Sort struct fields by size. Struct inet6_ndpr_msghdr is not used at all, so remove it.
Binary compatibility of rtsold and ndp break with this change as rtsold uses in6_drlist and ndp uses in6_defrouter and in6_prefix to interact with the kernel.
OK mpi@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.31 |
|
01-Jul-2013 |
bluhm |
Do not access queue fields directly, use FOREACH() macro instead. No binary change. OK mikeb@ mpi@
|
#
1.30 |
|
11-Mar-2013 |
mpi |
Remove unused code manipulating a default interface and its index, This is a leftover from the on-link assumption behavior removal, which has been deprecated by RFC4861 anyway.
ok mikeb@, bluhm@, florian@
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.29 |
|
14-Feb-2012 |
sthen |
typo in comment.
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.28 |
|
03-Apr-2011 |
stsp |
fix typos in comments ok deraadt henning sthen thib (though thib says he can't spell)
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE
|
#
1.27 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE
|
#
1.26 |
|
11-Jun-2008 |
mcbride |
From KAME, allow adjustable limits on NDP entries and discovered routes.
ok mpf naddy
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.25 |
|
08-Jul-2003 |
itojun |
unifdef -U__otherBSD__
|
#
1.24 |
|
27-Jun-2003 |
itojun |
split ND6 cache timer management to per-entry. increased accuracy, no O(N) loop. sync w/ kame. marc tested, daniel ok
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_A UBC_SYNC_B
|
#
1.23 |
|
08-Jun-2002 |
itojun |
gc
|
#
1.22 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.21 |
|
07-Jun-2002 |
itojun |
cope with cases where maxmtu == 0 (shouldn't happen)
|
#
1.20 |
|
05-Jun-2002 |
itojun |
be sure to use L3 MTU, not L2 MTU, when specified in spec (affects FDDI/ARCnet)
|
#
1.19 |
|
30-May-2002 |
itojun |
improve nd6_setmtu(), to warn too-small MTU on SIOCSIFMTU. sync w/kame
|
#
1.18 |
|
29-May-2002 |
itojun |
no need to supply obsolete field name "receivedra"
|
#
1.17 |
|
29-May-2002 |
itojun |
attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.16 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
#
1.15 |
|
23-Jan-2002 |
fgsch |
compatability -> compatibility.
|
Revision tags: OPENBSD_2_9_BASE OPENBSD_3_0_BASE UBC_BASE
|
#
1.14 |
|
23-Feb-2001 |
itojun |
branches: 1.14.6; garbage-collect stale ND entries (default: 1 day). RFC 2461 5.3. sync with kame.
|
#
1.13 |
|
23-Feb-2001 |
itojun |
remove unnecessary state, ND6_LLINFO_WAITDELETE, from neighbor cache state machine. no need for RTF_REJECT on neighbor cache entires, they are leftover from ARP code. sync with kame.
|
#
1.12 |
|
08-Feb-2001 |
itojun |
when chasing nd6_llinfo chain, make sure we do not touch dangling pointer (due to RTM_DELETE during default router list management). from kame
|
#
1.11 |
|
08-Feb-2001 |
itojun |
use timeout_xx() throughout sys/netinet6. sync with kame.
|
#
1.10 |
|
07-Feb-2001 |
itojun |
by default, don't bark on inbound ND messages, as outsider may be able to fill up /var with bogus packets. setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid ND packet and other occasions.
improve icmp6 stats.
|
#
1.9 |
|
19-Jan-2001 |
itojun |
pull post-4.4BSD change to sys/net/route.c from BSD/OS 4.2 (UCB copyrighted).
have sys/net/route.c:rtrequest1(), which takes rt_addrinfo * as the argument. pass rt_addrinfo all the way down to rtrequest, and ifa->ifa_rtrequest. 3rd arg of ifa->ifa_rtrequest is now rt_addrinfo * instead of sockaddr * (almost noone is using it anyways).
benefit: the follwoing command now works. previously we need two route(8) invocations, "add" then "change". # route add -inet6 default ::1 -ifp gif0
remove unsafe typecast in rtrequest(), from rtentry * to sockaddr *. it was introduced by 4.3BSD-reno and never corrected.
XXX is eon_rtrequest() change correct regarding to 3rd arg? eon_rtrequest() and rtrequest() were incorrect since 4.3BSD-reno, so i do not have correct answer in the source code. someone with more clue about netiso-over-ip, please help.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.8 |
|
06-Jul-2000 |
itojun |
- more icmp6/ip6 stats. - protect IPv6 ND from being hosed (due to neighbor unreachability detection hint) by wrong tcp traffic. still not sure if there's real attack, but it is good to be cautious. - avoid bitfield for router renumbering header decl. - implement packet-per-sec limitation for icmp6 errors, turn interval limit off (it is not very useful due to unix timer resolution).
|
#
1.7 |
|
19-May-2000 |
itojun |
never forward packet with link-local address. experimental support for new loopback packet handling (with FAKE_LOOPBACK_IF, rcvif will be set to real outgoing interface, not the loopback, to honor scope) sync with kame.
|
#
1.6 |
|
15-May-2000 |
itojun |
perform NUD on p2p link, only if the destination/gateway is real neighbor. this removes temporary workaround (no NUD on p2p link). KAME PR 245.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.5 |
|
17-Apr-2000 |
itojun |
revisit in6_ifattach(). (1) make it more persistent about initializaing an interface (2) cleanup interface id selection. run NUD on p2p interface (required by spec for bidir p2p interface). add "ndp -i interface" (can tweak per-interface ND flag). (sync with more recent kame)
|
#
1.4 |
|
28-Feb-2000 |
itojun |
bring in recent KAME changes (only important and stable ones, as usual). - remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works just like "arp -s". - revise source address selection. be more careful about use of yet-to-be-valid addresses as source. - as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope packet forwarding attempt. - path MTU discovery takes care of routing header properly. - be more strict about mbuf chain parsing. - nuke xxCTL_VARS #define, they are for BSDI. - disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit IPv6 model where multiple address on interface is normal. (kernel side supports them for a while for backward compat, the support will be nuked shortly) - introduce "default outgoing interface" (for spec conformance in very rare case)
|
Revision tags: SMP_BASE
|
#
1.3 |
|
04-Feb-2000 |
itojun |
branches: 1.3.2; more coverage of in6_ifdetach()'s cleanup process. bug fix in SIOCGIFADDR_IN6 (point to point case).
|
#
1.2 |
|
08-Jan-2000 |
deraadt |
use arc4random() instead of random for two reasons. 1) on some architectures, random() should only be used by the scheduler (ie. statintr() because it is uniformly distributed 2) arc4random() is actually strong, random() is not at all
|
Revision tags: kame_19991208
|
#
1.1 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
#
1.97 |
|
05-Apr-2023 |
bluhm |
ARP has a sysctl to show the number of packets waiting for an arp response. Implement analog sysctl net.inet6.icmp6.nd6_queued for ND6 to reduce places where mbufs can hide within the kernel. Atomic operations operate on unsigned int. Make the type of total hold queue length consistent. Use atomic load to read the value for the sysctl. This clarifies why no lock around sysctl_rdint() is needed. OK mvs@ kn@
|
#
1.96 |
|
05-Apr-2023 |
bluhm |
ARP has a queue of packets that should be sent after name resolution. ND6 did only hold a single packet. Unify the logic and add a mbuf hold queue to struct llinfo_nd6. This is MP safe and queue limits are tracked with atomic operations. New function if_mqoutput() has common code for ARP and ND6. ln_saddr6 holds the source address of the requesting packet. That is easier than fiddling with mbuf queue in nd6_ns_output(). OK kn@
|
Revision tags: OPENBSD_7_3_BASE
|
#
1.95 |
|
06-Jan-2023 |
kn |
Clean up struct nd_opts, use nd6_options() function local variables
nd_opts_search is really the next option, so call it next_opt.
nd_opts_done == 1 means next_opt == NULL, i.e. no more option to handle, so zap the former and use the latter to stop.
Finally drop the useless struct members, all under _KERNEL.
OK claudio
|
#
1.94 |
|
10-Dec-2022 |
kn |
Merge nd6_option_init() into nd6_options()
All call-sites call nd6_options() directly after nd6_option_init(). Fold them to simplify the logic and do less pointing around.
Feedback OK bluhm florian
|
#
1.93 |
|
09-Dec-2022 |
claudio |
Switch nd_opts from a union to just a struct. The ND6 option handling in the kernel got a lot simpler since only the tgt and src lladdr option are inspected by the kernel. The magic of assigning options via one side of the union and accessing them via the other is total overkill and actually quite error prone. OK florian@
|
#
1.92 |
|
07-Dec-2022 |
kn |
Do not store unused ICMPv6 Option PREFIX_INFORMATION
Dead since 2017 sys/netinet6/nd6_rtr.c r1.163 Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
sysctl(2) net.inet6.icmp6.nd6_debug does not warn about it like it does for, e.g., duplicate MTU options, so don't do anything with this option.
Remove access macros for other unused options while here. Eventually, union nd_opts should be removed completely. All under _KERNEL.
tcpdump(8)/rad(8)/slaacd(8) keep showing/sending/receiving this option when running this diff on both router and client.
OK claudio
|
#
1.91 |
|
02-Dec-2022 |
kn |
Remove constant basereachable and retrans members from struct nd_ifinfo
Both are initalised with compile-time constants and never written to.
They are part of the Neighbour Discovery machinery and only surface through the single-user SIOCGIFINFO_IN6: $ ndp -i lo0 basereachable=30s0ms, reachable=39s, retrans=1s0ms
These values are read-only since 2017 sys/netinet6/nd6.c r1.217 usr.sbin/ndp/ndp.c r1.85 Remove knob and always do neighbor unreachable detection
Inline the macros (to keep meaningful names), shrink the per-interface allocated struct nd_ifinfo to what is actually needed and inline nd6_dad_starttimer()'s constant `msec' argument.
Nothing else in base, incl. regress, uses SIOCGIFINFO_IN6 or `ndp -i'.
OK bluhm
|
#
1.90 |
|
28-Nov-2022 |
kn |
Document struct nd_ifinfo protection, remove obsolete .initialized member
All access to struct ifnet's member *if_nd is read-only, with the one write exception being nd6_slowtimo() updating ND information.
IPv6 Neighbour Discovery information is fully protected by the net lock. --- nd6_ifattach() allocates and unconditionally initialises struct ifnet's *if_nd member, so early in if_attachsetup() that there is no way to query unitialised Neighour Unreachable Detection bits.
Only SIOCGIFINFO_IN6 through ndp(8) used the .initialized member: Added/set since 2002 sys/netinet6/nd6.c r1.42 attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
Read since 2002 usr.sbin/ndp/ndp.c r1.16 use new SIOCGIFINFO_IN6. random other cleanups. sync w/kame.
Obsolete since 2017 sys/netinet6/nd6.c r1.217 usr.sbin/ndp/ndp.c r1.85 Remove knob and always do neighbor unreachable detection.
Feedback OK bluhm
|
#
1.89 |
|
23-Nov-2022 |
kn |
Remove unused NDPRF_* defines; dead since 2017 sys/netinet6/nd6.c r1.210
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Outside of _KERNEL, but nothing in base uses it, either. codesearch.debian.net seems to agree.
OK mvs claudio bluhm
|
#
1.88 |
|
23-Nov-2022 |
kn |
Remove unused struct in6_ndifreq; dead since 2013 sys/netinet6/in6_var.h r1.37
Remove unused code manipulating a default interface and its index This is a leftover from the on-link assumption behavior removal, which has been deprecated by RFC4861 anyway.
Outside of _KERNEL, but nothing in base uses it, either. codesearch.debian.net seems to agree.
OK mvs claudio bluhm
|
#
1.87 |
|
23-Nov-2022 |
kn |
Remove unused struct prf_ra; dead since 2017 sys/netinet/icmp6.h r1.45
Get rid of ICMPV6CTL_ND6_DRLIST and ICMPV6CTL_ND6_PRLIST sysctls With this we can also get rid of in6_prefix and in6_defrouter. They are meaningless, the kernel no longer tracks this information.
Outside of _KERNEL, but nothing in base uses it, either. codesearch.debian.net seems to agree.
OK mvs claudio bluhm
|
#
1.86 |
|
23-Nov-2022 |
kn |
Inline useless ND_IFINFO() macro
A single cast-free struct pointer dereference needs no indirection. ND_IFINFO() is under _KERNEL.
OK mvs
|
#
1.85 |
|
23-Nov-2022 |
kn |
Let nd6_if{at,de}tach() be void and take an ifp argument
Do it like the rest of at/detach routines which modify a struct ifnet pointer without returning anything.
OK mvs
|
#
1.84 |
|
23-Nov-2022 |
kn |
Add *if_nd to struct ifnet, call nd6_if{at,de}tach() directly
*if_afdata[] and struct domain's dom_if{at,de}tach() are only used with IPv6 Neighbour Discovery in6_dom{at,de}tach(), which allocate/init and free single struct nd_ifinfo.
Set up a new ND-specific *if_nd member directly to avoid yet another layer of indirection and thus make the generic domain API obsolete.
The per-interface data is only accessed in nd6.c and nd6_nbr.c through the ND_IFINFO() macro; it is allocated and freed exactly once during interface at/detach, so document it as [I]mmutable.
OK bluhm mvs claudio
|
#
1.83 |
|
23-Nov-2022 |
kn |
Recommit previous "Remove useless struct in6_ifextra"
This was the right diff after all, I just confused myself between trees.
OK bluhm --- Remove useless struct in6_ifextra
in6_var.h r1.75 removed all other struct members.
Now It only contains a single struct nd_ifinfo pointer, so address family specific data might as well be just that.
ND_IFINFO() is the only way nd6_nbr.c and nd6.c access this data, there is no other usage of if_afdata[].
One allocation and unhelpful indirection less per interface.
All under _KERNEL.
OK claudio
|
#
1.82 |
|
22-Nov-2022 |
kn |
Backout "Remove useless struct in6_ifextra" commit
I committed the wrong iteration of this diff, sorry for the noise.
|
#
1.81 |
|
22-Nov-2022 |
kn |
Remove useless struct in6_ifextra
in6_var.h r1.75 removed all other struct members.
Now It only contains a single struct nd_ifinfo pointer, so address family specific data might as well be just that.
ND_IFINFO() is the only way nd6_nbr.c and nd6.c access this data, there is no other usage of if_afdata[].
One allocation and unhelpful indirection less per interface.
All under _KERNEL.
OK claudio
|
#
1.80 |
|
12-Nov-2022 |
kn |
Remove unused RS_LHCOOKIE macro
Added in 2014 110585f259f4974284e531f0a1e121b001a580dc Move sending of router solicitations to the kernel; [...] but never used.
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.79 |
|
08-Aug-2022 |
kn |
Constify in6_addr pointer arguments in nd6_*() functions
All of them are passed to inspect/copy out fields, none of the functions writes to the struct.
This makes it easier to argue about code (in MP context).
OK bluhm
|
#
1.78 |
|
28-Jul-2022 |
kn |
Zap prototypes for nonexistent nd6_setmtu() and in6_ifdel()
Removed in 2015 and 2002, respectively.
OK claudio
|
#
1.77 |
|
22-Jul-2022 |
kn |
Leftovers from florian's RS/NA purge from the kernel in 2017.
OK bluhm
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE
|
#
1.76 |
|
28-Mar-2020 |
florian |
Move ND6_PRIV_* constants from nd6.h to slaacd the only place where they are used. Nobody in the wider eco system uses these. While here reduce temporary address valid lifetime to 2 days as per draft-ietf-6man-rfc4941bis. This should considerably reduce the amount of addresses configured on an interface - a common complaint. Original diff from Fernando Gont (fernando AT gont.com.ar), thanks! Ports tree scanning by sthen@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.75 |
|
21-Jun-2019 |
mpi |
Prevent recursions by not deleting entries inside rtable_walk(9).
rtable_walk(9) now passes a routing entry back to the caller when a non zero value is returned and if it asked for it. This allows us to call rtdeletemsg()/rtrequest_delete() from the caller without creating a recursion because of rtflushclone().
Multicast code hasn't been adapted and is still possibly creating recursions. However multicast route entries aren't cloned so if a recursion exists it isn't because of rtflushclone().
Fix stack exhaustion triggered by the use of "-msave-args".
Issue reported by D��niel L��vai on bugs@ confirmed by and ok bluhm@.
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.74 |
|
27-Nov-2017 |
mpi |
Use a single timer for all ND6 entries.
This prevents a use-after-free reported by Hrvoje Popovski where the timeout function was already sleeping on the NET_LOCK() when ifconfig(8) removed the enry from the table.
By iterating on a global list in the timeout routine we ensure that the items are still valid when we process them. This also reduce differences with ARP.
ok bluhm@, visa@
|
#
1.73 |
|
03-Nov-2017 |
florian |
We are processing Router Solicitation / Advertisement messages only for the Source Link-layer Address Options. Merge nd6_rs_input() and nd6_ra_input() into one generic function that does just that.
input & OK mpi
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.72 |
|
09-Aug-2017 |
florian |
Remove knob and always do neighbor unreachable detection.
|
#
1.71 |
|
09-Aug-2017 |
florian |
accept_rtadv doesn't do anything since some time. OK mpi
|
#
1.70 |
|
09-Aug-2017 |
florian |
We are no longer generating privacy addresses in the kernel. OK mpi
|
#
1.69 |
|
08-Aug-2017 |
florian |
Stop running nd6_expire every second. We know when pltime or vltime decrease to zero. Run nd6_expire then. Input & OK mpi, bluhm
|
#
1.68 |
|
12-Jul-2017 |
florian |
Get rid of ICMPV6CTL_ND6_DRLIST and ICMPV6CTL_ND6_PRLIST sysctls With this we can also get rid of in6_prefix and in6_defrouter. They are meaningless, the kernel no longer tracks this information.
Pointed out by & OK mpi
|
#
1.67 |
|
11-Jul-2017 |
florian |
Purging is at last at hand. Day of Doom is here. All that is evil shall all be cleansed.
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Input & OK bluhm@, mpi@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.66 |
|
27-Dec-2016 |
bluhm |
Move nd6 timer initialisation to nd6_init() and call timeout_set() only once during init. OK mpi@
|
#
1.65 |
|
28-Nov-2016 |
mpi |
Remove multiple recursive splsoftnet().
ok bluhm@
|
#
1.64 |
|
21-Nov-2016 |
mpi |
Assert that prelist_update() is always called at IPL_SOFTNET.
While here use __func__ in debug strings to reduce noise when grepping.
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.63 |
|
13-Jul-2016 |
dlg |
store nd6 expiries in the route, not separately in the llinfo struct.
this makes it more consistent with arp, and makes expiries visible via route(8) get as well as ndp(8).
ok mpi@ florian@
|
#
1.62 |
|
15-Jun-2016 |
mpi |
Kill nd6_output(), it doesn't do anything since the resolution logic has been moved to nd6_resolve().
ok visa@, millert@, florian@, sthen@
|
#
1.61 |
|
08-Jun-2016 |
mpi |
Move ND resoluton logic from nd6_output() to nd6_storelladdr() and rename it to nd6_resolve().
This allows us to get rid of non-Ethernet hacks by moving Ethernet specific logic in the appropriate layer.
ok sthen@
|
#
1.60 |
|
01-Jun-2016 |
dlg |
make nd6_llinfo_settimer take seconds instead of ticks.
most callers are working in seconds, internally it uses seconds, and you can call timeout_add_sec as easily as timeout_add.
this also fixes an issue with an nd_defrouter expire which was incorrectly scaled with ticks in a comparison.
ok mpi@
|
#
1.59 |
|
30-May-2016 |
dlg |
remove code compensating for the "short" range of timeouts.
the nd6 code for managing expiries is never asked to handle intervals greater than what timeouts can handle, so we dont need to overcompensate.
the code was also incorrect by using a long, which isnt that long on ILP32 machines.
ok mpi@ millert@ benno@
|
#
1.58 |
|
30-Mar-2016 |
mpi |
Implement proxy ARP for ART based on mpath support.
Since mpath is not enabled in RAMDISK, proxy ARP won't work there either.
ok bluhm@
|
#
1.57 |
|
03-Mar-2016 |
jca |
Kill IPv6 prefix and router renumbering ioctls.
Router renumbering was never supported, prefix ioctls were deprecated ~15 years ago. Move some items in netinet6/nd6.h where they are still used.
ok mikeb@ mpi@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.56 |
|
18-Dec-2015 |
tb |
Convert arc4random() to arc4random_uniorm(). Diff by Matthew Martin.
Ensure that arc4random_uniform() doesn't loop by redefining ND6_MAX_DESYNC_FACTOR to be 512, the largest power of two smaller than the RFC-specified 600 seconds. Suggested by florian@ and deraadt@
ok florian@, sthen@ in this form, arc4random change ok djm@, tedu@
|
#
1.55 |
|
06-Nov-2015 |
mpi |
Change nd6_nud_hint() to no longer manipulate rt_ifp directly.
While here remove unused argument and convert the route check to rtisvalid(9).
ok bluhm@
|
#
1.54 |
|
02-Nov-2015 |
bluhm |
Implement the list of nd6 llinfo entries with a TAILQ. OK millert@ mpi@
|
#
1.53 |
|
02-Nov-2015 |
mpi |
Prefer an existing refcounted ``ifp'' to rt_ifp when possible or use the interface index directly.
ok bluhm@
|
#
1.52 |
|
28-Oct-2015 |
florian |
Remove linkmtu and maxmtu from struct nd_ifinfo. IN6_LINKMTU can now die and ifp->if_mtu is the one true mtu. Suggested by and OK mpi@
|
#
1.51 |
|
25-Oct-2015 |
mpi |
Introduce if_rtrequest() the successor of ifa_rtrequest().
L2 resolution depends on the protocol (encoded in the route entry) and an ``ifp''. Not having to care about an ``ifa'' makes our life easier in our MP effort. Fewer dependencies between data structures implies fewer headaches.
Discussed with bluhm@, ok claudio@
|
#
1.50 |
|
24-Oct-2015 |
mpi |
Ignore Router Advertisment's current hop limit.
Appart from the usual inet6 axe murdering exercise to keep you fit, this allows us to get rid of a lot of layer violation due to the use of per- ifp variables to store the current hop limit.
Imputs from bluhm@, ok phessler@, florian@, bluhm@
|
#
1.49 |
|
31-Aug-2015 |
mpi |
The return value of nd6_cache_lladdr() is never used so make it a void.
Fewer "struct rtentry" left in the wild!
|
#
1.48 |
|
24-Aug-2015 |
mpi |
nd6_prefix_add() is no longer used and die.
|
#
1.47 |
|
24-Aug-2015 |
mpi |
Start moving away from the global prefix list by limiting its usage to AUTOCONF'd addresses.
This prevent the kernel from removing connected (/64) routes as soon as it configures an AUTOCONF'd address based on a RA.
Tested by sebastia@, ok sthen@
|
#
1.46 |
|
24-Aug-2015 |
mpi |
Rework the code to decide when to perform DAD to no longer rely on the IN6_IFF_NODAD pseudo-flag not being set.
This was just a flag for spaghetti code that should not exist in the first place.
Tested by sebastia@, ok sthen@
|
#
1.45 |
|
18-Aug-2015 |
mpi |
Call rtfree(9) when we no longer need the route entry rather than decrementing rt_refcnt just after rtrequest1(9).
While here reduce the differences with rt_ifa_add(9). There's still an ambiguity about rtrequest1(9)'s return value, but bluhm@ will address that in a different diff.
Discussed with and ok bluhm@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.44 |
|
18-Jul-2015 |
mpi |
Merge two identical chunks to add new prefixes to the global data structures into a function.
ok florian@
|
#
1.43 |
|
16-Jul-2015 |
mpi |
Properly layer Router Solicitation code.
Tweak and ok florian@
|
#
1.42 |
|
09-Jul-2015 |
mpi |
Remove unused arguments and the associated code from nd6_nud_hint().
ok claudio@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.41 |
|
20-Nov-2014 |
mpi |
Rework the handling of interfaces and IPv6 addresses for local delivery.
- Unicast packets sent to any local address will have their interface set to loobpack.
- In order to differentiate traffic from interfaces having identical link-local addresses, provide the scoped addresses to pf(4).
- Update the icmp6 state lookup logic to match scoped MLL addresses.
- Remove a shortcut in ip6_input() that bypasses pf and always look for an RTF_LOCAL route.
Packets sent to multicast addresses still retain their original interface due to the fact that local multicast packet delivering does not use if_output.
This makes ping6 to link-local addresses work even with pf enabled and "set skip" on loopbacks, reported by Pieter Verberne.
Debugged, analysed and tested with mikeb@.
ok mikeb@, henning@, sthen@
|
#
1.40 |
|
10-Nov-2014 |
mpi |
Do not pass an ifa pointer when we already have a DAD descriptor.
Tweaks and ok florian@
|
#
1.39 |
|
25-Aug-2014 |
florian |
Move sending of router solicitations to the kernel; receiving and processing of router advertisements was already in the kernel. With this rtsol{,d}(8) is no longer necessary.
The kernel starts sending solicitations with # ifconfig $IF inet6 autoconf or inet6 autoconf in /etc/hostname.$IF.
input stsp@ much help & OK mpi@ tweaks & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.38 |
|
11-Jul-2014 |
blambert |
move IPv6 prefix adding from workq to taskq; as a happy benefit, we can delete 2 dozen or so lines that check to see if we've queued up a prefix addition multiple times.
ok stsp@
|
#
1.37 |
|
07-May-2014 |
mpi |
Kill the {nd6_,}useloopback buttons, using the loopback interface for local traffic is not optional.
ok mikeb@, stsp@, jca@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.36 |
|
07-Jan-2014 |
mikeb |
Propagate an rdomain number to the nd6_lookup independently from the ifp pointer which can be NULL. This prevents a crash reported by David Hill <dhill at mindcry ! org>. OK bluhm
|
#
1.35 |
|
25-Oct-2013 |
deraadt |
More _KERNEL namespace cleanup, just in case something out there includes this.
|
#
1.34 |
|
28-Aug-2013 |
mpi |
Remove unused argument from *rtrequest()
ok krw@, mikeb@
|
#
1.33 |
|
26-Aug-2013 |
bluhm |
No one uses the obsolete IPv6 ioctls SIOCGDRLST_IN6, SIOCGPRLST_IN6, OSIOCGIFINFO_IN6 anymore. Remove them together with the structs in6_drlist, in6_oprlist, in6_prlist, in6_ondireq and the kernel implementation. OK mikeb@ henning@
|
#
1.32 |
|
11-Aug-2013 |
bluhm |
To control the lifetime of IPv6 addresses, prefixes and default routers, the kernel and ndp use a bunch of expire fields. Before they were int or u_long, convert expire to time_t in all structs. Move vltime and pltime to u_int32_t everywhere. Sort struct fields by size. Struct inet6_ndpr_msghdr is not used at all, so remove it.
Binary compatibility of rtsold and ndp break with this change as rtsold uses in6_drlist and ndp uses in6_defrouter and in6_prefix to interact with the kernel.
OK mpi@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.31 |
|
01-Jul-2013 |
bluhm |
Do not access queue fields directly, use FOREACH() macro instead. No binary change. OK mikeb@ mpi@
|
#
1.30 |
|
11-Mar-2013 |
mpi |
Remove unused code manipulating a default interface and its index, This is a leftover from the on-link assumption behavior removal, which has been deprecated by RFC4861 anyway.
ok mikeb@, bluhm@, florian@
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.29 |
|
14-Feb-2012 |
sthen |
typo in comment.
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.28 |
|
03-Apr-2011 |
stsp |
fix typos in comments ok deraadt henning sthen thib (though thib says he can't spell)
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE
|
#
1.27 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE
|
#
1.26 |
|
11-Jun-2008 |
mcbride |
From KAME, allow adjustable limits on NDP entries and discovered routes.
ok mpf naddy
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.25 |
|
08-Jul-2003 |
itojun |
unifdef -U__otherBSD__
|
#
1.24 |
|
27-Jun-2003 |
itojun |
split ND6 cache timer management to per-entry. increased accuracy, no O(N) loop. sync w/ kame. marc tested, daniel ok
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_A UBC_SYNC_B
|
#
1.23 |
|
08-Jun-2002 |
itojun |
gc
|
#
1.22 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.21 |
|
07-Jun-2002 |
itojun |
cope with cases where maxmtu == 0 (shouldn't happen)
|
#
1.20 |
|
05-Jun-2002 |
itojun |
be sure to use L3 MTU, not L2 MTU, when specified in spec (affects FDDI/ARCnet)
|
#
1.19 |
|
30-May-2002 |
itojun |
improve nd6_setmtu(), to warn too-small MTU on SIOCSIFMTU. sync w/kame
|
#
1.18 |
|
29-May-2002 |
itojun |
no need to supply obsolete field name "receivedra"
|
#
1.17 |
|
29-May-2002 |
itojun |
attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.16 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
#
1.15 |
|
23-Jan-2002 |
fgsch |
compatability -> compatibility.
|
Revision tags: OPENBSD_2_9_BASE OPENBSD_3_0_BASE UBC_BASE
|
#
1.14 |
|
23-Feb-2001 |
itojun |
branches: 1.14.6; garbage-collect stale ND entries (default: 1 day). RFC 2461 5.3. sync with kame.
|
#
1.13 |
|
23-Feb-2001 |
itojun |
remove unnecessary state, ND6_LLINFO_WAITDELETE, from neighbor cache state machine. no need for RTF_REJECT on neighbor cache entires, they are leftover from ARP code. sync with kame.
|
#
1.12 |
|
08-Feb-2001 |
itojun |
when chasing nd6_llinfo chain, make sure we do not touch dangling pointer (due to RTM_DELETE during default router list management). from kame
|
#
1.11 |
|
08-Feb-2001 |
itojun |
use timeout_xx() throughout sys/netinet6. sync with kame.
|
#
1.10 |
|
07-Feb-2001 |
itojun |
by default, don't bark on inbound ND messages, as outsider may be able to fill up /var with bogus packets. setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid ND packet and other occasions.
improve icmp6 stats.
|
#
1.9 |
|
19-Jan-2001 |
itojun |
pull post-4.4BSD change to sys/net/route.c from BSD/OS 4.2 (UCB copyrighted).
have sys/net/route.c:rtrequest1(), which takes rt_addrinfo * as the argument. pass rt_addrinfo all the way down to rtrequest, and ifa->ifa_rtrequest. 3rd arg of ifa->ifa_rtrequest is now rt_addrinfo * instead of sockaddr * (almost noone is using it anyways).
benefit: the follwoing command now works. previously we need two route(8) invocations, "add" then "change". # route add -inet6 default ::1 -ifp gif0
remove unsafe typecast in rtrequest(), from rtentry * to sockaddr *. it was introduced by 4.3BSD-reno and never corrected.
XXX is eon_rtrequest() change correct regarding to 3rd arg? eon_rtrequest() and rtrequest() were incorrect since 4.3BSD-reno, so i do not have correct answer in the source code. someone with more clue about netiso-over-ip, please help.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.8 |
|
06-Jul-2000 |
itojun |
- more icmp6/ip6 stats. - protect IPv6 ND from being hosed (due to neighbor unreachability detection hint) by wrong tcp traffic. still not sure if there's real attack, but it is good to be cautious. - avoid bitfield for router renumbering header decl. - implement packet-per-sec limitation for icmp6 errors, turn interval limit off (it is not very useful due to unix timer resolution).
|
#
1.7 |
|
19-May-2000 |
itojun |
never forward packet with link-local address. experimental support for new loopback packet handling (with FAKE_LOOPBACK_IF, rcvif will be set to real outgoing interface, not the loopback, to honor scope) sync with kame.
|
#
1.6 |
|
15-May-2000 |
itojun |
perform NUD on p2p link, only if the destination/gateway is real neighbor. this removes temporary workaround (no NUD on p2p link). KAME PR 245.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.5 |
|
17-Apr-2000 |
itojun |
revisit in6_ifattach(). (1) make it more persistent about initializaing an interface (2) cleanup interface id selection. run NUD on p2p interface (required by spec for bidir p2p interface). add "ndp -i interface" (can tweak per-interface ND flag). (sync with more recent kame)
|
#
1.4 |
|
28-Feb-2000 |
itojun |
bring in recent KAME changes (only important and stable ones, as usual). - remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works just like "arp -s". - revise source address selection. be more careful about use of yet-to-be-valid addresses as source. - as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope packet forwarding attempt. - path MTU discovery takes care of routing header properly. - be more strict about mbuf chain parsing. - nuke xxCTL_VARS #define, they are for BSDI. - disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit IPv6 model where multiple address on interface is normal. (kernel side supports them for a while for backward compat, the support will be nuked shortly) - introduce "default outgoing interface" (for spec conformance in very rare case)
|
Revision tags: SMP_BASE
|
#
1.3 |
|
04-Feb-2000 |
itojun |
branches: 1.3.2; more coverage of in6_ifdetach()'s cleanup process. bug fix in SIOCGIFADDR_IN6 (point to point case).
|
#
1.2 |
|
08-Jan-2000 |
deraadt |
use arc4random() instead of random for two reasons. 1) on some architectures, random() should only be used by the scheduler (ie. statintr() because it is uniformly distributed 2) arc4random() is actually strong, random() is not at all
|
Revision tags: kame_19991208
|
#
1.1 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
#
1.95 |
|
06-Jan-2023 |
kn |
Clean up struct nd_opts, use nd6_options() function local variables
nd_opts_search is really the next option, so call it next_opt.
nd_opts_done == 1 means next_opt == NULL, i.e. no more option to handle, so zap the former and use the latter to stop.
Finally drop the useless struct members, all under _KERNEL.
OK claudio
|
#
1.94 |
|
10-Dec-2022 |
kn |
Merge nd6_option_init() into nd6_options()
All call-sites call nd6_options() directly after nd6_option_init(). Fold them to simplify the logic and do less pointing around.
Feedback OK bluhm florian
|
#
1.93 |
|
09-Dec-2022 |
claudio |
Switch nd_opts from a union to just a struct. The ND6 option handling in the kernel got a lot simpler since only the tgt and src lladdr option are inspected by the kernel. The magic of assigning options via one side of the union and accessing them via the other is total overkill and actually quite error prone. OK florian@
|
#
1.92 |
|
07-Dec-2022 |
kn |
Do not store unused ICMPv6 Option PREFIX_INFORMATION
Dead since 2017 sys/netinet6/nd6_rtr.c r1.163 Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
sysctl(2) net.inet6.icmp6.nd6_debug does not warn about it like it does for, e.g., duplicate MTU options, so don't do anything with this option.
Remove access macros for other unused options while here. Eventually, union nd_opts should be removed completely. All under _KERNEL.
tcpdump(8)/rad(8)/slaacd(8) keep showing/sending/receiving this option when running this diff on both router and client.
OK claudio
|
#
1.91 |
|
02-Dec-2022 |
kn |
Remove constant basereachable and retrans members from struct nd_ifinfo
Both are initalised with compile-time constants and never written to.
They are part of the Neighbour Discovery machinery and only surface through the single-user SIOCGIFINFO_IN6: $ ndp -i lo0 basereachable=30s0ms, reachable=39s, retrans=1s0ms
These values are read-only since 2017 sys/netinet6/nd6.c r1.217 usr.sbin/ndp/ndp.c r1.85 Remove knob and always do neighbor unreachable detection
Inline the macros (to keep meaningful names), shrink the per-interface allocated struct nd_ifinfo to what is actually needed and inline nd6_dad_starttimer()'s constant `msec' argument.
Nothing else in base, incl. regress, uses SIOCGIFINFO_IN6 or `ndp -i'.
OK bluhm
|
#
1.90 |
|
28-Nov-2022 |
kn |
Document struct nd_ifinfo protection, remove obsolete .initialized member
All access to struct ifnet's member *if_nd is read-only, with the one write exception being nd6_slowtimo() updating ND information.
IPv6 Neighbour Discovery information is fully protected by the net lock. --- nd6_ifattach() allocates and unconditionally initialises struct ifnet's *if_nd member, so early in if_attachsetup() that there is no way to query unitialised Neighour Unreachable Detection bits.
Only SIOCGIFINFO_IN6 through ndp(8) used the .initialized member: Added/set since 2002 sys/netinet6/nd6.c r1.42 attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
Read since 2002 usr.sbin/ndp/ndp.c r1.16 use new SIOCGIFINFO_IN6. random other cleanups. sync w/kame.
Obsolete since 2017 sys/netinet6/nd6.c r1.217 usr.sbin/ndp/ndp.c r1.85 Remove knob and always do neighbor unreachable detection.
Feedback OK bluhm
|
#
1.89 |
|
23-Nov-2022 |
kn |
Remove unused NDPRF_* defines; dead since 2017 sys/netinet6/nd6.c r1.210
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Outside of _KERNEL, but nothing in base uses it, either. codesearch.debian.net seems to agree.
OK mvs claudio bluhm
|
#
1.88 |
|
23-Nov-2022 |
kn |
Remove unused struct in6_ndifreq; dead since 2013 sys/netinet6/in6_var.h r1.37
Remove unused code manipulating a default interface and its index This is a leftover from the on-link assumption behavior removal, which has been deprecated by RFC4861 anyway.
Outside of _KERNEL, but nothing in base uses it, either. codesearch.debian.net seems to agree.
OK mvs claudio bluhm
|
#
1.87 |
|
23-Nov-2022 |
kn |
Remove unused struct prf_ra; dead since 2017 sys/netinet/icmp6.h r1.45
Get rid of ICMPV6CTL_ND6_DRLIST and ICMPV6CTL_ND6_PRLIST sysctls With this we can also get rid of in6_prefix and in6_defrouter. They are meaningless, the kernel no longer tracks this information.
Outside of _KERNEL, but nothing in base uses it, either. codesearch.debian.net seems to agree.
OK mvs claudio bluhm
|
#
1.86 |
|
23-Nov-2022 |
kn |
Inline useless ND_IFINFO() macro
A single cast-free struct pointer dereference needs no indirection. ND_IFINFO() is under _KERNEL.
OK mvs
|
#
1.85 |
|
23-Nov-2022 |
kn |
Let nd6_if{at,de}tach() be void and take an ifp argument
Do it like the rest of at/detach routines which modify a struct ifnet pointer without returning anything.
OK mvs
|
#
1.84 |
|
23-Nov-2022 |
kn |
Add *if_nd to struct ifnet, call nd6_if{at,de}tach() directly
*if_afdata[] and struct domain's dom_if{at,de}tach() are only used with IPv6 Neighbour Discovery in6_dom{at,de}tach(), which allocate/init and free single struct nd_ifinfo.
Set up a new ND-specific *if_nd member directly to avoid yet another layer of indirection and thus make the generic domain API obsolete.
The per-interface data is only accessed in nd6.c and nd6_nbr.c through the ND_IFINFO() macro; it is allocated and freed exactly once during interface at/detach, so document it as [I]mmutable.
OK bluhm mvs claudio
|
#
1.83 |
|
23-Nov-2022 |
kn |
Recommit previous "Remove useless struct in6_ifextra"
This was the right diff after all, I just confused myself between trees.
OK bluhm --- Remove useless struct in6_ifextra
in6_var.h r1.75 removed all other struct members.
Now It only contains a single struct nd_ifinfo pointer, so address family specific data might as well be just that.
ND_IFINFO() is the only way nd6_nbr.c and nd6.c access this data, there is no other usage of if_afdata[].
One allocation and unhelpful indirection less per interface.
All under _KERNEL.
OK claudio
|
#
1.82 |
|
22-Nov-2022 |
kn |
Backout "Remove useless struct in6_ifextra" commit
I committed the wrong iteration of this diff, sorry for the noise.
|
#
1.81 |
|
22-Nov-2022 |
kn |
Remove useless struct in6_ifextra
in6_var.h r1.75 removed all other struct members.
Now It only contains a single struct nd_ifinfo pointer, so address family specific data might as well be just that.
ND_IFINFO() is the only way nd6_nbr.c and nd6.c access this data, there is no other usage of if_afdata[].
One allocation and unhelpful indirection less per interface.
All under _KERNEL.
OK claudio
|
#
1.80 |
|
12-Nov-2022 |
kn |
Remove unused RS_LHCOOKIE macro
Added in 2014 110585f259f4974284e531f0a1e121b001a580dc Move sending of router solicitations to the kernel; [...] but never used.
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.79 |
|
08-Aug-2022 |
kn |
Constify in6_addr pointer arguments in nd6_*() functions
All of them are passed to inspect/copy out fields, none of the functions writes to the struct.
This makes it easier to argue about code (in MP context).
OK bluhm
|
#
1.78 |
|
28-Jul-2022 |
kn |
Zap prototypes for nonexistent nd6_setmtu() and in6_ifdel()
Removed in 2015 and 2002, respectively.
OK claudio
|
#
1.77 |
|
22-Jul-2022 |
kn |
Leftovers from florian's RS/NA purge from the kernel in 2017.
OK bluhm
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE
|
#
1.76 |
|
28-Mar-2020 |
florian |
Move ND6_PRIV_* constants from nd6.h to slaacd the only place where they are used. Nobody in the wider eco system uses these. While here reduce temporary address valid lifetime to 2 days as per draft-ietf-6man-rfc4941bis. This should considerably reduce the amount of addresses configured on an interface - a common complaint. Original diff from Fernando Gont (fernando AT gont.com.ar), thanks! Ports tree scanning by sthen@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.75 |
|
21-Jun-2019 |
mpi |
Prevent recursions by not deleting entries inside rtable_walk(9).
rtable_walk(9) now passes a routing entry back to the caller when a non zero value is returned and if it asked for it. This allows us to call rtdeletemsg()/rtrequest_delete() from the caller without creating a recursion because of rtflushclone().
Multicast code hasn't been adapted and is still possibly creating recursions. However multicast route entries aren't cloned so if a recursion exists it isn't because of rtflushclone().
