The NetBSD Project

CVS log for src/sys/netinet6/frag6.c

[BACK] Up to [cvs.NetBSD.org] / src / sys / netinet6

Request diff between arbitrary revisions


Default branch: MAIN
Current tag: MAIN


Revision 1.77 / (download) - annotate - [select for diffs], Tue Aug 29 17:01:35 2023 UTC (6 months, 4 weeks ago) by christos
Branch: MAIN
CVS Tags: thorpej-ifq-base, thorpej-ifq, thorpej-altq-separation-base, thorpej-altq-separation, HEAD
Changes since 1.76: +20 -15 lines
Diff to previous 1.76 (colored) to selected 1.7 (colored)

Add a check for FreeBSD-SA-23:06.ipv6, although it is not reproducible for us.
factor out code copied 3 times (and now would have been a 4th)

Revision 1.76 / (download) - annotate - [select for diffs], Fri Oct 21 09:21:17 2022 UTC (17 months ago) by ozaki-r
Branch: MAIN
CVS Tags: netbsd-10-base, netbsd-10-0-RC6, netbsd-10-0-RC5, netbsd-10-0-RC4, netbsd-10-0-RC3, netbsd-10-0-RC2, netbsd-10-0-RC1, netbsd-10
Changes since 1.75: +3 -3 lines
Diff to previous 1.75 (colored) to selected 1.7 (colored)

frag6: don't use spin mutex for frag6_lock

frag6_lock is held during sending a packet (icmp6_error), so we must
not use a spin mutex because we can acquire sleep locks on sending
a packet.

Also we don't need to use spin mutex for frag6_lock anymore because
frag6_lock is now not used from hardware interrupt context.

Revision 1.75 / (download) - annotate - [select for diffs], Wed Nov 13 02:51:22 2019 UTC (4 years, 4 months ago) by ozaki-r
Branch: MAIN
CVS Tags: thorpej-i2c-spi-conf2-base, thorpej-i2c-spi-conf2, thorpej-i2c-spi-conf-base, thorpej-i2c-spi-conf, thorpej-futex2-base, thorpej-futex2, thorpej-futex-base, thorpej-futex, thorpej-cfargs2-base, thorpej-cfargs2, thorpej-cfargs-base, thorpej-cfargs, phil-wifi-20200421, phil-wifi-20200411, phil-wifi-20200406, phil-wifi-20191119, is-mlppp-base, is-mlppp, cjep_sun2x-base1, cjep_sun2x-base, cjep_sun2x, cjep_staticlib_x-base1, cjep_staticlib_x-base, cjep_staticlib_x, bouyer-xenpvh-base2, bouyer-xenpvh-base1, bouyer-xenpvh-base, bouyer-xenpvh, bouyer-sunxi-drm-base, bouyer-sunxi-drm, ad-namecache-base3, ad-namecache-base2, ad-namecache-base1, ad-namecache-base, ad-namecache
Changes since 1.74: +3 -3 lines
Diff to previous 1.74 (colored) to selected 1.7 (colored)

Get rid of unnecessary NULL checks for rt_ifa and ifa_ifp

They are always non-NULL nowadays.

Revision 1.74 / (download) - annotate - [select for diffs], Tue May 15 19:16:38 2018 UTC (5 years, 10 months ago) by maxv
Branch: MAIN
CVS Tags: phil-wifi-base, phil-wifi-20190609, pgoyette-compat-20190127, pgoyette-compat-20190118, pgoyette-compat-1226, pgoyette-compat-1126, pgoyette-compat-1020, pgoyette-compat-0930, pgoyette-compat-0906, pgoyette-compat-0728, pgoyette-compat-0625, pgoyette-compat-0521, netbsd-9-base, netbsd-9-3-RELEASE, netbsd-9-2-RELEASE, netbsd-9-1-RELEASE, netbsd-9-0-RELEASE, netbsd-9-0-RC2, netbsd-9-0-RC1, isaki-audio2-base, isaki-audio2
Branch point for: phil-wifi, netbsd-9
Changes since 1.73: +12 -3 lines
Diff to previous 1.73 (colored) to selected 1.7 (colored)

When reassembling IPv4/IPv6 packets, ensure each fragment has been subject
to the same IPsec processing. That is to say, that all fragments are ESP,
or AH, or AH+ESP, or none.

The reassembly mechanism can be used both on the wire and inside an IPsec
tunnel, so we need to make sure all fragments of a packet were received
on only one side.

Even though I haven't tried, I believe there are configurations where it
would be possible for an attacker to inject an unencrypted fragment into a
legitimate stream of already-decrypted-and-authenticated fragments.

Typically on IPsec gateways with ESP tunnels, where we can encapsulate
fragments (as opposed to the general case, where we fragment encapsulated
data).

Note, for the record: a funnier thing, under IPv4, would be to send a
zero-sized !MFF fragment at the head of the packet, and manage to trigger
an ICMP error; M_DECRYPTED gets lost by the reassembly, and ICMP will reply
with the packet in clear (not encrypted).

Revision 1.73 / (download) - annotate - [select for diffs], Thu May 3 07:25:49 2018 UTC (5 years, 10 months ago) by maxv
Branch: MAIN
Changes since 1.72: +3 -3 lines
Diff to previous 1.72 (colored) to selected 1.7 (colored)

Rename m_pkthdr_remove -> m_remove_pkthdr, to match the existing naming
convention, eg m_copy_pkthdr and m_move_pkthdr.

Revision 1.72 / (download) - annotate - [select for diffs], Tue May 1 07:21:39 2018 UTC (5 years, 10 months ago) by maxv
Branch: MAIN
CVS Tags: pgoyette-compat-0502
Changes since 1.71: +2 -4 lines
Diff to previous 1.71 (colored) to selected 1.7 (colored)

Remove now unused net_osdep.h includes, the other BSDs did the same.

Revision 1.71 / (download) - annotate - [select for diffs], Fri Apr 13 11:32:44 2018 UTC (5 years, 11 months ago) by maxv
Branch: MAIN
CVS Tags: pgoyette-compat-0422, pgoyette-compat-0415
Changes since 1.70: +16 -10 lines
Diff to previous 1.70 (colored) to selected 1.7 (colored)

Localify global variables, style, and add two XXXs.

Revision 1.70 / (download) - annotate - [select for diffs], Fri Apr 13 11:19:09 2018 UTC (5 years, 11 months ago) by maxv
Branch: MAIN
Changes since 1.69: +4 -2 lines
Diff to previous 1.69 (colored) to selected 1.7 (colored)

Add XXX, using a pool would be better than kmem.

Revision 1.69 / (download) - annotate - [select for diffs], Fri Apr 13 11:18:08 2018 UTC (5 years, 11 months ago) by maxv
Branch: MAIN
Changes since 1.68: +4 -6 lines
Diff to previous 1.68 (colored) to selected 1.7 (colored)

Release the lock a little earlier.

Revision 1.68 / (download) - annotate - [select for diffs], Fri Apr 13 08:55:50 2018 UTC (5 years, 11 months ago) by maxv
Branch: MAIN
Changes since 1.67: +3 -2 lines
Diff to previous 1.67 (colored) to selected 1.7 (colored)

Add XXX. In fact, it would be better, if all the fragments were offloaded,
to quickly recompute the checksum on the fly, and keep it in the mbuf
header.

Revision 1.67 / (download) - annotate - [select for diffs], Fri Mar 9 11:57:38 2018 UTC (6 years ago) by maxv
Branch: MAIN
CVS Tags: pgoyette-compat-0407, pgoyette-compat-0330, pgoyette-compat-0322, pgoyette-compat-0315
Changes since 1.66: +5 -6 lines
Diff to previous 1.66 (colored) to selected 1.7 (colored)

Remove M_PKTHDR from secondary mbufs when reassembling packets.

