The NetBSD Project

CVS log for src/sys/netinet6/ip6_input.c

[BACK] Up to [cvs.NetBSD.org] / src / sys / netinet6

Request diff between arbitrary revisions


Default branch: MAIN


Revision 1.227 / (download) - annotate - [select for diffs], Fri Oct 28 05:18:39 2022 UTC (16 months, 3 weeks ago) by ozaki-r
Branch: MAIN
CVS Tags: triaxx-drm, thorpej-ifq-base, thorpej-ifq, thorpej-altq-separation-base, thorpej-altq-separation, netbsd-10-base, netbsd-10-0-RC6, netbsd-10-0-RC5, netbsd-10-0-RC4, netbsd-10-0-RC3, netbsd-10-0-RC2, netbsd-10-0-RC1, netbsd-10, HEAD
Changes since 1.226: +14 -14 lines
Diff to previous 1.226 (colored) to selected 1.22 (colored)

inpcb: integrate data structures of PCB into one

Data structures of network protocol control blocks (PCBs), i.e.,
struct inpcb, in6pcb and inpcb_hdr, are not organized well.  Users of
the data structures have to handle them separately and thus the code
is cluttered and duplicated.

The commit integrates the data structures into one, struct inpcb.  As a
result, users of PCBs only have to handle just one data structure, so
the code becomes simple.

One drawback is that the data size of PCB for IPv4 increases by 40 bytes
(from 248 bytes to 288 bytes).

Revision 1.226 / (download) - annotate - [select for diffs], Mon Oct 24 01:54:19 2022 UTC (16 months, 3 weeks ago) by knakahara
Branch: MAIN
Changes since 1.225: +10 -2 lines
Diff to previous 1.225 (colored) to selected 1.22 (colored)

Fix PR kern/57037

Be able to change the behavior sending parameter changing routing messages.
When set net.inet6.ip6.param_rt_msg=0, don't send parameter changing
routing messages.
When set net.inet6.ip6.param_rt_msg=1(default), send parameter changing
routing messages by RTM_NEWADDR.

Revision 1.225 / (download) - annotate - [select for diffs], Fri Sep 2 03:50:00 2022 UTC (18 months, 2 weeks ago) by thorpej
Branch: MAIN
CVS Tags: bouyer-sunxi-drm-base, bouyer-sunxi-drm
Changes since 1.224: +10 -6 lines
Diff to previous 1.224 (colored) to selected 1.22 (colored)

pktqueue: Re-factor sysctl handling.

Provide a new pktq_sysctl_setup() function that attaches standard
pktq sysctl nodes below a specified parent node, with either a
fixed node ID or CTL_CREATE to dynamically assign node IDs.  Make
all of the sysctl handlers private to pktqueue.c, and remove the
INET- and INET6-specific pktqueue sysctl code from net/if.c.

Revision 1.222.2.1 / (download) - annotate - [select for diffs], Sat Apr 3 22:29:02 2021 UTC (2 years, 11 months ago) by thorpej
Branch: thorpej-futex
Changes since 1.222: +10 -19 lines
Diff to previous 1.222 (colored) next main 1.223 (colored) to selected 1.22 (colored)

Sync with HEAD.

Revision 1.224 / (download) - annotate - [select for diffs], Fri Feb 19 14:52:00 2021 UTC (3 years ago) by christos
Branch: MAIN
CVS Tags: thorpej-i2c-spi-conf2-base, thorpej-i2c-spi-conf2, thorpej-i2c-spi-conf-base, thorpej-i2c-spi-conf, thorpej-futex2-base, thorpej-futex2, thorpej-futex-base, thorpej-cfargs2-base, thorpej-cfargs2, thorpej-cfargs-base, thorpej-cfargs, cjep_sun2x-base1, cjep_sun2x-base, cjep_sun2x, cjep_staticlib_x-base1, cjep_staticlib_x-base, cjep_staticlib_x
Changes since 1.223: +6 -6 lines
Diff to previous 1.223 (colored) to selected 1.22 (colored)

- Make ALIGNED_POINTER use __alignof(t) instead of sizeof(t). This is more
  correct because it works with non-primitive types and provides the ABI
  alignment for the type the compiler will use.
- Remove all the *_HDR_ALIGNMENT macros and asserts
- Replace POINTER_ALIGNED_P with ACCESSIBLE_POINTER which is identical to
  ALIGNED_POINTER, but returns that the pointer is always aligned if the
  CPU supports unaligned accesses.
[ as proposed in tech-kern ]

Revision 1.223 / (download) - annotate - [select for diffs], Sun Feb 14 20:58:35 2021 UTC (3 years, 1 month ago) by christos
Branch: MAIN
Changes since 1.222: +10 -19 lines
Diff to previous 1.222 (colored) to selected 1.22 (colored)

- centralize header align and pullup into a single inline function
- use a single macro to align pointers and expose the alignment, instead
  of hard-coding 3 in 1/2 the macros.
- fix an issue in the ipv6 lt2p where it was aligning for ipv4 and pulling
  for ipv6.

Revision 1.222 / (download) - annotate - [select for diffs], Fri Aug 28 06:32:24 2020 UTC (3 years, 6 months ago) by ozaki-r
Branch: MAIN
Branch point for: thorpej-futex
Changes since 1.221: +13 -6 lines
Diff to previous 1.221 (colored) to selected 1.22 (colored)

inet6: reduce silent packet discards

Revision 1.221 / (download) - annotate - [select for diffs], Fri Aug 28 06:28:58 2020 UTC (3 years, 6 months ago) by ozaki-r
Branch: MAIN
Changes since 1.220: +3 -3 lines
Diff to previous 1.220 (colored) to selected 1.22 (colored)

inet6: pass rcvif to ip6_forward to avoid extra psref_acquire

Revision 1.220 / (download) - annotate - [select for diffs], Fri Aug 28 06:20:44 2020 UTC (3 years, 6 months ago) by ozaki-r
Branch: MAIN
Changes since 1.219: +3 -3 lines
Diff to previous 1.219 (colored) to selected 1.22 (colored)

ipsec: rename ipsec_ip_input to ipsec_ip_input_checkpolicy

Because it just checks if a packet passes security policies.

Revision 1.219 / (download) - annotate - [select for diffs], Fri Aug 28 06:19:13 2020 UTC (3 years, 6 months ago) by ozaki-r
Branch: MAIN
Changes since 1.218: +5 -3 lines
Diff to previous 1.218 (colored) to selected 1.22 (colored)

inet, inet6: count packets dropped by IPsec

The counters count packets dropped due to security policy checks.

Revision 1.218 / (download) - annotate - [select for diffs], Mon Jul 27 14:06:58 2020 UTC (3 years, 7 months ago) by roy
Branch: MAIN
Changes since 1.217: +16 -2 lines
Diff to previous 1.217 (colored) to selected 1.22 (colored)

ip6: Remove __packed attribute from ip6 structures

They should naturally align.
Add compile time assertations to ip6_input.c to prove this.

Revision 1.217 / (download) - annotate - [select for diffs], Fri Jun 19 16:08:06 2020 UTC (3 years, 8 months ago) by maxv
Branch: MAIN
Changes since 1.216: +11 -6 lines
Diff to previous 1.216 (colored) to selected 1.22 (colored)

localify

Revision 1.216 / (download) - annotate - [select for diffs], Fri Jun 12 11:04:45 2020 UTC (3 years, 9 months ago) by roy
Branch: MAIN
Changes since 1.215: +2 -92 lines
Diff to previous 1.215 (colored) to selected 1.22 (colored)

Remove in-kernel handling of Router Advertisements

This is much better handled by a user-land tool.
Proposed on tech-net here:
https://mail-index.netbsd.org/tech-net/2020/04/22/msg007766.html

Note that the ioctl SIOCGIFINFO_IN6 no longer sets flags. That now
needs to be done using the pre-existing SIOCSIFINFO_FLAGS ioctl.

Compat is fully provided where it makes sense, but trying to turn on
RA handling will obviously throw an error as it no longer exists.

Note that if you use IPv6 temporary addresses, this now needs to be
turned on in dhcpcd.conf(5) rather than in sysctl.conf(5).

Revision 1.204.2.2 / (download) - annotate - [select for diffs], Mon Apr 13 08:05:17 2020 UTC (3 years, 11 months ago) by martin
Branch: phil-wifi
Changes since 1.204.2.1: +52 -27 lines
Diff to previous 1.204.2.1 (colored) to branchpoint 1.204 (colored) next main 1.205 (colored) to selected 1.22 (colored)

Mostly merge changes from HEAD upto 20200411

Revision 1.208.2.4 / (download) - annotate - [select for diffs], Sat Nov 16 17:01:45 2019 UTC (4 years, 4 months ago) by martin
Branch: netbsd-9
CVS Tags: netbsd-9-3-RELEASE, netbsd-9-2-RELEASE, netbsd-9-1-RELEASE, netbsd-9-0-RELEASE, netbsd-9-0-RC2, netbsd-9-0-RC1
Changes since 1.208.2.3: +10 -2 lines
Diff to previous 1.208.2.3 (colored) to branchpoint 1.208 (colored) next main 1.209 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by maxv in ticket #432):

	sys/netinet6/ip6_input.c: revision 1.215

Add more checks in ip6_pullexthdr, to prevent a panic in m_copydata. The
Rip6 entry point could see a garbage Hop6 option.

Not a big issue, since it's a clean panic only triggerable if the socket
has the IN6P_DSTOPTS/IN6P_RTHDR option.

Revision 1.215 / (download) - annotate - [select for diffs], Tue Nov 12 08:11:55 2019 UTC (4 years, 4 months ago) by maxv
Branch: MAIN
CVS Tags: phil-wifi-20200421, phil-wifi-20200411, phil-wifi-20200406, phil-wifi-20191119, is-mlppp-base, is-mlppp, bouyer-xenpvh-base2, bouyer-xenpvh-base1, bouyer-xenpvh-base, bouyer-xenpvh, ad-namecache-base3, ad-namecache-base2, ad-namecache-base1, ad-namecache-base, ad-namecache
Changes since 1.214: +10 -2 lines
Diff to previous 1.214 (colored) to selected 1.22 (colored)

Add more checks in ip6_pullexthdr, to prevent a panic in m_copydata. The
Rip6 entry point could see a garbage Hop6 option.

Not a big issue, since it's a clean panic only triggerable if the socket
has the IN6P_DSTOPTS/IN6P_RTHDR option.

Reported-by: syzbot+3b07b3511b4ceb8bf1e2@syzkaller.appspotmail.com

Revision 1.208.2.3 / (download) - annotate - [select for diffs], Wed Oct 23 19:33:07 2019 UTC (4 years, 4 months ago) by martin
Branch: netbsd-9
Changes since 1.208.2.2: +28 -17 lines
Diff to previous 1.208.2.2 (colored) to branchpoint 1.208 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by ozaki-r in ticket #368):

	sys/netinet6/in6_ifattach.h: revision 1.14
	sys/netinet6/ip6_input.c: revision 1.212
	sys/netinet6/ip6_input.c: revision 1.213
	sys/netinet6/ip6_input.c: revision 1.214
	sys/netinet6/in6_var.h: revision 1.101
	sys/netinet6/in6_var.h: revision 1.102
	sys/netinet6/in6_ifattach.c: revision 1.116
	sys/netinet6/in6_ifattach.c: revision 1.117
	tests/net/ndp/t_ra.sh: revision 1.33

Reorganize in6_tmpaddrtimer stuffs
- Move the related functions to where in6_tmpaddrtimer_ch exists
- Hide global variable in6_tmpaddrtimer_ch
- Rename ip6_init2 to in6_tmpaddrtimer_init
- Reduce callers of callout_reset
- Use callout_schedule

Validate ip6_temp_preferred_lifetime (net.inet6.ip6.temppltime) on a change
ip6_temp_preferred_lifetime is used to calculate an interval period to
regenerate temporary addresse by
  TEMP_PREFERRED_LIFETIME - REGEN_ADVANCE - DESYNC_FACTOR
as per RFC 3041 3.5.  So it must be greater than (REGEN_ADVANCE +
DESYNC_FACTOR), otherwise it will be negative and go wrong, for example
KASSERT(to_ticks >= 0) in callout_schedule_locked fails.

tests: add tests for the validateion of net.inet6.ip6.temppltime

in6: reset the temporary address timer on a change of the interval period

Revision 1.214 / (download) - annotate - [select for diffs], Fri Oct 18 04:33:53 2019 UTC (4 years, 5 months ago) by ozaki-r
Branch: MAIN
Changes since 1.213: +4 -2 lines
Diff to previous 1.213 (colored) to selected 1.22 (colored)

in6: reset the temporary address timer on a change of the interval period

Revision 1.213 / (download) - annotate - [select for diffs], Wed Oct 16 07:41:28 2019 UTC (4 years, 5 months ago) by ozaki-r
Branch: MAIN
Changes since 1.212: +25 -3 lines
Diff to previous 1.212 (colored) to selected 1.22 (colored)

Validate ip6_temp_preferred_lifetime (net.inet6.ip6.temppltime) on a change

ip6_temp_preferred_lifetime is used to calculate an interval period to
regenerate temporary addresse by
  TEMP_PREFERRED_LIFETIME - REGEN_ADVANCE - DESYNC_FACTOR
as per RFC 3041 3.5.  So it must be greater than (REGEN_ADVANCE +
DESYNC_FACTOR), otherwise it will be negative and go wrong, for example
KASSERT(to_ticks >= 0) in callout_schedule_locked fails.

Revision 1.212 / (download) - annotate - [select for diffs], Wed Oct 16 07:40:40 2019 UTC (4 years, 5 months ago) by ozaki-r
Branch: MAIN
Changes since 1.211: +3 -16 lines
Diff to previous 1.211 (colored) to selected 1.22 (colored)

Reorganize in6_tmpaddrtimer stuffs

- Move the related functions to where in6_tmpaddrtimer_ch exists
- Hide global variable in6_tmpaddrtimer_ch
- Rename ip6_init2 to in6_tmpaddrtimer_init
- Reduce callers of callout_reset
- Use callout_schedule

Revision 1.178.2.9 / (download) - annotate - [select for diffs], Tue Sep 24 18:27:09 2019 UTC (4 years, 5 months ago) by martin
Branch: netbsd-8
CVS Tags: netbsd-8-2-RELEASE
Changes since 1.178.2.8: +11 -11 lines
Diff to previous 1.178.2.8 (colored) to branchpoint 1.178 (colored) next main 1.179 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by knakahara in ticket #1385):

	sys/net/if.c				1.461
	sys/net/if.h				1.277
	sys/net/if_gif.c			1.149
	sys/net/if_gif.h			1.33
	sys/net/if_ipsec.c			1.19,1.20,1.24
	sys/net/if_ipsec.h			1.5
	sys/net/if_l2tp.c			1.33,1.36-1.39
	sys/net/if_l2tp.h			1.7,1.8
	sys/net/route.c				1.220,1.221
	sys/net/route.h				1.125
	sys/netinet/in_gif.c			1.95
	sys/netinet/in_l2tp.c			1.17
	sys/netinet/ip_input.c			1.391,1.392
	sys/netinet/wqinput.c			1.6
	sys/netinet6/in6_gif.c			1.94
	sys/netinet6/in6_l2tp.c			1.18
	sys/netinet6/ip6_forward.c		1.97
	sys/netinet6/ip6_input.c		1.210,1.211
	sys/netipsec/ipsec_output.c		1.82,1.83 (patched)
	sys/netipsec/ipsecif.c			1.12,1.13,1.15,1.17 (patched)
	sys/netipsec/key.c			1.259,1.260

ipsecif(4) support input drop packet counter.

ipsecif(4) should not increment drop counter by errors not related to if_snd. Pointed out by ozaki-r@n.o, thanks.
Remove unnecessary addresses in PF_KEY message.

MOBIKE Extensions for PF_KEY draft-schilcher-mobike-pfkey-extension-01.txt says
====================
5.  SPD Update
// snip
   SADB_X_SPDADD:
// snip
      sadb_x_ipsecrequest_reqid:
         An ID for that SA can be passed to the kernel in the
         sadb_x_ipsecrequest_reqid field.
      If tunnel mode is specified, the sadb_x_ipsecrequest structure is
      followed by two sockaddr structures that define the tunnel
      endpoint addresses.  In the case that transport mode is used, no
      additional addresses are specified.
====================
see: <a  rel="nofollow" href="https://tools.ietf.org/html/draft-schilcher-mobike-pfkey-extension-01">https://tools.ietf.org/html/draft-schilcher-mobike-pfkey-extension-01</a>

ipsecif(4) uses transport mode, so it should not add addresses.

ipsecif(4) supports multiple peers in the same NAPT.

E.g. ipsec0 connects between NetBSD_A and NetBSD_B, ipsec1 connects
NetBSD_A and NetBSD_C at the following figure.
                                        +----------+
                                   +----| NetBSD_B |
 +----------+           +------+   |    +----------+
 | NetBSD_A |--- ... ---| NAPT |---+
 +----------+           +------+   |    +----------+
                                   +----| NetBSD_C |
                                        +----------+

Add ATF later.

l2tp(4): fix output bytes counter. Pointed by k-goda@IIJ, thanks.
remove a variable which is no longer used.

l2tp: initialize mowner variables for MBUFTRACE

Avoid having a rtcache directly in a percpu storage
percpu(9) has a certain memory storage for each CPU and provides it by the piece
to users.  If the storages went short, percpu(9) enlarges them by allocating new
larger memory areas, replacing old ones with them and destroying the old ones.
A percpu storage referenced by a pointer gotten via percpu_getref can be
destroyed by the mechanism after a running thread sleeps even if percpu_putref
has not been called.

Using rtcache, i.e., packet processing, typically involves sleepable operations
such as rwlock so we must avoid dereferencing a rtcache that is directly stored
in a percpu storage during packet processing.  Address this situation by having
just a pointer to a rtcache in a percpu storage instead.

Reviewed by knakahara@ and yamaguchi@


wqinput: avoid having struct wqinput_worklist directly in a percpu storage
percpu(9) has a certain memory storage for each CPU and provides it by the piece
to users.  If the storages went short, percpu(9) enlarges them by allocating new
larger memory areas, replacing old ones with them and destroying the old ones.

A percpu storage referenced by a pointer gotten via percpu_getref can be
destroyed by the mechanism after a running thread sleeps even if percpu_putref
has not been called.

Input handlers of wqinput normally involves sleepable operations so we must
avoid dereferencing a percpu data (struct wqinput_worklist) after executing
an input handler.  Address this situation by having just a pointer to the data
in a percpu storage instead.

Reviewed by knakahara@ and yamaguchi@

Add missing #include <sys/kmem.h>

Divide Tx context of l2tp(4) to improve performance.
It seems l2tp(4) call path is too long for instruction cache. So, dividing
l2tp(4) Tx context improves CPU use efficiency.

After this commit, l2tp(4) throughput gains 10% on my machine(Atom C3000).

Apply some missing changes lost on the previous commit

Avoid having a rtcache directly in a percpu storage for tunnel protocols.
percpu(9) has a certain memory storage for each CPU and provides it by the piece
to users.  If the storages went short, percpu(9) enlarges them by allocating new
larger memory areas, replacing old ones with them and destroying the old ones.
A percpu storage referenced by a pointer gotten via percpu_getref can be
destroyed by the mechanism after a running thread sleeps even if percpu_putref
has not been called.

Using rtcache, i.e., packet processing, typically involves sleepable operations
such as rwlock so we must avoid dereferencing a rtcache that is directly stored
in a percpu storage during packet processing.  Address this situation by having
just a pointer to a rtcache in a percpu storage instead.

Reviewed by ozaki-r@ and yamaguchi@

l2tp(4): avoid having struct ifqueue directly in a percpu storage.

percpu(9) has a certain memory storage for each CPU and provides it by the piece
to users.  If the storages went short, percpu(9) enlarges them by allocating new
larger memory areas, replacing old ones with them and destroying the old ones.

A percpu storage referenced by a pointer gotten via percpu_getref can be
destroyed by the mechanism after a running thread sleeps even if percpu_putref
has not been called.

Tx processing of l2tp(4) uses normally involves sleepable operations so we
must avoid dereferencing a percpu data (struct ifqueue) after executing Tx
processing.  Address this situation by having just a pointer to the data in
a percpu storage instead.

Reviewed by ozaki-r@ and yamaguchi@

Revision 1.208.2.2 / (download) - annotate - [select for diffs], Tue Sep 24 03:10:35 2019 UTC (4 years, 5 months ago) by martin
Branch: netbsd-9
Changes since 1.208.2.1: +11 -11 lines
Diff to previous 1.208.2.1 (colored) to branchpoint 1.208 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by ozaki-r in ticket #238):

	sys/netipsec/ipsec_output.c: revision 1.83
	sys/net/route.h: revision 1.125
	sys/netinet6/ip6_input.c: revision 1.210
	sys/netinet6/ip6_input.c: revision 1.211
	sys/net/if.c: revision 1.461
	sys/net/if_gif.h: revision 1.33
	sys/net/route.c: revision 1.220
	sys/net/route.c: revision 1.221
	sys/net/if.h: revision 1.277
	sys/netinet6/ip6_forward.c: revision 1.97
	sys/netinet/wqinput.c: revision 1.6
	sys/net/if_ipsec.h: revision 1.5
	sys/netinet6/in6_l2tp.c: revision 1.18
	sys/netinet6/in6_gif.c: revision 1.94
	sys/net/if_l2tp.h: revision 1.7
	sys/net/if_gif.c: revision 1.149
	sys/net/if_l2tp.h: revision 1.8
	sys/netinet/in_gif.c: revision 1.95
	sys/netinet/in_l2tp.c: revision 1.17
	sys/netipsec/ipsecif.c: revision 1.17
	sys/net/if_ipsec.c: revision 1.24
	sys/net/if_l2tp.c: revision 1.37
	sys/netinet/ip_input.c: revision 1.391
	sys/net/if_l2tp.c: revision 1.38
	sys/netinet/ip_input.c: revision 1.392
	sys/net/if_l2tp.c: revision 1.39

Avoid having a rtcache directly in a percpu storage

percpu(9) has a certain memory storage for each CPU and provides it by the piece
to users.  If the storages went short, percpu(9) enlarges them by allocating new
larger memory areas, replacing old ones with them and destroying the old ones.

A percpu storage referenced by a pointer gotten via percpu_getref can be
destroyed by the mechanism after a running thread sleeps even if percpu_putref
has not been called.

Using rtcache, i.e., packet processing, typically involves sleepable operations
such as rwlock so we must avoid dereferencing a rtcache that is directly stored
in a percpu storage during packet processing.  Address this situation by having
just a pointer to a rtcache in a percpu storage instead.
Reviewed by knakahara@ and yamaguchi@

 -

wqinput: avoid having struct wqinput_worklist directly in a percpu storage

percpu(9) has a certain memory storage for each CPU and provides it by the piece
to users.  If the storages went short, percpu(9) enlarges them by allocating new
larger memory areas, replacing old ones with them and destroying the old ones.

A percpu storage referenced by a pointer gotten via percpu_getref can be
destroyed by the mechanism after a running thread sleeps even if percpu_putref
has not been called.

Input handlers of wqinput normally involves sleepable operations so we must
avoid dereferencing a percpu data (struct wqinput_worklist) after executing
an input handler.  Address this situation by having just a pointer to the data
in a percpu storage instead.
Reviewed by knakahara@ and yamaguchi@

 -

Add missing #include <sys/kmem.h>

 -

Divide Tx context of l2tp(4) to improve performance.

It seems l2tp(4) call path is too long for instruction cache. So, dividing
l2tp(4) Tx context improves CPU use efficiency.

After this commit, l2tp(4) throughput gains 10% on my machine(Atom C3000).

 -

Apply some missing changes lost on the previous commit

 -

Avoid having a rtcache directly in a percpu storage for tunnel protocols.
percpu(9) has a certain memory storage for each CPU and provides it by the piece
to users.  If the storages went short, percpu(9) enlarges them by allocating new
larger memory areas, replacing old ones with them and destroying the old ones.

A percpu storage referenced by a pointer gotten via percpu_getref can be
destroyed by the mechanism after a running thread sleeps even if percpu_putref
has not been called.

Using rtcache, i.e., packet processing, typically involves sleepable operations
such as rwlock so we must avoid dereferencing a rtcache that is directly stored
in a percpu storage during packet processing.  Address this situation by having
just a pointer to a rtcache in a percpu storage instead.

Reviewed by ozaki-r@ and yamaguchi@

 -

l2tp(4): avoid having struct ifqueue directly in a percpu storage.
percpu(9) has a certain memory storage for each CPU and provides it by the piece
to users.  If the storages went short, percpu(9) enlarges them by allocating new
larger memory areas, replacing old ones with them and destroying the old ones.

A percpu storage referenced by a pointer gotten via percpu_getref can be
destroyed by the mechanism after a running thread sleeps even if percpu_putref
has not been called.

Tx processing of l2tp(4) uses normally involves sleepable operations so we
must avoid dereferencing a percpu data (struct ifqueue) after executing Tx
processing.  Address this situation by having just a pointer to the data in
a percpu storage instead.

Reviewed by ozaki-r@ and yamaguchi@

Revision 1.211 / (download) - annotate - [select for diffs], Thu Sep 19 05:31:50 2019 UTC (4 years, 6 months ago) by ozaki-r
Branch: MAIN
Changes since 1.210: +5 -5 lines
Diff to previous 1.210 (colored) to selected 1.22 (colored)

Apply some missing changes lost on the previous commit

Revision 1.210 / (download) - annotate - [select for diffs], Thu Sep 19 04:08:29 2019 UTC (4 years, 6 months ago) by ozaki-r
Branch: MAIN
Changes since 1.209: +8 -8 lines
Diff to previous 1.209 (colored) to selected 1.22 (colored)

Avoid having a rtcache directly in a percpu storage

percpu(9) has a certain memory storage for each CPU and provides it by the piece
to users.  If the storages went short, percpu(9) enlarges them by allocating new
larger memory areas, replacing old ones with them and destroying the old ones.
A percpu storage referenced by a pointer gotten via percpu_getref can be
destroyed by the mechanism after a running thread sleeps even if percpu_putref
has not been called.

Using rtcache, i.e., packet processing, typically involves sleepable operations
such as rwlock so we must avoid dereferencing a rtcache that is directly stored
in a percpu storage during packet processing.  Address this situation by having
just a pointer to a rtcache in a percpu storage instead.

Reviewed by knakahara@ and yamaguchi@

Revision 1.208.2.1 / (download) - annotate - [select for diffs], Tue Sep 17 19:55:43 2019 UTC (4 years, 6 months ago) by martin
Branch: netbsd-9
Changes since 1.208: +9 -3 lines
Diff to previous 1.208 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by bouyer in ticket #208):

	sys/netinet6/ip6_input.c: revision 1.209
	sys/netinet/ip_input.c: revision 1.390

Packet filters can return an mbuf chain with fragmented headers, so
m_pullup() it if needed and remove the KASSERT()s.

Revision 1.178.2.8 / (download) - annotate - [select for diffs], Tue Sep 17 18:57:23 2019 UTC (4 years, 6 months ago) by martin
Branch: netbsd-8
Changes since 1.178.2.7: +9 -2 lines
Diff to previous 1.178.2.7 (colored) to branchpoint 1.178 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by bouyer in ticket #1378):

	sys/netinet6/ip6_input.c: revision 1.209 (patch)
	sys/netinet/ip_input.c: revision 1.390 (patch)

Packet filters can return an mbuf chain with fragmented headers, so
m_pullup() it if needed and remove the KASSERT()s.

Revision 1.149.2.1.2.3 / (download) - annotate - [select for diffs], Tue Sep 17 18:09:37 2019 UTC (4 years, 6 months ago) by martin
Branch: netbsd-7-0
Changes since 1.149.2.1.2.2: +10 -2 lines
Diff to previous 1.149.2.1.2.2 (colored) to branchpoint 1.149.2.1 (colored) next main 1.149.2.2 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by bouyer in ticket #1708):

	sys/netinet6/ip6_input.c: revision 1.209 via patch
	sys/netinet/ip_input.c: revision 1.390 via patch

Packet filters can return an mbuf chain with fragmented headers, so
m_pullup() it if needed and remove the KASSERT()s.

Revision 1.149.2.1.6.3 / (download) - annotate - [select for diffs], Tue Sep 17 18:08:13 2019 UTC (4 years, 6 months ago) by martin
Branch: netbsd-7-1
Changes since 1.149.2.1.6.2: +10 -2 lines
Diff to previous 1.149.2.1.6.2 (colored) to branchpoint 1.149.2.1 (colored) next main 1.149.2.2 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by bouyer in ticket #1708):

	sys/netinet6/ip6_input.c: revision 1.209 via patch
	sys/netinet/ip_input.c: revision 1.390 via patch

Packet filters can return an mbuf chain with fragmented headers, so
m_pullup() it if needed and remove the KASSERT()s.

Revision 1.149.2.4 / (download) - annotate - [select for diffs], Tue Sep 17 18:07:15 2019 UTC (4 years, 6 months ago) by martin
Branch: netbsd-7
Changes since 1.149.2.3: +10 -2 lines
Diff to previous 1.149.2.3 (colored) to branchpoint 1.149 (colored) next main 1.150 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by bouyer in ticket #1708):

	sys/netinet6/ip6_input.c: revision 1.209 via patch
	sys/netinet/ip_input.c: revision 1.390 via patch

Packet filters can return an mbuf chain with fragmented headers, so
m_pullup() it if needed and remove the KASSERT()s.

Revision 1.209 / (download) - annotate - [select for diffs], Sun Sep 15 21:00:15 2019 UTC (4 years, 6 months ago) by bouyer
Branch: MAIN
Changes since 1.208: +9 -3 lines
Diff to previous 1.208 (colored) to selected 1.22 (colored)

Packet filters can return an mbuf chain with fragmented headers, so
m_pullup() it if needed and remove the KASSERT()s.

Revision 1.204.2.1 / (download) - annotate - [select for diffs], Mon Jun 10 22:09:48 2019 UTC (4 years, 9 months ago) by christos
Branch: phil-wifi
Changes since 1.204: +12 -10 lines
Diff to previous 1.204 (colored) to selected 1.22 (colored)

Sync with HEAD

Revision 1.208 / (download) - annotate - [select for diffs], Mon May 13 07:47:59 2019 UTC (4 years, 10 months ago) by ozaki-r
Branch: MAIN
CVS Tags: phil-wifi-20190609, netbsd-9-base
Branch point for: netbsd-9
Changes since 1.207: +7 -5 lines
Diff to previous 1.207 (colored) to selected 1.22 (colored)

Count packets dropped by pfil

Revision 1.193.2.7 / (download) - annotate - [select for diffs], Fri Jan 18 08:50:58 2019 UTC (5 years, 2 months ago) by pgoyette
Branch: pgoyette-compat
CVS Tags: pgoyette-compat-merge-20190127
Changes since 1.193.2.6: +4 -4 lines
Diff to previous 1.193.2.6 (colored) to branchpoint 1.193 (colored) next main 1.194 (colored) to selected 1.22 (colored)

Synch with HEAD

Revision 1.207 / (download) - annotate - [select for diffs], Thu Jan 17 02:47:15 2019 UTC (5 years, 2 months ago) by knakahara
Branch: MAIN
CVS Tags: pgoyette-compat-20190127, pgoyette-compat-20190118, isaki-audio2-base, isaki-audio2
Changes since 1.206: +3 -3 lines
Diff to previous 1.206 (colored) to selected 1.22 (colored)

Fix ipsecif(4) cannot apply input direction packet filter. Reviewed by ozaki-r@n.o and ryo@n.o.

Add ATF later.

Revision 1.206 / (download) - annotate - [select for diffs], Mon Jan 14 18:51:15 2019 UTC (5 years, 2 months ago) by maxv
Branch: MAIN
Changes since 1.205: +3 -3 lines
Diff to previous 1.205 (colored) to selected 1.22 (colored)

Fix bug, should be ip6_protox[].

Revision 1.193.2.6 / (download) - annotate - [select for diffs], Mon Nov 26 01:52:51 2018 UTC (5 years, 3 months ago) by pgoyette
Branch: pgoyette-compat
Changes since 1.193.2.5: +5 -5 lines
Diff to previous 1.193.2.5 (colored) to branchpoint 1.193 (colored) to selected 1.22 (colored)

Sync with HEAD, resolve a couple of conflicts

Revision 1.205 / (download) - annotate - [select for diffs], Thu Nov 15 10:23:56 2018 UTC (5 years, 4 months ago) by maxv
Branch: MAIN
CVS Tags: pgoyette-compat-1226, pgoyette-compat-1126
Changes since 1.204: +5 -5 lines
Diff to previous 1.204 (colored) to selected 1.22 (colored)

Remove the 't' argument from m_tag_find().

Revision 1.193.2.5 / (download) - annotate - [select for diffs], Mon May 21 04:36:16 2018 UTC (5 years, 9 months ago) by pgoyette
Branch: pgoyette-compat
Changes since 1.193.2.4: +4 -14 lines
Diff to previous 1.193.2.4 (colored) to branchpoint 1.193 (colored) to selected 1.22 (colored)

Sync with HEAD

Revision 1.204 / (download) - annotate - [select for diffs], Sat May 19 06:44:08 2018 UTC (5 years, 10 months ago) by maxv
Branch: MAIN
CVS Tags: phil-wifi-base, pgoyette-compat-1020, pgoyette-compat-0930, pgoyette-compat-0906, pgoyette-compat-0728, pgoyette-compat-0625, pgoyette-compat-0521
Branch point for: phil-wifi
Changes since 1.203: +2 -13 lines
Diff to previous 1.203 (colored) to selected 1.22 (colored)

Remove misleading comment.

Revision 1.203 / (download) - annotate - [select for diffs], Thu May 17 11:59:36 2018 UTC (5 years, 10 months ago) by maxv
Branch: MAIN
Changes since 1.202: +3 -2 lines
Diff to previous 1.202 (colored) to selected 1.22 (colored)

Add KASSERTs, related to PR/39794.

Revision 1.202 / (download) - annotate - [select for diffs], Mon May 14 17:34:26 2018 UTC (5 years, 10 months ago) by maxv
Branch: MAIN
Changes since 1.201: +3 -3 lines
Diff to previous 1.201 (colored) to selected 1.22 (colored)

Merge ipsec4_input and ipsec6_input into ipsec_ip_input. Make the argument
a bool for clarity. Optimize the function: if M_CANFASTFWD is not there
(because already removed by the firewall) leave now.

Makes it easier to see that M_CANFASTFWD is not removed on IPv6.

Revision 1.193.2.4 / (download) - annotate - [select for diffs], Wed May 2 07:20:23 2018 UTC (5 years, 10 months ago) by pgoyette
Branch: pgoyette-compat
Changes since 1.193.2.3: +42 -48 lines
Diff to previous 1.193.2.3 (colored) to branchpoint 1.193 (colored) to selected 1.22 (colored)

Synch with HEAD

Revision 1.201 / (download) - annotate - [select for diffs], Tue May 1 07:21:39 2018 UTC (5 years, 10 months ago) by maxv
Branch: MAIN
CVS Tags: pgoyette-compat-0502
Changes since 1.200: +2 -4 lines
Diff to previous 1.200 (colored) to selected 1.22 (colored)

Remove now unused net_osdep.h includes, the other BSDs did the same.

Revision 1.200 / (download) - annotate - [select for diffs], Thu Apr 26 19:22:17 2018 UTC (5 years, 10 months ago) by maxv
Branch: MAIN
Changes since 1.199: +3 -3 lines
Diff to previous 1.199 (colored) to selected 1.22 (colored)

Remove unused mbuf argument from sbsavetimestamp.

