summaryrefslogtreecommitdiffstats
path: root/sys/netinet6 (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Convert ip{,6}_output() (cached) route entry checks to rtisvalid(9).mpi2015-09-011-8/+6
| | | | ok bluhm@
* The return value of nd6_cache_lladdr() is never used so make it a void.mpi2015-08-312-11/+8
| | | | Fewer "struct rtentry" left in the wild!
* Do not install connected routes on loopback interfaces.mpi2015-08-312-35/+31
| | | | | | | | Previously loopback connected routes were managed via the global list of prefixes, which mean that systems with AUTOCONF'd addresses did not see them in the routing table. This also makes inet6 route creation coherent with inet.
* Compute the checksum before looping back the copy of a multicast packet.mpi2015-08-311-4/+9
| | | | | | Found while comparing IPv4 and IPv6 versions. ok naddy@
* `encif' should only be used under #ifdef NPF.mpi2015-08-312-6/+4
| | | | Reported by jsg@, ok deraadt@
* Use a global table for domains instead of building a list at run time.mpi2015-08-301-2/+2
| | | | | | | As a side effect there's no need to run if_attachdomain() after the list of domains has been built. ok claudio@, reyk@
* nd6_prefix_add() is no longer used and die.mpi2015-08-242-50/+2
|
* Start moving away from the global prefix list by limiting its usage tompi2015-08-245-70/+47
| | | | | | | | | AUTOCONF'd addresses. This prevent the kernel from removing connected (/64) routes as soon as it configures an AUTOCONF'd address based on a RA. Tested by sebastia@, ok sthen@
* Always increment the reference counter of the returned route entry inmpi2015-08-241-16/+3
| | | | | | | | | | rtrequest1(9). This simplifies rtfree(9) dances and will prevent another CPU to free the entry before we're done with it as soon as routing functions can be executed in parallel. ok bluhm@, mikeb@
* Rework the code to decide when to perform DAD to no longer rely on thempi2015-08-246-102/+47
| | | | | | | | | IN6_IFF_NODAD pseudo-flag not being set. This was just a flag for spaghetti code that should not exist in the first place. Tested by sebastia@, ok sthen@
* In kernel initialize struct sockaddr_in and sockaddr_in6 to zerobluhm2015-08-243-8/+9
| | | | | | | everywhere to avoid passing around pointers to uninitialized stack memory. While there, fix the call to in6_recoverscope() in fill_drlist(). OK deraadt@ mpi@
* Use simple byte pointer arithmetic and memcpy from/to aligned stacknaddy2015-08-231-40/+42
| | | | | | variables to handle the "packed" binary format passed out to userland when querying the prefix/router list. From NetBSD (Martin Husemann). ok mpi@
* Move to tame(int flags, char *paths[]) API/ABI.deraadt2015-08-221-2/+1
| | | | | | | | | | | | The pathlist is a whitelist of dirs and files; anything else returns ENOENT. Recommendation is to use a narrowly defined list. Also add TAME_FATTR, which permits explicit change operations against "struct stat" fields. Some other TAME_ flags are refined slightly. Not cranking libc now, since nothing commited in base uses this and the timing is uncomfortable for others. Discussed with many; thanks for a few bug fixes from semarie, doug, guenther. ok guenther
* Convert all calls to rtrequest1() and the following error checkbluhm2015-08-193-45/+34
| | | | | | into a common pattern. In the man page clarify the usage of the returned route. OK mpi@ mikeb@ jmc@
* Remove some verbose logs in in6_update_ifa() now that errors arempi2015-08-191-41/+6
| | | | propagated.
* Call rtfree(9) when we no longer need the route entry rather thanmpi2015-08-182-35/+13
| | | | | | | | | | decrementing rt_refcnt just after rtrequest1(9). While here reduce the differences with rt_ifa_add(9). There's still an ambiguity about rtrequest1(9)'s return value, but bluhm@ will address that in a different diff. Discussed with and ok bluhm@
* Check the error value returned by in6_ifattach().mpi2015-08-181-2/+6
| | | | Prodded by and ok bluhm@
* Remove anoying comment about in6_update_ifa().mpi2015-08-172-19/+2
|
* Use __func__ rather than the function name in log(9) calls to removempi2015-08-171-14/+11
| | | | some grep output noise.