This is a real problem, because I found at least one component that relies
on the fact that only the first mbuf has M_PKTHDR: far from here, in
m_splithdr, we don't update m->m_pkthdr.len if M_PKTHDR is found in a
secondary mbuf. (The initial intention there was to avoid updating
m_pkthdr.len twice, the assumption was that if M_PKTHDR is set then we're
dealing with the first mbuf.) Therefore, when handling fragmented IPsec
packets (in particular IPv6, IPv4 is a bit more complicated), we may end
up with an incorrect m_pkthdr.len after authentication or decryption. In
the case of ESP, this can lead to a remote crash on this instruction:

	m_copydata(m, m->m_pkthdr.len - 3, 3, lastthree);

m_pkthdr.len is bigger than the actual mbuf chain.

It seems possible to me to trigger this bug even if you don't have the ESP
key, because the fragmentation part is outside of the encrypted ESP
payload.

So if you MITM the target, and intercept an incoming ESP packet (which you
can't decrypt), you should be able to forge a new specially-crafted,
fragmented packet and stuff the ESP payload (still encrypted, as you
intercepted it) into it. The decryption succeeds and the target crashes.

Revision 1.66 / (download) - annotate - [select for diffs], Wed Feb 7 09:53:08 2018 UTC (6 years, 1 month ago) by maxv
Branch: MAIN
CVS Tags: pgoyette-compat-base
Branch point for: pgoyette-compat
Changes since 1.65: +5 -5 lines
Diff to previous 1.65 (colored) to selected 1.7 (colored)

Rename back to ip6af_mff. It was actually clearer than ip6af_more.

Revision 1.65 / (download) - annotate - [select for diffs], Tue Jan 30 14:49:25 2018 UTC (6 years, 1 month ago) by maxv
Branch: MAIN
Changes since 1.64: +22 -11 lines
Diff to previous 1.64 (colored) to selected 1.7 (colored)

Fix a buffer overflow in ip6_get_prevhdr. Doing

	mtod(m, char *) + len

is wrong, an option is allowed to be located in another mbuf of the chain.
If the offset of an option within the chain is bigger than the length of
the first mbuf in that chain, we are reading/writing one byte of packet-
controlled data beyond the end of the first mbuf.

The length of this first mbuf depends on the layout the network driver
chose. In the most difficult case, it will allocate a 2KB cluster, which
is bigger than the Ethernet MTU.

But there is at least one way of exploiting this case: by sending a
special combination of nested IPv6 fragments, the packet can control a
good bunch of 'len'. By luck, the memory pool containing clusters does not
embed the pool header in front of the items, so it is not straightforward
to predict what is located at 'mtod(m, char *) + len'.

However, by sending offending fragments in a loop, it is possible to
crash the kernel - at some point we will hit important data structures.

As far as I can tell, PF protects against this difficult case, because
it kicks nested fragments. NPF does not protect against this. IPF I don't
know.

Then there are the more easy cases, if the MTU is bigger than a cluster,
or if the network driver did not allocate a cluster, or perhaps if the
fragments are received via a tunnel; I haven't investigated these cases.

Change ip6_get_prevhdr so that it returns an offset in the chain, and
always use IP6_EXTHDR_GET to get a writable pointer. IP6_EXTHDR_GET
leaves M_PKTHDR untouched.

This place is still fragile.

Revision 1.64 / (download) - annotate - [select for diffs], Thu Jan 25 20:55:15 2018 UTC (6 years, 2 months ago) by maxv
Branch: MAIN
Changes since 1.63: +5 -4 lines
Diff to previous 1.63 (colored) to selected 1.7 (colored)

Kick zero-sized fragments. We can't allow them to enter; two fragments
could be put at the same offset.

Revision 1.63 / (download) - annotate - [select for diffs], Thu Jan 25 15:55:57 2018 UTC (6 years, 2 months ago) by maxv
Branch: MAIN
Changes since 1.62: +4 -5 lines
Diff to previous 1.62 (colored) to selected 1.7 (colored)

Remove outdated comment and fix typo.

Revision 1.62 / (download) - annotate - [select for diffs], Thu Jan 25 15:33:06 2018 UTC (6 years, 2 months ago) by maxv
Branch: MAIN
Changes since 1.61: +73 -41 lines
Diff to previous 1.61 (colored) to selected 1.7 (colored)

Several changes:

 * Move the structure definitions into frag6.c, they should not be used
   elsewhere.

 * Rename ip6af_mff -> ip6af_more, and switch it to bool, easier to
   understand.

 * Remove IP6_REASS_MBUF, no point in keeping this.

 * Remove ip6q_arrive and ip6q_nxtp, unused.

 * Style.

Revision 1.61 / (download) - annotate - [select for diffs], Fri Nov 17 07:37:12 2017 UTC (6 years, 4 months ago) by ozaki-r
Branch: MAIN
CVS Tags: tls-maxphys-base-20171202
Changes since 1.60: +6 -18 lines
Diff to previous 1.60 (colored) to selected 1.7 (colored)

Provide macros for softnet_lock and KERNEL_LOCK hiding NET_MPSAFE switch

It reduces C&P codes such as "#ifndef NET_MPSAFE KERNEL_LOCK(1, NULL); ..."
scattered all over the source code and makes it easy to identify remaining
KERNEL_LOCK and/or softnet_lock that are held even if NET_MPSAFE.

No functional change

Revision 1.60 / (download) - annotate - [select for diffs], Tue Jan 24 07:09:25 2017 UTC (7 years, 2 months ago) by ozaki-r
Branch: MAIN
CVS Tags: prg-localcount2-base3, prg-localcount2-base2, prg-localcount2-base1, prg-localcount2-base, prg-localcount2, pgoyette-localcount-20170426, pgoyette-localcount-20170320, perseant-stdc-iso10646-base, perseant-stdc-iso10646, nick-nhusb-base-20170825, nick-nhusb-base-20170204, netbsd-8-base, matt-nb8-mediatek-base, matt-nb8-mediatek, jdolecek-ncq-base, jdolecek-ncq, bouyer-socketcan-base1
Branch point for: netbsd-8
Changes since 1.59: +15 -2 lines
Diff to previous 1.59 (colored) to selected 1.7 (colored)

Tweak softnet_lock and NET_MPSAFE

- Don't hold softnet_lock in some functions if NET_MPSAFE
- Add softnet_lock to sysctl_net_inet_icmp_redirtimeout
- Add softnet_lock to expire_upcalls of ip_mroute.c
- Restore softnet_lock for in{,6}_pcbpurgeif{,0} if NET_MPSAFE
- Mark some softnet_lock for future work

Revision 1.59 / (download) - annotate - [select for diffs], Wed Jan 11 13:08:29 2017 UTC (7 years, 2 months ago) by ozaki-r
Branch: MAIN
CVS Tags: bouyer-socketcan-base
Branch point for: bouyer-socketcan
Changes since 1.58: +2 -6 lines
Diff to previous 1.58 (colored) to selected 1.7 (colored)

Get rid of unnecessary header inclusions

Revision 1.58 / (download) - annotate - [select for diffs], Thu Dec 8 05:16:34 2016 UTC (7 years, 3 months ago) by ozaki-r
Branch: MAIN
CVS Tags: pgoyette-localcount-20170107
Changes since 1.57: +5 -2 lines
Diff to previous 1.57 (colored) to selected 1.7 (colored)

Add rtcache_unref to release points of rtentry stemming from rtcache

In the MP-safe world, a rtentry stemming from a rtcache can be freed at any
points. So we need to protect rtentries somehow say by reference couting or
passive references. Regardless of the method, we need to call some release
function of a rtentry after using it.