Fix stack exhaustion triggered by the use of "-msave-args".
Issue reported by D��niel L��vai on bugs@ confirmed by and ok bluhm@.
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.74 |
|
27-Nov-2017 |
mpi |
Use a single timer for all ND6 entries.
This prevents a use-after-free reported by Hrvoje Popovski where the timeout function was already sleeping on the NET_LOCK() when ifconfig(8) removed the enry from the table.
By iterating on a global list in the timeout routine we ensure that the items are still valid when we process them. This also reduce differences with ARP.
ok bluhm@, visa@
|
#
1.73 |
|
03-Nov-2017 |
florian |
We are processing Router Solicitation / Advertisement messages only for the Source Link-layer Address Options. Merge nd6_rs_input() and nd6_ra_input() into one generic function that does just that.
input & OK mpi
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.72 |
|
09-Aug-2017 |
florian |
Remove knob and always do neighbor unreachable detection.
|
#
1.71 |
|
09-Aug-2017 |
florian |
accept_rtadv doesn't do anything since some time. OK mpi
|
#
1.70 |
|
09-Aug-2017 |
florian |
We are no longer generating privacy addresses in the kernel. OK mpi
|
#
1.69 |
|
08-Aug-2017 |
florian |
Stop running nd6_expire every second. We know when pltime or vltime decrease to zero. Run nd6_expire then. Input & OK mpi, bluhm
|
#
1.68 |
|
12-Jul-2017 |
florian |
Get rid of ICMPV6CTL_ND6_DRLIST and ICMPV6CTL_ND6_PRLIST sysctls With this we can also get rid of in6_prefix and in6_defrouter. They are meaningless, the kernel no longer tracks this information.
Pointed out by & OK mpi
|
#
1.67 |
|
11-Jul-2017 |
florian |
Purging is at last at hand. Day of Doom is here. All that is evil shall all be cleansed.
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Input & OK bluhm@, mpi@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.66 |
|
27-Dec-2016 |
bluhm |
Move nd6 timer initialisation to nd6_init() and call timeout_set() only once during init. OK mpi@
|
#
1.65 |
|
28-Nov-2016 |
mpi |
Remove multiple recursive splsoftnet().
ok bluhm@
|
#
1.64 |
|
21-Nov-2016 |
mpi |
Assert that prelist_update() is always called at IPL_SOFTNET.
While here use __func__ in debug strings to reduce noise when grepping.
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.63 |
|
13-Jul-2016 |
dlg |
store nd6 expiries in the route, not separately in the llinfo struct.
this makes it more consistent with arp, and makes expiries visible via route(8) get as well as ndp(8).
ok mpi@ florian@
|
#
1.62 |
|
15-Jun-2016 |
mpi |
Kill nd6_output(), it doesn't do anything since the resolution logic has been moved to nd6_resolve().
ok visa@, millert@, florian@, sthen@
|
#
1.61 |
|
08-Jun-2016 |
mpi |
Move ND resoluton logic from nd6_output() to nd6_storelladdr() and rename it to nd6_resolve().
This allows us to get rid of non-Ethernet hacks by moving Ethernet specific logic in the appropriate layer.
ok sthen@
|
#
1.60 |
|
01-Jun-2016 |
dlg |
make nd6_llinfo_settimer take seconds instead of ticks.
most callers are working in seconds, internally it uses seconds, and you can call timeout_add_sec as easily as timeout_add.
this also fixes an issue with an nd_defrouter expire which was incorrectly scaled with ticks in a comparison.
ok mpi@
|
#
1.59 |
|
30-May-2016 |
dlg |
remove code compensating for the "short" range of timeouts.
the nd6 code for managing expiries is never asked to handle intervals greater than what timeouts can handle, so we dont need to overcompensate.
the code was also incorrect by using a long, which isnt that long on ILP32 machines.
ok mpi@ millert@ benno@
|
#
1.58 |
|
30-Mar-2016 |
mpi |
Implement proxy ARP for ART based on mpath support.
Since mpath is not enabled in RAMDISK, proxy ARP won't work there either.
ok bluhm@
|
#
1.57 |
|
03-Mar-2016 |
jca |
Kill IPv6 prefix and router renumbering ioctls.
Router renumbering was never supported, prefix ioctls were deprecated ~15 years ago. Move some items in netinet6/nd6.h where they are still used.
ok mikeb@ mpi@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.56 |
|
18-Dec-2015 |
tb |
Convert arc4random() to arc4random_uniorm(). Diff by Matthew Martin.
Ensure that arc4random_uniform() doesn't loop by redefining ND6_MAX_DESYNC_FACTOR to be 512, the largest power of two smaller than the RFC-specified 600 seconds. Suggested by florian@ and deraadt@
ok florian@, sthen@ in this form, arc4random change ok djm@, tedu@
|
#
1.55 |
|
06-Nov-2015 |
mpi |
Change nd6_nud_hint() to no longer manipulate rt_ifp directly.
While here remove unused argument and convert the route check to rtisvalid(9).
ok bluhm@
|
#
1.54 |
|
02-Nov-2015 |
bluhm |
Implement the list of nd6 llinfo entries with a TAILQ. OK millert@ mpi@
|
#
1.53 |
|
02-Nov-2015 |
mpi |
Prefer an existing refcounted ``ifp'' to rt_ifp when possible or use the interface index directly.
ok bluhm@
|
#
1.52 |
|
28-Oct-2015 |
florian |
Remove linkmtu and maxmtu from struct nd_ifinfo. IN6_LINKMTU can now die and ifp->if_mtu is the one true mtu. Suggested by and OK mpi@
|
#
1.51 |
|
25-Oct-2015 |
mpi |
Introduce if_rtrequest() the successor of ifa_rtrequest().
L2 resolution depends on the protocol (encoded in the route entry) and an ``ifp''. Not having to care about an ``ifa'' makes our life easier in our MP effort. Fewer dependencies between data structures implies fewer headaches.
Discussed with bluhm@, ok claudio@
|
#
1.50 |
|
24-Oct-2015 |
mpi |
Ignore Router Advertisment's current hop limit.
Appart from the usual inet6 axe murdering exercise to keep you fit, this allows us to get rid of a lot of layer violation due to the use of per- ifp variables to store the current hop limit.
Imputs from bluhm@, ok phessler@, florian@, bluhm@
|
#
1.49 |
|
31-Aug-2015 |
mpi |
The return value of nd6_cache_lladdr() is never used so make it a void.
Fewer "struct rtentry" left in the wild!
|
#
1.48 |
|
24-Aug-2015 |
mpi |
nd6_prefix_add() is no longer used and die.
|
#
1.47 |
|
24-Aug-2015 |
mpi |
Start moving away from the global prefix list by limiting its usage to AUTOCONF'd addresses.
This prevent the kernel from removing connected (/64) routes as soon as it configures an AUTOCONF'd address based on a RA.
Tested by sebastia@, ok sthen@
|
#
1.46 |
|
24-Aug-2015 |
mpi |
Rework the code to decide when to perform DAD to no longer rely on the IN6_IFF_NODAD pseudo-flag not being set.
This was just a flag for spaghetti code that should not exist in the first place.
Tested by sebastia@, ok sthen@
|
#
1.45 |
|
18-Aug-2015 |
mpi |
Call rtfree(9) when we no longer need the route entry rather than decrementing rt_refcnt just after rtrequest1(9).
While here reduce the differences with rt_ifa_add(9). There's still an ambiguity about rtrequest1(9)'s return value, but bluhm@ will address that in a different diff.
Discussed with and ok bluhm@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.44 |
|
18-Jul-2015 |
mpi |
Merge two identical chunks to add new prefixes to the global data structures into a function.
ok florian@
|
#
1.43 |
|
16-Jul-2015 |
mpi |
Properly layer Router Solicitation code.
Tweak and ok florian@
|
#
1.42 |
|
09-Jul-2015 |
mpi |
Remove unused arguments and the associated code from nd6_nud_hint().
ok claudio@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.41 |
|
20-Nov-2014 |
mpi |
Rework the handling of interfaces and IPv6 addresses for local delivery.
- Unicast packets sent to any local address will have their interface set to loobpack.
- In order to differentiate traffic from interfaces having identical link-local addresses, provide the scoped addresses to pf(4).
- Update the icmp6 state lookup logic to match scoped MLL addresses.
- Remove a shortcut in ip6_input() that bypasses pf and always look for an RTF_LOCAL route.
Packets sent to multicast addresses still retain their original interface due to the fact that local multicast packet delivering does not use if_output.
This makes ping6 to link-local addresses work even with pf enabled and "set skip" on loopbacks, reported by Pieter Verberne.
Debugged, analysed and tested with mikeb@.
ok mikeb@, henning@, sthen@
|
#
1.40 |
|
10-Nov-2014 |
mpi |
Do not pass an ifa pointer when we already have a DAD descriptor.
Tweaks and ok florian@
|
#
1.39 |
|
25-Aug-2014 |
florian |
Move sending of router solicitations to the kernel; receiving and processing of router advertisements was already in the kernel. With this rtsol{,d}(8) is no longer necessary.
The kernel starts sending solicitations with # ifconfig $IF inet6 autoconf or inet6 autoconf in /etc/hostname.$IF.
input stsp@ much help & OK mpi@ tweaks & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.38 |
|
11-Jul-2014 |
blambert |
move IPv6 prefix adding from workq to taskq; as a happy benefit, we can delete 2 dozen or so lines that check to see if we've queued up a prefix addition multiple times.
ok stsp@
|
#
1.37 |
|
07-May-2014 |
mpi |
Kill the {nd6_,}useloopback buttons, using the loopback interface for local traffic is not optional.
ok mikeb@, stsp@, jca@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.36 |
|
07-Jan-2014 |
mikeb |
Propagate an rdomain number to the nd6_lookup independently from the ifp pointer which can be NULL. This prevents a crash reported by David Hill <dhill at mindcry ! org>. OK bluhm
|
#
1.35 |
|
25-Oct-2013 |
deraadt |
More _KERNEL namespace cleanup, just in case something out there includes this.
|
#
1.34 |
|
28-Aug-2013 |
mpi |
Remove unused argument from *rtrequest()
ok krw@, mikeb@
|
#
1.33 |
|
26-Aug-2013 |
bluhm |
No one uses the obsolete IPv6 ioctls SIOCGDRLST_IN6, SIOCGPRLST_IN6, OSIOCGIFINFO_IN6 anymore. Remove them together with the structs in6_drlist, in6_oprlist, in6_prlist, in6_ondireq and the kernel implementation. OK mikeb@ henning@
|
#
1.32 |
|
11-Aug-2013 |
bluhm |
To control the lifetime of IPv6 addresses, prefixes and default routers, the kernel and ndp use a bunch of expire fields. Before they were int or u_long, convert expire to time_t in all structs. Move vltime and pltime to u_int32_t everywhere. Sort struct fields by size. Struct inet6_ndpr_msghdr is not used at all, so remove it.
Binary compatibility of rtsold and ndp break with this change as rtsold uses in6_drlist and ndp uses in6_defrouter and in6_prefix to interact with the kernel.
OK mpi@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.31 |
|
01-Jul-2013 |
bluhm |
Do not access queue fields directly, use FOREACH() macro instead. No binary change. OK mikeb@ mpi@
|
#
1.30 |
|
11-Mar-2013 |
mpi |
Remove unused code manipulating a default interface and its index, This is a leftover from the on-link assumption behavior removal, which has been deprecated by RFC4861 anyway.
ok mikeb@, bluhm@, florian@
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.29 |
|
14-Feb-2012 |
sthen |
typo in comment.
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.28 |
|
03-Apr-2011 |
stsp |
fix typos in comments ok deraadt henning sthen thib (though thib says he can't spell)
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE
|
#
1.27 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE
|
#
1.26 |
|
11-Jun-2008 |
mcbride |
From KAME, allow adjustable limits on NDP entries and discovered routes.
ok mpf naddy
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.25 |
|
08-Jul-2003 |
itojun |
unifdef -U__otherBSD__
|
#
1.24 |
|
27-Jun-2003 |
itojun |
split ND6 cache timer management to per-entry. increased accuracy, no O(N) loop. sync w/ kame. marc tested, daniel ok
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_A UBC_SYNC_B
|
#
1.23 |
|
08-Jun-2002 |
itojun |
gc
|
#
1.22 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.21 |
|
07-Jun-2002 |
itojun |
cope with cases where maxmtu == 0 (shouldn't happen)
|
#
1.20 |
|
05-Jun-2002 |
itojun |
be sure to use L3 MTU, not L2 MTU, when specified in spec (affects FDDI/ARCnet)
|
#
1.19 |
|
30-May-2002 |
itojun |
improve nd6_setmtu(), to warn too-small MTU on SIOCSIFMTU. sync w/kame
|
#
1.18 |
|
29-May-2002 |
itojun |
no need to supply obsolete field name "receivedra"
|
#
1.17 |
|
29-May-2002 |
itojun |
attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.16 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
#
1.15 |
|
23-Jan-2002 |
fgsch |
compatability -> compatibility.
|
Revision tags: OPENBSD_2_9_BASE OPENBSD_3_0_BASE UBC_BASE
|
#
1.14 |
|
23-Feb-2001 |
itojun |
branches: 1.14.6; garbage-collect stale ND entries (default: 1 day). RFC 2461 5.3. sync with kame.
|
#
1.13 |
|
23-Feb-2001 |
itojun |
remove unnecessary state, ND6_LLINFO_WAITDELETE, from neighbor cache state machine. no need for RTF_REJECT on neighbor cache entires, they are leftover from ARP code. sync with kame.
|
#
1.12 |
|
08-Feb-2001 |
itojun |
when chasing nd6_llinfo chain, make sure we do not touch dangling pointer (due to RTM_DELETE during default router list management). from kame
|
#
1.11 |
|
08-Feb-2001 |
itojun |
use timeout_xx() throughout sys/netinet6. sync with kame.
|
#
1.10 |
|
07-Feb-2001 |
itojun |
by default, don't bark on inbound ND messages, as outsider may be able to fill up /var with bogus packets. setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid ND packet and other occasions.
improve icmp6 stats.
|
#
1.9 |
|
19-Jan-2001 |
itojun |
pull post-4.4BSD change to sys/net/route.c from BSD/OS 4.2 (UCB copyrighted).
have sys/net/route.c:rtrequest1(), which takes rt_addrinfo * as the argument. pass rt_addrinfo all the way down to rtrequest, and ifa->ifa_rtrequest. 3rd arg of ifa->ifa_rtrequest is now rt_addrinfo * instead of sockaddr * (almost noone is using it anyways).
benefit: the follwoing command now works. previously we need two route(8) invocations, "add" then "change". # route add -inet6 default ::1 -ifp gif0
remove unsafe typecast in rtrequest(), from rtentry * to sockaddr *. it was introduced by 4.3BSD-reno and never corrected.
XXX is eon_rtrequest() change correct regarding to 3rd arg? eon_rtrequest() and rtrequest() were incorrect since 4.3BSD-reno, so i do not have correct answer in the source code. someone with more clue about netiso-over-ip, please help.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.8 |
|
06-Jul-2000 |
itojun |
- more icmp6/ip6 stats. - protect IPv6 ND from being hosed (due to neighbor unreachability detection hint) by wrong tcp traffic. still not sure if there's real attack, but it is good to be cautious. - avoid bitfield for router renumbering header decl. - implement packet-per-sec limitation for icmp6 errors, turn interval limit off (it is not very useful due to unix timer resolution).
|
#
1.7 |
|
19-May-2000 |
itojun |
never forward packet with link-local address. experimental support for new loopback packet handling (with FAKE_LOOPBACK_IF, rcvif will be set to real outgoing interface, not the loopback, to honor scope) sync with kame.
|
#
1.6 |
|
15-May-2000 |
itojun |
perform NUD on p2p link, only if the destination/gateway is real neighbor. this removes temporary workaround (no NUD on p2p link). KAME PR 245.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.5 |
|
17-Apr-2000 |
itojun |
revisit in6_ifattach(). (1) make it more persistent about initializaing an interface (2) cleanup interface id selection. run NUD on p2p interface (required by spec for bidir p2p interface). add "ndp -i interface" (can tweak per-interface ND flag). (sync with more recent kame)
|
#
1.4 |
|
28-Feb-2000 |
itojun |
bring in recent KAME changes (only important and stable ones, as usual). - remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works just like "arp -s". - revise source address selection. be more careful about use of yet-to-be-valid addresses as source. - as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope packet forwarding attempt. - path MTU discovery takes care of routing header properly. - be more strict about mbuf chain parsing. - nuke xxCTL_VARS #define, they are for BSDI. - disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit IPv6 model where multiple address on interface is normal. (kernel side supports them for a while for backward compat, the support will be nuked shortly) - introduce "default outgoing interface" (for spec conformance in very rare case)
|
Revision tags: SMP_BASE
|
#
1.3 |
|
04-Feb-2000 |
itojun |
branches: 1.3.2; more coverage of in6_ifdetach()'s cleanup process. bug fix in SIOCGIFADDR_IN6 (point to point case).
|
#
1.2 |
|
08-Jan-2000 |
deraadt |
use arc4random() instead of random for two reasons. 1) on some architectures, random() should only be used by the scheduler (ie. statintr() because it is uniformly distributed 2) arc4random() is actually strong, random() is not at all
|
Revision tags: kame_19991208
|
#
1.1 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
#
1.94 |
|
10-Dec-2022 |
kn |
Merge nd6_option_init() into nd6_options()
All call-sites call nd6_options() directly after nd6_option_init(). Fold them to simplify the logic and do less pointing around.
Feedback OK bluhm florian
|
#
1.93 |
|
09-Dec-2022 |
claudio |
Switch nd_opts from a union to just a struct. The ND6 option handling in the kernel got a lot simpler since only the tgt and src lladdr option are inspected by the kernel. The magic of assigning options via one side of the union and accessing them via the other is total overkill and actually quite error prone. OK florian@
|
#
1.92 |
|
07-Dec-2022 |
kn |
Do not store unused ICMPv6 Option PREFIX_INFORMATION
Dead since 2017 sys/netinet6/nd6_rtr.c r1.163 Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
sysctl(2) net.inet6.icmp6.nd6_debug does not warn about it like it does for, e.g., duplicate MTU options, so don't do anything with this option.
Remove access macros for other unused options while here. Eventually, union nd_opts should be removed completely. All under _KERNEL.
tcpdump(8)/rad(8)/slaacd(8) keep showing/sending/receiving this option when running this diff on both router and client.
OK claudio
|
#
1.91 |
|
02-Dec-2022 |
kn |
Remove constant basereachable and retrans members from struct nd_ifinfo
Both are initalised with compile-time constants and never written to.
They are part of the Neighbour Discovery machinery and only surface through the single-user SIOCGIFINFO_IN6: $ ndp -i lo0 basereachable=30s0ms, reachable=39s, retrans=1s0ms
These values are read-only since 2017 sys/netinet6/nd6.c r1.217 usr.sbin/ndp/ndp.c r1.85 Remove knob and always do neighbor unreachable detection
Inline the macros (to keep meaningful names), shrink the per-interface allocated struct nd_ifinfo to what is actually needed and inline nd6_dad_starttimer()'s constant `msec' argument.
Nothing else in base, incl. regress, uses SIOCGIFINFO_IN6 or `ndp -i'.
OK bluhm
|
#
1.90 |
|
28-Nov-2022 |
kn |
Document struct nd_ifinfo protection, remove obsolete .initialized member
All access to struct ifnet's member *if_nd is read-only, with the one write exception being nd6_slowtimo() updating ND information.
IPv6 Neighbour Discovery information is fully protected by the net lock. --- nd6_ifattach() allocates and unconditionally initialises struct ifnet's *if_nd member, so early in if_attachsetup() that there is no way to query unitialised Neighour Unreachable Detection bits.
Only SIOCGIFINFO_IN6 through ndp(8) used the .initialized member: Added/set since 2002 sys/netinet6/nd6.c r1.42 attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
Read since 2002 usr.sbin/ndp/ndp.c r1.16 use new SIOCGIFINFO_IN6. random other cleanups. sync w/kame.
Obsolete since 2017 sys/netinet6/nd6.c r1.217 usr.sbin/ndp/ndp.c r1.85 Remove knob and always do neighbor unreachable detection.
Feedback OK bluhm
|
#
1.89 |
|
23-Nov-2022 |
kn |
Remove unused NDPRF_* defines; dead since 2017 sys/netinet6/nd6.c r1.210
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Outside of _KERNEL, but nothing in base uses it, either. codesearch.debian.net seems to agree.
OK mvs claudio bluhm
|
#
1.88 |
|
23-Nov-2022 |
kn |
Remove unused struct in6_ndifreq; dead since 2013 sys/netinet6/in6_var.h r1.37
Remove unused code manipulating a default interface and its index This is a leftover from the on-link assumption behavior removal, which has been deprecated by RFC4861 anyway.
Outside of _KERNEL, but nothing in base uses it, either. codesearch.debian.net seems to agree.
OK mvs claudio bluhm
|
#
1.87 |
|
23-Nov-2022 |
kn |
Remove unused struct prf_ra; dead since 2017 sys/netinet/icmp6.h r1.45
Get rid of ICMPV6CTL_ND6_DRLIST and ICMPV6CTL_ND6_PRLIST sysctls With this we can also get rid of in6_prefix and in6_defrouter. They are meaningless, the kernel no longer tracks this information.
Outside of _KERNEL, but nothing in base uses it, either. codesearch.debian.net seems to agree.
OK mvs claudio bluhm
|
#
1.86 |
|
23-Nov-2022 |
kn |
Inline useless ND_IFINFO() macro
A single cast-free struct pointer dereference needs no indirection. ND_IFINFO() is under _KERNEL.
OK mvs
|
#
1.85 |
|
23-Nov-2022 |
kn |
Let nd6_if{at,de}tach() be void and take an ifp argument
Do it like the rest of at/detach routines which modify a struct ifnet pointer without returning anything.
OK mvs
|
#
1.84 |
|
23-Nov-2022 |
kn |
Add *if_nd to struct ifnet, call nd6_if{at,de}tach() directly
*if_afdata[] and struct domain's dom_if{at,de}tach() are only used with IPv6 Neighbour Discovery in6_dom{at,de}tach(), which allocate/init and free single struct nd_ifinfo.
Set up a new ND-specific *if_nd member directly to avoid yet another layer of indirection and thus make the generic domain API obsolete.
The per-interface data is only accessed in nd6.c and nd6_nbr.c through the ND_IFINFO() macro; it is allocated and freed exactly once during interface at/detach, so document it as [I]mmutable.
OK bluhm mvs claudio
|
#
1.83 |
|
23-Nov-2022 |
kn |
Recommit previous "Remove useless struct in6_ifextra"
This was the right diff after all, I just confused myself between trees.
OK bluhm --- Remove useless struct in6_ifextra
in6_var.h r1.75 removed all other struct members.
Now It only contains a single struct nd_ifinfo pointer, so address family specific data might as well be just that.
ND_IFINFO() is the only way nd6_nbr.c and nd6.c access this data, there is no other usage of if_afdata[].
One allocation and unhelpful indirection less per interface.
All under _KERNEL.
OK claudio
|
#
1.82 |
|
22-Nov-2022 |
kn |
Backout "Remove useless struct in6_ifextra" commit
I committed the wrong iteration of this diff, sorry for the noise.
|
#
1.81 |
|
22-Nov-2022 |
kn |
Remove useless struct in6_ifextra
in6_var.h r1.75 removed all other struct members.
Now It only contains a single struct nd_ifinfo pointer, so address family specific data might as well be just that.
ND_IFINFO() is the only way nd6_nbr.c and nd6.c access this data, there is no other usage of if_afdata[].
One allocation and unhelpful indirection less per interface.
All under _KERNEL.
OK claudio
|
#
1.80 |
|
12-Nov-2022 |
kn |
Remove unused RS_LHCOOKIE macro
Added in 2014 110585f259f4974284e531f0a1e121b001a580dc Move sending of router solicitations to the kernel; [...] but never used.
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.79 |
|
08-Aug-2022 |
kn |
Constify in6_addr pointer arguments in nd6_*() functions
All of them are passed to inspect/copy out fields, none of the functions writes to the struct.
This makes it easier to argue about code (in MP context).
OK bluhm
|
#
1.78 |
|
28-Jul-2022 |
kn |
Zap prototypes for nonexistent nd6_setmtu() and in6_ifdel()
Removed in 2015 and 2002, respectively.
OK claudio
|
#
1.77 |
|
22-Jul-2022 |
kn |
Leftovers from florian's RS/NA purge from the kernel in 2017.
OK bluhm
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE
|
#
1.76 |
|
28-Mar-2020 |
florian |
Move ND6_PRIV_* constants from nd6.h to slaacd the only place where they are used. Nobody in the wider eco system uses these. While here reduce temporary address valid lifetime to 2 days as per draft-ietf-6man-rfc4941bis. This should considerably reduce the amount of addresses configured on an interface - a common complaint. Original diff from Fernando Gont (fernando AT gont.com.ar), thanks! Ports tree scanning by sthen@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.75 |
|
21-Jun-2019 |
mpi |
Prevent recursions by not deleting entries inside rtable_walk(9).
rtable_walk(9) now passes a routing entry back to the caller when a non zero value is returned and if it asked for it. This allows us to call rtdeletemsg()/rtrequest_delete() from the caller without creating a recursion because of rtflushclone().
Multicast code hasn't been adapted and is still possibly creating recursions. However multicast route entries aren't cloned so if a recursion exists it isn't because of rtflushclone().
Fix stack exhaustion triggered by the use of "-msave-args".
Issue reported by D��niel L��vai on bugs@ confirmed by and ok bluhm@.
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.74 |
|
27-Nov-2017 |
mpi |
Use a single timer for all ND6 entries.
This prevents a use-after-free reported by Hrvoje Popovski where the timeout function was already sleeping on the NET_LOCK() when ifconfig(8) removed the enry from the table.
By iterating on a global list in the timeout routine we ensure that the items are still valid when we process them. This also reduce differences with ARP.
ok bluhm@, visa@
|
#
1.73 |
|
03-Nov-2017 |
florian |
We are processing Router Solicitation / Advertisement messages only for the Source Link-layer Address Options. Merge nd6_rs_input() and nd6_ra_input() into one generic function that does just that.
input & OK mpi
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.72 |
|
09-Aug-2017 |
florian |
Remove knob and always do neighbor unreachable detection.
|
#
1.71 |
|
09-Aug-2017 |
florian |
accept_rtadv doesn't do anything since some time. OK mpi
|
#
1.70 |
|
09-Aug-2017 |
florian |
We are no longer generating privacy addresses in the kernel. OK mpi
|
#
1.69 |
|
08-Aug-2017 |
florian |
Stop running nd6_expire every second. We know when pltime or vltime decrease to zero. Run nd6_expire then. Input & OK mpi, bluhm
|
#
1.68 |
|
12-Jul-2017 |
florian |
Get rid of ICMPV6CTL_ND6_DRLIST and ICMPV6CTL_ND6_PRLIST sysctls With this we can also get rid of in6_prefix and in6_defrouter. They are meaningless, the kernel no longer tracks this information.
Pointed out by & OK mpi
|
#
1.67 |
|
11-Jul-2017 |
florian |
Purging is at last at hand. Day of Doom is here. All that is evil shall all be cleansed.
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Input & OK bluhm@, mpi@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.66 |
|
27-Dec-2016 |
bluhm |
Move nd6 timer initialisation to nd6_init() and call timeout_set() only once during init. OK mpi@
|
#
1.65 |
|
28-Nov-2016 |
mpi |
Remove multiple recursive splsoftnet().
ok bluhm@
|
#
1.64 |
|
21-Nov-2016 |
mpi |
Assert that prelist_update() is always called at IPL_SOFTNET.
While here use __func__ in debug strings to reduce noise when grepping.
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.63 |
|
13-Jul-2016 |
dlg |
store nd6 expiries in the route, not separately in the llinfo struct.
this makes it more consistent with arp, and makes expiries visible via route(8) get as well as ndp(8).
ok mpi@ florian@
|
#
1.62 |
|
15-Jun-2016 |
mpi |
Kill nd6_output(), it doesn't do anything since the resolution logic has been moved to nd6_resolve().
ok visa@, millert@, florian@, sthen@
|
#
1.61 |
|
08-Jun-2016 |
mpi |
Move ND resoluton logic from nd6_output() to nd6_storelladdr() and rename it to nd6_resolve().
This allows us to get rid of non-Ethernet hacks by moving Ethernet specific logic in the appropriate layer.
ok sthen@
|
#
1.60 |
|
01-Jun-2016 |
dlg |
make nd6_llinfo_settimer take seconds instead of ticks.
most callers are working in seconds, internally it uses seconds, and you can call timeout_add_sec as easily as timeout_add.
this also fixes an issue with an nd_defrouter expire which was incorrectly scaled with ticks in a comparison.
ok mpi@
|
#
1.59 |
|
30-May-2016 |
dlg |
remove code compensating for the "short" range of timeouts.
the nd6 code for managing expiries is never asked to handle intervals greater than what timeouts can handle, so we dont need to overcompensate.
the code was also incorrect by using a long, which isnt that long on ILP32 machines.
ok mpi@ millert@ benno@
|
#
1.58 |
|
30-Mar-2016 |
mpi |
Implement proxy ARP for ART based on mpath support.
Since mpath is not enabled in RAMDISK, proxy ARP won't work there either.
ok bluhm@
|
#
1.57 |
|
03-Mar-2016 |
jca |
Kill IPv6 prefix and router renumbering ioctls.
Router renumbering was never supported, prefix ioctls were deprecated ~15 years ago. Move some items in netinet6/nd6.h where they are still used.
ok mikeb@ mpi@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.56 |
|
18-Dec-2015 |
tb |
Convert arc4random() to arc4random_uniorm(). Diff by Matthew Martin.
Ensure that arc4random_uniform() doesn't loop by redefining ND6_MAX_DESYNC_FACTOR to be 512, the largest power of two smaller than the RFC-specified 600 seconds. Suggested by florian@ and deraadt@
ok florian@, sthen@ in this form, arc4random change ok djm@, tedu@
|
#
1.55 |
|
06-Nov-2015 |
mpi |
Change nd6_nud_hint() to no longer manipulate rt_ifp directly.
While here remove unused argument and convert the route check to rtisvalid(9).
ok bluhm@
|
#
1.54 |
|
02-Nov-2015 |
bluhm |
Implement the list of nd6 llinfo entries with a TAILQ. OK millert@ mpi@
|
#
1.53 |
|
02-Nov-2015 |
mpi |
Prefer an existing refcounted ``ifp'' to rt_ifp when possible or use the interface index directly.
ok bluhm@
|
#
1.52 |
|
28-Oct-2015 |
florian |
Remove linkmtu and maxmtu from struct nd_ifinfo. IN6_LINKMTU can now die and ifp->if_mtu is the one true mtu. Suggested by and OK mpi@
|
#
1.51 |
|
25-Oct-2015 |
mpi |
Introduce if_rtrequest() the successor of ifa_rtrequest().
L2 resolution depends on the protocol (encoded in the route entry) and an ``ifp''. Not having to care about an ``ifa'' makes our life easier in our MP effort. Fewer dependencies between data structures implies fewer headaches.
Discussed with bluhm@, ok claudio@
|
#
1.50 |
|
24-Oct-2015 |
mpi |
Ignore Router Advertisment's current hop limit.
Appart from the usual inet6 axe murdering exercise to keep you fit, this allows us to get rid of a lot of layer violation due to the use of per- ifp variables to store the current hop limit.
Imputs from bluhm@, ok phessler@, florian@, bluhm@
|
#
1.49 |
|
31-Aug-2015 |
mpi |
The return value of nd6_cache_lladdr() is never used so make it a void.
Fewer "struct rtentry" left in the wild!
|
#
1.48 |
|
24-Aug-2015 |
mpi |
nd6_prefix_add() is no longer used and die.
|
#
1.47 |
|
24-Aug-2015 |
mpi |
Start moving away from the global prefix list by limiting its usage to AUTOCONF'd addresses.
This prevent the kernel from removing connected (/64) routes as soon as it configures an AUTOCONF'd address based on a RA.
Tested by sebastia@, ok sthen@
|
#
1.46 |
|
24-Aug-2015 |
mpi |
Rework the code to decide when to perform DAD to no longer rely on the IN6_IFF_NODAD pseudo-flag not being set.
This was just a flag for spaghetti code that should not exist in the first place.
Tested by sebastia@, ok sthen@
|
#
1.45 |
|
18-Aug-2015 |
mpi |
Call rtfree(9) when we no longer need the route entry rather than decrementing rt_refcnt just after rtrequest1(9).
While here reduce the differences with rt_ifa_add(9). There's still an ambiguity about rtrequest1(9)'s return value, but bluhm@ will address that in a different diff.
Discussed with and ok bluhm@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.44 |
|
18-Jul-2015 |
mpi |
Merge two identical chunks to add new prefixes to the global data structures into a function.
ok florian@
|
#
1.43 |
|
16-Jul-2015 |
mpi |
Properly layer Router Solicitation code.
Tweak and ok florian@
|
#
1.42 |
|
09-Jul-2015 |
mpi |
Remove unused arguments and the associated code from nd6_nud_hint().
ok claudio@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.41 |
|
20-Nov-2014 |
mpi |
Rework the handling of interfaces and IPv6 addresses for local delivery.
- Unicast packets sent to any local address will have their interface set to loobpack.
- In order to differentiate traffic from interfaces having identical link-local addresses, provide the scoped addresses to pf(4).
- Update the icmp6 state lookup logic to match scoped MLL addresses.
- Remove a shortcut in ip6_input() that bypasses pf and always look for an RTF_LOCAL route.
Packets sent to multicast addresses still retain their original interface due to the fact that local multicast packet delivering does not use if_output.
This makes ping6 to link-local addresses work even with pf enabled and "set skip" on loopbacks, reported by Pieter Verberne.
Debugged, analysed and tested with mikeb@.
ok mikeb@, henning@, sthen@
|
#
1.40 |
|
10-Nov-2014 |
mpi |
Do not pass an ifa pointer when we already have a DAD descriptor.
Tweaks and ok florian@
|
#
1.39 |
|
25-Aug-2014 |
florian |
Move sending of router solicitations to the kernel; receiving and processing of router advertisements was already in the kernel. With this rtsol{,d}(8) is no longer necessary.
The kernel starts sending solicitations with # ifconfig $IF inet6 autoconf or inet6 autoconf in /etc/hostname.$IF.
input stsp@ much help & OK mpi@ tweaks & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.38 |
|
11-Jul-2014 |
blambert |
move IPv6 prefix adding from workq to taskq; as a happy benefit, we can delete 2 dozen or so lines that check to see if we've queued up a prefix addition multiple times.
ok stsp@
|
#
1.37 |
|
07-May-2014 |
mpi |
Kill the {nd6_,}useloopback buttons, using the loopback interface for local traffic is not optional.
ok mikeb@, stsp@, jca@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.36 |
|
07-Jan-2014 |
mikeb |
Propagate an rdomain number to the nd6_lookup independently from the ifp pointer which can be NULL. This prevents a crash reported by David Hill <dhill at mindcry ! org>. OK bluhm
|
#
1.35 |
|
25-Oct-2013 |
deraadt |
More _KERNEL namespace cleanup, just in case something out there includes this.
|
#
1.34 |
|
28-Aug-2013 |
mpi |
Remove unused argument from *rtrequest()
ok krw@, mikeb@
|
#
1.33 |
|
26-Aug-2013 |
bluhm |
No one uses the obsolete IPv6 ioctls SIOCGDRLST_IN6, SIOCGPRLST_IN6, OSIOCGIFINFO_IN6 anymore. Remove them together with the structs in6_drlist, in6_oprlist, in6_prlist, in6_ondireq and the kernel implementation. OK mikeb@ henning@
|
#
1.32 |
|
11-Aug-2013 |
bluhm |
To control the lifetime of IPv6 addresses, prefixes and default routers, the kernel and ndp use a bunch of expire fields. Before they were int or u_long, convert expire to time_t in all structs. Move vltime and pltime to u_int32_t everywhere. Sort struct fields by size. Struct inet6_ndpr_msghdr is not used at all, so remove it.
Binary compatibility of rtsold and ndp break with this change as rtsold uses in6_drlist and ndp uses in6_defrouter and in6_prefix to interact with the kernel.
OK mpi@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.31 |
|
01-Jul-2013 |
bluhm |
Do not access queue fields directly, use FOREACH() macro instead. No binary change. OK mikeb@ mpi@
|
#
1.30 |
|
11-Mar-2013 |
mpi |
Remove unused code manipulating a default interface and its index, This is a leftover from the on-link assumption behavior removal, which has been deprecated by RFC4861 anyway.
ok mikeb@, bluhm@, florian@
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.29 |
|
14-Feb-2012 |
sthen |
typo in comment.
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.28 |
|
03-Apr-2011 |
stsp |
fix typos in comments ok deraadt henning sthen thib (though thib says he can't spell)
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE
|
#
1.27 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE
|
#
1.26 |
|
11-Jun-2008 |
mcbride |
From KAME, allow adjustable limits on NDP entries and discovered routes.
ok mpf naddy
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.25 |
|
08-Jul-2003 |
itojun |
unifdef -U__otherBSD__
|
#
1.24 |
|
27-Jun-2003 |
itojun |
split ND6 cache timer management to per-entry. increased accuracy, no O(N) loop. sync w/ kame. marc tested, daniel ok
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_A UBC_SYNC_B
|
#
1.23 |
|
08-Jun-2002 |
itojun |
gc
|
#
1.22 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.21 |
|
07-Jun-2002 |
itojun |
cope with cases where maxmtu == 0 (shouldn't happen)
|
#
1.20 |
|
05-Jun-2002 |
itojun |
be sure to use L3 MTU, not L2 MTU, when specified in spec (affects FDDI/ARCnet)
|
#
1.19 |
|
30-May-2002 |
itojun |
improve nd6_setmtu(), to warn too-small MTU on SIOCSIFMTU. sync w/kame
|
#
1.18 |
|
29-May-2002 |
itojun |
no need to supply obsolete field name "receivedra"
|
#
1.17 |
|
29-May-2002 |
itojun |
attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.16 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
#
1.15 |
|
23-Jan-2002 |
fgsch |
compatability -> compatibility.
|
Revision tags: OPENBSD_2_9_BASE OPENBSD_3_0_BASE UBC_BASE
|
#
1.14 |
|
23-Feb-2001 |
itojun |
branches: 1.14.6; garbage-collect stale ND entries (default: 1 day). RFC 2461 5.3. sync with kame.
|
#
1.13 |
|
23-Feb-2001 |
itojun |
remove unnecessary state, ND6_LLINFO_WAITDELETE, from neighbor cache state machine. no need for RTF_REJECT on neighbor cache entires, they are leftover from ARP code. sync with kame.
|
#
1.12 |
|
08-Feb-2001 |
itojun |
when chasing nd6_llinfo chain, make sure we do not touch dangling pointer (due to RTM_DELETE during default router list management). from kame
|
#
1.11 |
|
08-Feb-2001 |
itojun |
use timeout_xx() throughout sys/netinet6. sync with kame.
|
#
1.10 |
|
07-Feb-2001 |
itojun |
by default, don't bark on inbound ND messages, as outsider may be able to fill up /var with bogus packets. setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid ND packet and other occasions.
improve icmp6 stats.
|
#
1.9 |
|
19-Jan-2001 |
itojun |
pull post-4.4BSD change to sys/net/route.c from BSD/OS 4.2 (UCB copyrighted).
have sys/net/route.c:rtrequest1(), which takes rt_addrinfo * as the argument. pass rt_addrinfo all the way down to rtrequest, and ifa->ifa_rtrequest. 3rd arg of ifa->ifa_rtrequest is now rt_addrinfo * instead of sockaddr * (almost noone is using it anyways).
benefit: the follwoing command now works. previously we need two route(8) invocations, "add" then "change". # route add -inet6 default ::1 -ifp gif0
remove unsafe typecast in rtrequest(), from rtentry * to sockaddr *. it was introduced by 4.3BSD-reno and never corrected.
XXX is eon_rtrequest() change correct regarding to 3rd arg? eon_rtrequest() and rtrequest() were incorrect since 4.3BSD-reno, so i do not have correct answer in the source code. someone with more clue about netiso-over-ip, please help.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.8 |
|
06-Jul-2000 |
itojun |
- more icmp6/ip6 stats. - protect IPv6 ND from being hosed (due to neighbor unreachability detection hint) by wrong tcp traffic. still not sure if there's real attack, but it is good to be cautious. - avoid bitfield for router renumbering header decl. - implement packet-per-sec limitation for icmp6 errors, turn interval limit off (it is not very useful due to unix timer resolution).
|
#
1.7 |
|
19-May-2000 |
itojun |
never forward packet with link-local address. experimental support for new loopback packet handling (with FAKE_LOOPBACK_IF, rcvif will be set to real outgoing interface, not the loopback, to honor scope) sync with kame.
|
#
1.6 |
|
15-May-2000 |
itojun |
perform NUD on p2p link, only if the destination/gateway is real neighbor. this removes temporary workaround (no NUD on p2p link). KAME PR 245.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.5 |
|
17-Apr-2000 |
itojun |
revisit in6_ifattach(). (1) make it more persistent about initializaing an interface (2) cleanup interface id selection. run NUD on p2p interface (required by spec for bidir p2p interface). add "ndp -i interface" (can tweak per-interface ND flag). (sync with more recent kame)
|
#
1.4 |
|
28-Feb-2000 |
itojun |
bring in recent KAME changes (only important and stable ones, as usual). - remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works just like "arp -s". - revise source address selection. be more careful about use of yet-to-be-valid addresses as source. - as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope packet forwarding attempt. - path MTU discovery takes care of routing header properly. - be more strict about mbuf chain parsing. - nuke xxCTL_VARS #define, they are for BSDI. - disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit IPv6 model where multiple address on interface is normal. (kernel side supports them for a while for backward compat, the support will be nuked shortly) - introduce "default outgoing interface" (for spec conformance in very rare case)
|
Revision tags: SMP_BASE
|
#
1.3 |
|
04-Feb-2000 |
itojun |
branches: 1.3.2; more coverage of in6_ifdetach()'s cleanup process. bug fix in SIOCGIFADDR_IN6 (point to point case).
|
#
1.2 |
|
08-Jan-2000 |
deraadt |
use arc4random() instead of random for two reasons. 1) on some architectures, random() should only be used by the scheduler (ie. statintr() because it is uniformly distributed 2) arc4random() is actually strong, random() is not at all
|
Revision tags: kame_19991208
|
#
1.1 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
#
1.94 |
|
10-Dec-2022 |
kn |
Merge nd6_option_init() into nd6_options()
All call-sites call nd6_options() directly after nd6_option_init(). Fold them to simplify the logic and do less pointing around.
