Home | History | Annotate | Download | only in netinet6
History log of /src/sys/netinet6/in6.h
RevisionDateAuthorComments
 1.101  31-Jul-2021  andvar fix typos in comments
 1.100  08-Sep-2020  christos branches: 1.100.6;
Add IP_BINDANY, IPV6_BINDANY which can be used to bind to any address in
order to implement transparent proxies.
 1.99  12-Jun-2020  roy Remove in-kernel handling of Router Advertisements

This is much better handled by a user-land tool.
Proposed on tech-net here:
https://mail-index.netbsd.org/tech-net/2020/04/22/msg007766.html

Note that the ioctl SIOCGIFINFO_IN6 no longer sets flags. That now
needs to be done using the pre-existing SIOCSIFINFO_FLAGS ioctl.

Compat is fully provided where it makes sense, but trying to turn on
RA handling will obviously throw an error as it no longer exists.

Note that if you use IPv6 temporary addresses, this now needs to be
turned on in dhcpcd.conf(5) rather than in sysctl.conf(5).
 1.98  01-Nov-2019  knakahara Make global and per-interface ipsecif(4) pmtu tunable like gif(4).

And make hop limit tunable same as gif(4).

See http://mail-index.netbsd.org/source-changes/2019/10/30/msg110426.html
 1.97  30-Oct-2019  knakahara Add sysctl nodes to control fragmentation with IPv[46] over IPv6 gif(4).

New sysctl node "net.inet6.ip6.gifpmtu" means
- 0 (default)
Fragment by IPV6_MMTU. All packets reach the destination certainly,
however the long packet performance is poor.
This is same behavior as before.
- 1
Fragment by outer interface's MTU. The long packet performance would
be good, however the packets may be dropped in some network paths
whose path MTU less than the interface's MTU.
- others
undefined yet

New sysctl node "net.interfaces.gif*.pmtu" means
- -1 (default)
Use system default value (net.inet6.ip6.gifpmtu).
- 0
Fragment by IPV6_MMTU for this gif(4) tunnel.
- 1
Fragment by outer interface's MTU for this gif(4) tunnel.
- others
undefined yet

See RFC4459 for more information and other solutions.
 1.96  05-Sep-2019  kamil Revert regression introduced in in6.h r. 1.95
 1.95  28-May-2019  kamil Decorate struct in6_addr with the __packed attribute

This avoids undefined behavior when accessing misaligned pointers.

Detected by kUBSan.

Patch by Akul Pillai.
 1.95  28-May-2019  kamil branches: 1.95.2;
Decorate struct in6_addr with the __packed attribute

This avoids undefined behavior when accessing misaligned pointers.

Detected by kUBSan.

Patch by Akul Pillai.
 1.94  10-Dec-2018  christos need <sys/endian.h> (or arpa/inet.h) for ntohl() used in macros.
 1.93  22-Aug-2018  msaitoh - Cleanup for dynamic sysctl:
- Remove unused *_NAMES macros for sysctl.
- Remove unused *_MAXID for sysctls.
- Move CTL_MACHDEP sysctl definitions for m68k into m68k/include/cpu.h and
use them on all m68k machines.
 1.92  10-Aug-2018  maxv Rename

ip6_undefer_csum -> in6_undefer_cksum
in6_delayed_cksum -> in6_undefer_cksum_tcpudp

The two previous names were inconsistent and misleading.

Put the two functions into in6_offload.c. Add comments to explain what
we're doing.

Same as IPv4.
 1.91  19-Apr-2018  christos branches: 1.91.2;
s/static inline/static __inline/g for consistency.
 1.90  09-Feb-2018  maxv branches: 1.90.2;
Remove dead code.
 1.89  30-Jan-2018  maxv Style, localify, remove dead code, and fix typos. No functional change.
 1.88  10-Jan-2018  knakahara add ipsec(4) interface, which is used for route-based VPN.

man and ATF are added later, please see man for details.

reviewed by christos@n.o, joerg@n.o and ozaki-r@n.o, thanks.
https://mail-index.netbsd.org/tech-net/2017/12/18/msg006557.html
 1.87  15-Feb-2016  rtr branches: 1.87.10;
Reduce code duplication.

Split creation of IPv4-Mapped IPv6 addresses into its own function
and use it.

No functional change intended. As posted to tech-net@
 1.86  12-Dec-2015  christos Hook up the addrctl stuff that's already there.
 1.85  07-Aug-2015  ozaki-r Use time_uptime instead of time_second to avoid time leaps

Some codes in sys/net* use time_second to manage time periods such as
cache expirations. However, time_second doesn't increase monotonically
and can leap by say settimeofday(2) according to time_second(9). We
should use time_uptime instead of it to avoid such time leaps.

This change replaces time_second with time_uptime. Additionally it
converts a time based on time_uptime to a time based on time_second
when the kernel passes the time to userland programs that expect
the latter, and vice versa.

Note that we shouldn't leak time_uptime to other hosts over the
netowrk. My investigation shows there is no such leak:
http://mail-index.netbsd.org/tech-net/2015/08/06/msg005332.html

Discussed on tech-kern and tech-net.
 1.84  22-Apr-2015  roy Move INET6 specific in6_if_{up,down}() and in6_if_link_{up,down}()
into agnostic domain functions.
 1.83  20-Feb-2015  rjs Declare input argument to in6_sin_2_v4mapsin6 to be const, allows an
address from the route cache to be used as the input.

ok christos@.
 1.82  20-Jan-2015  roy Add net.inet6.ip6.prefer_tempaddr sysctl knob so that we can prefer
IPv6 temporary addresses as the source address.