The change adds a new function rtcache_unref to release a rtentry. At this
point, this function does nothing because for now we don't add a reference
to a rtentry when we get one from a rtcache. We will add something useful
in a further commit.

This change is a part of changes for MP-safe routing table. It is separated
to avoid one big change that makes difficult to debug by bisecting.

Revision 1.57 / (download) - annotate - [select for diffs], Wed Nov 9 03:49:38 2016 UTC (7 years, 4 months ago) by ozaki-r
Branch: MAIN
CVS Tags: nick-nhusb-base-20161204
Changes since 1.56: +9 -8 lines
Diff to previous 1.56 (colored) to selected 1.7 (colored)

Reduce the number of return points of frag6_input

No functional change.

Revision 1.56 / (download) - annotate - [select for diffs], Fri Sep 5 05:33:06 2014 UTC (9 years, 6 months ago) by matt
Branch: MAIN
CVS Tags: pgoyette-localcount-base, pgoyette-localcount-20161104, pgoyette-localcount-20160806, pgoyette-localcount-20160726, nick-nhusb-base-20161004, nick-nhusb-base-20160907, nick-nhusb-base-20160529, nick-nhusb-base-20160422, nick-nhusb-base-20160319, nick-nhusb-base-20151226, nick-nhusb-base-20150921, nick-nhusb-base-20150606, nick-nhusb-base-20150406, nick-nhusb-base, localcount-20160914
Branch point for: pgoyette-localcount, nick-nhusb
Changes since 1.55: +7 -7 lines
Diff to previous 1.55 (colored) to selected 1.7 (colored)

Don't use new as a variable name.

Revision 1.55 / (download) - annotate - [select for diffs], Fri Aug 30 07:42:08 2013 UTC (10 years, 7 months ago) by christos
Branch: MAIN
CVS Tags: yamt-pagecache-base9, tls-maxphys-base, tls-earlyentropy-base, tls-earlyentropy, rmind-smpnet-nbase, rmind-smpnet-base, riastradh-xf86-video-intel-2-7-1-pre-2-21-15, riastradh-drm2-base3, netbsd-7-nhusb-base-20170116, netbsd-7-nhusb-base, netbsd-7-nhusb, netbsd-7-base, netbsd-7-1-RELEASE, netbsd-7-1-RC2, netbsd-7-1-RC1, netbsd-7-1-1-RELEASE, netbsd-7-0-RELEASE, netbsd-7-0-RC3, netbsd-7-0-RC2, netbsd-7-0-RC1, netbsd-7-0-2-RELEASE, netbsd-7-0-1-RELEASE
Branch point for: netbsd-7-1, netbsd-7-0, netbsd-7
Changes since 1.54: +6 -6 lines
Diff to previous 1.54 (colored) to selected 1.7 (colored)

draft-gont-6man-ipv6-atomic-fragment-00 is now RFC 6949 (Loganaden Velvindron
logan at elandsys dot com)

Revision 1.54 / (download) - annotate - [select for diffs], Thu Sep 27 23:10:00 2012 UTC (11 years, 6 months ago) by christos
Branch: MAIN
CVS Tags: yamt-pagecache-base8, yamt-pagecache-base7, yamt-pagecache-base6, riastradh-drm2-base2, riastradh-drm2-base1, riastradh-drm2-base, riastradh-drm2, khorben-n900, agc-symver-base, agc-symver
Branch point for: rmind-smpnet
Changes since 1.53: +17 -3 lines
Diff to previous 1.53 (colored) to selected 1.7 (colored)

Loganaden Velvindron:

From "http://tools.ietf.org/html/draft-ietf-6man-ipv6-atomic-fragments-00":

A host that receives an IPv6 packet which includes a Fragment
Header with the "Fragment Offset" equal to 0 and the "M" bit equal
to 0 MUST process such packet in isolation from any other packets/
fragments, even if such packets/fragments contain the same set
{IPV6 Source Address, IPv6 Destination Address, Fragment
Identification}.  That is, the Fragment Header of "atomic
fragments" should be removed by the receiving host, and the
resulting packet should be processed as a non-fragmented IPv6
datagram.  Additionally, any fragments already queued with the
same set {IPV6 Source Address, IPv6 Destination Address, Fragment
Identification} should not be discarded upon receipt of the
"colliding" IPv6 atomic fragment, since IPv6 atomic fragments do
not really interfere with "normal" fragmented traffic.

Revision 1.53 / (download) - annotate - [select for diffs], Sun Jul 1 22:04:44 2012 UTC (11 years, 8 months ago) by rmind
Branch: MAIN
Branch point for: tls-maxphys
Changes since 1.52: +37 -99 lines
Diff to previous 1.52 (colored) to selected 1.7 (colored)

Remove the wrapper of frag6_input(), restore the behaviour changed in r1.50.
Fix ip6_reass_packet() wrapper used by NPF.  Remove #if 0 code for handling
overlaping fragments - IPv6 desupported them anyway.  Convert to kmem(9).

Revision 1.52 / (download) - annotate - [select for diffs], Sat Dec 31 20:41:59 2011 UTC (12 years, 2 months ago) by christos
Branch: MAIN
CVS Tags: yamt-pagecache-base5, yamt-pagecache-base4, netbsd-6-base, jmcneill-usbmp-base9, jmcneill-usbmp-base8, jmcneill-usbmp-base7, jmcneill-usbmp-base6, jmcneill-usbmp-base5, jmcneill-usbmp-base4, jmcneill-usbmp-base3, jmcneill-usbmp-base2, jmcneill-usbmp-base10
Branch point for: netbsd-6
Changes since 1.51: +2 -6 lines
Diff to previous 1.51 (colored) to selected 1.7 (colored)

- fix offsetof usage, and redundant defines
- kill pointer casts to 0

Revision 1.51 / (download) - annotate - [select for diffs], Fri Dec 16 00:57:59 2011 UTC (12 years, 3 months ago) by jakllsch
Branch: MAIN
Changes since 1.50: +14 -2 lines
Diff to previous 1.50 (colored) to selected 1.7 (colored)

Take softnet_lock and kernel lock in frag6_slowtimo and frag6_fasttimo,
similar to how it's done with other protocols.

If we don't do this sending ICMPv6 messages in this path can cause races
in network interface drivers.

Revision 1.50 / (download) - annotate - [select for diffs], Fri Nov 4 00:22:33 2011 UTC (12 years, 4 months ago) by zoltan
Branch: MAIN
CVS Tags: yamt-pagecache-base3, yamt-pagecache-base2, jmcneill-usbmp-pre-base2, jmcneill-usbmp-base, jmcneill-audiomp3-base, jmcneill-audiomp3
Branch point for: jmcneill-usbmp
Changes since 1.49: +51 -89 lines
Diff to previous 1.49 (colored) to selected 1.7 (colored)

Change the IPv6 reassembly mechanism to use mutex(9).
Also add ip6_reass_packet() to be used by NPF.

Revision 1.49 / (download) - annotate - [select for diffs], Tue May 3 17:44:30 2011 UTC (12 years, 10 months ago) by dyoung
Branch: MAIN
CVS Tags: yamt-pagecache-base, rmind-uvmplock-nbase, rmind-uvmplock-base, cherry-xenmp-base, cherry-xenmp
Branch point for: yamt-pagecache
Changes since 1.48: +19 -2 lines
Diff to previous 1.48 (colored) to selected 1.7 (colored)

*_drain() routines may be called with locks held, so instead of doing
any work in *_drain(), set a drain-needed flag.  Do the work in the
fasttimo handler.

