summaryrefslogtreecommitdiffstats
path: root/sys/netinet6/raw_ipv6.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* witch raw ip6 socket code from NRL to kame.itojun2001-02-081-910/+0
| | | | makes upgrades/code sharing much easier.
* raw6/udp6 sockets are okay with :: in src.itojun2000-07-271-17/+2
|
* be proactive about unspecified IPv6 source address. pcb layer usesitojun2000-07-271-2/+18
| | | | | | | | | | | | | | | | | | | unspecified address (::) to mean "unbounded" or "unconnected", and can be confused by packets from outside. use of :: as source is not documented well in IPv6 specification. not sure if it presents a real threat. the worst case scenario is a DoS against TCP listening socket: - outsider transmit TCP SYN with :: as IPv6 source - receiving side creates TCP control block with: local address = my addres remote address = :: (meaning "unconnected") state = SYN_RCVD note that SYN ACK will not be sent due to ip6_output() filter. this stays until it timeouts. - the TCP control block prevents listening TCP control block from being contacted (DoS).
* enable setsockopt related to IPv6 multicast routing.itojun2000-07-131-3/+28
|
* fix KAME PR 261.itojun2000-06-211-3/+6
|
* more mbuf sanity checkitojun2000-06-181-8/+11
|
* KNFitojun2000-06-181-578/+584
|
* remove remains from NRL ipsec codeitojun2000-06-181-13/+2
|
* split long "if" case (cosmetic; preparation for KNF)itojun2000-06-181-6/+7
|
* sync with more recent kame.itojun2000-06-181-124/+103
| | | | updates scoped address handling and checksum option.
* comment out flowinfo manipulation on inbound. the spec is not very clear.itojun2000-06-131-2/+5
|
* plug an mbuf leakderaadt2000-05-131-5/+10
|
* allow compilation without -Ox. we may want to simplify #ifdefs more,itojun2000-04-301-3/+3
| | | | after 2.7 is out.
* - check raw socket icmp6 filter only if the packet is icmp6.itojun2000-02-281-3/+71
| | | | | | - allow setting raw socket icmp6 filter only if it is IPPROTO_ICMPV6 socket. (cmetz may object about above two items...) - add rip6_ctlinput, to flush cached router properly on redirects.
* bring in recent KAME changes (only important and stable ones, as usual).itojun2000-02-281-2/+3
| | | | | | | | | | | | | | | | | | - remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works just like "arp -s". - revise source address selection. be more careful about use of yet-to-be-valid addresses as source. - as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope packet forwarding attempt. - path MTU discovery takes care of routing header properly. - be more strict about mbuf chain parsing. - nuke xxCTL_VARS #define, they are for BSDI. - disable SIOCSIFDSTADDR_IN6/SIOCSIFNETMASK_IN6 ioctl, they do not fit IPv6 model where multiple address on interface is normal. (kernel side supports them for a while for backward compat, the support will be nuked shortly) - introduce "default outgoing interface" (for spec conformance in very rare case)
* fix include file path related to ip6.itojun2000-02-071-4/+4
|
* clarify rip6_ctloutput().itojun2000-01-051-60/+10
|
* be paranoid about malicious use of v4 mapped addr on v6 packet.itojun1999-12-211-2/+9
| | | | | | | | | malicious party may try to use v4 mapped addr as source/dest to confuse tcp/udp layer, or to bypass security checks, for example, naive stack can mistakingly think a packet with src = ::ffff:127.0.0.1 is from local node. (sync with kame)
* disallow AF mismatch on inbound.itojun1999-12-191-2/+4
|
* do not overwrite traffic class portion when filling in IPv6 version field.itojun1999-12-151-3/+4
|
* Change cast (and argument declaration) from int to u_long so itangelos1999-12-141-4/+4
| | | | compiles on alpha (janjaap@stack.nl)
* Remove remaining unnecessary ifdefs (itojun will hate me for this :-)angelos1999-12-101-7/+5
|
* Add RCS tags, remove unused header files and code, remove a fewangelos1999-12-101-301/+16
| | | | unnecessary ifdefs...
* bring in KAME IPv6 code, dated 19991208.itojun1999-12-081-179/+266
| | | | | | | | | replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support. see sys/netinet6/{TODO,IMPLEMENTATION} for more details. GENERIC configuration should work fine as before. GENERIC.v6 works fine as well, but you'll need KAME userland tools to play with IPv6 (will be bringed into soon).
* zap the newhashinit hack.art1999-04-281-3/+3
| | | | | Add an extra flag to hashinit telling if it should wait in malloc. update all calls to hashinit.
* Demangled the INET6 stuff so as not to require any extra options and not tocmetz1999-03-091-7/+13
| | | | be mutually exclusive with the IPSEC option.
* Synchronized changes needed to integrate into OpenBSD with the NRL sourcecmetz1999-02-241-7/+8
| | | | tree so we can have a unified netinet6 directory.
* first few files of NRL ipv6. This NRL release was officially exportedderaadt1999-01-061-0/+1059
to me by US DOD officials, with the crypto already removed.
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.