Fixes PR kern/47100 based on a patch by Dieter Roelants.
 1.81  02-Dec-2014  christos use the new printing code.
 1.80  02-Dec-2014  christos add routines to print in6_addr and sockaddr_in6 (in6_print, sin6_print)
 1.79  12-Oct-2014  christos branches: 1.79.2;
document that we depend on the option numbers matching.
 1.78  05-Jun-2014  rmind branches: 1.78.2;
- Implement pktqueue interface for lockless IP input queue.
- Replace ipintrq and ip6intrq with the pktqueue mechanism.
- Eliminate kernel-lock from ipintr() and ip6intr().
- Some preparation work to push softnet_lock out of ipintr().

Discussed on tech-net.
 1.77  05-Jun-2014  roy Add IPV6CTL_AUTO_LINKLOCAL and ND6_IFF_AUTO_LINKLOCAL toggles which
control the automatic creation of IPv6 link-local addresses when an
interface is brought up.

Taken from FreeBSD.
 1.76  30-May-2014  christos Introduce 2 new variables: ipsec_enabled and ipsec_used.
Ipsec enabled is controlled by sysctl and determines if is allowed.
ipsec_used is set automatically based on ipsec being enabled, and
rules existing.
 1.75  19-Oct-2013  christos branches: 1.75.2;
define constants for scopeid function flags.
 1.74  19-Oct-2013  christos add scopeid functions
 1.73  20-Jun-2013  roy branches: 1.73.2;
Move the detaching and making tentative addresses out if in6_if_up
and into in6_if_link_up.

This fixes a possible panic where link is up but not the interface.
Note that a better solution would be to listen to the routing socket
in the kernel, but I don't know how to do that.

Reachable Router tests for IFF_UP as well.
 1.72  11-Jun-2013  roy When an interface link state changes to down, mark all attached IPv6
addresses as detached.
Likewise, when the link state changes to up, mark all detached IPv6
as tentative and start DAD on them.

Advertised router reachability now checks that link state is not down.
This means that when an interface link state changes, the default IPv6
router may change as well.
 1.71  27-Apr-2013  joerg Systematically include sys/featuretest.h when _NETBSD_SOURCE is used.
Some are redundant, but make verification with grep much easier.
 1.70  22-Jun-2012  christos branches: 1.70.2;
PR/46602: Move the rfc6056 port randomization to the IP layer.
 1.69  24-May-2011  spz branches: 1.69.4;
RA flood mitigation via a limit on accepted routes:
- introduce a limit for the routes accepted via IPv6 Router Advertisement:
a common 2 interface client will have 6, the default limit is 100 and
can be adjusted via sysctl
- report the current number of routes installed via RA via sysctl
- count discarded route additions. Note that one RA message is two routes.
This is at present only across all interfaces even though per-interface
would be more useful, since the per-interface structure complies to RFC2466
- bump kernel version due to the previous change
- adjust netstat to use the new value (with netstat -p icmp6)
 1.68  11-Sep-2009  dyoung branches: 1.68.4; 1.68.6;
Make ifconfig(8) set and display preference numbers for IPv6
addresses. Make the kernel support SIOC[SG]IFADDRPREF for IPv6
interface addresses.

In in6ifa_ifpforlinklocal(), consult preference numbers before
making an otherwise arbitrary choice of in6_ifaddr. Otherwise,
preference numbers are *not* consulted by the kernel, but that will
be rather easy for somebody with a little bit of free time to fix.

Please note that setting the preference number for a link-local
IPv6 address does not work right, yet, but that ought to be fixed
soon.

In support of the changes above,

1 Add a method to struct domain for "externalizing" a sockaddr, and
provide an implementation for IPv6. Expect more work in this area: it
may be more proper to say that the IPv6 implementation "internalizes"
a sockaddr. Add sockaddr_externalize().

2 Add a subroutine, sofamily(), that returns a struct socket's address
family or AF_UNSPEC.

3 Make a lot of IPv4-specific code generic, and move it from
sys/netinet/ to sys/net/ for re-use by IPv6 parts of the kernel and
ifconfig(8).
 1.67  19-Aug-2009  seanb - Newer gcc was throwning a 'dereferencing type-punned pointer will
break strict-aliasing rules' warning against IN6_IS_ADDR_* macros
at -O2 -Wall.
 1.66  25-Dec-2007  perry branches: 1.66.2; 1.66.10;
Convert many of the uses of __attribute__ to equivalent
__packed, __unused and __dead macros from cdefs.h
 1.65  01-Nov-2007  dyoung branches: 1.65.2; 1.65.4; 1.65.8;
De-__P().
 1.64  24-Oct-2007  dyoung Replace rote sockaddr_in6 initializations (memset(), set sa6_family,
sa6_len, and sa6_add) with sockaddr_in6_init() calls.

De-__P(). Constify. KNF. Shorten a staircase. Change bcmp() to
memcmp().

Extract subroutine in6_setzoneid() from in6_setscope(), for re-use
soon.
 1.63  07-Oct-2007  joerg branches: 1.63.2;
NetBSD doesn't have to care about missing bcmp on OpenBSD/SPARC,
just use memcmp in both kernel and userland.
 1.62  30-Aug-2007  dyoung branches: 1.62.2;
Use malloc(9) for sockaddrs instead of pool(9), and remove dom_sa_pool
and dom_sa_len members from struct domain. Pools of fixed-size
objects are too rigid for sockaddr_dls, whose size can vary over
a wide range.

Return sockaddr_dl to its "historical" size. Now that I'm using
malloc(9) instead of pool(9) to allocate sockaddr_dl, I can create
a sockaddr_dl of any size in the kernel, so expanding sockaddr_dl
is useless.

Avoid using sizeof(struct sockaddr_dl) in the kernel.

Introduce sockaddr_dl_alloc() for allocating & initializing an
arbitrary sockaddr_dl on the heap.