Contributed by Coyote Point Systems, Inc.

Revision 1.48 / (download) - annotate - [select for diffs], Sat Jan 22 18:26:36 2011 UTC (13 years, 2 months ago) by mlelstv
Branch: MAIN
CVS Tags: bouyer-quota2-nbase, bouyer-quota2-base
Changes since 1.47: +3 -3 lines
Diff to previous 1.47 (colored) to selected 1.7 (colored)

When deleting a fragment header use the simple copy operation only if it fits
completely into the mbuf.

Revision 1.47 / (download) - annotate - [select for diffs], Wed Mar 18 16:00:22 2009 UTC (15 years ago) by cegger
Branch: MAIN
CVS Tags: yamt-nfs-mp-base9, yamt-nfs-mp-base8, yamt-nfs-mp-base7, yamt-nfs-mp-base6, yamt-nfs-mp-base5, yamt-nfs-mp-base4, yamt-nfs-mp-base3, yamt-nfs-mp-base11, yamt-nfs-mp-base10, uebayasi-xip-base4, uebayasi-xip-base3, uebayasi-xip-base2, uebayasi-xip-base1, uebayasi-xip-base, uebayasi-xip, nick-hppapmap-base4, nick-hppapmap-base3, nick-hppapmap-base, matt-premerge-20091211, matt-mips64-premerge-20101231, jymxensuspend-base, jym-xensuspend-nbase, jym-xensuspend-base, jruoho-x86intr-base
Branch point for: rmind-uvmplock, jruoho-x86intr, bouyer-quota2
Changes since 1.46: +4 -4 lines
Diff to previous 1.46 (colored) to selected 1.7 (colored)

bzero -> memset

Revision 1.46 / (download) - annotate - [select for diffs], Wed May 21 17:08:07 2008 UTC (15 years, 10 months ago) by drochner
Branch: MAIN
CVS Tags: yamt-pf42-base4, yamt-pf42-base3, wrstuden-revivesa-base-4, wrstuden-revivesa-base-3, wrstuden-revivesa-base-2, wrstuden-revivesa-base-1, wrstuden-revivesa-base, simonb-wapbl-nbase, simonb-wapbl-base, simonb-wapbl, nick-hppapmap-base2, netbsd-5-base, netbsd-5-2-RELEASE, netbsd-5-2-RC1, netbsd-5-2-3-RELEASE, netbsd-5-2-2-RELEASE, netbsd-5-2-1-RELEASE, netbsd-5-2, netbsd-5-1-RELEASE, netbsd-5-1-RC4, netbsd-5-1-RC3, netbsd-5-1-RC2, netbsd-5-1-RC1, netbsd-5-1-5-RELEASE, netbsd-5-1-4-RELEASE, netbsd-5-1-3-RELEASE, netbsd-5-1-2-RELEASE, netbsd-5-1-1-RELEASE, netbsd-5-1, netbsd-5-0-RELEASE, netbsd-5-0-RC4, netbsd-5-0-RC3, netbsd-5-0-RC2, netbsd-5-0-RC1, netbsd-5-0-2-RELEASE, netbsd-5-0-1-RELEASE, netbsd-5-0, netbsd-5, mjf-devfs2-base, matt-nb5-pq3-base, matt-nb5-pq3, matt-nb5-mips64-u2-k2-k4-k7-k8-k9, matt-nb5-mips64-u1-k1-k5, matt-nb5-mips64-premerge-20101231, matt-nb5-mips64-premerge-20091211, matt-nb5-mips64-k15, matt-nb5-mips64, matt-nb4-mips64-k7-u2a-k9b, matt-mips64-base2, haad-nbase2, haad-dm-base2, haad-dm-base1, haad-dm-base, haad-dm, ad-audiomp2-base, ad-audiomp2
Branch point for: nick-hppapmap, jym-xensuspend
Changes since 1.45: +2 -4 lines
Diff to previous 1.45 (colored) to selected 1.7 (colored)

protocol "drain" functions can be called in interrupt context, so
don't acquire softnet_lock
approved by ad

Revision 1.45 / (download) - annotate - [select for diffs], Thu Apr 24 11:38:38 2008 UTC (15 years, 11 months ago) by ad
Branch: MAIN
CVS Tags: yamt-pf42-base2, yamt-nfs-mp-base2, yamt-nfs-mp-base, hpcarm-cleanup-nbase
Branch point for: yamt-nfs-mp, wrstuden-revivesa
Changes since 1.44: +19 -11 lines
Diff to previous 1.44 (colored) to selected 1.7 (colored)

Merge the socket locking patch:

- Socket layer becomes MP safe.
- Unix protocols become MP safe.
- Allows protocol processing interrupts to safely block on locks.
- Fixes a number of race conditions.

With much feedback from matt@ and plunky@.

Revision 1.44 / (download) - annotate - [select for diffs], Tue Apr 15 03:57:04 2008 UTC (15 years, 11 months ago) by thorpej
Branch: MAIN
CVS Tags: yamt-pf42-baseX, yamt-pf42-base
Branch point for: yamt-pf42
Changes since 1.43: +9 -8 lines
Diff to previous 1.43 (colored) to selected 1.7 (colored)

Make ip6 and icmp6 stats per-cpu.

Revision 1.43 / (download) - annotate - [select for diffs], Tue Apr 8 23:37:43 2008 UTC (15 years, 11 months ago) by thorpej
Branch: MAIN
Changes since 1.42: +8 -8 lines
Diff to previous 1.42 (colored) to selected 1.7 (colored)

Change IPv6 stats from a structure to an array of uint64_t's.

Note: This is ABI-compatible with the old ip6stat structure; old netstat
binaries will continue to work properly.

Revision 1.42 / (download) - annotate - [select for diffs], Wed Feb 27 19:40:56 2008 UTC (16 years, 1 month ago) by matt
Branch: MAIN
CVS Tags: yamt-lazymbuf-base15, yamt-lazymbuf-base14, matt-armv6-nbase, keiichi-mipv6-nbase, keiichi-mipv6-base, ad-socklock-base1
Changes since 1.41: +7 -7 lines
Diff to previous 1.41 (colored) to selected 1.7 (colored)

Convert to ansi definitions from old-style definitons.
Remember that func() is not ansi, func(void) is.

Revision 1.41 / (download) - annotate - [select for diffs], Mon Jan 14 04:14:37 2008 UTC (16 years, 2 months ago) by dyoung
Branch: MAIN
CVS Tags: nick-net80211-sync-base, nick-net80211-sync, mjf-devfs-base, hpcarm-cleanup-base, bouyer-xeni386-nbase, bouyer-xeni386-base
Branch point for: mjf-devfs2, keiichi-mipv6
Changes since 1.40: +3 -4 lines
Diff to previous 1.40 (colored) to selected 1.7 (colored)

Use rtcache_lookup() instead of rtcache_lookup() + rtcache_getrt().

Revision 1.40 / (download) - annotate - [select for diffs], Thu Dec 20 19:53:33 2007 UTC (16 years, 3 months ago) by dyoung
Branch: MAIN
CVS Tags: vmlocking2-base3, matt-armv6-base
Changes since 1.39: +5 -4 lines
Diff to previous 1.39 (colored) to selected 1.7 (colored)

Poison struct route->ro_rt uses in the kernel by changing the name
to _ro_rt.  Use rtcache_getrt() to access a route cache's struct
rtentry *.

Introduce struct ifnet->if_dl that always points at the interface
identifier/link-layer address.  Make code that treated the first
ifaddr on struct ifnet->if_addrlist as the interface address use
if_dl, instead.

Remove stale debugging code from net/route.c.  Move the rtflush()
code into rtcache_clear() and delete rtflush().  Delete rtalloc(),
because nothing uses it any more.

