| History log of /src/sys/netinet6/nd6.h |
| Revision | | Date | Author | Comments |
| 1.91 |
| 11-Sep-2020 |
roy | inet6: Use generic Neighor Detection rather than IPv6 specific
No functional change intended.
|
| 1.90 |
| 20-Aug-2020 |
roy | Sprinkle some const
|
| 1.89 |
| 12-Jun-2020 |
roy | Remove in-kernel handling of Router Advertisements
This is much better handled by a user-land tool.
Proposed on tech-net here:
https://mail-index.netbsd.org/tech-net/2020/04/22/msg007766.html
Note that the ioctl SIOCGIFINFO_IN6 no longer sets flags. That now
needs to be done using the pre-existing SIOCSIFINFO_FLAGS ioctl.
Compat is fully provided where it makes sense, but trying to turn on
RA handling will obviously throw an error as it no longer exists.
Note that if you use IPv6 temporary addresses, this now needs to be
turned on in dhcpcd.conf(5) rather than in sysctl.conf(5).
|
| 1.88 |
| 25-Sep-2019 |
ozaki-r | Initialize DAD components properly
The original code initialized each component in non-init functions such as
arp_dad_start and nd6_dad_find, conditionally based on a global flag for each.
However, it was racy because the flag and the code around it were not
protected by a lock and could cause a kernel panic at worst.
Fix the issue by initializing the components in bootup as usual.
|
| 1.87 |
| 01-Sep-2019 |
roy | inet6: Re-introduce ND6_LLINFO_WAITDELETE so we can return EHOSTDOWN
Once we've sent nd6_mmaxtries NS messages, send RTM_MISS and move to the
ND6_LLINFO_WAITDELETE state rather than freeing the llentry right away.
Wait for a probe cycle and then free the llentry.
If a connection attempts to re-use the llentry during ND6_LLINFO_WAITDELETE,
return EHOSTDOWN (or EHOSTUNREACH if a gateway) to match inet behaviour.
Continue to ND6_LLINFO_INCOMPLETE and send another NS probe in hope of a
reply. Rinse and repeat.
This reverts part of nd6.c r1.14 - an 18 year old commit!
|
| 1.86 |
| 06-Mar-2018 |
roy | branches: 1.86.2; 1.86.6;
nd6: add a nonce to DaD probes in-case they are looped back to us
This implements RFC 7527, based a similar change in FreeBSD.
|
| 1.85 |
| 22-Jun-2017 |
ozaki-r | branches: 1.85.4;
Remove unused function (nd6_rem_ifa_lle)
|
| 1.84 |
| 21-Jun-2017 |
ozaki-r | Don't create a permanent L2 cache entry on adding an address to an interface
It was created to copy FreeBSD, however actually the cache isn't
necessary. Remove it to simplify the code and reduce the cost to
maintain it (e.g., keep a consistency with a corresponding local
route).
|
| 1.83 |
| 22-Feb-2017 |
ozaki-r | branches: 1.83.6;
Fix prefix invalidation via nd6_timer
We cannot remove a prefix there. Instead just invalidate it; the prefix
will be removed when purging an associated address. This is the same as
the original behavior.
|
| 1.82 |
| 14-Feb-2017 |
ozaki-r | Do ND in L2_output in the same manner as arpresolve
The benefits of this change are:
- The flow is consistent with IPv4 (and FreeBSD and OpenBSD)
- old: ip6_output => nd6_output (do ND if needed) => L2_output (lookup a stored cache)
- new: ip6_output => L2_output (lookup a cache. Do ND if cache not found)
- We can remove some workarounds in nd6_output
- We can move L2 specific operations to their own place
- The performance slightly improves because one cache lookup is reduced
|
| 1.81 |
| 19-Dec-2016 |
ozaki-r | branches: 1.81.2;
Protect IPv6 default router and prefix lists with coarse-grained rwlock
in6_purgeaddr (in6_unlink_ifa) itself unrefernces a prefix entry and calls
nd6_prelist_remove if the counter becomes 0, so callers doesn't need to
handle the reference counting.
Performance-sensitive paths (sending/forwarding packets) call just one
reader lock. This is a trade-off between performance impact vs. the amount
of efforts; if we want to remove the reader lock, we need huge amount of
works including destroying objects with psz/psref in softint, for example.
|
| 1.80 |
| 19-Dec-2016 |
ozaki-r | Get rid of extra nd6_purge from in6_ifdetach
There were two nd6_purge in in6_ifdetach for some reason, but at least now
We don't need extra nd6_purge. Remove it and instead add assertions that
check if surely purged.
|
| 1.79 |
| 14-Dec-2016 |
ozaki-r | Make functions static
|
| 1.78 |
| 12-Dec-2016 |
ozaki-r | Introduce macros for the prefix list
No functional change.
|
| 1.77 |
| 12-Dec-2016 |
ozaki-r | Introduce macros for the default router list
No functional change.
|
| 1.76 |
| 11-Dec-2016 |
ozaki-r | Add nd6_ prefix to exported functions
|
| 1.75 |
| 11-Dec-2016 |
ozaki-r | Move default interface things from nd6_rtr.c to nd6.c
|
| 1.74 |
| 11-Dec-2016 |
ozaki-r | Make some functions static
|
| 1.73 |
| 11-Dec-2016 |
ozaki-r | Remove function declarations that have no actual definition
|
| 1.72 |
| 04-Apr-2016 |
ozaki-r | branches: 1.72.2;
Separate nexthop caches from the routing table
By this change, nexthop caches (IP-MAC address pair) are not stored
in the routing table anymore. Instead nexthop caches are stored in
each network interface; we already have lltable/llentry data structure
for this purpose. This change also obsoletes the concept of cloning/cloned
routes. Cloned routes no longer exist while cloning routes still exist
with renamed to connected routes.
Noticeable changes are:
- Nexthop caches aren't listed in route show/netstat -r
- sysctl(NET_RT_DUMP) doesn't return them
- If RTF_LLDATA is specified, it returns nexthop caches
- Several definitions of routing flags and messages are removed
- RTF_CLONING, RTF_XRESOLVE, RTF_LLINFO, RTF_CLONED and RTM_RESOLVE
- RTF_CONNECTED is added
- It has the same value of RTF_CLONING for backward compatibility
- route's -xresolve, -[no]cloned and -llinfo options are removed
- -[no]cloning remains because it seems there are users
- -[no]connected is introduced and recommended
to be used instead of -[no]cloning
- route show/netstat -r drops some flags
- 'L' and 'c' are not seen anymore
- 'C' now indicates a connected route
- Gateway value of a route of an interface address is now not
a L2 address but "link#N" like a connected (cloning) route
- Proxy ARP: "arp -s ... pub" doesn't create a route
You can know details of behavior changes by seeing diffs under tests/.
Proposed on tech-net and tech-kern:
http://mail-index.netbsd.org/tech-net/2016/03/11/msg005701.html
|
| 1.71 |
| 01-Apr-2016 |
ozaki-r | Refine nd6log
Add __func__ to nd6log itself instead of adding it to callers.
|
| 1.70 |
| 01-Apr-2016 |
ozaki-r | Tidy up nd6_timer initialization
|
| 1.69 |
| 07-Dec-2015 |
ozaki-r | CID 1341546: Fix integer handling issue (CONSTANT_EXPRESSION_RESULT)
n > INT_MAX where n is a long integer variable never be true on 32bit
architectures. Use time_t(int64_t) instead of long for the variable.
|
| 1.68 |
| 25-Nov-2015 |
ozaki-r | Use lltable/llentry for NDP
lltable and llentry were introduced to replace ARP cache data structure
for further restructuring of the routing table: L2 nexthop cache
separation. This change replaces the NDP cache data structure
(llinfo_nd6) with them as well as ARP.