Revision 1.199 / (download) - annotate - [select for diffs], Thu Apr 26 07:01:38 2018 UTC (5 years, 10 months ago) by maxv
Branch: MAIN
Changes since 1.198: +41 -45 lines
Diff to previous 1.198 (colored) to selected 1.22 (colored)

Move the address checks into one function, ip6_badaddr(). In this function,
reinstate the "IPv4-compatible IPv6 addresses" check; these addresses are
deprecated by RFC4291 (2006).

Revision 1.193.2.3 / (download) - annotate - [select for diffs], Mon Apr 16 02:00:09 2018 UTC (5 years, 11 months ago) by pgoyette
Branch: pgoyette-compat
Changes since 1.193.2.2: +7 -18 lines
Diff to previous 1.193.2.2 (colored) to branchpoint 1.193 (colored) to selected 1.22 (colored)

Sync with HEAD, resolve some conflicts

Revision 1.198 / (download) - annotate - [select for diffs], Sun Apr 15 08:31:18 2018 UTC (5 years, 11 months ago) by maxv
Branch: MAIN
CVS Tags: pgoyette-compat-0422, pgoyette-compat-0415
Changes since 1.197: +2 -14 lines
Diff to previous 1.197 (colored) to selected 1.22 (colored)

Remove useless DIAGNOSTIC block, the caller already ensures the
assumptions, and here we're not doing anything (it should be a panic
rather than a printf).

Revision 1.197 / (download) - annotate - [select for diffs], Sun Apr 15 07:35:49 2018 UTC (5 years, 11 months ago) by maxv
Branch: MAIN
Changes since 1.196: +4 -2 lines
Diff to previous 1.196 (colored) to selected 1.22 (colored)

Introduce a m_verify_packet function, that verifies the mbuf chain of a
packet to ensure it is not malformed. Call this function in "points of
interest", that are the IPv4/IPv6/IPsec entry points. There could be more.

We use M_VERIFY_PACKET(m), declared under DIAGNOSTIC only.

This function should not be called everywhere, especially not in places
that temporarily manipulate (and clobber) the mbuf structure; once they're
done they put the mbuf back in a correct format.

Revision 1.196 / (download) - annotate - [select for diffs], Wed Apr 11 07:55:19 2018 UTC (5 years, 11 months ago) by maxv
Branch: MAIN
Changes since 1.195: +5 -6 lines
Diff to previous 1.195 (colored) to selected 1.22 (colored)

Add comment about IPsec.

Revision 1.178.2.7 / (download) - annotate - [select for diffs], Mon Apr 9 13:34:10 2018 UTC (5 years, 11 months ago) by bouyer
Branch: netbsd-8
CVS Tags: netbsd-8-1-RELEASE, netbsd-8-1-RC1, netbsd-8-0-RELEASE, netbsd-8-0-RC2, netbsd-8-0-RC1
Changes since 1.178.2.6: +3 -3 lines
Diff to previous 1.178.2.6 (colored) to branchpoint 1.178 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by roy in ticket #724):
	tests/net/icmp/t_ping.c: revision 1.19
	sys/netinet6/raw_ip6.c: revision 1.166
	sys/netinet6/ip6_input.c: revision 1.195
	sys/net/raw_usrreq.c: revision 1.59
	sys/sys/socketvar.h: revision 1.151
	sys/kern/uipc_socket2.c: revision 1.128
	tests/lib/libc/sys/t_recvmmsg.c: revision 1.2
	lib/libc/sys/recv.2: revision 1.38
	sys/net/rtsock.c: revision 1.239
	sys/netinet/udp_usrreq.c: revision 1.246
	sys/netinet6/icmp6.c: revision 1.224
	tests/net/icmp/t_ping.c: revision 1.20
	sys/netipsec/keysock.c: revision 1.63
	sys/netinet/raw_ip.c: revision 1.172
	sys/kern/uipc_socket.c: revision 1.260
	tests/net/icmp/t_ping.c: revision 1.22
	sys/kern/uipc_socket.c: revision 1.261
	tests/net/icmp/t_ping.c: revision 1.23
	sys/netinet/ip_mroute.c: revision 1.155
	sbin/route/route.c: revision 1.159
	sys/netinet6/ip6_mroute.c: revision 1.123
	sys/netatalk/ddp_input.c: revision 1.31
	sys/netcan/can.c: revision 1.3
	sys/kern/uipc_usrreq.c: revision 1.184
	sys/netinet6/udp6_usrreq.c: revision 1.138
	tests/net/icmp/t_ping.c: revision 1.18
socket: report receive buffer overflows
Add soroverflow() which increments the overflow counter, sets so_error
to ENOBUFS and wakes the receive socket up.
Replace all code that manually increments this counter with soroverflow().
Add soroverflow() to raw_input().
This allows userland to detect route(4) overflows so it can re-sync
with the current state.
socket: clear error even when peeking
The error has already been reported and it's pointless requiring another
recv(2) call just to clear it.
socket: remove now incorrect comment that so_error is only udp
As it can be affected by route(4) sockets which are raw.
rtsock: log dropped messages that we cannot report to userland
Handle ENOBUFS when receiving messages.
Don't send messages if the receiver has died.
Sprinkle more soroverflow().
Handle ENOBUFS in recv
Handle ENOBUFS in sendto
Note value received. Harden another sendto for ENOBUFS.
Handle the routing socket overflowing gracefully.
Allow a valid sendto .... duh
Handle errors better.
Fix test for checking we sent all the data we asked to.

Revision 1.193.2.2 / (download) - annotate - [select for diffs], Thu Mar 22 01:44:51 2018 UTC (5 years, 11 months ago) by pgoyette
Branch: pgoyette-compat
Changes since 1.193.2.1: +3 -3 lines
Diff to previous 1.193.2.1 (colored) to branchpoint 1.193 (colored) to selected 1.22 (colored)

Synch with HEAD, resolve conflicts

Revision 1.195 / (download) - annotate - [select for diffs], Wed Mar 21 14:23:54 2018 UTC (5 years, 11 months ago) by roy
Branch: MAIN
CVS Tags: pgoyette-compat-0407, pgoyette-compat-0330, pgoyette-compat-0322
Changes since 1.194: +3 -3 lines
Diff to previous 1.194 (colored) to selected 1.22 (colored)

Sprinkle more soroverflow().

Revision 1.193.2.1 / (download) - annotate - [select for diffs], Thu Mar 15 09:12:07 2018 UTC (6 years ago) by pgoyette
Branch: pgoyette-compat
Changes since 1.193: +50 -50 lines
Diff to previous 1.193 (colored) to selected 1.22 (colored)

Synch with HEAD

Revision 1.194 / (download) - annotate - [select for diffs], Tue Mar 6 17:39:36 2018 UTC (6 years ago) by maxv
Branch: MAIN
CVS Tags: pgoyette-compat-0315
Changes since 1.193: +50 -50 lines
Diff to previous 1.193 (colored) to selected 1.22 (colored)

Perform the IP (src/dst) checks _before_ calling the packet filter, because
if the filter has a "return-icmp" rule it may call icmp6_error with an src
field that was not entirely validated.

Revision 1.178.2.6 / (download) - annotate - [select for diffs], Mon Feb 26 13:32:01 2018 UTC (6 years ago) by martin
Branch: netbsd-8
Changes since 1.178.2.5: +4 -4 lines
Diff to previous 1.178.2.5 (colored) to branchpoint 1.178 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by ozaki-r in ticket #588):
	sys/netinet6/in6.c: revision 1.260
	sys/netinet/in.c: revision 1.219
	sys/netinet/wqinput.c: revision 1.4
	sys/rump/net/lib/libnetinet/netinet_component.c: revision 1.11
	sys/netinet/ip_input.c: revision 1.376
	sys/netinet6/ip6_input.c: revision 1.193
Avoid a deadlock between softnet_lock and IFNET_LOCK

A deadlock occurs because there is a violation of the rule of lock ordering;
softnet_lock is held with hodling IFNET_LOCK, which violates the rule.
To avoid the deadlock, replace softnet_lock in in_control and in6_control
with KERNEL_LOCK.

We also need to add some KERNEL_LOCKs to protect the network stack surely.
This is required, for example, for PR kern/51356.

Fix PR kern/53043

Revision 1.178.2.5 / (download) - annotate - [select for diffs], Mon Feb 26 00:26:46 2018 UTC (6 years ago) by snj
Branch: netbsd-8
Changes since 1.178.2.4: +10 -3 lines
Diff to previous 1.178.2.4 (colored) to branchpoint 1.178 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by maxv in ticket #568):
	sys/netinet6/ip6_input.c: 1.188
Kick nested fragments.

Revision 1.149.2.3 / (download) - annotate - [select for diffs], Sun Feb 25 23:17:47 2018 UTC (6 years ago) by snj
Branch: netbsd-7
CVS Tags: netbsd-7-2-RELEASE
Changes since 1.149.2.2: +11 -3 lines
Diff to previous 1.149.2.2 (colored) to branchpoint 1.149 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by maxv in ticket #1572):
	sys/netinet6/ip6_input.c: 1.188 via patch
Kick nested fragments.

Revision 1.149.2.1.6.2 / (download) - annotate - [select for diffs], Sun Feb 25 23:17:37 2018 UTC (6 years ago) by snj
Branch: netbsd-7-1
CVS Tags: netbsd-7-1-2-RELEASE
Changes since 1.149.2.1.6.1: +11 -3 lines
Diff to previous 1.149.2.1.6.1 (colored) to branchpoint 1.149.2.1 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by maxv in ticket #1572):
	sys/netinet6/ip6_input.c: 1.188 via patch
Kick nested fragments.

Revision 1.149.2.1.2.2 / (download) - annotate - [select for diffs], Sun Feb 25 23:17:22 2018 UTC (6 years ago) by snj
Branch: netbsd-7-0
Changes since 1.149.2.1.2.1: +11 -3 lines
Diff to previous 1.149.2.1.2.1 (colored) to branchpoint 1.149.2.1 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by maxv in ticket #1572):
	sys/netinet6/ip6_input.c: 1.188 via patch
Kick nested fragments.

Revision 1.193 / (download) - annotate - [select for diffs], Sat Feb 24 07:37:09 2018 UTC (6 years ago) by ozaki-r
Branch: MAIN
CVS Tags: pgoyette-compat-base
Branch point for: pgoyette-compat
Changes since 1.192: +4 -4 lines
Diff to previous 1.192 (colored) to selected 1.22 (colored)

Avoid a deadlock between softnet_lock and IFNET_LOCK

A deadlock occurs because there is a violation of the rule of lock ordering;
softnet_lock is held with hodling IFNET_LOCK, which violates the rule.
To avoid the deadlock, replace softnet_lock in in_control and in6_control
with KERNEL_LOCK.

We also need to add some KERNEL_LOCKs to protect the network stack surely.
This is required, for example, for PR kern/51356.

Fix PR kern/53043

Revision 1.192 / (download) - annotate - [select for diffs], Wed Feb 14 05:29:39 2018 UTC (6 years, 1 month ago) by maxv
Branch: MAIN
Changes since 1.191: +3 -3 lines
Diff to previous 1.191 (colored) to selected 1.22 (colored)

Re-make ip6_nexthdr global, it will be used in soon-to-be-added code...

Revision 1.191 / (download) - annotate - [select for diffs], Mon Feb 12 12:52:12 2018 UTC (6 years, 1 month ago) by maxv
Branch: MAIN
Changes since 1.190: +3 -3 lines
Diff to previous 1.190 (colored) to selected 1.22 (colored)

Replace bcopy -> memcpy when it is obvious that the areas don't overlap.
Rearrange ip6_splithdr() for clarity.

Revision 1.190 / (download) - annotate - [select for diffs], Fri Feb 9 18:31:52 2018 UTC (6 years, 1 month ago) by maxv
Branch: MAIN
Changes since 1.189: +2 -10 lines
Diff to previous 1.189 (colored) to selected 1.22 (colored)

Remove dead code.

Revision 1.136.6.2 / (download) - annotate - [select for diffs], Tue Jan 30 18:47:35 2018 UTC (6 years, 1 month ago) by martin
Branch: netbsd-6-0
Changes since 1.136.6.1: +20 -26 lines
Diff to previous 1.136.6.1 (colored) to branchpoint 1.136 (colored) next main 1.137 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by maxv in ticket #1523):
	sys/netinet6/frag6.c: revision 1.65
	sys/netinet6/ip6_input.c: revision 1.187
	sys/netinet6/ip6_var.h: revision 1.78
	sys/netinet6/raw_ip6.c: revision 1.160 (patch)
	sys/netinet6/ah_input.c: adjust other callers (patch)
	sys/netinet6/esp_input.c: adjust other callers (patch)
	sys/netinet6/ipcomp_input.c: adjust other callers (patch)
Fix a buffer overflow in ip6_get_prevhdr. Doing
        mtod(m, char *) + len
is wrong, an option is allowed to be located in another mbuf of the chain.
If the offset of an option within the chain is bigger than the length of
the first mbuf in that chain, we are reading/writing one byte of packet-
controlled data beyond the end of the first mbuf.
The length of this first mbuf depends on the layout the network driver
chose. In the most difficult case, it will allocate a 2KB cluster, which
is bigger than the Ethernet MTU.
But there is at least one way of exploiting this case: by sending a
special combination of nested IPv6 fragments, the packet can control a
good bunch of 'len'. By luck, the memory pool containing clusters does not
embed the pool header in front of the items, so it is not straightforward
to predict what is located at 'mtod(m, char *) + len'.
However, by sending offending fragments in a loop, it is possible to
crash the kernel - at some point we will hit important data structures.
As far as I can tell, PF protects against this difficult case, because
it kicks nested fragments. NPF does not protect against this. IPF I don't
know.
Then there are the more easy cases, if the MTU is bigger than a cluster,
or if the network driver did not allocate a cluster, or perhaps if the
fragments are received via a tunnel; I haven't investigated these cases.
Change ip6_get_prevhdr so that it returns an offset in the chain, and
always use IP6_EXTHDR_GET to get a writable pointer. IP6_EXTHDR_GET
leaves M_PKTHDR untouched.
This place is still fragile.

Revision 1.136.8.2 / (download) - annotate - [select for diffs], Tue Jan 30 18:45:59 2018 UTC (6 years, 1 month ago) by martin
Branch: netbsd-6-1
Changes since 1.136.8.1: +20 -26 lines
Diff to previous 1.136.8.1 (colored) to branchpoint 1.136 (colored) next main 1.137 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by maxv in ticket #1523):
	sys/netinet6/frag6.c: revision 1.65
	sys/netinet6/ip6_input.c: revision 1.187
	sys/netinet6/ip6_var.h: revision 1.78
	sys/netinet6/raw_ip6.c: revision 1.160 (patch)
	sys/netinet6/ah_input.c: adjust other callers (patch)
	sys/netinet6/esp_input.c: adjust other callers (patch)
	sys/netinet6/ipcomp_input.c: adjust other callers (patch)
Fix a buffer overflow in ip6_get_prevhdr. Doing
        mtod(m, char *) + len
is wrong, an option is allowed to be located in another mbuf of the chain.
If the offset of an option within the chain is bigger than the length of
the first mbuf in that chain, we are reading/writing one byte of packet-
controlled data beyond the end of the first mbuf.
The length of this first mbuf depends on the layout the network driver
chose. In the most difficult case, it will allocate a 2KB cluster, which
is bigger than the Ethernet MTU.
But there is at least one way of exploiting this case: by sending a
special combination of nested IPv6 fragments, the packet can control a
good bunch of 'len'. By luck, the memory pool containing clusters does not
embed the pool header in front of the items, so it is not straightforward
to predict what is located at 'mtod(m, char *) + len'.
However, by sending offending fragments in a loop, it is possible to
crash the kernel - at some point we will hit important data structures.
As far as I can tell, PF protects against this difficult case, because
it kicks nested fragments. NPF does not protect against this. IPF I don't
know.
Then there are the more easy cases, if the MTU is bigger than a cluster,
or if the network driver did not allocate a cluster, or perhaps if the
fragments are received via a tunnel; I haven't investigated these cases.
Change ip6_get_prevhdr so that it returns an offset in the chain, and
always use IP6_EXTHDR_GET to get a writable pointer. IP6_EXTHDR_GET
leaves M_PKTHDR untouched.
This place is still fragile.

Revision 1.136.2.2 / (download) - annotate - [select for diffs], Tue Jan 30 18:44:22 2018 UTC (6 years, 1 month ago) by martin
Branch: netbsd-6
Changes since 1.136.2.1: +20 -26 lines
Diff to previous 1.136.2.1 (colored) to branchpoint 1.136 (colored) next main 1.137 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by maxv in ticket #1523):
	sys/netinet6/frag6.c: revision 1.65
	sys/netinet6/ip6_input.c: revision 1.187
	sys/netinet6/ip6_var.h: revision 1.78
	sys/netinet6/raw_ip6.c: revision 1.160 (patch)
	sys/netinet6/ah_input.c: adjust other callers (patch)
	sys/netinet6/esp_input.c: adjust other callers (patch)
	sys/netinet6/ipcomp_input.c: adjust other callers (patch)
Fix a buffer overflow in ip6_get_prevhdr. Doing
        mtod(m, char *) + len
is wrong, an option is allowed to be located in another mbuf of the chain.
If the offset of an option within the chain is bigger than the length of
the first mbuf in that chain, we are reading/writing one byte of packet-
controlled data beyond the end of the first mbuf.
The length of this first mbuf depends on the layout the network driver
chose. In the most difficult case, it will allocate a 2KB cluster, which
is bigger than the Ethernet MTU.
But there is at least one way of exploiting this case: by sending a
special combination of nested IPv6 fragments, the packet can control a
good bunch of 'len'. By luck, the memory pool containing clusters does not
embed the pool header in front of the items, so it is not straightforward
to predict what is located at 'mtod(m, char *) + len'.
However, by sending offending fragments in a loop, it is possible to
crash the kernel - at some point we will hit important data structures.
As far as I can tell, PF protects against this difficult case, because
it kicks nested fragments. NPF does not protect against this. IPF I don't
know.
Then there are the more easy cases, if the MTU is bigger than a cluster,
or if the network driver did not allocate a cluster, or perhaps if the
fragments are received via a tunnel; I haven't investigated these cases.
Change ip6_get_prevhdr so that it returns an offset in the chain, and
always use IP6_EXTHDR_GET to get a writable pointer. IP6_EXTHDR_GET
leaves M_PKTHDR untouched.
This place is still fragile.

Revision 1.149.2.1.2.1 / (download) - annotate - [select for diffs], Tue Jan 30 18:31:53 2018 UTC (6 years, 1 month ago) by martin
Branch: netbsd-7-0
Changes since 1.149.2.1: +20 -26 lines
Diff to previous 1.149.2.1 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by maxv in ticket #1560):
	sys/netinet6/frag6.c: revision 1.65
	sys/netinet6/ip6_input.c: revision 1.187
	sys/netinet6/ip6_var.h: revision 1.78
	sys/netinet6/raw_ip6.c: revision 1.160 (patch)
Fix a buffer overflow in ip6_get_prevhdr. Doing
        mtod(m, char *) + len
is wrong, an option is allowed to be located in another mbuf of the chain.
If the offset of an option within the chain is bigger than the length of
the first mbuf in that chain, we are reading/writing one byte of packet-
controlled data beyond the end of the first mbuf.
The length of this first mbuf depends on the layout the network driver
chose. In the most difficult case, it will allocate a 2KB cluster, which
is bigger than the Ethernet MTU.
But there is at least one way of exploiting this case: by sending a
special combination of nested IPv6 fragments, the packet can control a
good bunch of 'len'. By luck, the memory pool containing clusters does not
embed the pool header in front of the items, so it is not straightforward
to predict what is located at 'mtod(m, char *) + len'.
However, by sending offending fragments in a loop, it is possible to
crash the kernel - at some point we will hit important data structures.
As far as I can tell, PF protects against this difficult case, because
it kicks nested fragments. NPF does not protect against this. IPF I don't
know.
Then there are the more easy cases, if the MTU is bigger than a cluster,
or if the network driver did not allocate a cluster, or perhaps if the
fragments are received via a tunnel; I haven't investigated these cases.
Change ip6_get_prevhdr so that it returns an offset in the chain, and
always use IP6_EXTHDR_GET to get a writable pointer. IP6_EXTHDR_GET
leaves M_PKTHDR untouched.
This place is still fragile.

Revision 1.149.2.1.6.1 / (download) - annotate - [select for diffs], Tue Jan 30 18:30:31 2018 UTC (6 years, 1 month ago) by martin
Branch: netbsd-7-1
Changes since 1.149.2.1: +20 -26 lines
Diff to previous 1.149.2.1 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by maxv in ticket #1560):
	sys/netinet6/frag6.c: revision 1.65
	sys/netinet6/ip6_input.c: revision 1.187
	sys/netinet6/ip6_var.h: revision 1.78
	sys/netinet6/raw_ip6.c: revision 1.160 (patch)
Fix a buffer overflow in ip6_get_prevhdr. Doing
        mtod(m, char *) + len
is wrong, an option is allowed to be located in another mbuf of the chain.
If the offset of an option within the chain is bigger than the length of
the first mbuf in that chain, we are reading/writing one byte of packet-
controlled data beyond the end of the first mbuf.
The length of this first mbuf depends on the layout the network driver
chose. In the most difficult case, it will allocate a 2KB cluster, which
is bigger than the Ethernet MTU.
But there is at least one way of exploiting this case: by sending a
special combination of nested IPv6 fragments, the packet can control a
good bunch of 'len'. By luck, the memory pool containing clusters does not
embed the pool header in front of the items, so it is not straightforward
to predict what is located at 'mtod(m, char *) + len'.
However, by sending offending fragments in a loop, it is possible to
crash the kernel - at some point we will hit important data structures.
As far as I can tell, PF protects against this difficult case, because
it kicks nested fragments. NPF does not protect against this. IPF I don't
know.
Then there are the more easy cases, if the MTU is bigger than a cluster,
or if the network driver did not allocate a cluster, or perhaps if the
fragments are received via a tunnel; I haven't investigated these cases.
Change ip6_get_prevhdr so that it returns an offset in the chain, and
always use IP6_EXTHDR_GET to get a writable pointer. IP6_EXTHDR_GET
leaves M_PKTHDR untouched.
This place is still fragile.

Revision 1.149.2.2 / (download) - annotate - [select for diffs], Tue Jan 30 18:28:45 2018 UTC (6 years, 1 month ago) by martin
Branch: netbsd-7
Changes since 1.149.2.1: +20 -26 lines
Diff to previous 1.149.2.1 (colored) to branchpoint 1.149 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by maxv in ticket #1560):
	sys/netinet6/frag6.c: revision 1.65
	sys/netinet6/ip6_input.c: revision 1.187
	sys/netinet6/ip6_var.h: revision 1.78
	sys/netinet6/raw_ip6.c: revision 1.160 (patch)
Fix a buffer overflow in ip6_get_prevhdr. Doing
        mtod(m, char *) + len
is wrong, an option is allowed to be located in another mbuf of the chain.
If the offset of an option within the chain is bigger than the length of
the first mbuf in that chain, we are reading/writing one byte of packet-
controlled data beyond the end of the first mbuf.
The length of this first mbuf depends on the layout the network driver
chose. In the most difficult case, it will allocate a 2KB cluster, which
is bigger than the Ethernet MTU.
But there is at least one way of exploiting this case: by sending a
special combination of nested IPv6 fragments, the packet can control a
good bunch of 'len'. By luck, the memory pool containing clusters does not
embed the pool header in front of the items, so it is not straightforward
to predict what is located at 'mtod(m, char *) + len'.
However, by sending offending fragments in a loop, it is possible to
crash the kernel - at some point we will hit important data structures.
As far as I can tell, PF protects against this difficult case, because
it kicks nested fragments. NPF does not protect against this. IPF I don't
know.
Then there are the more easy cases, if the MTU is bigger than a cluster,
or if the network driver did not allocate a cluster, or perhaps if the
fragments are received via a tunnel; I haven't investigated these cases.
Change ip6_get_prevhdr so that it returns an offset in the chain, and
always use IP6_EXTHDR_GET to get a writable pointer. IP6_EXTHDR_GET
leaves M_PKTHDR untouched.
This place is still fragile.

Revision 1.178.2.4 / (download) - annotate - [select for diffs], Tue Jan 30 18:21:09 2018 UTC (6 years, 1 month ago) by martin
Branch: netbsd-8
Changes since 1.178.2.3: +20 -26 lines
Diff to previous 1.178.2.3 (colored) to branchpoint 1.178 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by maxv in ticket #527):
	sys/netinet6/frag6.c: revision 1.65
	sys/netinet6/ip6_input.c: revision 1.187
	sys/netinet6/ip6_var.h: revision 1.78
	sys/netinet6/raw_ip6.c: revision 1.160
Fix a buffer overflow in ip6_get_prevhdr. Doing
        mtod(m, char *) + len
is wrong, an option is allowed to be located in another mbuf of the chain.
If the offset of an option within the chain is bigger than the length of
the first mbuf in that chain, we are reading/writing one byte of packet-
controlled data beyond the end of the first mbuf.
The length of this first mbuf depends on the layout the network driver
chose. In the most difficult case, it will allocate a 2KB cluster, which
is bigger than the Ethernet MTU.
But there is at least one way of exploiting this case: by sending a
special combination of nested IPv6 fragments, the packet can control a
good bunch of 'len'. By luck, the memory pool containing clusters does not
embed the pool header in front of the items, so it is not straightforward
to predict what is located at 'mtod(m, char *) + len'.
However, by sending offending fragments in a loop, it is possible to
crash the kernel - at some point we will hit important data structures.
As far as I can tell, PF protects against this difficult case, because
it kicks nested fragments. NPF does not protect against this. IPF I don't
know.
Then there are the more easy cases, if the MTU is bigger than a cluster,
or if the network driver did not allocate a cluster, or perhaps if the
fragments are received via a tunnel; I haven't investigated these cases.
Change ip6_get_prevhdr so that it returns an offset in the chain, and
always use IP6_EXTHDR_GET to get a writable pointer. IP6_EXTHDR_GET
leaves M_PKTHDR untouched.
This place is still fragile.

Revision 1.189 / (download) - annotate - [select for diffs], Tue Jan 30 15:54:02 2018 UTC (6 years, 1 month ago) by maxv
Branch: MAIN
Changes since 1.188: +11 -50 lines
Diff to previous 1.188 (colored) to selected 1.22 (colored)

Style, localify, remove dead code, and fix typos. No functional change.

Revision 1.188 / (download) - annotate - [select for diffs], Tue Jan 30 15:35:31 2018 UTC (6 years, 1 month ago) by maxv
Branch: MAIN
Changes since 1.187: +10 -3 lines
Diff to previous 1.187 (colored) to selected 1.22 (colored)

Kick nested fragments.

Revision 1.187 / (download) - annotate - [select for diffs], Tue Jan 30 14:49:25 2018 UTC (6 years, 1 month ago) by maxv
Branch: MAIN
Changes since 1.186: +20 -26 lines
Diff to previous 1.186 (colored) to selected 1.22 (colored)

Fix a buffer overflow in ip6_get_prevhdr. Doing

	mtod(m, char *) + len

is wrong, an option is allowed to be located in another mbuf of the chain.
If the offset of an option within the chain is bigger than the length of
the first mbuf in that chain, we are reading/writing one byte of packet-
controlled data beyond the end of the first mbuf.

The length of this first mbuf depends on the layout the network driver
chose. In the most difficult case, it will allocate a 2KB cluster, which
is bigger than the Ethernet MTU.

But there is at least one way of exploiting this case: by sending a
special combination of nested IPv6 fragments, the packet can control a
good bunch of 'len'. By luck, the memory pool containing clusters does not
embed the pool header in front of the items, so it is not straightforward
to predict what is located at 'mtod(m, char *) + len'.

However, by sending offending fragments in a loop, it is possible to
crash the kernel - at some point we will hit important data structures.

As far as I can tell, PF protects against this difficult case, because
it kicks nested fragments. NPF does not protect against this. IPF I don't
know.

Then there are the more easy cases, if the MTU is bigger than a cluster,
or if the network driver did not allocate a cluster, or perhaps if the
fragments are received via a tunnel; I haven't investigated these cases.

Change ip6_get_prevhdr so that it returns an offset in the chain, and
always use IP6_EXTHDR_GET to get a writable pointer. IP6_EXTHDR_GET
leaves M_PKTHDR untouched.

This place is still fragile.

Revision 1.186 / (download) - annotate - [select for diffs], Mon Jan 29 10:57:13 2018 UTC (6 years, 1 month ago) by maxv
Branch: MAIN
Changes since 1.185: +32 -61 lines
Diff to previous 1.185 (colored) to selected 1.22 (colored)

Start cleaning up ip6_input.c. Several pieces of code have evolved but
their neighboring comments were not updated. So update them, and remove
code that has been disabled for years (it has no use anyway).

Revision 1.178.2.3 / (download) - annotate - [select for diffs], Tue Jan 2 10:20:34 2018 UTC (6 years, 2 months ago) by snj
Branch: netbsd-8
Changes since 1.178.2.2: +4 -8 lines
Diff to previous 1.178.2.2 (colored) to branchpoint 1.178 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by ozaki-r in ticket #456):
	sys/arch/arm/sunxi/sunxi_emac.c: 1.9
	sys/dev/ic/dwc_gmac.c: 1.43-1.44
	sys/dev/pci/if_iwm.c: 1.75
	sys/dev/pci/if_wm.c: 1.543
	sys/dev/pci/ixgbe/ixgbe.c: 1.112
	sys/dev/pci/ixgbe/ixv.c: 1.74
	sys/kern/sys_socket.c: 1.75
	sys/net/agr/if_agr.c: 1.43
	sys/net/bpf.c: 1.219
	sys/net/if.c: 1.397, 1.399, 1.401-1.403, 1.406-1.410, 1.412-1.416
	sys/net/if.h: 1.242-1.247, 1.250, 1.252-1.257
	sys/net/if_bridge.c: 1.140 via patch, 1.142-1.146
	sys/net/if_etherip.c: 1.40
	sys/net/if_ethersubr.c: 1.243, 1.246
	sys/net/if_faith.c: 1.57
	sys/net/if_gif.c: 1.132
	sys/net/if_l2tp.c: 1.15, 1.17
	sys/net/if_loop.c: 1.98-1.101
	sys/net/if_media.c: 1.35
	sys/net/if_pppoe.c: 1.131-1.132
	sys/net/if_spppsubr.c: 1.176-1.177
	sys/net/if_tun.c: 1.142
	sys/net/if_vlan.c: 1.107, 1.109, 1.114-1.121
	sys/net/npf/npf_ifaddr.c: 1.3
	sys/net/npf/npf_os.c: 1.8-1.9
	sys/net/rtsock.c: 1.230
	sys/netcan/if_canloop.c: 1.3-1.5
	sys/netinet/if_arp.c: 1.255
	sys/netinet/igmp.c: 1.65
	sys/netinet/in.c: 1.210-1.211
	sys/netinet/in_pcb.c: 1.180
	sys/netinet/ip_carp.c: 1.92, 1.94
	sys/netinet/ip_flow.c: 1.81
	sys/netinet/ip_input.c: 1.362
	sys/netinet/ip_mroute.c: 1.147
	sys/netinet/ip_output.c: 1.283, 1.285, 1.287
	sys/netinet6/frag6.c: 1.61
	sys/netinet6/in6.c: 1.251, 1.255
	sys/netinet6/in6_pcb.c: 1.162
	sys/netinet6/ip6_flow.c: 1.35
	sys/netinet6/ip6_input.c: 1.183
	sys/netinet6/ip6_output.c: 1.196
	sys/netinet6/mld6.c: 1.90
	sys/netinet6/nd6.c: 1.239-1.240
	sys/netinet6/nd6_nbr.c: 1.139
	sys/netinet6/nd6_rtr.c: 1.136
	sys/netipsec/ipsec_output.c: 1.65
	sys/rump/net/lib/libnetinet/netinet_component.c: 1.9-1.10
kmem_intr_free kmem_intr_[z]alloced memory
the underlying pools are the same but api-wise those should match
Unify IFEF_*_MPSAFE into IFEF_MPSAFE
There are already two flags for if_output and if_start, however, it seems such
MPSAFE flags are eventually needed for all if_XXX operations. Having discrete
flags for each operation is wasteful of if_extflags bits. So let's unify
the flags into one: IFEF_MPSAFE.
Fortunately IFEF_*_MPSAFE flags have never been included in any releases, so
we can change them without breaking backward compatibility of the releases
(though the kernel version of -current should be bumped).
Note that if an interface have both MP-safe and non-MP-safe operations at a
time, we have to set the IFEF_MPSAFE flag and let callees of non-MP-safe
opeartions take the kernel lock.
Proposed on tech-kern@ and tech-net@
Provide macros for softnet_lock and KERNEL_LOCK hiding NET_MPSAFE switch
It reduces C&P codes such as "#ifndef NET_MPSAFE KERNEL_LOCK(1, NULL); ..."
scattered all over the source code and makes it easy to identify remaining
KERNEL_LOCK and/or softnet_lock that are held even if NET_MPSAFE.
No functional change
Hold KERNEL_LOCK on if_ioctl selectively based on IFEF_MPSAFE
If IFEF_MPSAFE is set, hold the lock and otherwise don't hold.
This change requires additions of KERNEL_LOCK to subsequence functions from
if_ioctl such as ifmedia_ioctl and ifioctl_common to protect non-MP-safe
components.
Proposed on tech-kern@ and tech-net@
Ensure to hold if_ioctl_lock when calling if_flags_set
Fix locking against myself on ifpromisc
vlan_unconfig_locked could be called with holding if_ioctl_lock.
Ensure to not turn on IFF_RUNNING of an interface until its initialization completes
And ensure to turn off it before destruction as per IFF_RUNNING's description
"resource allocated". (The description is a bit doubtful though, I believe the
change is still proper.)
Ensure to hold if_ioctl_lock on if_up and if_down
One exception for if_down is if_detach; in the case the lock isn't needed
because it's guaranteed that no other one can access ifp at that point.
Make if_link_queue MP-safe if IFEF_MPSAFE
if_link_queue is a queue to store events of link state changes, which is
used to pass events from (typically) an interrupt handler to
if_link_state_change softint. The queue was protected by KERNEL_LOCK so far,
but if IFEF_MPSAFE is enabled, it becomes unsafe because (perhaps) an interrupt
handler of an interface with IFEF_MPSAFE doesn't take KERNEL_LOCK. Protect it
by a spin mutex.
Additionally with this change KERNEL_LOCK of if_link_state_change softint is
omitted if NET_MPSAFE is enabled.
Note that the spin mutex is now ifp->if_snd.ifq_lock as well as the case of
if_timer (see the comment).
Use IFADDR_WRITER_FOREACH instead of IFADDR_READER_FOREACH
At that point no other one modifies the list so IFADDR_READER_FOREACH
is unnecessary. Use of IFADDR_READER_FOREACH is harmless in general though,
if we try to detect contract violations of pserialize, using it violates
the contract. So avoid using it makes life easy.
Ensure to call if_addr_init with holding if_ioctl_lock
Get rid of outdated comments
Fix build of kernels without ether
By throwing out if_enable_vlan_mtu and if_disable_vlan_mtu that
created a unnecessary dependency from if.c to if_ethersubr.c.
PR kern/52790
Rename IFNET_LOCK to IFNET_GLOBAL_LOCK
IFNET_LOCK will be used in another lock, if_ioctl_lock (might be renamed then).
Wrap if_ioctl_lock with IFNET_* macros (NFC)
Also if_ioctl_lock perhaps needs to be renamed to something because it's now
not just for ioctl...
Reorder some destruction routines in if_detach
- Destroy if_ioctl_lock at the end of the if_detach because it's used in various
  destruction routines
- Move psref_target_destroy after pr_purgeif because we want to use psref in
  pr_purgeif (otherwise destruction procedures can be tricky)
Ensure to call if_mcast_op with holding IFNET_LOCK
Note that CARP doesn't deal with IFNET_LOCK yet.
Remove IFNET_GLOBAL_LOCK where it's unnecessary because IFNET_LOCK is held
Describe which lock is used to protect each member variable of struct ifnet
Requested by skrll@
Write a guideline for converting an interface to IFEF_MPSAFE
Requested by skrll@
Note that IFNET_LOCK must not be held in softint
Don't set IFEF_MPSAFE unless NET_MPSAFE at this point
Because recent investigations show that interfaces with IFEF_MPSAFE need to
follow additional restrictions to work with the flag safely. We should enable it
on an interface by default only if the interface surely satisfies the
restrictions, which are described in if.h.
Note that enabling IFEF_MPSAFE solely gains a few benefit on performance because
the network stack is still serialized by the big kernel locks by default.