Make ND6_HINT an inline, lowercase subroutine, nd6_hint.

I've done my best to convert IP Filter, the ISO stack, and the
AppleTalk stack to rtcache_getrt().  They compile, but I have not
tested them.  I have given the changes to PF, GRE, IPv4 and IPv6
stacks a lot of exercise.

Revision 1.39 / (download) - annotate - [select for diffs], Thu Nov 1 20:33:00 2007 UTC (16 years, 4 months ago) by dyoung
Branch: MAIN
CVS Tags: yamt-kmem-base3, yamt-kmem-base2, yamt-kmem-base, yamt-kmem, vmlocking2-base2, vmlocking2-base1, vmlocking-nbase, reinoud-bufcleanup-nbase, reinoud-bufcleanup-base, jmcneill-pm-base, jmcneill-base, cube-autoconf-base, cube-autoconf, bouyer-xenamd64-base2, bouyer-xenamd64-base
Branch point for: vmlocking2, mjf-devfs, bouyer-xeni386
Changes since 1.38: +9 -24 lines
Diff to previous 1.38 (colored) to selected 1.7 (colored)

De-__P().  frag6.c has always defined IN6_IFSTAT_STRICT, so remove
the definition and trim to the defined(IN6_IFSTAT_STRICT) code.
No functional change intended.

Revision 1.38 / (download) - annotate - [select for diffs], Wed May 23 17:15:00 2007 UTC (16 years, 10 months ago) by christos
Branch: MAIN
CVS Tags: yamt-x86pmap-base4, yamt-x86pmap-base3, yamt-x86pmap-base2, yamt-x86pmap-base, yamt-x86pmap, vmlocking-base, nick-csl-alignment-base5, nick-csl-alignment-base, nick-csl-alignment, mjf-ufs-trans-base, matt-mips64-base, matt-mips64, hpcarm-cleanup
Branch point for: matt-armv6, jmcneill-pm, bouyer-xenamd64
Changes since 1.37: +7 -12 lines
Diff to previous 1.37 (colored) to selected 1.7 (colored)

Ansify + add a few comments, from Karl Sjödahl

Revision 1.37 / (download) - annotate - [select for diffs], Wed May 2 20:40:25 2007 UTC (16 years, 11 months ago) by dyoung
Branch: MAIN
CVS Tags: yamt-idlelwp-base8
Changes since 1.36: +11 -21 lines
Diff to previous 1.36 (colored) to selected 1.7 (colored)

Eliminate address family-specific route caches (struct route, struct
route_in6, struct route_iso), replacing all caches with a struct
route.

The principle benefit of this change is that all of the protocol
families can benefit from route cache-invalidation, which is
necessary for correct routing.  Route-cache invalidation fixes an
ancient PR, kern/3508, at long last; it fixes various other PRs,
also.

Discussions with and ideas from Joerg Sonnenberger influenced this
work tremendously.  Of course, all design oversights and bugs are
mine.

DETAILS

1 I added to each address family a pool of sockaddrs.  I have
  introduced routines for allocating, copying, and duplicating,
  and freeing sockaddrs:

        struct sockaddr *sockaddr_alloc(sa_family_t af, int flags);
        struct sockaddr *sockaddr_copy(struct sockaddr *dst,
                                       const struct sockaddr *src);
        struct sockaddr *sockaddr_dup(const struct sockaddr *src, int flags);
        void sockaddr_free(struct sockaddr *sa);

  sockaddr_alloc() returns either a sockaddr from the pool belonging
  to the specified family, or NULL if the pool is exhausted.  The
  returned sockaddr has the right size for that family; sa_family
  and sa_len fields are initialized to the family and sockaddr
  length---e.g., sa_family = AF_INET and sa_len = sizeof(struct
  sockaddr_in).  sockaddr_free() puts the given sockaddr back into
  its family's pool.

  sockaddr_dup() and sockaddr_copy() work analogously to strdup()
  and strcpy(), respectively.  sockaddr_copy() KASSERTs that the
  family of the destination and source sockaddrs are alike.

  The 'flags' argumet for sockaddr_alloc() and sockaddr_dup() is
  passed directly to pool_get(9).

2 I added routines for initializing sockaddrs in each address
  family, sockaddr_in_init(), sockaddr_in6_init(), sockaddr_iso_init(),
  etc.  They are fairly self-explanatory.

3 structs route_in6 and route_iso are no more.  All protocol families
  use struct route.  I have changed the route cache, 'struct route',
  so that it does not contain storage space for a sockaddr.  Instead,
  struct route points to a sockaddr coming from the pool the sockaddr
  belongs to.  I added a new method to struct route, rtcache_setdst(),
  for setting the cache destination:

        int rtcache_setdst(struct route *, const struct sockaddr *);

  rtcache_setdst() returns 0 on success, or ENOMEM if no memory is
  available to create the sockaddr storage.

  It is now possible for rtcache_getdst() to return NULL if, say,
  rtcache_setdst() failed.  I check the return value for NULL
  everywhere in the kernel.

4 Each routing domain (struct domain) has a list of live route
  caches, dom_rtcache.  rtflushall(sa_family_t af) looks up the
  domain indicated by 'af', walks the domain's list of route caches
  and invalidates each one.

Revision 1.36 / (download) - annotate - [select for diffs], Sun Mar 4 06:03:25 2007 UTC (17 years ago) by christos
Branch: MAIN
CVS Tags: thorpej-atomic-base, thorpej-atomic, reinoud-bufcleanup
Branch point for: vmlocking, mjf-ufs-trans
Changes since 1.35: +3 -4 lines
Diff to previous 1.35 (colored) to selected 1.7 (colored)

Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.

Revision 1.35 / (download) - annotate - [select for diffs], Sat Feb 17 22:34:12 2007 UTC (17 years, 1 month ago) by dyoung
Branch: MAIN
CVS Tags: ad-audiomp-base, ad-audiomp
Changes since 1.34: +8 -5 lines
Diff to previous 1.34 (colored) to selected 1.7 (colored)

KNF: de-__P, bzero -> memset, bcmp -> memcmp.  Remove extraneous
   parentheses in return statements.

Cosmetic: don't open-code TAILQ_FOREACH().

Cosmetic: change types of variables to avoid oodles of casts: in
   in6_src.c, avoid casts by changing several route_in6 pointers
   to struct route pointers.  Remove unnecessary casts to caddr_t
   elsewhere.

Pave the way for eliminating address family-specific route caches:
   soon, struct route will not embed a sockaddr, but it will hold
   a reference to an external sockaddr, instead.  We will set the
   destination sockaddr using rtcache_setdst().  (I created a stub
   for it, but it isn't used anywhere, yet.)  rtcache_free() will
   free the sockaddr.  I have extracted from rtcache_free() a helper
   subroutine, rtcache_clear().  rtcache_clear() will "forget" a
   cached route, but it will not forget the destination by releasing
   the sockaddr.  I use rtcache_clear() instead of rtcache_free()
   in rtcache_update(), because rtcache_update() is not supposed
   to forget the destination.

Constify:

   1 Introduce const accessor for route->ro_dst, rtcache_getdst().

   2 Constify the 'dst' argument to ifnet->if_output().  This
     led me to constify a lot of code called by output routines.

   3 Constify the sockaddr argument to protosw->pr_ctlinput.  This
     led me to constify a lot of code called by ctlinput routines.

   4 Introduce const macros for converting from a generic sockaddr
     to family-specific sockaddrs, e.g., sockaddr_in: satocsin6,
     satocsin, et cetera.