Feedback OK bluhm florian
|
#
1.93 |
|
09-Dec-2022 |
claudio |
Switch nd_opts from a union to just a struct. The ND6 option handling in the kernel got a lot simpler since only the tgt and src lladdr option are inspected by the kernel. The magic of assigning options via one side of the union and accessing them via the other is total overkill and actually quite error prone. OK florian@
|
#
1.92 |
|
07-Dec-2022 |
kn |
Do not store unused ICMPv6 Option PREFIX_INFORMATION
Dead since 2017 sys/netinet6/nd6_rtr.c r1.163 Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
sysctl(2) net.inet6.icmp6.nd6_debug does not warn about it like it does for, e.g., duplicate MTU options, so don't do anything with this option.
Remove access macros for other unused options while here. Eventually, union nd_opts should be removed completely. All under _KERNEL.
tcpdump(8)/rad(8)/slaacd(8) keep showing/sending/receiving this option when running this diff on both router and client.
OK claudio
|
#
1.91 |
|
02-Dec-2022 |
kn |
Remove constant basereachable and retrans members from struct nd_ifinfo
Both are initalised with compile-time constants and never written to.
They are part of the Neighbour Discovery machinery and only surface through the single-user SIOCGIFINFO_IN6: $ ndp -i lo0 basereachable=30s0ms, reachable=39s, retrans=1s0ms
These values are read-only since 2017 sys/netinet6/nd6.c r1.217 usr.sbin/ndp/ndp.c r1.85 Remove knob and always do neighbor unreachable detection
Inline the macros (to keep meaningful names), shrink the per-interface allocated struct nd_ifinfo to what is actually needed and inline nd6_dad_starttimer()'s constant `msec' argument.
Nothing else in base, incl. regress, uses SIOCGIFINFO_IN6 or `ndp -i'.
OK bluhm
|
#
1.90 |
|
28-Nov-2022 |
kn |
Document struct nd_ifinfo protection, remove obsolete .initialized member
All access to struct ifnet's member *if_nd is read-only, with the one write exception being nd6_slowtimo() updating ND information.
IPv6 Neighbour Discovery information is fully protected by the net lock. --- nd6_ifattach() allocates and unconditionally initialises struct ifnet's *if_nd member, so early in if_attachsetup() that there is no way to query unitialised Neighour Unreachable Detection bits.
Only SIOCGIFINFO_IN6 through ndp(8) used the .initialized member: Added/set since 2002 sys/netinet6/nd6.c r1.42 attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
Read since 2002 usr.sbin/ndp/ndp.c r1.16 use new SIOCGIFINFO_IN6. random other cleanups. sync w/kame.
Obsolete since 2017 sys/netinet6/nd6.c r1.217 usr.sbin/ndp/ndp.c r1.85 Remove knob and always do neighbor unreachable detection.
Feedback OK bluhm
|
#
1.89 |
|
23-Nov-2022 |
kn |
Remove unused NDPRF_* defines; dead since 2017 sys/netinet6/nd6.c r1.210
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Outside of _KERNEL, but nothing in base uses it, either. codesearch.debian.net seems to agree.
OK mvs claudio bluhm
|
#
1.88 |
|
23-Nov-2022 |
kn |
Remove unused struct in6_ndifreq; dead since 2013 sys/netinet6/in6_var.h r1.37
Remove unused code manipulating a default interface and its index This is a leftover from the on-link assumption behavior removal, which has been deprecated by RFC4861 anyway.
Outside of _KERNEL, but nothing in base uses it, either. codesearch.debian.net seems to agree.
OK mvs claudio bluhm
|
#
1.87 |
|
23-Nov-2022 |
kn |
Remove unused struct prf_ra; dead since 2017 sys/netinet/icmp6.h r1.45
Get rid of ICMPV6CTL_ND6_DRLIST and ICMPV6CTL_ND6_PRLIST sysctls With this we can also get rid of in6_prefix and in6_defrouter. They are meaningless, the kernel no longer tracks this information.
Outside of _KERNEL, but nothing in base uses it, either. codesearch.debian.net seems to agree.
OK mvs claudio bluhm
|
#
1.86 |
|
23-Nov-2022 |
kn |
Inline useless ND_IFINFO() macro
A single cast-free struct pointer dereference needs no indirection. ND_IFINFO() is under _KERNEL.
OK mvs
|
#
1.85 |
|
23-Nov-2022 |
kn |
Let nd6_if{at,de}tach() be void and take an ifp argument
Do it like the rest of at/detach routines which modify a struct ifnet pointer without returning anything.
OK mvs
|
#
1.84 |
|
23-Nov-2022 |
kn |
Add *if_nd to struct ifnet, call nd6_if{at,de}tach() directly
*if_afdata[] and struct domain's dom_if{at,de}tach() are only used with IPv6 Neighbour Discovery in6_dom{at,de}tach(), which allocate/init and free single struct nd_ifinfo.
Set up a new ND-specific *if_nd member directly to avoid yet another layer of indirection and thus make the generic domain API obsolete.
The per-interface data is only accessed in nd6.c and nd6_nbr.c through the ND_IFINFO() macro; it is allocated and freed exactly once during interface at/detach, so document it as [I]mmutable.
OK bluhm mvs claudio
|
#
1.83 |
|
23-Nov-2022 |
kn |
Recommit previous "Remove useless struct in6_ifextra"
This was the right diff after all, I just confused myself between trees.
OK bluhm --- Remove useless struct in6_ifextra
in6_var.h r1.75 removed all other struct members.
Now It only contains a single struct nd_ifinfo pointer, so address family specific data might as well be just that.
ND_IFINFO() is the only way nd6_nbr.c and nd6.c access this data, there is no other usage of if_afdata[].
One allocation and unhelpful indirection less per interface.
All under _KERNEL.
OK claudio
|
#
1.82 |
|
22-Nov-2022 |
kn |
Backout "Remove useless struct in6_ifextra" commit
I committed the wrong iteration of this diff, sorry for the noise.
|
#
1.81 |
|
22-Nov-2022 |
kn |
Remove useless struct in6_ifextra
in6_var.h r1.75 removed all other struct members.
Now It only contains a single struct nd_ifinfo pointer, so address family specific data might as well be just that.
ND_IFINFO() is the only way nd6_nbr.c and nd6.c access this data, there is no other usage of if_afdata[].
One allocation and unhelpful indirection less per interface.
All under _KERNEL.
OK claudio
|
#
1.80 |
|
12-Nov-2022 |
kn |
Remove unused RS_LHCOOKIE macro
Added in 2014 110585f259f4974284e531f0a1e121b001a580dc Move sending of router solicitations to the kernel; [...] but never used.
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.79 |
|
08-Aug-2022 |
kn |
Constify in6_addr pointer arguments in nd6_*() functions
All of them are passed to inspect/copy out fields, none of the functions writes to the struct.
This makes it easier to argue about code (in MP context).
OK bluhm
|
#
1.78 |
|
28-Jul-2022 |
kn |
Zap prototypes for nonexistent nd6_setmtu() and in6_ifdel()
Removed in 2015 and 2002, respectively.
OK claudio
|
#
1.77 |
|
22-Jul-2022 |
kn |
Leftovers from florian's RS/NA purge from the kernel in 2017.
OK bluhm
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE
|
#
1.76 |
|
28-Mar-2020 |
florian |
Move ND6_PRIV_* constants from nd6.h to slaacd the only place where they are used. Nobody in the wider eco system uses these. While here reduce temporary address valid lifetime to 2 days as per draft-ietf-6man-rfc4941bis. This should considerably reduce the amount of addresses configured on an interface - a common complaint. Original diff from Fernando Gont (fernando AT gont.com.ar), thanks! Ports tree scanning by sthen@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.75 |
|
21-Jun-2019 |
mpi |
Prevent recursions by not deleting entries inside rtable_walk(9).
rtable_walk(9) now passes a routing entry back to the caller when a non zero value is returned and if it asked for it. This allows us to call rtdeletemsg()/rtrequest_delete() from the caller without creating a recursion because of rtflushclone().
Multicast code hasn't been adapted and is still possibly creating recursions. However multicast route entries aren't cloned so if a recursion exists it isn't because of rtflushclone().
Fix stack exhaustion triggered by the use of "-msave-args".
Issue reported by D��niel L��vai on bugs@ confirmed by and ok bluhm@.
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.74 |
|
27-Nov-2017 |
mpi |
Use a single timer for all ND6 entries.
This prevents a use-after-free reported by Hrvoje Popovski where the timeout function was already sleeping on the NET_LOCK() when ifconfig(8) removed the enry from the table.
By iterating on a global list in the timeout routine we ensure that the items are still valid when we process them. This also reduce differences with ARP.
ok bluhm@, visa@
|
#
1.73 |
|
03-Nov-2017 |
florian |
We are processing Router Solicitation / Advertisement messages only for the Source Link-layer Address Options. Merge nd6_rs_input() and nd6_ra_input() into one generic function that does just that.
input & OK mpi
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.72 |
|
09-Aug-2017 |
florian |
Remove knob and always do neighbor unreachable detection.
|
#
1.71 |
|
09-Aug-2017 |
florian |
accept_rtadv doesn't do anything since some time. OK mpi
|
#
1.70 |
|
09-Aug-2017 |
florian |
We are no longer generating privacy addresses in the kernel. OK mpi
|
#
1.69 |
|
08-Aug-2017 |
florian |
Stop running nd6_expire every second. We know when pltime or vltime decrease to zero. Run nd6_expire then. Input & OK mpi, bluhm
|
#
1.68 |
|
12-Jul-2017 |
florian |
Get rid of ICMPV6CTL_ND6_DRLIST and ICMPV6CTL_ND6_PRLIST sysctls With this we can also get rid of in6_prefix and in6_defrouter. They are meaningless, the kernel no longer tracks this information.
Pointed out by & OK mpi
|
#
1.67 |
|
11-Jul-2017 |
florian |
Purging is at last at hand. Day of Doom is here. All that is evil shall all be cleansed.
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Input & OK bluhm@, mpi@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.66 |
|
27-Dec-2016 |
bluhm |
Move nd6 timer initialisation to nd6_init() and call timeout_set() only once during init. OK mpi@
|
#
1.65 |
|
28-Nov-2016 |
mpi |
Remove multiple recursive splsoftnet().
ok bluhm@
|
#
1.64 |
|
21-Nov-2016 |
mpi |
Assert that prelist_update() is always called at IPL_SOFTNET.
While here use __func__ in debug strings to reduce noise when grepping.
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.63 |
|
13-Jul-2016 |
dlg |
store nd6 expiries in the route, not separately in the llinfo struct.
this makes it more consistent with arp, and makes expiries visible via route(8) get as well as ndp(8).
ok mpi@ florian@
|
#
1.62 |
|
15-Jun-2016 |
mpi |
Kill nd6_output(), it doesn't do anything since the resolution logic has been moved to nd6_resolve().
ok visa@, millert@, florian@, sthen@
|
#
1.61 |
|
08-Jun-2016 |
mpi |
Move ND resoluton logic from nd6_output() to nd6_storelladdr() and rename it to nd6_resolve().
This allows us to get rid of non-Ethernet hacks by moving Ethernet specific logic in the appropriate layer.
ok sthen@
|
#
1.60 |
|
01-Jun-2016 |
dlg |
make nd6_llinfo_settimer take seconds instead of ticks.
most callers are working in seconds, internally it uses seconds, and you can call timeout_add_sec as easily as timeout_add.
this also fixes an issue with an nd_defrouter expire which was incorrectly scaled with ticks in a comparison.
ok mpi@
|
#
1.59 |
|
30-May-2016 |
dlg |
remove code compensating for the "short" range of timeouts.
the nd6 code for managing expiries is never asked to handle intervals greater than what timeouts can handle, so we dont need to overcompensate.
the code was also incorrect by using a long, which isnt that long on ILP32 machines.
ok mpi@ millert@ benno@
|
#
1.58 |
|
30-Mar-2016 |
mpi |
Implement proxy ARP for ART based on mpath support.
Since mpath is not enabled in RAMDISK, proxy ARP won't work there either.
ok bluhm@
|
#
1.57 |
|
03-Mar-2016 |
jca |
Kill IPv6 prefix and router renumbering ioctls.
Router renumbering was never supported, prefix ioctls were deprecated ~15 years ago. Move some items in netinet6/nd6.h where they are still used.
ok mikeb@ mpi@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.56 |
|
18-Dec-2015 |
tb |
Convert arc4random() to arc4random_uniorm(). Diff by Matthew Martin.
Ensure that arc4random_uniform() doesn't loop by redefining ND6_MAX_DESYNC_FACTOR to be 512, the largest power of two smaller than the RFC-specified 600 seconds. Suggested by florian@ and deraadt@
ok florian@, sthen@ in this form, arc4random change ok djm@, tedu@
|
#
1.55 |
|
06-Nov-2015 |
mpi |
Change nd6_nud_hint() to no longer manipulate rt_ifp directly.
While here remove unused argument and convert the route check to rtisvalid(9).
ok bluhm@
|
#
1.54 |
|
02-Nov-2015 |
bluhm |
Implement the list of nd6 llinfo entries with a TAILQ. OK millert@ mpi@
|
#
1.53 |
|
02-Nov-2015 |
mpi |
Prefer an existing refcounted ``ifp'' to rt_ifp when possible or use the interface index directly.
ok bluhm@
|
#
1.52 |
|
28-Oct-2015 |
florian |
Remove linkmtu and maxmtu from struct nd_ifinfo. IN6_LINKMTU can now die and ifp->if_mtu is the one true mtu. Suggested by and OK mpi@
|
#
1.51 |
|
25-Oct-2015 |
mpi |
Introduce if_rtrequest() the successor of ifa_rtrequest().
L2 resolution depends on the protocol (encoded in the route entry) and an ``ifp''. Not having to care about an ``ifa'' makes our life easier in our MP effort. Fewer dependencies between data structures implies fewer headaches.
Discussed with bluhm@, ok claudio@
|
#
1.50 |
|
24-Oct-2015 |
mpi |
Ignore Router Advertisment's current hop limit.
Appart from the usual inet6 axe murdering exercise to keep you fit, this allows us to get rid of a lot of layer violation due to the use of per- ifp variables to store the current hop limit.
Imputs from bluhm@, ok phessler@, florian@, bluhm@
|
#
1.49 |
|
31-Aug-2015 |
mpi |
The return value of nd6_cache_lladdr() is never used so make it a void.
Fewer "struct rtentry" left in the wild!
|
#
1.48 |
|
24-Aug-2015 |
mpi |
nd6_prefix_add() is no longer used and die.
|
#
1.47 |
|
24-Aug-2015 |
mpi |
Start moving away from the global prefix list by limiting its usage to AUTOCONF'd addresses.
This prevent the kernel from removing connected (/64) routes as soon as it configures an AUTOCONF'd address based on a RA.
Tested by sebastia@, ok sthen@
|
#
1.46 |
|
24-Aug-2015 |
mpi |
Rework the code to decide when to perform DAD to no longer rely on the IN6_IFF_NODAD pseudo-flag not being set.
This was just a flag for spaghetti code that should not exist in the first place.
Tested by sebastia@, ok sthen@
|
#
1.45 |
|
18-Aug-2015 |
mpi |
Call rtfree(9) when we no longer need the route entry rather than decrementing rt_refcnt just after rtrequest1(9).
While here reduce the differences with rt_ifa_add(9). There's still an ambiguity about rtrequest1(9)'s return value, but bluhm@ will address that in a different diff.
Discussed with and ok bluhm@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.44 |
|
18-Jul-2015 |
mpi |
Merge two identical chunks to add new prefixes to the global data structures into a function.
ok florian@
|
#
1.43 |
|
16-Jul-2015 |
mpi |
Properly layer Router Solicitation code.
Tweak and ok florian@
|
#
1.42 |
|
09-Jul-2015 |
mpi |
Remove unused arguments and the associated code from nd6_nud_hint().
ok claudio@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.41 |
|
20-Nov-2014 |
mpi |
Rework the handling of interfaces and IPv6 addresses for local delivery.
- Unicast packets sent to any local address will have their interface set to loobpack.
- In order to differentiate traffic from interfaces having identical link-local addresses, provide the scoped addresses to pf(4).
- Update the icmp6 state lookup logic to match scoped MLL addresses.
- Remove a shortcut in ip6_input() that bypasses pf and always look for an RTF_LOCAL route.
Packets sent to multicast addresses still retain their original interface due to the fact that local multicast packet delivering does not use if_output.
This makes ping6 to link-local addresses work even with pf enabled and "set skip" on loopbacks, reported by Pieter Verberne.
Debugged, analysed and tested with mikeb@.
ok mikeb@, henning@, sthen@
|
#
1.40 |
|
10-Nov-2014 |
mpi |
Do not pass an ifa pointer when we already have a DAD descriptor.
Tweaks and ok florian@
|
#
1.39 |
|
25-Aug-2014 |
florian |
Move sending of router solicitations to the kernel; receiving and processing of router advertisements was already in the kernel. With this rtsol{,d}(8) is no longer necessary.
The kernel starts sending solicitations with # ifconfig $IF inet6 autoconf or inet6 autoconf in /etc/hostname.$IF.
input stsp@ much help & OK mpi@ tweaks & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.38 |
|
11-Jul-2014 |
blambert |
move IPv6 prefix adding from workq to taskq; as a happy benefit, we can delete 2 dozen or so lines that check to see if we've queued up a prefix addition multiple times.
ok stsp@
|
#
1.37 |
|
07-May-2014 |
mpi |
Kill the {nd6_,}useloopback buttons, using the loopback interface for local traffic is not optional.
ok mikeb@, stsp@, jca@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.36 |
|
07-Jan-2014 |
mikeb |
Propagate an rdomain number to the nd6_lookup independently from the ifp pointer which can be NULL. This prevents a crash reported by David Hill <dhill at mindcry ! org>. OK bluhm
|
#
1.35 |
|
25-Oct-2013 |
deraadt |
More _KERNEL namespace cleanup, just in case something out there includes this.
|
#
1.34 |
|
28-Aug-2013 |
mpi |
Remove unused argument from *rtrequest()
ok krw@, mikeb@
|
#
1.33 |
|
26-Aug-2013 |
bluhm |
No one uses the obsolete IPv6 ioctls SIOCGDRLST_IN6, SIOCGPRLST_IN6, OSIOCGIFINFO_IN6 anymore. Remove them together with the structs in6_drlist, in6_oprlist, in6_prlist, in6_ondireq and the kernel implementation. OK mikeb@ henning@
|
#
1.32 |
|
11-Aug-2013 |
bluhm |
To control the lifetime of IPv6 addresses, prefixes and default routers, the kernel and ndp use a bunch of expire fields. Before they were int or u_long, convert expire to time_t in all structs. Move vltime and pltime to u_int32_t everywhere. Sort struct fields by size. Struct inet6_ndpr_msghdr is not used at all, so remove it.
Binary compatibility of rtsold and ndp break with this change as rtsold uses in6_drlist and ndp uses in6_defrouter and in6_prefix to interact with the kernel.
OK mpi@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.31 |
|
01-Jul-2013 |
bluhm |
Do not access queue fields directly, use FOREACH() macro instead. No binary change. OK mikeb@ mpi@
|
#
1.30 |
|
11-Mar-2013 |
mpi |
Remove unused code manipulating a default interface and its index, This is a leftover from the on-link assumption behavior removal, which has been deprecated by RFC4861 anyway.
ok mikeb@, bluhm@, florian@
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.29 |
|
14-Feb-2012 |
sthen |
typo in comment.
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.28 |
|
03-Apr-2011 |
stsp |
fix typos in comments ok deraadt henning sthen thib (though thib says he can't spell)
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE
|
#
1.27 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE
|
#
1.26 |
|
11-Jun-2008 |
mcbride |
From KAME, allow adjustable limits on NDP entries and discovered routes.
ok mpf naddy
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.25 |
|
08-Jul-2003 |
itojun |
unifdef -U__otherBSD__
|
#
1.24 |
|
27-Jun-2003 |
itojun |
split ND6 cache timer management to per-entry. increased accuracy, no O(N) loop. sync w/ kame. marc tested, daniel ok
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_A UBC_SYNC_B
|
#
1.23 |
|
08-Jun-2002 |
itojun |
gc
|
#
1.22 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.21 |
|
07-Jun-2002 |
itojun |
cope with cases where maxmtu == 0 (shouldn't happen)
|
#
1.20 |
|
05-Jun-2002 |
itojun |
be sure to use L3 MTU, not L2 MTU, when specified in spec (affects FDDI/ARCnet)
|
#
1.19 |
|
30-May-2002 |
itojun |
improve nd6_setmtu(), to warn too-small MTU on SIOCSIFMTU. sync w/kame
|
#
1.18 |
|
29-May-2002 |
itojun |
no need to supply obsolete field name "receivedra"
|
#
1.17 |
|
29-May-2002 |
itojun |
attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.16 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
#
1.15 |
|
23-Jan-2002 |
fgsch |
compatability -> compatibility.
|
Revision tags: OPENBSD_2_9_BASE OPENBSD_3_0_BASE UBC_BASE
|
#
1.14 |
|
23-Feb-2001 |
itojun |
branches: 1.14.6; garbage-collect stale ND entries (default: 1 day). RFC 2461 5.3. sync with kame.
|
#
1.13 |
|
23-Feb-2001 |
itojun |
remove unnecessary state, ND6_LLINFO_WAITDELETE, from neighbor cache state machine. no need for RTF_REJECT on neighbor cache entires, they are leftover from ARP code. sync with kame.
|
#
1.12 |
|
08-Feb-2001 |
itojun |
when chasing nd6_llinfo chain, make sure we do not touch dangling pointer (due to RTM_DELETE during default router list management). from kame
|
#
1.11 |
|
08-Feb-2001 |
itojun |
use timeout_xx() throughout sys/netinet6. sync with kame.
|
#
1.10 |
|
07-Feb-2001 |
itojun |
by default, don't bark on inbound ND messages, as outsider may be able to fill up /var with bogus packets. setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid ND packet and other occasions.
improve icmp6 stats.
|
#
1.9 |
|
19-Jan-2001 |
itojun |
pull post-4.4BSD change to sys/net/route.c from BSD/OS 4.2 (UCB copyrighted).
have sys/net/route.c:rtrequest1(), which takes rt_addrinfo * as the argument. pass rt_addrinfo all the way down to rtrequest, and ifa->ifa_rtrequest. 3rd arg of ifa->ifa_rtrequest is now rt_addrinfo * instead of sockaddr * (almost noone is using it anyways).
benefit: the follwoing command now works. previously we need two route(8) invocations, "add" then "change". # route add -inet6 default ::1 -ifp gif0
remove unsafe typecast in rtrequest(), from rtentry * to sockaddr *. it was introduced by 4.3BSD-reno and never corrected.
XXX is eon_rtrequest() change correct regarding to 3rd arg? eon_rtrequest() and rtrequest() were incorrect since 4.3BSD-reno, so i do not have correct answer in the source code. someone with more clue about netiso-over-ip, please help.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.8 |
|
06-Jul-2000 |
itojun |
- more icmp6/ip6 stats. - protect IPv6 ND from being hosed (due to neighbor unreachability detection hint) by wrong tcp traffic. still not sure if there's real attack, but it is good to be cautious. - avoid bitfield for router renumbering header decl. - implement packet-per-sec limitation for icmp6 errors, turn interval limit off (it is not very useful due to unix timer resolution).
|
#
1.7 |
|
19-May-2000 |
itojun |
never forward packet with link-local address. experimental support for new loopback packet handling (with FAKE_LOOPBACK_IF, rcvif will be set to real outgoing interface, not the loopback, to honor scope) sync with kame.
|
#
1.6 |
|
15-May-2000 |
itojun |
perform NUD on p2p link, only if the destination/gateway is real neighbor. this removes temporary workaround (no NUD on p2p link). KAME PR 245.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.5 |
|
17-Apr-2000 |
itojun |
revisit in6_ifattach(). (1) make it more persistent about initializaing an interface (2) cleanup interface id selection. run NUD on p2p interface (required by spec for bidir p2p interface). add "ndp -i interface" (can tweak per-interface ND flag). (sync with more recent kame)
|
#
1.4 |
|
28-Feb-2000 |
itojun |
bring in recent KAME changes (only important and stable ones, as usual). - remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works just like "arp -s". - revise source address selection. be more careful about use of yet-to-be-valid addresses as source. - as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope packet forwarding attempt. - path MTU discovery takes care of routing header properly. - be more strict about mbuf chain parsing. - nuke xxCTL_VARS #define, they are for BSDI. - disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit IPv6 model where multiple address on interface is normal. (kernel side supports them for a while for backward compat, the support will be nuked shortly) - introduce "default outgoing interface" (for spec conformance in very rare case)
|
Revision tags: SMP_BASE
|
#
1.3 |
|
04-Feb-2000 |
itojun |
branches: 1.3.2; more coverage of in6_ifdetach()'s cleanup process. bug fix in SIOCGIFADDR_IN6 (point to point case).
|
#
1.2 |
|
08-Jan-2000 |
deraadt |
use arc4random() instead of random for two reasons. 1) on some architectures, random() should only be used by the scheduler (ie. statintr() because it is uniformly distributed 2) arc4random() is actually strong, random() is not at all
|
Revision tags: kame_19991208
|
#
1.1 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
#
1.92 |
|
07-Dec-2022 |
kn |
Do not store unused ICMPv6 Option PREFIX_INFORMATION
Dead since 2017 sys/netinet6/nd6_rtr.c r1.163 Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
sysctl(2) net.inet6.icmp6.nd6_debug does not warn about it like it does for, e.g., duplicate MTU options, so don't do anything with this option.
Remove access macros for other unused options while here. Eventually, union nd_opts should be removed completely. All under _KERNEL.
tcpdump(8)/rad(8)/slaacd(8) keep showing/sending/receiving this option when running this diff on both router and client.
OK claudio
|
#
1.91 |
|
02-Dec-2022 |
kn |
Remove constant basereachable and retrans members from struct nd_ifinfo
Both are initalised with compile-time constants and never written to.
They are part of the Neighbour Discovery machinery and only surface through the single-user SIOCGIFINFO_IN6: $ ndp -i lo0 basereachable=30s0ms, reachable=39s, retrans=1s0ms
These values are read-only since 2017 sys/netinet6/nd6.c r1.217 usr.sbin/ndp/ndp.c r1.85 Remove knob and always do neighbor unreachable detection
Inline the macros (to keep meaningful names), shrink the per-interface allocated struct nd_ifinfo to what is actually needed and inline nd6_dad_starttimer()'s constant `msec' argument.
Nothing else in base, incl. regress, uses SIOCGIFINFO_IN6 or `ndp -i'.
OK bluhm
|
#
1.90 |
|
28-Nov-2022 |
kn |
Document struct nd_ifinfo protection, remove obsolete .initialized member
All access to struct ifnet's member *if_nd is read-only, with the one write exception being nd6_slowtimo() updating ND information.
IPv6 Neighbour Discovery information is fully protected by the net lock. --- nd6_ifattach() allocates and unconditionally initialises struct ifnet's *if_nd member, so early in if_attachsetup() that there is no way to query unitialised Neighour Unreachable Detection bits.
Only SIOCGIFINFO_IN6 through ndp(8) used the .initialized member: Added/set since 2002 sys/netinet6/nd6.c r1.42 attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
Read since 2002 usr.sbin/ndp/ndp.c r1.16 use new SIOCGIFINFO_IN6. random other cleanups. sync w/kame.
Obsolete since 2017 sys/netinet6/nd6.c r1.217 usr.sbin/ndp/ndp.c r1.85 Remove knob and always do neighbor unreachable detection.
Feedback OK bluhm
|
#
1.89 |
|
23-Nov-2022 |
kn |
Remove unused NDPRF_* defines; dead since 2017 sys/netinet6/nd6.c r1.210
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Outside of _KERNEL, but nothing in base uses it, either. codesearch.debian.net seems to agree.
OK mvs claudio bluhm
|
#
1.88 |
|
23-Nov-2022 |
kn |
Remove unused struct in6_ndifreq; dead since 2013 sys/netinet6/in6_var.h r1.37
Remove unused code manipulating a default interface and its index This is a leftover from the on-link assumption behavior removal, which has been deprecated by RFC4861 anyway.
Outside of _KERNEL, but nothing in base uses it, either. codesearch.debian.net seems to agree.
OK mvs claudio bluhm
|
#
1.87 |
|
23-Nov-2022 |
kn |
Remove unused struct prf_ra; dead since 2017 sys/netinet/icmp6.h r1.45
Get rid of ICMPV6CTL_ND6_DRLIST and ICMPV6CTL_ND6_PRLIST sysctls With this we can also get rid of in6_prefix and in6_defrouter. They are meaningless, the kernel no longer tracks this information.
Outside of _KERNEL, but nothing in base uses it, either. codesearch.debian.net seems to agree.
OK mvs claudio bluhm
|
#
1.86 |
|
23-Nov-2022 |
kn |
Inline useless ND_IFINFO() macro
A single cast-free struct pointer dereference needs no indirection. ND_IFINFO() is under _KERNEL.
OK mvs
|
#
1.85 |
|
23-Nov-2022 |
kn |
Let nd6_if{at,de}tach() be void and take an ifp argument
Do it like the rest of at/detach routines which modify a struct ifnet pointer without returning anything.
OK mvs
|
#
1.84 |
|
23-Nov-2022 |
kn |
Add *if_nd to struct ifnet, call nd6_if{at,de}tach() directly
*if_afdata[] and struct domain's dom_if{at,de}tach() are only used with IPv6 Neighbour Discovery in6_dom{at,de}tach(), which allocate/init and free single struct nd_ifinfo.
Set up a new ND-specific *if_nd member directly to avoid yet another layer of indirection and thus make the generic domain API obsolete.
The per-interface data is only accessed in nd6.c and nd6_nbr.c through the ND_IFINFO() macro; it is allocated and freed exactly once during interface at/detach, so document it as [I]mmutable.
OK bluhm mvs claudio
|
#
1.83 |
|
23-Nov-2022 |
kn |
Recommit previous "Remove useless struct in6_ifextra"
This was the right diff after all, I just confused myself between trees.
OK bluhm --- Remove useless struct in6_ifextra
in6_var.h r1.75 removed all other struct members.
Now It only contains a single struct nd_ifinfo pointer, so address family specific data might as well be just that.
ND_IFINFO() is the only way nd6_nbr.c and nd6.c access this data, there is no other usage of if_afdata[].
One allocation and unhelpful indirection less per interface.
All under _KERNEL.
OK claudio
|
#
1.82 |
|
22-Nov-2022 |
kn |
Backout "Remove useless struct in6_ifextra" commit
I committed the wrong iteration of this diff, sorry for the noise.
|
#
1.81 |
|
22-Nov-2022 |
kn |
Remove useless struct in6_ifextra
in6_var.h r1.75 removed all other struct members.
Now It only contains a single struct nd_ifinfo pointer, so address family specific data might as well be just that.
ND_IFINFO() is the only way nd6_nbr.c and nd6.c access this data, there is no other usage of if_afdata[].
One allocation and unhelpful indirection less per interface.
All under _KERNEL.
OK claudio
|
#
1.80 |
|
12-Nov-2022 |
kn |
Remove unused RS_LHCOOKIE macro
Added in 2014 110585f259f4974284e531f0a1e121b001a580dc Move sending of router solicitations to the kernel; [...] but never used.
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.79 |
|
08-Aug-2022 |
kn |
Constify in6_addr pointer arguments in nd6_*() functions
All of them are passed to inspect/copy out fields, none of the functions writes to the struct.
This makes it easier to argue about code (in MP context).
OK bluhm
|
#
1.78 |
|
28-Jul-2022 |
kn |
Zap prototypes for nonexistent nd6_setmtu() and in6_ifdel()
Removed in 2015 and 2002, respectively.
OK claudio
|
#
1.77 |
|
22-Jul-2022 |
kn |
Leftovers from florian's RS/NA purge from the kernel in 2017.
OK bluhm
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE
|
#
1.76 |
|
28-Mar-2020 |
florian |
Move ND6_PRIV_* constants from nd6.h to slaacd the only place where they are used. Nobody in the wider eco system uses these. While here reduce temporary address valid lifetime to 2 days as per draft-ietf-6man-rfc4941bis. This should considerably reduce the amount of addresses configured on an interface - a common complaint. Original diff from Fernando Gont (fernando AT gont.com.ar), thanks! Ports tree scanning by sthen@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.75 |
|
21-Jun-2019 |
mpi |
Prevent recursions by not deleting entries inside rtable_walk(9).
rtable_walk(9) now passes a routing entry back to the caller when a non zero value is returned and if it asked for it. This allows us to call rtdeletemsg()/rtrequest_delete() from the caller without creating a recursion because of rtflushclone().
Multicast code hasn't been adapted and is still possibly creating recursions. However multicast route entries aren't cloned so if a recursion exists it isn't because of rtflushclone().
Fix stack exhaustion triggered by the use of "-msave-args".
Issue reported by D��niel L��vai on bugs@ confirmed by and ok bluhm@.
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.74 |
|
27-Nov-2017 |
mpi |
Use a single timer for all ND6 entries.
This prevents a use-after-free reported by Hrvoje Popovski where the timeout function was already sleeping on the NET_LOCK() when ifconfig(8) removed the enry from the table.
By iterating on a global list in the timeout routine we ensure that the items are still valid when we process them. This also reduce differences with ARP.
ok bluhm@, visa@
|
#
1.73 |
|
03-Nov-2017 |
florian |
We are processing Router Solicitation / Advertisement messages only for the Source Link-layer Address Options. Merge nd6_rs_input() and nd6_ra_input() into one generic function that does just that.
input & OK mpi
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.72 |
|
09-Aug-2017 |
florian |
Remove knob and always do neighbor unreachable detection.
|
#
1.71 |
|
09-Aug-2017 |
florian |
accept_rtadv doesn't do anything since some time. OK mpi
|
#
1.70 |
|
09-Aug-2017 |
florian |
We are no longer generating privacy addresses in the kernel. OK mpi
|
#
1.69 |
|
08-Aug-2017 |
florian |
Stop running nd6_expire every second. We know when pltime or vltime decrease to zero. Run nd6_expire then. Input & OK mpi, bluhm
|
#
1.68 |
|
12-Jul-2017 |
florian |
Get rid of ICMPV6CTL_ND6_DRLIST and ICMPV6CTL_ND6_PRLIST sysctls With this we can also get rid of in6_prefix and in6_defrouter. They are meaningless, the kernel no longer tracks this information.
Pointed out by & OK mpi
|
#
1.67 |
|
11-Jul-2017 |
florian |
Purging is at last at hand. Day of Doom is here. All that is evil shall all be cleansed.
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Input & OK bluhm@, mpi@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.66 |
|
27-Dec-2016 |
bluhm |
Move nd6 timer initialisation to nd6_init() and call timeout_set() only once during init. OK mpi@
|
#
1.65 |
|
28-Nov-2016 |
mpi |
Remove multiple recursive splsoftnet().
ok bluhm@
|
#
1.64 |
|
21-Nov-2016 |
mpi |
Assert that prelist_update() is always called at IPL_SOFTNET.
While here use __func__ in debug strings to reduce noise when grepping.
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.63 |
|
13-Jul-2016 |
dlg |
store nd6 expiries in the route, not separately in the llinfo struct.
this makes it more consistent with arp, and makes expiries visible via route(8) get as well as ndp(8).
ok mpi@ florian@
|
#
1.62 |
|
15-Jun-2016 |
mpi |
Kill nd6_output(), it doesn't do anything since the resolution logic has been moved to nd6_resolve().
ok visa@, millert@, florian@, sthen@
|
#
1.61 |
|
08-Jun-2016 |
mpi |
Move ND resoluton logic from nd6_output() to nd6_storelladdr() and rename it to nd6_resolve().
This allows us to get rid of non-Ethernet hacks by moving Ethernet specific logic in the appropriate layer.
ok sthen@
|
#
1.60 |
|
01-Jun-2016 |
dlg |
make nd6_llinfo_settimer take seconds instead of ticks.
most callers are working in seconds, internally it uses seconds, and you can call timeout_add_sec as easily as timeout_add.
this also fixes an issue with an nd_defrouter expire which was incorrectly scaled with ticks in a comparison.
ok mpi@
|
#
1.59 |
|
30-May-2016 |
dlg |
remove code compensating for the "short" range of timeouts.
the nd6 code for managing expiries is never asked to handle intervals greater than what timeouts can handle, so we dont need to overcompensate.
the code was also incorrect by using a long, which isnt that long on ILP32 machines.
ok mpi@ millert@ benno@
|
#
1.58 |
|
30-Mar-2016 |
mpi |
Implement proxy ARP for ART based on mpath support.
Since mpath is not enabled in RAMDISK, proxy ARP won't work there either.
ok bluhm@
|
#
1.57 |
|
03-Mar-2016 |
jca |
Kill IPv6 prefix and router renumbering ioctls.
Router renumbering was never supported, prefix ioctls were deprecated ~15 years ago. Move some items in netinet6/nd6.h where they are still used.
ok mikeb@ mpi@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.56 |
|
18-Dec-2015 |
tb |
Convert arc4random() to arc4random_uniorm(). Diff by Matthew Martin.
Ensure that arc4random_uniform() doesn't loop by redefining ND6_MAX_DESYNC_FACTOR to be 512, the largest power of two smaller than the RFC-specified 600 seconds. Suggested by florian@ and deraadt@
ok florian@, sthen@ in this form, arc4random change ok djm@, tedu@
|
#
1.55 |
|
06-Nov-2015 |
mpi |
Change nd6_nud_hint() to no longer manipulate rt_ifp directly.
While here remove unused argument and convert the route check to rtisvalid(9).
ok bluhm@
|
#
1.54 |
|
02-Nov-2015 |
bluhm |
Implement the list of nd6 llinfo entries with a TAILQ. OK millert@ mpi@
|
#
1.53 |
|
02-Nov-2015 |
mpi |
Prefer an existing refcounted ``ifp'' to rt_ifp when possible or use the interface index directly.
ok bluhm@
|
#
1.52 |
|
28-Oct-2015 |
florian |
Remove linkmtu and maxmtu from struct nd_ifinfo. IN6_LINKMTU can now die and ifp->if_mtu is the one true mtu. Suggested by and OK mpi@
|
#
1.51 |
|
25-Oct-2015 |
mpi |
Introduce if_rtrequest() the successor of ifa_rtrequest().
L2 resolution depends on the protocol (encoded in the route entry) and an ``ifp''. Not having to care about an ``ifa'' makes our life easier in our MP effort. Fewer dependencies between data structures implies fewer headaches.
Discussed with bluhm@, ok claudio@
|
#
1.50 |
|
24-Oct-2015 |
mpi |
Ignore Router Advertisment's current hop limit.
Appart from the usual inet6 axe murdering exercise to keep you fit, this allows us to get rid of a lot of layer violation due to the use of per- ifp variables to store the current hop limit.
Imputs from bluhm@, ok phessler@, florian@, bluhm@
|
#
1.49 |
|
31-Aug-2015 |
mpi |
The return value of nd6_cache_lladdr() is never used so make it a void.
Fewer "struct rtentry" left in the wild!
|
#
1.48 |
|
24-Aug-2015 |
mpi |
nd6_prefix_add() is no longer used and die.
|
#
1.47 |
|
24-Aug-2015 |
mpi |
Start moving away from the global prefix list by limiting its usage to AUTOCONF'd addresses.
This prevent the kernel from removing connected (/64) routes as soon as it configures an AUTOCONF'd address based on a RA.
Tested by sebastia@, ok sthen@
|
#
1.46 |
|
24-Aug-2015 |
mpi |
Rework the code to decide when to perform DAD to no longer rely on the IN6_IFF_NODAD pseudo-flag not being set.
This was just a flag for spaghetti code that should not exist in the first place.
Tested by sebastia@, ok sthen@
|
#
1.45 |
|
18-Aug-2015 |
mpi |
Call rtfree(9) when we no longer need the route entry rather than decrementing rt_refcnt just after rtrequest1(9).
While here reduce the differences with rt_ifa_add(9). There's still an ambiguity about rtrequest1(9)'s return value, but bluhm@ will address that in a different diff.
Discussed with and ok bluhm@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.44 |
|
18-Jul-2015 |
mpi |
Merge two identical chunks to add new prefixes to the global data structures into a function.
ok florian@
|
#
1.43 |
|
16-Jul-2015 |
mpi |
Properly layer Router Solicitation code.
Tweak and ok florian@
|
#
1.42 |
|
09-Jul-2015 |
mpi |
Remove unused arguments and the associated code from nd6_nud_hint().
ok claudio@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.41 |
|
20-Nov-2014 |
mpi |
Rework the handling of interfaces and IPv6 addresses for local delivery.
- Unicast packets sent to any local address will have their interface set to loobpack.