Revision 1.178.2.2 / (download) - annotate - [select for diffs], Sun Dec 10 09:24:30 2017 UTC (6 years, 3 months ago) by snj
Branch: netbsd-8
Changes since 1.178.2.1: +23 -3 lines
Diff to previous 1.178.2.1 (colored) to branchpoint 1.178 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by roy in ticket #390):
	sys/netinet/ip_input.c: 1.363
	sys/netinet6/ip6_input.c: 1.184-1.185
	sys/netinet6/ip6_output.c: 1.194-1.195
	sys/netinet6/in6_src.c: 1.83-1.84
Allow local communication over DETACHED addresses.
Allow binding to DETACHED or TENTATIVE addresses as we deny
sending upstream from them anyway.
Prefer non DETACHED or TENTATIVE addresses.
--
Attempt to restore v6 networking.   Not 100% certain that these
changes are all that is needed, but they're certainly a big part of it
(especially the ip6_input.c change.)
--
Treat unvalidated addresses as deprecated in rule 3.

Revision 1.140.2.4 / (download) - annotate - [select for diffs], Sun Dec 3 11:39:04 2017 UTC (6 years, 3 months ago) by jdolecek
Branch: tls-maxphys
Changes since 1.140.2.3: +187 -258 lines
Diff to previous 1.140.2.3 (colored) to branchpoint 1.140 (colored) next main 1.141 (colored) to selected 1.22 (colored)

update from HEAD

Revision 1.185 / (download) - annotate - [select for diffs], Sat Nov 25 13:18:02 2017 UTC (6 years, 3 months ago) by kre
Branch: MAIN
CVS Tags: tls-maxphys-base-20171202
Changes since 1.184: +3 -3 lines
Diff to previous 1.184 (colored) to selected 1.22 (colored)


Attempt to restore v6 networking.   Not 100% certain that these
changes are all that is needed, but they're certainly a big part of it
(especially the ip6_input.c change.)

Revision 1.184 / (download) - annotate - [select for diffs], Fri Nov 24 14:03:25 2017 UTC (6 years, 3 months ago) by roy
Branch: MAIN
Changes since 1.183: +23 -3 lines
Diff to previous 1.183 (colored) to selected 1.22 (colored)

Allow local communication over DETACHED addresses.
Allow binding to DETACHED or TENTATIVE addresses as we deny
sending upstream from them anyway.
Prefer non DETACHED or TENTATIVE addresses.

Revision 1.183 / (download) - annotate - [select for diffs], Fri Nov 17 07:37:12 2017 UTC (6 years, 4 months ago) by ozaki-r
Branch: MAIN
Changes since 1.182: +4 -8 lines
Diff to previous 1.182 (colored) to selected 1.22 (colored)

Provide macros for softnet_lock and KERNEL_LOCK hiding NET_MPSAFE switch

It reduces C&P codes such as "#ifndef NET_MPSAFE KERNEL_LOCK(1, NULL); ..."
scattered all over the source code and makes it easy to identify remaining
KERNEL_LOCK and/or softnet_lock that are held even if NET_MPSAFE.

No functional change

Revision 1.178.2.1 / (download) - annotate - [select for diffs], Sat Oct 21 19:43:54 2017 UTC (6 years, 4 months ago) by snj
Branch: netbsd-8
CVS Tags: matt-nb8-mediatek-base, matt-nb8-mediatek
Changes since 1.178: +2 -6 lines
Diff to previous 1.178 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by ozaki-r in ticket #300):
	crypto/dist/ipsec-tools/src/setkey/parse.y: 1.19
	crypto/dist/ipsec-tools/src/setkey/token.l: 1.20
	distrib/sets/lists/tests/mi: 1.754, 1.757, 1.759
	doc/TODO.smpnet: 1.12-1.13
	sys/net/pfkeyv2.h: 1.32
	sys/net/raw_cb.c: 1.23-1.24, 1.28
	sys/net/raw_cb.h: 1.28
	sys/net/raw_usrreq.c: 1.57-1.58
	sys/net/rtsock.c: 1.228-1.229
	sys/netinet/in_proto.c: 1.125
	sys/netinet/ip_input.c: 1.359-1.361
	sys/netinet/tcp_input.c: 1.359-1.360
	sys/netinet/tcp_output.c: 1.197
	sys/netinet/tcp_var.h: 1.178
	sys/netinet6/icmp6.c: 1.213
	sys/netinet6/in6_proto.c: 1.119
	sys/netinet6/ip6_forward.c: 1.88
	sys/netinet6/ip6_input.c: 1.181-1.182
	sys/netinet6/ip6_output.c: 1.193
	sys/netinet6/ip6protosw.h: 1.26
	sys/netipsec/ipsec.c: 1.100-1.122
	sys/netipsec/ipsec.h: 1.51-1.61
	sys/netipsec/ipsec6.h: 1.18-1.20
	sys/netipsec/ipsec_input.c: 1.44-1.51
	sys/netipsec/ipsec_netbsd.c: 1.41-1.45
	sys/netipsec/ipsec_output.c: 1.49-1.64
	sys/netipsec/ipsec_private.h: 1.5
	sys/netipsec/key.c: 1.164-1.234
	sys/netipsec/key.h: 1.20-1.32
	sys/netipsec/key_debug.c: 1.18-1.21
	sys/netipsec/key_debug.h: 1.9
	sys/netipsec/keydb.h: 1.16-1.20
	sys/netipsec/keysock.c: 1.59-1.62
	sys/netipsec/keysock.h: 1.10
	sys/netipsec/xform.h: 1.9-1.12
	sys/netipsec/xform_ah.c: 1.55-1.74
	sys/netipsec/xform_esp.c: 1.56-1.72
	sys/netipsec/xform_ipcomp.c: 1.39-1.53
	sys/netipsec/xform_ipip.c: 1.50-1.54
	sys/netipsec/xform_tcp.c: 1.12-1.16
	sys/rump/librump/rumpkern/Makefile.rumpkern: 1.170
	sys/rump/librump/rumpnet/net_stub.c: 1.27
	sys/sys/protosw.h: 1.67-1.68
	tests/net/carp/t_basic.sh: 1.7
	tests/net/if_gif/t_gif.sh: 1.11
	tests/net/if_l2tp/t_l2tp.sh: 1.3
	tests/net/ipsec/Makefile: 1.7-1.9
	tests/net/ipsec/algorithms.sh: 1.5
	tests/net/ipsec/common.sh: 1.4-1.6
	tests/net/ipsec/t_ipsec_ah_keys.sh: 1.2
	tests/net/ipsec/t_ipsec_esp_keys.sh: 1.2
	tests/net/ipsec/t_ipsec_gif.sh: 1.6-1.7
	tests/net/ipsec/t_ipsec_l2tp.sh: 1.6-1.7
	tests/net/ipsec/t_ipsec_misc.sh: 1.8-1.18
	tests/net/ipsec/t_ipsec_sockopt.sh: 1.1-1.2
	tests/net/ipsec/t_ipsec_tcp.sh: 1.1-1.2
	tests/net/ipsec/t_ipsec_transport.sh: 1.5-1.6
	tests/net/ipsec/t_ipsec_tunnel.sh: 1.9
	tests/net/ipsec/t_ipsec_tunnel_ipcomp.sh: 1.1-1.2
	tests/net/ipsec/t_ipsec_tunnel_odd.sh: 1.3
	tests/net/mcast/t_mcast.sh: 1.6
	tests/net/net/t_ipaddress.sh: 1.11
	tests/net/net_common.sh: 1.20
	tests/net/npf/t_npf.sh: 1.3
	tests/net/route/t_flags.sh: 1.20
	tests/net/route/t_flags6.sh: 1.16
	usr.bin/netstat/fast_ipsec.c: 1.22
Do m_pullup before mtod

It may fix panicks of some tests on anita/sparc and anita/GuruPlug.
---
KNF
---
Enable DEBUG for babylon5
---
Apply C99-style struct initialization to xformsw
---
Tweak outputs of netstat -s for IPsec

- Get rid of "Fast"
- Use ipsec and ipsec6 for titles to clarify protocol
- Indent outputs of sub protocols

Original outputs were organized like this:

(Fast) IPsec:
IPsec ah:
IPsec esp:
IPsec ipip:
IPsec ipcomp:
(Fast) IPsec:
IPsec ah:
IPsec esp:
IPsec ipip:
IPsec ipcomp:

New outputs are organized like this:

ipsec:
	ah:
	esp:
	ipip:
	ipcomp:
ipsec6:
	ah:
	esp:
	ipip:
	ipcomp:
---
Add test cases for IPComp
---
Simplify IPSEC_OSTAT macro (NFC)
---
KNF; replace leading whitespaces with hard tabs
---
Introduce and use SADB_SASTATE_USABLE_P
---
KNF
---
Add update command for testing

Updating an SA (SADB_UPDATE) requires that a process issuing
SADB_UPDATE is the same as a process issued SADB_ADD (or SADB_GETSPI).
This means that update command must be used with add command in a
configuration of setkey. This usage is normally meaningless but
useful for testing (and debugging) purposes.
---
Add test cases for updating SA/SP

The tests require newly-added udpate command of setkey.
---
PR/52346: Frank Kardel: Fix checksumming for NAT-T
See XXX for improvements.
---
Remove codes for PACKET_TAG_IPSEC_IN_CRYPTO_DONE

It seems that PACKET_TAG_IPSEC_IN_CRYPTO_DONE is for network adapters
that have IPsec accelerators; a driver sets the mtag to a packet
when its device has already encrypted the packet.

Unfortunately no driver implements such offload features for long
years and seems unlikely to implement them soon. (Note that neither
FreeBSD nor Linux doesn't have such drivers.) Let's remove related
(unused) codes and simplify the IPsec code.
---
Fix usages of sadb_msg_errno
---
Avoid updating sav directly

On SADB_UPDATE a target sav was updated directly, which was unsafe.
Instead allocate another sav, copy variables of the old sav to
the new one and replace the old one with the new one.
---
Simplify; we can assume sav->tdb_xform cannot be NULL while it's valid
---
Rename key_alloc* functions (NFC)

We shouldn't use the term "alloc" for functions that just look up
data and actually don't allocate memory.
---
Use explicit_memset to surely zero-clear key_auth and key_enc
---
Make sure to clear keys on error paths of key_setsaval
---
Add missing KEY_FREESAV
---
Make sure a sav is inserted to a sah list after its initialization completes
---
Remove unnecessary zero-clearing codes from key_setsaval

key_setsaval is now used only for a newly-allocated sav. (It was
used to reset variables of an existing sav.)
---
Correct wrong assumption of sav->refcnt in key_delsah

A sav in a list is basically not to be sav->refcnt == 0. And also
KEY_FREESAV assumes sav->refcnt > 0.
---
Let key_getsavbyspi take a reference of a returning sav
---
Use time_mono_to_wall (NFC)
---
Separate sending message routine (NFC)
---
Simplify; remove unnecessary zero-clears

key_freesaval is used only when a target sav is being destroyed.
---
Omit NULL checks for sav->lft_c

sav->lft_c can be NULL only when initializing or destroying sav.
---
Omit unnecessary NULL checks for sav->sah
---
Omit unnecessary check of sav->state

key_allocsa_policy picks a sav of either MATURE or DYING so we
don't need to check its state again.
---
Simplify; omit unnecessary saidx passing

- ipsec_nextisr returns a saidx but no caller uses it
- key_checkrequest is passed a saidx but it can be gotton by
  another argument (isr)
---
Fix splx isn't called on some error paths
---
Fix header size calculation of esp where sav is NULL
---
Fix header size calculation of ah in the case sav is NULL

This fix was also needed for esp.
---
Pass sav directly to opencrypto callback

In a callback, use a passed sav as-is by default and look up a sav
only if the passed sav is dead.
---
Avoid examining freshness of sav on packet processing

If a sav list is sorted (by lft_c->sadb_lifetime_addtime) in advance,
we don't need to examine each sav and also don't need to delete one
on the fly and send up a message. Fortunately every sav lists are sorted
as we need.

Added key_validate_savlist validates that each sav list is surely sorted
(run only if DEBUG because it's not cheap).
---
Add test cases for SAs with different SPIs
---
Prepare to stop using isr->sav

isr is a shared resource and using isr->sav as a temporal storage
for each packet processing is racy. And also having a reference from
isr to sav makes the lifetime of sav non-deterministic; such a reference
is removed when a packet is processed and isr->sav is overwritten by
new one. Let's have a sav locally for each packet processing instead of
using shared isr->sav.

However this change doesn't stop using isr->sav yet because there are
some users of isr->sav. isr->sav will be removed after the users find
a way to not use isr->sav.
---
Fix wrong argument handling
---
fix printf format.
---
Don't validate sav lists of LARVAL or DEAD states

We don't sort the lists so the validation will always fail.

Fix PR kern/52405
---
Make sure to sort the list when changing the state by key_sa_chgstate
---
Rename key_allocsa_policy to key_lookup_sa_bysaidx
---
Separate test files
---
Calculate ah_max_authsize on initialization as well as esp_max_ivlen
---
Remove m_tag_find(PACKET_TAG_IPSEC_PENDING_TDB) because nobody sets the tag
---
Restore a comment removed in previous

The comment is valid for the below code.
---
Make tests more stable

sleep command seems to wait longer than expected on anita so
use polling to wait for a state change.
---
Add tests that explicitly delete SAs instead of waiting for expirations
---
Remove invalid M_AUTHIPDGM check on ESP isr->sav

M_AUTHIPDGM flag is set to a mbuf in ah_input_cb. An sav of ESP can
have AH authentication as sav->tdb_authalgxform. However, in that
case esp_input and esp_input_cb are used to do ESP decryption and
AH authentication and M_AUTHIPDGM never be set to a mbuf. So
checking M_AUTHIPDGM of a mbuf on isr->sav of ESP is meaningless.
---
Look up sav instead of relying on unstable sp->req->sav

This code is executed only in an error path so an additional lookup
doesn't matter.
---
Correct a comment
---
Don't release sav if calling crypto_dispatch again
---
Remove extra KEY_FREESAV from ipsec_process_done

It should be done by the caller.
---
Don't bother the case of crp->crp_buf == NULL in callbacks
---
Hold a reference to an SP during opencrypto processing

An SP has a list of isr (ipsecrequest) that represents a sequence
of IPsec encryption/authentication processing. One isr corresponds
to one opencrypto processing. The lifetime of an isr follows its SP.

We pass an isr to a callback function of opencrypto to continue
to a next encryption/authentication processing. However nobody
guaranteed that the isr wasn't freed, i.e., its SP wasn't destroyed.

In order to avoid such unexpected destruction of isr, hold a reference
to its SP during opencrypto processing.
---
Don't make SAs expired on tests that delete SAs explicitly
---
Fix a debug message
---
Dedup error paths (NFC)
---
Use pool to allocate tdb_crypto

For ESP and AH, we need to allocate an extra variable space in addition
to struct tdb_crypto. The fixed size of pool items may be larger than
an actual requisite size of a buffer, but still the performance
improvement by replacing malloc with pool wins.
---
Don't use unstable isr->sav for header size calculations

We may need to optimize to not look up sav here for users that
don't need to know an exact size of headers (e.g., TCP segmemt size
caclulation).
---
Don't use sp->req->sav when handling NAT-T ESP fragmentation

In order to do this we need to look up a sav however an additional
look-up degrades performance. A sav is later looked up in
ipsec4_process_packet so delay the fragmentation check until then
to avoid an extra look-up.
---
Don't use key_lookup_sp that depends on unstable sp->req->sav

It provided a fast look-up of SP. We will provide an alternative
method in the future (after basic MP-ification finishes).
---
Stop setting isr->sav on looking up sav in key_checkrequest
---
Remove ipsecrequest#sav
---
Stop setting mtag of PACKET_TAG_IPSEC_IN_DONE because there is no users anymore
---
Skip ipsec_spi_*_*_preferred_new_timeout when running on qemu

Probably due to PR 43997
---
Add localcount to rump kernels
---
Remove unused macro
---
Fix key_getcomb_setlifetime

The fix adjusts a soft limit to be 80% of a corresponding hard limit.

I'm not sure the fix is really correct though, at least the original
code is wrong. A passed comb is zero-cleared before calling
key_getcomb_setlifetime, so
  comb->sadb_comb_soft_addtime = comb->sadb_comb_soft_addtime * 80 / 100;
is meaningless.
---
Provide and apply key_sp_refcnt (NFC)

It simplifies further changes.
---
Fix indentation

Pointed out by knakahara@
---
Use pslist(9) for sptree
---
Don't acquire global locks for IPsec if NET_MPSAFE

Note that the change is just to make testing easy and IPsec isn't MP-safe yet.
---
Let PF_KEY socks hold their own lock instead of softnet_lock

Operations on SAD and SPD are executed via PF_KEY socks. The operations
include deletions of SAs and SPs that will use synchronization mechanisms
such as pserialize_perform to wait for references to SAs and SPs to be
released. It is known that using such mechanisms with holding softnet_lock
causes a dead lock. We should avoid the situation.
---
Make IPsec SPD MP-safe

We use localcount(9), not psref(9), to make the sptree and secpolicy (SP)
entries MP-safe because SPs need to be referenced over opencrypto
processing that executes a callback in a different context.

SPs on sockets aren't managed by the sptree and can be destroyed in softint.
localcount_drain cannot be used in softint so we delay the destruction of
such SPs to a thread context. To do so, a list to manage such SPs is added
(key_socksplist) and key_timehandler_spd deletes dead SPs in the list.

For more details please read the locking notes in key.c.

Proposed on tech-kern@ and tech-net@
---
Fix updating ipsec_used

- key_update_used wasn't called in key_api_spddelete2 and key_api_spdflush
- key_update_used wasn't called if an SP had been added/deleted but
  a reply to userland failed
---
Fix updating ipsec_used; turn on when SPs on sockets are added
---
Add missing IPsec policy checks to icmp6_rip6_input

icmp6_rip6_input is quite similar to rip6_input and the same checks exist
in rip6_input.
---
Add test cases for setsockopt(IP_IPSEC_POLICY)
---
Don't use KEY_NEWSP for dummy SP entries

By the change KEY_NEWSP is now not called from softint anymore
and we can use kmem_zalloc with KM_SLEEP for KEY_NEWSP.
---
Comment out unused functions
---
Add test cases that there are SPs but no relevant SAs
---
Don't allow sav->lft_c to be NULL

lft_c of an sav that was created by SADB_GETSPI could be NULL.
---
Clean up clunky eval strings

- Remove unnecessary \ at EOL
  - This allows to omit ; too
- Remove unnecessary quotes for arguments of atf_set
- Don't expand $DEBUG in eval
  - We expect it's expanded on execution

Suggested by kre@
---
Remove unnecessary KEY_FREESAV in an error path

sav should be freed (unreferenced) by the caller.
---
Use pslist(9) for sahtree
---
Use pslist(9) for sah->savtree
---
Rename local variable newsah to sah

It may not be new.
---
MP-ify SAD slightly

- Introduce key_sa_mtx and use it for some list operations
- Use pserialize for some list iterations
---
Introduce KEY_SA_UNREF and replace KEY_FREESAV with it where sav will never be actually freed in the future

KEY_SA_UNREF is still key_freesav so no functional change for now.

This change reduces diff of further changes.
---
Remove out-of-date log output

Pointed out by riastradh@
---
Use KDASSERT instead of KASSERT for mutex_ownable

Because mutex_ownable is too heavy to run in a fast path
even for DIAGNOSTIC + LOCKDEBUG.

Suggested by riastradh@
---
Assemble global lists and related locks into cache lines (NFCI)

Also rename variable names from *tree to *list because they are
just lists, not trees.

Suggested by riastradh@
---
Move locking notes
---
Update the locking notes

- Add locking order
- Add locking notes for misc lists such as reglist
- Mention pserialize, key_sp_ref and key_sp_unref on SP operations

Requested by riastradh@
---
Describe constraints of key_sp_ref and key_sp_unref

Requested by riastradh@
---
Hold key_sad.lock on SAVLIST_WRITER_INSERT_TAIL
---
Add __read_mostly to key_psz

Suggested by riastradh@
---
Tweak wording (pserialize critical section => pserialize read section)

Suggested by riastradh@
---
Add missing mutex_exit
---
Fix setkey -D -P outputs

The outputs were tweaked (by me), but I forgot updating libipsec
in my local ATF environment...
---
MP-ify SAD (key_sad.sahlist and sah entries)

localcount(9) is used to protect key_sad.sahlist and sah entries
as well as SPD (and will be used for SAD sav).

Please read the locking notes of SAD for more details.
---
Introduce key_sa_refcnt and replace sav->refcnt with it (NFC)
---
Destroy sav only in the loop for DEAD sav
---
Fix KASSERT(solocked(sb->sb_so)) failure in sbappendaddr that is called eventually from key_sendup_mbuf

If key_sendup_mbuf isn't passed a socket, the assertion fails.
Originally in this case sb->sb_so was softnet_lock and callers
held softnet_lock so the assertion was magically satisfied.
Now sb->sb_so is key_so_mtx and also softnet_lock isn't always
held by callers so the assertion can fail.

Fix it by holding key_so_mtx if key_sendup_mbuf isn't passed a socket.

Reported by knakahara@
Tested by knakahara@ and ozaki-r@
---
Fix locking notes of SAD
---
Fix deadlock between key_sendup_mbuf called from key_acquire and localcount_drain

If we call key_sendup_mbuf from key_acquire that is called on packet
processing, a deadlock can happen like this:
- At key_acquire, a reference to an SP (and an SA) is held
- key_sendup_mbuf will try to take key_so_mtx
- Some other thread may try to localcount_drain to the SP with
  holding key_so_mtx in say key_api_spdflush
- In this case localcount_drain never return because key_sendup_mbuf
  that has stuck on key_so_mtx never release a reference to the SP

Fix the deadlock by deferring key_sendup_mbuf to the timer
(key_timehandler).
---
Fix that prev isn't cleared on retry
---
Limit the number of mbufs queued for deferred key_sendup_mbuf

It's easy to be queued hundreds of mbufs on the list under heavy
network load.
---
MP-ify SAD (savlist)

localcount(9) is used to protect savlist of sah. The basic design is
similar to MP-ifications of SPD and SAD sahlist. Please read the
locking notes of SAD for more details.
---
Simplify ipsec_reinject_ipstack (NFC)
---
Add per-CPU rtcache to ipsec_reinject_ipstack

It reduces route lookups and also reduces rtcache lock contentions
when NET_MPSAFE is enabled.
---
Use pool_cache(9) instead of pool(9) for tdb_crypto objects

The change improves network throughput especially on multi-core systems.
---
Update

ipsec(4), opencrypto(9) and vlan(4) are now MP-safe.
---
Write known issues on scalability
---
Share a global dummy SP between PCBs

It's never be changed so it can be pre-allocated and shared safely between PCBs.
---
Fix race condition on the rawcb list shared by rtsock and keysock

keysock now protects itself by its own mutex, which means that
the rawcb list is protected by two different mutexes (keysock's one
and softnet_lock for rtsock), of course it's useless.

Fix the situation by having a discrete rawcb list for each.
---
Use a dedicated mutex for rt_rawcb instead of softnet_lock if NET_MPSAFE
---
fix localcount leak in sav. fixed by ozaki-r@n.o.

I commit on behalf of him.
---
remove unnecessary comment.
---
Fix deadlock between pserialize_perform and localcount_drain

A typical ussage of localcount_drain looks like this:

  mutex_enter(&mtx);
  item = remove_from_list();
  pserialize_perform(psz);
  localcount_drain(&item->localcount, &cv, &mtx);
  mutex_exit(&mtx);

This sequence can cause a deadlock which happens for example on the following
situation:

- Thread A calls localcount_drain which calls xc_broadcast after releasing
  a specified mutex
- Thread B enters the sequence and calls pserialize_perform with holding
  the mutex while pserialize_perform also calls xc_broadcast
- Thread C (xc_thread) that calls an xcall callback of localcount_drain tries
  to hold the mutex

xc_broadcast of thread B doesn't start until xc_broadcast of thread A
finishes, which is a feature of xcall(9). This means that pserialize_perform
never complete until xc_broadcast of thread A finishes. On the other hand,
thread C that is a callee of xc_broadcast of thread A sticks on the mutex.
Finally the threads block each other (A blocks B, B blocks C and C blocks A).

A possible fix is to serialize executions of the above sequence by another
mutex, but adding another mutex makes the code complex, so fix the deadlock
by another way; the fix is to release the mutex before pserialize_perform
and instead use a condvar to prevent pserialize_perform from being called
simultaneously.

Note that the deadlock has happened only if NET_MPSAFE is enabled.
---
Add missing ifdef NET_MPSAFE
---
Take softnet_lock on pr_input properly if NET_MPSAFE

Currently softnet_lock is taken unnecessarily in some cases, e.g.,
icmp_input and encap4_input from ip_input, or not taken even if needed,
e.g., udp_input and tcp_input from ipsec4_common_input_cb. Fix them.

NFC if NET_MPSAFE is disabled (default).
---
- sanitize key debugging so that we don't print extra newlines or unassociated
  debugging messages.
- remove unused functions and make internal ones static
- print information in one line per message
---
humanize printing of ip addresses
---
cast reduction, NFC.
---
Fix typo in comment
---
Pull out ipsec_fill_saidx_bymbuf (NFC)
---
Don't abuse key_checkrequest just for looking up sav

It does more than expected for example key_acquire.
---
Fix SP is broken on transport mode

isr->saidx was modified accidentally in ipsec_nextisr.

Reported by christos@
Helped investigations by christos@ and knakahara@
---
Constify isr at many places (NFC)
---
Include socketvar.h for softnet_lock
---
Fix buffer length for ipsec_logsastr

Revision 1.182 / (download) - annotate - [select for diffs], Wed Sep 27 10:05:05 2017 UTC (6 years, 5 months ago) by ozaki-r
Branch: MAIN
Changes since 1.181: +2 -4 lines
Diff to previous 1.181 (colored) to selected 1.22 (colored)

Take softnet_lock on pr_input properly if NET_MPSAFE

Currently softnet_lock is taken unnecessarily in some cases, e.g.,
icmp_input and encap4_input from ip_input, or not taken even if needed,
e.g., udp_input and tcp_input from ipsec4_common_input_cb. Fix them.

NFC if NET_MPSAFE is disabled (default).

Revision 1.149.4.11 / (download) - annotate - [select for diffs], Mon Aug 28 17:53:12 2017 UTC (6 years, 6 months ago) by skrll
Branch: nick-nhusb
Changes since 1.149.4.10: +16 -50 lines
Diff to previous 1.149.4.10 (colored) to branchpoint 1.149 (colored) next main 1.150 (colored) to selected 1.22 (colored)

Sync with HEAD

Revision 1.181 / (download) - annotate - [select for diffs], Thu Jul 27 06:59:28 2017 UTC (6 years, 7 months ago) by ozaki-r
Branch: MAIN
CVS Tags: nick-nhusb-base-20170825
Changes since 1.180: +2 -4 lines
Diff to previous 1.180 (colored) to selected 1.22 (colored)

Don't acquire global locks for IPsec if NET_MPSAFE

Note that the change is just to make testing easy and IPsec isn't MP-safe yet.

Revision 1.180 / (download) - annotate - [select for diffs], Thu Jul 6 17:14:35 2017 UTC (6 years, 8 months ago) by christos
Branch: MAIN
CVS Tags: perseant-stdc-iso10646-base, perseant-stdc-iso10646
Changes since 1.179: +9 -10 lines
Diff to previous 1.179 (colored) to selected 1.22 (colored)

remove unnecessary casts; use sizeof(var) instead of sizeof(type).

Revision 1.179 / (download) - annotate - [select for diffs], Thu Jul 6 17:08:57 2017 UTC (6 years, 8 months ago) by christos
Branch: MAIN
Changes since 1.178: +5 -29 lines
Diff to previous 1.178 (colored) to selected 1.22 (colored)

Merge the two copies SO_TIMESTAMP/SO_OTIMESTAMP processing to a single
function, and add a SOOPT_TIMESTAMP define reducing compat pollution from
5 places to 1.

Revision 1.178 / (download) - annotate - [select for diffs], Thu Jun 1 02:45:14 2017 UTC (6 years, 9 months ago) by chs
Branch: MAIN
CVS Tags: netbsd-8-base
Branch point for: netbsd-8
Changes since 1.177: +2 -5 lines
Diff to previous 1.177 (colored) to selected 1.22 (colored)

remove checks for failure after memory allocation calls that cannot fail:

  kmem_alloc() with KM_SLEEP
  kmem_zalloc() with KM_SLEEP
  percpu_alloc()
  pserialize_create()
  psref_class_create()

all of these paths include an assertion that the allocation has not failed,
so callers should not assert that again.

Revision 1.171.2.1 / (download) - annotate - [select for diffs], Fri Apr 21 16:54:06 2017 UTC (6 years, 10 months ago) by bouyer
Branch: bouyer-socketcan
Changes since 1.171: +10 -12 lines
Diff to previous 1.171 (colored) next main 1.172 (colored) to selected 1.22 (colored)

Sync with HEAD

Revision 1.164.2.4 / (download) - annotate - [select for diffs], Mon Mar 20 06:57:51 2017 UTC (7 years ago) by pgoyette
Branch: pgoyette-localcount
Changes since 1.164.2.3: +10 -12 lines
Diff to previous 1.164.2.3 (colored) to branchpoint 1.164 (colored) next main 1.165 (colored) to selected 1.22 (colored)

Sync with HEAD

Revision 1.177 / (download) - annotate - [select for diffs], Tue Mar 14 04:25:10 2017 UTC (7 years ago) by ozaki-r
Branch: MAIN
CVS Tags: prg-localcount2-base3, prg-localcount2-base2, prg-localcount2-base1, prg-localcount2-base, prg-localcount2, pgoyette-localcount-20170426, pgoyette-localcount-20170320, jdolecek-ncq-base, jdolecek-ncq, bouyer-socketcan-base1
Changes since 1.176: +3 -6 lines
Diff to previous 1.176 (colored) to selected 1.22 (colored)

Replace DIAGNOSTIC + panic with KASSERT

Revision 1.176 / (download) - annotate - [select for diffs], Wed Mar 1 08:54:12 2017 UTC (7 years ago) by ozaki-r
Branch: MAIN
Changes since 1.175: +5 -5 lines
Diff to previous 1.175 (colored) to selected 1.22 (colored)

Provide in6_multi_group

Use it when checking if we belong to the group, instead of in6_lookup_multi.

No functional change.

Revision 1.175 / (download) - annotate - [select for diffs], Wed Feb 22 07:46:00 2017 UTC (7 years ago) by ozaki-r
Branch: MAIN
Changes since 1.174: +3 -3 lines
Diff to previous 1.174 (colored) to selected 1.22 (colored)

Stop using useless IN6_*_MULTI macros

Revision 1.174 / (download) - annotate - [select for diffs], Tue Feb 21 03:59:31 2017 UTC (7 years ago) by ozaki-r
Branch: MAIN
Changes since 1.173: +2 -3 lines
Diff to previous 1.173 (colored) to selected 1.22 (colored)

Sweep unnecessary malloc.h inclusions

Revision 1.149.4.10 / (download) - annotate - [select for diffs], Sun Feb 5 13:40:59 2017 UTC (7 years, 1 month ago) by skrll
Branch: nick-nhusb
Changes since 1.149.4.9: +35 -13 lines
Diff to previous 1.149.4.9 (colored) to branchpoint 1.149 (colored) to selected 1.22 (colored)

Sync with HEAD

Revision 1.173 / (download) - annotate - [select for diffs], Mon Jan 16 15:44:47 2017 UTC (7 years, 2 months ago) by christos
Branch: MAIN
CVS Tags: nick-nhusb-base-20170204
Changes since 1.172: +4 -4 lines
Diff to previous 1.172 (colored) to selected 1.22 (colored)

ip6_sprintf -> IN6_PRINT so that we pass the size.

Revision 1.172 / (download) - annotate - [select for diffs], Mon Jan 16 07:33:36 2017 UTC (7 years, 2 months ago) by ryo
Branch: MAIN
Changes since 1.171: +6 -4 lines
Diff to previous 1.171 (colored) to selected 1.22 (colored)

Make ip6_sprintf(), in_fmtaddr(), lla_snprintf() and icmp6_redirect_diag() mpsafe.

Reviewed by ozaki-r@

Revision 1.164.2.3 / (download) - annotate - [select for diffs], Sat Jan 7 08:56:51 2017 UTC (7 years, 2 months ago) by pgoyette
Branch: pgoyette-localcount
Changes since 1.164.2.2: +32 -10 lines
Diff to previous 1.164.2.2 (colored) to branchpoint 1.164 (colored) to selected 1.22 (colored)

Sync with HEAD.  (Note that most of these changes are simply $NetBSD$
tag issues.)

Revision 1.171 / (download) - annotate - [select for diffs], Thu Dec 8 05:16:34 2016 UTC (7 years, 3 months ago) by ozaki-r
Branch: MAIN
CVS Tags: pgoyette-localcount-20170107, bouyer-socketcan-base
Branch point for: bouyer-socketcan
Changes since 1.170: +31 -11 lines
Diff to previous 1.170 (colored) to selected 1.22 (colored)

Add rtcache_unref to release points of rtentry stemming from rtcache

In the MP-safe world, a rtentry stemming from a rtcache can be freed at any
points. So we need to protect rtentries somehow say by reference couting or
passive references. Regardless of the method, we need to call some release
function of a rtentry after using it.

The change adds a new function rtcache_unref to release a rtentry. At this
point, this function does nothing because for now we don't add a reference
to a rtentry when we get one from a rtcache. We will add something useful
in a further commit.

This change is a part of changes for MP-safe routing table. It is separated
to avoid one big change that makes difficult to debug by bisecting.

Revision 1.149.4.9 / (download) - annotate - [select for diffs], Mon Dec 5 10:55:28 2016 UTC (7 years, 3 months ago) by skrll
Branch: nick-nhusb
Changes since 1.149.4.8: +43 -14 lines
Diff to previous 1.149.4.8 (colored) to branchpoint 1.149 (colored) to selected 1.22 (colored)

Sync with HEAD

Revision 1.164.2.2 / (download) - annotate - [select for diffs], Fri Nov 4 14:49:21 2016 UTC (7 years, 4 months ago) by pgoyette
Branch: pgoyette-localcount
Changes since 1.164.2.1: +43 -14 lines
Diff to previous 1.164.2.1 (colored) to branchpoint 1.164 (colored) to selected 1.22 (colored)

Sync with HEAD

Revision 1.170 / (download) - annotate - [select for diffs], Tue Nov 1 10:32:57 2016 UTC (7 years, 4 months ago) by ozaki-r
Branch: MAIN
CVS Tags: pgoyette-localcount-20161104, nick-nhusb-base-20161204
Changes since 1.169: +5 -8 lines
Diff to previous 1.169 (colored) to selected 1.22 (colored)

Reduce the number of return points

No functional change.

Revision 1.169 / (download) - annotate - [select for diffs], Tue Oct 18 07:30:31 2016 UTC (7 years, 5 months ago) by ozaki-r
Branch: MAIN
Changes since 1.168: +42 -10 lines
Diff to previous 1.168 (colored) to selected 1.22 (colored)

Don't hold global locks if NET_MPSAFE is enabled

If NET_MPSAFE is enabled, don't hold KERNEL_LOCK and softnet_lock in
part of the network stack such as IP forwarding paths. The aim of the
change is to make it easy to test the network stack without the locks
and reduce our local diffs.