Revision 1.34 / (download) - annotate - [select for diffs], Fri Jan 26 19:02:02 2007 UTC (17 years, 2 months ago) by dyoung
Branch: MAIN
CVS Tags: post-newlock2-merge, newlock2-nbase, newlock2-base
Branch point for: yamt-idlelwp
Changes since 1.33: +3 -3 lines
Diff to previous 1.33 (colored) to selected 1.7 (colored)

bzero -> memset

Revision 1.33 / (download) - annotate - [select for diffs], Fri Dec 15 21:18:54 2006 UTC (17 years, 3 months ago) by joerg
Branch: MAIN
CVS Tags: yamt-splraiseipl-base5, yamt-splraiseipl-base4
Changes since 1.32: +9 -11 lines
Diff to previous 1.32 (colored) to selected 1.7 (colored)

Introduce new helper functions to abstract the route caching.
rtcache_init and rtcache_init_noclone lookup ro_dst and store
the result in ro_rt, taking care of the reference counting and
calling the domain specific route cache.
rtcache_free checks if a route was cashed and frees the reference.
rtcache_copy copies ro_dst of the given struct route, checking that
enough space is available and incrementing the reference count of the
cached rtentry if necessary.
rtcache_check validates that the cached route is still up. If it isn't,
it tries to look it up again. Afterwards ro_rt is either a valid again
or NULL.
rtcache_copy is used internally.

Adjust to callers of rtalloc/rtflush in the tree to check the sanity of
ro_dst first (if necessary). If it doesn't fit the expectations, free
the cache, otherwise check if the cached route is still valid. After
that combination, a single check for ro_rt == NULL is enough to decide
whether a new lookup needs to be done with a different ro_dst.
Make the route checking in gre stricter by repeating the loop check
after revalidation.
Remove some unused RADIX_MPATH code in in6_src.c. The logic is slightly
changed here to first validate the route and check RTF_GATEWAY
afterwards. This is sementically equivalent though.
etherip doesn't need sc_route_expire similiar to the gif changes from
dyoung@ earlier.

Based on the earlier patch from dyoung@, reviewed and discussed with
him.

Revision 1.32 / (download) - annotate - [select for diffs], Sat Dec 9 05:33:07 2006 UTC (17 years, 3 months ago) by dyoung
Branch: MAIN
CVS Tags: yamt-splraiseipl-base3
Changes since 1.31: +10 -16 lines
Diff to previous 1.31 (colored) to selected 1.7 (colored)

Here are various changes designed to protect against bad IPv4
routing caused by stale route caches (struct route).  Route caches
are sprinkled throughout PCBs, the IP fast-forwarding table, and
IP tunnel interfaces (gre, gif, stf).

Stale IPv6 and ISO route caches will be treated by separate patches.

Thank you to Christoph Badura for suggesting the general approach
to invalidating route caches that I take here.

Here are the details:

Add hooks to struct domain for tracking and for invalidating each
domain's route caches: dom_rtcache, dom_rtflush, and dom_rtflushall.

Introduce helper subroutines, rtflush(ro) for invalidating a route
cache, rtflushall(family) for invalidating all route caches in a
routing domain, and rtcache(ro) for notifying the domain of a new
cached route.

Chain together all IPv4 route caches where ro_rt != NULL.  Provide
in_rtcache() for adding a route to the chain.  Provide in_rtflush()
and in_rtflushall() for invalidating IPv4 route caches.  In
in_rtflush(), set ro_rt to NULL, and remove the route from the
chain.  In in_rtflushall(), walk the chain and remove every route
cache.

In rtrequest1(), call rtflushall() to invalidate route caches when
a route is added.

In gif(4), discard the workaround for stale caches that involves
expiring them every so often.

Replace the pattern 'RTFREE(ro->ro_rt); ro->ro_rt = NULL;' with a
call to rtflush(ro).

Update ipflow_fastforward() and all other users of route caches so
that they expect a cached route, ro->ro_rt, to turn to NULL.

Take care when moving a 'struct route' to rtflush() the source and
to rtcache() the destination.

In domain initializers, use .dom_xxx tags.

KNF here and there.

Revision 1.31 / (download) - annotate - [select for diffs], Thu Nov 16 01:33:45 2006 UTC (17 years, 4 months ago) by christos
Branch: MAIN
CVS Tags: wrstuden-fixsa-newbase, wrstuden-fixsa-base-1, wrstuden-fixsa-base, wrstuden-fixsa, netbsd-4-base, netbsd-4-0-RELEASE, netbsd-4-0-RC5, netbsd-4-0-RC4, netbsd-4-0-RC3, netbsd-4-0-RC2, netbsd-4-0-RC1, netbsd-4-0-1-RELEASE, netbsd-4-0, netbsd-4, matt-nb4-arm-base, matt-nb4-arm
Changes since 1.30: +3 -3 lines
Diff to previous 1.30 (colored) to selected 1.7 (colored)

__unused removal on arguments; approved by core.

Revision 1.30 / (download) - annotate - [select for diffs], Thu Oct 12 01:32:38 2006 UTC (17 years, 5 months ago) by christos
Branch: MAIN
CVS Tags: yamt-splraiseipl-base2
Changes since 1.29: +3 -5 lines
Diff to previous 1.29 (colored) to selected 1.7 (colored)

- sprinkle __unused on function decls.
- fix a couple of unused bugs
- no more -Wno-unused for i386

Revision 1.29 / (download) - annotate - [select for diffs], Thu Jan 26 20:30:13 2006 UTC (18 years, 2 months ago) by rpaulo
Branch: MAIN
CVS Tags: yamt-uio_vmspace-base5, yamt-splraiseipl-base, yamt-pdpolicy-base9, yamt-pdpolicy-base8, yamt-pdpolicy-base7, yamt-pdpolicy-base6, yamt-pdpolicy-base5, yamt-pdpolicy-base4, yamt-pdpolicy-base3, yamt-pdpolicy-base2, yamt-pdpolicy-base, yamt-pdpolicy, simonb-timecounters-base, simonb-timecounters, simonb-timcounters-final, rpaulo-netinet-merge-pcb-base, rpaulo-netinet-merge-pcb, peter-altq-base, peter-altq, gdamore-uart-base, gdamore-uart, elad-kernelauth-base, elad-kernelauth, chap-midi-nbase, chap-midi-base, chap-midi, abandoned-netbsd-4-base, abandoned-netbsd-4
Branch point for: yamt-splraiseipl, newlock2
Changes since 1.28: +2 -3 lines
Diff to previous 1.28 (colored) to selected 1.7 (colored)

<netinet6/in6_pcb.h> is not needed.

Revision 1.28 / (download) - annotate - [select for diffs], Sat Dec 24 20:45:09 2005 UTC (18 years, 3 months ago) by perry
Branch: MAIN
Branch point for: yamt-uio_vmspace
Changes since 1.27: +6 -6 lines
Diff to previous 1.27 (colored) to selected 1.7 (colored)

Remove leading __ from __(const|inline|signed|volatile) -- it is obsolete.

Revision 1.27 / (download) - annotate - [select for diffs], Sun Dec 11 12:25:02 2005 UTC (18 years, 3 months ago) by christos
Branch: MAIN
Changes since 1.26: +2 -2 lines
Diff to previous 1.26 (colored) to selected 1.7 (colored)

merge ktrace-lwp.