- In order to differentiate traffic from interfaces having identical link-local addresses, provide the scoped addresses to pf(4).
- Update the icmp6 state lookup logic to match scoped MLL addresses.
- Remove a shortcut in ip6_input() that bypasses pf and always look for an RTF_LOCAL route.
Packets sent to multicast addresses still retain their original interface due to the fact that local multicast packet delivering does not use if_output.
This makes ping6 to link-local addresses work even with pf enabled and "set skip" on loopbacks, reported by Pieter Verberne.
Debugged, analysed and tested with mikeb@.
ok mikeb@, henning@, sthen@
|
#
1.40 |
|
10-Nov-2014 |
mpi |
Do not pass an ifa pointer when we already have a DAD descriptor.
Tweaks and ok florian@
|
#
1.39 |
|
25-Aug-2014 |
florian |
Move sending of router solicitations to the kernel; receiving and processing of router advertisements was already in the kernel. With this rtsol{,d}(8) is no longer necessary.
The kernel starts sending solicitations with # ifconfig $IF inet6 autoconf or inet6 autoconf in /etc/hostname.$IF.
input stsp@ much help & OK mpi@ tweaks & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.38 |
|
11-Jul-2014 |
blambert |
move IPv6 prefix adding from workq to taskq; as a happy benefit, we can delete 2 dozen or so lines that check to see if we've queued up a prefix addition multiple times.
ok stsp@
|
#
1.37 |
|
07-May-2014 |
mpi |
Kill the {nd6_,}useloopback buttons, using the loopback interface for local traffic is not optional.
ok mikeb@, stsp@, jca@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.36 |
|
07-Jan-2014 |
mikeb |
Propagate an rdomain number to the nd6_lookup independently from the ifp pointer which can be NULL. This prevents a crash reported by David Hill <dhill at mindcry ! org>. OK bluhm
|
#
1.35 |
|
25-Oct-2013 |
deraadt |
More _KERNEL namespace cleanup, just in case something out there includes this.
|
#
1.34 |
|
28-Aug-2013 |
mpi |
Remove unused argument from *rtrequest()
ok krw@, mikeb@
|
#
1.33 |
|
26-Aug-2013 |
bluhm |
No one uses the obsolete IPv6 ioctls SIOCGDRLST_IN6, SIOCGPRLST_IN6, OSIOCGIFINFO_IN6 anymore. Remove them together with the structs in6_drlist, in6_oprlist, in6_prlist, in6_ondireq and the kernel implementation. OK mikeb@ henning@
|
#
1.32 |
|
11-Aug-2013 |
bluhm |
To control the lifetime of IPv6 addresses, prefixes and default routers, the kernel and ndp use a bunch of expire fields. Before they were int or u_long, convert expire to time_t in all structs. Move vltime and pltime to u_int32_t everywhere. Sort struct fields by size. Struct inet6_ndpr_msghdr is not used at all, so remove it.
Binary compatibility of rtsold and ndp break with this change as rtsold uses in6_drlist and ndp uses in6_defrouter and in6_prefix to interact with the kernel.
OK mpi@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.31 |
|
01-Jul-2013 |
bluhm |
Do not access queue fields directly, use FOREACH() macro instead. No binary change. OK mikeb@ mpi@
|
#
1.30 |
|
11-Mar-2013 |
mpi |
Remove unused code manipulating a default interface and its index, This is a leftover from the on-link assumption behavior removal, which has been deprecated by RFC4861 anyway.
ok mikeb@, bluhm@, florian@
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.29 |
|
14-Feb-2012 |
sthen |
typo in comment.
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.28 |
|
03-Apr-2011 |
stsp |
fix typos in comments ok deraadt henning sthen thib (though thib says he can't spell)
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE
|
#
1.27 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE
|
#
1.26 |
|
11-Jun-2008 |
mcbride |
From KAME, allow adjustable limits on NDP entries and discovered routes.
ok mpf naddy
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.25 |
|
08-Jul-2003 |
itojun |
unifdef -U__otherBSD__
|
#
1.24 |
|
27-Jun-2003 |
itojun |
split ND6 cache timer management to per-entry. increased accuracy, no O(N) loop. sync w/ kame. marc tested, daniel ok
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_A UBC_SYNC_B
|
#
1.23 |
|
08-Jun-2002 |
itojun |
gc
|
#
1.22 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.21 |
|
07-Jun-2002 |
itojun |
cope with cases where maxmtu == 0 (shouldn't happen)
|
#
1.20 |
|
05-Jun-2002 |
itojun |
be sure to use L3 MTU, not L2 MTU, when specified in spec (affects FDDI/ARCnet)
|
#
1.19 |
|
30-May-2002 |
itojun |
improve nd6_setmtu(), to warn too-small MTU on SIOCSIFMTU. sync w/kame
|
#
1.18 |
|
29-May-2002 |
itojun |
no need to supply obsolete field name "receivedra"
|
#
1.17 |
|
29-May-2002 |
itojun |
attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.16 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
#
1.15 |
|
23-Jan-2002 |
fgsch |
compatability -> compatibility.
|
Revision tags: OPENBSD_2_9_BASE OPENBSD_3_0_BASE UBC_BASE
|
#
1.14 |
|
23-Feb-2001 |
itojun |
branches: 1.14.6; garbage-collect stale ND entries (default: 1 day). RFC 2461 5.3. sync with kame.
|
#
1.13 |
|
23-Feb-2001 |
itojun |
remove unnecessary state, ND6_LLINFO_WAITDELETE, from neighbor cache state machine. no need for RTF_REJECT on neighbor cache entires, they are leftover from ARP code. sync with kame.
|
#
1.12 |
|
08-Feb-2001 |
itojun |
when chasing nd6_llinfo chain, make sure we do not touch dangling pointer (due to RTM_DELETE during default router list management). from kame
|
#
1.11 |
|
08-Feb-2001 |
itojun |
use timeout_xx() throughout sys/netinet6. sync with kame.
|
#
1.10 |
|
07-Feb-2001 |
itojun |
by default, don't bark on inbound ND messages, as outsider may be able to fill up /var with bogus packets. setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid ND packet and other occasions.
improve icmp6 stats.
|
#
1.9 |
|
19-Jan-2001 |
itojun |
pull post-4.4BSD change to sys/net/route.c from BSD/OS 4.2 (UCB copyrighted).
have sys/net/route.c:rtrequest1(), which takes rt_addrinfo * as the argument. pass rt_addrinfo all the way down to rtrequest, and ifa->ifa_rtrequest. 3rd arg of ifa->ifa_rtrequest is now rt_addrinfo * instead of sockaddr * (almost noone is using it anyways).
benefit: the follwoing command now works. previously we need two route(8) invocations, "add" then "change". # route add -inet6 default ::1 -ifp gif0
remove unsafe typecast in rtrequest(), from rtentry * to sockaddr *. it was introduced by 4.3BSD-reno and never corrected.
XXX is eon_rtrequest() change correct regarding to 3rd arg? eon_rtrequest() and rtrequest() were incorrect since 4.3BSD-reno, so i do not have correct answer in the source code. someone with more clue about netiso-over-ip, please help.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.8 |
|
06-Jul-2000 |
itojun |
- more icmp6/ip6 stats. - protect IPv6 ND from being hosed (due to neighbor unreachability detection hint) by wrong tcp traffic. still not sure if there's real attack, but it is good to be cautious. - avoid bitfield for router renumbering header decl. - implement packet-per-sec limitation for icmp6 errors, turn interval limit off (it is not very useful due to unix timer resolution).
|
#
1.7 |
|
19-May-2000 |
itojun |
never forward packet with link-local address. experimental support for new loopback packet handling (with FAKE_LOOPBACK_IF, rcvif will be set to real outgoing interface, not the loopback, to honor scope) sync with kame.
|
#
1.6 |
|
15-May-2000 |
itojun |
perform NUD on p2p link, only if the destination/gateway is real neighbor. this removes temporary workaround (no NUD on p2p link). KAME PR 245.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.5 |
|
17-Apr-2000 |
itojun |
revisit in6_ifattach(). (1) make it more persistent about initializaing an interface (2) cleanup interface id selection. run NUD on p2p interface (required by spec for bidir p2p interface). add "ndp -i interface" (can tweak per-interface ND flag). (sync with more recent kame)
|
#
1.4 |
|
28-Feb-2000 |
itojun |
bring in recent KAME changes (only important and stable ones, as usual). - remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works just like "arp -s". - revise source address selection. be more careful about use of yet-to-be-valid addresses as source. - as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope packet forwarding attempt. - path MTU discovery takes care of routing header properly. - be more strict about mbuf chain parsing. - nuke xxCTL_VARS #define, they are for BSDI. - disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit IPv6 model where multiple address on interface is normal. (kernel side supports them for a while for backward compat, the support will be nuked shortly) - introduce "default outgoing interface" (for spec conformance in very rare case)
|
Revision tags: SMP_BASE
|
#
1.3 |
|
04-Feb-2000 |
itojun |
branches: 1.3.2; more coverage of in6_ifdetach()'s cleanup process. bug fix in SIOCGIFADDR_IN6 (point to point case).
|
#
1.2 |
|
08-Jan-2000 |
deraadt |
use arc4random() instead of random for two reasons. 1) on some architectures, random() should only be used by the scheduler (ie. statintr() because it is uniformly distributed 2) arc4random() is actually strong, random() is not at all
|
Revision tags: kame_19991208
|
#
1.1 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
#
1.91 |
|
02-Dec-2022 |
kn |
Remove constant basereachable and retrans members from struct nd_ifinfo
Both are initalised with compile-time constants and never written to.
They are part of the Neighbour Discovery machinery and only surface through the single-user SIOCGIFINFO_IN6: $ ndp -i lo0 basereachable=30s0ms, reachable=39s, retrans=1s0ms
These values are read-only since 2017 sys/netinet6/nd6.c r1.217 usr.sbin/ndp/ndp.c r1.85 Remove knob and always do neighbor unreachable detection
Inline the macros (to keep meaningful names), shrink the per-interface allocated struct nd_ifinfo to what is actually needed and inline nd6_dad_starttimer()'s constant `msec' argument.
Nothing else in base, incl. regress, uses SIOCGIFINFO_IN6 or `ndp -i'.
OK bluhm
|
#
1.90 |
|
28-Nov-2022 |
kn |
Document struct nd_ifinfo protection, remove obsolete .initialized member
All access to struct ifnet's member *if_nd is read-only, with the one write exception being nd6_slowtimo() updating ND information.
IPv6 Neighbour Discovery information is fully protected by the net lock. --- nd6_ifattach() allocates and unconditionally initialises struct ifnet's *if_nd member, so early in if_attachsetup() that there is no way to query unitialised Neighour Unreachable Detection bits.
Only SIOCGIFINFO_IN6 through ndp(8) used the .initialized member: Added/set since 2002 sys/netinet6/nd6.c r1.42 attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
Read since 2002 usr.sbin/ndp/ndp.c r1.16 use new SIOCGIFINFO_IN6. random other cleanups. sync w/kame.
Obsolete since 2017 sys/netinet6/nd6.c r1.217 usr.sbin/ndp/ndp.c r1.85 Remove knob and always do neighbor unreachable detection.
Feedback OK bluhm
|
#
1.89 |
|
23-Nov-2022 |
kn |
Remove unused NDPRF_* defines; dead since 2017 sys/netinet6/nd6.c r1.210
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Outside of _KERNEL, but nothing in base uses it, either. codesearch.debian.net seems to agree.
OK mvs claudio bluhm
|
#
1.88 |
|
23-Nov-2022 |
kn |
Remove unused struct in6_ndifreq; dead since 2013 sys/netinet6/in6_var.h r1.37
Remove unused code manipulating a default interface and its index This is a leftover from the on-link assumption behavior removal, which has been deprecated by RFC4861 anyway.
Outside of _KERNEL, but nothing in base uses it, either. codesearch.debian.net seems to agree.
OK mvs claudio bluhm
|
#
1.87 |
|
23-Nov-2022 |
kn |
Remove unused struct prf_ra; dead since 2017 sys/netinet/icmp6.h r1.45
Get rid of ICMPV6CTL_ND6_DRLIST and ICMPV6CTL_ND6_PRLIST sysctls With this we can also get rid of in6_prefix and in6_defrouter. They are meaningless, the kernel no longer tracks this information.
Outside of _KERNEL, but nothing in base uses it, either. codesearch.debian.net seems to agree.
OK mvs claudio bluhm
|
#
1.86 |
|
23-Nov-2022 |
kn |
Inline useless ND_IFINFO() macro
A single cast-free struct pointer dereference needs no indirection. ND_IFINFO() is under _KERNEL.
OK mvs
|
#
1.85 |
|
23-Nov-2022 |
kn |
Let nd6_if{at,de}tach() be void and take an ifp argument
Do it like the rest of at/detach routines which modify a struct ifnet pointer without returning anything.
OK mvs
|
#
1.84 |
|
23-Nov-2022 |
kn |
Add *if_nd to struct ifnet, call nd6_if{at,de}tach() directly
*if_afdata[] and struct domain's dom_if{at,de}tach() are only used with IPv6 Neighbour Discovery in6_dom{at,de}tach(), which allocate/init and free single struct nd_ifinfo.
Set up a new ND-specific *if_nd member directly to avoid yet another layer of indirection and thus make the generic domain API obsolete.
The per-interface data is only accessed in nd6.c and nd6_nbr.c through the ND_IFINFO() macro; it is allocated and freed exactly once during interface at/detach, so document it as [I]mmutable.
OK bluhm mvs claudio
|
#
1.83 |
|
23-Nov-2022 |
kn |
Recommit previous "Remove useless struct in6_ifextra"
This was the right diff after all, I just confused myself between trees.
OK bluhm --- Remove useless struct in6_ifextra
in6_var.h r1.75 removed all other struct members.
Now It only contains a single struct nd_ifinfo pointer, so address family specific data might as well be just that.
ND_IFINFO() is the only way nd6_nbr.c and nd6.c access this data, there is no other usage of if_afdata[].
One allocation and unhelpful indirection less per interface.
All under _KERNEL.
OK claudio
|
#
1.82 |
|
22-Nov-2022 |
kn |
Backout "Remove useless struct in6_ifextra" commit
I committed the wrong iteration of this diff, sorry for the noise.
|
#
1.81 |
|
22-Nov-2022 |
kn |
Remove useless struct in6_ifextra
in6_var.h r1.75 removed all other struct members.
Now It only contains a single struct nd_ifinfo pointer, so address family specific data might as well be just that.
ND_IFINFO() is the only way nd6_nbr.c and nd6.c access this data, there is no other usage of if_afdata[].
One allocation and unhelpful indirection less per interface.
All under _KERNEL.
OK claudio
|
#
1.80 |
|
12-Nov-2022 |
kn |
Remove unused RS_LHCOOKIE macro
Added in 2014 110585f259f4974284e531f0a1e121b001a580dc Move sending of router solicitations to the kernel; [...] but never used.
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.79 |
|
08-Aug-2022 |
kn |
Constify in6_addr pointer arguments in nd6_*() functions
All of them are passed to inspect/copy out fields, none of the functions writes to the struct.
This makes it easier to argue about code (in MP context).
OK bluhm
|
#
1.78 |
|
28-Jul-2022 |
kn |
Zap prototypes for nonexistent nd6_setmtu() and in6_ifdel()
Removed in 2015 and 2002, respectively.
OK claudio
|
#
1.77 |
|
22-Jul-2022 |
kn |
Leftovers from florian's RS/NA purge from the kernel in 2017.
OK bluhm
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE
|
#
1.76 |
|
28-Mar-2020 |
florian |
Move ND6_PRIV_* constants from nd6.h to slaacd the only place where they are used. Nobody in the wider eco system uses these. While here reduce temporary address valid lifetime to 2 days as per draft-ietf-6man-rfc4941bis. This should considerably reduce the amount of addresses configured on an interface - a common complaint. Original diff from Fernando Gont (fernando AT gont.com.ar), thanks! Ports tree scanning by sthen@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.75 |
|
21-Jun-2019 |
mpi |
Prevent recursions by not deleting entries inside rtable_walk(9).
rtable_walk(9) now passes a routing entry back to the caller when a non zero value is returned and if it asked for it. This allows us to call rtdeletemsg()/rtrequest_delete() from the caller without creating a recursion because of rtflushclone().
Multicast code hasn't been adapted and is still possibly creating recursions. However multicast route entries aren't cloned so if a recursion exists it isn't because of rtflushclone().
Fix stack exhaustion triggered by the use of "-msave-args".
Issue reported by D��niel L��vai on bugs@ confirmed by and ok bluhm@.
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.74 |
|
27-Nov-2017 |
mpi |
Use a single timer for all ND6 entries.
This prevents a use-after-free reported by Hrvoje Popovski where the timeout function was already sleeping on the NET_LOCK() when ifconfig(8) removed the enry from the table.
By iterating on a global list in the timeout routine we ensure that the items are still valid when we process them. This also reduce differences with ARP.
ok bluhm@, visa@
|
#
1.73 |
|
03-Nov-2017 |
florian |
We are processing Router Solicitation / Advertisement messages only for the Source Link-layer Address Options. Merge nd6_rs_input() and nd6_ra_input() into one generic function that does just that.
input & OK mpi
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.72 |
|
09-Aug-2017 |
florian |
Remove knob and always do neighbor unreachable detection.
|
#
1.71 |
|
09-Aug-2017 |
florian |
accept_rtadv doesn't do anything since some time. OK mpi
|
#
1.70 |
|
09-Aug-2017 |
florian |
We are no longer generating privacy addresses in the kernel. OK mpi
|
#
1.69 |
|
08-Aug-2017 |
florian |
Stop running nd6_expire every second. We know when pltime or vltime decrease to zero. Run nd6_expire then. Input & OK mpi, bluhm
|
#
1.68 |
|
12-Jul-2017 |
florian |
Get rid of ICMPV6CTL_ND6_DRLIST and ICMPV6CTL_ND6_PRLIST sysctls With this we can also get rid of in6_prefix and in6_defrouter. They are meaningless, the kernel no longer tracks this information.
Pointed out by & OK mpi
|
#
1.67 |
|
11-Jul-2017 |
florian |
Purging is at last at hand. Day of Doom is here. All that is evil shall all be cleansed.
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Input & OK bluhm@, mpi@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.66 |
|
27-Dec-2016 |
bluhm |
Move nd6 timer initialisation to nd6_init() and call timeout_set() only once during init. OK mpi@
|
#
1.65 |
|
28-Nov-2016 |
mpi |
Remove multiple recursive splsoftnet().
ok bluhm@
|
#
1.64 |
|
21-Nov-2016 |
mpi |
Assert that prelist_update() is always called at IPL_SOFTNET.
While here use __func__ in debug strings to reduce noise when grepping.
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.63 |
|
13-Jul-2016 |
dlg |
store nd6 expiries in the route, not separately in the llinfo struct.
this makes it more consistent with arp, and makes expiries visible via route(8) get as well as ndp(8).
ok mpi@ florian@
|
#
1.62 |
|
15-Jun-2016 |
mpi |
Kill nd6_output(), it doesn't do anything since the resolution logic has been moved to nd6_resolve().
ok visa@, millert@, florian@, sthen@
|
#
1.61 |
|
08-Jun-2016 |
mpi |
Move ND resoluton logic from nd6_output() to nd6_storelladdr() and rename it to nd6_resolve().
This allows us to get rid of non-Ethernet hacks by moving Ethernet specific logic in the appropriate layer.
ok sthen@
|
#
1.60 |
|
01-Jun-2016 |
dlg |
make nd6_llinfo_settimer take seconds instead of ticks.
most callers are working in seconds, internally it uses seconds, and you can call timeout_add_sec as easily as timeout_add.
this also fixes an issue with an nd_defrouter expire which was incorrectly scaled with ticks in a comparison.
ok mpi@
|
#
1.59 |
|
30-May-2016 |
dlg |
remove code compensating for the "short" range of timeouts.
the nd6 code for managing expiries is never asked to handle intervals greater than what timeouts can handle, so we dont need to overcompensate.
the code was also incorrect by using a long, which isnt that long on ILP32 machines.
ok mpi@ millert@ benno@
|
#
1.58 |
|
30-Mar-2016 |
mpi |
Implement proxy ARP for ART based on mpath support.
Since mpath is not enabled in RAMDISK, proxy ARP won't work there either.
ok bluhm@
|
#
1.57 |
|
03-Mar-2016 |
jca |
Kill IPv6 prefix and router renumbering ioctls.
Router renumbering was never supported, prefix ioctls were deprecated ~15 years ago. Move some items in netinet6/nd6.h where they are still used.
ok mikeb@ mpi@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.56 |
|
18-Dec-2015 |
tb |
Convert arc4random() to arc4random_uniorm(). Diff by Matthew Martin.
Ensure that arc4random_uniform() doesn't loop by redefining ND6_MAX_DESYNC_FACTOR to be 512, the largest power of two smaller than the RFC-specified 600 seconds. Suggested by florian@ and deraadt@
ok florian@, sthen@ in this form, arc4random change ok djm@, tedu@
|
#
1.55 |
|
06-Nov-2015 |
mpi |
Change nd6_nud_hint() to no longer manipulate rt_ifp directly.
While here remove unused argument and convert the route check to rtisvalid(9).
ok bluhm@
|
#
1.54 |
|
02-Nov-2015 |
bluhm |
Implement the list of nd6 llinfo entries with a TAILQ. OK millert@ mpi@
|
#
1.53 |
|
02-Nov-2015 |
mpi |
Prefer an existing refcounted ``ifp'' to rt_ifp when possible or use the interface index directly.
ok bluhm@
|
#
1.52 |
|
28-Oct-2015 |
florian |
Remove linkmtu and maxmtu from struct nd_ifinfo. IN6_LINKMTU can now die and ifp->if_mtu is the one true mtu. Suggested by and OK mpi@
|
#
1.51 |
|
25-Oct-2015 |
mpi |
Introduce if_rtrequest() the successor of ifa_rtrequest().
L2 resolution depends on the protocol (encoded in the route entry) and an ``ifp''. Not having to care about an ``ifa'' makes our life easier in our MP effort. Fewer dependencies between data structures implies fewer headaches.
Discussed with bluhm@, ok claudio@
|
#
1.50 |
|
24-Oct-2015 |
mpi |
Ignore Router Advertisment's current hop limit.
Appart from the usual inet6 axe murdering exercise to keep you fit, this allows us to get rid of a lot of layer violation due to the use of per- ifp variables to store the current hop limit.
Imputs from bluhm@, ok phessler@, florian@, bluhm@
|
#
1.49 |
|
31-Aug-2015 |
mpi |
The return value of nd6_cache_lladdr() is never used so make it a void.
Fewer "struct rtentry" left in the wild!
|
#
1.48 |
|
24-Aug-2015 |
mpi |
nd6_prefix_add() is no longer used and die.
|
#
1.47 |
|
24-Aug-2015 |
mpi |
Start moving away from the global prefix list by limiting its usage to AUTOCONF'd addresses.
This prevent the kernel from removing connected (/64) routes as soon as it configures an AUTOCONF'd address based on a RA.
Tested by sebastia@, ok sthen@
|
#
1.46 |
|
24-Aug-2015 |
mpi |
Rework the code to decide when to perform DAD to no longer rely on the IN6_IFF_NODAD pseudo-flag not being set.
This was just a flag for spaghetti code that should not exist in the first place.
Tested by sebastia@, ok sthen@
|
#
1.45 |
|
18-Aug-2015 |
mpi |
Call rtfree(9) when we no longer need the route entry rather than decrementing rt_refcnt just after rtrequest1(9).
While here reduce the differences with rt_ifa_add(9). There's still an ambiguity about rtrequest1(9)'s return value, but bluhm@ will address that in a different diff.
Discussed with and ok bluhm@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.44 |
|
18-Jul-2015 |
mpi |
Merge two identical chunks to add new prefixes to the global data structures into a function.
ok florian@
|
#
1.43 |
|
16-Jul-2015 |
mpi |
Properly layer Router Solicitation code.
Tweak and ok florian@
|
#
1.42 |
|
09-Jul-2015 |
mpi |
Remove unused arguments and the associated code from nd6_nud_hint().
ok claudio@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.41 |
|
20-Nov-2014 |
mpi |
Rework the handling of interfaces and IPv6 addresses for local delivery.
- Unicast packets sent to any local address will have their interface set to loobpack.
- In order to differentiate traffic from interfaces having identical link-local addresses, provide the scoped addresses to pf(4).
- Update the icmp6 state lookup logic to match scoped MLL addresses.
- Remove a shortcut in ip6_input() that bypasses pf and always look for an RTF_LOCAL route.
Packets sent to multicast addresses still retain their original interface due to the fact that local multicast packet delivering does not use if_output.
This makes ping6 to link-local addresses work even with pf enabled and "set skip" on loopbacks, reported by Pieter Verberne.
Debugged, analysed and tested with mikeb@.
ok mikeb@, henning@, sthen@
|
#
1.40 |
|
10-Nov-2014 |
mpi |
Do not pass an ifa pointer when we already have a DAD descriptor.
Tweaks and ok florian@
|
#
1.39 |
|
25-Aug-2014 |
florian |
Move sending of router solicitations to the kernel; receiving and processing of router advertisements was already in the kernel. With this rtsol{,d}(8) is no longer necessary.
The kernel starts sending solicitations with # ifconfig $IF inet6 autoconf or inet6 autoconf in /etc/hostname.$IF.
input stsp@ much help & OK mpi@ tweaks & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.38 |
|
11-Jul-2014 |
blambert |
move IPv6 prefix adding from workq to taskq; as a happy benefit, we can delete 2 dozen or so lines that check to see if we've queued up a prefix addition multiple times.
ok stsp@
|
#
1.37 |
|
07-May-2014 |
mpi |
Kill the {nd6_,}useloopback buttons, using the loopback interface for local traffic is not optional.
ok mikeb@, stsp@, jca@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.36 |
|
07-Jan-2014 |
mikeb |
Propagate an rdomain number to the nd6_lookup independently from the ifp pointer which can be NULL. This prevents a crash reported by David Hill <dhill at mindcry ! org>. OK bluhm
|
#
1.35 |
|
25-Oct-2013 |
deraadt |
More _KERNEL namespace cleanup, just in case something out there includes this.
|
#
1.34 |
|
28-Aug-2013 |
mpi |
Remove unused argument from *rtrequest()
ok krw@, mikeb@
|
#
1.33 |
|
26-Aug-2013 |
bluhm |
No one uses the obsolete IPv6 ioctls SIOCGDRLST_IN6, SIOCGPRLST_IN6, OSIOCGIFINFO_IN6 anymore. Remove them together with the structs in6_drlist, in6_oprlist, in6_prlist, in6_ondireq and the kernel implementation. OK mikeb@ henning@
|
#
1.32 |
|
11-Aug-2013 |
bluhm |
To control the lifetime of IPv6 addresses, prefixes and default routers, the kernel and ndp use a bunch of expire fields. Before they were int or u_long, convert expire to time_t in all structs. Move vltime and pltime to u_int32_t everywhere. Sort struct fields by size. Struct inet6_ndpr_msghdr is not used at all, so remove it.
Binary compatibility of rtsold and ndp break with this change as rtsold uses in6_drlist and ndp uses in6_defrouter and in6_prefix to interact with the kernel.
OK mpi@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.31 |
|
01-Jul-2013 |
bluhm |
Do not access queue fields directly, use FOREACH() macro instead. No binary change. OK mikeb@ mpi@
|
#
1.30 |
|
11-Mar-2013 |
mpi |
Remove unused code manipulating a default interface and its index, This is a leftover from the on-link assumption behavior removal, which has been deprecated by RFC4861 anyway.
ok mikeb@, bluhm@, florian@
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.29 |
|
14-Feb-2012 |
sthen |
typo in comment.
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.28 |
|
03-Apr-2011 |
stsp |
fix typos in comments ok deraadt henning sthen thib (though thib says he can't spell)
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE
|
#
1.27 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE
|
#
1.26 |
|
11-Jun-2008 |
mcbride |
From KAME, allow adjustable limits on NDP entries and discovered routes.
ok mpf naddy
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.25 |
|
08-Jul-2003 |
itojun |
unifdef -U__otherBSD__
|
#
1.24 |
|
27-Jun-2003 |
itojun |
split ND6 cache timer management to per-entry. increased accuracy, no O(N) loop. sync w/ kame. marc tested, daniel ok
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_A UBC_SYNC_B
|
#
1.23 |
|
08-Jun-2002 |
itojun |
gc
|
#
1.22 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.21 |
|
07-Jun-2002 |
itojun |
cope with cases where maxmtu == 0 (shouldn't happen)
|
#
1.20 |
|
05-Jun-2002 |
itojun |
be sure to use L3 MTU, not L2 MTU, when specified in spec (affects FDDI/ARCnet)
|
#
1.19 |
|
30-May-2002 |
itojun |
improve nd6_setmtu(), to warn too-small MTU on SIOCSIFMTU. sync w/kame
|
#
1.18 |
|
29-May-2002 |
itojun |
no need to supply obsolete field name "receivedra"
|
#
1.17 |
|
29-May-2002 |
itojun |
attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.16 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
#
1.15 |
|
23-Jan-2002 |
fgsch |
compatability -> compatibility.
|
Revision tags: OPENBSD_2_9_BASE OPENBSD_3_0_BASE UBC_BASE
|
#
1.14 |
|
23-Feb-2001 |
itojun |
branches: 1.14.6; garbage-collect stale ND entries (default: 1 day). RFC 2461 5.3. sync with kame.
|
#
1.13 |
|
23-Feb-2001 |
itojun |
remove unnecessary state, ND6_LLINFO_WAITDELETE, from neighbor cache state machine. no need for RTF_REJECT on neighbor cache entires, they are leftover from ARP code. sync with kame.
|
#
1.12 |
|
08-Feb-2001 |
itojun |
when chasing nd6_llinfo chain, make sure we do not touch dangling pointer (due to RTM_DELETE during default router list management). from kame
|
#
1.11 |
|
08-Feb-2001 |
itojun |
use timeout_xx() throughout sys/netinet6. sync with kame.
|
#
1.10 |
|
07-Feb-2001 |
itojun |
by default, don't bark on inbound ND messages, as outsider may be able to fill up /var with bogus packets. setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid ND packet and other occasions.
improve icmp6 stats.
|
#
1.9 |
|
19-Jan-2001 |
itojun |
pull post-4.4BSD change to sys/net/route.c from BSD/OS 4.2 (UCB copyrighted).
have sys/net/route.c:rtrequest1(), which takes rt_addrinfo * as the argument. pass rt_addrinfo all the way down to rtrequest, and ifa->ifa_rtrequest. 3rd arg of ifa->ifa_rtrequest is now rt_addrinfo * instead of sockaddr * (almost noone is using it anyways).
benefit: the follwoing command now works. previously we need two route(8) invocations, "add" then "change". # route add -inet6 default ::1 -ifp gif0
remove unsafe typecast in rtrequest(), from rtentry * to sockaddr *. it was introduced by 4.3BSD-reno and never corrected.
XXX is eon_rtrequest() change correct regarding to 3rd arg? eon_rtrequest() and rtrequest() were incorrect since 4.3BSD-reno, so i do not have correct answer in the source code. someone with more clue about netiso-over-ip, please help.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.8 |
|
06-Jul-2000 |
itojun |
- more icmp6/ip6 stats. - protect IPv6 ND from being hosed (due to neighbor unreachability detection hint) by wrong tcp traffic. still not sure if there's real attack, but it is good to be cautious. - avoid bitfield for router renumbering header decl. - implement packet-per-sec limitation for icmp6 errors, turn interval limit off (it is not very useful due to unix timer resolution).
|
#
1.7 |
|
19-May-2000 |
itojun |
never forward packet with link-local address. experimental support for new loopback packet handling (with FAKE_LOOPBACK_IF, rcvif will be set to real outgoing interface, not the loopback, to honor scope) sync with kame.
|
#
1.6 |
|
15-May-2000 |
itojun |
perform NUD on p2p link, only if the destination/gateway is real neighbor. this removes temporary workaround (no NUD on p2p link). KAME PR 245.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.5 |
|
17-Apr-2000 |
itojun |
revisit in6_ifattach(). (1) make it more persistent about initializaing an interface (2) cleanup interface id selection. run NUD on p2p interface (required by spec for bidir p2p interface). add "ndp -i interface" (can tweak per-interface ND flag). (sync with more recent kame)
|
#
1.4 |
|
28-Feb-2000 |
itojun |
bring in recent KAME changes (only important and stable ones, as usual). - remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works just like "arp -s". - revise source address selection. be more careful about use of yet-to-be-valid addresses as source. - as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope packet forwarding attempt. - path MTU discovery takes care of routing header properly. - be more strict about mbuf chain parsing. - nuke xxCTL_VARS #define, they are for BSDI. - disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit IPv6 model where multiple address on interface is normal. (kernel side supports them for a while for backward compat, the support will be nuked shortly) - introduce "default outgoing interface" (for spec conformance in very rare case)
|
Revision tags: SMP_BASE
|
#
1.3 |
|
04-Feb-2000 |
itojun |
branches: 1.3.2; more coverage of in6_ifdetach()'s cleanup process. bug fix in SIOCGIFADDR_IN6 (point to point case).
|
#
1.2 |
|
08-Jan-2000 |
deraadt |
use arc4random() instead of random for two reasons. 1) on some architectures, random() should only be used by the scheduler (ie. statintr() because it is uniformly distributed 2) arc4random() is actually strong, random() is not at all
|
Revision tags: kame_19991208
|
#
1.1 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
#
1.90 |
|
28-Nov-2022 |
kn |
Document struct nd_ifinfo protection, remove obsolete .initialized member
All access to struct ifnet's member *if_nd is read-only, with the one write exception being nd6_slowtimo() updating ND information.
IPv6 Neighbour Discovery information is fully protected by the net lock. --- nd6_ifattach() allocates and unconditionally initialises struct ifnet's *if_nd member, so early in if_attachsetup() that there is no way to query unitialised Neighour Unreachable Detection bits.
Only SIOCGIFINFO_IN6 through ndp(8) used the .initialized member: Added/set since 2002 sys/netinet6/nd6.c r1.42 attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
Read since 2002 usr.sbin/ndp/ndp.c r1.16 use new SIOCGIFINFO_IN6. random other cleanups. sync w/kame.
Obsolete since 2017 sys/netinet6/nd6.c r1.217 usr.sbin/ndp/ndp.c r1.85 Remove knob and always do neighbor unreachable detection.
Feedback OK bluhm
|
#
1.89 |
|
23-Nov-2022 |
kn |
Remove unused NDPRF_* defines; dead since 2017 sys/netinet6/nd6.c r1.210
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Outside of _KERNEL, but nothing in base uses it, either. codesearch.debian.net seems to agree.
OK mvs claudio bluhm
|
#
1.88 |
|
23-Nov-2022 |
kn |
Remove unused struct in6_ndifreq; dead since 2013 sys/netinet6/in6_var.h r1.37
Remove unused code manipulating a default interface and its index This is a leftover from the on-link assumption behavior removal, which has been deprecated by RFC4861 anyway.
Outside of _KERNEL, but nothing in base uses it, either. codesearch.debian.net seems to agree.
OK mvs claudio bluhm
|
#
1.87 |
|
23-Nov-2022 |
kn |
Remove unused struct prf_ra; dead since 2017 sys/netinet/icmp6.h r1.45
Get rid of ICMPV6CTL_ND6_DRLIST and ICMPV6CTL_ND6_PRLIST sysctls With this we can also get rid of in6_prefix and in6_defrouter. They are meaningless, the kernel no longer tracks this information.
Outside of _KERNEL, but nothing in base uses it, either. codesearch.debian.net seems to agree.
OK mvs claudio bluhm
|
#
1.86 |
|
23-Nov-2022 |
kn |
Inline useless ND_IFINFO() macro
A single cast-free struct pointer dereference needs no indirection. ND_IFINFO() is under _KERNEL.
OK mvs
|
#
1.85 |
|
23-Nov-2022 |
kn |
Let nd6_if{at,de}tach() be void and take an ifp argument
Do it like the rest of at/detach routines which modify a struct ifnet pointer without returning anything.
OK mvs
|
#
1.84 |
|
23-Nov-2022 |
kn |
Add *if_nd to struct ifnet, call nd6_if{at,de}tach() directly
*if_afdata[] and struct domain's dom_if{at,de}tach() are only used with IPv6 Neighbour Discovery in6_dom{at,de}tach(), which allocate/init and free single struct nd_ifinfo.
Set up a new ND-specific *if_nd member directly to avoid yet another layer of indirection and thus make the generic domain API obsolete.
The per-interface data is only accessed in nd6.c and nd6_nbr.c through the ND_IFINFO() macro; it is allocated and freed exactly once during interface at/detach, so document it as [I]mmutable.
OK bluhm mvs claudio
|
#
1.83 |
|
23-Nov-2022 |
kn |
Recommit previous "Remove useless struct in6_ifextra"
This was the right diff after all, I just confused myself between trees.
OK bluhm --- Remove useless struct in6_ifextra
in6_var.h r1.75 removed all other struct members.
Now It only contains a single struct nd_ifinfo pointer, so address family specific data might as well be just that.
ND_IFINFO() is the only way nd6_nbr.c and nd6.c access this data, there is no other usage of if_afdata[].
One allocation and unhelpful indirection less per interface.
All under _KERNEL.
OK claudio
|
#
1.82 |
|
22-Nov-2022 |
kn |
Backout "Remove useless struct in6_ifextra" commit
I committed the wrong iteration of this diff, sorry for the noise.
|
#
1.81 |
|
22-Nov-2022 |
kn |
Remove useless struct in6_ifextra
in6_var.h r1.75 removed all other struct members.
Now It only contains a single struct nd_ifinfo pointer, so address family specific data might as well be just that.
ND_IFINFO() is the only way nd6_nbr.c and nd6.c access this data, there is no other usage of if_afdata[].
One allocation and unhelpful indirection less per interface.
All under _KERNEL.
OK claudio
|
#
1.80 |
|
12-Nov-2022 |
kn |
Remove unused RS_LHCOOKIE macro
Added in 2014 110585f259f4974284e531f0a1e121b001a580dc Move sending of router solicitations to the kernel; [...] but never used.
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.79 |
|
08-Aug-2022 |
kn |
Constify in6_addr pointer arguments in nd6_*() functions
All of them are passed to inspect/copy out fields, none of the functions writes to the struct.
This makes it easier to argue about code (in MP context).
OK bluhm
|
#
1.78 |
|
28-Jul-2022 |
kn |
Zap prototypes for nonexistent nd6_setmtu() and in6_ifdel()
Removed in 2015 and 2002, respectively.
OK claudio
|
#
1.77 |
|
22-Jul-2022 |
kn |
Leftovers from florian's RS/NA purge from the kernel in 2017.
OK bluhm
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE
|
#
1.76 |
|
28-Mar-2020 |
florian |
Move ND6_PRIV_* constants from nd6.h to slaacd the only place where they are used. Nobody in the wider eco system uses these. While here reduce temporary address valid lifetime to 2 days as per draft-ietf-6man-rfc4941bis. This should considerably reduce the amount of addresses configured on an interface - a common complaint. Original diff from Fernando Gont (fernando AT gont.com.ar), thanks! Ports tree scanning by sthen@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.75 |
|
21-Jun-2019 |
mpi |
Prevent recursions by not deleting entries inside rtable_walk(9).
rtable_walk(9) now passes a routing entry back to the caller when a non zero value is returned and if it asked for it. This allows us to call rtdeletemsg()/rtrequest_delete() from the caller without creating a recursion because of rtflushclone().
Multicast code hasn't been adapted and is still possibly creating recursions. However multicast route entries aren't cloned so if a recursion exists it isn't because of rtflushclone().
Fix stack exhaustion triggered by the use of "-msave-args".
Issue reported by D��niel L��vai on bugs@ confirmed by and ok bluhm@.
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.74 |
|
27-Nov-2017 |
mpi |
Use a single timer for all ND6 entries.
This prevents a use-after-free reported by Hrvoje Popovski where the timeout function was already sleeping on the NET_LOCK() when ifconfig(8) removed the enry from the table.
By iterating on a global list in the timeout routine we ensure that the items are still valid when we process them. This also reduce differences with ARP.
ok bluhm@, visa@
|
#
1.73 |
|
03-Nov-2017 |
florian |
We are processing Router Solicitation / Advertisement messages only for the Source Link-layer Address Options. Merge nd6_rs_input() and nd6_ra_input() into one generic function that does just that.
input & OK mpi
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.72 |
|
09-Aug-2017 |
florian |
Remove knob and always do neighbor unreachable detection.
|
#
1.71 |
|
09-Aug-2017 |
florian |
accept_rtadv doesn't do anything since some time. OK mpi
|
#
1.70 |
|
09-Aug-2017 |
florian |
We are no longer generating privacy addresses in the kernel. OK mpi
|
#
1.69 |
|
08-Aug-2017 |
florian |
Stop running nd6_expire every second. We know when pltime or vltime decrease to zero. Run nd6_expire then. Input & OK mpi, bluhm
|
#
1.68 |
|
12-Jul-2017 |
florian |
Get rid of ICMPV6CTL_ND6_DRLIST and ICMPV6CTL_ND6_PRLIST sysctls With this we can also get rid of in6_prefix and in6_defrouter. They are meaningless, the kernel no longer tracks this information.
Pointed out by & OK mpi
|
#
1.67 |
|
11-Jul-2017 |
florian |
Purging is at last at hand. Day of Doom is here. All that is evil shall all be cleansed.
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Input & OK bluhm@, mpi@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.66 |
|
27-Dec-2016 |
bluhm |
Move nd6 timer initialisation to nd6_init() and call timeout_set() only once during init. OK mpi@
|
#
1.65 |
|
28-Nov-2016 |
mpi |
Remove multiple recursive splsoftnet().
ok bluhm@
|
#
1.64 |
|
21-Nov-2016 |
mpi |
Assert that prelist_update() is always called at IPL_SOFTNET.