Add an argument, the sockaddr length, to sockaddr_alloc(),
sockaddr_copy(), and sockaddr_dl_setaddr().

Constify: LLADDR() -> CLLADDR().

Where the kernel overwrites LLADDR(), use sockaddr_dl_setaddr(),
instead. Used properly, sockaddr_dl_setaddr() will not overrun
the end of the sockaddr.
 1.61  28-Jun-2007  christos branches: 1.61.2; 1.61.6; 1.61.8;
Add functions to do mapped address conversions from FreeBSD.
 1.60  02-May-2007  dyoung Eliminate address family-specific route caches (struct route, struct
route_in6, struct route_iso), replacing all caches with a struct
route.

The principle benefit of this change is that all of the protocol
families can benefit from route cache-invalidation, which is
necessary for correct routing. Route-cache invalidation fixes an
ancient PR, kern/3508, at long last; it fixes various other PRs,
also.

Discussions with and ideas from Joerg Sonnenberger influenced this
work tremendously. Of course, all design oversights and bugs are
mine.

DETAILS

1 I added to each address family a pool of sockaddrs. I have
introduced routines for allocating, copying, and duplicating,
and freeing sockaddrs:

struct sockaddr *sockaddr_alloc(sa_family_t af, int flags);
struct sockaddr *sockaddr_copy(struct sockaddr *dst,
const struct sockaddr *src);
struct sockaddr *sockaddr_dup(const struct sockaddr *src, int flags);
void sockaddr_free(struct sockaddr *sa);

sockaddr_alloc() returns either a sockaddr from the pool belonging
to the specified family, or NULL if the pool is exhausted. The
returned sockaddr has the right size for that family; sa_family
and sa_len fields are initialized to the family and sockaddr
length---e.g., sa_family = AF_INET and sa_len = sizeof(struct
sockaddr_in). sockaddr_free() puts the given sockaddr back into
its family's pool.

sockaddr_dup() and sockaddr_copy() work analogously to strdup()
and strcpy(), respectively. sockaddr_copy() KASSERTs that the
family of the destination and source sockaddrs are alike.

The 'flags' argumet for sockaddr_alloc() and sockaddr_dup() is
passed directly to pool_get(9).

2 I added routines for initializing sockaddrs in each address
family, sockaddr_in_init(), sockaddr_in6_init(), sockaddr_iso_init(),
etc. They are fairly self-explanatory.

3 structs route_in6 and route_iso are no more. All protocol families
use struct route. I have changed the route cache, 'struct route',
so that it does not contain storage space for a sockaddr. Instead,
struct route points to a sockaddr coming from the pool the sockaddr
belongs to. I added a new method to struct route, rtcache_setdst(),
for setting the cache destination:

int rtcache_setdst(struct route *, const struct sockaddr *);

rtcache_setdst() returns 0 on success, or ENOMEM if no memory is
available to create the sockaddr storage.

It is now possible for rtcache_getdst() to return NULL if, say,
rtcache_setdst() failed. I check the return value for NULL
everywhere in the kernel.

4 Each routing domain (struct domain) has a list of live route
caches, dom_rtcache. rtflushall(sa_family_t af) looks up the
domain indicated by 'af', walks the domain's list of route caches
and invalidates each one.
 1.59  17-Feb-2007  dyoung branches: 1.59.4; 1.59.6;
KNF: de-__P, bzero -> memset, bcmp -> memcmp. Remove extraneous
parentheses in return statements.

Cosmetic: don't open-code TAILQ_FOREACH().

Cosmetic: change types of variables to avoid oodles of casts: in
in6_src.c, avoid casts by changing several route_in6 pointers
to struct route pointers. Remove unnecessary casts to caddr_t
elsewhere.

Pave the way for eliminating address family-specific route caches:
soon, struct route will not embed a sockaddr, but it will hold
a reference to an external sockaddr, instead. We will set the
destination sockaddr using rtcache_setdst(). (I created a stub
for it, but it isn't used anywhere, yet.) rtcache_free() will
free the sockaddr. I have extracted from rtcache_free() a helper
subroutine, rtcache_clear(). rtcache_clear() will "forget" a
cached route, but it will not forget the destination by releasing
the sockaddr. I use rtcache_clear() instead of rtcache_free()
in rtcache_update(), because rtcache_update() is not supposed
to forget the destination.

Constify:

1 Introduce const accessor for route->ro_dst, rtcache_getdst().

2 Constify the 'dst' argument to ifnet->if_output(). This
led me to constify a lot of code called by output routines.

3 Constify the sockaddr argument to protosw->pr_ctlinput. This
led me to constify a lot of code called by ctlinput routines.

4 Introduce const macros for converting from a generic sockaddr
to family-specific sockaddrs, e.g., sockaddr_in: satocsin6,
satocsin, et cetera.
 1.58  15-Feb-2007  seanb branches: 1.58.2;
Typo in comment.
 1.57  31-Oct-2006  cbiere Commented out IPv6 socket options which are no longer supported.
 1.56  07-Jun-2006  kardel branches: 1.56.6; 1.56.8;
merge FreeBSD timecounters from branch simonb-timecounters
- struct timeval time is gone
time.tv_sec -> time_second
- struct timeval mono_time is gone
mono_time.tv_sec -> time_uptime
- access to time via
{get,}{micro,nano,bin}time()
get* versions are fast but less precise
- support NTP nanokernel implementation (NTP API 4)
- further reading:
Timecounter Paper: http://phk.freebsd.dk/pubs/timecounter.pdf
NTP Nanokernel: http://www.eecis.udel.edu/~mills/ntp/html/kern.html
 1.55  07-May-2006  rpaulo branches: 1.55.2;
Use C99 uintXX_t types so that applications don't need to include
sys/types.h directly (as in the past).
 1.54  05-May-2006  rpaulo Add support for RFC 3542 Adv. Socket API for IPv6 (which obsoletes 2292).
* RFC 3542 isn't binary compatible with RFC 2292.
* RFC 2292 support is on by default but can be disabled.
* update ping6, telnet and traceroute6 to the new API.