One noticeable change is for neighbor cache GC mechanism that was
introduced to prevent IPv6 DoS attacks. net.inet6.ip6.neighborgcthresh
was the max number of caches that we store in the system. After
introducing lltable/llentry, the value is changed to be per-interface
basis because lltable/llentry stores neighbor caches in each interface
separately. And the change brings one degradation; the old GC mechanism
dropped exceeded packets based on LRU while the new implementation drops
packets in order from the beginning of lltable (a hash table + linked
lists). It would be improved in the future.
Added functions in in6.c come from FreeBSD (as of r286629) and are
tweaked for NetBSD.
Proposed on tech-kern and tech-net.
|
| 1.67 |
| 18-Nov-2015 |
ozaki-r | Stop passing llinfo_nd6 to nd6_ns_output
This is a restructuring for coming changes to nd6 (replacing
llinfo_nd6 with llentry). Once we have a lock of llinfo_nd6,
we need to pass it to nd6_ns_output with holding the lock.
However, in a function subsequent to nd6_ns_output, the llinfo_nd6
may be looked up, i.e., its lock would be acquired again.
To avoid such a situation, pass only required data (in6_addr) to
nd6_ns_output instead of passing whole llinfo_nd6.
Inspired by FreeBSD
|
| 1.66 |
| 17-Jul-2015 |
ozaki-r | Reform use of rt_refcnt
rt_refcnt of rtentry was used in bad manners, for example, direct rt_refcnt++
and rt_refcnt-- outside route.c, "rt->rt_refcnt++; rtfree(rt);" idiom, and
touching rt after rt->rt_refcnt--.
These abuses seem to be needed because rt_refcnt manages only references
between rtentry and doesn't take care of references during packet processing
(IOW references from local variables). In order to reduce the above abuses,
the latter cases should be counted by rt_refcnt as well as the former cases.
This change improves consistency of use of rt_refcnt:
- rtentry is always accessed with rt_refcnt incremented
- rtentry's rt_refcnt is decremented after use (rtfree is always used instead
of rt_refcnt--)
- functions returning rtentry increment its rt_refcnt (and caller rtfree it)
Note that rt_refcnt prevents rtentry from being freed but doesn't prevent
rtentry from being updated. Toward MP-safe, we need to provide another
protection for rtentry, e.g., locks. (Or introduce a better data structure
allowing concurrent readers during updates.)
|
| 1.65 |
| 15-Jul-2015 |
ozaki-r | Remove unused arguments and the associated code from nd6_nud_hint()
from OpenBSD
|
| 1.64 |
| 25-Feb-2015 |
roy | Rename nd6_rtmsg() to rt_newmsg() and move into the generic routing code
as it's not IPv6 specific and will be used elsewhere.
|
| 1.63 |
| 25-Feb-2015 |
roy | Retire nd6_newaddrmsg and use rt_newaddrmsg directly instead so that
we don't spam route changes when the route hasn't changed.
|
| 1.62 |
| 23-Feb-2015 |
martin | Rearange interface detachement slightly: before we free the INET6 specific
per-interface data, make sure to call nd6_purge() with it to remove
routing entries pointing to the going interface.
When we should happen to call this function again later, with the data
already gone, just return.
Fixes PR kern/49682, ok: christos.
|
| 1.61 |
| 16-Dec-2014 |
roy | Report route additions/changes/deletions for cached neighbours to userland.
|
| 1.60 |
| 05-Sep-2014 |
matt | branches: 1.60.2;
Don't use C++ keyword as variable.
Use different prefix for nd6_prefixctl members than for nd6_prefix members.
|
| 1.59 |
| 05-Jun-2014 |
roy | branches: 1.59.2;
Add IPV6CTL_AUTO_LINKLOCAL and ND6_IFF_AUTO_LINKLOCAL toggles which
control the automatic creation of IPv6 link-local addresses when an
interface is brought up.
Taken from FreeBSD.
|
| 1.58 |
| 21-May-2013 |
roy | branches: 1.58.6;
For IPv6, emit RTM_NEWADDR once DAD completes and also when address flag
changes. Tentative addresses are not emitted.
Version bumped so userland can detect this behaviour change.
|
| 1.57 |
| 23-Jun-2012 |
christos | branches: 1.57.2;
4 new sysctls to avoid ipv6 DoS attacks from OpenBSD
|
| 1.56 |
| 19-Nov-2011 |
tls | branches: 1.56.4; 1.56.8; 1.56.10;
First step of random number subsystem rework described in
<20111022023242.BA26F14A158@mail.netbsd.org>. This change includes
the following:
An initial cleanup and minor reorganization of the entropy pool
code in sys/dev/rnd.c and sys/dev/rndpool.c. Several bugs are
fixed. Some effort is made to accumulate entropy more quickly at
boot time.
A generic interface, "rndsink", is added, for stream generators to
request that they be re-keyed with good quality entropy from the pool
as soon as it is available.
The arc4random()/arc4randbytes() implementation in libkern is
adjusted to use the rndsink interface for rekeying, which helps
address the problem of low-quality keys at boot time.
An implementation of the FIPS 140-2 statistical tests for random
number generator quality is provided (libkern/rngtest.c). This
is based on Greg Rose's implementation from Qualcomm.
A new random stream generator, nist_ctr_drbg, is provided. It is
based on an implementation of the NIST SP800-90 CTR_DRBG by
Henric Jungheim. This generator users AES in a modified counter
mode to generate a backtracking-resistant random stream.
An abstraction layer, "cprng", is provided for in-kernel consumers
of randomness. The arc4random/arc4randbytes API is deprecated for
in-kernel use. It is replaced by "cprng_strong". The current
cprng_fast implementation wraps the existing arc4random
implementation. The current cprng_strong implementation wraps the
new CTR_DRBG implementation. Both interfaces are rekeyed from
the entropy pool automatically at intervals justifiable from best
current cryptographic practice.
In some quick tests, cprng_fast() is about the same speed as
the old arc4randbytes(), and cprng_strong() is about 20% faster
than rnd_extract_data(). Performance is expected to improve.
The AES code in src/crypto/rijndael is no longer an optional
kernel component, as it is required by cprng_strong, which is
not an optional kernel component.
The entropy pool output is subjected to the rngtest tests at
startup time; if it fails, the system will reboot. There is
approximately a 3/10000 chance of a false positive from these
tests. Entropy pool _input_ from hardware random numbers is
subjected to the rngtest tests at attach time, as well as the
FIPS continuous-output test, to detect bad or stuck hardware
RNGs; if any are detected, they are detached, but the system
continues to run.
A problem with rndctl(8) is fixed -- datastructures with
pointers in arrays are no longer passed to userspace (this
was not a security problem, but rather a major issue for
compat32). A new kernel will require a new rndctl.
The sysctl kern.arandom() and kern.urandom() nodes are hooked
up to the new generators, but the /dev/*random pseudodevices
are not, yet.
Manual pages for the new kernel interfaces are forthcoming.
|
| 1.55 |
| 11-Nov-2011 |
gdt | Move RTF_ANNOUNCE flag so that it no longer conflicts with RTF_PROTO2.
RTF_ANNOUNCE was defined as RTF_PROTO2. The flag is used to indicated
that host should act as a proxy for a link level arp or ndp request.
(If RTF_PROTO2 is used as an experimental flag (as advertised),
various problems can occur.)
This commit provides a first-class definition with its own bit for
RTF_ANNOUNCE, removes the old aliasing definitions, and adds support
for the new RTF_ANNOUNCE flag to netstat(8) and route(8).,
Also, remove unused RTF_ flags that collide with RTF_PROTO1:
netinet/icmp6.h defined RTF_PROBEMTU as RTF_PROTO1
netinet/if_inarp.h defined RTF_USETRAILERS as RTF_PROTO1
(Neither of these flags are used anywhere. Both have been removed
to reduce chances of collision with RTF_PROTO1.)
Figuring this out and the diff are the work of Beverly Schwartz of
BBN.
(Passed release build, boot in VM, with no apparently related atf
failures.)
