version 1.130, 2011/05/03 18:28:45 |
version 1.135, 2011/12/31 20:41:59 |
Line 85 __KERNEL_RCSID(0, "$NetBSD$"); |
|
Line 85 __KERNEL_RCSID(0, "$NetBSD$"); |
|
#include <sys/syslog.h> |
#include <sys/syslog.h> |
#include <sys/proc.h> |
#include <sys/proc.h> |
#include <sys/sysctl.h> |
#include <sys/sysctl.h> |
|
#include <sys/cprng.h> |
|
|
#include <net/if.h> |
#include <net/if.h> |
#include <net/if_types.h> |
#include <net/if_types.h> |
Line 111 __KERNEL_RCSID(0, "$NetBSD$"); |
|
Line 112 __KERNEL_RCSID(0, "$NetBSD$"); |
|
#include <netinet6/in6_ifattach.h> |
#include <netinet6/in6_ifattach.h> |
#include <netinet6/nd6.h> |
#include <netinet6/nd6.h> |
|
|
#ifdef IPSEC |
#ifdef KAME_IPSEC |
#include <netinet6/ipsec.h> |
#include <netinet6/ipsec.h> |
#include <netinet6/ipsec_private.h> |
#include <netinet6/ipsec_private.h> |
#endif |
#endif |
Line 138 __KERNEL_RCSID(0, "$NetBSD$"); |
|
Line 139 __KERNEL_RCSID(0, "$NetBSD$"); |
|
|
|
#include <net/net_osdep.h> |
#include <net/net_osdep.h> |
|
|
extern struct inpcbtable tcbtable; /* XXX include of tcp_var.h no good */ |
|
|
|
extern struct domain inet6domain; |
extern struct domain inet6domain; |
|
|
u_char ip6_protox[IPPROTO_MAX]; |
u_char ip6_protox[IPPROTO_MAX]; |
|
|
addrsel_policy_init(); |
addrsel_policy_init(); |
nd6_init(); |
nd6_init(); |
frag6_init(); |
frag6_init(); |
ip6_desync_factor = arc4random() % MAX_TEMP_DESYNC_FACTOR; |
ip6_desync_factor = cprng_fast32() % MAX_TEMP_DESYNC_FACTOR; |
|
|
ip6_init2((void *)0); |
ip6_init2(NULL); |
#ifdef GATEWAY |
#ifdef GATEWAY |
ip6flow_init(ip6_hashsize); |
ip6flow_init(ip6_hashsize); |
#endif |
#endif |
Line 280 ip6_input(struct mbuf *m) |
|
Line 279 ip6_input(struct mbuf *m) |
|
int s, error; |
int s, error; |
#endif |
#endif |
|
|
#ifdef IPSEC |
#ifdef KAME_IPSEC |
/* |
/* |
* should the inner packet be considered authentic? |
* should the inner packet be considered authentic? |
* see comment in ah4_input(). |
* see comment in ah4_input(). |
Line 352 ip6_input(struct mbuf *m) |
|
Line 351 ip6_input(struct mbuf *m) |
|
goto bad; |
goto bad; |
} |
} |
|
|
#if defined(IPSEC) |
#if defined(KAME_IPSEC) |
/* IPv6 fast forwarding is not compatible with IPsec. */ |
/* IPv6 fast forwarding is not compatible with IPsec. */ |
m->m_flags &= ~M_CANFASTFWD; |
m->m_flags &= ~M_CANFASTFWD; |
#else |
#else |
Line 375 ip6_input(struct mbuf *m) |
|
Line 374 ip6_input(struct mbuf *m) |
|
* let ipfilter look at packet on the wire, |
* let ipfilter look at packet on the wire, |
* not the decapsulated packet. |
* not the decapsulated packet. |
*/ |
*/ |
#ifdef IPSEC |
#ifdef KAME_IPSEC |
if (!ipsec_getnhist(m)) |
if (!ipsec_getnhist(m)) |
#elif defined(FAST_IPSEC) |
#elif defined(FAST_IPSEC) |
if (!ipsec_indone(m)) |
if (!ipsec_indone(m)) |
Line 786 ip6_input(struct mbuf *m) |
|
Line 785 ip6_input(struct mbuf *m) |
|
} |
} |
} |
} |
|
|
#ifdef IPSEC |
#ifdef KAME_IPSEC |
/* |
/* |
* enforce IPsec policy checking if we are seeing last header. |
* enforce IPsec policy checking if we are seeing last header. |
* note that we do not visit this with protocols with pcb layer |
* note that we do not visit this with protocols with pcb layer |
Line 1795 sysctl_net_inet6_ip6_setup(struct sysctl |
|
Line 1794 sysctl_net_inet6_ip6_setup(struct sysctl |
|
IPV6CTL_ACCEPT_RTADV, CTL_EOL); |
IPV6CTL_ACCEPT_RTADV, CTL_EOL); |
sysctl_createv(clog, 0, NULL, NULL, |
sysctl_createv(clog, 0, NULL, NULL, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
|
CTLTYPE_INT, "rtadv_maxroutes", |
|
SYSCTL_DESCR("Maximum number of routes accepted via router advertisements"), |
|
NULL, 0, &ip6_rtadv_maxroutes, 0, |
|
CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
IPV6CTL_RTADV_MAXROUTES, CTL_EOL); |
|
sysctl_createv(clog, 0, NULL, NULL, |
|
CTLFLAG_PERMANENT, |
|
CTLTYPE_INT, "rtadv_numroutes", |
|
SYSCTL_DESCR("Current number of routes accepted via router advertisements"), |
|
NULL, 0, &nd6_numroutes, 0, |
|
CTL_NET, PF_INET6, IPPROTO_IPV6, |
|
IPV6CTL_RTADV_NUMROUTES, CTL_EOL); |
|
sysctl_createv(clog, 0, NULL, NULL, |
|
CTLFLAG_PERMANENT|CTLFLAG_READWRITE, |
CTLTYPE_INT, "keepfaith", |
CTLTYPE_INT, "keepfaith", |
SYSCTL_DESCR("Activate faith interface"), |
SYSCTL_DESCR("Activate faith interface"), |
NULL, 0, &ip6_keepfaith, 0, |
NULL, 0, &ip6_keepfaith, 0, |