| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Fewer "struct rtentry" left in the wild!
|
| | |
|
| |
|
|
|
|
|
|
|
| |
AUTOCONF'd addresses.
This prevent the kernel from removing connected (/64) routes as soon as
it configures an AUTOCONF'd address based on a RA.
Tested by sebastia@, ok sthen@
|
| |
|
|
|
|
|
|
|
| |
IN6_IFF_NODAD pseudo-flag not being set.
This was just a flag for spaghetti code that should not exist in the
first place.
Tested by sebastia@, ok sthen@
|
| |
|
|
|
|
|
|
|
|
| |
decrementing rt_refcnt just after rtrequest1(9).
While here reduce the differences with rt_ifa_add(9). There's still
an ambiguity about rtrequest1(9)'s return value, but bluhm@ will
address that in a different diff.
Discussed with and ok bluhm@
|
| |
|
|
|
|
| |
structures into a function.
ok florian@
|
| |
|
|
| |
Tweak and ok florian@
|
| |
|
|
| |
ok claudio@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Unicast packets sent to any local address will have their interface
set to loobpack.
- In order to differentiate traffic from interfaces having identical
link-local addresses, provide the scoped addresses to pf(4).
- Update the icmp6 state lookup logic to match scoped MLL addresses.
- Remove a shortcut in ip6_input() that bypasses pf and always look
for an RTF_LOCAL route.
Packets sent to multicast addresses still retain their original
interface due to the fact that local multicast packet delivering
does not use if_output.
This makes ping6 to link-local addresses work even with pf enabled
and "set skip" on loopbacks, reported by Pieter Verberne.
Debugged, analysed and tested with mikeb@.
ok mikeb@, henning@, sthen@
|
| |
|
|
| |
Tweaks and ok florian@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
processing of router advertisements was already in the kernel.
With this rtsol{,d}(8) is no longer necessary.
The kernel starts sending solicitations with
# ifconfig $IF inet6 autoconf
or
inet6 autoconf
in /etc/hostname.$IF.
input stsp@
much help & OK mpi@
tweaks & OK bluhm@
|
| |
|
|
|
|
|
| |
can delete 2 dozen or so lines that check to see if we've queued
up a prefix addition multiple times.
ok stsp@
|
| |
|
|
|
|
| |
local traffic is not optional.
ok mikeb@, stsp@, jca@
|
| |
|
|
|
| |
the ifp pointer which can be NULL. This prevents a crash reported
by David Hill <dhill at mindcry ! org>. OK bluhm
|
| |
|
|
| |
includes this.
|
| |
|
|
| |
ok krw@, mikeb@
|
| |
|
|
|
|
|
| |
OSIOCGIFINFO_IN6 anymore. Remove them together with the structs
in6_drlist, in6_oprlist, in6_prlist, in6_ondireq and the kernel
implementation.
OK mikeb@ henning@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
routers, the kernel and ndp use a bunch of expire fields. Before
they were int or u_long, convert expire to time_t in all structs.
Move vltime and pltime to u_int32_t everywhere. Sort struct fields
by size. Struct inet6_ndpr_msghdr is not used at all, so remove
it.
Binary compatibility of rtsold and ndp break with this change as
rtsold uses in6_drlist and ndp uses in6_defrouter and in6_prefix
to interact with the kernel.
OK mpi@
|
| |
|
|
|
| |
No binary change.
OK mikeb@ mpi@
|
| |
|
|
|
|
|
| |
This is a leftover from the on-link assumption behavior removal,
which has been deprecated by RFC4861 anyway.
ok mikeb@, bluhm@, florian@
|
| | |
|
| |
|
|
| |
ok deraadt henning sthen thib (though thib says he can't spell)
|
| |
|
|
|
|
|
|
|
| |
Address Autoconfiguration in IPv6". For those among us who are paranoid
about broadcasting their MAC address to the IPv6 internet.