Approved for Public Release, Distribution Unlimited
This material is based upon work supported by the Defense Advanced
Research Projects Agency and Space and Naval Warfare Systems Center,
Pacific, under Contract No. N66001-09-C-2073.
|
| 1.54 |
| 24-May-2011 |
spz | branches: 1.54.4;
RA flood mitigation via a limit on accepted routes:
- introduce a limit for the routes accepted via IPv6 Router Advertisement:
a common 2 interface client will have 6, the default limit is 100 and
can be adjusted via sysctl
- report the current number of routes installed via RA via sysctl
- count discarded route additions. Note that one RA message is two routes.
This is at present only across all interfaces even though per-interface
would be more useful, since the per-interface structure complies to RFC2466
- bump kernel version due to the previous change
- adjust netstat to use the new value (with netstat -p icmp6)
|
| 1.53 |
| 06-Nov-2009 |
dyoung | branches: 1.53.4; 1.53.6;
Fix net.inet6.ip6.accept_rtadv and 'ndp -i <interface> accept_rtadv':
Add a flag ND6_IFF_OVERRIDE_RTADV that tells the kernel to override
ip6_accept_rtadv (net.inet6.ip6.accept_rtadv) on an interface.
Add a routine nd6_accepts_rtadv(ndi) that evaluates both the flags
on the interface represented by ndi and ip6_accept_rtadv, and
returns 'true' if the given interface should accept Router
Advertisements, and 'false' if not.
Now, ND6_IFF_ACCEPT_RTADV works as it was historically documented:
if it is set, then accept router advertisements iff ip6_accept_rtadv
!= 0. Otherwise, do not accept router advertisements.
If ND6_IFF_OVERRIDE_RTADV is set, then the flag ND6_IFF_ACCEPT_RTADV
overrides ip6_accept_rtadv: if ND6_IFF_ACCEPT_RTADV is set, accept;
otherwise reject. Ignore ip6_accept_rtadv.
If neither ND6_IFF_ACCEPT_RTADV nor ND6_IFF_OVERRIDE_RTADV is set,
reject Router Advertisements.
|
| 1.52 |
| 15-Jan-2009 |
christos | - switch the lifetime struct to time_t and provide compatibility for the
old ioctl.
|
| 1.51 |
| 24-Oct-2008 |
dyoung | branches: 1.51.2;
Constify the rt_addrinfo argument to the ifa_rtrequest member
function of struct ifaddr.
|
| 1.50 |
| 30-Aug-2007 |
dyoung | branches: 1.50.16; 1.50.20; 1.50.24; 1.50.30;
Use malloc(9) for sockaddrs instead of pool(9), and remove dom_sa_pool
and dom_sa_len members from struct domain. Pools of fixed-size
objects are too rigid for sockaddr_dls, whose size can vary over
a wide range.
Return sockaddr_dl to its "historical" size. Now that I'm using
malloc(9) instead of pool(9) to allocate sockaddr_dl, I can create
a sockaddr_dl of any size in the kernel, so expanding sockaddr_dl
is useless.
Avoid using sizeof(struct sockaddr_dl) in the kernel.
Introduce sockaddr_dl_alloc() for allocating & initializing an
arbitrary sockaddr_dl on the heap.
Add an argument, the sockaddr length, to sockaddr_alloc(),
sockaddr_copy(), and sockaddr_dl_setaddr().
Constify: LLADDR() -> CLLADDR().
Where the kernel overwrites LLADDR(), use sockaddr_dl_setaddr(),
instead. Used properly, sockaddr_dl_setaddr() will not overrun
the end of the sockaddr.
|
| 1.49 |
| 07-Aug-2007 |
dyoung | branches: 1.49.2; 1.49.4;
Avoid writing past the end of the buffer [lldst, lldst + dstsize)
in nd6_storelladdr().
Use sockaddr_dl_setaddr(). Constify some sockaddr_dl's. Constify
a sockaddr argument to nd6_na_output(). Change SDL() to "standard"
satocsdl() or satosdl(). Change SIN6() to satocsin6() or satosin6().
bcmp -> memcmp, bcopy -> memcpy.
|
| 1.48 |
| 19-Jul-2007 |
dyoung | branches: 1.48.4;
Take steps to hide the radix_node implementation of the forwarding table
from the forwarding table's users:
Introduce rt_walktree() for walking the routing table and
applying a function to each rtentry. Replace most
rn_walktree() calls with it.
Use rt_getkey()/rt_setkey() to get/set a route's destination.
Keep a pointer to the sockaddr key in the rtentry, so that
rtentry users do not have to grovel in the radix_node for
the key.
Add a RTM_GET method to rtrequest. Use that instead of
radix_node lookups in, e.g., carp(4).
Add sys/net/link_proto.c, which supplies sockaddr routines for
link-layer socket addresses (sockaddr_dl).
Cosmetic:
Constify. KNF. Stop open-coding LIST_FOREACH, TAILQ_FOREACH,
et cetera. Use NULL instead of 0 for null pointers. Use
__arraycount(). Reduce gratuitous parenthesization.
Stop using variadic arguments for rip6_output(), it is
unnecessary.
Remove the unnecessary rtentry member rt_genmask and the
code to maintain it, since nothing actually used it.
Make rt_maskedcopy() easier to read by using meaningful variable
names.
Extract a subroutine intern_netmask() for looking up a netmask in
the masks table.
Start converting backslash-ridden IPv6 macros in
sys/netinet6/in6_var.h into inline subroutines that one
can read without special eyeglasses.
One functional change: when the kernel serves an RTM_GET, RTM_LOCK,
or RTM_CHANGE request, it applies the netmask (if supplied) to a
destination before searching for it in the forwarding table.
I have changed sys/netinet/ip_carp.c, carp_setroute(), to remove
the unlawful radix_node knowledge.
Apart from the changes to carp(4), netiso, ATM, and strip(4), I
have run the changes on three nodes in my wireless routing testbed,
which involves IPv4 + IPv6 dynamic routing acrobatics, and it's
working beautifully so far.
|
| 1.47 |
| 17-May-2007 |
dyoung | branches: 1.47.2;
Fix the memory leak reported in kern/36337. Thanks Matthias Scheler
for the heads-up. My fix is based on the following patches from
FreeBSD, however, I extracted the code into a subroutine,
nd6_llinfo_release_pkts():
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet6/nd6.c.diff?r1=1.48.2.18;r2=1.48.2.19
http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/netinet6/nd6_nbr.c.diff?r1=1.29.2.8;r2=1.29.2.9
|
| 1.46 |
| 02-May-2007 |
dyoung | Eliminate address family-specific route caches (struct route, struct
route_in6, struct route_iso), replacing all caches with a struct
route.
The principle benefit of this change is that all of the protocol
families can benefit from route cache-invalidation, which is
necessary for correct routing. Route-cache invalidation fixes an
ancient PR, kern/3508, at long last; it fixes various other PRs,
also.
Discussions with and ideas from Joerg Sonnenberger influenced this
work tremendously. Of course, all design oversights and bugs are
mine.
DETAILS
1 I added to each address family a pool of sockaddrs. I have
introduced routines for allocating, copying, and duplicating,
and freeing sockaddrs:
struct sockaddr *sockaddr_alloc(sa_family_t af, int flags);
struct sockaddr *sockaddr_copy(struct sockaddr *dst,
const struct sockaddr *src);
struct sockaddr *sockaddr_dup(const struct sockaddr *src, int flags);
void sockaddr_free(struct sockaddr *sa);
sockaddr_alloc() returns either a sockaddr from the pool belonging
to the specified family, or NULL if the pool is exhausted. The
returned sockaddr has the right size for that family; sa_family
and sa_len fields are initialized to the family and sockaddr
length---e.g., sa_family = AF_INET and sa_len = sizeof(struct
sockaddr_in). sockaddr_free() puts the given sockaddr back into
its family's pool.
sockaddr_dup() and sockaddr_copy() work analogously to strdup()
and strcpy(), respectively. sockaddr_copy() KASSERTs that the
family of the destination and source sockaddrs are alike.
