| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
ok benno@ mortimer@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
from a neighbor's address. Sthen@ dug out RFC 4861 4.4 that says that
the source address is "An address assigned to the interface from which
the advertisement is sent." -- which can be from a network that the
receiver does not know about. Indeed my provider sends such a neighbor
advertisment for my default gateway, which breaks my uplink.
Claudio@ added this check for symetry with NetBSD code when he added
the same check to nd6_ns_input(), where it is needed to fix
CVE-2008-2476. See also OpenBSD 4.2 errata 15.
ok claudio@, kn@
|
| |
|
|
|
| |
of some complicated match to convert them to ticks.
OK visa@ bluhm@ kn@
|
| |
|
|
|
|
| |
carp interface. Move the check to the beginning of the function to
make it clear that there are no other side effects happening.
OK claudio
|
| |
|
|
|
|
| |
possible. Because of an optional payload maxlen bytes are used on the
m_align so that there is always enough space.
OK florian@
|
| |
|
|
|
|
|
|
|
|
| |
an attribute of an address is changed.
For now it's used when IPv6 duplicate address detection finishes.
With this slaacd(8) can find out if a configured address is not
duplicated without the need to poll.
OK phessler, benno, claudio
|
| |
|
|
| |
ok visa@, tb@
|
| |
|
|
|
|
|
| |
They have the same functionnality since friehm@ cleaned up
balancing code.
ok florian@, visa@, patrick@, bluhm@, jmatthew@
|
| |
|
|
| |
Tested by Hrvoje Popovski, ok bluhm@
|
| |
|
|
|
|
| |
rtdeletemsg().
ok bluhm@
|
| |
|
|
|
|
|
|
|
| |
shall all be cleansed.
Remove sending of router solicitations and processing of router
advertisements from the kernel. It's handled by slaacd(8) these days.
Input & OK bluhm@, mpi@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
send it with a link local source address as well.
This helps upstream routers with their own source address
selection.
A reoccurring scenario is:
- gateway on fe80::1%if
- the gateway does not have an IP in the same prefix as our global address
When we want to talk to the outside world we first need to resolve the
gateway. We copy the source address from our outgoing packet to the
neighbor solicitation packet (a global address) and ask for layer2
information of a link local address.
The upstream router now needs to do source address selection of it's
own. Since we are coming from a global address and there is no address
from the same prefix the router uses another global address lying
around.
We then drop this with "ND packet from non-neighbor".
Reported over the years by a few people, most recently by Marc Peters
on bugs@ who confirmed that this fixes the problem.
OK stsp@, mpi@
|
| |
|
|
|
|
| |
The same notification is already present in ARP.
From Jan Klemkow, ok bluhm@
|
| |
|
|
| |
ok visa@
|
| |
|
|
| |
ok mpi@
|
| |
|
|
|
|
|
|
| |
send if the mbuf contains the complete IPv6 header. The old check
was wrong, it required one additional octet after the header. So
the source address selection was depending on the layout of the
mbuf chain.
OK mpi@
|
| |
|
|
|
|
| |
NET_LOCK().
ok bluhm@
|
| | |
|
| |
|
|
| |
ok bluhm@
|
| |
|
|
|
|
|
|
| |
routines.
This is another little step towards deprecating 'struct route{,_in6}'.
ok bluhm@
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Reported by Heiko on bugs@.
ok stsp@, claudio@
|
| |
|
|
|
|
| |
convert in_selectsrc() prototype to match.
Ok bluhm@ mpi@.
|
| | |
|
| |
|
|
|
|
| |
has been moved to nd6_resolve().
ok visa@, millert@, florian@, sthen@
|
| |
|
|
|
|
|
|
|
|
| |
most callers are working in seconds, internally it uses seconds, and
you can call timeout_add_sec as easily as timeout_add.
this also fixes an issue with an nd_defrouter expire which was
incorrectly scaled with ticks in a comparison.
ok mpi@
|
| |
|
|
| |
ok bluhm@ jca@
|
| | |
|
| |
|
|
|
|
|
| |
attached to a carp(4) or bridge(4) member, to not dereference rt_ifp
directly.
ok visa@
|
| |
|
|
|
|
|
|
|
| |
One of the keys of our MP work relies on making OpenBSD's kernel simpler!