From the KAME project (www.kame.net).
Reviewed by core.
 1.53  29-Mar-2006  dyoung Add predicate IN6_IS_SCOPE_EMBEDDABLE(__a), which is true if and
only if the address __a is the type in which the IPv6 stack embeds
scope information.
 1.52  16-Feb-2006  perry branches: 1.52.2; 1.52.4; 1.52.6;
Change "inline" back to "__inline" in .h files -- C99 is still too
new, and some apps compile things in C89 mode. C89 keywords stay.

As per core@.
 1.51  21-Jan-2006  rpaulo branches: 1.51.2; 1.51.4;
Better support of IPv6 scoped addresses.

- most of the kernel code will not care about the actual encoding of
scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
scoped addresses as a special case.
- scope boundary check will be stricter. For example, the current
*BSD code allows a packet with src=::1 and dst=(some global IPv6
address) to be sent outside of the node, if the application do:
s = socket(AF_INET6);
bind(s, "::1");
sendto(s, some_global_IPv6_addr);
This is clearly wrong, since ::1 is only meaningful within a single
node, but the current implementation of the *BSD kernel cannot
reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
entry in in6_ifdetach() as it's already gone.

This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.

From the KAME project via JINMEI Tatuya.
Approved by core@.
 1.50  24-Dec-2005  perry branches: 1.50.2;
Remove leading __ from __(const|inline|signed|volatile) -- it is obsolete.
 1.49  20-Dec-2005  christos Forward declarations for structs.
 1.48  10-Dec-2005  elad Multiple inclusion protection, as suggested by christos@ on tech-kern@
few days ago.
 1.47  28-Aug-2005  rpaulo Implement net.inet6.ip6.stats sysctl.

Reviewed by Elad Efrat.
 1.46  10-Aug-2005  yamt ipv6 tx checksum offloading. reviewed by Jason Thorpe.
 1.45  11-Jun-2004  itojun branches: 1.45.12;
implement IPV6_USE_MIN_MTU sockopt. needed by bind9 + EDNS0 + big receive buffer.
 1.44  12-Nov-2003  itojun branches: 1.44.2;
implement net.inet6.ifq
 1.43  07-Aug-2003  agc Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22364, verified by myself.
 1.42  28-Apr-2003  bjh21 branches: 1.42.2;
Add a new feature-test macro, _NETBSD_SOURCE. If this is defined
by the application, all NetBSD interfaces are made visible, even
if some other feature-test macro (like _POSIX_C_SOURCE) is defined.
<sys/featuretest.h> defined _NETBSD_SOURCE if none of _ANSI_SOURCE,
_POSIX_C_SOURCE and _XOPEN_SOURCE is defined, so as to preserve
existing behaviour.

This has two major advantages:
+ Programs that require non-POSIX facilities but define _POSIX_C_SOURCE
can trivially be overruled by putting -D_NETBSD_SOURCE in their CFLAGS.
+ It makes most of the #ifs simpler, in that they're all now ORs of the
various macros, rather than having checks for (!defined(_ANSI_SOURCE) ||
!defined(_POSIX_C_SOURCE) || !defined(_XOPEN_SOURCE)) all over the place.

I've tried not to change the semantics of the headers in any case where
_NETBSD_SOURCE wasn't defined, but there were some places where the
current semantics were clearly mad, and retaining them was harder than
correcting them. In particular, I've mostly normalised things so that
_ANSI_SOURCE gets you the smallest set of stuff, then _POSIX_C_SOURCE,
_XOPEN_SOURCE and _NETBSD_SOURCE in that order.

Tested by building for vax, encouraged by thorpej, and uncontested in
tech-userlevel for a week.
 1.41  08-Jun-2002  itojun sync with latest KAME in6_ifaddr/prefix/default router manipulation.
behavior changes:
- two iocts used by ndp(8) are now obsolete (backward compat provided).
use sysctl path instead.
- lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
 1.40  28-May-2002  itojun limit number of IPv6 fragments (not the fragment queue size) to
fight against lots-of-frags DoS attacks. sync w/kame
 1.39  14-May-2002  itojun branches: 1.39.2; 1.39.4;
rename: net.inet6.ip6.bindv6only -> net.inet6.ip6.v6only
sync w/kame.
 1.38  13-May-2002  kleink * Use uint{8,32}_t from <netinet/in.h> where applicable; use private
fixed-width integer types otherwise.
* Protect RFC 2292 prototypes, which are not XNS5.2/POSIX-2001; also, define
size_t for inet6_rthdr_space().
 1.37  13-May-2002  kleink IPV6PORT_* aren't in the reserved namespace either.
 1.36  13-May-2002  kleink Check _POSIX_C_SOURCE as well.
 1.35  13-May-2002  kleink Update two comments.
 1.34  12-May-2002  kleink Provide local definitions of in_{addr,port}_t in <netinet/in.h> and use
them where deemed appropriate by XNS5.2/POSIX-2001.
 1.33  21-Dec-2001  itojun whitespace/costmetic sync w/kame
 1.32  17-Nov-2001  perry (minor) delint
 1.31  24-Oct-2001  itojun more whitespace sync with kame
 1.30  18-Oct-2001  itojun branches: 1.30.2;
reduce diffs with kame (mostly cosmetic).
move IPV6_CHECKSUM processing to sys/netinet6/raw_ip6.c.
constify a couple of places.
 1.29  16-Oct-2001  itojun reduce diff with kame. whitespace only
 1.28  15-Oct-2001  itojun implement IPV6_V6ONLY socket option from draft-ietf-ipngwg-rfc2553bis-03.txt.
IPV6_BINDV6ONLY (netbsd only) is deprecated, but still work just like before.
 1.27  24-Jul-2001  itojun fix comment on setsockopt arg size. KAME PR 369
 1.26  02-Jun-2001  thorpej branches: 1.26.2;
Implement support for IP/TCP/UDP checksum offloading provided by
network interfaces. This works by pre-computing the pseudo-header
checksum and caching it, delaying the actual checksum to ip_output()
if the hardware cannot perform the sum for us. In-bound checksums
can either be fully-checked by hardware, or summed up for final
verification by software. This method was modeled after how this
is done in FreeBSD, although the code is significantly different in
most places.