While here use __func__ in debug strings to reduce noise when grepping.
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.63 |
|
13-Jul-2016 |
dlg |
store nd6 expiries in the route, not separately in the llinfo struct.
this makes it more consistent with arp, and makes expiries visible via route(8) get as well as ndp(8).
ok mpi@ florian@
|
#
1.62 |
|
15-Jun-2016 |
mpi |
Kill nd6_output(), it doesn't do anything since the resolution logic has been moved to nd6_resolve().
ok visa@, millert@, florian@, sthen@
|
#
1.61 |
|
08-Jun-2016 |
mpi |
Move ND resoluton logic from nd6_output() to nd6_storelladdr() and rename it to nd6_resolve().
This allows us to get rid of non-Ethernet hacks by moving Ethernet specific logic in the appropriate layer.
ok sthen@
|
#
1.60 |
|
01-Jun-2016 |
dlg |
make nd6_llinfo_settimer take seconds instead of ticks.
most callers are working in seconds, internally it uses seconds, and you can call timeout_add_sec as easily as timeout_add.
this also fixes an issue with an nd_defrouter expire which was incorrectly scaled with ticks in a comparison.
ok mpi@
|
#
1.59 |
|
30-May-2016 |
dlg |
remove code compensating for the "short" range of timeouts.
the nd6 code for managing expiries is never asked to handle intervals greater than what timeouts can handle, so we dont need to overcompensate.
the code was also incorrect by using a long, which isnt that long on ILP32 machines.
ok mpi@ millert@ benno@
|
#
1.58 |
|
30-Mar-2016 |
mpi |
Implement proxy ARP for ART based on mpath support.
Since mpath is not enabled in RAMDISK, proxy ARP won't work there either.
ok bluhm@
|
#
1.57 |
|
03-Mar-2016 |
jca |
Kill IPv6 prefix and router renumbering ioctls.
Router renumbering was never supported, prefix ioctls were deprecated ~15 years ago. Move some items in netinet6/nd6.h where they are still used.
ok mikeb@ mpi@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.56 |
|
18-Dec-2015 |
tb |
Convert arc4random() to arc4random_uniorm(). Diff by Matthew Martin.
Ensure that arc4random_uniform() doesn't loop by redefining ND6_MAX_DESYNC_FACTOR to be 512, the largest power of two smaller than the RFC-specified 600 seconds. Suggested by florian@ and deraadt@
ok florian@, sthen@ in this form, arc4random change ok djm@, tedu@
|
#
1.55 |
|
06-Nov-2015 |
mpi |
Change nd6_nud_hint() to no longer manipulate rt_ifp directly.
While here remove unused argument and convert the route check to rtisvalid(9).
ok bluhm@
|
#
1.54 |
|
02-Nov-2015 |
bluhm |
Implement the list of nd6 llinfo entries with a TAILQ. OK millert@ mpi@
|
#
1.53 |
|
02-Nov-2015 |
mpi |
Prefer an existing refcounted ``ifp'' to rt_ifp when possible or use the interface index directly.
ok bluhm@
|
#
1.52 |
|
28-Oct-2015 |
florian |
Remove linkmtu and maxmtu from struct nd_ifinfo. IN6_LINKMTU can now die and ifp->if_mtu is the one true mtu. Suggested by and OK mpi@
|
#
1.51 |
|
25-Oct-2015 |
mpi |
Introduce if_rtrequest() the successor of ifa_rtrequest().
L2 resolution depends on the protocol (encoded in the route entry) and an ``ifp''. Not having to care about an ``ifa'' makes our life easier in our MP effort. Fewer dependencies between data structures implies fewer headaches.
Discussed with bluhm@, ok claudio@
|
#
1.50 |
|
24-Oct-2015 |
mpi |
Ignore Router Advertisment's current hop limit.
Appart from the usual inet6 axe murdering exercise to keep you fit, this allows us to get rid of a lot of layer violation due to the use of per- ifp variables to store the current hop limit.
Imputs from bluhm@, ok phessler@, florian@, bluhm@
|
#
1.49 |
|
31-Aug-2015 |
mpi |
The return value of nd6_cache_lladdr() is never used so make it a void.
Fewer "struct rtentry" left in the wild!
|
#
1.48 |
|
24-Aug-2015 |
mpi |
nd6_prefix_add() is no longer used and die.
|
#
1.47 |
|
24-Aug-2015 |
mpi |
Start moving away from the global prefix list by limiting its usage to AUTOCONF'd addresses.
This prevent the kernel from removing connected (/64) routes as soon as it configures an AUTOCONF'd address based on a RA.
Tested by sebastia@, ok sthen@
|
#
1.46 |
|
24-Aug-2015 |
mpi |
Rework the code to decide when to perform DAD to no longer rely on the IN6_IFF_NODAD pseudo-flag not being set.
This was just a flag for spaghetti code that should not exist in the first place.
Tested by sebastia@, ok sthen@
|
#
1.45 |
|
18-Aug-2015 |
mpi |
Call rtfree(9) when we no longer need the route entry rather than decrementing rt_refcnt just after rtrequest1(9).
While here reduce the differences with rt_ifa_add(9). There's still an ambiguity about rtrequest1(9)'s return value, but bluhm@ will address that in a different diff.
Discussed with and ok bluhm@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.44 |
|
18-Jul-2015 |
mpi |
Merge two identical chunks to add new prefixes to the global data structures into a function.
ok florian@
|
#
1.43 |
|
16-Jul-2015 |
mpi |
Properly layer Router Solicitation code.
Tweak and ok florian@
|
#
1.42 |
|
09-Jul-2015 |
mpi |
Remove unused arguments and the associated code from nd6_nud_hint().
ok claudio@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.41 |
|
20-Nov-2014 |
mpi |
Rework the handling of interfaces and IPv6 addresses for local delivery.
- Unicast packets sent to any local address will have their interface set to loobpack.
- In order to differentiate traffic from interfaces having identical link-local addresses, provide the scoped addresses to pf(4).
- Update the icmp6 state lookup logic to match scoped MLL addresses.
- Remove a shortcut in ip6_input() that bypasses pf and always look for an RTF_LOCAL route.
Packets sent to multicast addresses still retain their original interface due to the fact that local multicast packet delivering does not use if_output.
This makes ping6 to link-local addresses work even with pf enabled and "set skip" on loopbacks, reported by Pieter Verberne.
Debugged, analysed and tested with mikeb@.
ok mikeb@, henning@, sthen@
|
#
1.40 |
|
10-Nov-2014 |
mpi |
Do not pass an ifa pointer when we already have a DAD descriptor.
Tweaks and ok florian@
|
#
1.39 |
|
25-Aug-2014 |
florian |
Move sending of router solicitations to the kernel; receiving and processing of router advertisements was already in the kernel. With this rtsol{,d}(8) is no longer necessary.
The kernel starts sending solicitations with # ifconfig $IF inet6 autoconf or inet6 autoconf in /etc/hostname.$IF.
input stsp@ much help & OK mpi@ tweaks & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.38 |
|
11-Jul-2014 |
blambert |
move IPv6 prefix adding from workq to taskq; as a happy benefit, we can delete 2 dozen or so lines that check to see if we've queued up a prefix addition multiple times.
ok stsp@
|
#
1.37 |
|
07-May-2014 |
mpi |
Kill the {nd6_,}useloopback buttons, using the loopback interface for local traffic is not optional.
ok mikeb@, stsp@, jca@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.36 |
|
07-Jan-2014 |
mikeb |
Propagate an rdomain number to the nd6_lookup independently from the ifp pointer which can be NULL. This prevents a crash reported by David Hill <dhill at mindcry ! org>. OK bluhm
|
#
1.35 |
|
25-Oct-2013 |
deraadt |
More _KERNEL namespace cleanup, just in case something out there includes this.
|
#
1.34 |
|
28-Aug-2013 |
mpi |
Remove unused argument from *rtrequest()
ok krw@, mikeb@
|
#
1.33 |
|
26-Aug-2013 |
bluhm |
No one uses the obsolete IPv6 ioctls SIOCGDRLST_IN6, SIOCGPRLST_IN6, OSIOCGIFINFO_IN6 anymore. Remove them together with the structs in6_drlist, in6_oprlist, in6_prlist, in6_ondireq and the kernel implementation. OK mikeb@ henning@
|
#
1.32 |
|
11-Aug-2013 |
bluhm |
To control the lifetime of IPv6 addresses, prefixes and default routers, the kernel and ndp use a bunch of expire fields. Before they were int or u_long, convert expire to time_t in all structs. Move vltime and pltime to u_int32_t everywhere. Sort struct fields by size. Struct inet6_ndpr_msghdr is not used at all, so remove it.
Binary compatibility of rtsold and ndp break with this change as rtsold uses in6_drlist and ndp uses in6_defrouter and in6_prefix to interact with the kernel.
OK mpi@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.31 |
|
01-Jul-2013 |
bluhm |
Do not access queue fields directly, use FOREACH() macro instead. No binary change. OK mikeb@ mpi@
|
#
1.30 |
|
11-Mar-2013 |
mpi |
Remove unused code manipulating a default interface and its index, This is a leftover from the on-link assumption behavior removal, which has been deprecated by RFC4861 anyway.
ok mikeb@, bluhm@, florian@
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.29 |
|
14-Feb-2012 |
sthen |
typo in comment.
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.28 |
|
03-Apr-2011 |
stsp |
fix typos in comments ok deraadt henning sthen thib (though thib says he can't spell)
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE
|
#
1.27 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE
|
#
1.26 |
|
11-Jun-2008 |
mcbride |
From KAME, allow adjustable limits on NDP entries and discovered routes.
ok mpf naddy
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.25 |
|
08-Jul-2003 |
itojun |
unifdef -U__otherBSD__
|
#
1.24 |
|
27-Jun-2003 |
itojun |
split ND6 cache timer management to per-entry. increased accuracy, no O(N) loop. sync w/ kame. marc tested, daniel ok
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_A UBC_SYNC_B
|
#
1.23 |
|
08-Jun-2002 |
itojun |
gc
|
#
1.22 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.21 |
|
07-Jun-2002 |
itojun |
cope with cases where maxmtu == 0 (shouldn't happen)
|
#
1.20 |
|
05-Jun-2002 |
itojun |
be sure to use L3 MTU, not L2 MTU, when specified in spec (affects FDDI/ARCnet)
|
#
1.19 |
|
30-May-2002 |
itojun |
improve nd6_setmtu(), to warn too-small MTU on SIOCSIFMTU. sync w/kame
|
#
1.18 |
|
29-May-2002 |
itojun |
no need to supply obsolete field name "receivedra"
|
#
1.17 |
|
29-May-2002 |
itojun |
attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.16 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
#
1.15 |
|
23-Jan-2002 |
fgsch |
compatability -> compatibility.
|
Revision tags: OPENBSD_2_9_BASE OPENBSD_3_0_BASE UBC_BASE
|
#
1.14 |
|
23-Feb-2001 |
itojun |
branches: 1.14.6; garbage-collect stale ND entries (default: 1 day). RFC 2461 5.3. sync with kame.
|
#
1.13 |
|
23-Feb-2001 |
itojun |
remove unnecessary state, ND6_LLINFO_WAITDELETE, from neighbor cache state machine. no need for RTF_REJECT on neighbor cache entires, they are leftover from ARP code. sync with kame.
|
#
1.12 |
|
08-Feb-2001 |
itojun |
when chasing nd6_llinfo chain, make sure we do not touch dangling pointer (due to RTM_DELETE during default router list management). from kame
|
#
1.11 |
|
08-Feb-2001 |
itojun |
use timeout_xx() throughout sys/netinet6. sync with kame.
|
#
1.10 |
|
07-Feb-2001 |
itojun |
by default, don't bark on inbound ND messages, as outsider may be able to fill up /var with bogus packets. setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid ND packet and other occasions.
improve icmp6 stats.
|
#
1.9 |
|
19-Jan-2001 |
itojun |
pull post-4.4BSD change to sys/net/route.c from BSD/OS 4.2 (UCB copyrighted).
have sys/net/route.c:rtrequest1(), which takes rt_addrinfo * as the argument. pass rt_addrinfo all the way down to rtrequest, and ifa->ifa_rtrequest. 3rd arg of ifa->ifa_rtrequest is now rt_addrinfo * instead of sockaddr * (almost noone is using it anyways).
benefit: the follwoing command now works. previously we need two route(8) invocations, "add" then "change". # route add -inet6 default ::1 -ifp gif0
remove unsafe typecast in rtrequest(), from rtentry * to sockaddr *. it was introduced by 4.3BSD-reno and never corrected.
XXX is eon_rtrequest() change correct regarding to 3rd arg? eon_rtrequest() and rtrequest() were incorrect since 4.3BSD-reno, so i do not have correct answer in the source code. someone with more clue about netiso-over-ip, please help.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.8 |
|
06-Jul-2000 |
itojun |
- more icmp6/ip6 stats. - protect IPv6 ND from being hosed (due to neighbor unreachability detection hint) by wrong tcp traffic. still not sure if there's real attack, but it is good to be cautious. - avoid bitfield for router renumbering header decl. - implement packet-per-sec limitation for icmp6 errors, turn interval limit off (it is not very useful due to unix timer resolution).
|
#
1.7 |
|
19-May-2000 |
itojun |
never forward packet with link-local address. experimental support for new loopback packet handling (with FAKE_LOOPBACK_IF, rcvif will be set to real outgoing interface, not the loopback, to honor scope) sync with kame.
|
#
1.6 |
|
15-May-2000 |
itojun |
perform NUD on p2p link, only if the destination/gateway is real neighbor. this removes temporary workaround (no NUD on p2p link). KAME PR 245.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.5 |
|
17-Apr-2000 |
itojun |
revisit in6_ifattach(). (1) make it more persistent about initializaing an interface (2) cleanup interface id selection. run NUD on p2p interface (required by spec for bidir p2p interface). add "ndp -i interface" (can tweak per-interface ND flag). (sync with more recent kame)
|
#
1.4 |
|
28-Feb-2000 |
itojun |
bring in recent KAME changes (only important and stable ones, as usual). - remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works just like "arp -s". - revise source address selection. be more careful about use of yet-to-be-valid addresses as source. - as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope packet forwarding attempt. - path MTU discovery takes care of routing header properly. - be more strict about mbuf chain parsing. - nuke xxCTL_VARS #define, they are for BSDI. - disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit IPv6 model where multiple address on interface is normal. (kernel side supports them for a while for backward compat, the support will be nuked shortly) - introduce "default outgoing interface" (for spec conformance in very rare case)
|
Revision tags: SMP_BASE
|
#
1.3 |
|
04-Feb-2000 |
itojun |
branches: 1.3.2; more coverage of in6_ifdetach()'s cleanup process. bug fix in SIOCGIFADDR_IN6 (point to point case).
|
#
1.2 |
|
08-Jan-2000 |
deraadt |
use arc4random() instead of random for two reasons. 1) on some architectures, random() should only be used by the scheduler (ie. statintr() because it is uniformly distributed 2) arc4random() is actually strong, random() is not at all
|
Revision tags: kame_19991208
|
#
1.1 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
#
1.89 |
|
23-Nov-2022 |
kn |
Remove unused NDPRF_* defines; dead since 2017 sys/netinet6/nd6.c r1.210
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Outside of _KERNEL, but nothing in base uses it, either. codesearch.debian.net seems to agree.
OK mvs claudio bluhm
|
#
1.88 |
|
23-Nov-2022 |
kn |
Remove unused struct in6_ndifreq; dead since 2013 sys/netinet6/in6_var.h r1.37
Remove unused code manipulating a default interface and its index This is a leftover from the on-link assumption behavior removal, which has been deprecated by RFC4861 anyway.
Outside of _KERNEL, but nothing in base uses it, either. codesearch.debian.net seems to agree.
OK mvs claudio bluhm
|
#
1.87 |
|
23-Nov-2022 |
kn |
Remove unused struct prf_ra; dead since 2017 sys/netinet/icmp6.h r1.45
Get rid of ICMPV6CTL_ND6_DRLIST and ICMPV6CTL_ND6_PRLIST sysctls With this we can also get rid of in6_prefix and in6_defrouter. They are meaningless, the kernel no longer tracks this information.
Outside of _KERNEL, but nothing in base uses it, either. codesearch.debian.net seems to agree.
OK mvs claudio bluhm
|
#
1.86 |
|
23-Nov-2022 |
kn |
Inline useless ND_IFINFO() macro
A single cast-free struct pointer dereference needs no indirection. ND_IFINFO() is under _KERNEL.
OK mvs
|
#
1.85 |
|
23-Nov-2022 |
kn |
Let nd6_if{at,de}tach() be void and take an ifp argument
Do it like the rest of at/detach routines which modify a struct ifnet pointer without returning anything.
OK mvs
|
#
1.84 |
|
23-Nov-2022 |
kn |
Add *if_nd to struct ifnet, call nd6_if{at,de}tach() directly
*if_afdata[] and struct domain's dom_if{at,de}tach() are only used with IPv6 Neighbour Discovery in6_dom{at,de}tach(), which allocate/init and free single struct nd_ifinfo.
Set up a new ND-specific *if_nd member directly to avoid yet another layer of indirection and thus make the generic domain API obsolete.
The per-interface data is only accessed in nd6.c and nd6_nbr.c through the ND_IFINFO() macro; it is allocated and freed exactly once during interface at/detach, so document it as [I]mmutable.
OK bluhm mvs claudio
|
#
1.83 |
|
23-Nov-2022 |
kn |
Recommit previous "Remove useless struct in6_ifextra"
This was the right diff after all, I just confused myself between trees.
OK bluhm --- Remove useless struct in6_ifextra
in6_var.h r1.75 removed all other struct members.
Now It only contains a single struct nd_ifinfo pointer, so address family specific data might as well be just that.
ND_IFINFO() is the only way nd6_nbr.c and nd6.c access this data, there is no other usage of if_afdata[].
One allocation and unhelpful indirection less per interface.
All under _KERNEL.
OK claudio
|
#
1.82 |
|
22-Nov-2022 |
kn |
Backout "Remove useless struct in6_ifextra" commit
I committed the wrong iteration of this diff, sorry for the noise.
|
#
1.81 |
|
22-Nov-2022 |
kn |
Remove useless struct in6_ifextra
in6_var.h r1.75 removed all other struct members.
Now It only contains a single struct nd_ifinfo pointer, so address family specific data might as well be just that.
ND_IFINFO() is the only way nd6_nbr.c and nd6.c access this data, there is no other usage of if_afdata[].
One allocation and unhelpful indirection less per interface.
All under _KERNEL.
OK claudio
|
#
1.80 |
|
12-Nov-2022 |
kn |
Remove unused RS_LHCOOKIE macro
Added in 2014 110585f259f4974284e531f0a1e121b001a580dc Move sending of router solicitations to the kernel; [...] but never used.
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.79 |
|
08-Aug-2022 |
kn |
Constify in6_addr pointer arguments in nd6_*() functions
All of them are passed to inspect/copy out fields, none of the functions writes to the struct.
This makes it easier to argue about code (in MP context).
OK bluhm
|
#
1.78 |
|
28-Jul-2022 |
kn |
Zap prototypes for nonexistent nd6_setmtu() and in6_ifdel()
Removed in 2015 and 2002, respectively.
OK claudio
|
#
1.77 |
|
22-Jul-2022 |
kn |
Leftovers from florian's RS/NA purge from the kernel in 2017.
OK bluhm
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE
|
#
1.76 |
|
28-Mar-2020 |
florian |
Move ND6_PRIV_* constants from nd6.h to slaacd the only place where they are used. Nobody in the wider eco system uses these. While here reduce temporary address valid lifetime to 2 days as per draft-ietf-6man-rfc4941bis. This should considerably reduce the amount of addresses configured on an interface - a common complaint. Original diff from Fernando Gont (fernando AT gont.com.ar), thanks! Ports tree scanning by sthen@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.75 |
|
21-Jun-2019 |
mpi |
Prevent recursions by not deleting entries inside rtable_walk(9).
rtable_walk(9) now passes a routing entry back to the caller when a non zero value is returned and if it asked for it. This allows us to call rtdeletemsg()/rtrequest_delete() from the caller without creating a recursion because of rtflushclone().
Multicast code hasn't been adapted and is still possibly creating recursions. However multicast route entries aren't cloned so if a recursion exists it isn't because of rtflushclone().
Fix stack exhaustion triggered by the use of "-msave-args".
Issue reported by D��niel L��vai on bugs@ confirmed by and ok bluhm@.
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.74 |
|
27-Nov-2017 |
mpi |
Use a single timer for all ND6 entries.
This prevents a use-after-free reported by Hrvoje Popovski where the timeout function was already sleeping on the NET_LOCK() when ifconfig(8) removed the enry from the table.
By iterating on a global list in the timeout routine we ensure that the items are still valid when we process them. This also reduce differences with ARP.
ok bluhm@, visa@
|
#
1.73 |
|
03-Nov-2017 |
florian |
We are processing Router Solicitation / Advertisement messages only for the Source Link-layer Address Options. Merge nd6_rs_input() and nd6_ra_input() into one generic function that does just that.
input & OK mpi
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.72 |
|
09-Aug-2017 |
florian |
Remove knob and always do neighbor unreachable detection.
|
#
1.71 |
|
09-Aug-2017 |
florian |
accept_rtadv doesn't do anything since some time. OK mpi
|
#
1.70 |
|
09-Aug-2017 |
florian |
We are no longer generating privacy addresses in the kernel. OK mpi
|
#
1.69 |
|
08-Aug-2017 |
florian |
Stop running nd6_expire every second. We know when pltime or vltime decrease to zero. Run nd6_expire then. Input & OK mpi, bluhm
|
#
1.68 |
|
12-Jul-2017 |
florian |
Get rid of ICMPV6CTL_ND6_DRLIST and ICMPV6CTL_ND6_PRLIST sysctls With this we can also get rid of in6_prefix and in6_defrouter. They are meaningless, the kernel no longer tracks this information.
Pointed out by & OK mpi
|
#
1.67 |
|
11-Jul-2017 |
florian |
Purging is at last at hand. Day of Doom is here. All that is evil shall all be cleansed.
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Input & OK bluhm@, mpi@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.66 |
|
27-Dec-2016 |
bluhm |
Move nd6 timer initialisation to nd6_init() and call timeout_set() only once during init. OK mpi@
|
#
1.65 |
|
28-Nov-2016 |
mpi |
Remove multiple recursive splsoftnet().
ok bluhm@
|
#
1.64 |
|
21-Nov-2016 |
mpi |
Assert that prelist_update() is always called at IPL_SOFTNET.
While here use __func__ in debug strings to reduce noise when grepping.
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.63 |
|
13-Jul-2016 |
dlg |
store nd6 expiries in the route, not separately in the llinfo struct.
this makes it more consistent with arp, and makes expiries visible via route(8) get as well as ndp(8).
ok mpi@ florian@
|
#
1.62 |
|
15-Jun-2016 |
mpi |
Kill nd6_output(), it doesn't do anything since the resolution logic has been moved to nd6_resolve().
ok visa@, millert@, florian@, sthen@
|
#
1.61 |
|
08-Jun-2016 |
mpi |
Move ND resoluton logic from nd6_output() to nd6_storelladdr() and rename it to nd6_resolve().
This allows us to get rid of non-Ethernet hacks by moving Ethernet specific logic in the appropriate layer.
ok sthen@
|
#
1.60 |
|
01-Jun-2016 |
dlg |
make nd6_llinfo_settimer take seconds instead of ticks.
most callers are working in seconds, internally it uses seconds, and you can call timeout_add_sec as easily as timeout_add.
this also fixes an issue with an nd_defrouter expire which was incorrectly scaled with ticks in a comparison.
ok mpi@
|
#
1.59 |
|
30-May-2016 |
dlg |
remove code compensating for the "short" range of timeouts.
the nd6 code for managing expiries is never asked to handle intervals greater than what timeouts can handle, so we dont need to overcompensate.
the code was also incorrect by using a long, which isnt that long on ILP32 machines.
ok mpi@ millert@ benno@
|
#
1.58 |
|
30-Mar-2016 |
mpi |
Implement proxy ARP for ART based on mpath support.
Since mpath is not enabled in RAMDISK, proxy ARP won't work there either.
ok bluhm@
|
#
1.57 |
|
03-Mar-2016 |
jca |
Kill IPv6 prefix and router renumbering ioctls.
Router renumbering was never supported, prefix ioctls were deprecated ~15 years ago. Move some items in netinet6/nd6.h where they are still used.
ok mikeb@ mpi@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.56 |
|
18-Dec-2015 |
tb |
Convert arc4random() to arc4random_uniorm(). Diff by Matthew Martin.
Ensure that arc4random_uniform() doesn't loop by redefining ND6_MAX_DESYNC_FACTOR to be 512, the largest power of two smaller than the RFC-specified 600 seconds. Suggested by florian@ and deraadt@
ok florian@, sthen@ in this form, arc4random change ok djm@, tedu@
|
#
1.55 |
|
06-Nov-2015 |
mpi |
Change nd6_nud_hint() to no longer manipulate rt_ifp directly.
While here remove unused argument and convert the route check to rtisvalid(9).
ok bluhm@
|
#
1.54 |
|
02-Nov-2015 |
bluhm |
Implement the list of nd6 llinfo entries with a TAILQ. OK millert@ mpi@
|
#
1.53 |
|
02-Nov-2015 |
mpi |
Prefer an existing refcounted ``ifp'' to rt_ifp when possible or use the interface index directly.
ok bluhm@
|
#
1.52 |
|
28-Oct-2015 |
florian |
Remove linkmtu and maxmtu from struct nd_ifinfo. IN6_LINKMTU can now die and ifp->if_mtu is the one true mtu. Suggested by and OK mpi@
|
#
1.51 |
|
25-Oct-2015 |
mpi |
Introduce if_rtrequest() the successor of ifa_rtrequest().
L2 resolution depends on the protocol (encoded in the route entry) and an ``ifp''. Not having to care about an ``ifa'' makes our life easier in our MP effort. Fewer dependencies between data structures implies fewer headaches.
Discussed with bluhm@, ok claudio@
|
#
1.50 |
|
24-Oct-2015 |
mpi |
Ignore Router Advertisment's current hop limit.
Appart from the usual inet6 axe murdering exercise to keep you fit, this allows us to get rid of a lot of layer violation due to the use of per- ifp variables to store the current hop limit.
Imputs from bluhm@, ok phessler@, florian@, bluhm@
|
#
1.49 |
|
31-Aug-2015 |
mpi |
The return value of nd6_cache_lladdr() is never used so make it a void.
Fewer "struct rtentry" left in the wild!
|
#
1.48 |
|
24-Aug-2015 |
mpi |
nd6_prefix_add() is no longer used and die.
|
#
1.47 |
|
24-Aug-2015 |
mpi |
Start moving away from the global prefix list by limiting its usage to AUTOCONF'd addresses.
This prevent the kernel from removing connected (/64) routes as soon as it configures an AUTOCONF'd address based on a RA.
Tested by sebastia@, ok sthen@
|
#
1.46 |
|
24-Aug-2015 |
mpi |
Rework the code to decide when to perform DAD to no longer rely on the IN6_IFF_NODAD pseudo-flag not being set.
This was just a flag for spaghetti code that should not exist in the first place.
Tested by sebastia@, ok sthen@
|
#
1.45 |
|
18-Aug-2015 |
mpi |
Call rtfree(9) when we no longer need the route entry rather than decrementing rt_refcnt just after rtrequest1(9).
While here reduce the differences with rt_ifa_add(9). There's still an ambiguity about rtrequest1(9)'s return value, but bluhm@ will address that in a different diff.
Discussed with and ok bluhm@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.44 |
|
18-Jul-2015 |
mpi |
Merge two identical chunks to add new prefixes to the global data structures into a function.
ok florian@
|
#
1.43 |
|
16-Jul-2015 |
mpi |
Properly layer Router Solicitation code.
Tweak and ok florian@
|
#
1.42 |
|
09-Jul-2015 |
mpi |
Remove unused arguments and the associated code from nd6_nud_hint().
ok claudio@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.41 |
|
20-Nov-2014 |
mpi |
Rework the handling of interfaces and IPv6 addresses for local delivery.
- Unicast packets sent to any local address will have their interface set to loobpack.
- In order to differentiate traffic from interfaces having identical link-local addresses, provide the scoped addresses to pf(4).
- Update the icmp6 state lookup logic to match scoped MLL addresses.
- Remove a shortcut in ip6_input() that bypasses pf and always look for an RTF_LOCAL route.
Packets sent to multicast addresses still retain their original interface due to the fact that local multicast packet delivering does not use if_output.
This makes ping6 to link-local addresses work even with pf enabled and "set skip" on loopbacks, reported by Pieter Verberne.
Debugged, analysed and tested with mikeb@.
ok mikeb@, henning@, sthen@
|
#
1.40 |
|
10-Nov-2014 |
mpi |
Do not pass an ifa pointer when we already have a DAD descriptor.
Tweaks and ok florian@
|
#
1.39 |
|
25-Aug-2014 |
florian |
Move sending of router solicitations to the kernel; receiving and processing of router advertisements was already in the kernel. With this rtsol{,d}(8) is no longer necessary.
The kernel starts sending solicitations with # ifconfig $IF inet6 autoconf or inet6 autoconf in /etc/hostname.$IF.
input stsp@ much help & OK mpi@ tweaks & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.38 |
|
11-Jul-2014 |
blambert |
move IPv6 prefix adding from workq to taskq; as a happy benefit, we can delete 2 dozen or so lines that check to see if we've queued up a prefix addition multiple times.
ok stsp@
|
#
1.37 |
|
07-May-2014 |
mpi |
Kill the {nd6_,}useloopback buttons, using the loopback interface for local traffic is not optional.
ok mikeb@, stsp@, jca@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.36 |
|
07-Jan-2014 |
mikeb |
Propagate an rdomain number to the nd6_lookup independently from the ifp pointer which can be NULL. This prevents a crash reported by David Hill <dhill at mindcry ! org>. OK bluhm
|
#
1.35 |
|
25-Oct-2013 |
deraadt |
More _KERNEL namespace cleanup, just in case something out there includes this.
|
#
1.34 |
|
28-Aug-2013 |
mpi |
Remove unused argument from *rtrequest()
ok krw@, mikeb@
|
#
1.33 |
|
26-Aug-2013 |
bluhm |
No one uses the obsolete IPv6 ioctls SIOCGDRLST_IN6, SIOCGPRLST_IN6, OSIOCGIFINFO_IN6 anymore. Remove them together with the structs in6_drlist, in6_oprlist, in6_prlist, in6_ondireq and the kernel implementation. OK mikeb@ henning@
|
#
1.32 |
|
11-Aug-2013 |
bluhm |
To control the lifetime of IPv6 addresses, prefixes and default routers, the kernel and ndp use a bunch of expire fields. Before they were int or u_long, convert expire to time_t in all structs. Move vltime and pltime to u_int32_t everywhere. Sort struct fields by size. Struct inet6_ndpr_msghdr is not used at all, so remove it.
Binary compatibility of rtsold and ndp break with this change as rtsold uses in6_drlist and ndp uses in6_defrouter and in6_prefix to interact with the kernel.
OK mpi@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.31 |
|
01-Jul-2013 |
bluhm |
Do not access queue fields directly, use FOREACH() macro instead. No binary change. OK mikeb@ mpi@
|
#
1.30 |
|
11-Mar-2013 |
mpi |
Remove unused code manipulating a default interface and its index, This is a leftover from the on-link assumption behavior removal, which has been deprecated by RFC4861 anyway.
ok mikeb@, bluhm@, florian@
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.29 |
|
14-Feb-2012 |
sthen |
typo in comment.
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.28 |
|
03-Apr-2011 |
stsp |
fix typos in comments ok deraadt henning sthen thib (though thib says he can't spell)
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE
|
#
1.27 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE
|
#
1.26 |
|
11-Jun-2008 |
mcbride |
From KAME, allow adjustable limits on NDP entries and discovered routes.
ok mpf naddy
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.25 |
|
08-Jul-2003 |
itojun |
unifdef -U__otherBSD__
|
#
1.24 |
|
27-Jun-2003 |
itojun |
split ND6 cache timer management to per-entry. increased accuracy, no O(N) loop. sync w/ kame. marc tested, daniel ok
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_A UBC_SYNC_B
|
#
1.23 |
|
08-Jun-2002 |
itojun |
gc
|
#
1.22 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.21 |
|
07-Jun-2002 |
itojun |
cope with cases where maxmtu == 0 (shouldn't happen)
|
#
1.20 |
|
05-Jun-2002 |
itojun |
be sure to use L3 MTU, not L2 MTU, when specified in spec (affects FDDI/ARCnet)
|
#
1.19 |
|
30-May-2002 |
itojun |
improve nd6_setmtu(), to warn too-small MTU on SIOCSIFMTU. sync w/kame
|
#
1.18 |
|
29-May-2002 |
itojun |
no need to supply obsolete field name "receivedra"
|
#
1.17 |
|
29-May-2002 |
itojun |
attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.16 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
#
1.15 |
|
23-Jan-2002 |
fgsch |
compatability -> compatibility.
|
Revision tags: OPENBSD_2_9_BASE OPENBSD_3_0_BASE UBC_BASE
|
#
1.14 |
|
23-Feb-2001 |
itojun |
branches: 1.14.6; garbage-collect stale ND entries (default: 1 day). RFC 2461 5.3. sync with kame.
|
#
1.13 |
|
23-Feb-2001 |
itojun |
remove unnecessary state, ND6_LLINFO_WAITDELETE, from neighbor cache state machine. no need for RTF_REJECT on neighbor cache entires, they are leftover from ARP code. sync with kame.
|
#
1.12 |
|
08-Feb-2001 |
itojun |
when chasing nd6_llinfo chain, make sure we do not touch dangling pointer (due to RTM_DELETE during default router list management). from kame
|
#
1.11 |
|
08-Feb-2001 |
itojun |
use timeout_xx() throughout sys/netinet6. sync with kame.
|
#
1.10 |
|
07-Feb-2001 |
itojun |
by default, don't bark on inbound ND messages, as outsider may be able to fill up /var with bogus packets. setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid ND packet and other occasions.
improve icmp6 stats.
|
#
1.9 |
|
19-Jan-2001 |
itojun |
pull post-4.4BSD change to sys/net/route.c from BSD/OS 4.2 (UCB copyrighted).
have sys/net/route.c:rtrequest1(), which takes rt_addrinfo * as the argument. pass rt_addrinfo all the way down to rtrequest, and ifa->ifa_rtrequest. 3rd arg of ifa->ifa_rtrequest is now rt_addrinfo * instead of sockaddr * (almost noone is using it anyways).
benefit: the follwoing command now works. previously we need two route(8) invocations, "add" then "change". # route add -inet6 default ::1 -ifp gif0
remove unsafe typecast in rtrequest(), from rtentry * to sockaddr *. it was introduced by 4.3BSD-reno and never corrected.
XXX is eon_rtrequest() change correct regarding to 3rd arg? eon_rtrequest() and rtrequest() were incorrect since 4.3BSD-reno, so i do not have correct answer in the source code. someone with more clue about netiso-over-ip, please help.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.8 |
|
06-Jul-2000 |
itojun |
- more icmp6/ip6 stats. - protect IPv6 ND from being hosed (due to neighbor unreachability detection hint) by wrong tcp traffic. still not sure if there's real attack, but it is good to be cautious. - avoid bitfield for router renumbering header decl. - implement packet-per-sec limitation for icmp6 errors, turn interval limit off (it is not very useful due to unix timer resolution).
|
#
1.7 |
|
19-May-2000 |
itojun |
never forward packet with link-local address. experimental support for new loopback packet handling (with FAKE_LOOPBACK_IF, rcvif will be set to real outgoing interface, not the loopback, to honor scope) sync with kame.
|
#
1.6 |
|
15-May-2000 |
itojun |
perform NUD on p2p link, only if the destination/gateway is real neighbor. this removes temporary workaround (no NUD on p2p link). KAME PR 245.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.5 |
|
17-Apr-2000 |
itojun |
revisit in6_ifattach(). (1) make it more persistent about initializaing an interface (2) cleanup interface id selection. run NUD on p2p interface (required by spec for bidir p2p interface). add "ndp -i interface" (can tweak per-interface ND flag). (sync with more recent kame)
|
#
1.4 |
|
28-Feb-2000 |
itojun |
bring in recent KAME changes (only important and stable ones, as usual). - remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works just like "arp -s". - revise source address selection. be more careful about use of yet-to-be-valid addresses as source. - as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope packet forwarding attempt. - path MTU discovery takes care of routing header properly. - be more strict about mbuf chain parsing. - nuke xxCTL_VARS #define, they are for BSDI. - disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit IPv6 model where multiple address on interface is normal. (kernel side supports them for a while for backward compat, the support will be nuked shortly) - introduce "default outgoing interface" (for spec conformance in very rare case)
|
Revision tags: SMP_BASE
|
#
1.3 |
|
04-Feb-2000 |
itojun |
branches: 1.3.2; more coverage of in6_ifdetach()'s cleanup process. bug fix in SIOCGIFADDR_IN6 (point to point case).
|
#
1.2 |
|
08-Jan-2000 |
deraadt |
use arc4random() instead of random for two reasons. 1) on some architectures, random() should only be used by the scheduler (ie. statintr() because it is uniformly distributed 2) arc4random() is actually strong, random() is not at all
|
Revision tags: kame_19991208
|
#
1.1 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
#
1.80 |
|
12-Nov-2022 |
kn |
Remove unused RS_LHCOOKIE macro
Added in 2014 110585f259f4974284e531f0a1e121b001a580dc Move sending of router solicitations to the kernel; [...] but never used.
|
Revision tags: OPENBSD_7_2_BASE
|
#
1.79 |
|
08-Aug-2022 |
kn |
Constify in6_addr pointer arguments in nd6_*() functions
All of them are passed to inspect/copy out fields, none of the functions writes to the struct.
This makes it easier to argue about code (in MP context).
OK bluhm
|
#
1.78 |
|
28-Jul-2022 |
kn |
Zap prototypes for nonexistent nd6_setmtu() and in6_ifdel()
Removed in 2015 and 2002, respectively.
OK claudio
|
#
1.77 |
|
22-Jul-2022 |
kn |
Leftovers from florian's RS/NA purge from the kernel in 2017.
OK bluhm
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE
|
#
1.76 |
|
28-Mar-2020 |
florian |
Move ND6_PRIV_* constants from nd6.h to slaacd the only place where they are used. Nobody in the wider eco system uses these. While here reduce temporary address valid lifetime to 2 days as per draft-ietf-6man-rfc4941bis. This should considerably reduce the amount of addresses configured on an interface - a common complaint. Original diff from Fernando Gont (fernando AT gont.com.ar), thanks! Ports tree scanning by sthen@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.75 |
|
21-Jun-2019 |
mpi |
Prevent recursions by not deleting entries inside rtable_walk(9).
rtable_walk(9) now passes a routing entry back to the caller when a non zero value is returned and if it asked for it. This allows us to call rtdeletemsg()/rtrequest_delete() from the caller without creating a recursion because of rtflushclone().
Multicast code hasn't been adapted and is still possibly creating recursions. However multicast route entries aren't cloned so if a recursion exists it isn't because of rtflushclone().
Fix stack exhaustion triggered by the use of "-msave-args".
Issue reported by D��niel L��vai on bugs@ confirmed by and ok bluhm@.
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.74 |
|
27-Nov-2017 |
mpi |
Use a single timer for all ND6 entries.
This prevents a use-after-free reported by Hrvoje Popovski where the timeout function was already sleeping on the NET_LOCK() when ifconfig(8) removed the enry from the table.
By iterating on a global list in the timeout routine we ensure that the items are still valid when we process them. This also reduce differences with ARP.
ok bluhm@, visa@
|
#
1.73 |
|
03-Nov-2017 |
florian |
We are processing Router Solicitation / Advertisement messages only for the Source Link-layer Address Options. Merge nd6_rs_input() and nd6_ra_input() into one generic function that does just that.
input & OK mpi
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.72 |
|
09-Aug-2017 |
florian |
Remove knob and always do neighbor unreachable detection.
|
#
1.71 |
|
09-Aug-2017 |
florian |
accept_rtadv doesn't do anything since some time. OK mpi
|
#
1.70 |
|
09-Aug-2017 |
florian |
We are no longer generating privacy addresses in the kernel. OK mpi
|
#
1.69 |
|
08-Aug-2017 |
florian |
Stop running nd6_expire every second. We know when pltime or vltime decrease to zero. Run nd6_expire then. Input & OK mpi, bluhm
|
#
1.68 |
|
12-Jul-2017 |
florian |
Get rid of ICMPV6CTL_ND6_DRLIST and ICMPV6CTL_ND6_PRLIST sysctls With this we can also get rid of in6_prefix and in6_defrouter. They are meaningless, the kernel no longer tracks this information.
Pointed out by & OK mpi
|
#
1.67 |
|
11-Jul-2017 |
florian |
Purging is at last at hand. Day of Doom is here. All that is evil shall all be cleansed.
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Input & OK bluhm@, mpi@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.66 |
|
27-Dec-2016 |
bluhm |
Move nd6 timer initialisation to nd6_init() and call timeout_set() only once during init. OK mpi@
|
#
1.65 |
|
28-Nov-2016 |
mpi |
Remove multiple recursive splsoftnet().
ok bluhm@
|
#
1.64 |
|
21-Nov-2016 |
mpi |
Assert that prelist_update() is always called at IPL_SOFTNET.
While here use __func__ in debug strings to reduce noise when grepping.
