wireguard-openbsd - WireGuard implementation for the OpenBSD kernel

	Commit message (Collapse)	Author	Age	Files	Lines
*	Unused switch_port variable.	akoshibe	2019-05-12	1	-4/+1
\|
*	Add port protection support to switch(4). The behavior copies that of	akoshibe	2019-05-10	1	-2/+16
\| \| \| \| \| \| \| \| \| \| \| \| \|	bridge(4), where the SIOCBRDGSIFPROT ioctl can be used to add a port to up to 31 protected domains. This allows configuration by specifying a list of IDs to the 'protected' option in ifconfig(8): # ifconfig switch0 protected pair1 1,2,.. Domain membership is checked for unicast, flooded (broadcast), and local (host-network-bound, e.g. trunk) traffic. OK benno@
*	Removes the KERNEL_LOCK() from bridge(4)'s output fast-path.	mpi	2019-04-28	1	-2/+2
\| \| \| \| \| \| \| \|	This redefines the ifp <-> bridge relationship. No lock can be currently used across the multiples contexts where the bridge has tentacles to protect a pointer, use an interface index. Tested by various, ok dlg@, visa@
*	Fix mbuf releated crashes in switch(4). They have been found by	bluhm	2018-12-28	1	-7/+10
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	syzkaller as pool corruption panic. It is unclear which bug caused what, but it should be better now. - Check M_PKTHDR with assertion before accessing m_pkthdr. - Do not access oh_length without m_pullup(). - After checking if there is space at the end of the mbuf, don't overwrite the data at the beginning. Append the new content. - Do not set m_len and m_pkthdr.len when it is unclear whether the ofp_error header fits at all. Use m_makespace() to adjust the mbuf. Reported-by: syzbot+6efc0a9d5b700b54392e@syzkaller.appspotmail.com test akoshibe@; OK claudio@
*	Stop passing `sc' when it isn't needed and use `ifp' where it's good	mpi	2018-12-07	1	-3/+2
\| \| \| \| \| \|	enough. ok sthen@, visa@
*	Remove almost unused `flags' argument of suser().	mpi	2018-02-19	1	-4/+4
\| \| \| \| \| \| \|	The account flag `ASU' will no longer be set but that makes suser() mpsafe since it no longer mess with a per-process field. No objection from millert@, ok tedu@, bluhm@
*	Creating a cloned interface could return ENOMEM due to temporary	bluhm	2018-01-09	1	-3/+1
\| \| \| \| \| \|	memory shortage. As it is invoked from a system call, it should not fail and wait instead. OK visa@ mpi@
*	Remove duplicated code working around the fact that ifpromisc() required	mpi	2017-11-20	1	-28/+3
\| \| \| \| \| \|	a DOWN interface. ok visa@
*	Move IPv4 & IPv6 incoming/forwarding path, PIPEX ppp processing and	mpi	2017-05-31	1	-4/+2
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	IPv4 & IPv6 dispatch functions outside the KERNEL_LOCK(). We currently rely on the NET_LOCK() serializing access to most global data structures for that. IP input queues are no longer used in the forwarding case. They still exist as boundary between the network and transport layers because TCP/UDP & friends still need the KERNEL_LOCK(). Since we do not want to grab the NET_LOCK() for every packet, the softnet thread will do it once before processing a batch. That means the L2 processing path, which is currently running without lock, will now run with the NET_LOCK(). IPsec isn't ready to run without KERNEL_LOCK(), so the softnet thread will grab the KERNEL_LOCK() as soon as ``ipsec_in_use'' is set. Tested by Hrvoje Popovski. ok visa@, bluhm@, henning@
*	Make a kernel with switch(4) but without INET6 compile again.	bluhm	2017-05-12	1	-1/+7