* Remove backward compatibilify goos for IN6_IFF_DEPRECATED and insteadmpi2015-08-121-9/+2
| | | | | | reject SIOCAIFADDR_IN6 ioctl(2) where it is set. ok jca@, bluhm@
* Implement pf divert-reply for raw sockets. Note that an emptybluhm2015-07-282-2/+8
| | | | | | | | | divert->addr means that the rule has a divert-reply option. With divert-to the divert->addr is always set. The divert-reply rules should compare the original packet with the socket addresses. So skip the step that compares the inp->inp_laddr with the empty divert->addr. OK mikeb@
* iDo not link an ICMP6 socket to the pf state. When multiple ICMPbluhm2015-07-281-2/+3
| | | | | | | packets with a different ICMP ID are sent over the same raw socket, multiple states should be created. Put a similar check into rip6_output() like in the IPv4 case. OK mikeb@
* tame(2) is a subsystem which restricts programs into a "reduced featurederaadt2015-07-191-1/+7
| | | | | | operating model". This is the kernel component; various changes should proceed in-tree for a while before userland programs start using it. ok miod, discussions and help from many
* Abstract the routing table internals behind an rtable_* API.mpi2015-07-182-21/+12
| | | | | | | | | | Code abusing the radix internals for the routing table should now includes <net/rtable.h> and only deal with "struct rtentry". Code using a radix tree for another purpose can still include <net/radix.h>. Inputs from and ok claudio@, mikeb@
* Merge two identical chunks to add new prefixes to the global datampi2015-07-184-85/+72
| | | | | | structures into a function. ok florian@
* Remove #if 0'ed code and update comment.florian2015-07-171-9/+1
| | | | | | | There is no need to handle managed/other flags for router advertisments in the kernel according to the rfcs. Remove stale todo comment; we do handle the on-link bit. OK mpi
* Kill IP_ROUTETOETHER.mpi2015-07-163-8/+8
| | | | | | | | | This pseudo-option is a hack to support return-rst on bridge(4). It passes Ethernet information via a "struct route" through ip_output(). "struct route" is slowly dying... ok claudio@, benno@
* Expand ancient NTOHL/NTOHS/HTONS/HTONL macros.mpi2015-07-161-2/+2
| | | | ok guenther@, henning@
* Properly layer Router Solicitation code.mpi2015-07-164-60/+88
| | | | Tweak and ok florian@
* Kill incorrect and never set ``dad_ignore_ns'' button.mpi2015-07-161-14/+1
| | | | ok phessler@
* m_freem() can handle NULL, do not check for this condition beforehands.deraadt2015-07-155-46/+28
| | | | ok stsp mpi
* Recognize CARP interfaces when sending packet to a multicast address.mpi2015-07-151-1/+2
| | | | | | | Fix a regression introduced when carp(4) left ether_output() found the hardway by florian@ and phessler@. ok benno@
* rename mbuf ** parameter from m to mp, to match other similar codederaadt2015-07-151-3/+3
|
* Remove unused arguments and the associated code from nd6_nud_hint().mpi2015-07-092-19/+9
| | | | ok claudio@
* Pass an interface index instead of a pointer to in6_addr2scopeid().mpi2015-07-085-25/+21
| | | | ok millert@
* Use a new RTF_CONNECTED flag for interface (connected) routes.mpi2015-07-081-5/+3
| | | | | | | | | | | | | | | | | Recent changes to support multiple interface routes broke the assumption made by all our userland routing daemons concerning interface routes. Historically such routes had a "gateway" sockaddr of type AF_LINK. But to be able to support multiple interface routes as any other multipath routes, they now have a unique "gateway" sockaddr containing their corresponding IP address. This self-describing flag should avoid ambiguity when dealing with interface routes. Issue reported by <mxb AT alumni DOT chalmers DOT se> and benno@ ok claudio@, benno@
* unifdef IN6_IFSTAT_STRICT.mpi2015-07-081-16/+1
| | | | ok deraadt@, millert@
* Get rid of the undocumented & temporary* m_copy() macro added formpi2015-06-305-14/+16
| | | | | | | | compatibility with 4.3BSD in September 1989. *Pick your own definition for "temporary". ok bluhm@, claudio@, dlg@