Revision 1.26 / (download) - annotate - [select for diffs], Sat Sep 6 03:36:32 2003 UTC (20 years, 6 months ago) by itojun
Branch: MAIN
CVS Tags: yamt-vop-base3, yamt-vop-base2, yamt-vop-base, yamt-vop, yamt-readahead-pervnode, yamt-readahead-perfile, yamt-readahead-base3, yamt-readahead-base2, yamt-readahead-base, yamt-readahead, yamt-km-base4, yamt-km-base3, yamt-km-base2, yamt-km-base, yamt-km, thorpej-vnode-attr-base, thorpej-vnode-attr, netbsd-3-base, netbsd-3-1-RELEASE, netbsd-3-1-RC4, netbsd-3-1-RC3, netbsd-3-1-RC2, netbsd-3-1-RC1, netbsd-3-1-1-RELEASE, netbsd-3-1, netbsd-3-0-RELEASE, netbsd-3-0-RC6, netbsd-3-0-RC5, netbsd-3-0-RC4, netbsd-3-0-RC3, netbsd-3-0-RC2, netbsd-3-0-RC1, netbsd-3-0-3-RELEASE, netbsd-3-0-2-RELEASE, netbsd-3-0-1-RELEASE, netbsd-3-0, netbsd-3, netbsd-2-base, netbsd-2-1-RELEASE, netbsd-2-1-RC6, netbsd-2-1-RC5, netbsd-2-1-RC4, netbsd-2-1-RC3, netbsd-2-1-RC2, netbsd-2-1-RC1, netbsd-2-1, netbsd-2-0-base, netbsd-2-0-RELEASE, netbsd-2-0-RC5, netbsd-2-0-RC4, netbsd-2-0-RC3, netbsd-2-0-RC2, netbsd-2-0-RC1, netbsd-2-0-3-RELEASE, netbsd-2-0-2-RELEASE, netbsd-2-0-1-RELEASE, netbsd-2-0, netbsd-2, ktrace-lwp-base, kent-audio2-base, kent-audio2, kent-audio1-beforemerge, kent-audio1-base, kent-audio1
Branch point for: yamt-lazymbuf
Changes since 1.25: +2 -3 lines
Diff to previous 1.25 (colored) to selected 1.7 (colored)

randomize IPv4/v6 fragment ID and IPv6 flowlabel.  avoids predictability
of these fields.  ip_id.c is from openbsd.  ip6_id.c is adapted by kame.

Revision 1.25 / (download) - annotate - [select for diffs], Fri Sep 5 23:20:51 2003 UTC (20 years, 6 months ago) by itojun
Branch: MAIN
Changes since 1.24: +3 -3 lines
Diff to previous 1.24 (colored) to selected 1.7 (colored)

u_short -> u_int16_t.  sync w/ kame.
don't set ip6_plen where unneeded (i.e. before calling ip6_output)

Revision 1.24 / (download) - annotate - [select for diffs], Wed May 14 06:47:39 2003 UTC (20 years, 10 months ago) by itojun
Branch: MAIN
Branch point for: ktrace-lwp
Changes since 1.23: +2 -7 lines
Diff to previous 1.23 (colored) to selected 1.7 (colored)

always use PULLDOWN_TEST codepath.

Revision 1.23 / (download) - annotate - [select for diffs], Sat Nov 2 07:30:55 2002 UTC (21 years, 5 months ago) by perry
Branch: MAIN
CVS Tags: nathanw_sa_before_merge, nathanw_sa_base, gmcgarry_ucred_base, gmcgarry_ucred, gmcgarry_ctxsw_base, gmcgarry_ctxsw, fvdl_fs64_base
Changes since 1.22: +4 -4 lines
Diff to previous 1.22 (colored) to selected 1.7 (colored)

/*CONTCOND*/ while (0)'ed macros

Revision 1.22 / (download) - annotate - [select for diffs], Wed Sep 11 02:46:44 2002 UTC (21 years, 6 months ago) by itojun
Branch: MAIN
CVS Tags: kqueue-beforemerge, kqueue-base, kqueue-aftermerge
Changes since 1.21: +4 -4 lines
Diff to previous 1.21 (colored) to selected 1.7 (colored)

KNF - return is not a function.  sync w/kame.

Revision 1.21 / (download) - annotate - [select for diffs], Wed Sep 11 02:41:23 2002 UTC (21 years, 6 months ago) by itojun
Branch: MAIN
Changes since 1.20: +3 -3 lines
Diff to previous 1.20 (colored) to selected 1.7 (colored)

correct signedness mixup in pointer passing.  sync w/kame

Revision 1.20 / (download) - annotate - [select for diffs], Sun Jun 9 14:43:11 2002 UTC (21 years, 9 months ago) by itojun
Branch: MAIN
CVS Tags: gehenna-devsw-base
Changes since 1.19: +4 -4 lines
Diff to previous 1.19 (colored) to selected 1.7 (colored)

whitespace cleanup

Revision 1.19 / (download) - annotate - [select for diffs], Tue May 28 10:11:50 2002 UTC (21 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.18: +3 -9 lines
Diff to previous 1.18 (colored) to selected 1.7 (colored)

use arc4random() where possible.
XXX is it necessary to do microtime() on tcp syn cache?

Revision 1.18 / (download) - annotate - [select for diffs], Tue May 28 03:04:05 2002 UTC (21 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.17: +37 -18 lines
Diff to previous 1.17 (colored) to selected 1.7 (colored)

limit number of IPv6 fragments (not the fragment queue size) to
fight against lots-of-frags DoS attacks.  sync w/kame

Revision 1.17 / (download) - annotate - [select for diffs], Fri Mar 15 10:44:07 2002 UTC (22 years ago) by itojun
Branch: MAIN
CVS Tags: netbsd-1-6-base, netbsd-1-6-RELEASE, netbsd-1-6-RC3, netbsd-1-6-RC2, netbsd-1-6-RC1, netbsd-1-6-PATCH002-RELEASE, netbsd-1-6-PATCH002-RC4, netbsd-1-6-PATCH002-RC3, netbsd-1-6-PATCH002-RC2, netbsd-1-6-PATCH002-RC1, netbsd-1-6-PATCH002, netbsd-1-6-PATCH001-RELEASE, netbsd-1-6-PATCH001-RC3, netbsd-1-6-PATCH001-RC2, netbsd-1-6-PATCH001-RC1, netbsd-1-6-PATCH001, netbsd-1-6, eeh-devprop-base, eeh-devprop
Branch point for: gehenna-devsw
Changes since 1.16: +83 -14 lines
Diff to previous 1.16 (colored) to selected 1.7 (colored)

have a real lock around IPv6 reassembly.

Revision 1.16 / (download) - annotate - [select for diffs], Tue Nov 13 00:56:57 2001 UTC (22 years, 4 months ago) by lukem
Branch: MAIN
CVS Tags: newlock-base, newlock, ifpoll-base
Changes since 1.15: +4 -1 lines
Diff to previous 1.15 (colored) to selected 1.7 (colored)

add RCSIDs

Revision 1.15 / (download) - annotate - [select for diffs], Thu Oct 18 07:44:33 2001 UTC (22 years, 5 months ago) by itojun
Branch: MAIN
CVS Tags: thorpej-mips-cache-base, thorpej-mips-cache
Changes since 1.14: +1 -4 lines
Diff to previous 1.14 (colored) to selected 1.7 (colored)

reduce diffs with kame (mostly cosmetic).
move IPV6_CHECKSUM processing to sys/netinet6/raw_ip6.c.
constify a couple of places.