The 'flags' argumet for sockaddr_alloc() and sockaddr_dup() is
passed directly to pool_get(9).
2 I added routines for initializing sockaddrs in each address
family, sockaddr_in_init(), sockaddr_in6_init(), sockaddr_iso_init(),
etc. They are fairly self-explanatory.
3 structs route_in6 and route_iso are no more. All protocol families
use struct route. I have changed the route cache, 'struct route',
so that it does not contain storage space for a sockaddr. Instead,
struct route points to a sockaddr coming from the pool the sockaddr
belongs to. I added a new method to struct route, rtcache_setdst(),
for setting the cache destination:
int rtcache_setdst(struct route *, const struct sockaddr *);
rtcache_setdst() returns 0 on success, or ENOMEM if no memory is
available to create the sockaddr storage.
It is now possible for rtcache_getdst() to return NULL if, say,
rtcache_setdst() failed. I check the return value for NULL
everywhere in the kernel.
4 Each routing domain (struct domain) has a list of live route
caches, dom_rtcache. rtflushall(sa_family_t af) looks up the
domain indicated by 'af', walks the domain's list of route caches
and invalidates each one.
|
| 1.45 |
| 15-Mar-2007 |
dyoung | In nd6_lookup, shorten a staircase. KNF: change return (expr); to
return expr; throughout. Fix K&R prototypes and parameter type
declarations.
|
| 1.44 |
| 04-Mar-2007 |
christos | branches: 1.44.2; 1.44.4; 1.44.6;
Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.
|
| 1.43 |
| 17-Feb-2007 |
dyoung | KNF: de-__P, bzero -> memset, bcmp -> memcmp. Remove extraneous
parentheses in return statements.
Cosmetic: don't open-code TAILQ_FOREACH().
Cosmetic: change types of variables to avoid oodles of casts: in
in6_src.c, avoid casts by changing several route_in6 pointers
to struct route pointers. Remove unnecessary casts to caddr_t
elsewhere.
Pave the way for eliminating address family-specific route caches:
soon, struct route will not embed a sockaddr, but it will hold
a reference to an external sockaddr, instead. We will set the
destination sockaddr using rtcache_setdst(). (I created a stub
for it, but it isn't used anywhere, yet.) rtcache_free() will
free the sockaddr. I have extracted from rtcache_free() a helper
subroutine, rtcache_clear(). rtcache_clear() will "forget" a
cached route, but it will not forget the destination by releasing
the sockaddr. I use rtcache_clear() instead of rtcache_free()
in rtcache_update(), because rtcache_update() is not supposed
to forget the destination.
Constify:
1 Introduce const accessor for route->ro_dst, rtcache_getdst().
2 Constify the 'dst' argument to ifnet->if_output(). This
led me to constify a lot of code called by output routines.
3 Constify the sockaddr argument to protosw->pr_ctlinput. This
led me to constify a lot of code called by ctlinput routines.
4 Introduce const macros for converting from a generic sockaddr
to family-specific sockaddrs, e.g., sockaddr_in: satocsin6,
satocsin, et cetera.
|
| 1.42 |
| 20-Nov-2006 |
dyoung | branches: 1.42.4;
Use LIST_/TAILQ_ macros, esp. LIST_FOREACH() and TAILQ_FOREACH().
Use the usual idiom for iterating over a list where we might
_REMOVE() entries,
for (x = TAILQ_FIRST(...); x != NULL; x = nx) {
nx = TAILQ_NEXT(x, ...);
...
}
|
| 1.41 |
| 05-Mar-2006 |
rpaulo | branches: 1.41.12; 1.41.14;
NDP-related improvements:
RFC4191
- supports host-side router-preference
RFC3542
- if DAD fails on a interface, disables IPv6 operation on the
interface
- don't advertise MLD report before DAD finishes
Others
- fixes integer overflow for valid and preferred lifetimes
- improves timer granularity for MLD, using callout-timer.
- reflects rtadvd's IPv6 host variable information into kernel
(router only)
- adds a sysctl option to enable/disable pMTUd for multicast
packets
- performs NUD on PPP/GRE interface by default
- Redirect works regardless of ip6_accept_rtadv
- removes RFC1885-related code
From the KAME project via SUZUKI Shinsuke.
Reviewed by core.
|
| 1.40 |
| 10-Dec-2005 |
elad | branches: 1.40.4; 1.40.6; 1.40.8;
Multiple inclusion protection, as suggested by christos@ on tech-kern@
few days ago.
|
| 1.39 |
| 28-Feb-2005 |
itojun | branches: 1.39.4;
make ip6_getpmtu back to static
|
| 1.38 |
| 23-Mar-2004 |
martti | branches: 1.38.8; 1.38.10;
Make ip6_getpmtu() globally visible. This is needed by IPFilter 4.x.
|
| 1.37 |
| 04-Feb-2004 |
tron | Remove outdated prototype for ip6_getpmtu(). The function has a different
signature now and is statically declared in "ip6_output.c".
|
| 1.36 |
| 24-Jan-2004 |
darrenr | make ip6_getpmtu() externally visible
|
| 1.35 |
| 27-Jun-2003 |
itojun | branches: 1.35.2;
split ND6 cache timer management to per-entry. increased accuracy,
no O(N) loop. sync w/ kame
|
| 1.34 |
| 01-Feb-2003 |
thorpej | Add extensible malloc types, adapted from FreeBSD. This turns
malloc types into a structure, a pointer to which is passed around,
instead of an int constant. Allow the limit to be adjusted when the
malloc type is defined, or with a function call, as suggested by
Jonathan Stone.
|
| 1.33 |
| 02-Nov-2002 |
perry | /*CONTCOND*/ while (0)'ed macros
|
| 1.32 |
| 08-Jun-2002 |
itojun | indent cleanup
|
| 1.31 |
| 08-Jun-2002 |
itojun | sync with latest KAME in6_ifaddr/prefix/default router manipulation.
behavior changes:
- two iocts used by ndp(8) are now obsolete (backward compat provided).
use sysctl path instead.
- lo0 does not get ::1 automatically. it will get ::1 when lo0 comes up.
|
| 1.30 |
| 07-Jun-2002 |
itojun | cope with cases when maxmtu == 0 (this shoulnd't happen!)
|
| 1.29 |
| 05-Jun-2002 |
itojun | be sure to use L3 MTU, not L2 MTU, when specified in spec (affects FDDI/ARCnet)
|
| 1.28 |
| 30-May-2002 |
itojun | improve nd6_setmtu(), to warn too-small MTU on SIOCSIFMTU. sync w/kame
|
| 1.27 |
| 29-May-2002 |
itojun | "receivedra" field name is obsolete.
|
| 1.26 |
| 29-May-2002 |
itojun | attach nd_ifinfo structure into if_afdata.
split IPv6 link MTU (advertised by RA) from real link MTU.
sync with kame
|
| 1.25 |
| 28-May-2002 |
itojun | use arc4random
|
| 1.24 |
| 18-Dec-2001 |
itojun | branches: 1.24.8;
reduce white space/cosmetic diffs w/kame.
|
| 1.23 |
| 18-Oct-2001 |
itojun | reduce diffs with kame (mostly cosmetic).
move IPV6_CHECKSUM processing to sys/netinet6/raw_ip6.c.
constify a couple of places.
|
| 1.22 |
| 17-Oct-2001 |
itojun | do not change neighbor cache state on entry timeout,
if the cache entry is for outgoing router.
perform on-linkness check before default router (re-)seletion.
do not play with interface direct route on nd6_rtrequest.
sync a lot of cosmetic changes. sync with kame
|
| 1.21 |
| 11-Jun-2001 |
wiz | branches: 1.21.2;
Fix various misspellings of compatible/compatibility.
|
| 1.20 |
| 23-Feb-2001 |
itojun | branches: 1.20.2;
garbage-collect stale ND entries (default: 1 day).