Man page help from jmc, testing by weerd, arc4random API hints from djm.
ok deraadt, claudio
|
| |
|
|
| |
ok mpf naddy
|
| | |
|
| |
|
|
| |
no O(N) loop. sync w/ kame. marc tested, daniel ok
|
| | |
|
| |
|
|
|
|
|
| |
behavior changes:
- two iocts used by ndp(8) are now obsolete (backward compat provided).
use sysctl path instead.
- lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
split IPv6 MTU (advertised by RA) from real link MTU.
sync with kame
|
| | |
|
| | |
|
| |
|
|
| |
RFC 2461 5.3. sync with kame.
|
| |
|
|
|
|
|
| |
state machine.
no need for RTF_REJECT on neighbor cache entires, they are leftover from
ARP code.
sync with kame.
|
| |
|
|
|
| |
pointer (due to RTM_DELETE during default router list management).
from kame
|
| | |
|
| |
|
|
|
|
|
|
| |
fill up /var with bogus packets.
setting net.inet6.icmp6.nd6_debug will re-enable kernel messages on invalid
ND packet and other occasions.
improve icmp6 stats.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
have sys/net/route.c:rtrequest1(), which takes rt_addrinfo * as the argument.
pass rt_addrinfo all the way down to rtrequest, and ifa->ifa_rtrequest.
3rd arg of ifa->ifa_rtrequest is now rt_addrinfo * instead of sockaddr *
(almost noone is using it anyways).
benefit: the follwoing command now works. previously we need two route(8)
invocations, "add" then "change".
# route add -inet6 default ::1 -ifp gif0
remove unsafe typecast in rtrequest(), from rtentry * to sockaddr *. it was
introduced by 4.3BSD-reno and never corrected.
XXX is eon_rtrequest() change correct regarding to 3rd arg?
eon_rtrequest() and rtrequest() were incorrect since 4.3BSD-reno,
so i do not have correct answer in the source code.
someone with more clue about netiso-over-ip, please help.
|
| |
|
|
|
|
|
|
|
| |
- protect IPv6 ND from being hosed (due to neighbor unreachability detection
hint) by wrong tcp traffic. still not sure if there's real attack, but
it is good to be cautious.
- avoid bitfield for router renumbering header decl.
- implement packet-per-sec limitation for icmp6 errors, turn interval
limit off (it is not very useful due to unix timer resolution).
|
| |
|
|
|
|
| |
experimental support for new loopback packet handling (with FAKE_LOOPBACK_IF,
rcvif will be set to real outgoing interface, not the loopback, to honor scope)
sync with kame.
|
| |
|
|
| |
this removes temporary workaround (no NUD on p2p link). KAME PR 245.
|
| |
|
|
|
|
|
| |
interface (2) cleanup interface id selection.
run NUD on p2p interface (required by spec for bidir p2p interface).
add "ndp -i interface" (can tweak per-interface ND flag).
(sync with more recent kame)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works
just like "arp -s".
- revise source address selection.
be more careful about use of yet-to-be-valid addresses as source.
- as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope
packet forwarding attempt.
- path MTU discovery takes care of routing header properly.
- be more strict about mbuf chain parsing.
- nuke xxCTL_VARS #define, they are for BSDI.
- disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit
IPv6 model where multiple address on interface is normal.
(kernel side supports them for a while for backward compat,
the support will be nuked shortly)
- introduce "default outgoing interface" (for spec conformance in very
rare case)
|
| |
|
|
| |
bug fix in SIOCGIFADDR_IN6 (point to point case).
|
| |
|
|
|
|
| |
1) on some architectures, random() should only be used by the scheduler
(ie. statintr() because it is uniformly distributed
2) arc4random() is actually strong, random() is not at all
|
|
|
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support.
see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine
as well, but you'll need KAME userland tools to play with IPv6 (will be
bringed into soon).
|
mpi
florian
blambert
mikeb
deraadt
bluhm
sthen
stsp
mcbride
itojun
millert
fgsch