By default (i.e., if NET_MPSAFE isn't enabled), the locks are held
as they used to be.

Reviewed by knakahara@

Revision 1.149.4.8 / (download) - annotate - [select for diffs], Wed Oct 5 20:56:09 2016 UTC (7 years, 5 months ago) by skrll
Branch: nick-nhusb
Changes since 1.149.4.7: +19 -82 lines
Diff to previous 1.149.4.7 (colored) to branchpoint 1.149 (colored) to selected 1.22 (colored)

Sync with HEAD

Revision 1.168 / (download) - annotate - [select for diffs], Wed Sep 7 15:41:44 2016 UTC (7 years, 6 months ago) by roy
Branch: MAIN
CVS Tags: nick-nhusb-base-20161004, localcount-20160914
Changes since 1.167: +3 -3 lines
Diff to previous 1.167 (colored) to selected 1.22 (colored)

Disallow input to detached addresses because they are not yet valid.

Revision 1.167 / (download) - annotate - [select for diffs], Wed Aug 31 09:14:47 2016 UTC (7 years, 6 months ago) by ozaki-r
Branch: MAIN
Changes since 1.166: +13 -5 lines
Diff to previous 1.166 (colored) to selected 1.22 (colored)

Make ipforward_rt and ip6_forward_rt percpu

Sharing one rtcache between CPUs is just a bad idea.

Reviewed by knakahara@

Revision 1.164.2.1 / (download) - annotate - [select for diffs], Sat Aug 6 00:19:10 2016 UTC (7 years, 7 months ago) by pgoyette
Branch: pgoyette-localcount
Changes since 1.164: +7 -78 lines
Diff to previous 1.164 (colored) to selected 1.22 (colored)

Sync with HEAD

Revision 1.166 / (download) - annotate - [select for diffs], Tue Aug 2 04:50:16 2016 UTC (7 years, 7 months ago) by knakahara
Branch: MAIN
CVS Tags: pgoyette-localcount-20160806
Changes since 1.165: +2 -78 lines
Diff to previous 1.165 (colored) to selected 1.22 (colored)

ip6flow refactor like ipflow.

    - move ip6flow sysctls into ip6_flow.c like ip_flow.c:r1.64
    - build ip6_flow.c only if GATEWAY kernel option is enabled

Revision 1.165 / (download) - annotate - [select for diffs], Mon Aug 1 03:15:31 2016 UTC (7 years, 7 months ago) by ozaki-r
Branch: MAIN
Changes since 1.164: +7 -2 lines
Diff to previous 1.164 (colored) to selected 1.22 (colored)

Apply pserialize and psref to struct ifaddr and its variants

This change makes struct ifaddr and its variants (in_ifaddr and in6_ifaddr)
MP-safe by using pserialize and psref. At this moment, pserialize_perform
and psref_target_destroy are disabled because (1) we don't need them
because of softnet_lock (2) they cause a deadlock because of softnet_lock.
So we'll enable them when we remove softnet_lock in the future.

Revision 1.149.4.7 / (download) - annotate - [select for diffs], Sat Jul 9 20:25:22 2016 UTC (7 years, 8 months ago) by skrll
Branch: nick-nhusb
Changes since 1.149.4.6: +17 -13 lines
Diff to previous 1.149.4.6 (colored) to branchpoint 1.149 (colored) to selected 1.22 (colored)

Sync with HEAD

Revision 1.164 / (download) - annotate - [select for diffs], Thu Jul 7 09:32:03 2016 UTC (7 years, 8 months ago) by ozaki-r
Branch: MAIN
CVS Tags: pgoyette-localcount-base, pgoyette-localcount-20160726, nick-nhusb-base-20160907
Branch point for: pgoyette-localcount
Changes since 1.163: +3 -3 lines
Diff to previous 1.163 (colored) to selected 1.22 (colored)

Switch the address list of intefaces to pslist(9)

As usual, we leave the old list to avoid breaking kvm(3) users.

Revision 1.163 / (download) - annotate - [select for diffs], Wed Jul 6 10:49:49 2016 UTC (7 years, 8 months ago) by ozaki-r
Branch: MAIN
Changes since 1.162: +3 -4 lines
Diff to previous 1.162 (colored) to selected 1.22 (colored)

Move in6_ifaddr_list to a more proper place (from ip6_input.c to in6.c)

It's a similar place as the IPv4 address list, i.e., in.c.

More varibles will join together.

Revision 1.162 / (download) - annotate - [select for diffs], Mon Jul 4 06:48:14 2016 UTC (7 years, 8 months ago) by ozaki-r
Branch: MAIN
Changes since 1.161: +5 -3 lines
Diff to previous 1.161 (colored) to selected 1.22 (colored)

Use pslist(9) for the global in6_ifaddr list

psz and psref will be applied in another commit.

No functional change intended.

Revision 1.161 / (download) - annotate - [select for diffs], Wed Jun 22 07:48:17 2016 UTC (7 years, 8 months ago) by ozaki-r
Branch: MAIN
Changes since 1.160: +2 -4 lines
Diff to previous 1.160 (colored) to selected 1.22 (colored)

Remove unnecessary NULL checks of ifa->ifa_addr

If it's NULL, it should be a bug. There many IFADDR_FOREACH that don't do
NULL check. If it can be NULL, they should fire already.

Revision 1.160 / (download) - annotate - [select for diffs], Fri Jun 10 13:31:44 2016 UTC (7 years, 9 months ago) by ozaki-r
Branch: MAIN
Changes since 1.159: +14 -9 lines
Diff to previous 1.159 (colored) to selected 1.22 (colored)

Avoid storing a pointer of an interface in a mbuf

Having a pointer of an interface in a mbuf isn't safe if we remove big
kernel locks; an interface object (ifnet) can be destroyed anytime in any
packet processing and accessing such object via a pointer is racy. Instead
we have to get an object from the interface collection (ifindex2ifnet) via
an interface index (if_index) that is stored to a mbuf instead of an
pointer.

The change provides two APIs: m_{get,put}_rcvif_psref that use psref(9)
for sleep-able critical sections and m_{get,put}_rcvif that use
pserialize(9) for other critical sections. The change also adds another
API called m_get_rcvif_NOMPSAFE, that is NOT MP-safe and for transition
moratorium, i.e., it is intended to be used for places where are not
planned to be MP-ified soon.

The change adds some overhead due to psref to performance sensitive paths,
however the overhead is not serious, 2% down at worst.

Proposed on tech-kern and tech-net.

Revision 1.149.4.6 / (download) - annotate - [select for diffs], Sun May 29 08:44:39 2016 UTC (7 years, 9 months ago) by skrll
Branch: nick-nhusb
Changes since 1.149.4.5: +32 -36 lines
Diff to previous 1.149.4.5 (colored) to branchpoint 1.149 (colored) to selected 1.22 (colored)

Sync with HEAD

Revision 1.159 / (download) - annotate - [select for diffs], Thu May 19 08:53:25 2016 UTC (7 years, 10 months ago) by ozaki-r
Branch: MAIN
CVS Tags: nick-nhusb-base-20160529
Changes since 1.158: +32 -36 lines
Diff to previous 1.158 (colored) to selected 1.22 (colored)

Get rcvif once and reuse it

No functional change.

Revision 1.149.4.5 / (download) - annotate - [select for diffs], Fri Apr 22 15:44:18 2016 UTC (7 years, 10 months ago) by skrll
Branch: nick-nhusb
Changes since 1.149.4.4: +7 -13 lines
Diff to previous 1.149.4.4 (colored) to branchpoint 1.149 (colored) to selected 1.22 (colored)

Sync with HEAD

Revision 1.158 / (download) - annotate - [select for diffs], Mon Apr 4 07:37:07 2016 UTC (7 years, 11 months ago) by ozaki-r
Branch: MAIN
CVS Tags: nick-nhusb-base-20160422
Changes since 1.157: +2 -3 lines
Diff to previous 1.157 (colored) to selected 1.22 (colored)

Separate nexthop caches from the routing table

By this change, nexthop caches (IP-MAC address pair) are not stored
in the routing table anymore. Instead nexthop caches are stored in
each network interface; we already have lltable/llentry data structure
for this purpose. This change also obsoletes the concept of cloning/cloned
routes. Cloned routes no longer exist while cloning routes still exist
with renamed to connected routes.

Noticeable changes are:
- Nexthop caches aren't listed in route show/netstat -r
  - sysctl(NET_RT_DUMP) doesn't return them
  - If RTF_LLDATA is specified, it returns nexthop caches
- Several definitions of routing flags and messages are removed
  - RTF_CLONING, RTF_XRESOLVE, RTF_LLINFO, RTF_CLONED and RTM_RESOLVE
- RTF_CONNECTED is added
  - It has the same value of RTF_CLONING for backward compatibility
- route's -xresolve, -[no]cloned and -llinfo options are removed
  - -[no]cloning remains because it seems there are users
  - -[no]connected is introduced and recommended
    to be used instead of -[no]cloning
- route show/netstat -r drops some flags
  - 'L' and 'c' are not seen anymore
  - 'C' now indicates a connected route
- Gateway value of a route of an interface address is now not
  a L2 address but "link#N" like a connected (cloning) route
- Proxy ARP: "arp -s ... pub" doesn't create a route

You can know details of behavior changes by seeing diffs under tests/.

Proposed on tech-net and tech-kern:
  http://mail-index.netbsd.org/tech-net/2016/03/11/msg005701.html

Revision 1.157 / (download) - annotate - [select for diffs], Fri Apr 1 08:12:00 2016 UTC (7 years, 11 months ago) by ozaki-r
Branch: MAIN
Changes since 1.156: +4 -5 lines
Diff to previous 1.156 (colored) to selected 1.22 (colored)

Refine nd6log

Add __func__ to nd6log itself instead of adding it to callers.

Revision 1.156 / (download) - annotate - [select for diffs], Fri Apr 1 05:11:38 2016 UTC (7 years, 11 months ago) by ozaki-r
Branch: MAIN
Changes since 1.155: +5 -9 lines
Diff to previous 1.155 (colored) to selected 1.22 (colored)

Tidy up nd6_timer initialization

Revision 1.149.4.4 / (download) - annotate - [select for diffs], Sat Mar 19 11:30:33 2016 UTC (8 years ago) by skrll
Branch: nick-nhusb
Changes since 1.149.4.3: +2 -18 lines
Diff to previous 1.149.4.3 (colored) to branchpoint 1.149 (colored) to selected 1.22 (colored)

Sync with HEAD

Revision 1.155 / (download) - annotate - [select for diffs], Thu Feb 4 02:48:37 2016 UTC (8 years, 1 month ago) by riastradh
Branch: MAIN
CVS Tags: nick-nhusb-base-20160319
Changes since 1.154: +2 -4 lines
Diff to previous 1.154 (colored) to selected 1.22 (colored)

Declare in6_tmpaddrtimer_ch in in6_var.h.

Do not declare extern variables in .c files!

Revision 1.154 / (download) - annotate - [select for diffs], Fri Jan 8 03:55:39 2016 UTC (8 years, 2 months ago) by knakahara
Branch: MAIN
Changes since 1.153: +2 -16 lines
Diff to previous 1.153 (colored) to selected 1.22 (colored)

eliminate ip_input.c and ip6_input.c dependency on gif(4)

Revision 1.149.4.3 / (download) - annotate - [select for diffs], Sun Dec 27 12:10:07 2015 UTC (8 years, 2 months ago) by skrll
Branch: nick-nhusb
Changes since 1.149.4.2: +21 -11 lines
Diff to previous 1.149.4.2 (colored) to branchpoint 1.149 (colored) to selected 1.22 (colored)

Sync with HEAD (as of 26th Dec)

Revision 1.153 / (download) - annotate - [select for diffs], Sat Dec 12 23:34:25 2015 UTC (8 years, 3 months ago) by christos
Branch: MAIN
CVS Tags: nick-nhusb-base-20151226
Changes since 1.152: +21 -11 lines
Diff to previous 1.152 (colored) to selected 1.22 (colored)

Hook up the addrctl stuff that's already there.

Revision 1.149.4.2 / (download) - annotate - [select for diffs], Tue Sep 22 12:06:11 2015 UTC (8 years, 5 months ago) by skrll
Branch: nick-nhusb
Changes since 1.149.4.1: +16 -14 lines
Diff to previous 1.149.4.1 (colored) to branchpoint 1.149 (colored) to selected 1.22 (colored)

Sync with HEAD

Revision 1.152 / (download) - annotate - [select for diffs], Mon Aug 24 22:21:27 2015 UTC (8 years, 6 months ago) by pooka
Branch: MAIN
CVS Tags: nick-nhusb-base-20150921
Changes since 1.151: +4 -2 lines
Diff to previous 1.151 (colored) to selected 1.22 (colored)

sprinkle _KERNEL_OPT

Revision 1.149.4.1 / (download) - annotate - [select for diffs], Mon Apr 6 15:18:23 2015 UTC (8 years, 11 months ago) by skrll
Branch: nick-nhusb
Changes since 1.149: +11 -40 lines
Diff to previous 1.149 (colored) to selected 1.22 (colored)

Sync with HEAD

Revision 1.151 / (download) - annotate - [select for diffs], Wed Apr 1 02:49:44 2015 UTC (8 years, 11 months ago) by ozaki-r
Branch: MAIN
CVS Tags: nick-nhusb-base-20150606, nick-nhusb-base-20150406
Changes since 1.150: +3 -40 lines
Diff to previous 1.150 (colored) to selected 1.22 (colored)

Pull out ipsec routines from ip6_input

This change reduces symbol references from netinet6 to netipsec
and improves modularity of netipsec.

No functional change is intended.

Revision 1.149.2.1 / (download) - annotate - [select for diffs], Fri Jan 23 09:27:15 2015 UTC (9 years, 1 month ago) by martin
Branch: netbsd-7
CVS Tags: netbsd-7-nhusb-base-20170116, netbsd-7-nhusb-base, netbsd-7-nhusb, netbsd-7-1-RELEASE, netbsd-7-1-RC2, netbsd-7-1-RC1, netbsd-7-1-1-RELEASE, netbsd-7-0-RELEASE, netbsd-7-0-RC3, netbsd-7-0-RC2, netbsd-7-0-RC1, netbsd-7-0-2-RELEASE, netbsd-7-0-1-RELEASE
Branch point for: netbsd-7-1, netbsd-7-0
Changes since 1.149: +10 -2 lines
Diff to previous 1.149 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by pettai in ticket #441):
	sys/netinet6/ip6_var.h: revision 1.64
	sys/netinet6/in6.h: revision 1.82
	sys/netinet6/in6_src.c: revision 1.56
	sys/netinet6/mld6.c: revision 1.62
	sys/netinet6/ip6_input.c: revision 1.150
	sys/netinet6/ip6_output.c: revision 1.161
Add net.inet6.ip6.prefer_tempaddr sysctl knob so that we can prefer
IPv6 temporary addresses as the source address.
Fixes PR kern/47100 based on a patch by Dieter Roelants.

Revision 1.150 / (download) - annotate - [select for diffs], Tue Jan 20 21:27:36 2015 UTC (9 years, 1 month ago) by roy
Branch: MAIN
Changes since 1.149: +10 -2 lines
Diff to previous 1.149 (colored) to selected 1.22 (colored)

Add net.inet6.ip6.prefer_tempaddr sysctl knob so that we can prefer
IPv6 temporary addresses as the source address.

Fixes PR kern/47100 based on a patch by Dieter Roelants.

Revision 1.140.2.3 / (download) - annotate - [select for diffs], Wed Aug 20 00:04:36 2014 UTC (9 years, 7 months ago) by tls
Branch: tls-maxphys
Changes since 1.140.2.2: +90 -89 lines
Diff to previous 1.140.2.2 (colored) to branchpoint 1.140 (colored) to selected 1.22 (colored)

Rebase to HEAD as of a few days ago.

Revision 1.145.2.1 / (download) - annotate - [select for diffs], Sun Aug 10 06:56:30 2014 UTC (9 years, 7 months ago) by tls
Branch: tls-earlyentropy
Changes since 1.145: +77 -61 lines
Diff to previous 1.145 (colored) next main 1.146 (colored) to selected 1.22 (colored)

Rebase.

Revision 1.149 / (download) - annotate - [select for diffs], Mon Jun 16 00:33:39 2014 UTC (9 years, 9 months ago) by ozaki-r
Branch: MAIN
CVS Tags: tls-maxphys-base, tls-earlyentropy-base, nick-nhusb-base, netbsd-7-base
Branch point for: nick-nhusb, netbsd-7
Changes since 1.148: +3 -3 lines
Diff to previous 1.148 (colored) to selected 1.22 (colored)

Add 3rd argument to pktq_create to pass sc

It will be used to pass bridge sc for bridge_forward softint.

ok rmind@

Revision 1.148 / (download) - annotate - [select for diffs], Thu Jun 5 23:48:16 2014 UTC (9 years, 9 months ago) by rmind
Branch: MAIN
Changes since 1.147: +20 -20 lines
Diff to previous 1.147 (colored) to selected 1.22 (colored)

- Implement pktqueue interface for lockless IP input queue.
- Replace ipintrq and ip6intrq with the pktqueue mechanism.
- Eliminate kernel-lock from ipintr() and ip6intr().
- Some preparation work to push softnet_lock out of ipintr().

Discussed on tech-net.

Revision 1.147 / (download) - annotate - [select for diffs], Thu Jun 5 16:06:49 2014 UTC (9 years, 9 months ago) by roy
Branch: MAIN
Changes since 1.146: +11 -2 lines
Diff to previous 1.146 (colored) to selected 1.22 (colored)

Add IPV6CTL_AUTO_LINKLOCAL and ND6_IFF_AUTO_LINKLOCAL toggles which
control the automatic creation of IPv6 link-local addresses when an
interface is brought up.

Taken from FreeBSD.

Revision 1.146 / (download) - annotate - [select for diffs], Fri May 30 01:39:03 2014 UTC (9 years, 9 months ago) by christos
Branch: MAIN
Changes since 1.145: +50 -43 lines
Diff to previous 1.145 (colored) to selected 1.22 (colored)

Introduce 2 new variables: ipsec_enabled and ipsec_used.
Ipsec enabled is controlled by sysctl and determines if is allowed.
ipsec_used is set automatically based on ipsec being enabled, and
rules existing.

Revision 1.132.2.4 / (download) - annotate - [select for diffs], Thu May 22 11:41:10 2014 UTC (9 years, 9 months ago) by yamt
Branch: yamt-pagecache
Changes since 1.132.2.3: +23 -38 lines
Diff to previous 1.132.2.3 (colored) to branchpoint 1.132 (colored) next main 1.133 (colored) to selected 1.22 (colored)

sync with head.

for a reference, the tree before this commit was tagged
as yamt-pagecache-tag8.

this commit was splitted into small chunks to avoid
a limitation of cvs.  ("Protocol error: too many arguments")

Revision 1.142.2.2 / (download) - annotate - [select for diffs], Sun May 18 17:46:13 2014 UTC (9 years, 10 months ago) by rmind
Branch: rmind-smpnet
Changes since 1.142.2.1: +13 -14 lines
Diff to previous 1.142.2.1 (colored) next main 1.143 (colored) to selected 1.22 (colored)

sync with head

Revision 1.145 / (download) - annotate - [select for diffs], Tue Feb 25 18:30:12 2014 UTC (10 years ago) by pooka
Branch: MAIN
CVS Tags: yamt-pagecache-base9, rmind-smpnet-nbase, rmind-smpnet-base, riastradh-xf86-video-intel-2-7-1-pre-2-21-15, riastradh-drm2-base3
Branch point for: tls-earlyentropy
Changes since 1.144: +2 -7 lines
Diff to previous 1.144 (colored) to selected 1.22 (colored)

Ensure that the top level sysctl nodes (kern, vfs, net, ...) exist before
the sysctl link sets are processed, and remove redundancy.

Shaves >13kB off of an amd64 GENERIC, not to mention >1k duplicate
lines of code.

Revision 1.144 / (download) - annotate - [select for diffs], Fri Oct 4 14:23:14 2013 UTC (10 years, 5 months ago) by christos
Branch: MAIN
Changes since 1.143: +13 -9 lines
Diff to previous 1.143 (colored) to selected 1.22 (colored)

check result of setscope, from logan.

Revision 1.142.2.1 / (download) - annotate - [select for diffs], Wed Aug 28 23:59:36 2013 UTC (10 years, 6 months ago) by rmind
Branch: rmind-smpnet
Changes since 1.142: +6 -20 lines
Diff to previous 1.142 (colored) to selected 1.22 (colored)

sync with head

Revision 1.136.8.1 / (download) - annotate - [select for diffs], Mon Jul 8 07:40:56 2013 UTC (10 years, 8 months ago) by jdc
Branch: netbsd-6-1
CVS Tags: netbsd-6-1-5-RELEASE, netbsd-6-1-4-RELEASE, netbsd-6-1-3-RELEASE, netbsd-6-1-2-RELEASE, netbsd-6-1-1-RELEASE
Changes since 1.136: +34 -2 lines
Diff to previous 1.136 (colored) to selected 1.22 (colored)

Pull up revisions:
  src/share/man/man7/sysctl.7 revision 1.73 via patch
  src/sys/netinet6/icmp6.c revision 1.161 via patch
  src/sys/netinet6/in6.c revision 1.161 via patch
  src/sys/netinet6/in6_proto.c revision 1.97 via patch
  src/sys/netinet6/in6_var.h revision 1.65 via patch
  src/sys/netinet6/ip6_input.c revision 1.139 via patch
  src/sys/netinet6/ip6_var.h revision 1.59 via patch
  src/sys/netinet6/nd6.c revision 1.143 via patch
  src/sys/netinet6/nd6.h revision 1.57 via patch
  src/sys/netinet6/nd6_rtr.c revision 1.83 via patch
(requested by christos in ticket #905).
Patch by Loganaden Velvindron.

  4 new sysctls to avoid ipv6 DoS attacks from OpenBSD

Revision 1.136.6.1 / (download) - annotate - [select for diffs], Mon Jul 8 07:40:34 2013 UTC (10 years, 8 months ago) by jdc
Branch: netbsd-6-0
CVS Tags: netbsd-6-0-6-RELEASE, netbsd-6-0-5-RELEASE, netbsd-6-0-4-RELEASE, netbsd-6-0-3-RELEASE
Changes since 1.136: +34 -2 lines
Diff to previous 1.136 (colored) to selected 1.22 (colored)

Pull up revisions:
  src/share/man/man7/sysctl.7 revision 1.73 via patch
  src/sys/netinet6/icmp6.c revision 1.161 via patch
  src/sys/netinet6/in6.c revision 1.161 via patch
  src/sys/netinet6/in6_proto.c revision 1.97 via patch
  src/sys/netinet6/in6_var.h revision 1.65 via patch
  src/sys/netinet6/ip6_input.c revision 1.139 via patch
  src/sys/netinet6/ip6_var.h revision 1.59 via patch
  src/sys/netinet6/nd6.c revision 1.143 via patch
  src/sys/netinet6/nd6.h revision 1.57 via patch
  src/sys/netinet6/nd6_rtr.c revision 1.83 via patch
(requested by christos in ticket #905).
Patch by Loganaden Velvindron.

  4 new sysctls to avoid ipv6 DoS attacks from OpenBSD

Revision 1.136.2.1 / (download) - annotate - [select for diffs], Mon Jul 8 07:40:07 2013 UTC (10 years, 8 months ago) by jdc
Branch: netbsd-6
Changes since 1.136: +34 -2 lines
Diff to previous 1.136 (colored) to selected 1.22 (colored)

Pull up revisions:
  src/share/man/man7/sysctl.7 revision 1.73 via patch
  src/sys/netinet6/icmp6.c revision 1.161 via patch
  src/sys/netinet6/in6.c revision 1.161 via patch
  src/sys/netinet6/in6_proto.c revision 1.97 via patch
  src/sys/netinet6/in6_var.h revision 1.65 via patch
  src/sys/netinet6/ip6_input.c revision 1.139 via patch
  src/sys/netinet6/ip6_var.h revision 1.59 via patch
  src/sys/netinet6/nd6.c revision 1.143 via patch
  src/sys/netinet6/nd6.h revision 1.57 via patch
  src/sys/netinet6/nd6_rtr.c revision 1.83 via patch
(requested by christos in ticket #905).
Patch by Loganaden Velvindron.

  4 new sysctls to avoid ipv6 DoS attacks from OpenBSD

Revision 1.143 / (download) - annotate - [select for diffs], Sat Jun 29 21:06:58 2013 UTC (10 years, 8 months ago) by rmind
Branch: MAIN
CVS Tags: riastradh-drm2-base2, riastradh-drm2-base1, riastradh-drm2-base, riastradh-drm2
Changes since 1.142: +6 -20 lines
Diff to previous 1.142 (colored) to selected 1.22 (colored)

- Rewrite parts of pfil(9): use array to store hooks and thus be more cache
  friendly (there are only few hooks in the system).  Make the structures
  opaque and the interface more strict.
- Remove PFIL_HOOKS option by making pfil(9) mandatory.

Revision 1.140.2.2 / (download) - annotate - [select for diffs], Sun Jun 23 06:20:26 2013 UTC (10 years, 8 months ago) by tls
Branch: tls-maxphys
Changes since 1.140.2.1: +8 -8 lines
Diff to previous 1.140.2.1 (colored) to branchpoint 1.140 (colored) to selected 1.22 (colored)

resync from head

Revision 1.142 / (download) - annotate - [select for diffs], Wed Jun 5 19:01:26 2013 UTC (10 years, 9 months ago) by christos
Branch: MAIN
Branch point for: rmind-smpnet
Changes since 1.141: +8 -8 lines
Diff to previous 1.141 (colored) to selected 1.22 (colored)

IPSEC has not come in two speeds for a long time now (IPSEC == kame,
FAST_IPSEC). Make everything refer to IPSEC to avoid confusion.

Revision 1.140.2.1 / (download) - annotate - [select for diffs], Mon Feb 25 00:30:05 2013 UTC (11 years ago) by tls
Branch: tls-maxphys
Changes since 1.140: +8 -2 lines
Diff to previous 1.140 (colored) to selected 1.22 (colored)

resync with head

Revision 1.132.2.3 / (download) - annotate - [select for diffs], Wed Jan 16 05:33:50 2013 UTC (11 years, 2 months ago) by yamt
Branch: yamt-pagecache
CVS Tags: yamt-pagecache-tag8
Changes since 1.132.2.2: +8 -2 lines
Diff to previous 1.132.2.2 (colored) to branchpoint 1.132 (colored) to selected 1.22 (colored)

sync with (a bit old) head

Revision 1.141 / (download) - annotate - [select for diffs], Thu Nov 29 02:07:20 2012 UTC (11 years, 3 months ago) by christos
Branch: MAIN
CVS Tags: yamt-pagecache-base8, yamt-pagecache-base7, khorben-n900, agc-symver-base, agc-symver
Changes since 1.140: +8 -2 lines
Diff to previous 1.140 (colored) to selected 1.22 (colored)

Add a new sysctl to mark ports as reserved, so that they are not used in
the anonymous or reserved port allocation.

Revision 1.132.2.2 / (download) - annotate - [select for diffs], Tue Oct 30 17:22:49 2012 UTC (11 years, 4 months ago) by yamt
Branch: yamt-pagecache
Changes since 1.132.2.1: +55 -2 lines
Diff to previous 1.132.2.1 (colored) to branchpoint 1.132 (colored) to selected 1.22 (colored)

sync with head

Revision 1.140 / (download) - annotate - [select for diffs], Mon Jun 25 15:28:40 2012 UTC (11 years, 8 months ago) by christos
Branch: MAIN
CVS Tags: yamt-pagecache-base6
Branch point for: tls-maxphys
Changes since 1.139: +9 -9 lines
Diff to previous 1.139 (colored) to selected 1.22 (colored)

rename rfc6056 -> portalgo, requested by yamt

Revision 1.139 / (download) - annotate - [select for diffs], Sat Jun 23 03:14:04 2012 UTC (11 years, 8 months ago) by christos
Branch: MAIN
Changes since 1.138: +34 -2 lines
Diff to previous 1.138 (colored) to selected 1.22 (colored)

4 new sysctls to avoid ipv6 DoS attacks from OpenBSD

Revision 1.138 / (download) - annotate - [select for diffs], Fri Jun 22 14:54:35 2012 UTC (11 years, 8 months ago) by christos
Branch: MAIN
Changes since 1.137: +23 -2 lines
Diff to previous 1.137 (colored) to selected 1.22 (colored)

PR/46602: Move the rfc6056 port randomization to the IP layer.

Revision 1.132.2.1 / (download) - annotate - [select for diffs], Tue Apr 17 00:08:43 2012 UTC (11 years, 11 months ago) by yamt
Branch: yamt-pagecache
Changes since 1.132: +10 -41 lines
Diff to previous 1.132 (colored) to selected 1.22 (colored)

sync with head

Revision 1.133.2.2 / (download) - annotate - [select for diffs], Thu Apr 5 21:33:46 2012 UTC (11 years, 11 months ago) by mrg
Branch: jmcneill-usbmp
Changes since 1.133.2.1: +3 -36 lines
Diff to previous 1.133.2.1 (colored) to branchpoint 1.133 (colored) next main 1.134 (colored) to selected 1.22 (colored)

sync to latest -current.

Revision 1.137 / (download) - annotate - [select for diffs], Thu Mar 22 20:34:40 2012 UTC (11 years, 11 months ago) by drochner
Branch: MAIN
CVS Tags: yamt-pagecache-base5, yamt-pagecache-base4, jmcneill-usbmp-base9, jmcneill-usbmp-base8, jmcneill-usbmp-base10
Changes since 1.136: +3 -36 lines
Diff to previous 1.136 (colored) to selected 1.22 (colored)

remove KAME IPSEC, replaced by FAST_IPSEC

Revision 1.133.2.1 / (download) - annotate - [select for diffs], Sat Feb 18 07:35:42 2012 UTC (12 years, 1 month ago) by mrg
Branch: jmcneill-usbmp
Changes since 1.133: +12 -11 lines
Diff to previous 1.133 (colored) to selected 1.22 (colored)

merge to -current.

Revision 1.136 / (download) - annotate - [select for diffs], Tue Jan 10 20:01:56 2012 UTC (12 years, 2 months ago) by drochner
Branch: MAIN
CVS Tags: netbsd-6-base, netbsd-6-1-RELEASE, netbsd-6-1-RC4, netbsd-6-1-RC3, netbsd-6-1-RC2, netbsd-6-1-RC1, netbsd-6-0-RELEASE, netbsd-6-0-RC2, netbsd-6-0-RC1, netbsd-6-0-2-RELEASE, netbsd-6-0-1-RELEASE, matt-nb6-plus-nbase, matt-nb6-plus-base, matt-nb6-plus, jmcneill-usbmp-base7, jmcneill-usbmp-base6, jmcneill-usbmp-base5, jmcneill-usbmp-base4, jmcneill-usbmp-base3, jmcneill-usbmp-base2
Branch point for: netbsd-6-1, netbsd-6-0, netbsd-6
Changes since 1.135: +6 -5 lines
Diff to previous 1.135 (colored) to selected 1.22 (colored)

add patch from Arnaud Degroote to handle IPv6 extended options with
(FAST_)IPSEC, tested lightly with a DSTOPTS header consisting
of PAD1

Revision 1.135 / (download) - annotate - [select for diffs], Sat Dec 31 20:41:59 2011 UTC (12 years, 2 months ago) by christos
Branch: MAIN
Changes since 1.134: +3 -3 lines
Diff to previous 1.134 (colored) to selected 1.22 (colored)

- fix offsetof usage, and redundant defines
- kill pointer casts to 0

Revision 1.134 / (download) - annotate - [select for diffs], Mon Dec 19 11:59:58 2011 UTC (12 years, 3 months ago) by drochner
Branch: MAIN
Changes since 1.133: +7 -7 lines
Diff to previous 1.133 (colored) to selected 1.22 (colored)

rename the IPSEC in-kernel CPP variable and config(8) option to
KAME_IPSEC, and make IPSEC define it so that existing kernel
config files work as before
Now the default can be easily be changed to FAST_IPSEC just by
setting the IPSEC alias to FAST_IPSEC.

Revision 1.133 / (download) - annotate - [select for diffs], Sat Nov 19 22:51:29 2011 UTC (12 years, 4 months ago) by tls
Branch: MAIN
CVS Tags: jmcneill-usbmp-pre-base2, jmcneill-usbmp-base
Branch point for: jmcneill-usbmp
Changes since 1.132: +4 -3 lines
Diff to previous 1.132 (colored) to selected 1.22 (colored)

First step of random number subsystem rework described in
<20111022023242.BA26F14A158@mail.netbsd.org>.  This change includes
the following:

	An initial cleanup and minor reorganization of the entropy pool
	code in sys/dev/rnd.c and sys/dev/rndpool.c.  Several bugs are
	fixed.  Some effort is made to accumulate entropy more quickly at
	boot time.

	A generic interface, "rndsink", is added, for stream generators to
	request that they be re-keyed with good quality entropy from the pool
	as soon as it is available.

	The arc4random()/arc4randbytes() implementation in libkern is
	adjusted to use the rndsink interface for rekeying, which helps
	address the problem of low-quality keys at boot time.

	An implementation of the FIPS 140-2 statistical tests for random
	number generator quality is provided (libkern/rngtest.c).  This
	is based on Greg Rose's implementation from Qualcomm.

	A new random stream generator, nist_ctr_drbg, is provided.  It is
	based on an implementation of the NIST SP800-90 CTR_DRBG by
	Henric Jungheim.  This generator users AES in a modified counter
	mode to generate a backtracking-resistant random stream.

	An abstraction layer, "cprng", is provided for in-kernel consumers
	of randomness.  The arc4random/arc4randbytes API is deprecated for
	in-kernel use.  It is replaced by "cprng_strong".  The current
	cprng_fast implementation wraps the existing arc4random
	implementation.  The current cprng_strong implementation wraps the
	new CTR_DRBG implementation.  Both interfaces are rekeyed from
	the entropy pool automatically at intervals justifiable from best
	current cryptographic practice.

	In some quick tests, cprng_fast() is about the same speed as
	the old arc4randbytes(), and cprng_strong() is about 20% faster
	than rnd_extract_data().  Performance is expected to improve.

	The AES code in src/crypto/rijndael is no longer an optional
	kernel component, as it is required by cprng_strong, which is
	not an optional kernel component.

	The entropy pool output is subjected to the rngtest tests at
	startup time; if it fails, the system will reboot.  There is
	approximately a 3/10000 chance of a false positive from these
	tests.  Entropy pool _input_ from hardware random numbers is
	subjected to the rngtest tests at attach time, as well as the
	FIPS continuous-output test, to detect bad or stuck hardware
	RNGs; if any are detected, they are detached, but the system
	continues to run.

	A problem with rndctl(8) is fixed -- datastructures with
	pointers in arrays are no longer passed to userspace (this
	was not a security problem, but rather a major issue for
	compat32).  A new kernel will require a new rndctl.

	The sysctl kern.arandom() and kern.urandom() nodes are hooked
	up to the new generators, but the /dev/*random pseudodevices
	are not, yet.

	Manual pages for the new kernel interfaces are forthcoming.

Revision 1.131.2.1 / (download) - annotate - [select for diffs], Thu Jun 23 14:20:26 2011 UTC (12 years, 8 months ago) by cherry
Branch: cherry-xenmp
Changes since 1.131: +2 -4 lines
Diff to previous 1.131 (colored) next main 1.132 (colored) to selected 1.22 (colored)

Catchup with rmind-uvmplock merge.