In this case turning ARP processing MP-safe is quite complicated due to
the way carp(4) is hooked in arpinput() and nowadays you'd better run
kitchensinkd(9) anyway :)
ok bluhm@, claudio@, reyk@
|
| |
|
|
|
|
| |
interface index directly.
ok bluhm@
|
| |
|
|
|
|
| |
Instead of casts they check wether the incoming object has the
expected type. So introduce satosdl() and sdltosa() in the kernel.
OK mpi@
|
| |
|
|
|
|
| |
callers rtfree(9) it.
Inputs and ok bluhm@
|
| | |
|
| |
|
|
|
|
|
| |
ifpp - XXX: just for statistics
ifpp is always NULL in all callers so that statistic confirms ifpp is
dying
OK mpi@
|
| |
|
|
|
|
| |
The SIOCGIFSTAT_ICMP6 is no longer supported.
ok dlg@, mikeb@, claudio@
|
| |
|
|
|
|
|
|
|
| |
IN6_IFF_NODAD pseudo-flag not being set.
This was just a flag for spaghetti code that should not exist in the
first place.
Tested by sebastia@, ok sthen@
|
| |
|
|
| |
ok phessler@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
receiving interface in the packet header of every mbuf.
The interface pointer should now be retrieved when necessary with
if_get(). If a NULL pointer is returned by if_get(), the interface
has probably been destroy/removed and the mbuf should be freed.
Such mechanism will simplify garbage collection of mbufs and limit
problems with dangling ifp pointers.
Tested by jmatthew@ and krw@, discussed with many.
ok mikeb@, bluhm@, dlg@
|
| |
|
|
|
|
|
| |
have any direct symbols used. Tested for indirect use by compiling
amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
| |
|
|
| |
Prodded by claudio@ and mikeb@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Output interface (port) selection for multicast traffic is not done via
route lookups. Instead the output ifp is registred when setsockopt(2)
is called with the IP{V6,}_MULTICAST_IF option. But since there is no
mechanism to invalidate such pointer stored in a pcb when an interface
is destroyed/removed, it might lead your kernel to fault.
Prevent a fault upon resume reported by frantisek holop, thanks!
ok mikeb@, claudio@
|
| |
|
|
| |
ok mikeb@, krw@, bluhm@, tedu@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- Unicast packets sent to any local address will have their interface
set to loobpack.
- In order to differentiate traffic from interfaces having identical
link-local addresses, provide the scoped addresses to pf(4).
- Update the icmp6 state lookup logic to match scoped MLL addresses.
- Remove a shortcut in ip6_input() that bypasses pf and always look
for an RTF_LOCAL route.
Packets sent to multicast addresses still retain their original
interface due to the fact that local multicast packet delivering
does not use if_output.
This makes ping6 to link-local addresses work even with pf enabled
and "set skip" on loopbacks, reported by Pieter Verberne.
Debugged, analysed and tested with mikeb@.
ok mikeb@, henning@, sthen@
|
| |
|
|
| |
to include that than rdnvar.h. ok deraadt dlg
|
| |
|
|
| |
Tweaks and ok florian@
|
| |
|
|
|
|
| |
functionnality instead of a mix of enable/disable.
ok bluhm@, jca@
|
| |
|
|
|
|
| |
kill the macro.
ok mikeb@, henning@
|
| |
|
|
| |
after discussions with beck deraadt kettenis.
|
nayden
benno
claudio
florian
mpi
jca
bluhm
vgross
dlg
chl
jsg
tedu