We don't delay checksums for IPv6/TCP, but we do take advantage of the
cached pseudo-header checksum.

Note: hardware-assisted checksumming defaults to "off". It is
enabled with ifconfig(8). See the manual page for details.

Implement hardware-assisted checksumming on the DP83820 Gigabit Ethernet,
3c90xB/3c90xC 10/100 Ethernet, and Alteon Tigon/Tigon2 Gigabit Ethernet.
 1.25  30-Mar-2001  itojun fix constness of IN6_{IS,ARE}_xx with RFC2553. sync with kame.
 1.24  02-Mar-2001  itojun branches: 1.24.2;
have comment that refers to kame COVERAGE document. sync with kame
 1.23  02-Mar-2001  itojun the date string in KAME version is getting very meaningless, remove.
 1.22  11-Feb-2001  itojun pull latest kame pcbnotify code. synchronizes ICMPv6 path mtu discovery
behavior with other protocols (i.e. validation, use of hiwat/lowat).
 1.21  17-Oct-2000  itojun use __P() in prototype for non-ansi compilers.
From: Michael Shalayeff <mickey@lucifier.remote.dti.net>
(we don't ansify it for kame code sharing)
 1.20  27-Aug-2000  itojun add a warning on IPv6 setsockopt number space (*BSD shares the number space
so consult KAME for number allocation)
 1.19  26-Aug-2000  itojun implement net.inet6.ip6.{anon,low}port{min,max} sysctl variable.
 1.18  16-Jul-2000  itojun do not pull sys/queue.h from netinet6/in6.h. PR10597.
some sync with kame.
 1.17  06-Jul-2000  christos elide lint cast type conversion warnings.
 1.16  26-Jun-2000  kleink XNS5.2: define sa_family_t and use it where specified by the standard.
 1.15  08-Jun-2000  danw branches: 1.15.2;
Use _POSIX_SOURCE-safe type names
 1.14  24-May-2000  itojun branches: 1.14.2;
enforce parameter type check for IN6_ARE_ADDR_EQUAL(). (sync with kame)
 1.13  28-Feb-2000  itojun remove some of cross-BSD portability #ifdef.
remove xxCTL_VARS, which is BSDI specific.
 1.12  19-Feb-2000  itojun s/u_char/u_int8_t/ for sin6_{family,len}
 1.11  17-Feb-2000  darrenr Change the use of pfil hooks. There is no longer a single list of all
pfil information, instead, struct protosw now contains a structure
which caontains list heads, etc. The per-protosw pfil struct is passed
to pfil_hook_get(), along with an in/out flag to get the head of the
relevant filter list. This has been done for only IPv4 and IPv6, at
present, with these patches only enabling filtering for IPPROTO_IP and
IPPROTO_IPV6, although it is possible to have tcp/udp, etc, dedicated
filters now also. The ipfilter code has been updated to only filter
IPv4 packets - next major release of ipfilter is required for ipv6.
 1.10  09-Feb-2000  itojun to improve RFC2553/2292 compliance, and promote use of
RFC2553/2292-compliant header file path, now the following headers are
forbidden:
netinet6/ip6.h
netinet6/icmp6.h
netinet6/in6.h

if you want netinet6/{ip6,icmp6}.h, use netinet/{ip6,icmp6}.h.

if you want netinet6/in6.h, you just need to include netinet/in.h.
it pulls it in.
(we may need to integrate them into netinet/in.h, but for cross-BSD code
sharing i'd like to keep it like this for now)
 1.9  06-Jan-2000  itojun remove extra portability #ifdef (like #ifdef __FreeBSD__) in KAME IPv6/IPsec
code, from netbsd-current repository.
#ifdef'ed version is always available from ftp.kame.net.

XXX please do not make too many diff-unfriendly changes, we'll need to take
bunch of diffs on upgrade...
 1.8  06-Jan-2000  itojun make IPV6_BINDV6ONLY setsockopt available. it controls behavior of
AF_INET6 wildcard listening socket. heavily documented in ip6(4).
net.inet6.ip6.bindv6only defines default value. default is 1.

"options INET6_BINDV6ONLY" removes any code fragment that supports
IPV6_BINDV6ONLY == 0 case (not defopt'ed as use of this is rare).
 1.7  13-Dec-1999  itojun sync IPv6 part with latest KAME tree. IPsec part is left unmodified
due to massive changes in KAME side.
- IPv6 output goes through nd6_output
- faith can capture IPv4 packets as well - you can run IPv4-to-IPv6 translator
using heavily modified DNS servers
- per-interface statistics (required for IPv6 MIB)
- interface autoconfig is revisited
- udp input handling has a big change for mapped address support.
- introduce in4_cksum() for non-overwriting checksumming
- introduce m_pulldown()
- neighbor discovery cleanups/improvements
- netinet/in.h strictly conforms to RFC2553 (no extra defs visible to userland)
- IFA_STATS is fixed a bit (not tested)
- and more more more.