Revision 1.129.4.2 / (download) - annotate - [select for diffs], Sun Jun 12 00:24:30 2011 UTC (12 years, 9 months ago) by rmind
Branch: rmind-uvmplock
Changes since 1.129.4.1: +0 -2 lines
Diff to previous 1.129.4.1 (colored) to branchpoint 1.129 (colored) next main 1.130 (colored) to selected 1.22 (colored)

sync with head

Revision 1.129.6.1 / (download) - annotate - [select for diffs], Mon Jun 6 09:09:59 2011 UTC (12 years, 9 months ago) by jruoho
Branch: jruoho-x86intr
Changes since 1.129: +16 -2 lines
Diff to previous 1.129 (colored) next main 1.130 (colored) to selected 1.22 (colored)

Sync with HEAD.

Revision 1.132 / (download) - annotate - [select for diffs], Wed Jun 1 22:59:44 2011 UTC (12 years, 9 months ago) by dyoung
Branch: MAIN
CVS Tags: yamt-pagecache-base3, yamt-pagecache-base2, yamt-pagecache-base, rmind-uvmplock-nbase, rmind-uvmplock-base, jmcneill-audiomp3-base, jmcneill-audiomp3
Branch point for: yamt-pagecache
Changes since 1.131: +2 -4 lines
Diff to previous 1.131 (colored) to selected 1.22 (colored)

Don't refer to extern tcbtable here, it is unused.

Revision 1.129.4.1 / (download) - annotate - [select for diffs], Tue May 31 03:05:08 2011 UTC (12 years, 9 months ago) by rmind
Branch: rmind-uvmplock
Changes since 1.129: +18 -2 lines
Diff to previous 1.129 (colored) to selected 1.22 (colored)

sync with head

Revision 1.131 / (download) - annotate - [select for diffs], Tue May 24 18:07:11 2011 UTC (12 years, 9 months ago) by spz
Branch: MAIN
CVS Tags: cherry-xenmp-base
Branch point for: cherry-xenmp
Changes since 1.130: +16 -2 lines
Diff to previous 1.130 (colored) to selected 1.22 (colored)

RA flood mitigation via a limit on accepted routes:
- introduce a limit for the routes accepted via IPv6 Router Advertisement:
  a common 2 interface client will have 6, the default limit is 100 and
  can be adjusted via sysctl
- report the current number of routes installed via RA via sysctl
- count discarded route additions. Note that one RA message is two routes.
  This is at present only across all interfaces even though per-interface
  would be more useful, since the per-interface structure complies to RFC2466
- bump kernel version due to the previous change
- adjust netstat to use the new value (with netstat -p icmp6)

Revision 1.130 / (download) - annotate - [select for diffs], Tue May 3 18:28:45 2011 UTC (12 years, 10 months ago) by dyoung
Branch: MAIN
Changes since 1.129: +4 -2 lines
Diff to previous 1.129 (colored) to selected 1.22 (colored)

Reduces the resources demanded by TCP sessions in TIME_WAIT-state using
methods called Vestigial Time-Wait (VTW) and Maximum Segment Lifetime
Truncation (MSLT).

MSLT and VTW were contributed by Coyote Point Systems, Inc.

Even after a TCP session enters the TIME_WAIT state, its corresponding
socket and protocol control blocks (PCBs) stick around until the TCP
Maximum Segment Lifetime (MSL) expires.  On a host whose workload
necessarily creates and closes down many TCP sockets, the sockets & PCBs
for TCP sessions in TIME_WAIT state amount to many megabytes of dead
weight in RAM.

Maximum Segment Lifetimes Truncation (MSLT) assigns each TCP session to
a class based on the nearness of the peer.  Corresponding to each class
is an MSL, and a session uses the MSL of its class.  The classes are
loopback (local host equals remote host), local (local host and remote
host are on the same link/subnet), and remote (local host and remote
host communicate via one or more gateways).  Classes corresponding to
nearer peers have lower MSLs by default: 2 seconds for loopback, 10
seconds for local, 60 seconds for remote.  Loopback and local sessions
expire more quickly when MSLT is used.

Vestigial Time-Wait (VTW) replaces a TIME_WAIT session's PCB/socket
dead weight with a compact representation of the session, called a
"vestigial PCB".  VTW data structures are designed to be very fast and
memory-efficient: for fast insertion and lookup of vestigial PCBs,
the PCBs are stored in a hash table that is designed to minimize the
number of cacheline visits per lookup/insertion.  The memory both
for vestigial PCBs and for elements of the PCB hashtable come from
fixed-size pools, and linked data structures exploit this to conserve
memory by representing references with a narrow index/offset from the
start of a pool instead of a pointer.  When space for new vestigial PCBs
runs out, VTW makes room by discarding old vestigial PCBs, oldest first.
VTW cooperates with MSLT.

It may help to think of VTW as a "FIN cache" by analogy to the SYN
cache.

A 2.8-GHz Pentium 4 running a test workload that creates TIME_WAIT
sessions as fast as it can is approximately 17% idle when VTW is active
versus 0% idle when VTW is inactive.  It has 103 megabytes more free RAM
when VTW is active (approximately 64k vestigial PCBs are created) than
when it is inactive.

Revision 1.122.8.1.2.1 / (download) - annotate - [select for diffs], Wed Apr 21 00:28:23 2010 UTC (13 years, 11 months ago) by matt
Branch: matt-nb5-mips64
CVS Tags: matt-nb5-mips64-premerge-20101231, matt-nb5-mips64-k15
Changes since 1.122.8.1: +2 -2 lines
Diff to previous 1.122.8.1 (colored) next main 1.123 (colored) to selected 1.22 (colored)

sync to netbsd-5

Revision 1.118.2.3 / (download) - annotate - [select for diffs], Thu Mar 11 15:04:29 2010 UTC (14 years ago) by yamt
Branch: yamt-nfs-mp
Changes since 1.118.2.2: +7 -3 lines
Diff to previous 1.118.2.2 (colored) to branchpoint 1.118 (colored) next main 1.119 (colored) to selected 1.22 (colored)

sync with head

Revision 1.129 / (download) - annotate - [select for diffs], Thu Feb 4 21:48:35 2010 UTC (14 years, 1 month ago) by joerg
Branch: MAIN
CVS Tags: yamt-nfs-mp-base9, yamt-nfs-mp-base11, yamt-nfs-mp-base10, uebayasi-xip-base4, uebayasi-xip-base3, uebayasi-xip-base2, uebayasi-xip-base1, uebayasi-xip-base, uebayasi-xip, matt-mips64-premerge-20101231, jruoho-x86intr-base, bouyer-quota2-nbase, bouyer-quota2-base, bouyer-quota2
Branch point for: rmind-uvmplock, jruoho-x86intr
Changes since 1.128: +3 -2 lines
Diff to previous 1.128 (colored) to selected 1.22 (colored)

Explicitly include opt_gateway.h when depending on GATEWAY.

Revision 1.128 / (download) - annotate - [select for diffs], Wed Sep 16 15:23:05 2009 UTC (14 years, 6 months ago) by pooka
Branch: MAIN
CVS Tags: matt-premerge-20091211, jym-xensuspend-nbase
Changes since 1.127: +6 -3 lines
Diff to previous 1.127 (colored) to selected 1.22 (colored)

Replace a large number of link set based sysctl node creations with
calls from subsystem constructors.  Benefits both future kernel
modules and rump.

no change to sysctl nodes on i386/MONOLITHIC & build tested i386/ALL

Revision 1.123.2.1 / (download) - annotate - [select for diffs], Wed May 13 17:22:29 2009 UTC (14 years, 10 months ago) by jym
Branch: jym-xensuspend
Changes since 1.123: +8 -8 lines
Diff to previous 1.123 (colored) next main 1.124 (colored) to selected 1.22 (colored)

Sync with HEAD.

Commit is split, to avoid a "too many arguments" protocol error.

Revision 1.118.2.2 / (download) - annotate - [select for diffs], Mon May 4 08:14:18 2009 UTC (14 years, 10 months ago) by yamt
Branch: yamt-nfs-mp
Changes since 1.118.2.1: +50 -25 lines
Diff to previous 1.118.2.1 (colored) to branchpoint 1.118 (colored) to selected 1.22 (colored)

sync with head.

Revision 1.122.8.1 / (download) - annotate - [select for diffs], Sun May 3 13:39:21 2009 UTC (14 years, 10 months ago) by bouyer
Branch: netbsd-5-0
CVS Tags: netbsd-5-0-2-RELEASE, netbsd-5-0-1-RELEASE, matt-nb5-mips64-u2-k2-k4-k7-k8-k9, matt-nb5-mips64-u1-k1-k5, matt-nb5-mips64-premerge-20091211, matt-nb4-mips64-k7-u2a-k9b
Branch point for: matt-nb5-mips64
Changes since 1.122: +4 -4 lines
Diff to previous 1.122 (colored) next main 1.123 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by martin in ticket #733):
	sys/netinet6/ip6_input.c: revision 1.127
Add missing paranthesis - from Kurt Lidl in PR port-vax/41316

Revision 1.122.4.1 / (download) - annotate - [select for diffs], Sun May 3 13:22:22 2009 UTC (14 years, 10 months ago) by bouyer
Branch: netbsd-5
CVS Tags: netbsd-5-2-RELEASE, netbsd-5-2-RC1, netbsd-5-2-3-RELEASE, netbsd-5-2-2-RELEASE, netbsd-5-2-1-RELEASE, netbsd-5-2, netbsd-5-1-RELEASE, netbsd-5-1-RC4, netbsd-5-1-RC3, netbsd-5-1-RC2, netbsd-5-1-RC1, netbsd-5-1-5-RELEASE, netbsd-5-1-4-RELEASE, netbsd-5-1-3-RELEASE, netbsd-5-1-2-RELEASE, netbsd-5-1-1-RELEASE, netbsd-5-1, matt-nb5-pq3-base, matt-nb5-pq3
Changes since 1.122: +4 -4 lines
Diff to previous 1.122 (colored) next main 1.123 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by martin in ticket #733):
	sys/netinet6/ip6_input.c: revision 1.127
Add missing paranthesis - from Kurt Lidl in PR port-vax/41316

Revision 1.127 / (download) - annotate - [select for diffs], Fri May 1 03:23:39 2009 UTC (14 years, 10 months ago) by martin
Branch: MAIN
CVS Tags: yamt-nfs-mp-base8, yamt-nfs-mp-base7, yamt-nfs-mp-base6, yamt-nfs-mp-base5, yamt-nfs-mp-base4, yamt-nfs-mp-base3, jymxensuspend-base, jym-xensuspend-base
Changes since 1.126: +4 -4 lines
Diff to previous 1.126 (colored) to selected 1.22 (colored)

Add missing paranthesis - from Kurt Lidl in PR port-vax/41316

Revision 1.122.2.2 / (download) - annotate - [select for diffs], Tue Apr 28 07:37:23 2009 UTC (14 years, 10 months ago) by skrll
Branch: nick-hppapmap
Changes since 1.122.2.1: +6 -6 lines
Diff to previous 1.122.2.1 (colored) to branchpoint 1.122 (colored) next main 1.123 (colored) to selected 1.22 (colored)

Sync with HEAD.

Revision 1.126 / (download) - annotate - [select for diffs], Sat Apr 18 14:58:05 2009 UTC (14 years, 11 months ago) by tsutsui
Branch: MAIN
CVS Tags: nick-hppapmap-base4, nick-hppapmap-base3, nick-hppapmap-base
Changes since 1.125: +5 -5 lines
Diff to previous 1.125 (colored) to selected 1.22 (colored)

Remove extra whitespace added by a stupid tool.
XXX: more in src/sys/arch

Revision 1.125 / (download) - annotate - [select for diffs], Wed Mar 18 17:06:52 2009 UTC (15 years ago) by cegger
Branch: MAIN
Changes since 1.124: +5 -5 lines
Diff to previous 1.124 (colored) to selected 1.22 (colored)

bcopy -> memcpy

Revision 1.124 / (download) - annotate - [select for diffs], Wed Mar 18 16:00:23 2009 UTC (15 years ago) by cegger
Branch: MAIN
Changes since 1.123: +3 -3 lines
Diff to previous 1.123 (colored) to selected 1.22 (colored)

bzero -> memset

Revision 1.122.2.1 / (download) - annotate - [select for diffs], Mon Jan 19 13:20:14 2009 UTC (15 years, 2 months ago) by skrll
Branch: nick-hppapmap
Changes since 1.122: +21 -5 lines
Diff to previous 1.122 (colored) to selected 1.22 (colored)

Sync with HEAD.

Revision 1.123 / (download) - annotate - [select for diffs], Mon Jan 19 02:27:57 2009 UTC (15 years, 2 months ago) by christos
Branch: MAIN
CVS Tags: nick-hppapmap-base2
Branch point for: jym-xensuspend
Changes since 1.122: +21 -5 lines
Diff to previous 1.122 (colored) to selected 1.22 (colored)

Provide compatibility to the old timeval SCM_TIMESTAMP messages.

Revision 1.119.6.1 / (download) - annotate - [select for diffs], Sun Oct 19 22:17:52 2008 UTC (15 years, 5 months ago) by haad
Branch: haad-dm
Changes since 1.119: +25 -16 lines
Diff to previous 1.119 (colored) next main 1.120 (colored) to selected 1.22 (colored)

Sync with HEAD.

Revision 1.113.12.3 / (download) - annotate - [select for diffs], Sun Sep 28 10:40:59 2008 UTC (15 years, 5 months ago) by mjf
Branch: mjf-devfs2
Changes since 1.113.12.2: +23 -14 lines
Diff to previous 1.113.12.2 (colored) to branchpoint 1.113 (colored) next main 1.114 (colored) to selected 1.22 (colored)

Sync with HEAD.

Revision 1.119.2.1 / (download) - annotate - [select for diffs], Thu Sep 18 04:37:01 2008 UTC (15 years, 6 months ago) by wrstuden
Branch: wrstuden-revivesa
Changes since 1.119: +25 -16 lines
Diff to previous 1.119 (colored) next main 1.120 (colored) to selected 1.22 (colored)

Sync with wrstuden-revivesa-base-2.

Revision 1.122 / (download) - annotate - [select for diffs], Thu Aug 21 15:34:10 2008 UTC (15 years, 7 months ago) by matt
Branch: MAIN
CVS Tags: wrstuden-revivesa-base-4, wrstuden-revivesa-base-3, wrstuden-revivesa-base-2, netbsd-5-base, netbsd-5-0-RELEASE, netbsd-5-0-RC4, netbsd-5-0-RC3, netbsd-5-0-RC2, netbsd-5-0-RC1, mjf-devfs2-base, matt-mips64-base2, haad-nbase2, haad-dm-base2, haad-dm-base1, haad-dm-base, ad-audiomp2-base, ad-audiomp2
Branch point for: nick-hppapmap, netbsd-5-0, netbsd-5
Changes since 1.121: +4 -4 lines
Diff to previous 1.121 (colored) to selected 1.22 (colored)

Change KERNEL_LOCK_ONE (wrong name) to KERNEL_LOCK (the right name).

Revision 1.121 / (download) - annotate - [select for diffs], Wed Aug 20 22:58:42 2008 UTC (15 years, 7 months ago) by simonb
Branch: MAIN
Changes since 1.120: +11 -11 lines
Diff to previous 1.120 (colored) to selected 1.22 (colored)

Fix 8-spaces-vs-tab goop.

Revision 1.120 / (download) - annotate - [select for diffs], Wed Aug 20 18:35:20 2008 UTC (15 years, 7 months ago) by matt
Branch: MAIN
Changes since 1.119: +22 -13 lines
Diff to previous 1.119 (colored) to selected 1.22 (colored)

Make the sysctl routines take out softnet_lock before dealing with
any data structures.

Change inet6ctlerrmap and zeroin6_addr to const.

Revision 1.113.12.2 / (download) - annotate - [select for diffs], Mon Jun 2 13:24:27 2008 UTC (15 years, 9 months ago) by mjf
Branch: mjf-devfs2
Changes since 1.113.12.1: +81 -55 lines
Diff to previous 1.113.12.1 (colored) to branchpoint 1.113 (colored) to selected 1.22 (colored)

Sync with HEAD.

Revision 1.116.2.1 / (download) - annotate - [select for diffs], Sun May 18 12:35:35 2008 UTC (15 years, 10 months ago) by yamt
Branch: yamt-pf42
Changes since 1.116: +13 -33 lines
Diff to previous 1.116 (colored) next main 1.117 (colored) to selected 1.22 (colored)

sync with head.

Revision 1.118.2.1 / (download) - annotate - [select for diffs], Fri May 16 02:25:45 2008 UTC (15 years, 10 months ago) by yamt
Branch: yamt-nfs-mp
Changes since 1.118: +3 -8 lines
Diff to previous 1.118 (colored) to selected 1.22 (colored)

sync with head.

Revision 1.119 / (download) - annotate - [select for diffs], Sun May 4 07:22:15 2008 UTC (15 years, 10 months ago) by thorpej
Branch: MAIN
CVS Tags: yamt-pf42-base4, yamt-pf42-base3, yamt-pf42-base2, yamt-nfs-mp-base2, wrstuden-revivesa-base-1, wrstuden-revivesa-base, simonb-wapbl-nbase, simonb-wapbl-base, simonb-wapbl, hpcarm-cleanup-nbase
Branch point for: wrstuden-revivesa, haad-dm
Changes since 1.118: +3 -8 lines
Diff to previous 1.118 (colored) to selected 1.22 (colored)

Simplify the interface to netstat_sysctl() and allocate space for
the collated counters using kmem_alloc().

PR kern/38577

Revision 1.118 / (download) - annotate - [select for diffs], Thu Apr 24 11:38:38 2008 UTC (15 years, 10 months ago) by ad
Branch: MAIN
CVS Tags: yamt-nfs-mp-base
Branch point for: yamt-nfs-mp
Changes since 1.117: +10 -6 lines
Diff to previous 1.117 (colored) to selected 1.22 (colored)

Merge the socket locking patch:

- Socket layer becomes MP safe.
- Unix protocols become MP safe.
- Allows protocol processing interrupts to safely block on locks.
- Fixes a number of race conditions.

With much feedback from matt@ and plunky@.

Revision 1.117 / (download) - annotate - [select for diffs], Wed Apr 23 06:09:05 2008 UTC (15 years, 10 months ago) by thorpej
Branch: MAIN
Changes since 1.116: +9 -28 lines
Diff to previous 1.116 (colored) to selected 1.22 (colored)

Make IPSEC and FAST_IPSEC stats per-cpu.  Use <net/net_stats.h> and
netstat_sysctl().

Revision 1.116 / (download) - annotate - [select for diffs], Tue Apr 15 03:57:04 2008 UTC (15 years, 11 months ago) by thorpej
Branch: MAIN
CVS Tags: yamt-pf42-baseX, yamt-pf42-base
Branch point for: yamt-pf42
Changes since 1.115: +95 -50 lines
Diff to previous 1.115 (colored) to selected 1.22 (colored)

Make ip6 and icmp6 stats per-cpu.

Revision 1.115 / (download) - annotate - [select for diffs], Tue Apr 8 23:37:43 2008 UTC (15 years, 11 months ago) by thorpej
Branch: MAIN
Changes since 1.114: +53 -52 lines
Diff to previous 1.114 (colored) to selected 1.22 (colored)

Change IPv6 stats from a structure to an array of uint64_t's.

Note: This is ABI-compatible with the old ip6stat structure; old netstat
binaries will continue to work properly.

Revision 1.113.12.1 / (download) - annotate - [select for diffs], Thu Apr 3 12:43:09 2008 UTC (15 years, 11 months ago) by mjf
Branch: mjf-devfs2
Changes since 1.113: +4 -4 lines
Diff to previous 1.113 (colored) to selected 1.22 (colored)

Sync with HEAD.

Revision 1.113.8.2 / (download) - annotate - [select for diffs], Mon Mar 24 07:16:24 2008 UTC (15 years, 11 months ago) by keiichi
Branch: keiichi-mipv6
Changes since 1.113.8.1: +4 -4 lines
Diff to previous 1.113.8.1 (colored) to branchpoint 1.113 (colored) next main 1.114 (colored) to selected 1.22 (colored)

sync with head.

Revision 1.109.6.3 / (download) - annotate - [select for diffs], Sun Mar 23 02:05:07 2008 UTC (16 years ago) by matt
Branch: matt-armv6
Changes since 1.109.6.2: +4 -4 lines
Diff to previous 1.109.6.2 (colored) to branchpoint 1.109 (colored) next main 1.110 (colored) to selected 1.22 (colored)

sync with HEAD

Revision 1.78.2.8 / (download) - annotate - [select for diffs], Mon Mar 17 09:15:42 2008 UTC (16 years ago) by yamt
Branch: yamt-lazymbuf
Changes since 1.78.2.7: +4 -4 lines
Diff to previous 1.78.2.7 (colored) next main 1.79 (colored) to selected 1.22 (colored)

sync with head.

Revision 1.114 / (download) - annotate - [select for diffs], Wed Feb 27 19:40:56 2008 UTC (16 years ago) by matt
Branch: MAIN
CVS Tags: yamt-lazymbuf-base15, yamt-lazymbuf-base14, matt-armv6-nbase, keiichi-mipv6-nbase, keiichi-mipv6-base, ad-socklock-base1
Changes since 1.113: +4 -4 lines
Diff to previous 1.113 (colored) to selected 1.22 (colored)

Convert to ansi definitions from old-style definitons.
Remember that func() is not ansi, func(void) is.

Revision 1.113.8.1 / (download) - annotate - [select for diffs], Fri Feb 22 02:53:33 2008 UTC (16 years ago) by keiichi
Branch: keiichi-mipv6
Changes since 1.113: +39 -5 lines
Diff to previous 1.113 (colored) to selected 1.22 (colored)

imported Mobile IPv6 code developed by the SHISA project
(http://www.mobileip.jp/).

Revision 1.109.6.2 / (download) - annotate - [select for diffs], Wed Jan 9 01:57:37 2008 UTC (16 years, 2 months ago) by matt
Branch: matt-armv6
Changes since 1.109.6.1: +3 -3 lines
Diff to previous 1.109.6.1 (colored) to branchpoint 1.109 (colored) to selected 1.22 (colored)

sync with HEAD

Revision 1.109.4.4 / (download) - annotate - [select for diffs], Sun Dec 9 19:38:38 2007 UTC (16 years, 3 months ago) by jmcneill
Branch: jmcneill-pm
Changes since 1.109.4.3: +3 -3 lines
Diff to previous 1.109.4.3 (colored) to branchpoint 1.109 (colored) next main 1.110 (colored) to selected 1.22 (colored)

Sync with HEAD.

Revision 1.112.2.1 / (download) - annotate - [select for diffs], Sat Dec 8 18:21:17 2007 UTC (16 years, 3 months ago) by mjf
Branch: mjf-devfs
Changes since 1.112: +3 -3 lines
Diff to previous 1.112 (colored) next main 1.113 (colored) to selected 1.22 (colored)

Sync with HEAD.

Revision 1.112.4.1 / (download) - annotate - [select for diffs], Sat Dec 8 17:57:58 2007 UTC (16 years, 3 months ago) by ad
Branch: vmlocking2
Changes since 1.112: +3 -3 lines
Diff to previous 1.112 (colored) next main 1.113 (colored) to selected 1.22 (colored)

Sync with head.

Revision 1.78.2.7 / (download) - annotate - [select for diffs], Fri Dec 7 17:34:36 2007 UTC (16 years, 3 months ago) by yamt
Branch: yamt-lazymbuf
Changes since 1.78.2.6: +3 -3 lines
Diff to previous 1.78.2.6 (colored) to selected 1.22 (colored)

sync with head

Revision 1.113 / (download) - annotate - [select for diffs], Tue Dec 4 10:27:34 2007 UTC (16 years, 3 months ago) by dyoung
Branch: MAIN
CVS Tags: yamt-kmem-base3, yamt-kmem-base2, yamt-kmem-base, yamt-kmem, vmlocking2-base3, vmlocking2-base2, reinoud-bufcleanup-nbase, reinoud-bufcleanup-base, nick-net80211-sync-base, nick-net80211-sync, mjf-devfs-base, matt-armv6-base, jmcneill-pm-base, hpcarm-cleanup-base, cube-autoconf-base, cube-autoconf, bouyer-xeni386-nbase, bouyer-xeni386-merge1, bouyer-xeni386-base, bouyer-xeni386
Branch point for: mjf-devfs2, keiichi-mipv6
Changes since 1.112: +3 -3 lines
Diff to previous 1.112 (colored) to selected 1.22 (colored)

Use IFNET_FOREACH() and IFADDR_FOREACH().

Revision 1.78.2.6 / (download) - annotate - [select for diffs], Thu Nov 15 11:45:11 2007 UTC (16 years, 4 months ago) by yamt
Branch: yamt-lazymbuf
Changes since 1.78.2.5: +15 -9 lines
Diff to previous 1.78.2.5 (colored) to selected 1.22 (colored)

sync with head.

Revision 1.110.4.1 / (download) - annotate - [select for diffs], Tue Nov 13 16:02:56 2007 UTC (16 years, 4 months ago) by bouyer
Branch: bouyer-xenamd64
Changes since 1.110: +25 -21 lines
Diff to previous 1.110 (colored) next main 1.111 (colored) to selected 1.22 (colored)

Sync with HEAD

Revision 1.109.6.1 / (download) - annotate - [select for diffs], Tue Nov 6 23:34:02 2007 UTC (16 years, 4 months ago) by matt
Branch: matt-armv6
CVS Tags: matt-armv6-prevmlocking
Changes since 1.109: +25 -22 lines
Diff to previous 1.109 (colored) to selected 1.22 (colored)

sync with HEAD

Revision 1.109.4.3 / (download) - annotate - [select for diffs], Wed Oct 31 23:14:11 2007 UTC (16 years, 4 months ago) by joerg
Branch: jmcneill-pm
Changes since 1.109.4.2: +15 -9 lines
Diff to previous 1.109.4.2 (colored) to branchpoint 1.109 (colored) to selected 1.22 (colored)

Sync with HEAD.

Revision 1.112 / (download) - annotate - [select for diffs], Mon Oct 29 16:54:42 2007 UTC (16 years, 4 months ago) by dyoung
Branch: MAIN
CVS Tags: vmlocking2-base1, vmlocking-nbase, jmcneill-base, bouyer-xenamd64-base2, bouyer-xenamd64-base
Branch point for: vmlocking2, mjf-devfs
Changes since 1.111: +15 -9 lines
Diff to previous 1.111 (colored) to selected 1.22 (colored)

The IPv6 stack labels incoming packets with an m_tag whose payload
is a struct ip6aux.  A struct ip6aux used to contain a pointer to
an in6_ifaddr, but that pointer could become a dangling reference
in the lifetime of the m_tag, because ip6_setdstifaddr() did not
increase the in6_ifaddr's reference count.  I have removed the
pointer from ip6aux.  I load it with the interesting fields from
the in6_ifaddr (an IPv6 address, a scope ID, and some flags),
instead.

Revision 1.78.2.5 / (download) - annotate - [select for diffs], Sat Oct 27 11:36:12 2007 UTC (16 years, 4 months ago) by yamt
Branch: yamt-lazymbuf
Changes since 1.78.2.4: +12 -15 lines
Diff to previous 1.78.2.4 (colored) to selected 1.22 (colored)

sync with head.

Revision 1.109.4.2 / (download) - annotate - [select for diffs], Fri Oct 26 15:49:08 2007 UTC (16 years, 4 months ago) by joerg
Branch: jmcneill-pm
Changes since 1.109.4.1: +12 -14 lines
Diff to previous 1.109.4.1 (colored) to branchpoint 1.109 (colored) to selected 1.22 (colored)

Sync with HEAD.

Follow the merge of pmap.c on i386 and amd64 and move
pmap_init_tmp_pgtbl into arch/x86/x86/pmap.c. Modify the ACPI wakeup
code to restore CR4 before jumping back into kernel space as the large
page option might cover that.

Revision 1.111 / (download) - annotate - [select for diffs], Wed Oct 24 06:37:22 2007 UTC (16 years, 4 months ago) by dyoung
Branch: MAIN
Changes since 1.110: +12 -14 lines
Diff to previous 1.110 (colored) to selected 1.22 (colored)

Replace rote sockaddr_in6 initializations (memset(), set sa6_family,
sa6_len, and sa6_add) with sockaddr_in6_init() calls.

De-__P().  Constify.  KNF.  Shorten a staircase.  Change bcmp() to
memcmp().

Extract subroutine in6_setzoneid() from in6_setscope(), for re-use
soon.

Revision 1.98.2.6 / (download) - annotate - [select for diffs], Tue Oct 9 13:44:55 2007 UTC (16 years, 5 months ago) by ad
Branch: vmlocking
Changes since 1.98.2.5: +2 -3 lines
Diff to previous 1.98.2.5 (colored) next main 1.99 (colored) to selected 1.22 (colored)

Sync with head.

Revision 1.109.4.1 / (download) - annotate - [select for diffs], Tue Oct 2 18:29:23 2007 UTC (16 years, 5 months ago) by joerg
Branch: jmcneill-pm
Changes since 1.109: +2 -3 lines
Diff to previous 1.109 (colored) to selected 1.22 (colored)

Sync with HEAD.

Revision 1.90.2.1.2.2 / (download) - annotate - [select for diffs], Sun Sep 23 21:36:35 2007 UTC (16 years, 5 months ago) by wrstuden
Branch: wrstuden-fixsa
Changes since 1.90.2.1.2.1: +2 -3 lines
Diff to previous 1.90.2.1.2.1 (colored) next main 1.90.2.2 (colored) to selected 1.22 (colored)

Sync with somewhat-recent netbsd-4.

Revision 1.90.2.3 / (download) - annotate - [select for diffs], Sun Sep 16 15:34:59 2007 UTC (16 years, 6 months ago) by xtraeme
Branch: netbsd-4
CVS Tags: wrstuden-fixsa-newbase, wrstuden-fixsa-base-1, wrstuden-fixsa-base, netbsd-4-0-RELEASE, netbsd-4-0-RC5, netbsd-4-0-RC4, netbsd-4-0-RC3, netbsd-4-0-RC2, netbsd-4-0-1-RELEASE, netbsd-4-0, matt-nb4-arm-base, matt-nb4-arm
Changes since 1.90.2.2: +0 -1 lines
Diff to previous 1.90.2.2 (colored) to branchpoint 1.90 (colored) next main 1.91 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by degroote in ticket #881):
	sys/netinet/ip_input.c: revision 1.253
	sys/netinet6/ip6_input.c: revision 1.110

In some FAST_IPSEC, spl level is not restored correctly. Fix that.
Spotted by Wolfgang Stukenbrock in pr/36800

Revision 1.110 / (download) - annotate - [select for diffs], Tue Sep 11 14:18:09 2007 UTC (16 years, 6 months ago) by degroote
Branch: MAIN
CVS Tags: yamt-x86pmap-base4, yamt-x86pmap-base3, yamt-x86pmap-base2, yamt-x86pmap-base, yamt-x86pmap, vmlocking-base
Branch point for: bouyer-xenamd64
Changes since 1.109: +2 -3 lines
Diff to previous 1.109 (colored) to selected 1.22 (colored)

In some FAST_IPSEC, spl level is not restored correctly. Fix that.

Spotted by Wolfgang Stukenbrock in pr/36800

Revision 1.78.2.4 / (download) - annotate - [select for diffs], Mon Sep 3 14:43:32 2007 UTC (16 years, 6 months ago) by yamt
Branch: yamt-lazymbuf
Changes since 1.78.2.3: +156 -107 lines
Diff to previous 1.78.2.3 (colored) to selected 1.22 (colored)

sync with head.

Revision 1.98.2.5 / (download) - annotate - [select for diffs], Mon Aug 20 21:28:05 2007 UTC (16 years, 7 months ago) by ad
Branch: vmlocking
Changes since 1.98.2.4: +4 -4 lines
Diff to previous 1.98.2.4 (colored) to selected 1.22 (colored)

Sync with HEAD.

Revision 1.108.2.1 / (download) - annotate - [select for diffs], Wed Aug 15 13:49:51 2007 UTC (16 years, 7 months ago) by skrll
Branch: nick-csl-alignment
Changes since 1.108: +4 -4 lines
Diff to previous 1.108 (colored) next main 1.109 (colored) to selected 1.22 (colored)

Sync with HEAD.

Revision 1.109.8.2 / (download) - annotate - [select for diffs], Thu Jul 19 20:48:57 2007 UTC (16 years, 8 months ago) by dyoung
Branch: matt-mips64
Changes since 1.109.8.1: +1926 -0 lines
Diff to previous 1.109.8.1 (colored) to branchpoint 1.109 (colored) next main 1.110 (colored) to selected 1.22 (colored)

Take steps to hide the radix_node implementation of the forwarding table
from the forwarding table's users:

        Introduce rt_walktree() for walking the routing table and
        applying a function to each rtentry.  Replace most
        rn_walktree() calls with it.

        Use rt_getkey()/rt_setkey() to get/set a route's destination.
        Keep a pointer to the sockaddr key in the rtentry, so that
        rtentry users do not have to grovel in the radix_node for
        the key.

        Add a RTM_GET method to rtrequest.  Use that instead of
        radix_node lookups in, e.g., carp(4).

Add sys/net/link_proto.c, which supplies sockaddr routines for
link-layer socket addresses (sockaddr_dl).

Cosmetic:

        Constify.  KNF.  Stop open-coding LIST_FOREACH, TAILQ_FOREACH,
        et cetera.  Use NULL instead of 0 for null pointers.  Use
        __arraycount().  Reduce gratuitous parenthesization.

        Stop using variadic arguments for rip6_output(), it is
        unnecessary.

        Remove the unnecessary rtentry member rt_genmask and the
        code to maintain it, since nothing actually used it.

        Make rt_maskedcopy() easier to read by using meaningful variable
        names.

        Extract a subroutine intern_netmask() for looking up a netmask in
        the masks table.

        Start converting backslash-ridden IPv6 macros in
        sys/netinet6/in6_var.h into inline subroutines that one
        can read without special eyeglasses.

One functional change: when the kernel serves an RTM_GET, RTM_LOCK,
or RTM_CHANGE request, it applies the netmask (if supplied) to a
destination before searching for it in the forwarding table.

I have changed sys/netinet/ip_carp.c, carp_setroute(), to remove
the unlawful radix_node knowledge.

Apart from the changes to carp(4), netiso, ATM, and strip(4), I
have run the changes on three nodes in my wireless routing testbed,
which involves IPv4 + IPv6 dynamic routing acrobatics, and it's
working beautifully so far.

Revision 1.109.8.1, Thu Jul 19 20:48:56 2007 UTC (16 years, 8 months ago) by dyoung
Branch: matt-mips64
Changes since 1.109: +0 -1926 lines
FILE REMOVED

file ip6_input.c was added on branch matt-mips64 on 2007-07-19 20:48:57 +0000

Revision 1.109 / (download) - annotate - [select for diffs], Thu Jul 19 20:48:56 2007 UTC (16 years, 8 months ago) by dyoung
Branch: MAIN
CVS Tags: nick-csl-alignment-base5, matt-mips64-base, hpcarm-cleanup
Branch point for: matt-mips64, matt-armv6, jmcneill-pm
Changes since 1.108: +4 -4 lines
Diff to previous 1.108 (colored) to selected 1.22 (colored)

Take steps to hide the radix_node implementation of the forwarding table
from the forwarding table's users:

        Introduce rt_walktree() for walking the routing table and
        applying a function to each rtentry.  Replace most
        rn_walktree() calls with it.

        Use rt_getkey()/rt_setkey() to get/set a route's destination.
        Keep a pointer to the sockaddr key in the rtentry, so that
        rtentry users do not have to grovel in the radix_node for
        the key.

        Add a RTM_GET method to rtrequest.  Use that instead of
        radix_node lookups in, e.g., carp(4).

