| #
1.7 |
|
14-Nov-2018 |
dlg |
provide ip_tos_patch() for setting ip_tos and patching the ipv4 cksum.
previously the gif code would patch the tos field and not recalc
the cksum, which would cause ip input code to drop the packet due
to a cksum failure. the ipip code patched ip_tos and unconditionally
recalculated the cksum, making it correct, but also wiping out any
errors that may have been present before the recalculation. updating
the cksum rather than replacing it lets cksum failures still fire.
ip_tos_patch() is provided in the ecn code since it's because of ecn
propagation that we need to update the tos field. internally it
works like pf_patch_8 and pf_cksum_fixup, but since pf is optional
it rolls its own code. procter may fix that in the future...
ok claudio@
|
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE OPENBSD_5_6_BASE OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE OPENBSD_6_3_BASE OPENBSD_6_4_BASE
|
|
| #
1.6 |
|
15-Mar-2012 |
markus |
improve IPsec/ENC interaction:
- ipip_input() recalculate the IP header checksum if the tos bits
are changed after decapsulation. Otherwise these packets are
dropped later in the stack.
- ip_ecn_egress(): do not drop packets for IPsec if the outter
packet of a Tunnel has the ECN-CE bit set (Congestion Experienced)
and the inner packet does not indicate support ECN.
- remove unused ip6_ecn_ingress(), ip6_ecn_egress() code
ok mikeb@
|
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE OPENBSD_3_4_BASE OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE SMP_SYNC_A SMP_SYNC_B UBC_SYNC_A UBC_SYNC_B
|
|
| #
1.5 |
|
16-May-2002 |
kjc |
bring in ECN support from KAME.
it consists of
- ECN support in TCP
- tunnel-egress and fragment reassembly rules in layer-3 not to lose
congestion info at tunnel-egress and fragment reassembly
to enable ECN in TCP, build a kernel with TCP_ECN, and then,
turn it on by "sysctl -w net.inet.tcp.ecn=1".
ok deraadt@
|
|
Revision tags: OPENBSD_3_1_BASE
|
|
| #
1.4 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
|
Revision tags: OPENBSD_3_0_BASE UBC_BASE
|
|
| #
1.3 |
|
09-Jun-2001 |
angelos |
branches: 1.3.4;
Inclusion protection.
|
|
Revision tags: OPENBSD_2_9_BASE
|
|
| #
1.2 |
|
16-Feb-2001 |
itojun |
sync whitespace/comment with kame. to help merge tasks
|
|
Revision tags: OPENBSD_2_7_BASE OPENBSD_2_8_BASE SMP_BASE kame_19991208
|
|
| #
1.1 |
|
08-Dec-1999 |
itojun |
branches: 1.1.2;
bring in KAME IPv6 code, dated 19991208.
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support.
see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine
as well, but you'll need KAME userland tools to play with IPv6 (will be
bringed into soon).
|
|
Revision tags: OPENBSD_5_2_BASE OPENBSD_5_3_BASE OPENBSD_5_4_BASE OPENBSD_5_5_BASE OPENBSD_5_6_BASE OPENBSD_5_7_BASE OPENBSD_5_8_BASE OPENBSD_5_9_BASE OPENBSD_6_0_BASE OPENBSD_6_1_BASE OPENBSD_6_2_BASE
|
|
| #
1.6 |
|
15-Mar-2012 |
markus |
improve IPsec/ENC interaction:
- ipip_input() recalculate the IP header checksum if the tos bits
are changed after decapsulation. Otherwise these packets are
dropped later in the stack.
- ip_ecn_egress(): do not drop packets for IPsec if the outter
packet of a Tunnel has the ECN-CE bit set (Congestion Experienced)
and the inner packet does not indicate support ECN.
- remove unused ip6_ecn_ingress(), ip6_ecn_egress() code
ok mikeb@
|
|
Revision tags: OPENBSD_3_2_BASE OPENBSD_3_3_BASE OPENBSD_3_4_BASE OPENBSD_3_5_BASE OPENBSD_3_6_BASE OPENBSD_3_7_BASE OPENBSD_3_8_BASE OPENBSD_3_9_BASE OPENBSD_4_0_BASE OPENBSD_4_1_BASE OPENBSD_4_2_BASE OPENBSD_4_3_BASE OPENBSD_4_4_BASE OPENBSD_4_5_BASE OPENBSD_4_6_BASE OPENBSD_4_7_BASE OPENBSD_4_8_BASE OPENBSD_4_9_BASE OPENBSD_5_0_BASE OPENBSD_5_1_BASE SMP_SYNC_A SMP_SYNC_B UBC_SYNC_A UBC_SYNC_B
|
|
| #
1.5 |
|
16-May-2002 |
kjc |
bring in ECN support from KAME.
it consists of
- ECN support in TCP
- tunnel-egress and fragment reassembly rules in layer-3 not to lose
congestion info at tunnel-egress and fragment reassembly
to enable ECN in TCP, build a kernel with TCP_ECN, and then,
turn it on by "sysctl -w net.inet.tcp.ecn=1".
ok deraadt@
|
|
Revision tags: OPENBSD_3_1_BASE
|
|
| #
1.4 |
|
14-Mar-2002 |
millert |
First round of __P removal in sys
|
|
Revision tags: OPENBSD_3_0_BASE UBC_BASE
|
|
| #
1.3 |
|
09-Jun-2001 |
angelos |
branches: 1.3.4;
Inclusion protection.
|
|
Revision tags: OPENBSD_2_9_BASE
|
|
| #
1.2 |
|
16-Feb-2001 |
itojun |
sync whitespace/comment with kame. to help merge tasks
|
|
Revision tags: OPENBSD_2_7_BASE OPENBSD_2_8_BASE SMP_BASE kame_19991208
|
|
| #
1.1 |
|
08-Dec-1999 |
itojun |
branches: 1.1.2;
bring in KAME IPv6 code, dated 19991208.
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support.
see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine
as well, but you'll need KAME userland tools to play with IPv6 (will be
bringed into soon).
|