summaryrefslogtreecommitdiffstats
path: root/sys/net (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Avoid use after free when purging states.mcbride2005-02-201-4/+9
| | | | ok henning@ dhartmei@ claudio@
* ifmedia_set() should not panic, nor can it really fail. So if there isbrad2005-02-201-3/+24
| | | | | | | some problem setting the media to the requested value (usually IFM_AUTO), we now force the media selection to IFM_NONE. From NetBSD
* rev 1.19brad2005-02-151-40/+24
| | | | | | | | | | | Avoid DoS attack by setting ifm->ifm_media to a high number and running the kernel out of memory. From NetBSD Fixes panic mentioned in PR 4088. ok krw@ mcbride@ dhartmei@
* Fix scoping error which could cause some states with an empty ifname to beaaron2005-02-151-2/+3
| | | | purged errneously. mpf@ ok
* Add new function if_link_state_change() to take care of sending messagesmcbride2005-02-072-2/+18
| | | | | | on the routing socket and notifying carp() of link changes. ok brad@ mpf@
* Add some more reason counters and use them instead of overloading thedhartmei2005-01-302-49/+125
| | | | | 'memory' one, which helps debugging. Alters the kernel/userland ABI, rebuild pfctl and tcpdump. ok henning@
* Use the packet's address family instead of the rule's when selecting adhartmei2005-01-201-2/+2
| | | | | | | | replacement address for an rdr rule. Some rdr rules have no address family (when the replacement is a table and no other criterion implies one AF). In this case, pf would fail to select a replacement address and drop the packet due to translation failure. Found by Gustavo A. Baratto. ok mcbride@, henning@, markus@
* sc->sc_sync_ifp = NULL if we fail to attach the multicast group.mcbride2005-01-201-1/+3
| | | | ok mpf@
* Use syncdev instead of syncif in ifconfig, and modify ioctl struct pfsyncreqmcbride2005-01-202-6/+6
| | | | | | | in kernel code to match. Brings pfsync in line with carp, vlan and pppoe devices. Old syncif and -syncif options still work, will be removed later. ok markus@
* Rewriting the lladdr can now be done without using mbuf tags.mpf2005-01-183-16/+13
| | | | | | | | | | Advertisements run through the carp interface first. So we just take the address from ifp0. While we're there, also remove carp_macmatch6, which isn't used anymore. Proposed by mcbride@ ok mcbride@, pascoe@
* If there is no match in ifaof_ifpforaddr() return the first match -- mainclaudio2005-01-181-4/+5
| | | | | | interface address -- and not the last one -- some alias. Also handle point to point networks a bit more special. With some input from markus@ OK markus@ henning@ fgsch@
* First step in Bluetooth protocol stack support.grange2005-01-144-4/+15
| | | | | | | | | | The code is adopted from the FreeBSD netgraph-based Bluetooth implementation by Maksim Yevmenkin <m_evmenkin@yahoo.com> but all netgraph glue was replaced with usual BSD network stack hooks. This is a work in progress. Only HCI layer works for now, L2CAP and RFCOMM are on the way. Help in testing from many, ok markus@.
* remove old ifgroups ioctlshenning2005-01-142-23/+2
| | | | | the old ifgroups haven't been in use ever really, and the new implementation is 3 months old today. theo ok (3 months ago)
* protect pfkeyv2_dump_walker with spltdb(). Noticed by mpech@, thanks!hshoexer2005-01-131-2/+6
| | | | ok ho@ markus@
* Unslack and increase AUTHNAMELEN, since some ISP's prefer long usernames.canacar2005-01-081-2/+2
| | | | Reported long time ago by Marc Huber and more recently by Steffen Schutz.
* Make carp(4) traffic always appear on the physical (carpdev) interfacemcbride2005-01-071-1/+7
| | | | | | from pf's perspective. ok pascoe@ dhartmei@ henning@
* add support for BIOCGDLTLIST and BIOCSDLT, see bpf(4)reyk2005-01-072-2/+96
| | | | ok canacar@, fgsch@, tested by some other people
* - Use defines from pfvar.h for timeoutsmcbride2005-01-051-24/+23
| | | | | | | - instead of erroring on an attempt to set hostid to 0, just set it with arc4random() ok henning@ dhartmei@
* Define defaults for the timeouts ensure consistency between kernelmcbride2005-01-051-1/+22
| | | | | | and userland. ok henning@ dhartmei@
* Disable timeout before destroying a pppoe interfacecanacar2005-01-011-1/+2
| | | | ok deraadt@, henning@, krw@
* Simplify hashtable (de)allocation by moving it into the clone functions.camield2004-12-232-83/+16
| | | | ok mickey@ henning@, "looks good" markus@ jason@
* Introduce 'set skip on <ifspec>' to support a list of interfaces where nodhartmei2004-12-224-4/+68
| | | | | | packet filtering should occur (like loopback, for instance). Code from Max Laier, with minor improvements based on feedback from deraadt@. ok mcbride@, henning@
* Enforce an ordering on ifnet such that CARP interfaces appear later in thepascoe2004-12-201-2/+19
| | | | | | | | | | | list than physical interfaces. This makes ifa_ifwith* prefer a physical interface over a CARP one. This addresses the problem where a CARP interface in BACKUP state is selected after a route change, resulting in a loss of communications despite there being another interface available which is perfectly usable. ok mcbride@ mpf@
* Make it possible for carp to work on fddi and token ring again.mcbride2004-12-194-14/+91
| | | | ok pascoe@ mpf@
* ICMP state entries use the ICMP ID as port for the unique state key. Whendhartmei2004-12-171-4/+4
| | | | | | | | checking for a usable key, construct the key in the same way. Otherwise, a colliding key might be missed or a state insertion might be refused even though it could be inserted. The second case triggers the endless loop fixed by 1.474, possibly allowing a NATed LAN client to lock up the kernel. Report and test data by Srebrenko Sehic.