TODO:
- cleanup os-independency #ifdef
- avoid rcvif dual use (for IPsec) to help ifdetach

(sorry for jumbo commit, I can't separate this any more...)
 1.6  06-Jul-1999  itojun branches: 1.6.2; 1.6.8;
sync with KAME/NetBSD 1.4, SNAP kit 19990705.
key changes are:
- icmp6 redirect fix (dst check)
- revised ip6 multicast check for loopback i/f
- several RCS ID cleanups
 1.5  03-Jul-1999  thorpej RCS ID police.
 1.4  03-Jul-1999  kleink Take a stab at namespace protection. For now, only the obvious problems are
addressed, the culprit being the lack of a namespace definition for an IPv6-
extended <netinet/in.h> in XNS5.2 D2.0; I'll try to work something out and
submit it to the review WG.
 1.3  02-Jul-1999  itojun move ipsec sysctl index to IPPROTO_AH (instead of IPPROTO_ESP),
so that you can perform sysctl operation when ESP is not compiled in.
 1.2  01-Jul-1999  itojun branches: 1.2.2;
IPv6 kernel code, based on KAME/NetBSD 1.4, SNAP kit 19990628.
(Sorry for a big commit, I can't separate this into several pieces...)
Pls check sys/netinet6/TODO and sys/netinet6/IMPLEMENTATION for details.

- sys/kern: do not assume single mbuf, accept chained mbuf on passing
data from userland to kernel (or other way round).
- "midway" ATM card: ATM PVC pseudo device support, like those done in ALTQ
package (ftp://ftp.csl.sony.co.jp/pub/kjc/).
- sys/netinet/tcp*: IPv4/v6 dual stack tcp support.
- sys/netinet/{ip6,icmp6}.h, sys/net/pfkeyv2.h: IETF document assumes those
file to be there so we patch it up.
- sys/netinet: IPsec additions are here and there.
- sys/netinet6/*: most of IPv6 code sits here.
- sys/netkey: IPsec key management code
- dev/pci/pcidevs: regen

In my understanding no code here is subject to export control so it
should be safe.
 1.1  28-Jun-1999  itojun branches: 1.1.2;
file in6.h was initially added on branch kame.
 1.1.2.3  30-Nov-1999  itojun bring in latest KAME (as of 19991130, KAME/NetBSD141) into kame branch
just for reference purposes.
This commit includes 1.4 -> 1.4.1 sync for kame branch.

The branch does not compile at all (due to the lack of ALTQ and some other
source code). Please do not try to modify the branch, this is just for
referenre purposes.

synchronization to latest KAME will take place on HEAD branch soon.
 1.1.2.2  06-Jul-1999  itojun KAME/NetBSD 1.4, SNAP kit 1999/07/05.
NOTE: this branch is just for reference purposes (i.e. for taking cvs diff).
do not touch anything on the branch. actual work must be done on HEAD branch.
 1.1.2.1  28-Jun-1999  itojun KAME/NetBSD 1.4 SNAP kit, dated 19990628.

NOTE: this branch (kame) is used just for refernce. this may not compile
due to multiple reasons.
 1.2.2.3  02-Aug-1999  thorpej Update from trunk.
 1.2.2.2  01-Jul-1999  thorpej Sync w/ -current.
 1.2.2.1  01-Jul-1999  thorpej file in6.h was added on branch chs-ubc2 on 1999-07-01 23:48:27 +0000
 1.6.8.1  27-Dec-1999  wrstuden Pull up to last week's -current.
 1.6.2.4  21-Apr-2001  bouyer Sync with HEAD
 1.6.2.3  12-Mar-2001  bouyer Sync with HEAD.
 1.6.2.2  11-Feb-2001  bouyer Sync with HEAD.
 1.6.2.1  20-Nov-2000  bouyer Update thorpej_scsipi to -current as of a month ago
 1.14.2.1  22-Jun-2000  minoura Sync w/ netbsd-1-5-base.
 1.15.2.4  18-Oct-2000  tv Pullup 1.21 [itojun]:
use __P() in prototype for non-ansi compilers.
From: Michael Shalayeff <mickey@lucifier.remote.dti.net>
(we don't ansify it for kame code sharing)
 1.15.2.3  27-Aug-2000  itojun pullup 1.19 -> 1.20 (approved by releng-1-5)

> add a warning on IPv6 setsockopt number space (*BSD shares the number space
> so consult KAME for number allocation)
 1.15.2.2  27-Aug-2000  itojun pullup (approved by releng-1-5)

> implement net.inet6.ip6.{anon,low}port{min,max} sysctl variable.

> cvs rdiff -r1.67 -r1.68 basesrc/lib/libc/gen/sysctl.3
> cvs rdiff -r1.53 -r1.54 basesrc/sbin/sysctl/sysctl.8
> cvs rdiff -r1.18 -r1.19 syssrc/sys/netinet6/in6.h
> cvs rdiff -r1.29 -r1.30 syssrc/sys/netinet6/in6_pcb.c
> cvs rdiff -r1.3 -r1.4 syssrc/sys/netinet6/in6_src.c
> cvs rdiff -r1.25 -r1.26 syssrc/sys/netinet6/ip6_input.c
> cvs rdiff -r1.14 -r1.15 syssrc/sys/netinet6/ip6_var.h
 1.15.2.1  16-Jul-2000  itojun pullup 1.17 -> 1.18 (approved by releng-1-5)
do not pull sys/queue.h from netinet6/in6.h. PR10597.
some sync with kame.
 1.24.2.7  20-Jun-2002  nathanw Catch up to -current.
 1.24.2.6  08-Jan-2002  nathanw Catch up to -current.
 1.24.2.5  14-Nov-2001  nathanw Catch up to -current.
 1.24.2.4  22-Oct-2001  nathanw Catch up to -current.
 1.24.2.3  24-Aug-2001  nathanw Catch up with -current.
 1.24.2.2  21-Jun-2001  nathanw Catch up to -current.
 1.24.2.1  09-Apr-2001  nathanw Catch up with -current.
 1.26.2.3  23-Jun-2002  jdolecek catch up with -current on kqueue branch
 1.26.2.2  10-Jan-2002  thorpej Sync kqueue branch with -current.
 1.26.2.1  03-Aug-2001  lukem update to -current
 1.30.2.1  12-Nov-2001  thorpej Sync the thorpej-mips-cache branch with -current.
 1.39.4.1  14-Jun-2004  jmc Pullup rev 1.45 (requested by itojun in ticket #1709)