RFC 2461 5.3. sync with kame.
|
| 1.19 |
| 23-Feb-2001 |
itojun | remove unnecessary state, ND6_LLINFO_WAITDELETE, from neighbor cache
state machine.
no need for RTF_REJECT on neighbor cache entires, they are leftover from
ARP code.
sync with kame.
|
| 1.18 |
| 08-Feb-2001 |
itojun | when chasing nd6_llinfo chain, make sure we do not touch dangling
pointer (due to RTM_DELETE during default router list management).
from kame
|
| 1.17 |
| 07-Feb-2001 |
itojun | during ip6/icmp6 inbound packet processing, do not call log() nor printf() in
normal operation (/var can get filled up by flodding bogus packets).
sysctl net.inet6.icmp6.nd6_debug will turn on diagnostic messages.
(#define ND6_DEBUG will turn it on by default)
improve stats in ND6 code.
lots of synchronziation with kame (including comments and cometic ones).
|
| 1.16 |
| 17-Jan-2001 |
itojun | pull post-4.4BSD change to sys/net/route.c from BSD/OS 4.2 (UCB copyrighted).
have sys/net/route.c:rtrequest1(), which takes rt_addrinfo * as the argument.
pass rt_addrinfo all the way down to rtrequest, and ifa->ifa_rtrequest.
3rd arg of ifa->ifa_rtrequest is now rt_addrinfo * instead of sockaddr *
(almost noone is using it anyways).
benefit: the follwoing command now works. previously we need two route(8)
invocations, "add" then "change".
# route add -inet6 default ::1 -ifp gif0
remove unsafe typecast in rtrequest(), from rtentry * to sockaddr *. it was
introduced by 4.3BSD-reno and never corrected.
XXX is eon_rtrequest() change correct regarding to 3rd arg?
eon_rtrequest() and rtrequest() were incorrect since 4.3BSD-reno,
so i do not have correct answer in the source code.
someone with more clue about netiso-over-ip, please help.
|
| 1.15 |
| 06-Jul-2000 |
itojun | - do not use bitfield for router renumbering header.
- add protection mechanism against ND cache corruption due to bad NUD hints.
- more stats
- icmp6 pps limitation. TOOD: should implement ppsratecheck(9).
|
| 1.14 |
| 19-May-2000 |
itojun | branches: 1.14.4;
do not mistakingly forward link-local scoped packet (the bug was added
with "beyondscope" icmp6 support).
"options FAKE_LOOPBACK_IF" will honor scope on loopback outputs. rcvif will
be real interface, not the loopback, just like when multicast loopback.
(sync with kame)
|
| 1.13 |
| 09-May-2000 |
itojun | do not try NUD unless the gateway is a real neighbor.
real fix to KAME PR 245 (workaround has been implemented).
|
| 1.12 |
| 16-Apr-2000 |
itojun | perform neighbor unreachability detection on p2p links (spec requires
it for bidir p2p links).
improve -i in ndp(8) to allow tweaking per-interface ND flag on.
fix ndp(8) infinite loop on certain routing table setup.
|
| 1.11 |
| 16-Apr-2000 |
itojun | better sync with latest kame (cosmetic only).
|
| 1.10 |
| 23-Mar-2000 |
thorpej | New callout mechanism with two major improvements over the old
timeout()/untimeout() API:
- Clients supply callout handle storage, thus eliminating problems of
resource allocation.
- Insertion and removal of callouts is constant time, important as
this facility is used quite a lot in the kernel.
The old timeout()/untimeout() API has been removed from the kernel.
|
| 1.9 |
| 26-Feb-2000 |
itojun | bring in recent KAME changes (only important and stable ones, as usual).
- remove net.inet6.ip6.nd6_proxyall. introduce proxy NDP code works
just like "arp -s".
- revise source address selection.
be more careful about use of yet-to-be-valid addresses as source.
- as router, transmit ICMP6_DST_UNREACH_BEYONDSCOPE against out-of-scope
packet forwarding attempt.
- path MTU discovery takes care of routing header properly.
- be more strict about mbuf chain parsing.
|
| 1.8 |
| 04-Feb-2000 |
itojun | avoid calling in6_control(SIOCDIFADDR_IN6) from interrupt context.
it is not supposed to work.
logging fix: add "\n" to some of log() in in6_prefix.c.
improve in6_ifdetach(). now almost all structure depend on ifnet
will be cleared up.
possible loose ends:
- cached route_in6 in static varaiables needs to be cleared as well
- there are ifaddr manipulation without reference counting,
which should be fixed
we still see panics after card removal, though... not sure what is left.
(sync with kame)
|
| 1.7 |
| 06-Jan-2000 |
itojun | remove extra portability #ifdef (like #ifdef __FreeBSD__) in KAME IPv6/IPsec
code, from netbsd-current repository.
#ifdef'ed version is always available from ftp.kame.net.
XXX please do not make too many diff-unfriendly changes, we'll need to take
bunch of diffs on upgrade...
|
| 1.6 |
| 13-Dec-1999 |
itojun | sync IPv6 part with latest KAME tree. IPsec part is left unmodified
due to massive changes in KAME side.
- IPv6 output goes through nd6_output
- faith can capture IPv4 packets as well - you can run IPv4-to-IPv6 translator
using heavily modified DNS servers
- per-interface statistics (required for IPv6 MIB)
- interface autoconfig is revisited
- udp input handling has a big change for mapped address support.
- introduce in4_cksum() for non-overwriting checksumming
- introduce m_pulldown()
- neighbor discovery cleanups/improvements
- netinet/in.h strictly conforms to RFC2553 (no extra defs visible to userland)
- IFA_STATS is fixed a bit (not tested)
- and more more more.
TODO:
- cleanup os-independency #ifdef
- avoid rcvif dual use (for IPsec) to help ifdetach
(sorry for jumbo commit, I can't separate this any more...)
|
| 1.5 |
| 31-Jul-1999 |
itojun | branches: 1.5.2; 1.5.8;
sync with recent KAME.
- loosen ipsec restriction on packet diredtion.
- revise icmp6 redirect handling on IsRouter bit.
- tcp/udp notification processing (link-local address case)
- cosmetic fixes (better code share across *BSD).
|
| 1.4 |
| 06-Jul-1999 |
itojun | sync with KAME/NetBSD 1.4, SNAP kit 19990705.
key changes are:
- icmp6 redirect fix (dst check)
- revised ip6 multicast check for loopback i/f
- several RCS ID cleanups
|
| 1.3 |
| 03-Jul-1999 |
thorpej | RCS ID police.
|
| 1.2 |
| 01-Jul-1999 |
itojun | branches: 1.2.2;
IPv6 kernel code, based on KAME/NetBSD 1.4, SNAP kit 19990628.
(Sorry for a big commit, I can't separate this into several pieces...)
Pls check sys/netinet6/TODO and sys/netinet6/IMPLEMENTATION for details.
- sys/kern: do not assume single mbuf, accept chained mbuf on passing
data from userland to kernel (or other way round).
- "midway" ATM card: ATM PVC pseudo device support, like those done in ALTQ
package (ftp://ftp.csl.sony.co.jp/pub/kjc/).
- sys/netinet/tcp*: IPv4/v6 dual stack tcp support.
- sys/netinet/{ip6,icmp6}.h, sys/net/pfkeyv2.h: IETF document assumes those
file to be there so we patch it up.
- sys/netinet: IPsec additions are here and there.
- sys/netinet6/*: most of IPv6 code sits here.
- sys/netkey: IPsec key management code
- dev/pci/pcidevs: regen
In my understanding no code here is subject to export control so it
should be safe.
|
| 1.1 |
| 28-Jun-1999 |
itojun | branches: 1.1.2;
file nd6.h was initially added on branch kame.
|
| 1.1.2.3 |
| 30-Nov-1999 |
itojun | bring in latest KAME (as of 19991130, KAME/NetBSD141) into kame branch
just for reference purposes.
This commit includes 1.4 -> 1.4.1 sync for kame branch.