* knf cleanup, convert old k&r-style functions to ansi-style for areyk2004-12-173-122/+70
| | | | | | consistent style in sys/net/bpf.c. ok henning@, "looks fine" canacar@
* Reorder code in the ethernet output path, and enhance unicast addresspascoe2004-12-172-12/+27
| | | | | | | matching in the bridge receive path to make CARP operate correctly on physical interfaces that are participating in a bridge. ok mcbride@ henning@ dlg@
* Clean up handling of sync_flags.mcbride2004-12-161-9/+12
| | | | ok pascoe@
* move the ioctls w/ all the other ifaces; mcbride@ okmickey2004-12-141-3/+1
|
* Initialise init_addr in pf_map_addr() in the PF_POOL_ROUNDROBIN,mcbride2004-12-141-1/+3
| | | | | | | | | prevents a possible endless loop in pf_get_sport() with 'static-port' Reported by adm at celeritystorm dot com in FreeBSD PR74930, debugging by dhartmei@ ok dhartmei@
* move splsoftnet() below ACCEPT_FLAGS(), which contains a potential return.dhartmei2004-12-131-2/+2
| | | | from Max Laier.
* Set creation timestamps correctly on states learnt by pfsync that arepascoe2004-12-131-2/+2
| | | | | | more than a second old. ok mcbride@ henning@
* SADB_X_EXT_LIFETIME_LASTUSE is always definedmarkus2004-12-111-5/+1
|
* pass out the correct lifetime type on expiremarkus2004-12-111-4/+3
|
* count SADB_REGISTER only once per socketmarkus2004-12-111-3/+5
|
* Handle errors in pf_route{,6} more gracefully.mpf2004-12-111-14/+33
| | | | | Proposed by mcbride. ok henning@, mcbride@
* Rename carp_output() to carp_fix_lladdr().mcbride2004-12-102-4/+4
|
* allow pf to filter on route labelshenning2004-12-103-5/+98
| | | | | | | pass in from route dtag keep state queue reallyslow tested by Gabriel Kihlman <gk@stacken.kth.se> and Michael Knudsen <e@molioner.dk> and ryan ok ryan
* fix ipsec crash from pr 4025, Stefan Miltchev; ok hshoexer@markus2004-12-101-2/+7
|
* Run address change notification hooks when the interface address is updated.naddy2004-12-101-2/+4
| | | | Notably, this fixes "(pppoe0)" in pf. ok markus@
* Remove shadow variable 'error'. From camield@mcbride2004-12-092-4/+2
|
* Call if_down() in if_clone_destroy(). Based on diff from Chris Pascoe.mcbride2004-12-081-1/+8
| | | | ok markus@
* Check if_type in carp_carpdev_state() to make sure we're notmcbride2004-12-081-3/+3
| | | | dealing with a carp interface.
* Convert carp(4) to behave more like a regular interface, much in the samemcbride2004-12-073-12/+42
| | | | | | | | style as vlan(4). carp interfaces no longer require the physical interface to be on the same subnet as the carp interface, or even that the physical interface has an adress at all, so CARP can now be used on /30 networks. ok deraadt@ henning@
* KNFmcbride2004-12-073-53/+61
|
* KNFmcbride2004-12-073-13/+14
|
* re-commit mcbride@'s 'flush global', this time without the breakage indhartmei2004-12-072-8/+14
| | | | pfvar.h. builds kernel and userland.
* tree does not compile, spotted by dlg (not obvious how to fix)deraadt2004-12-072-22/+15
| | | | | | | | | | ---- Change the default for 'overload <table> flush' to flush only states from the offending source created by the rule. 'flush global' flushes all states originating from the offending source. ABI change, requires kernel and pfctl to be in sync. ok deraadt@ henning@ dhartmei@
* Change the default for 'overload <table> flush' to flush only states from themcbride2004-12-072-15/+22
| | | | | | | | offending source created by the rule. 'flush global' flushes all states originating from the offending source. ABI change, requires kernel and pfctl to be in sync. ok deraadt@ henning@ dhartmei@
* support max-src-conn-rate with synproxy, ok mcbride@dhartmei2004-12-061-11/+13
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.