Add sys/net/link_proto.c, which supplies sockaddr routines for
link-layer socket addresses (sockaddr_dl).

Cosmetic:

        Constify.  KNF.  Stop open-coding LIST_FOREACH, TAILQ_FOREACH,
        et cetera.  Use NULL instead of 0 for null pointers.  Use
        __arraycount().  Reduce gratuitous parenthesization.

        Stop using variadic arguments for rip6_output(), it is
        unnecessary.

        Remove the unnecessary rtentry member rt_genmask and the
        code to maintain it, since nothing actually used it.

        Make rt_maskedcopy() easier to read by using meaningful variable
        names.

        Extract a subroutine intern_netmask() for looking up a netmask in
        the masks table.

        Start converting backslash-ridden IPv6 macros in
        sys/netinet6/in6_var.h into inline subroutines that one
        can read without special eyeglasses.

One functional change: when the kernel serves an RTM_GET, RTM_LOCK,
or RTM_CHANGE request, it applies the netmask (if supplied) to a
destination before searching for it in the forwarding table.

I have changed sys/netinet/ip_carp.c, carp_setroute(), to remove
the unlawful radix_node knowledge.

Apart from the changes to carp(4), netiso, ATM, and strip(4), I
have run the changes on three nodes in my wireless routing testbed,
which involves IPv4 + IPv6 dynamic routing acrobatics, and it's
working beautifully so far.

Revision 1.98.4.1 / (download) - annotate - [select for diffs], Wed Jul 11 20:11:42 2007 UTC (16 years, 8 months ago) by mjf
Branch: mjf-ufs-trans
Changes since 1.98: +96 -92 lines
Diff to previous 1.98 (colored) next main 1.99 (colored) to selected 1.22 (colored)

Sync with head.

Revision 1.108 / (download) - annotate - [select for diffs], Mon Jul 9 21:11:12 2007 UTC (16 years, 8 months ago) by ad
Branch: MAIN
CVS Tags: nick-csl-alignment-base, mjf-ufs-trans-base
Branch point for: nick-csl-alignment
Changes since 1.107: +5 -5 lines
Diff to previous 1.107 (colored) to selected 1.22 (colored)

Merge some of the less invasive changes from the vmlocking branch:

- kthread, callout, devsw API changes
- select()/poll() improvements
- miscellaneous MT safety improvements

Revision 1.98.2.4 / (download) - annotate - [select for diffs], Mon Jul 2 13:46:08 2007 UTC (16 years, 8 months ago) by yamt
Branch: vmlocking
Changes since 1.98.2.3: +3 -6 lines
Diff to previous 1.98.2.3 (colored) to selected 1.22 (colored)

- ip6_init: fix a mistake in rev.1.98.2.3 which makes
  callout_softclock jump to NULL.
- s/struct callout/callout_t/

Revision 1.98.2.3 / (download) - annotate - [select for diffs], Sun Jul 1 21:50:52 2007 UTC (16 years, 8 months ago) by ad
Branch: vmlocking
Changes since 1.98.2.2: +7 -4 lines
Diff to previous 1.98.2.2 (colored) to selected 1.22 (colored)

Adapt to callout API change.

Revision 1.98.2.2 / (download) - annotate - [select for diffs], Fri Jun 8 14:17:55 2007 UTC (16 years, 9 months ago) by ad
Branch: vmlocking
Changes since 1.98.2.1: +53 -85 lines
Diff to previous 1.98.2.1 (colored) to selected 1.22 (colored)

Sync with head.

Revision 1.73.2.1.4.3 / (download) - annotate - [select for diffs], Mon Jun 4 19:26:07 2007 UTC (16 years, 9 months ago) by bouyer
Branch: netbsd-2-1
Changes since 1.73.2.1.4.2: +34 -2 lines
Diff to previous 1.73.2.1.4.2 (colored) to branchpoint 1.73.2.1 (colored) next main 1.73.2.2 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by adrianp in ticket #11330):
	sys/netinet6/ip6_input.c: revision 1.102 via patch
	sys/netinet6/route6.c: revision 1.18 via patch
	sys/netinet6/ip6_var.h: revisions 1.41-1.42 via patch
	sbin/sysctl/sysctl.8: patch
Disable processing of routing header type 0 packets since they can be used
of DoS attacks. Provide a sysctl to re-enable them (net.inet6.ip6.rht0).
Information from:
        http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf

Revision 1.73.2.3 / (download) - annotate - [select for diffs], Mon Jun 4 19:24:35 2007 UTC (16 years, 9 months ago) by bouyer
Branch: netbsd-2-0
Changes since 1.73.2.2: +34 -2 lines
Diff to previous 1.73.2.2 (colored) to branchpoint 1.73 (colored) next main 1.74 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by adrianp in ticket #11330):
	sys/netinet6/ip6_input.c: revision 1.102 via patch
	sys/netinet6/route6.c: revision 1.18 via patch
	sys/netinet6/ip6_var.h: revisions 1.41-1.42 via patch
	sbin/sysctl/sysctl.8: patch
Disable processing of routing header type 0 packets since they can be used
of DoS attacks. Provide a sysctl to re-enable them (net.inet6.ip6.rht0).
Information from:
        http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf

Revision 1.73.2.1.2.3 / (download) - annotate - [select for diffs], Mon Jun 4 19:22:52 2007 UTC (16 years, 9 months ago) by bouyer
Branch: netbsd-2
Changes since 1.73.2.1.2.2: +34 -2 lines
Diff to previous 1.73.2.1.2.2 (colored) to branchpoint 1.73.2.1 (colored) next main 1.73.2.2 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by adrianp in ticket #11330):
	sys/netinet6/ip6_input.c: revision 1.102 via patch
	sys/netinet6/route6.c: revision 1.18 via patch
	sys/netinet6/ip6_var.h: revisions 1.41-1.42 via patch
	sbin/sysctl/sysctl.8: patch
Disable processing of routing header type 0 packets since they can be used
of DoS attacks. Provide a sysctl to re-enable them (net.inet6.ip6.rht0).
Information from:
        http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf

Revision 1.90.2.1.2.1 / (download) - annotate - [select for diffs], Mon Jun 4 01:54:25 2007 UTC (16 years, 9 months ago) by wrstuden
Branch: wrstuden-fixsa
Changes since 1.90.2.1: +56 -2 lines
Diff to previous 1.90.2.1 (colored) to selected 1.22 (colored)

Update to today's netbsd-4.

Revision 1.90.2.2 / (download) - annotate - [select for diffs], Thu May 24 19:13:15 2007 UTC (16 years, 9 months ago) by pavel
Branch: netbsd-4
CVS Tags: netbsd-4-0-RC1
Changes since 1.90.2.1: +54 -0 lines
Diff to previous 1.90.2.1 (colored) to branchpoint 1.90 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by degroote in ticket #667):
	sys/netinet/tcp_input.c: revision 1.260
	sys/netinet/tcp_output.c: revision 1.154
	sys/netinet/tcp_subr.c: revision 1.210
	sys/netinet6/icmp6.c: revision 1.129
	sys/netinet6/in6_proto.c: revision 1.70
	sys/netinet6/ip6_forward.c: revision 1.54
	sys/netinet6/ip6_input.c: revision 1.94
	sys/netinet6/ip6_output.c: revision 1.114
	sys/netinet6/raw_ip6.c: revision 1.81
	sys/netipsec/ipcomp_var.h: revision 1.4
	sys/netipsec/ipsec.c: revision 1.26 via patch,1.31-1.32
	sys/netipsec/ipsec6.h: revision 1.5
	sys/netipsec/ipsec_input.c: revision 1.14
	sys/netipsec/ipsec_netbsd.c: revision 1.18,1.26
	sys/netipsec/ipsec_output.c: revision 1.21 via patch
	sys/netipsec/key.c: revision 1.33,1.44
	sys/netipsec/xform_ipcomp.c: revision 1.9
	sys/netipsec/xform_ipip.c: revision 1.15
	sys/opencrypto/deflate.c: revision 1.8
Commit my SoC work
Add ipv6 support for fast_ipsec
Note that currently, packet with extensions headers are not correctly
supported
Change the ipcomp logic

Add sysctl tree to modify the fast_ipsec options related to ipv6. Similar
to the sysctl kame interface.

Choose the good default policy, depending of the adress family of the
desired policy

Increase the refcount for the default ipv6 policy so nobody can reclaim it

Always compute the sp index even if we don't have any sp in spd. It will
let us to choose the right default policy (based on the adress family
requested).
While here, fix an error message

Use dynamic array instead of an static array to decompress. It lets us to
decompress any data, whatever is the radio decompressed data / compressed
data.
It fixes the last issues with fast_ipsec and ipcomp.
While here, bzero -> memset, bcopy -> memcpy, FREE -> free
Reviewed a long time ago by sam@

Revision 1.107 / (download) - annotate - [select for diffs], Wed May 23 17:15:02 2007 UTC (16 years, 10 months ago) by christos
Branch: MAIN
Changes since 1.106: +20 -50 lines
Diff to previous 1.106 (colored) to selected 1.22 (colored)

Ansify + add a few comments, from Karl Sjödahl

Revision 1.94.2.5 / (download) - annotate - [select for diffs], Thu May 17 13:41:51 2007 UTC (16 years, 10 months ago) by yamt
Branch: yamt-idlelwp
Changes since 1.94.2.4: +2 -34 lines
Diff to previous 1.94.2.4 (colored) next main 1.95 (colored) to selected 1.22 (colored)

sync with head.

Revision 1.106 / (download) - annotate - [select for diffs], Thu May 17 11:48:42 2007 UTC (16 years, 10 months ago) by yamt
Branch: MAIN
CVS Tags: yamt-idlelwp-base8
Changes since 1.105: +2 -34 lines
Diff to previous 1.105 (colored) to selected 1.22 (colored)

remove net.inet6.ip6.rht0 sysctl.
it's too dangerous compared to its benefit.

strongly requested by itojun@.  ok'ed by core@.

Revision 1.94.2.4 / (download) - annotate - [select for diffs], Mon May 7 10:56:04 2007 UTC (16 years, 10 months ago) by yamt
Branch: yamt-idlelwp
Changes since 1.94.2.3: +67 -37 lines
Diff to previous 1.94.2.3 (colored) to selected 1.22 (colored)

sync with head.

Revision 1.105 / (download) - annotate - [select for diffs], Sun May 6 02:29:33 2007 UTC (16 years, 10 months ago) by dyoung
Branch: MAIN
Changes since 1.104: +22 -38 lines
Diff to previous 1.104 (colored) to selected 1.22 (colored)

Use rtcache_lookup2(), and fix cache hit/miss accounting.

While I am here, introduce an rtentry pointer, 'rt', and set it
equal to ip6_forward.ro_rt.  Replace several occurrences of
'ip6_forward.ro_rt' with 'rt'.

Revision 1.104 / (download) - annotate - [select for diffs], Sat May 5 21:23:50 2007 UTC (16 years, 10 months ago) by yamt
Branch: MAIN
Changes since 1.103: +14 -3 lines
Diff to previous 1.103 (colored) to selected 1.22 (colored)

from kame:

> Revision 1.371
> Thu May 3 22:07:39 2007 UTC (47 hours, 7 minutes ago) by itojun
>
> drop packets with more than 1 routing headers.
> from claudio@openbsd

(and increment ifs6_in_hdrerr on ip6s_toomanyhdr.)

Revision 1.103 / (download) - annotate - [select for diffs], Wed May 2 20:40:27 2007 UTC (16 years, 10 months ago) by dyoung
Branch: MAIN
Changes since 1.102: +17 -14 lines
Diff to previous 1.102 (colored) to selected 1.22 (colored)

Eliminate address family-specific route caches (struct route, struct
route_in6, struct route_iso), replacing all caches with a struct
route.

The principle benefit of this change is that all of the protocol
families can benefit from route cache-invalidation, which is
necessary for correct routing.  Route-cache invalidation fixes an
ancient PR, kern/3508, at long last; it fixes various other PRs,
also.

Discussions with and ideas from Joerg Sonnenberger influenced this
work tremendously.  Of course, all design oversights and bugs are
mine.

DETAILS

1 I added to each address family a pool of sockaddrs.  I have
  introduced routines for allocating, copying, and duplicating,
  and freeing sockaddrs:

        struct sockaddr *sockaddr_alloc(sa_family_t af, int flags);
        struct sockaddr *sockaddr_copy(struct sockaddr *dst,
                                       const struct sockaddr *src);
        struct sockaddr *sockaddr_dup(const struct sockaddr *src, int flags);
        void sockaddr_free(struct sockaddr *sa);

  sockaddr_alloc() returns either a sockaddr from the pool belonging
  to the specified family, or NULL if the pool is exhausted.  The
  returned sockaddr has the right size for that family; sa_family
  and sa_len fields are initialized to the family and sockaddr
  length---e.g., sa_family = AF_INET and sa_len = sizeof(struct
  sockaddr_in).  sockaddr_free() puts the given sockaddr back into
  its family's pool.

  sockaddr_dup() and sockaddr_copy() work analogously to strdup()
  and strcpy(), respectively.  sockaddr_copy() KASSERTs that the
  family of the destination and source sockaddrs are alike.

  The 'flags' argumet for sockaddr_alloc() and sockaddr_dup() is
  passed directly to pool_get(9).

2 I added routines for initializing sockaddrs in each address
  family, sockaddr_in_init(), sockaddr_in6_init(), sockaddr_iso_init(),
  etc.  They are fairly self-explanatory.

3 structs route_in6 and route_iso are no more.  All protocol families
  use struct route.  I have changed the route cache, 'struct route',
  so that it does not contain storage space for a sockaddr.  Instead,
  struct route points to a sockaddr coming from the pool the sockaddr
  belongs to.  I added a new method to struct route, rtcache_setdst(),
  for setting the cache destination:

        int rtcache_setdst(struct route *, const struct sockaddr *);

  rtcache_setdst() returns 0 on success, or ENOMEM if no memory is
  available to create the sockaddr storage.

  It is now possible for rtcache_getdst() to return NULL if, say,
  rtcache_setdst() failed.  I check the return value for NULL
  everywhere in the kernel.

4 Each routing domain (struct domain) has a list of live route
  caches, dom_rtcache.  rtflushall(sa_family_t af) looks up the
  domain indicated by 'af', walks the domain's list of route caches
  and invalidates each one.

Revision 1.90.2.1 / (download) - annotate - [select for diffs], Sat Apr 28 18:30:12 2007 UTC (16 years, 10 months ago) by bouyer
Branch: netbsd-4
Branch point for: wrstuden-fixsa
Changes since 1.90: +34 -2 lines
Diff to previous 1.90 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by christos in ticket #587):
	sys/netinet6/ip6_input.c: revision 1.102
	sys/netinet6/route6.c: revision 1.18
	sys/netinet6/ip6_var.h: revision 1.41
	sys/netinet6/ip6_var.h: revision 1.42
	sbin/sysctl/sysctl.8: patch
Disable processing of routing header type 0 packets since they can be used
of DoS attacks. Provide a sysctl to re-enable them (net.inet6.ip6.rht0).
Information from:
        http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf
fix typo.

Revision 1.77.10.1.2.1 / (download) - annotate - [select for diffs], Thu Apr 26 06:55:44 2007 UTC (16 years, 10 months ago) by ghen
Branch: netbsd-3-1
CVS Tags: netbsd-3-1-1-RELEASE
Changes since 1.77.10.1: +34 -2 lines
Diff to previous 1.77.10.1 (colored) next main 1.77.10.2 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by christos in ticket #1766):
	sys/netinet6/ip6_input.c: revision 1.102 via patch
	sys/netinet6/route6.c: revision 1.18 via patch
	sys/netinet6/ip6_var.h: revision 1.41 via patch
	sys/netinet6/ip6_var.h: revision 1.42 via patch
	sbin/sysctl/sysctl.8: patch
Disable processing of routing header type 0 packets since they can be used
of DoS attacks. Provide a sysctl to re-enable them (net.inet6.ip6.rht0).
Information from:
        http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf
fix typo.

Revision 1.77.12.2 / (download) - annotate - [select for diffs], Thu Apr 26 06:55:37 2007 UTC (16 years, 10 months ago) by ghen
Branch: netbsd-3-0
CVS Tags: netbsd-3-0-3-RELEASE
Changes since 1.77.12.1: +34 -2 lines
Diff to previous 1.77.12.1 (colored) to branchpoint 1.77 (colored) next main 1.78 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by christos in ticket #1766):
	sys/netinet6/ip6_input.c: revision 1.102 via patch
	sys/netinet6/route6.c: revision 1.18 via patch
	sys/netinet6/ip6_var.h: revision 1.41 via patch
	sys/netinet6/ip6_var.h: revision 1.42 via patch
	sbin/sysctl/sysctl.8: patch
Disable processing of routing header type 0 packets since they can be used
of DoS attacks. Provide a sysctl to re-enable them (net.inet6.ip6.rht0).
Information from:
        http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf
fix typo.

Revision 1.77.10.2 / (download) - annotate - [select for diffs], Thu Apr 26 06:55:11 2007 UTC (16 years, 10 months ago) by ghen
Branch: netbsd-3
Changes since 1.77.10.1: +32 -0 lines
Diff to previous 1.77.10.1 (colored) to branchpoint 1.77 (colored) next main 1.78 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by christos in ticket #1766):
	sys/netinet6/ip6_input.c: revision 1.102 via patch
	sys/netinet6/route6.c: revision 1.18 via patch
	sys/netinet6/ip6_var.h: revision 1.41 via patch
	sys/netinet6/ip6_var.h: revision 1.42 via patch
	sbin/sysctl/sysctl.8: patch
Disable processing of routing header type 0 packets since they can be used
of DoS attacks. Provide a sysctl to re-enable them (net.inet6.ip6.rht0).
Information from:
        http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf
fix typo.

Revision 1.102 / (download) - annotate - [select for diffs], Sun Apr 22 19:47:41 2007 UTC (16 years, 11 months ago) by christos
Branch: MAIN
Changes since 1.101: +34 -2 lines
Diff to previous 1.101 (colored) to selected 1.22 (colored)

Disable processing of routing header type 0 packets since they can be used
of DoS attacks. Provide a sysctl to re-enable them (net.inet6.ip6.rht0).

Information from:
	http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf

Revision 1.98.2.1 / (download) - annotate - [select for diffs], Tue Apr 10 13:26:51 2007 UTC (16 years, 11 months ago) by ad
Branch: vmlocking
Changes since 1.98: +42 -6 lines
Diff to previous 1.98 (colored) to selected 1.22 (colored)

Sync with head.

Revision 1.98.6.1 / (download) - annotate - [select for diffs], Thu Mar 29 19:28:00 2007 UTC (16 years, 11 months ago) by reinoud
Branch: reinoud-bufcleanup
Changes since 1.98: +42 -6 lines
Diff to previous 1.98 (colored) next main 1.99 (colored) to selected 1.22 (colored)

Pullup to -current

Revision 1.94.2.3 / (download) - annotate - [select for diffs], Sat Mar 24 14:56:12 2007 UTC (16 years, 11 months ago) by yamt
Branch: yamt-idlelwp
Changes since 1.94.2.2: +42 -6 lines
Diff to previous 1.94.2.2 (colored) to selected 1.22 (colored)

sync with head.

Revision 1.101 / (download) - annotate - [select for diffs], Sat Mar 24 00:42:14 2007 UTC (17 years ago) by liamjfoy
Branch: MAIN
CVS Tags: thorpej-atomic-base, thorpej-atomic
Changes since 1.100: +4 -4 lines
Diff to previous 1.100 (colored) to selected 1.22 (colored)

Minor change - be a little more consistant in sysctl handlers names

Revision 1.100 / (download) - annotate - [select for diffs], Sat Mar 24 00:27:58 2007 UTC (17 years ago) by liamjfoy
Branch: MAIN
Changes since 1.99: +3 -3 lines
Diff to previous 1.99 (colored) to selected 1.22 (colored)

Don't call ip*flow_reap if we're just looking up maxflows

Revision 1.99 / (download) - annotate - [select for diffs], Fri Mar 23 14:24:22 2007 UTC (17 years ago) by liamjfoy
Branch: MAIN
Changes since 1.98: +39 -3 lines
Diff to previous 1.98 (colored) to selected 1.22 (colored)

Add a new sysctl net.inet6.ip6.hashsize to control the hash table size.

The sysctl handler will ensure this value is a power of 2

ok dyoung@

Revision 1.94.2.2 / (download) - annotate - [select for diffs], Mon Mar 12 05:59:57 2007 UTC (17 years ago) by rmind
Branch: yamt-idlelwp
Changes since 1.94.2.1: +65 -20 lines
Diff to previous 1.94.2.1 (colored) to selected 1.22 (colored)

Sync with HEAD.

Revision 1.98 / (download) - annotate - [select for diffs], Wed Mar 7 22:20:04 2007 UTC (17 years ago) by liamjfoy
Branch: MAIN
Branch point for: vmlocking, reinoud-bufcleanup, mjf-ufs-trans
Changes since 1.97: +47 -2 lines
Diff to previous 1.97 (colored) to selected 1.22 (colored)

Add IPv6 Fast Forward - the IPv4 counterpart:

If ip6_forward successfully forwards a packet, a cache, in this case a
ip6flow struct entry, will be created. ether_input and friends will
then be able to call ip6flow_fastforward with the packet which will then
be passed to if_output (unless an issue is found - in that case the packet
is passed back to ip6_input).

ok matt@ christos@ dyoung@ and joerg@

Revision 1.97 / (download) - annotate - [select for diffs], Sun Mar 4 06:03:26 2007 UTC (17 years ago) by christos
Branch: MAIN
Changes since 1.96: +20 -20 lines
Diff to previous 1.96 (colored) to selected 1.22 (colored)

Kill caddr_t; there will be some MI fallout, but it will be fixed shortly.

Revision 1.94.2.1 / (download) - annotate - [select for diffs], Tue Feb 27 16:55:03 2007 UTC (17 years ago) by yamt
Branch: yamt-idlelwp
Changes since 1.94: +10 -10 lines
Diff to previous 1.94 (colored) to selected 1.22 (colored)

- sync with head.
- move sched_changepri back to kern_synch.c as it doesn't know PPQ anymore.

Revision 1.78.2.3 / (download) - annotate - [select for diffs], Mon Feb 26 09:11:52 2007 UTC (17 years ago) by yamt
Branch: yamt-lazymbuf
Changes since 1.78.2.2: +64 -10 lines
Diff to previous 1.78.2.2 (colored) to selected 1.22 (colored)

sync with head.

Revision 1.96 / (download) - annotate - [select for diffs], Thu Feb 22 08:39:27 2007 UTC (17 years ago) by dyoung
Branch: MAIN
CVS Tags: ad-audiomp-base, ad-audiomp
Changes since 1.95: +4 -5 lines
Diff to previous 1.95 (colored) to selected 1.22 (colored)

Cosmetic: use __arraycount.  In ip6_input, move type of parameter
into parentheses.

Revision 1.95 / (download) - annotate - [select for diffs], Sat Feb 17 22:34:13 2007 UTC (17 years, 1 month ago) by dyoung
Branch: MAIN
Changes since 1.94: +8 -7 lines
Diff to previous 1.94 (colored) to selected 1.22 (colored)

KNF: de-__P, bzero -> memset, bcmp -> memcmp.  Remove extraneous
   parentheses in return statements.

Cosmetic: don't open-code TAILQ_FOREACH().

Cosmetic: change types of variables to avoid oodles of casts: in
   in6_src.c, avoid casts by changing several route_in6 pointers
   to struct route pointers.  Remove unnecessary casts to caddr_t
   elsewhere.

Pave the way for eliminating address family-specific route caches:
   soon, struct route will not embed a sockaddr, but it will hold
   a reference to an external sockaddr, instead.  We will set the
   destination sockaddr using rtcache_setdst().  (I created a stub
   for it, but it isn't used anywhere, yet.)  rtcache_free() will
   free the sockaddr.  I have extracted from rtcache_free() a helper
   subroutine, rtcache_clear().  rtcache_clear() will "forget" a
   cached route, but it will not forget the destination by releasing
   the sockaddr.  I use rtcache_clear() instead of rtcache_free()
   in rtcache_update(), because rtcache_update() is not supposed
   to forget the destination.

Constify:

   1 Introduce const accessor for route->ro_dst, rtcache_getdst().

   2 Constify the 'dst' argument to ifnet->if_output().  This
     led me to constify a lot of code called by output routines.

   3 Constify the sockaddr argument to protosw->pr_ctlinput.  This
     led me to constify a lot of code called by ctlinput routines.

   4 Introduce const macros for converting from a generic sockaddr
     to family-specific sockaddrs, e.g., sockaddr_in: satocsin6,
     satocsin, et cetera.

Revision 1.94 / (download) - annotate - [select for diffs], Sat Feb 10 09:43:05 2007 UTC (17 years, 1 month ago) by degroote
Branch: MAIN
Branch point for: yamt-idlelwp
Changes since 1.93: +56 -2 lines
Diff to previous 1.93 (colored) to selected 1.22 (colored)

Commit my SoC work
Add ipv6 support for fast_ipsec
Note that currently, packet with extensions headers are not correctly
supported
Change the ipcomp logic

Revision 1.88.6.2 / (download) - annotate - [select for diffs], Fri Jan 12 01:04:15 2007 UTC (17 years, 2 months ago) by ad
Branch: newlock2
Changes since 1.88.6.1: +15 -18 lines
Diff to previous 1.88.6.1 (colored) to branchpoint 1.88 (colored) next main 1.89 (colored) to selected 1.22 (colored)

Sync with head.

Revision 1.78.2.2 / (download) - annotate - [select for diffs], Sat Dec 30 20:50:38 2006 UTC (17 years, 2 months ago) by yamt
Branch: yamt-lazymbuf
Changes since 1.78.2.1: +16 -20 lines
Diff to previous 1.78.2.1 (colored) to selected 1.22 (colored)

sync with head.

Revision 1.88.8.3 / (download) - annotate - [select for diffs], Mon Dec 18 11:42:23 2006 UTC (17 years, 3 months ago) by yamt
Branch: yamt-splraiseipl
Changes since 1.88.8.2: +11 -12 lines
Diff to previous 1.88.8.2 (colored) to branchpoint 1.88 (colored) next main 1.89 (colored) to selected 1.22 (colored)

sync with head.

Revision 1.93 / (download) - annotate - [select for diffs], Fri Dec 15 21:18:55 2006 UTC (17 years, 3 months ago) by joerg
Branch: MAIN
CVS Tags: yamt-splraiseipl-base5, yamt-splraiseipl-base4, post-newlock2-merge, newlock2-nbase, newlock2-base
Changes since 1.92: +11 -12 lines
Diff to previous 1.92 (colored) to selected 1.22 (colored)

Introduce new helper functions to abstract the route caching.
rtcache_init and rtcache_init_noclone lookup ro_dst and store
the result in ro_rt, taking care of the reference counting and
calling the domain specific route cache.
rtcache_free checks if a route was cashed and frees the reference.
rtcache_copy copies ro_dst of the given struct route, checking that
enough space is available and incrementing the reference count of the
cached rtentry if necessary.
rtcache_check validates that the cached route is still up. If it isn't,
it tries to look it up again. Afterwards ro_rt is either a valid again
or NULL.
rtcache_copy is used internally.

Adjust to callers of rtalloc/rtflush in the tree to check the sanity of
ro_dst first (if necessary). If it doesn't fit the expectations, free
the cache, otherwise check if the cached route is still valid. After
that combination, a single check for ro_rt == NULL is enough to decide
whether a new lookup needs to be done with a different ro_dst.
Make the route checking in gre stricter by repeating the loop check
after revalidation.
Remove some unused RADIX_MPATH code in in6_src.c. The logic is slightly
changed here to first validate the route and check RTF_GATEWAY
afterwards. This is sementically equivalent though.
etherip doesn't need sc_route_expire similiar to the gif changes from
dyoung@ earlier.

Based on the earlier patch from dyoung@, reviewed and discussed with
him.

Revision 1.88.8.2 / (download) - annotate - [select for diffs], Sun Dec 10 07:19:15 2006 UTC (17 years, 3 months ago) by yamt
Branch: yamt-splraiseipl
Changes since 1.88.8.1: +9 -11 lines
Diff to previous 1.88.8.1 (colored) to branchpoint 1.88 (colored) to selected 1.22 (colored)

sync with head.

Revision 1.92 / (download) - annotate - [select for diffs], Sat Dec 9 05:33:08 2006 UTC (17 years, 3 months ago) by dyoung
Branch: MAIN
CVS Tags: yamt-splraiseipl-base3
Changes since 1.91: +3 -4 lines
Diff to previous 1.91 (colored) to selected 1.22 (colored)

Here are various changes designed to protect against bad IPv4
routing caused by stale route caches (struct route).  Route caches
are sprinkled throughout PCBs, the IP fast-forwarding table, and
IP tunnel interfaces (gre, gif, stf).

Stale IPv6 and ISO route caches will be treated by separate patches.

Thank you to Christoph Badura for suggesting the general approach
to invalidating route caches that I take here.

Here are the details:

Add hooks to struct domain for tracking and for invalidating each
domain's route caches: dom_rtcache, dom_rtflush, and dom_rtflushall.

Introduce helper subroutines, rtflush(ro) for invalidating a route
cache, rtflushall(family) for invalidating all route caches in a
routing domain, and rtcache(ro) for notifying the domain of a new
cached route.

Chain together all IPv4 route caches where ro_rt != NULL.  Provide
in_rtcache() for adding a route to the chain.  Provide in_rtflush()
and in_rtflushall() for invalidating IPv4 route caches.  In
in_rtflush(), set ro_rt to NULL, and remove the route from the
chain.  In in_rtflushall(), walk the chain and remove every route
cache.

In rtrequest1(), call rtflushall() to invalidate route caches when
a route is added.

In gif(4), discard the workaround for stale caches that involves
expiring them every so often.

Replace the pattern 'RTFREE(ro->ro_rt); ro->ro_rt = NULL;' with a
call to rtflush(ro).

Update ipflow_fastforward() and all other users of route caches so
that they expect a cached route, ro->ro_rt, to turn to NULL.

Take care when moving a 'struct route' to rtflush() the source and
to rtcache() the destination.

In domain initializers, use .dom_xxx tags.

KNF here and there.

Revision 1.91 / (download) - annotate - [select for diffs], Sat Dec 2 18:59:17 2006 UTC (17 years, 3 months ago) by dyoung
Branch: MAIN
Changes since 1.90: +7 -8 lines
Diff to previous 1.90 (colored) to selected 1.22 (colored)

Use the queue(3) macros instead of open-coding them.  Shorten
staircases.  Remove unnecessary casts.  Where appropriate, s/8/NBBY/.
De-__P().  KNF.

No functional changes intended.

Revision 1.88.6.1 / (download) - annotate - [select for diffs], Sat Nov 18 21:39:37 2006 UTC (17 years, 4 months ago) by ad
Branch: newlock2
Changes since 1.88: +3 -4 lines
Diff to previous 1.88 (colored) to selected 1.22 (colored)

Sync with head.

Revision 1.90 / (download) - annotate - [select for diffs], Thu Nov 16 01:33:45 2006 UTC (17 years, 4 months ago) by christos
Branch: MAIN
CVS Tags: netbsd-4-base
Branch point for: netbsd-4
Changes since 1.89: +3 -3 lines
Diff to previous 1.89 (colored) to selected 1.22 (colored)

__unused removal on arguments; approved by core.

Revision 1.88.8.1 / (download) - annotate - [select for diffs], Sun Oct 22 06:07:35 2006 UTC (17 years, 5 months ago) by yamt
Branch: yamt-splraiseipl
Changes since 1.88: +3 -4 lines
Diff to previous 1.88 (colored) to selected 1.22 (colored)

sync with head

Revision 1.89 / (download) - annotate - [select for diffs], Thu Oct 12 01:32:39 2006 UTC (17 years, 5 months ago) by christos
Branch: MAIN
CVS Tags: yamt-splraiseipl-base2
Changes since 1.88: +3 -4 lines
Diff to previous 1.88 (colored) to selected 1.22 (colored)

- sprinkle __unused on function decls.
- fix a couple of unused bugs
- no more -Wno-unused for i386

Revision 1.82.2.3 / (download) - annotate - [select for diffs], Sat Sep 9 02:58:55 2006 UTC (17 years, 6 months ago) by rpaulo
Branch: rpaulo-netinet-merge-pcb
Changes since 1.82.2.2: +138 -30 lines
Diff to previous 1.82.2.2 (colored) to branchpoint 1.82 (colored) next main 1.83 (colored) to selected 1.22 (colored)

sync with head

Revision 1.82.6.3 / (download) - annotate - [select for diffs], Mon Jun 26 12:54:13 2006 UTC (17 years, 8 months ago) by yamt
Branch: yamt-pdpolicy
Changes since 1.82.6.2: +6 -2 lines
Diff to previous 1.82.6.2 (colored) to branchpoint 1.82 (colored) next main 1.83 (colored) to selected 1.22 (colored)

sync with head.

Revision 1.78.2.1 / (download) - annotate - [select for diffs], Wed Jun 21 15:11:08 2006 UTC (17 years, 9 months ago) by yamt
Branch: yamt-lazymbuf
Changes since 1.78: +270 -93 lines
Diff to previous 1.78 (colored) to selected 1.22 (colored)

sync with head.

Revision 1.86.2.1 / (download) - annotate - [select for diffs], Mon Jun 19 04:09:49 2006 UTC (17 years, 9 months ago) by chap
Branch: chap-midi
Changes since 1.86: +11 -2 lines
Diff to previous 1.86 (colored) next main 1.87 (colored) to selected 1.22 (colored)

Sync with head.

Revision 1.82.4.2 / (download) - annotate - [select for diffs], Thu Jun 1 22:39:02 2006 UTC (17 years, 9 months ago) by kardel
Branch: simonb-timecounters
CVS Tags: simonb-timcounters-final
Changes since 1.82.4.1: +91 -26 lines
Diff to previous 1.82.4.1 (colored) to branchpoint 1.82 (colored) next main 1.83 (colored) to selected 1.22 (colored)

Sync with head.

Revision 1.73.2.1.2.2 / (download) - annotate - [select for diffs], Sun May 28 13:44:04 2006 UTC (17 years, 9 months ago) by riz
Branch: netbsd-2
Changes since 1.73.2.1.2.1: +3 -3 lines
Diff to previous 1.73.2.1.2.1 (colored) to branchpoint 1.73.2.1 (colored) to selected 1.22 (colored)

Repair a patching error from previous revision (ticket #10626)

Revision 1.73.2.1.4.2 / (download) - annotate - [select for diffs], Sun May 28 13:44:02 2006 UTC (17 years, 9 months ago) by riz
Branch: netbsd-2-1
Changes since 1.73.2.1.4.1: +3 -3 lines
Diff to previous 1.73.2.1.4.1 (colored) to branchpoint 1.73.2.1 (colored) to selected 1.22 (colored)

Repair a patching error from previous revision (ticket #10626)

Revision 1.88 / (download) - annotate - [select for diffs], Thu May 25 21:32:47 2006 UTC (17 years, 9 months ago) by bouyer
Branch: MAIN
CVS Tags: yamt-splraiseipl-base, yamt-pdpolicy-base9, yamt-pdpolicy-base8, yamt-pdpolicy-base7, yamt-pdpolicy-base6, simonb-timecounters-base, rpaulo-netinet-merge-pcb-base, gdamore-uart-base, gdamore-uart, chap-midi-nbase, chap-midi-base, abandoned-netbsd-4-base, abandoned-netbsd-4
Branch point for: yamt-splraiseipl, newlock2
Changes since 1.87: +6 -2 lines
Diff to previous 1.87 (colored) to selected 1.22 (colored)

Make the mbuf writable before calling in6_clearscope(). Based on patch sent
by David Young on tech-kern.