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.63 |
|
13-Jul-2016 |
dlg |
store nd6 expiries in the route, not separately in the llinfo struct.
this makes it more consistent with arp, and makes expiries visible via route(8) get as well as ndp(8).
ok mpi@ florian@
|
#
1.62 |
|
15-Jun-2016 |
mpi |
Kill nd6_output(), it doesn't do anything since the resolution logic has been moved to nd6_resolve().
ok visa@, millert@, florian@, sthen@
|
#
1.61 |
|
08-Jun-2016 |
mpi |
Move ND resoluton logic from nd6_output() to nd6_storelladdr() and rename it to nd6_resolve().
This allows us to get rid of non-Ethernet hacks by moving Ethernet specific logic in the appropriate layer.
ok sthen@
|
#
1.60 |
|
01-Jun-2016 |
dlg |
make nd6_llinfo_settimer take seconds instead of ticks.
most callers are working in seconds, internally it uses seconds, and you can call timeout_add_sec as easily as timeout_add.
this also fixes an issue with an nd_defrouter expire which was incorrectly scaled with ticks in a comparison.
ok mpi@
|
#
1.59 |
|
30-May-2016 |
dlg |
remove code compensating for the "short" range of timeouts.
the nd6 code for managing expiries is never asked to handle intervals greater than what timeouts can handle, so we dont need to overcompensate.
the code was also incorrect by using a long, which isnt that long on ILP32 machines.
ok mpi@ millert@ benno@
|
#
1.58 |
|
30-Mar-2016 |
mpi |
Implement proxy ARP for ART based on mpath support.
Since mpath is not enabled in RAMDISK, proxy ARP won't work there either.
ok bluhm@
|
#
1.57 |
|
03-Mar-2016 |
jca |
Kill IPv6 prefix and router renumbering ioctls.
Router renumbering was never supported, prefix ioctls were deprecated ~15 years ago. Move some items in netinet6/nd6.h where they are still used.
ok mikeb@ mpi@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.56 |
|
18-Dec-2015 |
tb |
Convert arc4random() to arc4random_uniorm(). Diff by Matthew Martin.
Ensure that arc4random_uniform() doesn't loop by redefining ND6_MAX_DESYNC_FACTOR to be 512, the largest power of two smaller than the RFC-specified 600 seconds. Suggested by florian@ and deraadt@
ok florian@, sthen@ in this form, arc4random change ok djm@, tedu@
|
#
1.55 |
|
06-Nov-2015 |
mpi |
Change nd6_nud_hint() to no longer manipulate rt_ifp directly.
While here remove unused argument and convert the route check to rtisvalid(9).
ok bluhm@
|
#
1.54 |
|
02-Nov-2015 |
bluhm |
Implement the list of nd6 llinfo entries with a TAILQ. OK millert@ mpi@
|
#
1.53 |
|
02-Nov-2015 |
mpi |
Prefer an existing refcounted ``ifp'' to rt_ifp when possible or use the interface index directly.
ok bluhm@
|
#
1.52 |
|
28-Oct-2015 |
florian |
Remove linkmtu and maxmtu from struct nd_ifinfo. IN6_LINKMTU can now die and ifp->if_mtu is the one true mtu. Suggested by and OK mpi@
|
#
1.51 |
|
25-Oct-2015 |
mpi |
Introduce if_rtrequest() the successor of ifa_rtrequest().
L2 resolution depends on the protocol (encoded in the route entry) and an ``ifp''. Not having to care about an ``ifa'' makes our life easier in our MP effort. Fewer dependencies between data structures implies fewer headaches.
Discussed with bluhm@, ok claudio@
|
#
1.50 |
|
24-Oct-2015 |
mpi |
Ignore Router Advertisment's current hop limit.
Appart from the usual inet6 axe murdering exercise to keep you fit, this allows us to get rid of a lot of layer violation due to the use of per- ifp variables to store the current hop limit.
Imputs from bluhm@, ok phessler@, florian@, bluhm@
|
#
1.49 |
|
31-Aug-2015 |
mpi |
The return value of nd6_cache_lladdr() is never used so make it a void.
Fewer "struct rtentry" left in the wild!
|
#
1.48 |
|
24-Aug-2015 |
mpi |
nd6_prefix_add() is no longer used and die.
|
#
1.47 |
|
24-Aug-2015 |
mpi |
Start moving away from the global prefix list by limiting its usage to AUTOCONF'd addresses.
This prevent the kernel from removing connected (/64) routes as soon as it configures an AUTOCONF'd address based on a RA.
Tested by sebastia@, ok sthen@
|
#
1.46 |
|
24-Aug-2015 |
mpi |
Rework the code to decide when to perform DAD to no longer rely on the IN6_IFF_NODAD pseudo-flag not being set.
This was just a flag for spaghetti code that should not exist in the first place.
Tested by sebastia@, ok sthen@
|
#
1.45 |
|
18-Aug-2015 |
mpi |
Call rtfree(9) when we no longer need the route entry rather than decrementing rt_refcnt just after rtrequest1(9).
While here reduce the differences with rt_ifa_add(9). There's still an ambiguity about rtrequest1(9)'s return value, but bluhm@ will address that in a different diff.
Discussed with and ok bluhm@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.44 |
|
18-Jul-2015 |
mpi |
Merge two identical chunks to add new prefixes to the global data structures into a function.
ok florian@
|
#
1.43 |
|
16-Jul-2015 |
mpi |
Properly layer Router Solicitation code.
Tweak and ok florian@
|
#
1.42 |
|
09-Jul-2015 |
mpi |
Remove unused arguments and the associated code from nd6_nud_hint().
ok claudio@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.41 |
|
20-Nov-2014 |
mpi |
Rework the handling of interfaces and IPv6 addresses for local delivery.
- Unicast packets sent to any local address will have their interface set to loobpack.
- In order to differentiate traffic from interfaces having identical link-local addresses, provide the scoped addresses to pf(4).
- Update the icmp6 state lookup logic to match scoped MLL addresses.
- Remove a shortcut in ip6_input() that bypasses pf and always look for an RTF_LOCAL route.
Packets sent to multicast addresses still retain their original interface due to the fact that local multicast packet delivering does not use if_output.
This makes ping6 to link-local addresses work even with pf enabled and "set skip" on loopbacks, reported by Pieter Verberne.
Debugged, analysed and tested with mikeb@.
ok mikeb@, henning@, sthen@
|
#
1.40 |
|
10-Nov-2014 |
mpi |
Do not pass an ifa pointer when we already have a DAD descriptor.
Tweaks and ok florian@
|
#
1.39 |
|
25-Aug-2014 |
florian |
Move sending of router solicitations to the kernel; receiving and processing of router advertisements was already in the kernel. With this rtsol{,d}(8) is no longer necessary.
The kernel starts sending solicitations with # ifconfig $IF inet6 autoconf or inet6 autoconf in /etc/hostname.$IF.
input stsp@ much help & OK mpi@ tweaks & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.38 |
|
11-Jul-2014 |
blambert |
move IPv6 prefix adding from workq to taskq; as a happy benefit, we can delete 2 dozen or so lines that check to see if we've queued up a prefix addition multiple times.
ok stsp@
|
#
1.37 |
|
07-May-2014 |
mpi |
Kill the {nd6_,}useloopback buttons, using the loopback interface for local traffic is not optional.
ok mikeb@, stsp@, jca@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.36 |
|
07-Jan-2014 |
mikeb |
Propagate an rdomain number to the nd6_lookup independently from the ifp pointer which can be NULL. This prevents a crash reported by David Hill <dhill at mindcry ! org>. OK bluhm
|
#
1.35 |
|
25-Oct-2013 |
deraadt |
More _KERNEL namespace cleanup, just in case something out there includes this.
|
#
1.34 |
|
28-Aug-2013 |
mpi |
Remove unused argument from *rtrequest()
ok krw@, mikeb@
|
#
1.33 |
|
26-Aug-2013 |
bluhm |
No one uses the obsolete IPv6 ioctls SIOCGDRLST_IN6, SIOCGPRLST_IN6, OSIOCGIFINFO_IN6 anymore. Remove them together with the structs in6_drlist, in6_oprlist, in6_prlist, in6_ondireq and the kernel implementation. OK mikeb@ henning@
|
#
1.32 |
|
11-Aug-2013 |
bluhm |
To control the lifetime of IPv6 addresses, prefixes and default routers, the kernel and ndp use a bunch of expire fields. Before they were int or u_long, convert expire to time_t in all structs. Move vltime and pltime to u_int32_t everywhere. Sort struct fields by size. Struct inet6_ndpr_msghdr is not used at all, so remove it.
Binary compatibility of rtsold and ndp break with this change as rtsold uses in6_drlist and ndp uses in6_defrouter and in6_prefix to interact with the kernel.
OK mpi@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.31 |
|
01-Jul-2013 |
bluhm |
Do not access queue fields directly, use FOREACH() macro instead. No binary change. OK mikeb@ mpi@
|
#
1.30 |
|
11-Mar-2013 |
mpi |
Remove unused code manipulating a default interface and its index, This is a leftover from the on-link assumption behavior removal, which has been deprecated by RFC4861 anyway.
ok mikeb@, bluhm@, florian@
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.29 |
|
14-Feb-2012 |
sthen |
typo in comment.
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.28 |
|
03-Apr-2011 |
stsp |
fix typos in comments ok deraadt henning sthen thib (though thib says he can't spell)
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE
|
#
1.27 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE
|
#
1.26 |
|
11-Jun-2008 |
mcbride |
From KAME, allow adjustable limits on NDP entries and discovered routes.
ok mpf naddy
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.25 |
|
08-Jul-2003 |
itojun |
unifdef -U__otherBSD__
|
#
1.24 |
|
27-Jun-2003 |
itojun |
split ND6 cache timer management to per-entry. increased accuracy, no O(N) loop. sync w/ kame. marc tested, daniel ok
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_A UBC_SYNC_B
|
#
1.23 |
|
08-Jun-2002 |
itojun |
gc
|
#
1.22 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.21 |
|
07-Jun-2002 |
itojun |
cope with cases where maxmtu == 0 (shouldn't happen)
|
#
1.20 |
|
05-Jun-2002 |
itojun |
be sure to use L3 MTU, not L2 MTU, when specified in spec (affects FDDI/ARCnet)
|
#
1.19 |
|
30-May-2002 |
itojun |
improve nd6_setmtu(), to warn too-small MTU on SIOCSIFMTU. sync w/kame
|
#
1.18 |
|
29-May-2002 |
itojun |
no need to supply obsolete field name "receivedra"
|
#
1.17 |
|
29-May-2002 |
itojun |
attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.16 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
#
1.15 |
|
23-Jan-2002 |
fgsch |
compatability -> compatibility.
|
Revision tags: OPENBSD_2_9_BASE OPENBSD_3_0_BASE UBC_BASE
|
#
1.14 |
|
23-Feb-2001 |
itojun |
branches: 1.14.6; garbage-collect stale ND entries (default: 1 day). RFC 2461 5.3. sync with kame.
|
#
1.13 |
|
23-Feb-2001 |
itojun |
remove unnecessary state, ND6_LLINFO_WAITDELETE, from neighbor cache state machine. no need for RTF_REJECT on neighbor cache entires, they are leftover from ARP code. sync with kame.
|
#
1.12 |
|
08-Feb-2001 |
itojun |
when chasing nd6_llinfo chain, make sure we do not touch dangling pointer (due to RTM_DELETE during default router list management). from kame
|
#
1.11 |
|
08-Feb-2001 |
itojun |
use timeout_xx() throughout sys/netinet6. sync with kame.
|
#
1.10 |
|
07-Feb-2001 |
itojun |
by default, don't bark on inbound ND messages, as outsider may be able to fill up /var with bogus packets. setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid ND packet and other occasions.
improve icmp6 stats.
|
#
1.9 |
|
19-Jan-2001 |
itojun |
pull post-4.4BSD change to sys/net/route.c from BSD/OS 4.2 (UCB copyrighted).
have sys/net/route.c:rtrequest1(), which takes rt_addrinfo * as the argument. pass rt_addrinfo all the way down to rtrequest, and ifa->ifa_rtrequest. 3rd arg of ifa->ifa_rtrequest is now rt_addrinfo * instead of sockaddr * (almost noone is using it anyways).
benefit: the follwoing command now works. previously we need two route(8) invocations, "add" then "change". # route add -inet6 default ::1 -ifp gif0
remove unsafe typecast in rtrequest(), from rtentry * to sockaddr *. it was introduced by 4.3BSD-reno and never corrected.
XXX is eon_rtrequest() change correct regarding to 3rd arg? eon_rtrequest() and rtrequest() were incorrect since 4.3BSD-reno, so i do not have correct answer in the source code. someone with more clue about netiso-over-ip, please help.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.8 |
|
06-Jul-2000 |
itojun |
- more icmp6/ip6 stats. - protect IPv6 ND from being hosed (due to neighbor unreachability detection hint) by wrong tcp traffic. still not sure if there's real attack, but it is good to be cautious. - avoid bitfield for router renumbering header decl. - implement packet-per-sec limitation for icmp6 errors, turn interval limit off (it is not very useful due to unix timer resolution).
|
#
1.7 |
|
19-May-2000 |
itojun |
never forward packet with link-local address. experimental support for new loopback packet handling (with FAKE_LOOPBACK_IF, rcvif will be set to real outgoing interface, not the loopback, to honor scope) sync with kame.
|
#
1.6 |
|
15-May-2000 |
itojun |
perform NUD on p2p link, only if the destination/gateway is real neighbor. this removes temporary workaround (no NUD on p2p link). KAME PR 245.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.5 |
|
17-Apr-2000 |
itojun |
revisit in6_ifattach(). (1) make it more persistent about initializaing an interface (2) cleanup interface id selection. run NUD on p2p interface (required by spec for bidir p2p interface). add "ndp -i interface" (can tweak per-interface ND flag). (sync with more recent kame)
|
#
1.4 |
|
28-Feb-2000 |
itojun |
bring in recent KAME changes (only important and stable ones, as usual). - remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works just like "arp -s". - revise source address selection. be more careful about use of yet-to-be-valid addresses as source. - as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope packet forwarding attempt. - path MTU discovery takes care of routing header properly. - be more strict about mbuf chain parsing. - nuke xxCTL_VARS #define, they are for BSDI. - disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit IPv6 model where multiple address on interface is normal. (kernel side supports them for a while for backward compat, the support will be nuked shortly) - introduce "default outgoing interface" (for spec conformance in very rare case)
|
Revision tags: SMP_BASE
|
#
1.3 |
|
04-Feb-2000 |
itojun |
branches: 1.3.2; more coverage of in6_ifdetach()'s cleanup process. bug fix in SIOCGIFADDR_IN6 (point to point case).
|
#
1.2 |
|
08-Jan-2000 |
deraadt |
use arc4random() instead of random for two reasons. 1) on some architectures, random() should only be used by the scheduler (ie. statintr() because it is uniformly distributed 2) arc4random() is actually strong, random() is not at all
|
Revision tags: kame_19991208
|
#
1.1 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
#
1.79 |
|
08-Aug-2022 |
kn |
Constify in6_addr pointer arguments in nd6_*() functions
All of them are passed to inspect/copy out fields, none of the functions writes to the struct.
This makes it easier to argue about code (in MP context).
OK bluhm
|
#
1.78 |
|
28-Jul-2022 |
kn |
Zap prototypes for nonexistent nd6_setmtu() and in6_ifdel()
Removed in 2015 and 2002, respectively.
OK claudio
|
#
1.77 |
|
22-Jul-2022 |
kn |
Leftovers from florian's RS/NA purge from the kernel in 2017.
OK bluhm
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE
|
#
1.76 |
|
28-Mar-2020 |
florian |
Move ND6_PRIV_* constants from nd6.h to slaacd the only place where they are used. Nobody in the wider eco system uses these. While here reduce temporary address valid lifetime to 2 days as per draft-ietf-6man-rfc4941bis. This should considerably reduce the amount of addresses configured on an interface - a common complaint. Original diff from Fernando Gont (fernando AT gont.com.ar), thanks! Ports tree scanning by sthen@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.75 |
|
21-Jun-2019 |
mpi |
Prevent recursions by not deleting entries inside rtable_walk(9).
rtable_walk(9) now passes a routing entry back to the caller when a non zero value is returned and if it asked for it. This allows us to call rtdeletemsg()/rtrequest_delete() from the caller without creating a recursion because of rtflushclone().
Multicast code hasn't been adapted and is still possibly creating recursions. However multicast route entries aren't cloned so if a recursion exists it isn't because of rtflushclone().
Fix stack exhaustion triggered by the use of "-msave-args".
Issue reported by D��niel L��vai on bugs@ confirmed by and ok bluhm@.
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.74 |
|
27-Nov-2017 |
mpi |
Use a single timer for all ND6 entries.
This prevents a use-after-free reported by Hrvoje Popovski where the timeout function was already sleeping on the NET_LOCK() when ifconfig(8) removed the enry from the table.
By iterating on a global list in the timeout routine we ensure that the items are still valid when we process them. This also reduce differences with ARP.
ok bluhm@, visa@
|
#
1.73 |
|
03-Nov-2017 |
florian |
We are processing Router Solicitation / Advertisement messages only for the Source Link-layer Address Options. Merge nd6_rs_input() and nd6_ra_input() into one generic function that does just that.
input & OK mpi
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.72 |
|
09-Aug-2017 |
florian |
Remove knob and always do neighbor unreachable detection.
|
#
1.71 |
|
09-Aug-2017 |
florian |
accept_rtadv doesn't do anything since some time. OK mpi
|
#
1.70 |
|
09-Aug-2017 |
florian |
We are no longer generating privacy addresses in the kernel. OK mpi
|
#
1.69 |
|
08-Aug-2017 |
florian |
Stop running nd6_expire every second. We know when pltime or vltime decrease to zero. Run nd6_expire then. Input & OK mpi, bluhm
|
#
1.68 |
|
12-Jul-2017 |
florian |
Get rid of ICMPV6CTL_ND6_DRLIST and ICMPV6CTL_ND6_PRLIST sysctls With this we can also get rid of in6_prefix and in6_defrouter. They are meaningless, the kernel no longer tracks this information.
Pointed out by & OK mpi
|
#
1.67 |
|
11-Jul-2017 |
florian |
Purging is at last at hand. Day of Doom is here. All that is evil shall all be cleansed.
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Input & OK bluhm@, mpi@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.66 |
|
27-Dec-2016 |
bluhm |
Move nd6 timer initialisation to nd6_init() and call timeout_set() only once during init. OK mpi@
|
#
1.65 |
|
28-Nov-2016 |
mpi |
Remove multiple recursive splsoftnet().
ok bluhm@
|
#
1.64 |
|
21-Nov-2016 |
mpi |
Assert that prelist_update() is always called at IPL_SOFTNET.
While here use __func__ in debug strings to reduce noise when grepping.
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.63 |
|
13-Jul-2016 |
dlg |
store nd6 expiries in the route, not separately in the llinfo struct.
this makes it more consistent with arp, and makes expiries visible via route(8) get as well as ndp(8).
ok mpi@ florian@
|
#
1.62 |
|
15-Jun-2016 |
mpi |
Kill nd6_output(), it doesn't do anything since the resolution logic has been moved to nd6_resolve().
ok visa@, millert@, florian@, sthen@
|
#
1.61 |
|
08-Jun-2016 |
mpi |
Move ND resoluton logic from nd6_output() to nd6_storelladdr() and rename it to nd6_resolve().
This allows us to get rid of non-Ethernet hacks by moving Ethernet specific logic in the appropriate layer.
ok sthen@
|
#
1.60 |
|
01-Jun-2016 |
dlg |
make nd6_llinfo_settimer take seconds instead of ticks.
most callers are working in seconds, internally it uses seconds, and you can call timeout_add_sec as easily as timeout_add.
this also fixes an issue with an nd_defrouter expire which was incorrectly scaled with ticks in a comparison.
ok mpi@
|
#
1.59 |
|
30-May-2016 |
dlg |
remove code compensating for the "short" range of timeouts.
the nd6 code for managing expiries is never asked to handle intervals greater than what timeouts can handle, so we dont need to overcompensate.
the code was also incorrect by using a long, which isnt that long on ILP32 machines.
ok mpi@ millert@ benno@
|
#
1.58 |
|
30-Mar-2016 |
mpi |
Implement proxy ARP for ART based on mpath support.
Since mpath is not enabled in RAMDISK, proxy ARP won't work there either.
ok bluhm@
|
#
1.57 |
|
03-Mar-2016 |
jca |
Kill IPv6 prefix and router renumbering ioctls.
Router renumbering was never supported, prefix ioctls were deprecated ~15 years ago. Move some items in netinet6/nd6.h where they are still used.
ok mikeb@ mpi@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.56 |
|
18-Dec-2015 |
tb |
Convert arc4random() to arc4random_uniorm(). Diff by Matthew Martin.
Ensure that arc4random_uniform() doesn't loop by redefining ND6_MAX_DESYNC_FACTOR to be 512, the largest power of two smaller than the RFC-specified 600 seconds. Suggested by florian@ and deraadt@
ok florian@, sthen@ in this form, arc4random change ok djm@, tedu@
|
#
1.55 |
|
06-Nov-2015 |
mpi |
Change nd6_nud_hint() to no longer manipulate rt_ifp directly.
While here remove unused argument and convert the route check to rtisvalid(9).
ok bluhm@
|
#
1.54 |
|
02-Nov-2015 |
bluhm |
Implement the list of nd6 llinfo entries with a TAILQ. OK millert@ mpi@
|
#
1.53 |
|
02-Nov-2015 |
mpi |
Prefer an existing refcounted ``ifp'' to rt_ifp when possible or use the interface index directly.
ok bluhm@
|
#
1.52 |
|
28-Oct-2015 |
florian |
Remove linkmtu and maxmtu from struct nd_ifinfo. IN6_LINKMTU can now die and ifp->if_mtu is the one true mtu. Suggested by and OK mpi@
|
#
1.51 |
|
25-Oct-2015 |
mpi |
Introduce if_rtrequest() the successor of ifa_rtrequest().
L2 resolution depends on the protocol (encoded in the route entry) and an ``ifp''. Not having to care about an ``ifa'' makes our life easier in our MP effort. Fewer dependencies between data structures implies fewer headaches.
Discussed with bluhm@, ok claudio@
|
#
1.50 |
|
24-Oct-2015 |
mpi |
Ignore Router Advertisment's current hop limit.
Appart from the usual inet6 axe murdering exercise to keep you fit, this allows us to get rid of a lot of layer violation due to the use of per- ifp variables to store the current hop limit.
Imputs from bluhm@, ok phessler@, florian@, bluhm@
|
#
1.49 |
|
31-Aug-2015 |
mpi |
The return value of nd6_cache_lladdr() is never used so make it a void.
Fewer "struct rtentry" left in the wild!
|
#
1.48 |
|
24-Aug-2015 |
mpi |
nd6_prefix_add() is no longer used and die.
|
#
1.47 |
|
24-Aug-2015 |
mpi |
Start moving away from the global prefix list by limiting its usage to AUTOCONF'd addresses.
This prevent the kernel from removing connected (/64) routes as soon as it configures an AUTOCONF'd address based on a RA.
Tested by sebastia@, ok sthen@
|
#
1.46 |
|
24-Aug-2015 |
mpi |
Rework the code to decide when to perform DAD to no longer rely on the IN6_IFF_NODAD pseudo-flag not being set.
This was just a flag for spaghetti code that should not exist in the first place.
Tested by sebastia@, ok sthen@
|
#
1.45 |
|
18-Aug-2015 |
mpi |
Call rtfree(9) when we no longer need the route entry rather than decrementing rt_refcnt just after rtrequest1(9).
While here reduce the differences with rt_ifa_add(9). There's still an ambiguity about rtrequest1(9)'s return value, but bluhm@ will address that in a different diff.
Discussed with and ok bluhm@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.44 |
|
18-Jul-2015 |
mpi |
Merge two identical chunks to add new prefixes to the global data structures into a function.
ok florian@
|
#
1.43 |
|
16-Jul-2015 |
mpi |
Properly layer Router Solicitation code.
Tweak and ok florian@
|
#
1.42 |
|
09-Jul-2015 |
mpi |
Remove unused arguments and the associated code from nd6_nud_hint().
ok claudio@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.41 |
|
20-Nov-2014 |
mpi |
Rework the handling of interfaces and IPv6 addresses for local delivery.
- Unicast packets sent to any local address will have their interface set to loobpack.
- In order to differentiate traffic from interfaces having identical link-local addresses, provide the scoped addresses to pf(4).
- Update the icmp6 state lookup logic to match scoped MLL addresses.
- Remove a shortcut in ip6_input() that bypasses pf and always look for an RTF_LOCAL route.
Packets sent to multicast addresses still retain their original interface due to the fact that local multicast packet delivering does not use if_output.
This makes ping6 to link-local addresses work even with pf enabled and "set skip" on loopbacks, reported by Pieter Verberne.
Debugged, analysed and tested with mikeb@.
ok mikeb@, henning@, sthen@
|
#
1.40 |
|
10-Nov-2014 |
mpi |
Do not pass an ifa pointer when we already have a DAD descriptor.
Tweaks and ok florian@
|
#
1.39 |
|
25-Aug-2014 |
florian |
Move sending of router solicitations to the kernel; receiving and processing of router advertisements was already in the kernel. With this rtsol{,d}(8) is no longer necessary.
The kernel starts sending solicitations with # ifconfig $IF inet6 autoconf or inet6 autoconf in /etc/hostname.$IF.
input stsp@ much help & OK mpi@ tweaks & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.38 |
|
11-Jul-2014 |
blambert |
move IPv6 prefix adding from workq to taskq; as a happy benefit, we can delete 2 dozen or so lines that check to see if we've queued up a prefix addition multiple times.
ok stsp@
|
#
1.37 |
|
07-May-2014 |
mpi |
Kill the {nd6_,}useloopback buttons, using the loopback interface for local traffic is not optional.
ok mikeb@, stsp@, jca@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.36 |
|
07-Jan-2014 |
mikeb |
Propagate an rdomain number to the nd6_lookup independently from the ifp pointer which can be NULL. This prevents a crash reported by David Hill <dhill at mindcry ! org>. OK bluhm
|
#
1.35 |
|
25-Oct-2013 |
deraadt |
More _KERNEL namespace cleanup, just in case something out there includes this.
|
#
1.34 |
|
28-Aug-2013 |
mpi |
Remove unused argument from *rtrequest()
ok krw@, mikeb@
|
#
1.33 |
|
26-Aug-2013 |
bluhm |
No one uses the obsolete IPv6 ioctls SIOCGDRLST_IN6, SIOCGPRLST_IN6, OSIOCGIFINFO_IN6 anymore. Remove them together with the structs in6_drlist, in6_oprlist, in6_prlist, in6_ondireq and the kernel implementation. OK mikeb@ henning@
|
#
1.32 |
|
11-Aug-2013 |
bluhm |
To control the lifetime of IPv6 addresses, prefixes and default routers, the kernel and ndp use a bunch of expire fields. Before they were int or u_long, convert expire to time_t in all structs. Move vltime and pltime to u_int32_t everywhere. Sort struct fields by size. Struct inet6_ndpr_msghdr is not used at all, so remove it.
Binary compatibility of rtsold and ndp break with this change as rtsold uses in6_drlist and ndp uses in6_defrouter and in6_prefix to interact with the kernel.
OK mpi@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.31 |
|
01-Jul-2013 |
bluhm |
Do not access queue fields directly, use FOREACH() macro instead. No binary change. OK mikeb@ mpi@
|
#
1.30 |
|
11-Mar-2013 |
mpi |
Remove unused code manipulating a default interface and its index, This is a leftover from the on-link assumption behavior removal, which has been deprecated by RFC4861 anyway.
ok mikeb@, bluhm@, florian@
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.29 |
|
14-Feb-2012 |
sthen |
typo in comment.
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.28 |
|
03-Apr-2011 |
stsp |
fix typos in comments ok deraadt henning sthen thib (though thib says he can't spell)
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE
|
#
1.27 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE
|
#
1.26 |
|
11-Jun-2008 |
mcbride |
From KAME, allow adjustable limits on NDP entries and discovered routes.
ok mpf naddy
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.25 |
|
08-Jul-2003 |
itojun |
unifdef -U__otherBSD__
|
#
1.24 |
|
27-Jun-2003 |
itojun |
split ND6 cache timer management to per-entry. increased accuracy, no O(N) loop. sync w/ kame. marc tested, daniel ok
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_A UBC_SYNC_B
|
#
1.23 |
|
08-Jun-2002 |
itojun |
gc
|
#
1.22 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.21 |
|
07-Jun-2002 |
itojun |
cope with cases where maxmtu == 0 (shouldn't happen)
|
#
1.20 |
|
05-Jun-2002 |
itojun |
be sure to use L3 MTU, not L2 MTU, when specified in spec (affects FDDI/ARCnet)
|
#
1.19 |
|
30-May-2002 |
itojun |
improve nd6_setmtu(), to warn too-small MTU on SIOCSIFMTU. sync w/kame
|
#
1.18 |
|
29-May-2002 |
itojun |
no need to supply obsolete field name "receivedra"
|
#
1.17 |
|
29-May-2002 |
itojun |
attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.16 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
#
1.15 |
|
23-Jan-2002 |
fgsch |
compatability -> compatibility.
|
Revision tags: OPENBSD_2_9_BASE OPENBSD_3_0_BASE UBC_BASE
|
#
1.14 |
|
23-Feb-2001 |
itojun |
branches: 1.14.6; garbage-collect stale ND entries (default: 1 day). RFC 2461 5.3. sync with kame.
|
#
1.13 |
|
23-Feb-2001 |
itojun |
remove unnecessary state, ND6_LLINFO_WAITDELETE, from neighbor cache state machine. no need for RTF_REJECT on neighbor cache entires, they are leftover from ARP code. sync with kame.
|
#
1.12 |
|
08-Feb-2001 |
itojun |
when chasing nd6_llinfo chain, make sure we do not touch dangling pointer (due to RTM_DELETE during default router list management). from kame
|
#
1.11 |
|
08-Feb-2001 |
itojun |
use timeout_xx() throughout sys/netinet6. sync with kame.
|
#
1.10 |
|
07-Feb-2001 |
itojun |
by default, don't bark on inbound ND messages, as outsider may be able to fill up /var with bogus packets. setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid ND packet and other occasions.
improve icmp6 stats.
|
#
1.9 |
|
19-Jan-2001 |
itojun |
pull post-4.4BSD change to sys/net/route.c from BSD/OS 4.2 (UCB copyrighted).
have sys/net/route.c:rtrequest1(), which takes rt_addrinfo * as the argument. pass rt_addrinfo all the way down to rtrequest, and ifa->ifa_rtrequest. 3rd arg of ifa->ifa_rtrequest is now rt_addrinfo * instead of sockaddr * (almost noone is using it anyways).
benefit: the follwoing command now works. previously we need two route(8) invocations, "add" then "change". # route add -inet6 default ::1 -ifp gif0
remove unsafe typecast in rtrequest(), from rtentry * to sockaddr *. it was introduced by 4.3BSD-reno and never corrected.
XXX is eon_rtrequest() change correct regarding to 3rd arg? eon_rtrequest() and rtrequest() were incorrect since 4.3BSD-reno, so i do not have correct answer in the source code. someone with more clue about netiso-over-ip, please help.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.8 |
|
06-Jul-2000 |
itojun |
- more icmp6/ip6 stats. - protect IPv6 ND from being hosed (due to neighbor unreachability detection hint) by wrong tcp traffic. still not sure if there's real attack, but it is good to be cautious. - avoid bitfield for router renumbering header decl. - implement packet-per-sec limitation for icmp6 errors, turn interval limit off (it is not very useful due to unix timer resolution).
|
#
1.7 |
|
19-May-2000 |
itojun |
never forward packet with link-local address. experimental support for new loopback packet handling (with FAKE_LOOPBACK_IF, rcvif will be set to real outgoing interface, not the loopback, to honor scope) sync with kame.
|
#
1.6 |
|
15-May-2000 |
itojun |
perform NUD on p2p link, only if the destination/gateway is real neighbor. this removes temporary workaround (no NUD on p2p link). KAME PR 245.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.5 |
|
17-Apr-2000 |
itojun |
revisit in6_ifattach(). (1) make it more persistent about initializaing an interface (2) cleanup interface id selection. run NUD on p2p interface (required by spec for bidir p2p interface). add "ndp -i interface" (can tweak per-interface ND flag). (sync with more recent kame)
|
#
1.4 |
|
28-Feb-2000 |
itojun |
bring in recent KAME changes (only important and stable ones, as usual). - remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works just like "arp -s". - revise source address selection. be more careful about use of yet-to-be-valid addresses as source. - as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope packet forwarding attempt. - path MTU discovery takes care of routing header properly. - be more strict about mbuf chain parsing. - nuke xxCTL_VARS #define, they are for BSDI. - disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit IPv6 model where multiple address on interface is normal. (kernel side supports them for a while for backward compat, the support will be nuked shortly) - introduce "default outgoing interface" (for spec conformance in very rare case)
|
Revision tags: SMP_BASE
|
#
1.3 |
|
04-Feb-2000 |
itojun |
branches: 1.3.2; more coverage of in6_ifdetach()'s cleanup process. bug fix in SIOCGIFADDR_IN6 (point to point case).
|
#
1.2 |
|
08-Jan-2000 |
deraadt |
use arc4random() instead of random for two reasons. 1) on some architectures, random() should only be used by the scheduler (ie. statintr() because it is uniformly distributed 2) arc4random() is actually strong, random() is not at all
|
Revision tags: kame_19991208
|
#
1.1 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
#
1.78 |
|
28-Jul-2022 |
kn |
Zap prototypes for nonexistent nd6_setmtu() and in6_ifdel()
Removed in 2015 and 2002, respectively.
OK claudio
|
#
1.77 |
|
22-Jul-2022 |
kn |
Leftovers from florian's RS/NA purge from the kernel in 2017.
OK bluhm
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE
|
#
1.76 |
|
28-Mar-2020 |
florian |
Move ND6_PRIV_* constants from nd6.h to slaacd the only place where they are used. Nobody in the wider eco system uses these. While here reduce temporary address valid lifetime to 2 days as per draft-ietf-6man-rfc4941bis. This should considerably reduce the amount of addresses configured on an interface - a common complaint. Original diff from Fernando Gont (fernando AT gont.com.ar), thanks! Ports tree scanning by sthen@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.75 |
|
21-Jun-2019 |
mpi |
Prevent recursions by not deleting entries inside rtable_walk(9).
rtable_walk(9) now passes a routing entry back to the caller when a non zero value is returned and if it asked for it. This allows us to call rtdeletemsg()/rtrequest_delete() from the caller without creating a recursion because of rtflushclone().
Multicast code hasn't been adapted and is still possibly creating recursions. However multicast route entries aren't cloned so if a recursion exists it isn't because of rtflushclone().
Fix stack exhaustion triggered by the use of "-msave-args".
Issue reported by D��niel L��vai on bugs@ confirmed by and ok bluhm@.
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.74 |
|
27-Nov-2017 |
mpi |
Use a single timer for all ND6 entries.
This prevents a use-after-free reported by Hrvoje Popovski where the timeout function was already sleeping on the NET_LOCK() when ifconfig(8) removed the enry from the table.
By iterating on a global list in the timeout routine we ensure that the items are still valid when we process them. This also reduce differences with ARP.
ok bluhm@, visa@
|
#
1.73 |
|
03-Nov-2017 |
florian |
We are processing Router Solicitation / Advertisement messages only for the Source Link-layer Address Options. Merge nd6_rs_input() and nd6_ra_input() into one generic function that does just that.
input & OK mpi
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.72 |
|
09-Aug-2017 |
florian |
Remove knob and always do neighbor unreachable detection.
|
#
1.71 |
|
09-Aug-2017 |
florian |
accept_rtadv doesn't do anything since some time. OK mpi
|
#
1.70 |
|
09-Aug-2017 |
florian |
We are no longer generating privacy addresses in the kernel. OK mpi
|
#
1.69 |
|
08-Aug-2017 |
florian |
Stop running nd6_expire every second. We know when pltime or vltime decrease to zero. Run nd6_expire then. Input & OK mpi, bluhm
|
#
1.68 |
|
12-Jul-2017 |
florian |
Get rid of ICMPV6CTL_ND6_DRLIST and ICMPV6CTL_ND6_PRLIST sysctls With this we can also get rid of in6_prefix and in6_defrouter. They are meaningless, the kernel no longer tracks this information.
Pointed out by & OK mpi
|
#
1.67 |
|
11-Jul-2017 |
florian |
Purging is at last at hand. Day of Doom is here. All that is evil shall all be cleansed.
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Input & OK bluhm@, mpi@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.66 |
|
27-Dec-2016 |
bluhm |
Move nd6 timer initialisation to nd6_init() and call timeout_set() only once during init. OK mpi@
|
#
1.65 |
|
28-Nov-2016 |
mpi |
Remove multiple recursive splsoftnet().
ok bluhm@
|
#
1.64 |
|
21-Nov-2016 |
mpi |
Assert that prelist_update() is always called at IPL_SOFTNET.
While here use __func__ in debug strings to reduce noise when grepping.
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.63 |
|
13-Jul-2016 |
dlg |
store nd6 expiries in the route, not separately in the llinfo struct.
this makes it more consistent with arp, and makes expiries visible via route(8) get as well as ndp(8).
ok mpi@ florian@
|
#
1.62 |
|
15-Jun-2016 |
mpi |
Kill nd6_output(), it doesn't do anything since the resolution logic has been moved to nd6_resolve().
ok visa@, millert@, florian@, sthen@
|
#
1.61 |
|
08-Jun-2016 |
mpi |
Move ND resoluton logic from nd6_output() to nd6_storelladdr() and rename it to nd6_resolve().
This allows us to get rid of non-Ethernet hacks by moving Ethernet specific logic in the appropriate layer.
ok sthen@
|
#
1.60 |
|
01-Jun-2016 |
dlg |
make nd6_llinfo_settimer take seconds instead of ticks.
most callers are working in seconds, internally it uses seconds, and you can call timeout_add_sec as easily as timeout_add.
this also fixes an issue with an nd_defrouter expire which was incorrectly scaled with ticks in a comparison.
ok mpi@
|
#
1.59 |
|
30-May-2016 |
dlg |
remove code compensating for the "short" range of timeouts.
the nd6 code for managing expiries is never asked to handle intervals greater than what timeouts can handle, so we dont need to overcompensate.
the code was also incorrect by using a long, which isnt that long on ILP32 machines.
ok mpi@ millert@ benno@
|
#
1.58 |
|
30-Mar-2016 |
mpi |
Implement proxy ARP for ART based on mpath support.
Since mpath is not enabled in RAMDISK, proxy ARP won't work there either.
ok bluhm@
|
#
1.57 |
|
03-Mar-2016 |
jca |
Kill IPv6 prefix and router renumbering ioctls.
Router renumbering was never supported, prefix ioctls were deprecated ~15 years ago. Move some items in netinet6/nd6.h where they are still used.
ok mikeb@ mpi@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.56 |
|
18-Dec-2015 |
tb |
Convert arc4random() to arc4random_uniorm(). Diff by Matthew Martin.
Ensure that arc4random_uniform() doesn't loop by redefining ND6_MAX_DESYNC_FACTOR to be 512, the largest power of two smaller than the RFC-specified 600 seconds. Suggested by florian@ and deraadt@
ok florian@, sthen@ in this form, arc4random change ok djm@, tedu@
|
#
1.55 |
|
06-Nov-2015 |
mpi |
Change nd6_nud_hint() to no longer manipulate rt_ifp directly.
While here remove unused argument and convert the route check to rtisvalid(9).
ok bluhm@
|
#
1.54 |
|
02-Nov-2015 |
bluhm |
Implement the list of nd6 llinfo entries with a TAILQ. OK millert@ mpi@
|
#
1.53 |
|
02-Nov-2015 |
mpi |
Prefer an existing refcounted ``ifp'' to rt_ifp when possible or use the interface index directly.
ok bluhm@
|
#
1.52 |
|
28-Oct-2015 |
florian |
Remove linkmtu and maxmtu from struct nd_ifinfo. IN6_LINKMTU can now die and ifp->if_mtu is the one true mtu. Suggested by and OK mpi@
|
#
1.51 |
|
25-Oct-2015 |
mpi |
Introduce if_rtrequest() the successor of ifa_rtrequest().
L2 resolution depends on the protocol (encoded in the route entry) and an ``ifp''. Not having to care about an ``ifa'' makes our life easier in our MP effort. Fewer dependencies between data structures implies fewer headaches.
Discussed with bluhm@, ok claudio@
|
#
1.50 |
|
24-Oct-2015 |
mpi |
Ignore Router Advertisment's current hop limit.
Appart from the usual inet6 axe murdering exercise to keep you fit, this allows us to get rid of a lot of layer violation due to the use of per- ifp variables to store the current hop limit.
Imputs from bluhm@, ok phessler@, florian@, bluhm@
|
#
1.49 |
|
31-Aug-2015 |
mpi |
The return value of nd6_cache_lladdr() is never used so make it a void.
Fewer "struct rtentry" left in the wild!
|
#
1.48 |
|
24-Aug-2015 |
mpi |
nd6_prefix_add() is no longer used and die.
|
#
1.47 |
|
24-Aug-2015 |
mpi |
Start moving away from the global prefix list by limiting its usage to AUTOCONF'd addresses.
This prevent the kernel from removing connected (/64) routes as soon as it configures an AUTOCONF'd address based on a RA.
Tested by sebastia@, ok sthen@
|
#
1.46 |
|
24-Aug-2015 |
mpi |
Rework the code to decide when to perform DAD to no longer rely on the IN6_IFF_NODAD pseudo-flag not being set.
This was just a flag for spaghetti code that should not exist in the first place.