Implement IPV6_USE_MIN_MTU sockopt.
 1.39.2.2  20-Jun-2002  gehenna catch up with -current.
 1.39.2.1  30-May-2002  gehenna Catch up with -current.
 1.42.2.5  11-Dec-2005  christos Sync with head.
 1.42.2.4  10-Nov-2005  skrll Sync with HEAD. Here we go again...
 1.42.2.3  21-Sep-2004  skrll Fix the sync with head I botched.
 1.42.2.2  18-Sep-2004  skrll Sync with HEAD.
 1.42.2.1  03-Aug-2004  skrll Sync with HEAD
 1.44.2.1  14-Jun-2004  tron Pull up revision 1.45 (requested by itojun in ticket #468):
implement IPV6_USE_MIN_MTU sockopt. needed by bind9 + EDNS0 + big receive buffer.
 1.45.12.7  21-Jan-2008  yamt sync with head
 1.45.12.6  15-Nov-2007  yamt sync with head.
 1.45.12.5  27-Oct-2007  yamt sync with head.
 1.45.12.4  03-Sep-2007  yamt sync with head.
 1.45.12.3  26-Feb-2007  yamt sync with head.
 1.45.12.2  30-Dec-2006  yamt sync with head.
 1.45.12.1  21-Jun-2006  yamt sync with head.
 1.50.2.2  18-Feb-2006  yamt sync with head.
 1.50.2.1  01-Feb-2006  yamt sync with head.
 1.51.4.3  01-Jun-2006  kardel Sync with head.
 1.51.4.2  22-Apr-2006  simonb Sync with head.
 1.51.4.1  04-Feb-2006  simonb Adapt for timecounters: mostly use get*time(), use bintime's for timeout
calculations and use "time_second" instead of "time.tv_sec".
 1.51.2.1  09-Sep-2006  rpaulo sync with head
 1.52.6.2  24-May-2006  tron Merge 2006-05-24 NetBSD-current into the "peter-altq" branch.
 1.52.6.1  31-Mar-2006  tron Merge 2006-03-31 NetBSD-current into the "peter-altq" branch.
 1.52.4.2  11-May-2006  elad sync with head
 1.52.4.1  19-Apr-2006  elad sync with head.
 1.52.2.3  26-Jun-2006  yamt sync with head.
 1.52.2.2  24-May-2006  yamt sync with head.
 1.52.2.1  01-Apr-2006  yamt sync with head.
 1.55.2.1  19-Jun-2006  chap Sync with head.
 1.56.8.1  10-Dec-2006  yamt sync with head.
 1.56.6.1  18-Nov-2006  ad Sync with head.
 1.58.2.2  07-May-2007  yamt sync with head.
 1.58.2.1  27-Feb-2007  yamt - sync with head.
- move sched_changepri back to kern_synch.c as it doesn't know PPQ anymore.
 1.59.6.1  11-Jul-2007  mjf Sync with head.
 1.59.4.3  09-Oct-2007  ad Sync with head.
 1.59.4.2  15-Jul-2007  ad Sync with head.
 1.59.4.1  08-Jun-2007  ad Sync with head.
 1.61.8.2  09-Jan-2008  matt sync with HEAD
 1.61.8.1  06-Nov-2007  matt sync with HEAD
 1.61.6.3  04-Nov-2007  jmcneill Sync with HEAD.
 1.61.6.2  26-Oct-2007  joerg Sync with HEAD.