The branch does not compile at all (due to the lack of ALTQ and some other
source code). Please do not try to modify the branch, this is just for
referenre purposes.
synchronization to latest KAME will take place on HEAD branch soon.
|
| 1.1.2.2 |
| 06-Jul-1999 |
itojun | KAME/NetBSD 1.4, SNAP kit 1999/07/05.
NOTE: this branch is just for reference purposes (i.e. for taking cvs diff).
do not touch anything on the branch. actual work must be done on HEAD branch.
|
| 1.1.2.1 |
| 28-Jun-1999 |
itojun | KAME/NetBSD 1.4 SNAP kit, dated 19990628.
NOTE: this branch (kame) is used just for refernce. this may not compile
due to multiple reasons.
|
| 1.2.2.3 |
| 02-Aug-1999 |
thorpej | Update from trunk.
|
| 1.2.2.2 |
| 01-Jul-1999 |
thorpej | Sync w/ -current.
|
| 1.2.2.1 |
| 01-Jul-1999 |
thorpej | file nd6.h was added on branch chs-ubc2 on 1999-07-01 23:48:30 +0000
|
| 1.5.8.1 |
| 27-Dec-1999 |
wrstuden | Pull up to last week's -current.
|
| 1.5.2.4 |
| 12-Mar-2001 |
bouyer | Sync with HEAD.
|
| 1.5.2.3 |
| 11-Feb-2001 |
bouyer | Sync with HEAD.
|
| 1.5.2.2 |
| 18-Jan-2001 |
bouyer | Sync with head (for UBC+NFS fixes, mostly).
|
| 1.5.2.1 |
| 20-Nov-2000 |
bouyer | Update thorpej_scsipi to -current as of a month ago
|
| 1.14.4.2 |
| 09-May-2001 |
he | Pull up revision 1.17 (via patch, requested by itojun):
Suppress ND6 logs that are too noisy for normal use. Can be
re-enabled by net.inet6.icmp6.nd6_debug.
|
| 1.14.4.1 |
| 20-Jul-2000 |
itojun | pullup from main trunc (approved by releng-1-5)
- add protection mechanism against ND cache corruption due to bad NUD hints.
this is part of:
sys/netinet/icmp6.h 1.9 -> 1.10
sys/netinet/tcp_input.c 1.111 -> 1.112
sys/netinet6/icmp6.c 1.34 -> 1.35
sys/netinet6/nd6.c 1.30 -> 1.31
sys/netinet6/nd6.h 1.14 -> 1.15
|
| 1.20.2.5 |
| 11-Nov-2002 |
nathanw | Catch up to -current
|
| 1.20.2.4 |
| 20-Jun-2002 |
nathanw | Catch up to -current.
|
| 1.20.2.3 |
| 08-Jan-2002 |
nathanw | Catch up to -current.
|
| 1.20.2.2 |
| 22-Oct-2001 |
nathanw | Catch up to -current.
|
| 1.20.2.1 |
| 21-Jun-2001 |
nathanw | Catch up to -current.
|
| 1.21.2.2 |
| 23-Jun-2002 |
jdolecek | catch up with -current on kqueue branch
|
| 1.21.2.1 |
| 10-Jan-2002 |
thorpej | Sync kqueue branch with -current.
|
| 1.24.8.2 |
| 20-Jun-2002 |
gehenna | catch up with -current.
|
| 1.24.8.1 |
| 30-May-2002 |
gehenna | Catch up with -current.
|
| 1.35.2.5 |
| 11-Dec-2005 |
christos | Sync with head.
|
| 1.35.2.4 |
| 04-Mar-2005 |
skrll | Sync with HEAD.
Hi Perry!
|
| 1.35.2.3 |
| 21-Sep-2004 |
skrll | Fix the sync with head I botched.
|
| 1.35.2.2 |
| 18-Sep-2004 |
skrll | Sync with HEAD.
|
| 1.35.2.1 |
| 03-Aug-2004 |
skrll | Sync with HEAD
|
| 1.38.10.1 |
| 19-Mar-2005 |
yamt | sync with head. xen and whitespace. xen part is not finished.
|
| 1.38.8.1 |
| 29-Apr-2005 |
kent | sync with -current
|
| 1.39.4.4 |
| 03-Sep-2007 |
yamt | sync with head.
|
| 1.39.4.3 |
| 26-Feb-2007 |
yamt | sync with head.
|
| 1.39.4.2 |
| 30-Dec-2006 |
yamt | sync with head.
|
| 1.39.4.1 |
| 21-Jun-2006 |
yamt | sync with head.
|
| 1.40.8.1 |
| 13-Mar-2006 |
yamt | sync with head.
|
| 1.40.6.1 |
| 22-Apr-2006 |
simonb | Sync with head.
|
| 1.40.4.1 |
| 09-Sep-2006 |
rpaulo | sync with head
|
| 1.41.14.1 |
| 10-Dec-2006 |
yamt | sync with head.
|
| 1.41.12.1 |
| 12-Jan-2007 |
ad | Sync with head.
|
| 1.42.4.5 |
| 17-May-2007 |
yamt | sync with head.
|
| 1.42.4.4 |
| 07-May-2007 |
yamt | sync with head.
|
| 1.42.4.3 |
| 24-Mar-2007 |
yamt | sync with head.
|
| 1.42.4.2 |
| 12-Mar-2007 |
rmind | Sync with HEAD.
|
| 1.42.4.1 |
| 27-Feb-2007 |
yamt | - sync with head.
- move sched_changepri back to kern_synch.c as it doesn't know PPQ anymore.
|
| 1.44.6.1 |
| 18-Mar-2007 |
reinoud | First attempt to bring branch in sync with HEAD
|
| 1.44.4.1 |
| 11-Jul-2007 |
mjf | Sync with head.
|
| 1.44.2.4 |
| 09-Oct-2007 |
ad | Sync with head.
|
| 1.44.2.3 |
| 20-Aug-2007 |
ad | Sync with HEAD.
|
| 1.44.2.2 |
| 08-Jun-2007 |
ad | Sync with head.
|
| 1.44.2.1 |
| 10-Apr-2007 |
ad | Sync with head.
|
| 1.47.2.2 |
| 03-Sep-2007 |
skrll | Sync with HEAD.
|
| 1.47.2.1 |
| 15-Aug-2007 |
skrll | Sync with HEAD.
|
| 1.48.4.2 |
| 03-Sep-2007 |
jmcneill | Sync with HEAD.
|
| 1.48.4.1 |
| 09-Aug-2007 |
jmcneill | Sync with HEAD.
|
| 1.49.4.2 |
| 07-Aug-2007 |
dyoung | Avoid writing past the end of the buffer [lldst, lldst + dstsize)
in nd6_storelladdr().
Use sockaddr_dl_setaddr(). Constify some sockaddr_dl's. Constify
a sockaddr argument to nd6_na_output(). Change SDL() to "standard"
satocsdl() or satosdl(). Change SIN6() to satocsin6() or satosin6().
bcmp -> memcmp, bcopy -> memcpy.
|
| 1.49.4.1 |
| 07-Aug-2007 |
dyoung | file nd6.h was added on branch matt-mips64 on 2007-08-07 04:35:44 +0000
|
| 1.49.2.1 |
| 06-Nov-2007 |
matt | sync with HEAD
|
| 1.50.30.1 |
| 13-Dec-2008 |
haad | Update haad-dm branch to haad-dm-base2.
|
| 1.50.24.2 |
| 11-Mar-2010 |
yamt | sync with head
|
| 1.50.24.1 |
| 04-May-2009 |
yamt | sync with head.
|
| 1.50.20.1 |
| 17-Jan-2009 |
mjf | Sync with HEAD.
|
| 1.50.16.1 |
| 22-Feb-2008 |
keiichi | imported Mobile IPv6 code developed by the SHISA project
(http://www.mobileip.jp/).
|
| 1.51.2.1 |
| 19-Jan-2009 |
skrll | Sync with HEAD.