Tested by sebastia@, ok sthen@
|
#
1.45 |
|
18-Aug-2015 |
mpi |
Call rtfree(9) when we no longer need the route entry rather than decrementing rt_refcnt just after rtrequest1(9).
While here reduce the differences with rt_ifa_add(9). There's still an ambiguity about rtrequest1(9)'s return value, but bluhm@ will address that in a different diff.
Discussed with and ok bluhm@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.44 |
|
18-Jul-2015 |
mpi |
Merge two identical chunks to add new prefixes to the global data structures into a function.
ok florian@
|
#
1.43 |
|
16-Jul-2015 |
mpi |
Properly layer Router Solicitation code.
Tweak and ok florian@
|
#
1.42 |
|
09-Jul-2015 |
mpi |
Remove unused arguments and the associated code from nd6_nud_hint().
ok claudio@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.41 |
|
20-Nov-2014 |
mpi |
Rework the handling of interfaces and IPv6 addresses for local delivery.
- Unicast packets sent to any local address will have their interface set to loobpack.
- In order to differentiate traffic from interfaces having identical link-local addresses, provide the scoped addresses to pf(4).
- Update the icmp6 state lookup logic to match scoped MLL addresses.
- Remove a shortcut in ip6_input() that bypasses pf and always look for an RTF_LOCAL route.
Packets sent to multicast addresses still retain their original interface due to the fact that local multicast packet delivering does not use if_output.
This makes ping6 to link-local addresses work even with pf enabled and "set skip" on loopbacks, reported by Pieter Verberne.
Debugged, analysed and tested with mikeb@.
ok mikeb@, henning@, sthen@
|
#
1.40 |
|
10-Nov-2014 |
mpi |
Do not pass an ifa pointer when we already have a DAD descriptor.
Tweaks and ok florian@
|
#
1.39 |
|
25-Aug-2014 |
florian |
Move sending of router solicitations to the kernel; receiving and processing of router advertisements was already in the kernel. With this rtsol{,d}(8) is no longer necessary.
The kernel starts sending solicitations with # ifconfig $IF inet6 autoconf or inet6 autoconf in /etc/hostname.$IF.
input stsp@ much help & OK mpi@ tweaks & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.38 |
|
11-Jul-2014 |
blambert |
move IPv6 prefix adding from workq to taskq; as a happy benefit, we can delete 2 dozen or so lines that check to see if we've queued up a prefix addition multiple times.
ok stsp@
|
#
1.37 |
|
07-May-2014 |
mpi |
Kill the {nd6_,}useloopback buttons, using the loopback interface for local traffic is not optional.
ok mikeb@, stsp@, jca@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.36 |
|
07-Jan-2014 |
mikeb |
Propagate an rdomain number to the nd6_lookup independently from the ifp pointer which can be NULL. This prevents a crash reported by David Hill <dhill at mindcry ! org>. OK bluhm
|
#
1.35 |
|
25-Oct-2013 |
deraadt |
More _KERNEL namespace cleanup, just in case something out there includes this.
|
#
1.34 |
|
28-Aug-2013 |
mpi |
Remove unused argument from *rtrequest()
ok krw@, mikeb@
|
#
1.33 |
|
26-Aug-2013 |
bluhm |
No one uses the obsolete IPv6 ioctls SIOCGDRLST_IN6, SIOCGPRLST_IN6, OSIOCGIFINFO_IN6 anymore. Remove them together with the structs in6_drlist, in6_oprlist, in6_prlist, in6_ondireq and the kernel implementation. OK mikeb@ henning@
|
#
1.32 |
|
11-Aug-2013 |
bluhm |
To control the lifetime of IPv6 addresses, prefixes and default routers, the kernel and ndp use a bunch of expire fields. Before they were int or u_long, convert expire to time_t in all structs. Move vltime and pltime to u_int32_t everywhere. Sort struct fields by size. Struct inet6_ndpr_msghdr is not used at all, so remove it.
Binary compatibility of rtsold and ndp break with this change as rtsold uses in6_drlist and ndp uses in6_defrouter and in6_prefix to interact with the kernel.
OK mpi@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.31 |
|
01-Jul-2013 |
bluhm |
Do not access queue fields directly, use FOREACH() macro instead. No binary change. OK mikeb@ mpi@
|
#
1.30 |
|
11-Mar-2013 |
mpi |
Remove unused code manipulating a default interface and its index, This is a leftover from the on-link assumption behavior removal, which has been deprecated by RFC4861 anyway.
ok mikeb@, bluhm@, florian@
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.29 |
|
14-Feb-2012 |
sthen |
typo in comment.
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.28 |
|
03-Apr-2011 |
stsp |
fix typos in comments ok deraadt henning sthen thib (though thib says he can't spell)
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE
|
#
1.27 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE
|
#
1.26 |
|
11-Jun-2008 |
mcbride |
From KAME, allow adjustable limits on NDP entries and discovered routes.
ok mpf naddy
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.25 |
|
08-Jul-2003 |
itojun |
unifdef -U__otherBSD__
|
#
1.24 |
|
27-Jun-2003 |
itojun |
split ND6 cache timer management to per-entry. increased accuracy, no O(N) loop. sync w/ kame. marc tested, daniel ok
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_A UBC_SYNC_B
|
#
1.23 |
|
08-Jun-2002 |
itojun |
gc
|
#
1.22 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.21 |
|
07-Jun-2002 |
itojun |
cope with cases where maxmtu == 0 (shouldn't happen)
|
#
1.20 |
|
05-Jun-2002 |
itojun |
be sure to use L3 MTU, not L2 MTU, when specified in spec (affects FDDI/ARCnet)
|
#
1.19 |
|
30-May-2002 |
itojun |
improve nd6_setmtu(), to warn too-small MTU on SIOCSIFMTU. sync w/kame
|
#
1.18 |
|
29-May-2002 |
itojun |
no need to supply obsolete field name "receivedra"
|
#
1.17 |
|
29-May-2002 |
itojun |
attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.16 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
#
1.15 |
|
23-Jan-2002 |
fgsch |
compatability -> compatibility.
|
Revision tags: OPENBSD_2_9_BASE OPENBSD_3_0_BASE UBC_BASE
|
#
1.14 |
|
23-Feb-2001 |
itojun |
branches: 1.14.6; garbage-collect stale ND entries (default: 1 day). RFC 2461 5.3. sync with kame.
|
#
1.13 |
|
23-Feb-2001 |
itojun |
remove unnecessary state, ND6_LLINFO_WAITDELETE, from neighbor cache state machine. no need for RTF_REJECT on neighbor cache entires, they are leftover from ARP code. sync with kame.
|
#
1.12 |
|
08-Feb-2001 |
itojun |
when chasing nd6_llinfo chain, make sure we do not touch dangling pointer (due to RTM_DELETE during default router list management). from kame
|
#
1.11 |
|
08-Feb-2001 |
itojun |
use timeout_xx() throughout sys/netinet6. sync with kame.
|
#
1.10 |
|
07-Feb-2001 |
itojun |
by default, don't bark on inbound ND messages, as outsider may be able to fill up /var with bogus packets. setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid ND packet and other occasions.
improve icmp6 stats.
|
#
1.9 |
|
19-Jan-2001 |
itojun |
pull post-4.4BSD change to sys/net/route.c from BSD/OS 4.2 (UCB copyrighted).
have sys/net/route.c:rtrequest1(), which takes rt_addrinfo * as the argument. pass rt_addrinfo all the way down to rtrequest, and ifa->ifa_rtrequest. 3rd arg of ifa->ifa_rtrequest is now rt_addrinfo * instead of sockaddr * (almost noone is using it anyways).
benefit: the follwoing command now works. previously we need two route(8) invocations, "add" then "change". # route add -inet6 default ::1 -ifp gif0
remove unsafe typecast in rtrequest(), from rtentry * to sockaddr *. it was introduced by 4.3BSD-reno and never corrected.
XXX is eon_rtrequest() change correct regarding to 3rd arg? eon_rtrequest() and rtrequest() were incorrect since 4.3BSD-reno, so i do not have correct answer in the source code. someone with more clue about netiso-over-ip, please help.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.8 |
|
06-Jul-2000 |
itojun |
- more icmp6/ip6 stats. - protect IPv6 ND from being hosed (due to neighbor unreachability detection hint) by wrong tcp traffic. still not sure if there's real attack, but it is good to be cautious. - avoid bitfield for router renumbering header decl. - implement packet-per-sec limitation for icmp6 errors, turn interval limit off (it is not very useful due to unix timer resolution).
|
#
1.7 |
|
19-May-2000 |
itojun |
never forward packet with link-local address. experimental support for new loopback packet handling (with FAKE_LOOPBACK_IF, rcvif will be set to real outgoing interface, not the loopback, to honor scope) sync with kame.
|
#
1.6 |
|
15-May-2000 |
itojun |
perform NUD on p2p link, only if the destination/gateway is real neighbor. this removes temporary workaround (no NUD on p2p link). KAME PR 245.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.5 |
|
17-Apr-2000 |
itojun |
revisit in6_ifattach(). (1) make it more persistent about initializaing an interface (2) cleanup interface id selection. run NUD on p2p interface (required by spec for bidir p2p interface). add "ndp -i interface" (can tweak per-interface ND flag). (sync with more recent kame)
|
#
1.4 |
|
28-Feb-2000 |
itojun |
bring in recent KAME changes (only important and stable ones, as usual). - remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works just like "arp -s". - revise source address selection. be more careful about use of yet-to-be-valid addresses as source. - as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope packet forwarding attempt. - path MTU discovery takes care of routing header properly. - be more strict about mbuf chain parsing. - nuke xxCTL_VARS #define, they are for BSDI. - disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit IPv6 model where multiple address on interface is normal. (kernel side supports them for a while for backward compat, the support will be nuked shortly) - introduce "default outgoing interface" (for spec conformance in very rare case)
|
Revision tags: SMP_BASE
|
#
1.3 |
|
04-Feb-2000 |
itojun |
branches: 1.3.2; more coverage of in6_ifdetach()'s cleanup process. bug fix in SIOCGIFADDR_IN6 (point to point case).
|
#
1.2 |
|
08-Jan-2000 |
deraadt |
use arc4random() instead of random for two reasons. 1) on some architectures, random() should only be used by the scheduler (ie. statintr() because it is uniformly distributed 2) arc4random() is actually strong, random() is not at all
|
Revision tags: kame_19991208
|
#
1.1 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
#
1.77 |
|
22-Jul-2022 |
kn |
Leftovers from florian's RS/NA purge from the kernel in 2017.
OK bluhm
|
Revision tags: OPENBSD_6_7_BASE OPENBSD_6_8_BASE OPENBSD_6_9_BASE OPENBSD_7_0_BASE OPENBSD_7_1_BASE
|
#
1.76 |
|
28-Mar-2020 |
florian |
Move ND6_PRIV_* constants from nd6.h to slaacd the only place where they are used. Nobody in the wider eco system uses these. While here reduce temporary address valid lifetime to 2 days as per draft-ietf-6man-rfc4941bis. This should considerably reduce the amount of addresses configured on an interface - a common complaint. Original diff from Fernando Gont (fernando AT gont.com.ar), thanks! Ports tree scanning by sthen@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.75 |
|
21-Jun-2019 |
mpi |
Prevent recursions by not deleting entries inside rtable_walk(9).
rtable_walk(9) now passes a routing entry back to the caller when a non zero value is returned and if it asked for it. This allows us to call rtdeletemsg()/rtrequest_delete() from the caller without creating a recursion because of rtflushclone().
Multicast code hasn't been adapted and is still possibly creating recursions. However multicast route entries aren't cloned so if a recursion exists it isn't because of rtflushclone().
Fix stack exhaustion triggered by the use of "-msave-args".
Issue reported by D��niel L��vai on bugs@ confirmed by and ok bluhm@.
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.74 |
|
27-Nov-2017 |
mpi |
Use a single timer for all ND6 entries.
This prevents a use-after-free reported by Hrvoje Popovski where the timeout function was already sleeping on the NET_LOCK() when ifconfig(8) removed the enry from the table.
By iterating on a global list in the timeout routine we ensure that the items are still valid when we process them. This also reduce differences with ARP.
ok bluhm@, visa@
|
#
1.73 |
|
03-Nov-2017 |
florian |
We are processing Router Solicitation / Advertisement messages only for the Source Link-layer Address Options. Merge nd6_rs_input() and nd6_ra_input() into one generic function that does just that.
input & OK mpi
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.72 |
|
09-Aug-2017 |
florian |
Remove knob and always do neighbor unreachable detection.
|
#
1.71 |
|
09-Aug-2017 |
florian |
accept_rtadv doesn't do anything since some time. OK mpi
|
#
1.70 |
|
09-Aug-2017 |
florian |
We are no longer generating privacy addresses in the kernel. OK mpi
|
#
1.69 |
|
08-Aug-2017 |
florian |
Stop running nd6_expire every second. We know when pltime or vltime decrease to zero. Run nd6_expire then. Input & OK mpi, bluhm
|
#
1.68 |
|
12-Jul-2017 |
florian |
Get rid of ICMPV6CTL_ND6_DRLIST and ICMPV6CTL_ND6_PRLIST sysctls With this we can also get rid of in6_prefix and in6_defrouter. They are meaningless, the kernel no longer tracks this information.
Pointed out by & OK mpi
|
#
1.67 |
|
11-Jul-2017 |
florian |
Purging is at last at hand. Day of Doom is here. All that is evil shall all be cleansed.
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Input & OK bluhm@, mpi@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.66 |
|
27-Dec-2016 |
bluhm |
Move nd6 timer initialisation to nd6_init() and call timeout_set() only once during init. OK mpi@
|
#
1.65 |
|
28-Nov-2016 |
mpi |
Remove multiple recursive splsoftnet().
ok bluhm@
|
#
1.64 |
|
21-Nov-2016 |
mpi |
Assert that prelist_update() is always called at IPL_SOFTNET.
While here use __func__ in debug strings to reduce noise when grepping.
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.63 |
|
13-Jul-2016 |
dlg |
store nd6 expiries in the route, not separately in the llinfo struct.
this makes it more consistent with arp, and makes expiries visible via route(8) get as well as ndp(8).
ok mpi@ florian@
|
#
1.62 |
|
15-Jun-2016 |
mpi |
Kill nd6_output(), it doesn't do anything since the resolution logic has been moved to nd6_resolve().
ok visa@, millert@, florian@, sthen@
|
#
1.61 |
|
08-Jun-2016 |
mpi |
Move ND resoluton logic from nd6_output() to nd6_storelladdr() and rename it to nd6_resolve().
This allows us to get rid of non-Ethernet hacks by moving Ethernet specific logic in the appropriate layer.
ok sthen@
|
#
1.60 |
|
01-Jun-2016 |
dlg |
make nd6_llinfo_settimer take seconds instead of ticks.
most callers are working in seconds, internally it uses seconds, and you can call timeout_add_sec as easily as timeout_add.
this also fixes an issue with an nd_defrouter expire which was incorrectly scaled with ticks in a comparison.
ok mpi@
|
#
1.59 |
|
30-May-2016 |
dlg |
remove code compensating for the "short" range of timeouts.
the nd6 code for managing expiries is never asked to handle intervals greater than what timeouts can handle, so we dont need to overcompensate.
the code was also incorrect by using a long, which isnt that long on ILP32 machines.
ok mpi@ millert@ benno@
|
#
1.58 |
|
30-Mar-2016 |
mpi |
Implement proxy ARP for ART based on mpath support.
Since mpath is not enabled in RAMDISK, proxy ARP won't work there either.
ok bluhm@
|
#
1.57 |
|
03-Mar-2016 |
jca |
Kill IPv6 prefix and router renumbering ioctls.
Router renumbering was never supported, prefix ioctls were deprecated ~15 years ago. Move some items in netinet6/nd6.h where they are still used.
ok mikeb@ mpi@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.56 |
|
18-Dec-2015 |
tb |
Convert arc4random() to arc4random_uniorm(). Diff by Matthew Martin.
Ensure that arc4random_uniform() doesn't loop by redefining ND6_MAX_DESYNC_FACTOR to be 512, the largest power of two smaller than the RFC-specified 600 seconds. Suggested by florian@ and deraadt@
ok florian@, sthen@ in this form, arc4random change ok djm@, tedu@
|
#
1.55 |
|
06-Nov-2015 |
mpi |
Change nd6_nud_hint() to no longer manipulate rt_ifp directly.
While here remove unused argument and convert the route check to rtisvalid(9).
ok bluhm@
|
#
1.54 |
|
02-Nov-2015 |
bluhm |
Implement the list of nd6 llinfo entries with a TAILQ. OK millert@ mpi@
|
#
1.53 |
|
02-Nov-2015 |
mpi |
Prefer an existing refcounted ``ifp'' to rt_ifp when possible or use the interface index directly.
ok bluhm@
|
#
1.52 |
|
28-Oct-2015 |
florian |
Remove linkmtu and maxmtu from struct nd_ifinfo. IN6_LINKMTU can now die and ifp->if_mtu is the one true mtu. Suggested by and OK mpi@
|
#
1.51 |
|
25-Oct-2015 |
mpi |
Introduce if_rtrequest() the successor of ifa_rtrequest().
L2 resolution depends on the protocol (encoded in the route entry) and an ``ifp''. Not having to care about an ``ifa'' makes our life easier in our MP effort. Fewer dependencies between data structures implies fewer headaches.
Discussed with bluhm@, ok claudio@
|
#
1.50 |
|
24-Oct-2015 |
mpi |
Ignore Router Advertisment's current hop limit.
Appart from the usual inet6 axe murdering exercise to keep you fit, this allows us to get rid of a lot of layer violation due to the use of per- ifp variables to store the current hop limit.
Imputs from bluhm@, ok phessler@, florian@, bluhm@
|
#
1.49 |
|
31-Aug-2015 |
mpi |
The return value of nd6_cache_lladdr() is never used so make it a void.
Fewer "struct rtentry" left in the wild!
|
#
1.48 |
|
24-Aug-2015 |
mpi |
nd6_prefix_add() is no longer used and die.
|
#
1.47 |
|
24-Aug-2015 |
mpi |
Start moving away from the global prefix list by limiting its usage to AUTOCONF'd addresses.
This prevent the kernel from removing connected (/64) routes as soon as it configures an AUTOCONF'd address based on a RA.
Tested by sebastia@, ok sthen@
|
#
1.46 |
|
24-Aug-2015 |
mpi |
Rework the code to decide when to perform DAD to no longer rely on the IN6_IFF_NODAD pseudo-flag not being set.
This was just a flag for spaghetti code that should not exist in the first place.
Tested by sebastia@, ok sthen@
|
#
1.45 |
|
18-Aug-2015 |
mpi |
Call rtfree(9) when we no longer need the route entry rather than decrementing rt_refcnt just after rtrequest1(9).
While here reduce the differences with rt_ifa_add(9). There's still an ambiguity about rtrequest1(9)'s return value, but bluhm@ will address that in a different diff.
Discussed with and ok bluhm@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.44 |
|
18-Jul-2015 |
mpi |
Merge two identical chunks to add new prefixes to the global data structures into a function.
ok florian@
|
#
1.43 |
|
16-Jul-2015 |
mpi |
Properly layer Router Solicitation code.
Tweak and ok florian@
|
#
1.42 |
|
09-Jul-2015 |
mpi |
Remove unused arguments and the associated code from nd6_nud_hint().
ok claudio@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.41 |
|
20-Nov-2014 |
mpi |
Rework the handling of interfaces and IPv6 addresses for local delivery.
- Unicast packets sent to any local address will have their interface set to loobpack.
- In order to differentiate traffic from interfaces having identical link-local addresses, provide the scoped addresses to pf(4).
- Update the icmp6 state lookup logic to match scoped MLL addresses.
- Remove a shortcut in ip6_input() that bypasses pf and always look for an RTF_LOCAL route.
Packets sent to multicast addresses still retain their original interface due to the fact that local multicast packet delivering does not use if_output.
This makes ping6 to link-local addresses work even with pf enabled and "set skip" on loopbacks, reported by Pieter Verberne.
Debugged, analysed and tested with mikeb@.
ok mikeb@, henning@, sthen@
|
#
1.40 |
|
10-Nov-2014 |
mpi |
Do not pass an ifa pointer when we already have a DAD descriptor.
Tweaks and ok florian@
|
#
1.39 |
|
25-Aug-2014 |
florian |
Move sending of router solicitations to the kernel; receiving and processing of router advertisements was already in the kernel. With this rtsol{,d}(8) is no longer necessary.
The kernel starts sending solicitations with # ifconfig $IF inet6 autoconf or inet6 autoconf in /etc/hostname.$IF.
input stsp@ much help & OK mpi@ tweaks & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.38 |
|
11-Jul-2014 |
blambert |
move IPv6 prefix adding from workq to taskq; as a happy benefit, we can delete 2 dozen or so lines that check to see if we've queued up a prefix addition multiple times.
ok stsp@
|
#
1.37 |
|
07-May-2014 |
mpi |
Kill the {nd6_,}useloopback buttons, using the loopback interface for local traffic is not optional.
ok mikeb@, stsp@, jca@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.36 |
|
07-Jan-2014 |
mikeb |
Propagate an rdomain number to the nd6_lookup independently from the ifp pointer which can be NULL. This prevents a crash reported by David Hill <dhill at mindcry ! org>. OK bluhm
|
#
1.35 |
|
25-Oct-2013 |
deraadt |
More _KERNEL namespace cleanup, just in case something out there includes this.
|
#
1.34 |
|
28-Aug-2013 |
mpi |
Remove unused argument from *rtrequest()
ok krw@, mikeb@
|
#
1.33 |
|
26-Aug-2013 |
bluhm |
No one uses the obsolete IPv6 ioctls SIOCGDRLST_IN6, SIOCGPRLST_IN6, OSIOCGIFINFO_IN6 anymore. Remove them together with the structs in6_drlist, in6_oprlist, in6_prlist, in6_ondireq and the kernel implementation. OK mikeb@ henning@
|
#
1.32 |
|
11-Aug-2013 |
bluhm |
To control the lifetime of IPv6 addresses, prefixes and default routers, the kernel and ndp use a bunch of expire fields. Before they were int or u_long, convert expire to time_t in all structs. Move vltime and pltime to u_int32_t everywhere. Sort struct fields by size. Struct inet6_ndpr_msghdr is not used at all, so remove it.
Binary compatibility of rtsold and ndp break with this change as rtsold uses in6_drlist and ndp uses in6_defrouter and in6_prefix to interact with the kernel.
OK mpi@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.31 |
|
01-Jul-2013 |
bluhm |
Do not access queue fields directly, use FOREACH() macro instead. No binary change. OK mikeb@ mpi@
|
#
1.30 |
|
11-Mar-2013 |
mpi |
Remove unused code manipulating a default interface and its index, This is a leftover from the on-link assumption behavior removal, which has been deprecated by RFC4861 anyway.
ok mikeb@, bluhm@, florian@
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.29 |
|
14-Feb-2012 |
sthen |
typo in comment.
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.28 |
|
03-Apr-2011 |
stsp |
fix typos in comments ok deraadt henning sthen thib (though thib says he can't spell)
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE
|
#
1.27 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE
|
#
1.26 |
|
11-Jun-2008 |
mcbride |
From KAME, allow adjustable limits on NDP entries and discovered routes.
ok mpf naddy
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.25 |
|
08-Jul-2003 |
itojun |
unifdef -U__otherBSD__
|
#
1.24 |
|
27-Jun-2003 |
itojun |
split ND6 cache timer management to per-entry. increased accuracy, no O(N) loop. sync w/ kame. marc tested, daniel ok
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_A UBC_SYNC_B
|
#
1.23 |
|
08-Jun-2002 |
itojun |
gc
|
#
1.22 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.21 |
|
07-Jun-2002 |
itojun |
cope with cases where maxmtu == 0 (shouldn't happen)
|
#
1.20 |
|
05-Jun-2002 |
itojun |
be sure to use L3 MTU, not L2 MTU, when specified in spec (affects FDDI/ARCnet)
|
#
1.19 |
|
30-May-2002 |
itojun |
improve nd6_setmtu(), to warn too-small MTU on SIOCSIFMTU. sync w/kame
|
#
1.18 |
|
29-May-2002 |
itojun |
no need to supply obsolete field name "receivedra"
|
#
1.17 |
|
29-May-2002 |
itojun |
attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.16 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
#
1.15 |
|
23-Jan-2002 |
fgsch |
compatability -> compatibility.
|
Revision tags: OPENBSD_2_9_BASE OPENBSD_3_0_BASE UBC_BASE
|
#
1.14 |
|
23-Feb-2001 |
itojun |
branches: 1.14.6; garbage-collect stale ND entries (default: 1 day). RFC 2461 5.3. sync with kame.
|
#
1.13 |
|
23-Feb-2001 |
itojun |
remove unnecessary state, ND6_LLINFO_WAITDELETE, from neighbor cache state machine. no need for RTF_REJECT on neighbor cache entires, they are leftover from ARP code. sync with kame.
|
#
1.12 |
|
08-Feb-2001 |
itojun |
when chasing nd6_llinfo chain, make sure we do not touch dangling pointer (due to RTM_DELETE during default router list management). from kame
|
#
1.11 |
|
08-Feb-2001 |
itojun |
use timeout_xx() throughout sys/netinet6. sync with kame.
|
#
1.10 |
|
07-Feb-2001 |
itojun |
by default, don't bark on inbound ND messages, as outsider may be able to fill up /var with bogus packets. setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid ND packet and other occasions.
improve icmp6 stats.
|
#
1.9 |
|
19-Jan-2001 |
itojun |
pull post-4.4BSD change to sys/net/route.c from BSD/OS 4.2 (UCB copyrighted).
have sys/net/route.c:rtrequest1(), which takes rt_addrinfo * as the argument. pass rt_addrinfo all the way down to rtrequest, and ifa->ifa_rtrequest. 3rd arg of ifa->ifa_rtrequest is now rt_addrinfo * instead of sockaddr * (almost noone is using it anyways).
benefit: the follwoing command now works. previously we need two route(8) invocations, "add" then "change". # route add -inet6 default ::1 -ifp gif0
remove unsafe typecast in rtrequest(), from rtentry * to sockaddr *. it was introduced by 4.3BSD-reno and never corrected.
XXX is eon_rtrequest() change correct regarding to 3rd arg? eon_rtrequest() and rtrequest() were incorrect since 4.3BSD-reno, so i do not have correct answer in the source code. someone with more clue about netiso-over-ip, please help.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.8 |
|
06-Jul-2000 |
itojun |
- more icmp6/ip6 stats. - protect IPv6 ND from being hosed (due to neighbor unreachability detection hint) by wrong tcp traffic. still not sure if there's real attack, but it is good to be cautious. - avoid bitfield for router renumbering header decl. - implement packet-per-sec limitation for icmp6 errors, turn interval limit off (it is not very useful due to unix timer resolution).
|
#
1.7 |
|
19-May-2000 |
itojun |
never forward packet with link-local address. experimental support for new loopback packet handling (with FAKE_LOOPBACK_IF, rcvif will be set to real outgoing interface, not the loopback, to honor scope) sync with kame.
|
#
1.6 |
|
15-May-2000 |
itojun |
perform NUD on p2p link, only if the destination/gateway is real neighbor. this removes temporary workaround (no NUD on p2p link). KAME PR 245.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.5 |
|
17-Apr-2000 |
itojun |
revisit in6_ifattach(). (1) make it more persistent about initializaing an interface (2) cleanup interface id selection. run NUD on p2p interface (required by spec for bidir p2p interface). add "ndp -i interface" (can tweak per-interface ND flag). (sync with more recent kame)
|
#
1.4 |
|
28-Feb-2000 |
itojun |
bring in recent KAME changes (only important and stable ones, as usual). - remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works just like "arp -s". - revise source address selection. be more careful about use of yet-to-be-valid addresses as source. - as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope packet forwarding attempt. - path MTU discovery takes care of routing header properly. - be more strict about mbuf chain parsing. - nuke xxCTL_VARS #define, they are for BSDI. - disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit IPv6 model where multiple address on interface is normal. (kernel side supports them for a while for backward compat, the support will be nuked shortly) - introduce "default outgoing interface" (for spec conformance in very rare case)
|
Revision tags: SMP_BASE
|
#
1.3 |
|
04-Feb-2000 |
itojun |
branches: 1.3.2; more coverage of in6_ifdetach()'s cleanup process. bug fix in SIOCGIFADDR_IN6 (point to point case).
|
#
1.2 |
|
08-Jan-2000 |
deraadt |
use arc4random() instead of random for two reasons. 1) on some architectures, random() should only be used by the scheduler (ie. statintr() because it is uniformly distributed 2) arc4random() is actually strong, random() is not at all
|
Revision tags: kame_19991208
|
#
1.1 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
#
1.76 |
|
28-Mar-2020 |
florian |
Move ND6_PRIV_* constants from nd6.h to slaacd the only place where they are used. Nobody in the wider eco system uses these. While here reduce temporary address valid lifetime to 2 days as per draft-ietf-6man-rfc4941bis. This should considerably reduce the amount of addresses configured on an interface - a common complaint. Original diff from Fernando Gont (fernando AT gont.com.ar), thanks! Ports tree scanning by sthen@
|
Revision tags: OPENBSD_6_6_BASE
|
#
1.75 |
|
21-Jun-2019 |
mpi |
Prevent recursions by not deleting entries inside rtable_walk(9).
rtable_walk(9) now passes a routing entry back to the caller when a non zero value is returned and if it asked for it. This allows us to call rtdeletemsg()/rtrequest_delete() from the caller without creating a recursion because of rtflushclone().
Multicast code hasn't been adapted and is still possibly creating recursions. However multicast route entries aren't cloned so if a recursion exists it isn't because of rtflushclone().
Fix stack exhaustion triggered by the use of "-msave-args".
Issue reported by D��niel L��vai on bugs@ confirmed by and ok bluhm@.
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.74 |
|
27-Nov-2017 |
mpi |
Use a single timer for all ND6 entries.
This prevents a use-after-free reported by Hrvoje Popovski where the timeout function was already sleeping on the NET_LOCK() when ifconfig(8) removed the enry from the table.
By iterating on a global list in the timeout routine we ensure that the items are still valid when we process them. This also reduce differences with ARP.
ok bluhm@, visa@
|
#
1.73 |
|
03-Nov-2017 |
florian |
We are processing Router Solicitation / Advertisement messages only for the Source Link-layer Address Options. Merge nd6_rs_input() and nd6_ra_input() into one generic function that does just that.
input & OK mpi
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.72 |
|
09-Aug-2017 |
florian |
Remove knob and always do neighbor unreachable detection.
|
#
1.71 |
|
09-Aug-2017 |
florian |
accept_rtadv doesn't do anything since some time. OK mpi
|
#
1.70 |
|
09-Aug-2017 |
florian |
We are no longer generating privacy addresses in the kernel. OK mpi
|
#
1.69 |
|
08-Aug-2017 |
florian |
Stop running nd6_expire every second. We know when pltime or vltime decrease to zero. Run nd6_expire then. Input & OK mpi, bluhm
|
#
1.68 |
|
12-Jul-2017 |
florian |
Get rid of ICMPV6CTL_ND6_DRLIST and ICMPV6CTL_ND6_PRLIST sysctls With this we can also get rid of in6_prefix and in6_defrouter. They are meaningless, the kernel no longer tracks this information.
Pointed out by & OK mpi
|
#
1.67 |
|
11-Jul-2017 |
florian |
Purging is at last at hand. Day of Doom is here. All that is evil shall all be cleansed.
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Input & OK bluhm@, mpi@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.66 |
|
27-Dec-2016 |
bluhm |
Move nd6 timer initialisation to nd6_init() and call timeout_set() only once during init. OK mpi@
|
#
1.65 |
|
28-Nov-2016 |
mpi |
Remove multiple recursive splsoftnet().
ok bluhm@
|
#
1.64 |
|
21-Nov-2016 |
mpi |
Assert that prelist_update() is always called at IPL_SOFTNET.
While here use __func__ in debug strings to reduce noise when grepping.
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.63 |
|
13-Jul-2016 |
dlg |
store nd6 expiries in the route, not separately in the llinfo struct.
this makes it more consistent with arp, and makes expiries visible via route(8) get as well as ndp(8).
ok mpi@ florian@
|
#
1.62 |
|
15-Jun-2016 |
mpi |
Kill nd6_output(), it doesn't do anything since the resolution logic has been moved to nd6_resolve().
ok visa@, millert@, florian@, sthen@
|
#
1.61 |
|
08-Jun-2016 |
mpi |
Move ND resoluton logic from nd6_output() to nd6_storelladdr() and rename it to nd6_resolve().
This allows us to get rid of non-Ethernet hacks by moving Ethernet specific logic in the appropriate layer.
ok sthen@
|
#
1.60 |
|
01-Jun-2016 |
dlg |
make nd6_llinfo_settimer take seconds instead of ticks.
most callers are working in seconds, internally it uses seconds, and you can call timeout_add_sec as easily as timeout_add.
this also fixes an issue with an nd_defrouter expire which was incorrectly scaled with ticks in a comparison.
ok mpi@
|
#
1.59 |
|
30-May-2016 |
dlg |
remove code compensating for the "short" range of timeouts.
the nd6 code for managing expiries is never asked to handle intervals greater than what timeouts can handle, so we dont need to overcompensate.
the code was also incorrect by using a long, which isnt that long on ILP32 machines.
ok mpi@ millert@ benno@
|
#
1.58 |
|
30-Mar-2016 |
mpi |
Implement proxy ARP for ART based on mpath support.
Since mpath is not enabled in RAMDISK, proxy ARP won't work there either.
ok bluhm@
|
#
1.57 |
|
03-Mar-2016 |
jca |
Kill IPv6 prefix and router renumbering ioctls.
Router renumbering was never supported, prefix ioctls were deprecated ~15 years ago. Move some items in netinet6/nd6.h where they are still used.
ok mikeb@ mpi@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.56 |
|
18-Dec-2015 |
tb |
Convert arc4random() to arc4random_uniorm(). Diff by Matthew Martin.
Ensure that arc4random_uniform() doesn't loop by redefining ND6_MAX_DESYNC_FACTOR to be 512, the largest power of two smaller than the RFC-specified 600 seconds. Suggested by florian@ and deraadt@
ok florian@, sthen@ in this form, arc4random change ok djm@, tedu@
|
#
1.55 |
|
06-Nov-2015 |
mpi |
Change nd6_nud_hint() to no longer manipulate rt_ifp directly.
While here remove unused argument and convert the route check to rtisvalid(9).
ok bluhm@
|
#
1.54 |
|
02-Nov-2015 |
bluhm |
Implement the list of nd6 llinfo entries with a TAILQ. OK millert@ mpi@
|
#
1.53 |
|
02-Nov-2015 |
mpi |
Prefer an existing refcounted ``ifp'' to rt_ifp when possible or use the interface index directly.
ok bluhm@
|
#
1.52 |
|
28-Oct-2015 |
florian |
Remove linkmtu and maxmtu from struct nd_ifinfo. IN6_LINKMTU can now die and ifp->if_mtu is the one true mtu. Suggested by and OK mpi@
|
#
1.51 |
|
25-Oct-2015 |
mpi |
Introduce if_rtrequest() the successor of ifa_rtrequest().
L2 resolution depends on the protocol (encoded in the route entry) and an ``ifp''. Not having to care about an ``ifa'' makes our life easier in our MP effort. Fewer dependencies between data structures implies fewer headaches.
Discussed with bluhm@, ok claudio@
|
#
1.50 |
|
24-Oct-2015 |
mpi |
Ignore Router Advertisment's current hop limit.
Appart from the usual inet6 axe murdering exercise to keep you fit, this allows us to get rid of a lot of layer violation due to the use of per- ifp variables to store the current hop limit.
Imputs from bluhm@, ok phessler@, florian@, bluhm@
|
#
1.49 |
|
31-Aug-2015 |
mpi |
The return value of nd6_cache_lladdr() is never used so make it a void.
Fewer "struct rtentry" left in the wild!
|
#
1.48 |
|
24-Aug-2015 |
mpi |
nd6_prefix_add() is no longer used and die.
|
#
1.47 |
|
24-Aug-2015 |
mpi |
Start moving away from the global prefix list by limiting its usage to AUTOCONF'd addresses.
This prevent the kernel from removing connected (/64) routes as soon as it configures an AUTOCONF'd address based on a RA.
Tested by sebastia@, ok sthen@
|
#
1.46 |
|
24-Aug-2015 |
mpi |
Rework the code to decide when to perform DAD to no longer rely on the IN6_IFF_NODAD pseudo-flag not being set.
This was just a flag for spaghetti code that should not exist in the first place.
Tested by sebastia@, ok sthen@
|
#
1.45 |
|
18-Aug-2015 |
mpi |
Call rtfree(9) when we no longer need the route entry rather than decrementing rt_refcnt just after rtrequest1(9).
While here reduce the differences with rt_ifa_add(9). There's still an ambiguity about rtrequest1(9)'s return value, but bluhm@ will address that in a different diff.
Discussed with and ok bluhm@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.44 |
|
18-Jul-2015 |
mpi |
Merge two identical chunks to add new prefixes to the global data structures into a function.
ok florian@
|
#
1.43 |
|
16-Jul-2015 |
mpi |
Properly layer Router Solicitation code.
Tweak and ok florian@
|
#
1.42 |
|
09-Jul-2015 |
mpi |
Remove unused arguments and the associated code from nd6_nud_hint().
ok claudio@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.41 |
|
20-Nov-2014 |
mpi |
Rework the handling of interfaces and IPv6 addresses for local delivery.
- Unicast packets sent to any local address will have their interface set to loobpack.
- In order to differentiate traffic from interfaces having identical link-local addresses, provide the scoped addresses to pf(4).
- Update the icmp6 state lookup logic to match scoped MLL addresses.
- Remove a shortcut in ip6_input() that bypasses pf and always look for an RTF_LOCAL route.
Packets sent to multicast addresses still retain their original interface due to the fact that local multicast packet delivering does not use if_output.
This makes ping6 to link-local addresses work even with pf enabled and "set skip" on loopbacks, reported by Pieter Verberne.
Debugged, analysed and tested with mikeb@.
ok mikeb@, henning@, sthen@
|
#
1.40 |
|
10-Nov-2014 |
mpi |
Do not pass an ifa pointer when we already have a DAD descriptor.
Tweaks and ok florian@
|
#
1.39 |
|
25-Aug-2014 |
florian |
Move sending of router solicitations to the kernel; receiving and processing of router advertisements was already in the kernel. With this rtsol{,d}(8) is no longer necessary.
The kernel starts sending solicitations with # ifconfig $IF inet6 autoconf or inet6 autoconf in /etc/hostname.$IF.
input stsp@ much help & OK mpi@ tweaks & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.38 |
|
11-Jul-2014 |
blambert |
move IPv6 prefix adding from workq to taskq; as a happy benefit, we can delete 2 dozen or so lines that check to see if we've queued up a prefix addition multiple times.
ok stsp@
|
#
1.37 |
|
07-May-2014 |
mpi |
Kill the {nd6_,}useloopback buttons, using the loopback interface for local traffic is not optional.
ok mikeb@, stsp@, jca@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.36 |
|
07-Jan-2014 |
mikeb |
Propagate an rdomain number to the nd6_lookup independently from the ifp pointer which can be NULL. This prevents a crash reported by David Hill <dhill at mindcry ! org>. OK bluhm
|
#
1.35 |
|
25-Oct-2013 |
deraadt |
More _KERNEL namespace cleanup, just in case something out there includes this.
|
#
1.34 |
|
28-Aug-2013 |
mpi |
Remove unused argument from *rtrequest()
ok krw@, mikeb@
|
#
1.33 |
|
26-Aug-2013 |
bluhm |
No one uses the obsolete IPv6 ioctls SIOCGDRLST_IN6, SIOCGPRLST_IN6, OSIOCGIFINFO_IN6 anymore. Remove them together with the structs in6_drlist, in6_oprlist, in6_prlist, in6_ondireq and the kernel implementation. OK mikeb@ henning@
|
#
1.32 |
|
11-Aug-2013 |
bluhm |
To control the lifetime of IPv6 addresses, prefixes and default routers, the kernel and ndp use a bunch of expire fields. Before they were int or u_long, convert expire to time_t in all structs. Move vltime and pltime to u_int32_t everywhere. Sort struct fields by size. Struct inet6_ndpr_msghdr is not used at all, so remove it.
Binary compatibility of rtsold and ndp break with this change as rtsold uses in6_drlist and ndp uses in6_defrouter and in6_prefix to interact with the kernel.
OK mpi@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.31 |
|
01-Jul-2013 |
bluhm |
Do not access queue fields directly, use FOREACH() macro instead. No binary change. OK mikeb@ mpi@
|
#
1.30 |
|
11-Mar-2013 |
mpi |
Remove unused code manipulating a default interface and its index, This is a leftover from the on-link assumption behavior removal, which has been deprecated by RFC4861 anyway.
ok mikeb@, bluhm@, florian@
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.29 |
|
14-Feb-2012 |
sthen |
typo in comment.