Revision 1.83.4.1 / (download) - annotate - [select for diffs], Wed May 24 15:50:45 2006 UTC (17 years, 9 months ago) by tron
Branch: peter-altq
Changes since 1.83: +88 -29 lines
Diff to previous 1.83 (colored) next main 1.84 (colored) to selected 1.22 (colored)

Merge 2006-05-24 NetBSD-current into the "peter-altq" branch.

Revision 1.82.6.2 / (download) - annotate - [select for diffs], Wed May 24 10:59:09 2006 UTC (17 years, 9 months ago) by yamt
Branch: yamt-pdpolicy
Changes since 1.82.6.1: +88 -29 lines
Diff to previous 1.82.6.1 (colored) to branchpoint 1.82 (colored) to selected 1.22 (colored)

sync with head.

Revision 1.73.2.1.4.1 / (download) - annotate - [select for diffs], Wed May 24 02:37:19 2006 UTC (17 years, 10 months ago) by riz
Branch: netbsd-2-1
Changes since 1.73.2.1: +7 -2 lines
Diff to previous 1.73.2.1 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by rpaulo in ticket #10626):
	sys/netinet6/ip6_input.c: revision 1.87
In ip6_savecontrol(), ignore IPv4 packets.
From JINMEI Tatuya (KAME). Should fix PR 33269.

Revision 1.73.2.2 / (download) - annotate - [select for diffs], Wed May 24 02:37:15 2006 UTC (17 years, 10 months ago) by riz
Branch: netbsd-2-0
Changes since 1.73.2.1: +7 -2 lines
Diff to previous 1.73.2.1 (colored) to branchpoint 1.73 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by rpaulo in ticket #10626):
	sys/netinet6/ip6_input.c: revision 1.87
In ip6_savecontrol(), ignore IPv4 packets.
From JINMEI Tatuya (KAME). Should fix PR 33269.

Revision 1.73.2.1.2.1 / (download) - annotate - [select for diffs], Wed May 24 02:37:11 2006 UTC (17 years, 10 months ago) by riz
Branch: netbsd-2
Changes since 1.73.2.1: +7 -2 lines
Diff to previous 1.73.2.1 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by rpaulo in ticket #10626):
	sys/netinet6/ip6_input.c: revision 1.87
In ip6_savecontrol(), ignore IPv4 packets.
From JINMEI Tatuya (KAME). Should fix PR 33269.

Revision 1.77.12.1 / (download) - annotate - [select for diffs], Wed May 24 02:23:08 2006 UTC (17 years, 10 months ago) by riz
Branch: netbsd-3-0
CVS Tags: netbsd-3-0-2-RELEASE, netbsd-3-0-1-RELEASE
Changes since 1.77: +7 -2 lines
Diff to previous 1.77 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by rpaulo in ticket #1338):
	sys/netinet6/ip6_input.c: revision 1.87 via patch
In ip6_savecontrol(), ignore IPv4 packets.
From JINMEI Tatuya (KAME). Should fix PR 33269.

Revision 1.77.10.1 / (download) - annotate - [select for diffs], Wed May 24 02:22:48 2006 UTC (17 years, 10 months ago) by riz
Branch: netbsd-3
CVS Tags: netbsd-3-1-RELEASE, netbsd-3-1-RC4, netbsd-3-1-RC3, netbsd-3-1-RC2, netbsd-3-1-RC1
Branch point for: netbsd-3-1
Changes since 1.77: +7 -2 lines
Diff to previous 1.77 (colored) to selected 1.22 (colored)

Pull up following revision(s) (requested by rpaulo in ticket #1338):
	sys/netinet6/ip6_input.c: revision 1.87 via patch
In ip6_savecontrol(), ignore IPv4 packets.
From JINMEI Tatuya (KAME). Should fix PR 33269.

Revision 1.87 / (download) - annotate - [select for diffs], Tue May 23 14:20:56 2006 UTC (17 years, 10 months ago) by rpaulo
Branch: MAIN
CVS Tags: yamt-pdpolicy-base5
Changes since 1.86: +7 -2 lines
Diff to previous 1.86 (colored) to selected 1.22 (colored)

In ip6_savecontrol(), ignore IPv4 packets.
From JINMEI Tatuya (KAME). Should fix PR 33269.

Revision 1.83.2.2 / (download) - annotate - [select for diffs], Thu May 11 23:31:35 2006 UTC (17 years, 10 months ago) by elad
Branch: elad-kernelauth
Changes since 1.83.2.1: +84 -28 lines
Diff to previous 1.83.2.1 (colored) to branchpoint 1.83 (colored) next main 1.84 (colored) to selected 1.22 (colored)

sync with head

Revision 1.86 / (download) - annotate - [select for diffs], Sun May 7 16:02:40 2006 UTC (17 years, 10 months ago) by rpaulo
Branch: MAIN
CVS Tags: elad-kernelauth-base
Branch point for: chap-midi
Changes since 1.85: +4 -4 lines
Diff to previous 1.85 (colored) to selected 1.22 (colored)

while (1) -> for (;;)

Revision 1.85 / (download) - annotate - [select for diffs], Fri May 5 00:03:22 2006 UTC (17 years, 10 months ago) by rpaulo
Branch: MAIN
Changes since 1.84: +82 -26 lines
Diff to previous 1.84 (colored) to selected 1.22 (colored)

Add support for RFC 3542 Adv. Socket API for IPv6 (which obsoletes 2292).
* RFC 3542 isn't binary compatible with RFC 2292.
* RFC 2292 support is on by default but can be disabled.
* update ping6, telnet and traceroute6 to the new API.

From the KAME project (www.kame.net).
Reviewed by core.

Revision 1.82.4.1 / (download) - annotate - [select for diffs], Sat Apr 22 11:40:12 2006 UTC (17 years, 11 months ago) by simonb
Branch: simonb-timecounters
Changes since 1.82: +51 -7 lines
Diff to previous 1.82 (colored) to selected 1.22 (colored)

Sync with head.

Revision 1.83.2.1 / (download) - annotate - [select for diffs], Wed Apr 19 04:46:12 2006 UTC (17 years, 11 months ago) by elad
Branch: elad-kernelauth
Changes since 1.83: +4 -6 lines
Diff to previous 1.83 (colored) to selected 1.22 (colored)

sync with head.

Revision 1.84 / (download) - annotate - [select for diffs], Sat Apr 15 00:13:23 2006 UTC (17 years, 11 months ago) by christos
Branch: MAIN
Changes since 1.83: +4 -6 lines
Diff to previous 1.83 (colored) to selected 1.22 (colored)

Coverity CID 856: m cannot be NULL here. Remove bogus test.

Revision 1.82.6.1 / (download) - annotate - [select for diffs], Mon Mar 13 09:07:39 2006 UTC (18 years ago) by yamt
Branch: yamt-pdpolicy
Changes since 1.82: +49 -3 lines
Diff to previous 1.82 (colored) to selected 1.22 (colored)

sync with head.

Revision 1.83 / (download) - annotate - [select for diffs], Sun Mar 5 23:47:08 2006 UTC (18 years ago) by rpaulo
Branch: MAIN
CVS Tags: yamt-pdpolicy-base4, yamt-pdpolicy-base3, yamt-pdpolicy-base2, peter-altq-base
Branch point for: peter-altq, elad-kernelauth
Changes since 1.82: +49 -3 lines
Diff to previous 1.82 (colored) to selected 1.22 (colored)

NDP-related improvements:
        RFC4191
	- supports host-side router-preference

	RFC3542
	- if DAD fails on a interface, disables IPv6 operation on the
          interface
	- don't advertise MLD report before DAD finishes

	Others
	- fixes integer overflow for valid and preferred lifetimes
	- improves timer granularity for MLD, using callout-timer.
	- reflects rtadvd's IPv6 host variable information into kernel
	  (router only)
	- adds a sysctl option to enable/disable pMTUd for multicast
          packets
	- performs NUD on PPP/GRE interface by default
	- Redirect works regardless of ip6_accept_rtadv
	- removes RFC1885-related code

From the KAME project via SUZUKI Shinsuke.
Reviewed by core.

Revision 1.82.2.2 / (download) - annotate - [select for diffs], Thu Feb 23 16:57:04 2006 UTC (18 years ago) by rpaulo
Branch: rpaulo-netinet-merge-pcb
Changes since 1.82.2.1: +14 -14 lines
Diff to previous 1.82.2.1 (colored) to branchpoint 1.82 (colored) to selected 1.22 (colored)

ip6_savecontrol(): remove references to in6pcb.

Revision 1.82.2.1 / (download) - annotate - [select for diffs], Tue Feb 7 04:58:11 2006 UTC (18 years, 1 month ago) by rpaulo
Branch: rpaulo-netinet-merge-pcb
Changes since 1.82: +3 -3 lines
Diff to previous 1.82 (colored) to selected 1.22 (colored)

remove in6_pcb.h and include in_pcb.h.

Revision 1.80.2.1 / (download) - annotate - [select for diffs], Wed Feb 1 14:52:41 2006 UTC (18 years, 1 month ago) by yamt
Branch: yamt-uio_vmspace
Changes since 1.80: +126 -59 lines
Diff to previous 1.80 (colored) next main 1.81 (colored) to selected 1.22 (colored)

sync with head.

Revision 1.82 / (download) - annotate - [select for diffs], Mon Jan 23 23:01:40 2006 UTC (18 years, 1 month ago) by yamt
Branch: MAIN
CVS Tags: yamt-uio_vmspace-base5, yamt-pdpolicy-base
Branch point for: yamt-pdpolicy, simonb-timecounters, rpaulo-netinet-merge-pcb
Changes since 1.81: +22 -22 lines
Diff to previous 1.81 (colored) to selected 1.22 (colored)

ip6_input: don't embed scope id before running packet filters.

Revision 1.81 / (download) - annotate - [select for diffs], Sat Jan 21 00:15:36 2006 UTC (18 years, 2 months ago) by rpaulo
Branch: MAIN
Changes since 1.80: +129 -62 lines
Diff to previous 1.80 (colored) to selected 1.22 (colored)

Better support of IPv6 scoped addresses.

- most of the kernel code will not care about the actual encoding of
  scope zone IDs and won't touch "s6_addr16[1]" directly.
- similarly, most of the kernel code will not care about link-local
  scoped addresses as a special case.
- scope boundary check will be stricter.  For example, the current
  *BSD code allows a packet with src=::1 and dst=(some global IPv6
  address) to be sent outside of the node, if the application do:
    s = socket(AF_INET6);
    bind(s, "::1");
    sendto(s, some_global_IPv6_addr);
  This is clearly wrong, since ::1 is only meaningful within a single
  node, but the current implementation of the *BSD kernel cannot
  reject this attempt.
- and, while there, don't try to remove the ff02::/32 interface route
  entry in in6_ifdetach() as it's already gone.

This also includes some level of support for the standard source
address selection algorithm defined in RFC3484, which will be
completed on in the future.

From the KAME project via JINMEI Tatuya.
Approved by core@.

Revision 1.80 / (download) - annotate - [select for diffs], Sun Dec 11 12:25:02 2005 UTC (18 years, 3 months ago) by christos
Branch: MAIN
Branch point for: yamt-uio_vmspace
Changes since 1.79: +2 -2 lines
Diff to previous 1.79 (colored) to selected 1.22 (colored)

merge ktrace-lwp.

Revision 1.64.2.6 / (download) - annotate - [select for diffs], Thu Nov 10 14:11:25 2005 UTC (18 years, 4 months ago) by skrll
Branch: ktrace-lwp
Changes since 1.64.2.5: +19 -18 lines
Diff to previous 1.64.2.5 (colored) next main 1.65 (colored) to selected 1.22 (colored)

Sync with HEAD. Here we go again...

Revision 1.79 / (download) - annotate - [select for diffs], Sun Aug 28 21:01:53 2005 UTC (18 years, 6 months ago) by rpaulo
Branch: MAIN
CVS Tags: yamt-vop-base3, yamt-vop-base2, yamt-vop-base, yamt-vop, yamt-readahead-pervnode, yamt-readahead-perfile, yamt-readahead-base3, yamt-readahead-base2, yamt-readahead-base, yamt-readahead, thorpej-vnode-attr-base, thorpej-vnode-attr, ktrace-lwp-base
Changes since 1.78: +9 -8 lines
Diff to previous 1.78 (colored) to selected 1.22 (colored)

Implement net.inet6.ip6.stats sysctl.

Reviewed by Elad Efrat.

Revision 1.78 / (download) - annotate - [select for diffs], Sun May 29 21:43:51 2005 UTC (18 years, 9 months ago) by christos
Branch: MAIN
Branch point for: yamt-lazymbuf
Changes since 1.77: +12 -12 lines
Diff to previous 1.77 (colored) to selected 1.22 (colored)

- avoid shadowed variables
- sprinkle const.

Revision 1.64.2.5 / (download) - annotate - [select for diffs], Sat Dec 18 09:33:06 2004 UTC (19 years, 3 months ago) by skrll
Branch: ktrace-lwp
Changes since 1.64.2.4: +3 -6 lines
Diff to previous 1.64.2.4 (colored) to selected 1.22 (colored)

Sync with HEAD.

Revision 1.77 / (download) - annotate - [select for diffs], Sat Dec 4 16:10:25 2004 UTC (19 years, 3 months ago) by peter
Branch: MAIN
CVS Tags: yamt-km-base4, yamt-km-base3, yamt-km-base2, yamt-km-base, yamt-km, netbsd-3-base, netbsd-3-0-RELEASE, netbsd-3-0-RC6, netbsd-3-0-RC5, netbsd-3-0-RC4, netbsd-3-0-RC3, netbsd-3-0-RC2, netbsd-3-0-RC1, kent-audio2-base, kent-audio2, kent-audio1-beforemerge, kent-audio1-base, kent-audio1
Branch point for: netbsd-3-0, netbsd-3
Changes since 1.76: +3 -6 lines
Diff to previous 1.76 (colored) to selected 1.22 (colored)

Convert lo(4) to a clonable device.

This also removes the loif array and changes all code to use the new
lo0ifp pointer which points to the lo0 ifnet structure.

Approved by christos.

Revision 1.64.2.4 / (download) - annotate - [select for diffs], Mon Nov 29 07:25:04 2004 UTC (19 years, 3 months ago) by skrll
Branch: ktrace-lwp
Changes since 1.64.2.3: +2 -3 lines
Diff to previous 1.64.2.3 (colored) to selected 1.22 (colored)

Sync with HEAD.

Revision 1.76 / (download) - annotate - [select for diffs], Sun Nov 28 02:37:38 2004 UTC (19 years, 3 months ago) by christos
Branch: MAIN
Changes since 1.75: +2 -3 lines
Diff to previous 1.75 (colored) to selected 1.22 (colored)

We don't need to include bpfilter.h

Revision 1.64.2.3 / (download) - annotate - [select for diffs], Tue Sep 21 13:37:34 2004 UTC (19 years, 6 months ago) by skrll
Branch: ktrace-lwp
Changes since 1.64.2.2: +2 -2 lines
Diff to previous 1.64.2.2 (colored) to selected 1.22 (colored)

Fix the sync with head I botched.

Revision 1.64.2.2 / (download) - annotate - [select for diffs], Sat Sep 18 14:55:14 2004 UTC (19 years, 6 months ago) by skrll
Branch: ktrace-lwp
Changes since 1.64.2.1: +0 -0 lines
Diff to previous 1.64.2.1 (colored) to selected 1.22 (colored)

Sync with HEAD.

Revision 1.64.2.1 / (download) - annotate - [select for diffs], Tue Aug 3 10:55:13 2004 UTC (19 years, 7 months ago) by skrll
Branch: ktrace-lwp
Changes since 1.64: +238 -152 lines
Diff to previous 1.64 (colored) to selected 1.22 (colored)

Sync with HEAD

Revision 1.75 / (download) - annotate - [select for diffs], Tue Jun 1 03:13:22 2004 UTC (19 years, 9 months ago) by itojun
Branch: MAIN
Changes since 1.74: +8 -21 lines
Diff to previous 1.74 (colored) to selected 1.22 (colored)

there's no use to check privs on curproc in the input path.  jinmei@kame

Revision 1.73.2.1 / (download) - annotate - [select for diffs], Fri May 28 07:23:48 2004 UTC (19 years, 9 months ago) by tron
Branch: netbsd-2-0
CVS Tags: netbsd-2-base, netbsd-2-1-RELEASE, netbsd-2-1-RC6, netbsd-2-1-RC5, netbsd-2-1-RC4, netbsd-2-1-RC3, netbsd-2-1-RC2, netbsd-2-1-RC1, netbsd-2-0-RELEASE, netbsd-2-0-RC5, netbsd-2-0-RC4, netbsd-2-0-RC3, netbsd-2-0-RC2, netbsd-2-0-RC1, netbsd-2-0-3-RELEASE, netbsd-2-0-2-RELEASE, netbsd-2-0-1-RELEASE
Branch point for: netbsd-2-1, netbsd-2
Changes since 1.73: +53 -24 lines
Diff to previous 1.73 (colored) to selected 1.22 (colored)

Pull up revision 1.74 (requested by atatat in ticket #391):
Sysctl descriptions under net subtree (net.key not done)

Revision 1.74 / (download) - annotate - [select for diffs], Tue May 25 04:34:00 2004 UTC (19 years, 9 months ago) by atatat
Branch: MAIN
Changes since 1.73: +53 -24 lines
Diff to previous 1.73 (colored) to selected 1.22 (colored)

Sysctl descriptions under net subtree (net.key not done)

Revision 1.22.2.6 / (download) - annotate - [select for diffs], Wed Apr 7 22:40:58 2004 UTC (19 years, 11 months ago) by jmc
Branch: netbsd-1-5
Changes since 1.22.2.5: +2 -2 lines
Diff to previous 1.22.2.5 (colored) to branchpoint 1.22 (colored) next main 1.23 (colored) to selected 1.22 (colored)

Pullup rev 1.67 (requested by itojun in ticket #103)

Fix endian bug in fragment header scanning.

Revision 1.73 / (download) - annotate - [select for diffs], Wed Mar 24 15:34:54 2004 UTC (19 years, 11 months ago) by atatat
Branch: MAIN
CVS Tags: netbsd-2-0-base
Branch point for: netbsd-2-0
Changes since 1.72: +65 -34 lines
Diff to previous 1.72 (colored) to selected 1.22 (colored)

Tango on sysctl_createv() and flags.  The flags have all been renamed,
and sysctl_createv() now uses more arguments.

Revision 1.72 / (download) - annotate - [select for diffs], Wed Feb 11 10:54:29 2004 UTC (20 years, 1 month ago) by itojun
Branch: MAIN
Changes since 1.71: +3 -3 lines
Diff to previous 1.71 (colored) to selected 1.22 (colored)

minor KNF

Revision 1.71 / (download) - annotate - [select for diffs], Wed Feb 11 10:47:28 2004 UTC (20 years, 1 month ago) by itojun
Branch: MAIN
Changes since 1.70: +4 -4 lines
Diff to previous 1.70 (colored) to selected 1.22 (colored)

KNF

Revision 1.70 / (download) - annotate - [select for diffs], Thu Dec 4 19:38:24 2003 UTC (20 years, 3 months ago) by atatat
Branch: MAIN
Changes since 1.69: +167 -124 lines
Diff to previous 1.69 (colored) to selected 1.22 (colored)

Dynamic sysctl.

Gone are the old kern_sysctl(), cpu_sysctl(), hw_sysctl(),
vfs_sysctl(), etc, routines, along with sysctl_int() et al.  Now all
nodes are registered with the tree, and nodes can be added (or
removed) easily, and I/O to and from the tree is handled generically.

Since the nodes are registered with the tree, the mapping from name to
number (and back again) can now be discovered, instead of having to be
hard coded.  Adding new nodes to the tree is likewise much simpler --
the new infrastructure handles almost all the work for simple types,
and just about anything else can be done with a small helper function.

All existing nodes are where they were before (numerically speaking),
so all existing consumers of sysctl information should notice no
difference.

PS - I'm sorry, but there's a distinct lack of documentation at the
moment.  I'm working on sysctl(3/8/9) right now, and I promise to
watch out for buses.

Revision 1.69 / (download) - annotate - [select for diffs], Wed Nov 12 15:25:19 2003 UTC (20 years, 4 months ago) by itojun
Branch: MAIN
Changes since 1.68: +7 -4 lines
Diff to previous 1.68 (colored) to selected 1.22 (colored)

implement net.inet6.ifq

Revision 1.68 / (download) - annotate - [select for diffs], Thu Oct 30 01:43:09 2003 UTC (20 years, 4 months ago) by simonb
Branch: MAIN
Changes since 1.67: +2 -4 lines
Diff to previous 1.67 (colored) to selected 1.22 (colored)

Remove some assigned-to but otherwise unused variables.

Revision 1.52.4.1 / (download) - annotate - [select for diffs], Sun Oct 19 10:01:31 2003 UTC (20 years, 5 months ago) by tron
Branch: netbsd-1-6
CVS Tags: netbsd-1-6-PATCH002-RELEASE, netbsd-1-6-PATCH002-RC4, netbsd-1-6-PATCH002-RC3, netbsd-1-6-PATCH002-RC2, netbsd-1-6-PATCH002-RC1, netbsd-1-6-PATCH002
Changes since 1.52: +3 -3 lines
Diff to previous 1.52 (colored) next main 1.53 (colored) to selected 1.22 (colored)

Pull up revision 1.67 (requested by itojun in ticket #1525):
fix endian bug in fragment header scanning.

Revision 1.67 / (download) - annotate - [select for diffs], Tue Oct 14 05:33:04 2003 UTC (20 years, 5 months ago) by itojun
Branch: MAIN
Changes since 1.66: +3 -3 lines
Diff to previous 1.66 (colored) to selected 1.22 (colored)

fix endian bug in fragment header scanning.

Revision 1.66 / (download) - annotate - [select for diffs], Sat Sep 6 03:36:33 2003 UTC (20 years, 6 months ago) by itojun
Branch: MAIN
Changes since 1.65: +2 -3 lines
Diff to previous 1.65 (colored) to selected 1.22 (colored)

randomize IPv4/v6 fragment ID and IPv6 flowlabel.  avoids predictability
of these fields.  ip_id.c is from openbsd.  ip6_id.c is adapted by kame.

Revision 1.65 / (download) - annotate - [select for diffs], Thu Aug 7 16:33:26 2003 UTC (20 years, 7 months ago) by agc
Branch: MAIN
Changes since 1.64: +3 -7 lines
Diff to previous 1.64 (colored) to selected 1.22 (colored)

Move UCB-licensed code from 4-clause to 3-clause licence.

Patches provided by Joel Baker in PR 22364, verified by myself.

Revision 1.64 / (download) - annotate - [select for diffs], Mon Jun 30 08:00:59 2003 UTC (20 years, 8 months ago) by itojun
Branch: MAIN
Branch point for: ktrace-lwp
Changes since 1.63: +8 -3 lines
Diff to previous 1.63 (colored) to selected 1.22 (colored)

avoid ICMPv6 redirect if the packet filter rewrite dst addr to an address
on the incoming interface.  cedric@openbsd

Revision 1.63 / (download) - annotate - [select for diffs], Wed May 14 14:41:33 2003 UTC (20 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.62: +10 -14 lines
Diff to previous 1.62 (colored) to selected 1.22 (colored)

KNF

Revision 1.62 / (download) - annotate - [select for diffs], Wed May 14 14:34:14 2003 UTC (20 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.61: +98 -30 lines
Diff to previous 1.61 (colored) to selected 1.22 (colored)

do not use m_pulldown() to parse intermediate extension headers (like routing).
we don't want to drop packets due to extension header parsing.  KAME rev 1.59.
(performance may suck, but it is slowpath anyways)

Revision 1.61 / (download) - annotate - [select for diffs], Wed May 14 06:47:41 2003 UTC (20 years, 10 months ago) by itojun
Branch: MAIN
Changes since 1.60: +2 -34 lines
Diff to previous 1.60 (colored) to selected 1.22 (colored)

always use PULLDOWN_TEST codepath.

Revision 1.60 / (download) - annotate - [select for diffs], Mon Jan 20 05:30:11 2003 UTC (21 years, 2 months ago) by simonb
Branch: MAIN
Changes since 1.59: +3 -3 lines
Diff to previous 1.59 (colored) to selected 1.22 (colored)

The Double-Semi-Colon Police.

Revision 1.37.2.14 / (download) - annotate - [select for diffs], Fri Oct 18 02:45:23 2002 UTC (21 years, 5 months ago) by nathanw
Branch: nathanw_sa
CVS Tags: nathanw_sa_end
Changes since 1.37.2.13: +0 -2 lines
Diff to previous 1.37.2.13 (colored) next main 1.38 (colored) to selected 1.22 (colored)

Catch up to -current.

Revision 1.41.2.5 / (download) - annotate - [select for diffs], Thu Oct 10 18:44:18 2002 UTC (21 years, 5 months ago) by jdolecek
Branch: kqueue
Changes since 1.41.2.4: +12 -14 lines
Diff to previous 1.41.2.4 (colored) to branchpoint 1.41 (colored) next main 1.42 (colored) to selected 1.22 (colored)

sync kqueue with -current; this includes merge of gehenna-devsw branch,
merge of i386 MP branch, and part of autoconf rototil work

Revision 1.59 / (download) - annotate - [select for diffs], Mon Sep 23 05:51:14 2002 UTC (21 years, 6 months ago) by simonb
Branch: MAIN
CVS Tags: nathanw_sa_before_merge, nathanw_sa_base, kqueue-beforemerge, kqueue-base, kqueue-aftermerge, gmcgarry_ucred_base, gmcgarry_ucred, gmcgarry_ctxsw_base, gmcgarry_ctxsw, fvdl_fs64_base
Changes since 1.58: +2 -4 lines
Diff to previous 1.58 (colored) to selected 1.22 (colored)

Remove breaks after returns, unreachable returns and returns after
returns(!).

Revision 1.37.2.13 / (download) - annotate - [select for diffs], Tue Sep 17 21:23:23 2002 UTC (21 years, 6 months ago) by nathanw
Branch: nathanw_sa
Changes since 1.37.2.12: +10 -10 lines
Diff to previous 1.37.2.12 (colored) to selected 1.22 (colored)

Catch up to -current.

Revision 1.58 / (download) - annotate - [select for diffs], Wed Sep 11 02:41:25 2002 UTC (21 years, 6 months ago) by itojun
Branch: MAIN
Changes since 1.57: +12 -12 lines
Diff to previous 1.57 (colored) to selected 1.22 (colored)

correct signedness mixup in pointer passing.  sync w/kame

Revision 1.41.2.4 / (download) - annotate - [select for diffs], Fri Sep 6 08:49:32 2002 UTC (21 years, 6 months ago) by jdolecek
Branch: kqueue
Changes since 1.41.2.3: +22 -5 lines
Diff to previous 1.41.2.3 (colored) to branchpoint 1.41 (colored) to selected 1.22 (colored)

sync kqueue branch with HEAD

Revision 1.37.2.12 / (download) - annotate - [select for diffs], Thu Aug 1 02:46:51 2002 UTC (21 years, 7 months ago) by nathanw
Branch: nathanw_sa
Changes since 1.37.2.11: +22 -5 lines
Diff to previous 1.37.2.11 (colored) to selected 1.22 (colored)

Catch up to -current.

Revision 1.52.2.3 / (download) - annotate - [select for diffs], Mon Jul 15 10:37:05 2002 UTC (21 years, 8 months ago) by gehenna
Branch: gehenna-devsw
Changes since 1.52.2.2: +22 -5 lines
Diff to previous 1.52.2.2 (colored) to branchpoint 1.52 (colored) next main 1.53 (colored) to selected 1.22 (colored)

catch up with -current.

Revision 1.37.2.11 / (download) - annotate - [select for diffs], Fri Jul 12 01:40:33 2002 UTC (21 years, 8 months ago) by nathanw
Branch: nathanw_sa
Changes since 1.37.2.10: +2 -3 lines
Diff to previous 1.37.2.10 (colored) to selected 1.22 (colored)

No longer need to pull in lwp.h; proc.h pulls it in for us.

Revision 1.57 / (download) - annotate - [select for diffs], Sun Jun 30 22:40:39 2002 UTC (21 years, 8 months ago) by thorpej
Branch: MAIN
CVS Tags: gehenna-devsw-base
Changes since 1.56: +22 -5 lines
Diff to previous 1.56 (colored) to selected 1.22 (colored)

Changes to allow the IPv4 and IPv6 layers to align headers themseves,
as necessary:
* Implement a new mbuf utility routine, m_copyup(), is is like
  m_pullup(), except that it always prepends and copies, rather
  than only doing so if the desired length is larger than m->m_len.
  m_copyup() also allows an offset into the destination mbuf, which
  allows space for packet headers, in the forwarding case.
* Add *_HDR_ALIGNED_P() macros for IP, IPv6, ICMP, and IGMP.  These
  macros expand to 1 if __NO_STRICT_ALIGNMENT is defined, so that
  architectures which do not have strict alignment constraints don't
  pay for the test or visit the new align-if-needed path.
* Use the new macros to check if a header needs to be aligned, or to
  assert that it already is, as appropriate.

Note: This code is still somewhat experimental.  However, the new
code path won't be visited if individual device drivers continue
to guarantee that packets are delivered to layer 3 already properly
aligned (which are rules that are already in use).

Revision 1.37.2.10 / (download) - annotate - [select for diffs], Mon Jun 24 22:11:50 2002 UTC (21 years, 8 months ago) by nathanw
Branch: nathanw_sa
Changes since 1.37.2.9: +3 -3 lines
Diff to previous 1.37.2.9 (colored) to selected 1.22 (colored)

Curproc->curlwp renaming.

Change uses of "curproc->l_proc" back to "curproc", which is more like the
original use. Bare uses of "curproc" are now "curlwp".

"curproc" is now #defined in proc.h as ((curlwp) ? (curlwp)->l_proc) : NULL)
so that it is always safe to reference curproc (*de*referencing curproc
is another story, but that's always been true).

Revision 1.41.2.3 / (download) - annotate - [select for diffs], Sun Jun 23 17:51:15 2002 UTC (21 years, 9 months ago) by jdolecek
Branch: kqueue
Changes since 1.41.2.2: +47 -55 lines
Diff to previous 1.41.2.2 (colored) to branchpoint 1.41 (colored) to selected 1.22 (colored)

catch up with -current on kqueue branch

Revision 1.52.2.2 / (download) - annotate - [select for diffs], Thu Jun 20 15:52:44 2002 UTC (21 years, 9 months ago) by gehenna
Branch: gehenna-devsw
Changes since 1.52.2.1: +43 -47 lines
Diff to previous 1.52.2.1 (colored) to branchpoint 1.52 (colored) to selected 1.22 (colored)

catch up with -current.

Revision 1.37.2.9 / (download) - annotate - [select for diffs], Thu Jun 20 03:49:19 2002 UTC (21 years, 9 months ago) by nathanw
Branch: nathanw_sa
Changes since 1.37.2.8: +47 -55 lines
Diff to previous 1.37.2.8 (colored) to selected 1.22 (colored)

Catch up to -current.

Revision 1.56 / (download) - annotate - [select for diffs], Sun Jun 9 14:43:12 2002 UTC (21 years, 9 months ago) by itojun
Branch: MAIN
Changes since 1.55: +4 -4 lines
Diff to previous 1.55 (colored) to selected 1.22 (colored)

whitespace cleanup

Revision 1.55 / (download) - annotate - [select for diffs], Sat Jun 8 21:22:33 2002 UTC (21 years, 9 months ago) by itojun
Branch: MAIN
Changes since 1.54: +41 -45 lines
Diff to previous 1.54 (colored) to selected 1.22 (colored)

sync with latest KAME in6_ifaddr/prefix/default router manipulation.
behavior changes:
- two iocts used by ndp(8) are now obsolete (backward compat provided).
  use sysctl path instead.
- lo0 does not get ::1 automatically.  it will get ::1 when lo0 comes up.

Revision 1.52.2.1 / (download) - annotate - [select for diffs], Thu May 30 13:52:32 2002 UTC (21 years, 9 months ago) by gehenna
Branch: gehenna-devsw
Changes since 1.52: +5 -9 lines
Diff to previous 1.52 (colored) to selected 1.22 (colored)

Catch up with -current.

Revision 1.54 / (download) - annotate - [select for diffs], Tue May 28 10:11:51 2002 UTC (21 years, 9 months ago) by itojun
Branch: MAIN
Changes since 1.53: +3 -9 lines
Diff to previous 1.53 (colored) to selected 1.22 (colored)

use arc4random() where possible.
XXX is it necessary to do microtime() on tcp syn cache?

Revision 1.53 / (download) - annotate - [select for diffs], Tue May 28 03:04:06 2002 UTC (21 years, 9 months ago) by itojun
Branch: MAIN
Changes since 1.52: +4 -2 lines
Diff to previous 1.52 (colored) to selected 1.22 (colored)

limit number of IPv6 fragments (not the fragment queue size) to
fight against lots-of-frags DoS attacks.  sync w/kame

Revision 1.52 / (download) - annotate - [select for diffs], Sun May 12 15:48:39 2002 UTC (21 years, 10 months ago) by wiz
Branch: MAIN
CVS Tags: netbsd-1-6-base, netbsd-1-6-RELEASE, netbsd-1-6-RC3, netbsd-1-6-RC2, netbsd-1-6-RC1, netbsd-1-6-PATCH001-RELEASE, netbsd-1-6-PATCH001-RC3, netbsd-1-6-PATCH001-RC2, netbsd-1-6-PATCH001-RC1, netbsd-1-6-PATCH001
Branch point for: netbsd-1-6, gehenna-devsw
Changes since 1.51: +3 -3 lines
Diff to previous 1.51 (colored) to selected 1.22 (colored)

Spelling fixes, from Sergey Svishchev in kern/16650.

Revision 1.22.2.5 / (download) - annotate - [select for diffs], Tue Feb 26 20:14:36 2002 UTC (22 years ago) by he
Branch: netbsd-1-5
CVS Tags: netbsd-1-5-PATCH003
Changes since 1.22.2.4: +3 -3 lines
Diff to previous 1.22.2.4 (colored) to branchpoint 1.22 (colored) to selected 1.22 (colored)

Apply patch (requested by martti):
  Fix it so that IPFilter handles IPv6 traffic.

Revision 1.41.2.2 / (download) - annotate - [select for diffs], Thu Jan 10 20:03:20 2002 UTC (22 years, 2 months ago) by thorpej
Branch: kqueue
Changes since 1.41.2.1: +37 -30 lines
Diff to previous 1.41.2.1 (colored) to branchpoint 1.41 (colored) to selected 1.22 (colored)

Sync kqueue branch with -current.

Revision 1.37.2.8 / (download) - annotate - [select for diffs], Tue Jan 8 00:34:19 2002 UTC (22 years, 2 months ago) by nathanw
Branch: nathanw_sa
Changes since 1.37.2.7: +11 -7 lines
Diff to previous 1.37.2.7 (colored) to selected 1.22 (colored)

Catch up to -current.

Revision 1.51 / (download) - annotate - [select for diffs], Sat Dec 22 01:40:03 2001 UTC (22 years, 3 months ago) by itojun
Branch: MAIN
CVS Tags: newlock-base, newlock, ifpoll-base, eeh-devprop-base, eeh-devprop
Changes since 1.50: +4 -2 lines
Diff to previous 1.50 (colored) to selected 1.22 (colored)

make it compile even if NGIF=0

Revision 1.50 / (download) - annotate - [select for diffs], Fri Dec 21 03:58:15 2001 UTC (22 years, 3 months ago) by itojun
Branch: MAIN
Changes since 1.49: +6 -2 lines
Diff to previous 1.49 (colored) to selected 1.22 (colored)

move in6_gif_hlim decl to in6_gif.c.  sync with kame

Revision 1.49 / (download) - annotate - [select for diffs], Tue Dec 18 03:04:03 2001 UTC (22 years, 3 months ago) by itojun
Branch: MAIN
Changes since 1.48: +5 -7 lines
Diff to previous 1.48 (colored) to selected 1.22 (colored)

reduce white space/cosmetic diffs w/kame.