\| \| \| \| \| \|	Sprinkle some #ifdef INET6 and do not use in6addr_any from the netinet6 code. test and OK rzalamena@
*	Clean-up switch(4) device by removing excess prototypes, verbose debugs	rzalamena	2017-01-17	1	-36/+3
\| \| \| \| \| \|	and unused functions. ok reyk@
*	Validate the OFP header to make sure it always have a sane size, also	rzalamena	2016-12-22	1	-1/+8
\| \| \| \| \| \| \|	make sure to not accept anything else outside of the header size boundaries. ok reyk@
*	Rename "flowmax" to "maxflow" and give each switch(4) ioctl a	reyk	2016-11-28	1	-2/+2
\| \| \| \| \| \|	dedicated number. Both changes for consistency. OK rzalamena@
*	Fix panic on detach hook when interfaces get destroyed.	rzalamena	2016-11-22	1	-2/+3
\| \| \| \|	ok reyk@
*	Extend the DLT_OPENFLOW header to include the switch datapath id.	reyk	2016-11-20	1	-4/+9
\| \| \| \|	OK rzalamena@
*	Add new DLT_OPENFLOW link-type to allow using tcpdump to debug switch(4),	reyk	2016-11-16	1	-3/+10
\| \| \| \| \| \| \| \|	eg. tcpdump -y openflow -i switch0 Includes a minor bump for libpcap. Feedback and OK rzalamena@
*	Add support for partial writes in switchwrite so we can use multiple	rzalamena	2016-11-10	1	-1/+30
\| \| \| \| \| \| \|	write() to write one packet. With this we also get support for writing multiple ofp packets with a single write. ok mikeb@
*	Remove unused function, the code is already inlined in action_output	rzalamena	2016-10-28	1	-22/+1
\| \| \| \| \| \|	function. ok reyk@
*	When doing pktout we must run the classifier again, because some action(s)	rzalamena	2016-10-28	1	-4/+1
\| \| \| \| \| \| \|	might want to use it. For buffered packets we probably need to save that somehow else, but we don't support it now. ok reyk@
*	Add missing if_put() in the switch(4) destroy path.	rzalamena	2016-10-08	1	-3/+4
\| \| \| \|	ok mikeb@
*	Use detach hook to notify switch(4) about interface removals instead of	rzalamena	2016-10-07	1	-12/+10
\| \| \| \| \| \|	adding code to if.c. ok mpi@
*	Rename brtag_src/brtag_dst to brtag_peer/brtag_local to avoid	reyk	2016-09-29	1	-8/+8
\| \| \| \| \| \|	confusion about the tunnel endpoints when responding to the peer. OK yasuoka@
*	Fix a kernel panic that happened when destroying interfaces attached to	rzalamena	2016-09-28	1	-8/+19
\| \| \| \| \| \|	the switch(4) without prior removal. ok reyk@, goda@
*	Fixed uninitialized variable in switch_process()	goda	2016-09-04	1	-2/+2
\|
*	Make per-packet allocated memory use pool in switch(4)	goda	2016-09-04	1	-3/+4
\| \| \| \|	ok yasuoka@ reyk@
*	Add support for a multipoint-to-multipoint mode in vxlan(4). In this	reyk	2016-09-03	1	-2/+39
\| \| \| \| \| \| \| \| \| \| \| \|	mode, vxlan(4) must be configured to accept any virtual network identifier with "vnetid any" and added to a bridge(4) or switch(4). This way the driver will dynamically learn the tunnel endpoints and their vnetids for the responses and can be used to dynamically bridge between VXLANs. It is also being used in combination with switch(4) and the OpenFlow tunnel classifiers. With input from yasuoka@ goda@ OK deraadt@ dlg@
*	Add switch(4) support to ifconfig	goda	2016-09-02	1	-3/+134
\| \| \| \|	ok deraadt@ yasuoka@ reyk@ henning@
*	Import switch(4), an in-kernel OpenFlow switch which can work alone.	goda	2016-09-01	1	-0/+1374
	switch(4) currently supports OpenFlow 1.3.5. Currently, it's disabled by the kernel config. With help from yasuoka@ reyk@ jsg@. ok deraadt@ yasuoka@ reyk@ henning@