|
| 1.53.6.1 |
| 06-Jun-2011 |
jruoho | Sync with HEAD.
|
| 1.53.4.1 |
| 31-May-2011 |
rmind | sync with head
|
| 1.54.4.3 |
| 22-May-2014 |
yamt | sync with head.
for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.
this commit was splitted into small chunks to avoid
a limitation of cvs. ("Protocol error: too many arguments")
|
| 1.54.4.2 |
| 30-Oct-2012 |
yamt | sync with head
|
| 1.54.4.1 |
| 17-Apr-2012 |
yamt | sync with head
|
| 1.56.10.1 |
| 08-Jul-2013 |
jdc | Pull up revisions:
src/share/man/man7/sysctl.7 revision 1.73 via patch
src/sys/netinet6/icmp6.c revision 1.161 via patch
src/sys/netinet6/in6.c revision 1.161 via patch
src/sys/netinet6/in6_proto.c revision 1.97 via patch
src/sys/netinet6/in6_var.h revision 1.65 via patch
src/sys/netinet6/ip6_input.c revision 1.139 via patch
src/sys/netinet6/ip6_var.h revision 1.59 via patch
src/sys/netinet6/nd6.c revision 1.143 via patch
src/sys/netinet6/nd6.h revision 1.57 via patch
src/sys/netinet6/nd6_rtr.c revision 1.83 via patch
(requested by christos in ticket #905).
Patch by Loganaden Velvindron.
4 new sysctls to avoid ipv6 DoS attacks from OpenBSD
|
| 1.56.8.1 |
| 08-Jul-2013 |
jdc | Pull up revisions:
src/share/man/man7/sysctl.7 revision 1.73 via patch
src/sys/netinet6/icmp6.c revision 1.161 via patch
src/sys/netinet6/in6.c revision 1.161 via patch
src/sys/netinet6/in6_proto.c revision 1.97 via patch
src/sys/netinet6/in6_var.h revision 1.65 via patch
src/sys/netinet6/ip6_input.c revision 1.139 via patch
src/sys/netinet6/ip6_var.h revision 1.59 via patch
src/sys/netinet6/nd6.c revision 1.143 via patch
src/sys/netinet6/nd6.h revision 1.57 via patch
src/sys/netinet6/nd6_rtr.c revision 1.83 via patch
(requested by christos in ticket #905).
Patch by Loganaden Velvindron.
4 new sysctls to avoid ipv6 DoS attacks from OpenBSD
|
| 1.56.4.1 |
| 08-Jul-2013 |
jdc | Pull up revisions:
src/share/man/man7/sysctl.7 revision 1.73 via patch
src/sys/netinet6/icmp6.c revision 1.161 via patch
src/sys/netinet6/in6.c revision 1.161 via patch
src/sys/netinet6/in6_proto.c revision 1.97 via patch
src/sys/netinet6/in6_var.h revision 1.65 via patch
src/sys/netinet6/ip6_input.c revision 1.139 via patch
src/sys/netinet6/ip6_var.h revision 1.59 via patch
src/sys/netinet6/nd6.c revision 1.143 via patch
src/sys/netinet6/nd6.h revision 1.57 via patch
src/sys/netinet6/nd6_rtr.c revision 1.83 via patch
(requested by christos in ticket #905).
Patch by Loganaden Velvindron.
4 new sysctls to avoid ipv6 DoS attacks from OpenBSD
|
| 1.57.2.3 |
| 03-Dec-2017 |
jdolecek | update from HEAD
|
| 1.57.2.2 |
| 20-Aug-2014 |
tls | Rebase to HEAD as of a few days ago.
|
| 1.57.2.1 |
| 23-Jun-2013 |
tls | resync from head
|
| 1.58.6.1 |
| 10-Aug-2014 |
tls | Rebase.
|
| 1.59.2.2 |
| 06-Apr-2015 |
snj | Pull up following revision(s) (requested by martin in ticket #655):
sys/netinet6/in6.c: revision 1.182 via patch
sys/netinet6/in6_ifattach.c: revision 1.95 via patch
sys/netinet6/nd6.c: revision 1.158 via patch
sys/netinet6/nd6.h: revision 1.62 via patch
sys/netinet6/nd6_nbr.c: revision 1.104 via patch
sys/netinet6/nd6_rtr.c: revision 1.96 via patch
Rearange interface detachement slightly: before we free the INET6 specific
per-interface data, make sure to call nd6_purge() with it to remove
routing entries pointing to the going interface.
When we should happen to call this function again later, with the data
already gone, just return.
Fixes PR kern/49682, ok: christos.
|
| 1.59.2.1 |
| 17-Dec-2014 |
martin | Pull up following revision(s) (requested by roy in ticket #332):
sys/netinet6/nd6_nbr.c: revision 1.103
sys/netinet6/nd6_rtr.c: revision 1.95
sys/netinet6/nd6.h: revision 1.61
sys/netinet6/nd6.c: revision 1.156
Report route additions/changes/deletions for cached neighbours to userland.
|
| 1.60.2.6 |
| 28-Aug-2017 |
skrll | Sync with HEAD
|
| 1.60.2.5 |
| 05-Feb-2017 |
skrll | Sync with HEAD
|
| 1.60.2.4 |
| 22-Apr-2016 |
skrll | Sync with HEAD
|
| 1.60.2.3 |
| 27-Dec-2015 |
skrll | Sync with HEAD (as of 26th Dec)
|
| 1.60.2.2 |
| 22-Sep-2015 |
skrll | Sync with HEAD
|
| 1.60.2.1 |
| 06-Apr-2015 |
skrll | Sync with HEAD
|
| 1.72.2.2 |
| 20-Mar-2017 |
pgoyette | Sync with HEAD
|
| 1.72.2.1 |
| 07-Jan-2017 |
pgoyette | Sync with HEAD. (Note that most of these changes are simply $NetBSD$
tag issues.)
|
| 1.81.2.1 |
| 21-Apr-2017 |
bouyer | Sync with HEAD
|
| 1.83.6.2 |
| 30-Sep-2019 |
martin | Pull up following revision(s) (requested by ozaki-r in ticket #1396):
sys/netinet6/nd6.h: revision 1.88
sys/netinet6/nd6_nbr.c: revision 1.174
sys/netinet6/nd6.c: revision 1.264
sys/netinet/if_arp.c: revision 1.288 (patch)
Initialize DAD components properly
The original code initialized each component in non-init functions such as
arp_dad_start and nd6_dad_find, conditionally based on a global flag for each.
However, it was racy because the flag and the code around it were not
protected by a lock and could cause a kernel panic at worst.
Fix the issue by initializing the components in bootup as usual.