Revision 1.14 / (download) - annotate - [select for diffs], Thu May 17 14:01:37 2001 UTC (22 years, 10 months ago) by itojun
Branch: MAIN
CVS Tags: thorpej-devvp-base3, thorpej-devvp-base2, thorpej-devvp-base, thorpej-devvp, pre-chs-ubcperf, post-chs-ubcperf
Branch point for: kqueue
Changes since 1.13: +9 -2 lines
Diff to previous 1.13 (colored) to selected 1.7 (colored)

plug memory leak on invalid fragment packet.  supress noisy log.  from kame

Revision 1.13 / (download) - annotate - [select for diffs], Thu Feb 22 05:04:42 2001 UTC (23 years, 1 month ago) by itojun
Branch: MAIN
CVS Tags: thorpej_scsipi_nbase, thorpej_scsipi_beforemerge, thorpej_scsipi_base
Branch point for: nathanw_sa
Changes since 1.12: +9 -9 lines
Diff to previous 1.12 (colored) to selected 1.7 (colored)

correct handling of upper limitation to # of reass queue.

Revision 1.12 / (download) - annotate - [select for diffs], Sun Feb 11 05:05:27 2001 UTC (23 years, 1 month ago) by itojun
Branch: MAIN
Changes since 1.11: +7 -2 lines
Diff to previous 1.11 (colored) to selected 1.7 (colored)

set frag6_doing_reass properly (for frag6_drain).  sync with kame.

Revision 1.11 / (download) - annotate - [select for diffs], Sat Feb 10 04:14:26 2001 UTC (23 years, 1 month ago) by itojun
Branch: MAIN
Changes since 1.10: +9 -8 lines
Diff to previous 1.10 (colored) to selected 1.7 (colored)

to sync with kame better, (1) remove register declaration for variables,
(2) sync whitespaces, (3) update comments. (4) bring in some of portability
and logging enhancements.  no functional changes here.

Revision 1.10 / (download) - annotate - [select for diffs], Sun Feb 6 12:49:42 2000 UTC (24 years, 1 month ago) by itojun
Branch: MAIN
CVS Tags: netbsd-1-5-base, netbsd-1-5-RELEASE, netbsd-1-5-BETA2, netbsd-1-5-BETA, netbsd-1-5-ALPHA2, minoura-xpg4dl-base, minoura-xpg4dl, chs-ubc2-newbase
Branch point for: netbsd-1-5
Changes since 1.9: +3 -3 lines
Diff to previous 1.9 (colored) to selected 1.7 (colored)

fix include pathname for better rfc2292 compliance.

Revision 1.9 / (download) - annotate - [select for diffs], Thu Feb 3 18:13:01 2000 UTC (24 years, 1 month ago) by itojun
Branch: MAIN
Changes since 1.8: +81 -49 lines
Diff to previous 1.8 (colored) to selected 1.7 (colored)

- Don't reuse ip6 header portion as reassembly pointer, to be friendly
  with LP64 arch.  (not tested on LP64, sorry)
- add comment on reass rule
- some other cleanups

NetBSD PR: 9340
From: iwamoto@sat.t.u-tokyo.ac.jp
(in sync with kame)

Revision 1.8 / (download) - annotate - [select for diffs], Thu Jan 6 15:46:08 2000 UTC (24 years, 2 months ago) by itojun
Branch: MAIN
Changes since 1.7: +1 -16 lines
Diff to previous 1.7 (colored)

remove extra portability #ifdef (like #ifdef __FreeBSD__) in KAME IPv6/IPsec
code, from netbsd-current repository.
#ifdef'ed version is always available from ftp.kame.net.

XXX please do not make too many diff-unfriendly changes, we'll need to take
bunch of diffs on upgrade...

Revision 1.7 / (download) - annotate - [selected], Mon Dec 13 15:17:21 1999 UTC (24 years, 3 months ago) by itojun
Branch: MAIN
CVS Tags: wrstuden-devbsize-base, wrstuden-devbsize-19991221
Changes since 1.6: +75 -7 lines
Diff to previous 1.6 (colored)

sync IPv6 part with latest KAME tree.   IPsec part is left unmodified
due to massive changes in KAME side.
- IPv6 output goes through nd6_output
- faith can capture IPv4 packets as well - you can run IPv4-to-IPv6 translator
  using heavily modified DNS servers
- per-interface statistics (required for IPv6 MIB)
- interface autoconfig is revisited
- udp input handling has a big change for mapped address support.
- introduce in4_cksum() for non-overwriting checksumming
- introduce m_pulldown()
- neighbor discovery cleanups/improvements
- netinet/in.h strictly conforms to RFC2553 (no extra defs visible to userland)
- IFA_STATS is fixed a bit (not tested)
- and more more more.

TODO:
- cleanup os-independency #ifdef
- avoid rcvif dual use (for IPsec) to help ifdetach

(sorry for jumbo commit, I can't separate this any more...)

Revision 1.6 / (download) - annotate - [select for diffs], Thu Aug 26 11:10:49 1999 UTC (24 years, 7 months ago) by itojun
Branch: MAIN
CVS Tags: fvdl-softdep-base, fvdl-softdep, comdex-fall-1999-base, comdex-fall-1999
Branch point for: wrstuden-devbsize, thorpej_scsipi
Changes since 1.5: +9 -6 lines
Diff to previous 1.5 (colored) to selected 1.7 (colored)

fix IPv6 fragment ID initialization - random() does not return
random value when frag6_init() is called, so use microtime() to stir
the value better.

Revision 1.5 / (download) - annotate - [select for diffs], Fri Jul 30 10:35:35 1999 UTC (24 years, 8 months ago) by itojun
Branch: MAIN
CVS Tags: chs-ubc2-base
Changes since 1.4: +1 -2 lines
Diff to previous 1.4 (colored) to selected 1.7 (colored)

remove reference to in6_systm.h (file itself will be removed afterwords)

Revision 1.4 / (download) - annotate - [select for diffs], Sun Jul 4 02:01:15 1999 UTC (24 years, 9 months ago) by itojun
Branch: MAIN
Changes since 1.3: +2 -2 lines
Diff to previous 1.3 (colored) to selected 1.7 (colored)

s/splnet/splsoftnet/ in IPv6/IPsec part.
hope I made no mistake (the kernel works fine but I need a regress test)

Suggested by: thorpej

Revision 1.3 / (download) - annotate - [select for diffs], Sat Jul 3 21:30:17 1999 UTC (24 years, 9 months ago) by thorpej
Branch: MAIN
Changes since 1.2: +2 -0 lines
Diff to previous 1.2 (colored) to selected 1.7 (colored)

RCS ID police.

Revision 1.2 / (download) - annotate - [select for diffs], Thu Jul 1 08:12:53 1999 UTC (24 years, 9 months ago) by itojun
Branch: MAIN
Branch point for: chs-ubc2
Changes since 1.1: +596 -0 lines
Diff to previous 1.1 (colored) to selected 1.7 (colored)

IPv6 kernel code, based on KAME/NetBSD 1.4, SNAP kit 19990628.
(Sorry for a big commit, I can't separate this into several pieces...)
Pls check sys/netinet6/TODO and sys/netinet6/IMPLEMENTATION for details.

- sys/kern: do not assume single mbuf, accept chained mbuf on passing
  data from userland to kernel (or other way round).
- "midway" ATM card: ATM PVC pseudo device support, like those done in ALTQ
  package (ftp://ftp.csl.sony.co.jp/pub/kjc/).
- sys/netinet/tcp*: IPv4/v6 dual stack tcp support.
- sys/netinet/{ip6,icmp6}.h, sys/net/pfkeyv2.h: IETF document assumes those
  file to be there so we patch it up.
- sys/netinet: IPsec additions are here and there.
- sys/netinet6/*: most of IPv6 code sits here.
- sys/netkey: IPsec key management code
- dev/pci/pcidevs: regen

In my understanding no code here is subject to export control so it
should be safe.

Revision 1.1, Mon Jun 28 06:37:03 1999 UTC (24 years, 9 months ago) by itojun
Branch: MAIN
Branch point for: kame
FILE REMOVED

file frag6.c was initially added on branch kame.

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>