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.28 |
|
03-Apr-2011 |
stsp |
fix typos in comments ok deraadt henning sthen thib (though thib says he can't spell)
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE
|
#
1.27 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE
|
#
1.26 |
|
11-Jun-2008 |
mcbride |
From KAME, allow adjustable limits on NDP entries and discovered routes.
ok mpf naddy
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.25 |
|
08-Jul-2003 |
itojun |
unifdef -U__otherBSD__
|
#
1.24 |
|
27-Jun-2003 |
itojun |
split ND6 cache timer management to per-entry. increased accuracy, no O(N) loop. sync w/ kame. marc tested, daniel ok
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_A UBC_SYNC_B
|
#
1.23 |
|
08-Jun-2002 |
itojun |
gc
|
#
1.22 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.21 |
|
07-Jun-2002 |
itojun |
cope with cases where maxmtu == 0 (shouldn't happen)
|
#
1.20 |
|
05-Jun-2002 |
itojun |
be sure to use L3 MTU, not L2 MTU, when specified in spec (affects FDDI/ARCnet)
|
#
1.19 |
|
30-May-2002 |
itojun |
improve nd6_setmtu(), to warn too-small MTU on SIOCSIFMTU. sync w/kame
|
#
1.18 |
|
29-May-2002 |
itojun |
no need to supply obsolete field name "receivedra"
|
#
1.17 |
|
29-May-2002 |
itojun |
attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.16 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
#
1.15 |
|
23-Jan-2002 |
fgsch |
compatability -> compatibility.
|
Revision tags: OPENBSD_2_9_BASE OPENBSD_3_0_BASE UBC_BASE
|
#
1.14 |
|
23-Feb-2001 |
itojun |
branches: 1.14.6; garbage-collect stale ND entries (default: 1 day). RFC 2461 5.3. sync with kame.
|
#
1.13 |
|
23-Feb-2001 |
itojun |
remove unnecessary state, ND6_LLINFO_WAITDELETE, from neighbor cache state machine. no need for RTF_REJECT on neighbor cache entires, they are leftover from ARP code. sync with kame.
|
#
1.12 |
|
08-Feb-2001 |
itojun |
when chasing nd6_llinfo chain, make sure we do not touch dangling pointer (due to RTM_DELETE during default router list management). from kame
|
#
1.11 |
|
08-Feb-2001 |
itojun |
use timeout_xx() throughout sys/netinet6. sync with kame.
|
#
1.10 |
|
07-Feb-2001 |
itojun |
by default, don't bark on inbound ND messages, as outsider may be able to fill up /var with bogus packets. setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid ND packet and other occasions.
improve icmp6 stats.
|
#
1.9 |
|
19-Jan-2001 |
itojun |
pull post-4.4BSD change to sys/net/route.c from BSD/OS 4.2 (UCB copyrighted).
have sys/net/route.c:rtrequest1(), which takes rt_addrinfo * as the argument. pass rt_addrinfo all the way down to rtrequest, and ifa->ifa_rtrequest. 3rd arg of ifa->ifa_rtrequest is now rt_addrinfo * instead of sockaddr * (almost noone is using it anyways).
benefit: the follwoing command now works. previously we need two route(8) invocations, "add" then "change". # route add -inet6 default ::1 -ifp gif0
remove unsafe typecast in rtrequest(), from rtentry * to sockaddr *. it was introduced by 4.3BSD-reno and never corrected.
XXX is eon_rtrequest() change correct regarding to 3rd arg? eon_rtrequest() and rtrequest() were incorrect since 4.3BSD-reno, so i do not have correct answer in the source code. someone with more clue about netiso-over-ip, please help.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.8 |
|
06-Jul-2000 |
itojun |
- more icmp6/ip6 stats. - protect IPv6 ND from being hosed (due to neighbor unreachability detection hint) by wrong tcp traffic. still not sure if there's real attack, but it is good to be cautious. - avoid bitfield for router renumbering header decl. - implement packet-per-sec limitation for icmp6 errors, turn interval limit off (it is not very useful due to unix timer resolution).
|
#
1.7 |
|
19-May-2000 |
itojun |
never forward packet with link-local address. experimental support for new loopback packet handling (with FAKE_LOOPBACK_IF, rcvif will be set to real outgoing interface, not the loopback, to honor scope) sync with kame.
|
#
1.6 |
|
15-May-2000 |
itojun |
perform NUD on p2p link, only if the destination/gateway is real neighbor. this removes temporary workaround (no NUD on p2p link). KAME PR 245.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.5 |
|
17-Apr-2000 |
itojun |
revisit in6_ifattach(). (1) make it more persistent about initializaing an interface (2) cleanup interface id selection. run NUD on p2p interface (required by spec for bidir p2p interface). add "ndp -i interface" (can tweak per-interface ND flag). (sync with more recent kame)
|
#
1.4 |
|
28-Feb-2000 |
itojun |
bring in recent KAME changes (only important and stable ones, as usual). - remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works just like "arp -s". - revise source address selection. be more careful about use of yet-to-be-valid addresses as source. - as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope packet forwarding attempt. - path MTU discovery takes care of routing header properly. - be more strict about mbuf chain parsing. - nuke xxCTL_VARS #define, they are for BSDI. - disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit IPv6 model where multiple address on interface is normal. (kernel side supports them for a while for backward compat, the support will be nuked shortly) - introduce "default outgoing interface" (for spec conformance in very rare case)
|
Revision tags: SMP_BASE
|
#
1.3 |
|
04-Feb-2000 |
itojun |
branches: 1.3.2; more coverage of in6_ifdetach()'s cleanup process. bug fix in SIOCGIFADDR_IN6 (point to point case).
|
#
1.2 |
|
08-Jan-2000 |
deraadt |
use arc4random() instead of random for two reasons. 1) on some architectures, random() should only be used by the scheduler (ie. statintr() because it is uniformly distributed 2) arc4random() is actually strong, random() is not at all
|
Revision tags: kame_19991208
|
#
1.1 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
#
1.75 |
|
21-Jun-2019 |
mpi |
Prevent recursions by not deleting entries inside rtable_walk(9).
rtable_walk(9) now passes a routing entry back to the caller when a non zero value is returned and if it asked for it. This allows us to call rtdeletemsg()/rtrequest_delete() from the caller without creating a recursion because of rtflushclone().
Multicast code hasn't been adapted and is still possibly creating recursions. However multicast route entries aren't cloned so if a recursion exists it isn't because of rtflushclone().
Fix stack exhaustion triggered by the use of "-msave-args".
Issue reported by D��niel L��vai on bugs@ confirmed by and ok bluhm@.
|
Revision tags: OPENBSD_6_3_BASE OPENBSD_6_4_BASE OPENBSD_6_5_BASE
|
#
1.74 |
|
27-Nov-2017 |
mpi |
Use a single timer for all ND6 entries.
This prevents a use-after-free reported by Hrvoje Popovski where the timeout function was already sleeping on the NET_LOCK() when ifconfig(8) removed the enry from the table.
By iterating on a global list in the timeout routine we ensure that the items are still valid when we process them. This also reduce differences with ARP.
ok bluhm@, visa@
|
#
1.73 |
|
03-Nov-2017 |
florian |
We are processing Router Solicitation / Advertisement messages only for the Source Link-layer Address Options. Merge nd6_rs_input() and nd6_ra_input() into one generic function that does just that.
input & OK mpi
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.72 |
|
09-Aug-2017 |
florian |
Remove knob and always do neighbor unreachable detection.
|
#
1.71 |
|
09-Aug-2017 |
florian |
accept_rtadv doesn't do anything since some time. OK mpi
|
#
1.70 |
|
09-Aug-2017 |
florian |
We are no longer generating privacy addresses in the kernel. OK mpi
|
#
1.69 |
|
08-Aug-2017 |
florian |
Stop running nd6_expire every second. We know when pltime or vltime decrease to zero. Run nd6_expire then. Input & OK mpi, bluhm
|
#
1.68 |
|
12-Jul-2017 |
florian |
Get rid of ICMPV6CTL_ND6_DRLIST and ICMPV6CTL_ND6_PRLIST sysctls With this we can also get rid of in6_prefix and in6_defrouter. They are meaningless, the kernel no longer tracks this information.
Pointed out by & OK mpi
|
#
1.67 |
|
11-Jul-2017 |
florian |
Purging is at last at hand. Day of Doom is here. All that is evil shall all be cleansed.
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Input & OK bluhm@, mpi@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.66 |
|
27-Dec-2016 |
bluhm |
Move nd6 timer initialisation to nd6_init() and call timeout_set() only once during init. OK mpi@
|
#
1.65 |
|
28-Nov-2016 |
mpi |
Remove multiple recursive splsoftnet().
ok bluhm@
|
#
1.64 |
|
21-Nov-2016 |
mpi |
Assert that prelist_update() is always called at IPL_SOFTNET.
While here use __func__ in debug strings to reduce noise when grepping.
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.63 |
|
13-Jul-2016 |
dlg |
store nd6 expiries in the route, not separately in the llinfo struct.
this makes it more consistent with arp, and makes expiries visible via route(8) get as well as ndp(8).
ok mpi@ florian@
|
#
1.62 |
|
15-Jun-2016 |
mpi |
Kill nd6_output(), it doesn't do anything since the resolution logic has been moved to nd6_resolve().
ok visa@, millert@, florian@, sthen@
|
#
1.61 |
|
08-Jun-2016 |
mpi |
Move ND resoluton logic from nd6_output() to nd6_storelladdr() and rename it to nd6_resolve().
This allows us to get rid of non-Ethernet hacks by moving Ethernet specific logic in the appropriate layer.
ok sthen@
|
#
1.60 |
|
01-Jun-2016 |
dlg |
make nd6_llinfo_settimer take seconds instead of ticks.
most callers are working in seconds, internally it uses seconds, and you can call timeout_add_sec as easily as timeout_add.
this also fixes an issue with an nd_defrouter expire which was incorrectly scaled with ticks in a comparison.
ok mpi@
|
#
1.59 |
|
30-May-2016 |
dlg |
remove code compensating for the "short" range of timeouts.
the nd6 code for managing expiries is never asked to handle intervals greater than what timeouts can handle, so we dont need to overcompensate.
the code was also incorrect by using a long, which isnt that long on ILP32 machines.
ok mpi@ millert@ benno@
|
#
1.58 |
|
30-Mar-2016 |
mpi |
Implement proxy ARP for ART based on mpath support.
Since mpath is not enabled in RAMDISK, proxy ARP won't work there either.
ok bluhm@
|
#
1.57 |
|
03-Mar-2016 |
jca |
Kill IPv6 prefix and router renumbering ioctls.
Router renumbering was never supported, prefix ioctls were deprecated ~15 years ago. Move some items in netinet6/nd6.h where they are still used.
ok mikeb@ mpi@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.56 |
|
18-Dec-2015 |
tb |
Convert arc4random() to arc4random_uniorm(). Diff by Matthew Martin.
Ensure that arc4random_uniform() doesn't loop by redefining ND6_MAX_DESYNC_FACTOR to be 512, the largest power of two smaller than the RFC-specified 600 seconds. Suggested by florian@ and deraadt@
ok florian@, sthen@ in this form, arc4random change ok djm@, tedu@
|
#
1.55 |
|
06-Nov-2015 |
mpi |
Change nd6_nud_hint() to no longer manipulate rt_ifp directly.
While here remove unused argument and convert the route check to rtisvalid(9).
ok bluhm@
|
#
1.54 |
|
02-Nov-2015 |
bluhm |
Implement the list of nd6 llinfo entries with a TAILQ. OK millert@ mpi@
|
#
1.53 |
|
02-Nov-2015 |
mpi |
Prefer an existing refcounted ``ifp'' to rt_ifp when possible or use the interface index directly.
ok bluhm@
|
#
1.52 |
|
28-Oct-2015 |
florian |
Remove linkmtu and maxmtu from struct nd_ifinfo. IN6_LINKMTU can now die and ifp->if_mtu is the one true mtu. Suggested by and OK mpi@
|
#
1.51 |
|
25-Oct-2015 |
mpi |
Introduce if_rtrequest() the successor of ifa_rtrequest().
L2 resolution depends on the protocol (encoded in the route entry) and an ``ifp''. Not having to care about an ``ifa'' makes our life easier in our MP effort. Fewer dependencies between data structures implies fewer headaches.
Discussed with bluhm@, ok claudio@
|
#
1.50 |
|
24-Oct-2015 |
mpi |
Ignore Router Advertisment's current hop limit.
Appart from the usual inet6 axe murdering exercise to keep you fit, this allows us to get rid of a lot of layer violation due to the use of per- ifp variables to store the current hop limit.
Imputs from bluhm@, ok phessler@, florian@, bluhm@
|
#
1.49 |
|
31-Aug-2015 |
mpi |
The return value of nd6_cache_lladdr() is never used so make it a void.
Fewer "struct rtentry" left in the wild!
|
#
1.48 |
|
24-Aug-2015 |
mpi |
nd6_prefix_add() is no longer used and die.
|
#
1.47 |
|
24-Aug-2015 |
mpi |
Start moving away from the global prefix list by limiting its usage to AUTOCONF'd addresses.
This prevent the kernel from removing connected (/64) routes as soon as it configures an AUTOCONF'd address based on a RA.
Tested by sebastia@, ok sthen@
|
#
1.46 |
|
24-Aug-2015 |
mpi |
Rework the code to decide when to perform DAD to no longer rely on the IN6_IFF_NODAD pseudo-flag not being set.
This was just a flag for spaghetti code that should not exist in the first place.
Tested by sebastia@, ok sthen@
|
#
1.45 |
|
18-Aug-2015 |
mpi |
Call rtfree(9) when we no longer need the route entry rather than decrementing rt_refcnt just after rtrequest1(9).
While here reduce the differences with rt_ifa_add(9). There's still an ambiguity about rtrequest1(9)'s return value, but bluhm@ will address that in a different diff.
Discussed with and ok bluhm@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.44 |
|
18-Jul-2015 |
mpi |
Merge two identical chunks to add new prefixes to the global data structures into a function.
ok florian@
|
#
1.43 |
|
16-Jul-2015 |
mpi |
Properly layer Router Solicitation code.
Tweak and ok florian@
|
#
1.42 |
|
09-Jul-2015 |
mpi |
Remove unused arguments and the associated code from nd6_nud_hint().
ok claudio@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.41 |
|
20-Nov-2014 |
mpi |
Rework the handling of interfaces and IPv6 addresses for local delivery.
- Unicast packets sent to any local address will have their interface set to loobpack.
- In order to differentiate traffic from interfaces having identical link-local addresses, provide the scoped addresses to pf(4).
- Update the icmp6 state lookup logic to match scoped MLL addresses.
- Remove a shortcut in ip6_input() that bypasses pf and always look for an RTF_LOCAL route.
Packets sent to multicast addresses still retain their original interface due to the fact that local multicast packet delivering does not use if_output.
This makes ping6 to link-local addresses work even with pf enabled and "set skip" on loopbacks, reported by Pieter Verberne.
Debugged, analysed and tested with mikeb@.
ok mikeb@, henning@, sthen@
|
#
1.40 |
|
10-Nov-2014 |
mpi |
Do not pass an ifa pointer when we already have a DAD descriptor.
Tweaks and ok florian@
|
#
1.39 |
|
25-Aug-2014 |
florian |
Move sending of router solicitations to the kernel; receiving and processing of router advertisements was already in the kernel. With this rtsol{,d}(8) is no longer necessary.
The kernel starts sending solicitations with # ifconfig $IF inet6 autoconf or inet6 autoconf in /etc/hostname.$IF.
input stsp@ much help & OK mpi@ tweaks & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.38 |
|
11-Jul-2014 |
blambert |
move IPv6 prefix adding from workq to taskq; as a happy benefit, we can delete 2 dozen or so lines that check to see if we've queued up a prefix addition multiple times.
ok stsp@
|
#
1.37 |
|
07-May-2014 |
mpi |
Kill the {nd6_,}useloopback buttons, using the loopback interface for local traffic is not optional.
ok mikeb@, stsp@, jca@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.36 |
|
07-Jan-2014 |
mikeb |
Propagate an rdomain number to the nd6_lookup independently from the ifp pointer which can be NULL. This prevents a crash reported by David Hill <dhill at mindcry ! org>. OK bluhm
|
#
1.35 |
|
25-Oct-2013 |
deraadt |
More _KERNEL namespace cleanup, just in case something out there includes this.
|
#
1.34 |
|
28-Aug-2013 |
mpi |
Remove unused argument from *rtrequest()
ok krw@, mikeb@
|
#
1.33 |
|
26-Aug-2013 |
bluhm |
No one uses the obsolete IPv6 ioctls SIOCGDRLST_IN6, SIOCGPRLST_IN6, OSIOCGIFINFO_IN6 anymore. Remove them together with the structs in6_drlist, in6_oprlist, in6_prlist, in6_ondireq and the kernel implementation. OK mikeb@ henning@
|
#
1.32 |
|
11-Aug-2013 |
bluhm |
To control the lifetime of IPv6 addresses, prefixes and default routers, the kernel and ndp use a bunch of expire fields. Before they were int or u_long, convert expire to time_t in all structs. Move vltime and pltime to u_int32_t everywhere. Sort struct fields by size. Struct inet6_ndpr_msghdr is not used at all, so remove it.
Binary compatibility of rtsold and ndp break with this change as rtsold uses in6_drlist and ndp uses in6_defrouter and in6_prefix to interact with the kernel.
OK mpi@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.31 |
|
01-Jul-2013 |
bluhm |
Do not access queue fields directly, use FOREACH() macro instead. No binary change. OK mikeb@ mpi@
|
#
1.30 |
|
11-Mar-2013 |
mpi |
Remove unused code manipulating a default interface and its index, This is a leftover from the on-link assumption behavior removal, which has been deprecated by RFC4861 anyway.
ok mikeb@, bluhm@, florian@
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.29 |
|
14-Feb-2012 |
sthen |
typo in comment.
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.28 |
|
03-Apr-2011 |
stsp |
fix typos in comments ok deraadt henning sthen thib (though thib says he can't spell)
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE
|
#
1.27 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE
|
#
1.26 |
|
11-Jun-2008 |
mcbride |
From KAME, allow adjustable limits on NDP entries and discovered routes.
ok mpf naddy
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.25 |
|
08-Jul-2003 |
itojun |
unifdef -U__otherBSD__
|
#
1.24 |
|
27-Jun-2003 |
itojun |
split ND6 cache timer management to per-entry. increased accuracy, no O(N) loop. sync w/ kame. marc tested, daniel ok
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_A UBC_SYNC_B
|
#
1.23 |
|
08-Jun-2002 |
itojun |
gc
|
#
1.22 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.21 |
|
07-Jun-2002 |
itojun |
cope with cases where maxmtu == 0 (shouldn't happen)
|
#
1.20 |
|
05-Jun-2002 |
itojun |
be sure to use L3 MTU, not L2 MTU, when specified in spec (affects FDDI/ARCnet)
|
#
1.19 |
|
30-May-2002 |
itojun |
improve nd6_setmtu(), to warn too-small MTU on SIOCSIFMTU. sync w/kame
|
#
1.18 |
|
29-May-2002 |
itojun |
no need to supply obsolete field name "receivedra"
|
#
1.17 |
|
29-May-2002 |
itojun |
attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.16 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
#
1.15 |
|
23-Jan-2002 |
fgsch |
compatability -> compatibility.
|
Revision tags: OPENBSD_2_9_BASE OPENBSD_3_0_BASE UBC_BASE
|
#
1.14 |
|
23-Feb-2001 |
itojun |
branches: 1.14.6; garbage-collect stale ND entries (default: 1 day). RFC 2461 5.3. sync with kame.
|
#
1.13 |
|
23-Feb-2001 |
itojun |
remove unnecessary state, ND6_LLINFO_WAITDELETE, from neighbor cache state machine. no need for RTF_REJECT on neighbor cache entires, they are leftover from ARP code. sync with kame.
|
#
1.12 |
|
08-Feb-2001 |
itojun |
when chasing nd6_llinfo chain, make sure we do not touch dangling pointer (due to RTM_DELETE during default router list management). from kame
|
#
1.11 |
|
08-Feb-2001 |
itojun |
use timeout_xx() throughout sys/netinet6. sync with kame.
|
#
1.10 |
|
07-Feb-2001 |
itojun |
by default, don't bark on inbound ND messages, as outsider may be able to fill up /var with bogus packets. setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid ND packet and other occasions.
improve icmp6 stats.
|
#
1.9 |
|
19-Jan-2001 |
itojun |
pull post-4.4BSD change to sys/net/route.c from BSD/OS 4.2 (UCB copyrighted).
have sys/net/route.c:rtrequest1(), which takes rt_addrinfo * as the argument. pass rt_addrinfo all the way down to rtrequest, and ifa->ifa_rtrequest. 3rd arg of ifa->ifa_rtrequest is now rt_addrinfo * instead of sockaddr * (almost noone is using it anyways).
benefit: the follwoing command now works. previously we need two route(8) invocations, "add" then "change". # route add -inet6 default ::1 -ifp gif0
remove unsafe typecast in rtrequest(), from rtentry * to sockaddr *. it was introduced by 4.3BSD-reno and never corrected.
XXX is eon_rtrequest() change correct regarding to 3rd arg? eon_rtrequest() and rtrequest() were incorrect since 4.3BSD-reno, so i do not have correct answer in the source code. someone with more clue about netiso-over-ip, please help.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.8 |
|
06-Jul-2000 |
itojun |
- more icmp6/ip6 stats. - protect IPv6 ND from being hosed (due to neighbor unreachability detection hint) by wrong tcp traffic. still not sure if there's real attack, but it is good to be cautious. - avoid bitfield for router renumbering header decl. - implement packet-per-sec limitation for icmp6 errors, turn interval limit off (it is not very useful due to unix timer resolution).
|
#
1.7 |
|
19-May-2000 |
itojun |
never forward packet with link-local address. experimental support for new loopback packet handling (with FAKE_LOOPBACK_IF, rcvif will be set to real outgoing interface, not the loopback, to honor scope) sync with kame.
|
#
1.6 |
|
15-May-2000 |
itojun |
perform NUD on p2p link, only if the destination/gateway is real neighbor. this removes temporary workaround (no NUD on p2p link). KAME PR 245.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.5 |
|
17-Apr-2000 |
itojun |
revisit in6_ifattach(). (1) make it more persistent about initializaing an interface (2) cleanup interface id selection. run NUD on p2p interface (required by spec for bidir p2p interface). add "ndp -i interface" (can tweak per-interface ND flag). (sync with more recent kame)
|
#
1.4 |
|
28-Feb-2000 |
itojun |
bring in recent KAME changes (only important and stable ones, as usual). - remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works just like "arp -s". - revise source address selection. be more careful about use of yet-to-be-valid addresses as source. - as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope packet forwarding attempt. - path MTU discovery takes care of routing header properly. - be more strict about mbuf chain parsing. - nuke xxCTL_VARS #define, they are for BSDI. - disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit IPv6 model where multiple address on interface is normal. (kernel side supports them for a while for backward compat, the support will be nuked shortly) - introduce "default outgoing interface" (for spec conformance in very rare case)
|
Revision tags: SMP_BASE
|
#
1.3 |
|
04-Feb-2000 |
itojun |
branches: 1.3.2; more coverage of in6_ifdetach()'s cleanup process. bug fix in SIOCGIFADDR_IN6 (point to point case).
|
#
1.2 |
|
08-Jan-2000 |
deraadt |
use arc4random() instead of random for two reasons. 1) on some architectures, random() should only be used by the scheduler (ie. statintr() because it is uniformly distributed 2) arc4random() is actually strong, random() is not at all
|
Revision tags: kame_19991208
|
#
1.1 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|
#
1.74 |
|
27-Nov-2017 |
mpi |
Use a single timer for all ND6 entries.
This prevents a use-after-free reported by Hrvoje Popovski where the timeout function was already sleeping on the NET_LOCK() when ifconfig(8) removed the enry from the table.
By iterating on a global list in the timeout routine we ensure that the items are still valid when we process them. This also reduce differences with ARP.
ok bluhm@, visa@
|
#
1.73 |
|
03-Nov-2017 |
florian |
We are processing Router Solicitation / Advertisement messages only for the Source Link-layer Address Options. Merge nd6_rs_input() and nd6_ra_input() into one generic function that does just that.
input & OK mpi
|
Revision tags: OPENBSD_6_2_BASE
|
#
1.72 |
|
09-Aug-2017 |
florian |
Remove knob and always do neighbor unreachable detection.
|
#
1.71 |
|
09-Aug-2017 |
florian |
accept_rtadv doesn't do anything since some time. OK mpi
|
#
1.70 |
|
09-Aug-2017 |
florian |
We are no longer generating privacy addresses in the kernel. OK mpi
|
#
1.69 |
|
08-Aug-2017 |
florian |
Stop running nd6_expire every second. We know when pltime or vltime decrease to zero. Run nd6_expire then. Input & OK mpi, bluhm
|
#
1.68 |
|
12-Jul-2017 |
florian |
Get rid of ICMPV6CTL_ND6_DRLIST and ICMPV6CTL_ND6_PRLIST sysctls With this we can also get rid of in6_prefix and in6_defrouter. They are meaningless, the kernel no longer tracks this information.
Pointed out by & OK mpi
|
#
1.67 |
|
11-Jul-2017 |
florian |
Purging is at last at hand. Day of Doom is here. All that is evil shall all be cleansed.
Remove sending of router solicitations and processing of router advertisements from the kernel. It's handled by slaacd(8) these days.
Input & OK bluhm@, mpi@
|
Revision tags: OPENBSD_6_1_BASE
|
#
1.66 |
|
27-Dec-2016 |
bluhm |
Move nd6 timer initialisation to nd6_init() and call timeout_set() only once during init. OK mpi@
|
#
1.65 |
|
28-Nov-2016 |
mpi |
Remove multiple recursive splsoftnet().
ok bluhm@
|
#
1.64 |
|
21-Nov-2016 |
mpi |
Assert that prelist_update() is always called at IPL_SOFTNET.
While here use __func__ in debug strings to reduce noise when grepping.
|
Revision tags: OPENBSD_6_0_BASE
|
#
1.63 |
|
13-Jul-2016 |
dlg |
store nd6 expiries in the route, not separately in the llinfo struct.
this makes it more consistent with arp, and makes expiries visible via route(8) get as well as ndp(8).
ok mpi@ florian@
|
#
1.62 |
|
15-Jun-2016 |
mpi |
Kill nd6_output(), it doesn't do anything since the resolution logic has been moved to nd6_resolve().
ok visa@, millert@, florian@, sthen@
|
#
1.61 |
|
08-Jun-2016 |
mpi |
Move ND resoluton logic from nd6_output() to nd6_storelladdr() and rename it to nd6_resolve().
This allows us to get rid of non-Ethernet hacks by moving Ethernet specific logic in the appropriate layer.
ok sthen@
|
#
1.60 |
|
01-Jun-2016 |
dlg |
make nd6_llinfo_settimer take seconds instead of ticks.
most callers are working in seconds, internally it uses seconds, and you can call timeout_add_sec as easily as timeout_add.
this also fixes an issue with an nd_defrouter expire which was incorrectly scaled with ticks in a comparison.
ok mpi@
|
#
1.59 |
|
30-May-2016 |
dlg |
remove code compensating for the "short" range of timeouts.
the nd6 code for managing expiries is never asked to handle intervals greater than what timeouts can handle, so we dont need to overcompensate.
the code was also incorrect by using a long, which isnt that long on ILP32 machines.
ok mpi@ millert@ benno@
|
#
1.58 |
|
30-Mar-2016 |
mpi |
Implement proxy ARP for ART based on mpath support.
Since mpath is not enabled in RAMDISK, proxy ARP won't work there either.
ok bluhm@
|
#
1.57 |
|
03-Mar-2016 |
jca |
Kill IPv6 prefix and router renumbering ioctls.
Router renumbering was never supported, prefix ioctls were deprecated ~15 years ago. Move some items in netinet6/nd6.h where they are still used.
ok mikeb@ mpi@
|
Revision tags: OPENBSD_5_9_BASE
|
#
1.56 |
|
18-Dec-2015 |
tb |
Convert arc4random() to arc4random_uniorm(). Diff by Matthew Martin.
Ensure that arc4random_uniform() doesn't loop by redefining ND6_MAX_DESYNC_FACTOR to be 512, the largest power of two smaller than the RFC-specified 600 seconds. Suggested by florian@ and deraadt@
ok florian@, sthen@ in this form, arc4random change ok djm@, tedu@
|
#
1.55 |
|
06-Nov-2015 |
mpi |
Change nd6_nud_hint() to no longer manipulate rt_ifp directly.
While here remove unused argument and convert the route check to rtisvalid(9).
ok bluhm@
|
#
1.54 |
|
02-Nov-2015 |
bluhm |
Implement the list of nd6 llinfo entries with a TAILQ. OK millert@ mpi@
|
#
1.53 |
|
02-Nov-2015 |
mpi |
Prefer an existing refcounted ``ifp'' to rt_ifp when possible or use the interface index directly.
ok bluhm@
|
#
1.52 |
|
28-Oct-2015 |
florian |
Remove linkmtu and maxmtu from struct nd_ifinfo. IN6_LINKMTU can now die and ifp->if_mtu is the one true mtu. Suggested by and OK mpi@
|
#
1.51 |
|
25-Oct-2015 |
mpi |
Introduce if_rtrequest() the successor of ifa_rtrequest().
L2 resolution depends on the protocol (encoded in the route entry) and an ``ifp''. Not having to care about an ``ifa'' makes our life easier in our MP effort. Fewer dependencies between data structures implies fewer headaches.
Discussed with bluhm@, ok claudio@
|
#
1.50 |
|
24-Oct-2015 |
mpi |
Ignore Router Advertisment's current hop limit.
Appart from the usual inet6 axe murdering exercise to keep you fit, this allows us to get rid of a lot of layer violation due to the use of per- ifp variables to store the current hop limit.
Imputs from bluhm@, ok phessler@, florian@, bluhm@
|
#
1.49 |
|
31-Aug-2015 |
mpi |
The return value of nd6_cache_lladdr() is never used so make it a void.
Fewer "struct rtentry" left in the wild!
|
#
1.48 |
|
24-Aug-2015 |
mpi |
nd6_prefix_add() is no longer used and die.
|
#
1.47 |
|
24-Aug-2015 |
mpi |
Start moving away from the global prefix list by limiting its usage to AUTOCONF'd addresses.
This prevent the kernel from removing connected (/64) routes as soon as it configures an AUTOCONF'd address based on a RA.
Tested by sebastia@, ok sthen@
|
#
1.46 |
|
24-Aug-2015 |
mpi |
Rework the code to decide when to perform DAD to no longer rely on the IN6_IFF_NODAD pseudo-flag not being set.
This was just a flag for spaghetti code that should not exist in the first place.
Tested by sebastia@, ok sthen@
|
#
1.45 |
|
18-Aug-2015 |
mpi |
Call rtfree(9) when we no longer need the route entry rather than decrementing rt_refcnt just after rtrequest1(9).
While here reduce the differences with rt_ifa_add(9). There's still an ambiguity about rtrequest1(9)'s return value, but bluhm@ will address that in a different diff.
Discussed with and ok bluhm@
|
Revision tags: OPENBSD_5_8_BASE
|
#
1.44 |
|
18-Jul-2015 |
mpi |
Merge two identical chunks to add new prefixes to the global data structures into a function.
ok florian@
|
#
1.43 |
|
16-Jul-2015 |
mpi |
Properly layer Router Solicitation code.
Tweak and ok florian@
|
#
1.42 |
|
09-Jul-2015 |
mpi |
Remove unused arguments and the associated code from nd6_nud_hint().
ok claudio@
|
Revision tags: OPENBSD_5_7_BASE
|
#
1.41 |
|
20-Nov-2014 |
mpi |
Rework the handling of interfaces and IPv6 addresses for local delivery.
- Unicast packets sent to any local address will have their interface set to loobpack.
- In order to differentiate traffic from interfaces having identical link-local addresses, provide the scoped addresses to pf(4).
- Update the icmp6 state lookup logic to match scoped MLL addresses.
- Remove a shortcut in ip6_input() that bypasses pf and always look for an RTF_LOCAL route.
Packets sent to multicast addresses still retain their original interface due to the fact that local multicast packet delivering does not use if_output.
This makes ping6 to link-local addresses work even with pf enabled and "set skip" on loopbacks, reported by Pieter Verberne.
Debugged, analysed and tested with mikeb@.
ok mikeb@, henning@, sthen@
|
#
1.40 |
|
10-Nov-2014 |
mpi |
Do not pass an ifa pointer when we already have a DAD descriptor.
Tweaks and ok florian@
|
#
1.39 |
|
25-Aug-2014 |
florian |
Move sending of router solicitations to the kernel; receiving and processing of router advertisements was already in the kernel. With this rtsol{,d}(8) is no longer necessary.
The kernel starts sending solicitations with # ifconfig $IF inet6 autoconf or inet6 autoconf in /etc/hostname.$IF.
input stsp@ much help & OK mpi@ tweaks & OK bluhm@
|
Revision tags: OPENBSD_5_6_BASE
|
#
1.38 |
|
11-Jul-2014 |
blambert |
move IPv6 prefix adding from workq to taskq; as a happy benefit, we can delete 2 dozen or so lines that check to see if we've queued up a prefix addition multiple times.
ok stsp@
|
#
1.37 |
|
07-May-2014 |
mpi |
Kill the {nd6_,}useloopback buttons, using the loopback interface for local traffic is not optional.
ok mikeb@, stsp@, jca@
|
Revision tags: OPENBSD_5_5_BASE
|
#
1.36 |
|
07-Jan-2014 |
mikeb |
Propagate an rdomain number to the nd6_lookup independently from the ifp pointer which can be NULL. This prevents a crash reported by David Hill <dhill at mindcry ! org>. OK bluhm
|
#
1.35 |
|
25-Oct-2013 |
deraadt |
More _KERNEL namespace cleanup, just in case something out there includes this.
|
#
1.34 |
|
28-Aug-2013 |
mpi |
Remove unused argument from *rtrequest()
ok krw@, mikeb@
|
#
1.33 |
|
26-Aug-2013 |
bluhm |
No one uses the obsolete IPv6 ioctls SIOCGDRLST_IN6, SIOCGPRLST_IN6, OSIOCGIFINFO_IN6 anymore. Remove them together with the structs in6_drlist, in6_oprlist, in6_prlist, in6_ondireq and the kernel implementation. OK mikeb@ henning@
|
#
1.32 |
|
11-Aug-2013 |
bluhm |
To control the lifetime of IPv6 addresses, prefixes and default routers, the kernel and ndp use a bunch of expire fields. Before they were int or u_long, convert expire to time_t in all structs. Move vltime and pltime to u_int32_t everywhere. Sort struct fields by size. Struct inet6_ndpr_msghdr is not used at all, so remove it.
Binary compatibility of rtsold and ndp break with this change as rtsold uses in6_drlist and ndp uses in6_defrouter and in6_prefix to interact with the kernel.
OK mpi@
|
Revision tags: OPENBSD_5_4_BASE
|
#
1.31 |
|
01-Jul-2013 |
bluhm |
Do not access queue fields directly, use FOREACH() macro instead. No binary change. OK mikeb@ mpi@
|
#
1.30 |
|
11-Mar-2013 |
mpi |
Remove unused code manipulating a default interface and its index, This is a leftover from the on-link assumption behavior removal, which has been deprecated by RFC4861 anyway.
ok mikeb@, bluhm@, florian@
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE
|
#
1.29 |
|
14-Feb-2012 |
sthen |
typo in comment.
|
Revision tags: OPENBSD_5_0_BASE OPENBSD_5_1_BASE
|
#
1.28 |
|
03-Apr-2011 |
stsp |
fix typos in comments ok deraadt henning sthen thib (though thib says he can't spell)
|
Revision tags: OPENBSD_4_8_BASE OPENBSD_4_9_BASE
|
#
1.27 |
|
06-Apr-2010 |
stsp |
Simple implementation of RFC4941, "Privacy Extensions for Stateless Address Autoconfiguration in IPv6". For those among us who are paranoid about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
Revision tags: OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE
|
#
1.26 |
|
11-Jun-2008 |
mcbride |
From KAME, allow adjustable limits on NDP entries and discovered routes.
ok mpf naddy
|
Revision tags: OPENBSD_3_4_BASE OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE SMP_SYNC_A SMP_SYNC_B
|
#
1.25 |
|
08-Jul-2003 |
itojun |
unifdef -U__otherBSD__
|
#
1.24 |
|
27-Jun-2003 |
itojun |
split ND6 cache timer management to per-entry. increased accuracy, no O(N) loop. sync w/ kame. marc tested, daniel ok
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE UBC_SYNC_A UBC_SYNC_B
|
#
1.23 |
|
08-Jun-2002 |
itojun |
gc
|
#
1.22 |
|
08-Jun-2002 |
itojun |
sync with latest KAME in6_ifaddr/prefix/default router manipulation. behavior changes: - two iocts used by ndp(8) are now obsolete (backward compat provided). use sysctl path instead. - lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
#
1.21 |
|
07-Jun-2002 |
itojun |
cope with cases where maxmtu == 0 (shouldn't happen)
|
#
1.20 |
|
05-Jun-2002 |
itojun |
be sure to use L3 MTU, not L2 MTU, when specified in spec (affects FDDI/ARCnet)
|
#
1.19 |
|
30-May-2002 |
itojun |
improve nd6_setmtu(), to warn too-small MTU on SIOCSIFMTU. sync w/kame
|
#
1.18 |
|
29-May-2002 |
itojun |
no need to supply obsolete field name "receivedra"
|
#
1.17 |
|
29-May-2002 |
itojun |
attach nd_ifinfo structure to if_afdata. split IPv6 MTU (advertised by RA) from real link MTU. sync with kame
|
Revision tags: OPENBSD_3_1_BASE
|
#
1.16 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
#
1.15 |
|
23-Jan-2002 |
fgsch |
compatability -> compatibility.
|
Revision tags: OPENBSD_2_9_BASE OPENBSD_3_0_BASE UBC_BASE
|
#
1.14 |
|
23-Feb-2001 |
itojun |
branches: 1.14.6; garbage-collect stale ND entries (default: 1 day). RFC 2461 5.3. sync with kame.
|
#
1.13 |
|
23-Feb-2001 |
itojun |
remove unnecessary state, ND6_LLINFO_WAITDELETE, from neighbor cache state machine. no need for RTF_REJECT on neighbor cache entires, they are leftover from ARP code. sync with kame.
|
#
1.12 |
|
08-Feb-2001 |
itojun |
when chasing nd6_llinfo chain, make sure we do not touch dangling pointer (due to RTM_DELETE during default router list management). from kame
|
#
1.11 |
|
08-Feb-2001 |
itojun |
use timeout_xx() throughout sys/netinet6. sync with kame.
|
#
1.10 |
|
07-Feb-2001 |
itojun |
by default, don't bark on inbound ND messages, as outsider may be able to fill up /var with bogus packets. setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid ND packet and other occasions.
improve icmp6 stats.
|
#
1.9 |
|
19-Jan-2001 |
itojun |
pull post-4.4BSD change to sys/net/route.c from BSD/OS 4.2 (UCB copyrighted).
have sys/net/route.c:rtrequest1(), which takes rt_addrinfo * as the argument. pass rt_addrinfo all the way down to rtrequest, and ifa->ifa_rtrequest. 3rd arg of ifa->ifa_rtrequest is now rt_addrinfo * instead of sockaddr * (almost noone is using it anyways).
benefit: the follwoing command now works. previously we need two route(8) invocations, "add" then "change". # route add -inet6 default ::1 -ifp gif0
remove unsafe typecast in rtrequest(), from rtentry * to sockaddr *. it was introduced by 4.3BSD-reno and never corrected.
XXX is eon_rtrequest() change correct regarding to 3rd arg? eon_rtrequest() and rtrequest() were incorrect since 4.3BSD-reno, so i do not have correct answer in the source code. someone with more clue about netiso-over-ip, please help.
|
Revision tags: OPENBSD_2_8_BASE
|
#
1.8 |
|
06-Jul-2000 |
itojun |
- more icmp6/ip6 stats. - protect IPv6 ND from being hosed (due to neighbor unreachability detection hint) by wrong tcp traffic. still not sure if there's real attack, but it is good to be cautious. - avoid bitfield for router renumbering header decl. - implement packet-per-sec limitation for icmp6 errors, turn interval limit off (it is not very useful due to unix timer resolution).
|
#
1.7 |
|
19-May-2000 |
itojun |
never forward packet with link-local address. experimental support for new loopback packet handling (with FAKE_LOOPBACK_IF, rcvif will be set to real outgoing interface, not the loopback, to honor scope) sync with kame.
|
#
1.6 |
|
15-May-2000 |
itojun |
perform NUD on p2p link, only if the destination/gateway is real neighbor. this removes temporary workaround (no NUD on p2p link). KAME PR 245.
|
Revision tags: OPENBSD_2_7_BASE
|
#
1.5 |
|
17-Apr-2000 |
itojun |
revisit in6_ifattach(). (1) make it more persistent about initializaing an interface (2) cleanup interface id selection. run NUD on p2p interface (required by spec for bidir p2p interface). add "ndp -i interface" (can tweak per-interface ND flag). (sync with more recent kame)
|
#
1.4 |
|
28-Feb-2000 |
itojun |
bring in recent KAME changes (only important and stable ones, as usual). - remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works just like "arp -s". - revise source address selection. be more careful about use of yet-to-be-valid addresses as source. - as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope packet forwarding attempt. - path MTU discovery takes care of routing header properly. - be more strict about mbuf chain parsing. - nuke xxCTL_VARS #define, they are for BSDI. - disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit IPv6 model where multiple address on interface is normal. (kernel side supports them for a while for backward compat, the support will be nuked shortly) - introduce "default outgoing interface" (for spec conformance in very rare case)
|
Revision tags: SMP_BASE
|
#
1.3 |
|
04-Feb-2000 |
itojun |
branches: 1.3.2; more coverage of in6_ifdetach()'s cleanup process. bug fix in SIOCGIFADDR_IN6 (point to point case).
|
#
1.2 |
|
08-Jan-2000 |
deraadt |
use arc4random() instead of random for two reasons. 1) on some architectures, random() should only be used by the scheduler (ie. statintr() because it is uniformly distributed 2) arc4random() is actually strong, random() is not at all
|
Revision tags: kame_19991208
|
#
1.1 |
|
08-Dec-1999 |
itojun |
bring in KAME IPv6 code, dated 19991208. replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
|