Follow the merge of pmap.c on i386 and amd64 and move
pmap_init_tmp_pgtbl into arch/x86/x86/pmap.c. Modify the ACPI wakeup
code to restore CR4 before jumping back into kernel space as the large
page option might cover that.
 1.61.6.1  03-Sep-2007  jmcneill Sync with HEAD.
 1.61.2.1  03-Sep-2007  skrll Sync with HEAD.
 1.62.2.1  14-Oct-2007  yamt sync with head.
 1.63.2.1  13-Nov-2007  bouyer Sync with HEAD
 1.65.8.1  02-Jan-2008  bouyer Sync with HEAD
 1.65.4.1  26-Dec-2007  ad Sync with head.
 1.65.2.1  18-Feb-2008  mjf Sync with HEAD.
 1.66.10.1  16-Sep-2009  yamt sync with head
 1.66.2.1  22-Feb-2008  keiichi imported Mobile IPv6 code developed by the SHISA project
(http://www.mobileip.jp/).
 1.68.6.1  06-Jun-2011  jruoho Sync with HEAD.
 1.68.4.1  31-May-2011  rmind sync with head
 1.69.4.2  22-May-2014  yamt sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
 1.69.4.1  30-Oct-2012  yamt sync with head
 1.70.2.3  03-Dec-2017  jdolecek update from HEAD
 1.70.2.2  20-Aug-2014  tls Rebase to HEAD as of a few days ago.
 1.70.2.1  23-Jun-2013  tls resync from head
 1.73.2.1  18-May-2014  rmind sync with head
 1.75.2.1  10-Aug-2014  tls Rebase.
 1.78.2.1  23-Jan-2015  martin Pull up following revision(s) (requested by pettai in ticket #441):
sys/netinet6/ip6_var.h: revision 1.64
sys/netinet6/in6.h: revision 1.82
sys/netinet6/in6_src.c: revision 1.56
sys/netinet6/mld6.c: revision 1.62
sys/netinet6/ip6_input.c: revision 1.150
sys/netinet6/ip6_output.c: revision 1.161
Add net.inet6.ip6.prefer_tempaddr sysctl knob so that we can prefer
IPv6 temporary addresses as the source address.
Fixes PR kern/47100 based on a patch by Dieter Roelants.
 1.79.2.5  19-Mar-2016  skrll Sync with HEAD
 1.79.2.4  27-Dec-2015  skrll Sync with HEAD (as of 26th Dec)
 1.79.2.3  22-Sep-2015  skrll Sync with HEAD
 1.79.2.2  06-Jun-2015  skrll Sync with HEAD
 1.79.2.1  06-Apr-2015  skrll Sync with HEAD
 1.87.10.1  11-Feb-2018  snj Pull up following revision(s) (requested by ozaki-r in ticket #536):
distrib/sets/lists/base/shl.mi: 1.825
distrib/sets/lists/comp/mi: 1.2168-1.2169
distrib/sets/lists/comp/shl.mi: 1.310
distrib/sets/lists/debug/mi: 1.234
distrib/sets/lists/debug/shl.mi: 1.188
distrib/sets/lists/man/mi: 1.1570
distrib/sets/lists/tests/mi: 1.772
etc/mtree/NetBSD.dist.tests: 1.150
share/man/man4/Makefile: 1.650
share/man/man4/ipsec.4: 1.42-1.43
share/man/man4/ipsecif.4: 1.1-1.5
sys/arch/amd64/conf/ALL: 1.77
sys/arch/amd64/conf/GENERIC: 1.480
sys/conf/files: 1.1191
sys/net/Makefile: 1.34
sys/net/files.net: 1.14
sys/net/if.c: 1.404
sys/net/if.h: 1.248
sys/net/if_gif.c: 1.135
sys/net/if_ipsec.c: 1.1-1.3
sys/net/if_ipsec.h: 1.1
sys/net/if_l2tp.c: 1.16
sys/net/if_types.h: 1.28
sys/netinet/in.c: 1.214
sys/netinet/in.h: 1.103
sys/netinet/in_gif.c: 1.92
sys/netinet/ip_var.h: 1.122
sys/netinet6/in6.c: 1.257
sys/netinet6/in6.h: 1.88
sys/netinet6/in6_gif.c: 1.90
sys/netinet6/ip6_var.h: 1.75
sys/netipsec/Makefile: 1.6
sys/netipsec/files.netipsec: 1.13
sys/netipsec/ipsec.h: 1.62
sys/netipsec/ipsecif.c: 1.1
sys/netipsec/ipsecif.h: 1.1
sys/netipsec/key.c: 1.246-1.247
sys/netipsec/key.h: 1.34
sys/rump/net/Makefile.rumpnetcomp: 1.20
sys/rump/net/lib/libipsec/IPSEC.ioconf: 1.1
sys/rump/net/lib/libipsec/Makefile: 1.1
sys/rump/net/lib/libipsec/ipsec_component.c: 1.1
tests/net/Makefile: 1.34
tests/net/if_ipsec/Makefile: 1.1
tests/net/if_ipsec/t_ipsec.sh: 1.1-1.2
Don't touch an SP without a reference to it
unify processing to check nesting count for some tunnel protocols.
add ipsec(4) interface, which is used for route-based VPN.
man and ATF are added later, please see man for details.
reviewed by christos@n.o, joerg@n.o and ozaki-r@n.o, thanks.
https://mail-index.netbsd.org/tech-net/2017/12/18/msg006557.html
ipsec(4) interface supports rump now.
add ipsec(4) interface ATF.
add ipsec(4) interface man as ipsecif.4.
add ipsec(4) interface to amd64/GENERIC and amd64/ALL configs.
apply in{,6}_tunnel_validate() to gif(4).
Spell IPsec that way. Simplify macro usage. Sort SEE ALSO. Bump
date for previous.
Improve wording and macro use.
Some parts are not clear to me, so someone with knowledge of ipsecif(4)
should improve this some more.
Improve ipsecif.4. Default port ipsec(4) NAT-T is tested now.
pointed out by wiz@n.o and suggested by ozaki-r@n.o, thanks.
Change the prefix of test names to ipsecif_ to distinguish from tests for ipsec(4)
New sentence, new line. Remove empty macro.
Fix PR kern/52920. Pointed out by David Binderman, thanks.
Improve wording, and put a new drawing, from me and Kengo Nakahara.
apply a little more #ifdef INET/INET6. fixes !INET6 builds.
 1.90.2.3  26-Dec-2018  pgoyette Sync with HEAD, resolve a few conflicts
 1.90.2.2  06-Sep-2018  pgoyette Sync with HEAD

Resolve a couple of conflicts (result of the uimin/uimax changes)
 1.90.2.1  22-Apr-2018  pgoyette Sync with HEAD
 1.91.2.2  13-Apr-2020  martin Mostly merge changes from HEAD upto 20200411
 1.91.2.1  10-Jun-2019  christos Sync with HEAD
 1.95.2.1  06-Sep-2019  martin Pull up following revision(s) (requested by kamil in ticket #183):

sys/netinet6/in6.h: revision 1.96

Revert regression introduced in in6.h r. 1.95
 1.95  28-May-2019  kamil Decorate struct in6_addr with the __packed attribute
This avoids undefined behavior when accessing misaligned pointers.
Detected by kUBSan.
Patch by Akul Pillai.
 1.100.6.1  01-Aug-2021  thorpej Sync with HEAD.

RSS XML Feed