* Store a unique ID, an interface index, rather than a pointer to thempi2015-06-1613-67/+104
| | | | | | | | | | | | | | | receiving interface in the packet header of every mbuf. The interface pointer should now be retrieved when necessary with if_get(). If a NULL pointer is returned by if_get(), the interface has probably been destroy/removed and the mbuf should be freed. Such mechanism will simplify garbage collection of mbufs and limit problems with dangling ifp pointers. Tested by jmatthew@ and krw@, discussed with many. ok mikeb@, bluhm@, dlg@
* More damned eye searing whitespace. No change to .o files.krw2015-06-0818-137/+137
|
* Put the link-layer address back into the gateway field of RTF_LOCALmpi2015-06-061-6/+3
| | | | | | | | | | | | routes. Since such routes are also flagged with RTF_LLINFO various code path assume correctly that they contain valid ARP or ND information. This fixes the "arpresolve: unresolved and rt_expire == 0" issue reported on tech@ by mxb <mxb AT alumni DOT chalmers DOT se>. ok claudio@, phessler@
* Remove unused sa_dl.mpi2015-06-041-5/+1
|
* Store the IP address of the corresponding ifa in the rt_gateway fieldmpi2015-05-262-9/+5
| | | | | | | | | | | | | | | of RTF_CLONING and RTF_BROASCAST routes to not create MPATH conflicts when IP address aliases are used. This change makes it possible to have multiple RTF_CLONING routes with the same priority. Note that any of the existing RTF_CLONING route might be used by the kernel to create a RTF_CLONED route which should not be a problem with aliases since they are attached to the same ifp. This unbreak address aliases since the kernel supports multiple connected routes for a subnet. Found the hardway by djm@, ok claudio@
* remove PACKET_TAG_IPSEC_PENDING_TDB, it is never set; ok mikeb@markus2015-05-232-33/+6
|
* Allow multiple connected/interface routes to exist at the same time.claudio2015-05-153-25/+23
| | | | | | | | | | | Use the existing multipath code. Switch away from using the ifa address when making the cloning route and instead put a dummy sockaddr_dl route in. With this it is possible to use the same network on multiple interfaces at the same time. So if wireless and ethernet share the same network the system will use the wired connection as long as there is link. Still missing is builtin proxy-arp for the other interface IPs to allow hitless failover. OK mpi@
* test mbuf pointers against NULL not 0jsg2015-05-132-7/+7
| | | | ok krw@ miod@
* MPLS also needs a definition for etherip_output(), fix build withoutmpi2015-05-121-2/+2
| | | | bridge.
* Do not call nd6_purge() before purging the IPv6 addresses of a detachedmpi2015-04-273-30/+8
| | | | | | | | | | interface. Fix a use after free introduced in r1.98 of netinet6/in6.c and recently exposed by a crazy pool/malloc damage finder being currently refined by dlg@ and deraadt@. ok mikeb@, henning@
* Do not treat loopback interfaces as p2p interfaces and create onlympi2015-04-201-4/+6
| | | | | | | | | | | | | | | | | | | | | one route to "::1". Due to a clever BSD trick, the `ifa_dstaddr` field of addresses on IFF_LOOPBACK ifps is set to the same value that `ifa_addr`. That's why filtering for broadcast addresses is so complicated, because guess what, `ifa_broadaddr` is the same as `ifa_dstaddr`! Sadly our IPv6 code was "only" checking for `ifa_dstaddr` without looking if the ifa was attached to a IFF_POINTOTPOINT interface. So it always tried to create two routes to "::1" and, with the recent RTF_LOCAL work, succeed. You should now have only one local route to "::1". ::1 ::1 UHl 14 0 32768 1 lo0 -::1 ::1 UH 0 0 32768 4 lo0 ok henning@
* Always call rt_ifa_dellocal(9) when removing an IPv6 address.mpi2015-04-201-32/+4
| | | | | | | | | | The routing layer already check for the correct ifa when asked to delete a local route, so do not try to be clever here. This change also prevent having a NULL ifp pointer in your routing table when you delete loopback interfaces having the same address. ok henning@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.