Revision 1.37.2.7 / (download) - annotate - [select for diffs], Wed Nov 14 19:18:09 2001 UTC (22 years, 4 months ago) by nathanw
Branch: nathanw_sa
Changes since 1.37.2.6: +11 -7 lines
Diff to previous 1.37.2.6 (colored) to selected 1.22 (colored)

Catch up to -current.

Revision 1.48 / (download) - annotate - [select for diffs], Tue Nov 13 00:57:01 2001 UTC (22 years, 4 months ago) by lukem
Branch: MAIN
Changes since 1.47: +4 -1 lines
Diff to previous 1.47 (colored) to selected 1.22 (colored)

add RCSIDs

Revision 1.44.2.1 / (download) - annotate - [select for diffs], Mon Nov 12 21:19:31 2001 UTC (22 years, 4 months ago) by thorpej
Branch: thorpej-mips-cache
Changes since 1.44: +8 -7 lines
Diff to previous 1.44 (colored) next main 1.45 (colored) to selected 1.22 (colored)

Sync the thorpej-mips-cache branch with -current.

Revision 1.47 / (download) - annotate - [select for diffs], Fri Nov 2 08:05:48 2001 UTC (22 years, 4 months ago) by itojun
Branch: MAIN
CVS Tags: thorpej-mips-cache-base
Changes since 1.46: +5 -1 lines
Diff to previous 1.46 (colored) to selected 1.22 (colored)

check offset overrun in ip6_nexthdr.

Revision 1.46 / (download) - annotate - [select for diffs], Mon Oct 29 07:02:35 2001 UTC (22 years, 4 months ago) by simonb
Branch: MAIN
Changes since 1.45: +2 -4 lines
Diff to previous 1.45 (colored) to selected 1.22 (colored)

Don't need to include <uvm/uvm_extern.h> just to include <sys/sysctl.h>
anymore.

Revision 1.45 / (download) - annotate - [select for diffs], Wed Oct 24 06:36:38 2001 UTC (22 years, 4 months ago) by itojun
Branch: MAIN
Changes since 1.44: +3 -4 lines
Diff to previous 1.44 (colored) to selected 1.22 (colored)

more whitespace sync with kame

Revision 1.37.2.6 / (download) - annotate - [select for diffs], Mon Oct 22 20:42:02 2001 UTC (22 years, 5 months ago) by nathanw
Branch: nathanw_sa
Changes since 1.37.2.5: +18 -19 lines
Diff to previous 1.37.2.5 (colored) to selected 1.22 (colored)

Catch up to -current.

Revision 1.44 / (download) - annotate - [select for diffs], Tue Oct 16 06:24:44 2001 UTC (22 years, 5 months ago) by itojun
Branch: MAIN
Branch point for: thorpej-mips-cache
Changes since 1.43: +13 -15 lines
Diff to previous 1.43 (colored) to selected 1.22 (colored)

more whitespace/comment sync with kame

Revision 1.43 / (download) - annotate - [select for diffs], Mon Oct 15 09:51:17 2001 UTC (22 years, 5 months ago) by itojun
Branch: MAIN
Changes since 1.42: +6 -5 lines
Diff to previous 1.42 (colored) to selected 1.22 (colored)

implement IPV6_V6ONLY socket option from draft-ietf-ipngwg-rfc2553bis-03.txt.
IPV6_BINDV6ONLY (netbsd only) is deprecated, but still work just like before.

Revision 1.41.2.1 / (download) - annotate - [select for diffs], Sat Aug 25 06:17:05 2001 UTC (22 years, 6 months ago) by thorpej
Branch: kqueue
Changes since 1.41: +2 -2 lines
Diff to previous 1.41 (colored) to selected 1.22 (colored)

Merge Aug 24 -current into the kqueue branch.

Revision 1.37.2.5 / (download) - annotate - [select for diffs], Fri Aug 24 00:12:41 2001 UTC (22 years, 7 months ago) by nathanw
Branch: nathanw_sa
Changes since 1.37.2.4: +2 -2 lines
Diff to previous 1.37.2.4 (colored) to selected 1.22 (colored)

Catch up with -current.

Revision 1.42 / (download) - annotate - [select for diffs], Mon Aug 6 10:25:01 2001 UTC (22 years, 7 months ago) by itojun
Branch: MAIN
CVS Tags: thorpej-devvp-base3, thorpej-devvp-base2, thorpej-devvp-base, thorpej-devvp, pre-chs-ubcperf, post-chs-ubcperf
Changes since 1.41: +2 -2 lines
Diff to previous 1.41 (colored) to selected 1.22 (colored)

cache IPsec policy on in6?pcb.  most of the lookup operations can be bypassed,
especially when it is a connected SOCK_STREAM in6?pcb.  sync with kame.

Revision 1.37.2.4 / (download) - annotate - [select for diffs], Thu Jun 21 20:08:57 2001 UTC (22 years, 9 months ago) by nathanw
Branch: nathanw_sa
Changes since 1.37.2.3: +2 -2 lines
Diff to previous 1.37.2.3 (colored) to selected 1.22 (colored)

Catch up to -current.

Revision 1.8.2.7 / (download) - annotate - [select for diffs], Sat Apr 21 17:46:55 2001 UTC (22 years, 11 months ago) by bouyer
Branch: thorpej_scsipi
Changes since 1.8.2.6: +34 -29 lines
Diff to previous 1.8.2.6 (colored) to branchpoint 1.8 (colored) next main 1.9 (colored) to selected 1.22 (colored)

Sync with HEAD

Revision 1.41 / (download) - annotate - [select for diffs], Fri Apr 13 23:30:26 2001 UTC (22 years, 11 months ago) by thorpej
Branch: MAIN
CVS Tags: thorpej_scsipi_nbase, thorpej_scsipi_beforemerge, thorpej_scsipi_base
Branch point for: kqueue
Changes since 1.40: +2 -2 lines
Diff to previous 1.40 (colored) to selected 1.22 (colored)

Remove the use of splimp() from the NetBSD kernel.  splnet()
and only splnet() is allowed for the protection of data structures
used by network devices.

Revision 1.37.2.3 / (download) - annotate - [select for diffs], Mon Apr 9 01:58:39 2001 UTC (22 years, 11 months ago) by nathanw
Branch: nathanw_sa
Changes since 1.37.2.2: +62 -32 lines
Diff to previous 1.37.2.2 (colored) to selected 1.22 (colored)

Catch up with -current.

Revision 1.22.2.4 / (download) - annotate - [select for diffs], Fri Apr 6 01:37:35 2001 UTC (22 years, 11 months ago) by he
Branch: netbsd-1-5
CVS Tags: netbsd-1-5-PATCH002, netbsd-1-5-PATCH001
Changes since 1.22.2.3: +9 -1 lines
Diff to previous 1.22.2.3 (colored) to branchpoint 1.22 (colored) to selected 1.22 (colored)

Pull up revision 1.39 (via patch, requested by itojun):
  Record IPsec packet history in m_aux structure.  Let ipfilter
  look at wire-format packet only (not the decapsulated ones), so
  that VPN setting can work with NAT/ipfilter settings.

Revision 1.40 / (download) - annotate - [select for diffs], Fri Mar 30 11:08:57 2001 UTC (22 years, 11 months ago) by itojun
Branch: MAIN
Changes since 1.39: +33 -28 lines
Diff to previous 1.39 (colored) to selected 1.22 (colored)

enable FAKE_LOOPBACK_IF case by default.
now traffic on loopback interface will be presented to bpf as normal wire
format packet (without KAME scopeid in s6_addr16[1]).

fix KAME PR 250 (host mistakenly accepts packets to fe80::x%lo0).

sync with kame.

Revision 1.8.2.6 / (download) - annotate - [select for diffs], Tue Mar 27 15:32:37 2001 UTC (22 years, 11 months ago) by bouyer
Branch: thorpej_scsipi
Changes since 1.8.2.5: +31 -6 lines
Diff to previous 1.8.2.5 (colored) to branchpoint 1.8 (colored) to selected 1.22 (colored)

Sync with HEAD.

Revision 1.39 / (download) - annotate - [select for diffs], Wed Mar 21 19:12:56 2001 UTC (23 years ago) by itojun
Branch: MAIN
Changes since 1.38: +18 -7 lines
Diff to previous 1.38 (colored) to selected 1.22 (colored)

do not inject packets to ipfilter, if the packet went through IPsec tunnel.
http://www.netbsd.org/Documentation/network/ipsec/#ipf-interaction

Revision 1.38 / (download) - annotate - [select for diffs], Fri Mar 16 12:22:34 2001 UTC (23 years ago) by itojun
Branch: MAIN
Changes since 1.37: +15 -1 lines
Diff to previous 1.37 (colored) to selected 1.22 (colored)

drop packets with link-local addresses,
if (internally-used) interface ID portion is already filled.  sync with kame

Revision 1.37.2.2 / (download) - annotate - [select for diffs], Tue Mar 13 20:29:50 2001 UTC (23 years ago) by nathanw
Branch: nathanw_sa
Changes since 1.37.2.1: +2 -2 lines
Diff to previous 1.37.2.1 (colored) to selected 1.22 (colored)

Be more careful not to dereference curproc when there might not be
a process context.

Revision 1.8.2.5 / (download) - annotate - [select for diffs], Mon Mar 12 13:31:55 2001 UTC (23 years ago) by bouyer
Branch: thorpej_scsipi
Changes since 1.8.2.4: +20 -2 lines
Diff to previous 1.8.2.4 (colored) to branchpoint 1.8 (colored) to selected 1.22 (colored)

Sync with HEAD.

Revision 1.22.2.3 / (download) - annotate - [select for diffs], Sun Mar 11 21:12:36 2001 UTC (23 years ago) by he
Branch: netbsd-1-5
Changes since 1.22.2.2: +18 -1 lines
Diff to previous 1.22.2.2 (colored) to branchpoint 1.22 (colored) to selected 1.22 (colored)

Pull up revision 1.37 (requested by itojun):
  Ensure that we enforce inbound IPsec policy on all IP protocols,
  not just TCP, UDP and ICMP.

Revision 1.37.2.1 / (download) - annotate - [select for diffs], Mon Mar 5 22:49:57 2001 UTC (23 years ago) by nathanw
Branch: nathanw_sa
Changes since 1.37: +3 -2 lines
Diff to previous 1.37 (colored) to selected 1.22 (colored)

Initial commit of scheduler activations and lightweight process support.

Revision 1.37 / (download) - annotate - [select for diffs], Thu Mar 1 16:31:41 2001 UTC (23 years ago) by itojun
Branch: MAIN
Branch point for: nathanw_sa
Changes since 1.36: +19 -2 lines
Diff to previous 1.36 (colored) to selected 1.22 (colored)

make sure to enforce inbound ipsec policy checking, for any protocols on top
of ip (check it when final header is visited).  sync with kame.
XXX kame team will need to re-check policy engine code

Revision 1.36 / (download) - annotate - [select for diffs], Sat Feb 24 00:02:16 2001 UTC (23 years ago) by cgd
Branch: MAIN
Changes since 1.35: +2 -1 lines
Diff to previous 1.35 (colored) to selected 1.22 (colored)

C requires that labels be followed by statements.

Revision 1.8.2.4 / (download) - annotate - [select for diffs], Sun Feb 11 19:17:25 2001 UTC (23 years, 1 month ago) by bouyer
Branch: thorpej_scsipi
Changes since 1.8.2.3: +136 -154 lines
Diff to previous 1.8.2.3 (colored) to branchpoint 1.8 (colored) to selected 1.22 (colored)

Sync with HEAD.

Revision 1.35 / (download) - annotate - [select for diffs], Sat Feb 10 04:14:28 2001 UTC (23 years, 1 month ago) by itojun
Branch: MAIN
Changes since 1.34: +134 -152 lines
Diff to previous 1.34 (colored) to selected 1.22 (colored)

to sync with kame better, (1) remove register declaration for variables,
(2) sync whitespaces, (3) update comments. (4) bring in some of portability
and logging enhancements.  no functional changes here.

Revision 1.34 / (download) - annotate - [select for diffs], Wed Feb 7 08:59:48 2001 UTC (23 years, 1 month ago) by itojun
Branch: MAIN
Changes since 1.33: +4 -4 lines
Diff to previous 1.33 (colored) to selected 1.22 (colored)

during ip6/icmp6 inbound packet processing, do not call log() nor printf() in
normal operation (/var can get filled up by flodding bogus packets).
sysctl net.inet6.icmp6.nd6_debug will turn on diagnostic messages.
(#define ND6_DEBUG will turn it on by default)

improve stats in ND6 code.

lots of synchronziation with kame (including comments and cometic ones).

Revision 1.8.2.3 / (download) - annotate - [select for diffs], Fri Jan 5 17:36:56 2001 UTC (23 years, 2 months ago) by bouyer
Branch: thorpej_scsipi
Changes since 1.8.2.2: +10 -2 lines
Diff to previous 1.8.2.2 (colored) to branchpoint 1.8 (colored) to selected 1.22 (colored)

Sync with HEAD

Revision 1.33 / (download) - annotate - [select for diffs], Thu Dec 28 21:41:00 2000 UTC (23 years, 2 months ago) by thorpej
Branch: MAIN
Changes since 1.32: +3 -3 lines
Diff to previous 1.32 (colored) to selected 1.22 (colored)

Back out the sledgehammer damage applied by wiz while I was out for
the holiday.

Revision 1.32 / (download) - annotate - [select for diffs], Mon Dec 25 02:00:48 2000 UTC (23 years, 2 months ago) by wiz
Branch: MAIN
Changes since 1.31: +2 -2 lines
Diff to previous 1.31 (colored) to selected 1.22 (colored)

Back out previous change. It causes NAT to fail, and was CLEARLY
NOT TESTED before it was committed.

Revision 1.31 / (download) - annotate - [select for diffs], Fri Dec 22 20:01:18 2000 UTC (23 years, 3 months ago) by thorpej
Branch: MAIN
Changes since 1.30: +3 -3 lines
Diff to previous 1.30 (colored) to selected 1.22 (colored)

Slight adjustment to how pfil_head's are registered.  Instead of a
"key" and a "dlt", use a "type" (PFIL_TYPE_{AF,IFNET} for now) and
a val/ptr appropriate for that type.  This allows for more future
flexibility with the pfil_hook mechanism.

Revision 1.30 / (download) - annotate - [select for diffs], Thu Dec 14 17:36:45 2000 UTC (23 years, 3 months ago) by thorpej
Branch: MAIN
Changes since 1.29: +9 -1 lines
Diff to previous 1.29 (colored) to selected 1.22 (colored)

Add ALTQ glue.  XXX Temporary until ALTQ is changed to use a pfil hook.

Revision 1.8.2.2 / (download) - annotate - [select for diffs], Wed Nov 22 16:06:22 2000 UTC (23 years, 4 months ago) by bouyer
Branch: thorpej_scsipi
Changes since 1.8.2.1: +21 -19 lines
Diff to previous 1.8.2.1 (colored) to branchpoint 1.8 (colored) to selected 1.22 (colored)

Sync with HEAD.

Revision 1.8.2.1 / (download) - annotate - [select for diffs], Mon Nov 20 18:10:51 2000 UTC (23 years, 4 months ago) by bouyer
Branch: thorpej_scsipi
Changes since 1.8: +604 -164 lines
Diff to previous 1.8 (colored) to selected 1.22 (colored)

Update thorpej_scsipi to -current as of a month ago

Revision 1.29 / (download) - annotate - [select for diffs], Sat Nov 11 00:52:39 2000 UTC (23 years, 4 months ago) by thorpej
Branch: MAIN
Changes since 1.28: +21 -19 lines
Diff to previous 1.28 (colored) to selected 1.22 (colored)

Restructure the PFIL_HOOKS mechanism a bit:
- All packets are passed to PFIL_HOOKS as they come off the wire, i.e.
  fields in protocol headers in network order, etc.
- Allow for multiple hooks to be registered, using a "key" and a "dlt".
  The "dlt" is a BPF data link type, indicating what type of header is
  present.
- INET and INET6 register with key == AF_INET or AF_INET6, and
  dlt == DLT_RAW.
- PFIL_HOOKS now take an argument for the filter hook, and mbuf **,
  an ifnet *, and a direction (PFIL_IN or PFIL_OUT), thus making them
  less IP (really, IP Filter) centric.

Maintain compatibility with IP Filter by adding wrapper functions for
IP Filter.

Revision 1.28 / (download) - annotate - [select for diffs], Mon Oct 23 03:45:25 2000 UTC (23 years, 5 months ago) by itojun
Branch: MAIN
Changes since 1.27: +2 -2 lines
Diff to previous 1.27 (colored) to selected 1.22 (colored)

make IFA_STATS really work on IPv6.

Revision 1.27 / (download) - annotate - [select for diffs], Thu Aug 31 07:35:44 2000 UTC (23 years, 6 months ago) by itojun
Branch: MAIN
Changes since 1.26: +4 -4 lines
Diff to previous 1.26 (colored) to selected 1.22 (colored)

add missing \n on log().  sync with kame

Revision 1.22.2.2 / (download) - annotate - [select for diffs], Sun Aug 27 01:25:08 2000 UTC (23 years, 6 months ago) by itojun
Branch: netbsd-1-5
CVS Tags: netbsd-1-5-RELEASE, netbsd-1-5-BETA2, netbsd-1-5-BETA
Changes since 1.22.2.1: +56 -2 lines
Diff to previous 1.22.2.1 (colored) to branchpoint 1.22 (colored) to selected 1.22 (colored)

pullup (approved by releng-1-5)

 > implement net.inet6.ip6.{anon,low}port{min,max} sysctl variable.

 > cvs rdiff -r1.67 -r1.68 basesrc/lib/libc/gen/sysctl.3
 > cvs rdiff -r1.53 -r1.54 basesrc/sbin/sysctl/sysctl.8
 > cvs rdiff -r1.18 -r1.19 syssrc/sys/netinet6/in6.h
 > cvs rdiff -r1.29 -r1.30 syssrc/sys/netinet6/in6_pcb.c
 > cvs rdiff -r1.3 -r1.4 syssrc/sys/netinet6/in6_src.c
 > cvs rdiff -r1.25 -r1.26 syssrc/sys/netinet6/ip6_input.c
 > cvs rdiff -r1.14 -r1.15 syssrc/sys/netinet6/ip6_var.h

Revision 1.26 / (download) - annotate - [select for diffs], Sat Aug 26 11:03:46 2000 UTC (23 years, 6 months ago) by itojun
Branch: MAIN
Changes since 1.25: +56 -2 lines
Diff to previous 1.25 (colored) to selected 1.22 (colored)

implement net.inet6.ip6.{anon,low}port{min,max} sysctl variable.

Revision 1.25 / (download) - annotate - [select for diffs], Thu Jul 6 12:36:19 2000 UTC (23 years, 8 months ago) by itojun
Branch: MAIN
Changes since 1.24: +21 -2 lines
Diff to previous 1.24 (colored) to selected 1.22 (colored)

- do not use bitfield for router renumbering header.
- add protection mechanism against ND cache corruption due to bad NUD hints.
- more stats
- icmp6 pps limitation.  TOOD: should implement ppsratecheck(9).

Revision 1.22.2.1 / (download) - annotate - [select for diffs], Mon Jul 3 22:48:19 2000 UTC (23 years, 8 months ago) by thorpej
Branch: netbsd-1-5
CVS Tags: netbsd-1-5-ALPHA2
Changes since 1.22: +14 -5 lines
Diff to previous 1.22 (colored)

Pull up rev. 1.24:
drop packet to tentative/duplicated interface address earlier.  sync w/kame

Revision 1.24 / (download) - annotate - [select for diffs], Sun Jul 2 09:56:39 2000 UTC (23 years, 8 months ago) by itojun
Branch: MAIN
Changes since 1.23: +14 -5 lines
Diff to previous 1.23 (colored) to selected 1.22 (colored)

drop packet to tentative/duplicated interface address earlier.  sync w/kame

Revision 1.23 / (download) - annotate - [select for diffs], Wed Jun 28 03:04:03 2000 UTC (23 years, 8 months ago) by mrg
Branch: MAIN
Changes since 1.22: +2 -2 lines
Diff to previous 1.22 (colored)

<vm/vm.h> -> <uvm/uvm_extern.h>

Revision 1.21.2.1 / (download) - annotate - [select for diffs], Thu Jun 22 17:10:01 2000 UTC (23 years, 9 months ago) by minoura
Branch: minoura-xpg4dl
Changes since 1.21: +100 -58 lines
Diff to previous 1.21 (colored) next main 1.22 (colored)

Sync w/ netbsd-1-5-base.

Revision 1.22 / (download) - annotate - [selected], Tue Jun 13 14:43:44 2000 UTC (23 years, 9 months ago) by itojun
Branch: MAIN
CVS Tags: netbsd-1-5-base
Branch point for: netbsd-1-5
Changes since 1.21: +100 -58 lines
Diff to previous 1.21 (colored)

do not use cached route if the route becomes !RTF_UP.
make the validation for jumbo payload option more strict.

Revision 1.21 / (download) - annotate - [select for diffs], Fri May 19 20:09:27 2000 UTC (23 years, 10 months ago) by itojun
Branch: MAIN
CVS Tags: minoura-xpg4dl-base
Branch point for: minoura-xpg4dl
Changes since 1.20: +21 -41 lines
Diff to previous 1.20 (colored) to selected 1.22 (colored)

correct manipulation of link-local scoped address on loopback.
now "telnet fe80::1%lo0" should work again.
(we have another bug near here - will attack it soon)

Revision 1.20 / (download) - annotate - [select for diffs], Wed Apr 12 10:36:45 2000 UTC (23 years, 11 months ago) by itojun
Branch: MAIN
Changes since 1.19: +2 -7 lines
Diff to previous 1.19 (colored) to selected 1.22 (colored)

revisit in6_ifattach().
- be persistent on initializing interfaces, even if there's manually-
  assigned linklocal, multicast/whatever initialization is necessary.
- do not cache mac addr in the kernel.  grab mac addr from existing cards
  (this is important when you swap ethernet cards back and forth)
now ppp6 works just fine!

call in6_ifattach() on ATM PVC interface to assign link-local, using
hardware MAC address as seed.

(the change is in sync with kame tree).

Revision 1.19 / (download) - annotate - [select for diffs], Thu Mar 23 07:03:30 2000 UTC (24 years ago) by thorpej
Branch: MAIN
Changes since 1.18: +5 -3 lines
Diff to previous 1.18 (colored) to selected 1.22 (colored)

New callout mechanism with two major improvements over the old
timeout()/untimeout() API:
- Clients supply callout handle storage, thus eliminating problems of
  resource allocation.
- Insertion and removal of callouts is constant time, important as
  this facility is used quite a lot in the kernel.

The old timeout()/untimeout() API has been removed from the kernel.

Revision 1.18 / (download) - annotate - [select for diffs], Tue Mar 21 23:53:30 2000 UTC (24 years ago) by itojun
Branch: MAIN
Changes since 1.17: +110 -1 lines
Diff to previous 1.17 (colored) to selected 1.22 (colored)

cleanup AH/policy processing.
- parse IPv6 header by using common function, ip6_{last,next}hdr.
- fix behaivior in multiple AH cases.
  make strict boundary checks on mbuf chasing.
(sync with latest kame)

Revision 1.17 / (download) - annotate - [select for diffs], Tue Mar 21 11:05:12 2000 UTC (24 years ago) by itojun
Branch: MAIN
Changes since 1.16: +8 -3 lines
Diff to previous 1.16 (colored) to selected 1.22 (colored)

#if 0'ed too strong sanity check against packets with v4 compatible addresses.
we may want to re-enable it whenever mech-xx clarifies router behavior
against native IPv6 packet with IPv4 compatible addresses.

Revision 1.16 / (download) - annotate - [select for diffs], Sun Feb 20 00:56:43 2000 UTC (24 years, 1 month ago) by darrenr
Branch: MAIN
Changes since 1.15: +2 -2 lines
Diff to previous 1.15 (colored) to selected 1.22 (colored)

pass "struct pfil_head *" to pfil_add_hook and pfil_remove hook rather
than "struct protosw *".

Revision 1.15 / (download) - annotate - [select for diffs], Thu Feb 17 10:59:39 2000 UTC (24 years, 1 month ago) by darrenr
Branch: MAIN
Changes since 1.14: +34 -2 lines
Diff to previous 1.14 (colored) to selected 1.22 (colored)

Change the use of pfil hooks.  There is no longer a single list of all
pfil information, instead, struct protosw now contains a structure
which caontains list heads, etc.  The per-protosw pfil struct is passed
to pfil_hook_get(), along with an in/out flag to get the head of the
relevant filter list.  This has been done for only IPv4 and IPv6, at
present, with these patches only enabling filtering for IPPROTO_IP and
IPPROTO_IPV6, although it is possible to have tcp/udp, etc, dedicated
filters now also.  The ipfilter code has been updated to only filter
IPv4 packets - next major release of ipfilter is required for ipv6.

Revision 1.14 / (download) - annotate - [select for diffs], Sun Feb 6 12:49:45 2000 UTC (24 years, 1 month ago) by itojun
Branch: MAIN
CVS Tags: chs-ubc2-newbase
Changes since 1.13: +3 -3 lines
Diff to previous 1.13 (colored) to selected 1.22 (colored)

fix include pathname for better rfc2292 compliance.

Revision 1.13 / (download) - annotate - [select for diffs], Mon Jan 31 10:33:22 2000 UTC (24 years, 1 month ago) by itojun
Branch: MAIN
Changes since 1.12: +24 -1 lines
Diff to previous 1.12 (colored) to selected 1.22 (colored)

be proactive about malicious packet on the wire.  we fear that v4 mapped
address to be used as a tool to hose security filters (like bypassing
"local host only" filter by using ::ffff:127.0.0.1).

Revision 1.12 / (download) - annotate - [select for diffs], Thu Jan 6 15:46:09 2000 UTC (24 years, 2 months ago) by itojun
Branch: MAIN
Changes since 1.11: +5 -121 lines
Diff to previous 1.11 (colored) to selected 1.22 (colored)

remove extra portability #ifdef (like #ifdef __FreeBSD__) in KAME IPv6/IPsec
code, from netbsd-current repository.
#ifdef'ed version is always available from ftp.kame.net.

XXX please do not make too many diff-unfriendly changes, we'll need to take
bunch of diffs on upgrade...

Revision 1.11 / (download) - annotate - [select for diffs], Thu Jan 6 06:41:19 2000 UTC (24 years, 2 months ago) by itojun
Branch: MAIN
Changes since 1.10: +8 -3 lines
Diff to previous 1.10 (colored) to selected 1.22 (colored)

make IPV6_BINDV6ONLY setsockopt available.  it controls behavior of
AF_INET6 wildcard listening socket.  heavily documented in ip6(4).
net.inet6.ip6.bindv6only defines default value.  default is 1.

"options INET6_BINDV6ONLY" removes any code fragment that supports
IPV6_BINDV6ONLY == 0 case (not defopt'ed as use of this is rare).

Revision 1.10 / (download) - annotate - [select for diffs], Thu Jan 6 02:52:29 2000 UTC (24 years, 2 months ago) by itojun
Branch: MAIN
Changes since 1.9: +3 -1 lines
Diff to previous 1.9 (colored) to selected 1.22 (colored)

add missing net.inet6.ip6.rr_prune case.

Revision 1.8.8.1 / (download) - annotate - [select for diffs], Mon Dec 27 18:36:25 1999 UTC (24 years, 2 months ago) by wrstuden
Branch: wrstuden-devbsize
Changes since 1.8: +340 -61 lines
Diff to previous 1.8 (colored) next main 1.9 (colored) to selected 1.22 (colored)

Pull up to last week's -current.

Revision 1.9 / (download) - annotate - [select for diffs], Mon Dec 13 15:17:22 1999 UTC (24 years, 3 months ago) by itojun
Branch: MAIN
CVS Tags: wrstuden-devbsize-base, wrstuden-devbsize-19991221
Changes since 1.8: +340 -61 lines
Diff to previous 1.8 (colored) to selected 1.22 (colored)

sync IPv6 part with latest KAME tree.   IPsec part is left unmodified
due to massive changes in KAME side.
- IPv6 output goes through nd6_output
- faith can capture IPv4 packets as well - you can run IPv4-to-IPv6 translator
  using heavily modified DNS servers
- per-interface statistics (required for IPv6 MIB)
- interface autoconfig is revisited
- udp input handling has a big change for mapped address support.
- introduce in4_cksum() for non-overwriting checksumming
- introduce m_pulldown()
- neighbor discovery cleanups/improvements
- netinet/in.h strictly conforms to RFC2553 (no extra defs visible to userland)
- IFA_STATS is fixed a bit (not tested)
- and more more more.

TODO:
- cleanup os-independency #ifdef
- avoid rcvif dual use (for IPsec) to help ifdetach

(sorry for jumbo commit, I can't separate this any more...)

Revision 1.1.2.3 / (download) - annotate - [select for diffs], Tue Nov 30 13:35:53 1999 UTC (24 years, 3 months ago) by itojun
Branch: kame
CVS Tags: kame_141_19991130
Changes since 1.1.2.2: +374 -59 lines
Diff to previous 1.1.2.2 (colored) next main 1.2 (colored) to selected 1.22 (colored)

bring in latest KAME (as of 19991130, KAME/NetBSD141) into kame branch
just for reference purposes.
This commit includes 1.4 -> 1.4.1 sync for kame branch.

The branch does not compile at all (due to the lack of ALTQ and some other
source code).  Please do not try to modify the branch, this is just for
referenre purposes.

synchronization to latest KAME will take place on HEAD branch soon.

Revision 1.8 / (download) - annotate - [select for diffs], Fri Oct 1 10:15:16 1999 UTC (24 years, 5 months ago) by itojun
Branch: MAIN
CVS Tags: fvdl-softdep-base, fvdl-softdep, comdex-fall-1999-base, comdex-fall-1999
Branch point for: wrstuden-devbsize, thorpej_scsipi
Changes since 1.7: +18 -1 lines
Diff to previous 1.7 (colored) to selected 1.22 (colored)

sanity check against truncated extension headers.

Revision 1.7 / (download) - annotate - [select for diffs], Sat Aug 7 12:33:04 1999 UTC (24 years, 7 months ago) by itojun
Branch: MAIN
Changes since 1.6: +1 -3 lines
Diff to previous 1.6 (colored) to selected 1.22 (colored)

remove invalid initialization if in6_iflladdr.

Revision 1.2.2.3 / (download) - annotate - [select for diffs], Mon Aug 2 22:36:05 1999 UTC (24 years, 7 months ago) by thorpej
Branch: chs-ubc2
Changes since 1.2.2.2: +10 -5 lines
Diff to previous 1.2.2.2 (colored) next main 1.3 (colored) to selected 1.22 (colored)

Update from trunk.

Revision 1.6 / (download) - annotate - [select for diffs], Sat Jul 31 18:41:16 1999 UTC (24 years, 7 months ago) by itojun
Branch: MAIN
CVS Tags: chs-ubc2-base
Changes since 1.5: +3 -1 lines
Diff to previous 1.5 (colored) to selected 1.22 (colored)

sync with recent KAME.
- loosen ipsec restriction on packet diredtion.
- revise icmp6 redirect handling on IsRouter bit.
- tcp/udp notification processing (link-local address case)
- cosmetic fixes (better code share across *BSD).

Revision 1.5 / (download) - annotate - [select for diffs], Thu Jul 22 03:59:42 1999 UTC (24 years, 8 months ago) by itojun
Branch: MAIN
Changes since 1.4: +6 -6 lines
Diff to previous 1.4 (colored) to selected 1.22 (colored)

change unnecessary u_long/long into u_int32_t or something relevant.
more fixes should follow.

Revision 1.4 / (download) - annotate - [select for diffs], Fri Jul 9 22:57:27 1999 UTC (24 years, 8 months ago) by thorpej
Branch: MAIN
Changes since 1.3: +2 -1 lines
Diff to previous 1.3 (colored) to selected 1.22 (colored)

defopt IPSEC and IPSEC_ESP (both into opt_ipsec.h).

Revision 1.1.2.2 / (download) - annotate - [select for diffs], Tue Jul 6 11:03:01 1999 UTC (24 years, 8 months ago) by itojun
Branch: kame
CVS Tags: kame_14_19990705
Changes since 1.1.2.1: +0 -9 lines
Diff to previous 1.1.2.1 (colored) to selected 1.22 (colored)

KAME/NetBSD 1.4, SNAP kit 1999/07/05.
NOTE: this branch is just for reference purposes (i.e. for taking cvs diff).
do not touch anything on the branch.  actual work must be done on HEAD branch.

Revision 1.3 / (download) - annotate - [select for diffs], Sat Jul 3 21:30:18 1999 UTC (24 years, 8 months ago) by thorpej
Branch: MAIN
Changes since 1.2: +2 -0 lines
Diff to previous 1.2 (colored) to selected 1.22 (colored)

RCS ID police.

Revision 1.2.2.2 / (download) - annotate - [select for diffs], Thu Jul 1 23:48:28 1999 UTC (24 years, 8 months ago) by thorpej
Branch: chs-ubc2
Changes since 1.2.2.1: +1017 -0 lines
Diff to previous 1.2.2.1 (colored) to selected 1.22 (colored)

Sync w/ -current.

Revision 1.2.2.1, Thu Jul 1 08:12:55 1999 UTC (24 years, 8 months ago) by thorpej
Branch: chs-ubc2
Changes since 1.2: +0 -1017 lines
FILE REMOVED

file ip6_input.c was added on branch chs-ubc2 on 1999-07-01 23:48:28 +0000

Revision 1.2 / (download) - annotate - [select for diffs], Thu Jul 1 08:12:55 1999 UTC (24 years, 8 months ago) by itojun
Branch: MAIN
Branch point for: chs-ubc2
Changes since 1.1: +1017 -0 lines
Diff to previous 1.1 (colored) to selected 1.22 (colored)

IPv6 kernel code, based on KAME/NetBSD 1.4, SNAP kit 19990628.
(Sorry for a big commit, I can't separate this into several pieces...)
Pls check sys/netinet6/TODO and sys/netinet6/IMPLEMENTATION for details.

- sys/kern: do not assume single mbuf, accept chained mbuf on passing
  data from userland to kernel (or other way round).
- "midway" ATM card: ATM PVC pseudo device support, like those done in ALTQ
  package (ftp://ftp.csl.sony.co.jp/pub/kjc/).
- sys/netinet/tcp*: IPv4/v6 dual stack tcp support.
- sys/netinet/{ip6,icmp6}.h, sys/net/pfkeyv2.h: IETF document assumes those
  file to be there so we patch it up.
- sys/netinet: IPsec additions are here and there.
- sys/netinet6/*: most of IPv6 code sits here.
- sys/netkey: IPsec key management code
- dev/pci/pcidevs: regen

In my understanding no code here is subject to export control so it
should be safe.

Revision 1.1.2.1 / (download) - annotate - [select for diffs], Mon Jun 28 06:37:05 1999 UTC (24 years, 8 months ago) by itojun
Branch: kame
CVS Tags: kame_14_19990628
Changes since 1.1: +1026 -0 lines
Diff to previous 1.1 (colored) to selected 1.22 (colored)

KAME/NetBSD 1.4 SNAP kit, dated 19990628.

NOTE: this branch (kame) is used just for refernce.  this may not compile
due to multiple reasons.

Revision 1.1, Mon Jun 28 06:37:05 1999 UTC (24 years, 8 months ago) by itojun
Branch: MAIN
Branch point for: kame
FILE REMOVED

file ip6_input.c was initially added on branch kame.

This form allows you to request diff's between any two revisions of a file. You may select a symbolic revision name using the selection box or you may type in a numeric name using the type-in text box.




CVSweb <webmaster@jp.NetBSD.org>