|
| 1.83.6.1 |
| 07-Jul-2017 |
martin | Pull up following revision(s) (requested by ozaki-r in ticket #107):
usr.sbin/arp/arp.c: revision 1.56
sys/net/rtsock.c: revision 1.218
sys/net/if_llatbl.c: revision 1.20
usr.sbin/arp/arp.c: revision 1.57
sys/net/rtsock.c: revision 1.219
sys/net/if_llatbl.c: revision 1.21
usr.sbin/arp/arp.c: revision 1.58
tests/net/net_common.sh: revision 1.19
sys/netinet6/nd6.h: revision 1.84
sys/netinet6/nd6.h: revision 1.85
tests/net/arp/t_arp.sh: revision 1.23
sys/netinet6/in6.c: revision 1.246
tests/net/arp/t_arp.sh: revision 1.24
sys/netinet6/in6.c: revision 1.247
tests/net/arp/t_arp.sh: revision 1.25
sys/netinet6/in6.c: revision 1.248
tests/net/arp/t_arp.sh: revision 1.26
usr.sbin/ndp/ndp.c: revision 1.49
tests/net/arp/t_arp.sh: revision 1.27
tests/net/ndp/t_ndp.sh: revision 1.20
tests/net/arp/t_arp.sh: revision 1.28
tests/net/ndp/t_ndp.sh: revision 1.21
tests/net/arp/t_arp.sh: revision 1.29
tests/net/ndp/t_ndp.sh: revision 1.22
tests/net/ndp/t_ndp.sh: revision 1.23
tests/net/route/t_flags6.sh: revision 1.13
tests/net/ndp/t_ndp.sh: revision 1.24
tests/net/route/t_flags6.sh: revision 1.14
tests/net/ndp/t_ndp.sh: revision 1.25
tests/net/route/t_flags6.sh: revision 1.15
tests/net/ndp/t_ndp.sh: revision 1.26
sbin/route/rtutil.c: revision 1.9
tests/net/ndp/t_ndp.sh: revision 1.27
tests/net/ndp/t_ndp.sh: revision 1.28
tests/net/net/t_ipv6address.sh: revision 1.14
tests/net/ndp/t_ra.sh: revision 1.28
tests/net/ndp/t_ndp.sh: revision 1.29
sys/net/route.h: revision 1.113
tests/net/ndp/t_ra.sh: revision 1.29
sys/net/rtsock.c: revision 1.220
sys/net/rtsock.c: revision 1.221
sys/net/rtsock.c: revision 1.222
sys/net/rtsock.c: revision 1.223
tests/net/route/t_route.sh: revision 1.13
sys/net/rtsock.c: revision 1.224
sys/net/route.c: revision 1.196
sys/net/if_llatbl.c: revision 1.19
sys/net/route.c: revision 1.197
sbin/route/route.c: revision 1.156
tests/net/route/t_flags.sh: revision 1.16
tests/net/route/t_flags.sh: revision 1.17
usr.sbin/ndp/ndp.c: revision 1.50
tests/net/route/t_flags.sh: revision 1.18
sys/netinet/in.c: revision 1.204
tests/net/route/t_flags.sh: revision 1.19
sys/netinet/in.c: revision 1.205
tests/net/arp/t_arp.sh: revision 1.30
tests/net/arp/t_arp.sh: revision 1.31
sys/net/if_llatbl.h: revision 1.11
tests/net/arp/t_arp.sh: revision 1.32
sys/net/if_llatbl.h: revision 1.12
tests/net/arp/t_arp.sh: revision 1.33
sys/netinet6/nd6.c: revision 1.233
sys/netinet6/nd6.c: revision 1.234
sys/netinet/if_arp.c: revision 1.251
sys/netinet6/nd6.c: revision 1.235
sys/netinet/if_arp.c: revision 1.252
sbin/route/route.8: revision 1.57
sys/net/rtsock.c: revision 1.214
sys/net/rtsock.c: revision 1.215
sys/net/rtsock.c: revision 1.216
sys/net/rtsock.c: revision 1.217
whitespace police
Simplify
We can assume that rt_ifp is always non-NULL.
Sending a routing message (RTM_ADD) on adding an llentry
A message used to be sent on adding a cloned route. Restore the
behavior for backward compatibility.
Requested by ryo@
Drop RTF_CONNECTED from a result of RTM_GET for ARP/NDP entries
ARP/NDP entries aren't connected routes.
Reported by ryo@
Support -c <count> option for route monitor
route command exits if it receives <count> routing messages where
<count> is a value specified by -c.
The option is useful to get only particular message(s) in a test script.
Test routing messages emitted on operations of ARP/NDP entries
Do netstat -a for an appropriate protocol
Add missing declarations for cleanup
Set net.inet.arp.keep only if it's required
Don't create a permanent L2 cache entry on adding an address to an interface
It was created to copy FreeBSD, however actually the cache isn't
necessary. Remove it to simplify the code and reduce the cost to
maintain it (e.g., keep a consistency with a corresponding local
route).
Fix typo
Fix in_lltable_match_prefix
The function has not been used but will be used soon.
Remove unused function (nd6_rem_ifa_lle)
Allow in6_lltable_free_entry to be called without holding the afdata lock of ifp as well as in_lltable_free_entry
This behavior is a bit odd and should be fixed in the future...
Purge ARP/NDP entries on an interface when the interface is down
Fix PR kern/51179
Purge all related L2 caches on removing a route
The change addresses situations similar to PR 51179.
Purge L2 caches on changing an interface of a route
The change addresses situations similar to PR 51179.
Test implicit removals of ARP/NDP entries
One test case reproudces PR 51179.
Fix build of kernels without both INET and INET6
Tweak lltable_sysctl_dumparp
- Rename lltable_sysctl_dumparp to lltable_sysctl_dump
because it's not only for ARP
- Enable it not only for INET but also for INET6
Fix usage of routing messages on arp -d and ndp -d
It didn't work as we expected; we should set RTA_GATEWAY not
RTA_IFP on RTM_GET to return an if_index and the kernel should
use it on RTM_DELETE.
Improve backward compatibility of (fake) routing messages on adding an ARP/NDP entry
A message originally included only DST and GATEWAY. Restore it.
Fix ifdef; care about a case w/ INET6 and w/o INET
Drop RTF_UP from a routing message of a deleted ARP/NDP entry
Check existence of ARP/NDP entries
Checking ARP/NDP entries is valid rather than checking routes.
Fix wrong comment
Drop RTF_LLINFO flag (now it's RTF_LLDATA) from local routes
They don't have llinfo anymore. And also the change fixes unexpected
behavior of ARP proxy.
Restore ARP/NDP entries to route show and netstat -r
Requested by dyoung@ some time ago
Enable to remove multiple ARP/NDP entries for one destination
The kernel can have multiple ARP/NDP entries which have an indentical
destination on different interfaces. This is normal and can be
reproduce easily by ping -I or ping6 -S. We should be able to remove
such entries.
arp -d <ip> and ndp -d <ip> are changed to fetch all ARP/NDP entries
and remove matched entries. So we can remove multiple entries
described above. This fetch all and selective removal behavior is
the same as arp <ip> and ndp <ip>; they also do fetch all entries
and show only matched entries.
Related to PR 51179
Check if ARP/NDP entries are purged when a related route is deleted
|
| 1.85.4.1 |
| 15-Mar-2018 |
pgoyette | Synch with HEAD
|
| 1.86.6.2 |
| 30-Sep-2019 |
martin | Pull up following revision(s) (requested by ozaki-r in ticket #269):
sys/netinet6/nd6.h: revision 1.88
sys/net/rtsock_shared.c: revision 1.10
sys/netinet6/nd6_nbr.c: revision 1.174
sys/netinet6/nd6.c: revision 1.264
sys/netinet/if_arp.c: revision 1.283
sys/netinet/if_arp.c: revision 1.288
Initialize DAD components properly
The original code initialized each component in non-init functions such as
arp_dad_start and nd6_dad_find, conditionally based on a global flag for each.
However, it was racy because the flag and the code around it were not
protected by a lock and could cause a kernel panic at worst.
Fix the issue by initializing the components in bootup as usual.
-
Initialize dom_mowner for MBUFTRACE
|
| 1.86.6.1 |
| 05-Sep-2019 |
martin | Pull up following revision(s) (requested by roy in ticket #169):
sys/netinet6/nd6.h: revision 1.87
sys/netinet6/nd6.c: revision 1.263
inet6: Re-introduce ND6_LLINFO_WAITDELETE so we can return EHOSTDOWN
Once we've sent nd6_mmaxtries NS messages, send RTM_MISS and move to the
ND6_LLINFO_WAITDELETE state rather than freeing the llentry right away.
Wait for a probe cycle and then free the llentry.
If a connection attempts to re-use the llentry during ND6_LLINFO_WAITDELETE,
return EHOSTDOWN (or EHOSTUNREACH if a gateway) to match inet behaviour.
Continue to ND6_LLINFO_INCOMPLETE and send another NS probe in hope of a
reply. Rinse and repeat.
This reverts part of nd6.c r1.14 - an 18 year old commit!
|
| 1.86.2.1 |
| 13-Apr-2020 |
martin | Mostly merge changes from HEAD upto 20200411
|
