summaryrefslogtreecommitdiffstats
path: root/sys/net (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* use IF_IS_EMPTY istead of mucking if ifqueue internalshenning2011-07-061-2/+2
|
* second trial: stop messing with ifq internals, this time use IF_IS_EMPTYhenning2011-07-061-2/+2
| | | | | | and not IFQ_IS_EMPTY, the former doesn't get overloaded with altq-specific stuffz. original oks from claudio and ryan and bluhm, i take the liberty to assume the oks for this fixed version
* cosnistently use IFQ_SET_MAXLEN, surfaced in a discussion with + ok bluhmhenning2011-07-068-21/+20
|
* Explicitly reserve space for special ICMP6 headers in pf_hdrs, likebluhm2011-07-051-1/+3
| | | | | it was done for pf_headers in pf.c. ok mcbride@ henning@
* Instead of passing the ip header and mbuf to pf_reassemble(), lookupbluhm2011-07-051-10/+10
| | | | | the header address in the mbuf. ok henning@
* Revert henning's commit-n-run that broke the treeguenther2011-07-052-5/+14
|
* IFQ_IS_EMPTY instead of fiddling with ifqueue internalshenning2011-07-051-2/+2
| | | | | | isn't it awesome that 5 out of 6 cases of this crap were in the various ppp implementations? ok claudio ryan the 6th to be fixed when we return from MEC
* 2 cases of IFQ_IS_EMPTY instead of mucking with ifqueue internalshenning2011-07-051-12/+3
| | | | | make sppp_flush use IFQ_PURGE instead of handrolling the same making assumptions about ifqueue internals. ok ryan claudio
* ifqueues in BSS don't need NULL init, especially not absolutely incorrecthenning2011-07-051-3/+3
| | | | ones that make assumptions about ifqueue internals... ok ryan claudio
* use IFQ_IS_EMPTY instead of fiddling with ifqueue internals - 3 caseshenning2011-07-051-3/+4
| | | | | why bother with APIs when you can muck with internals directly, it's obvious there'll NEVER be changes, right. ok claudio ryan
* add missing ifdefs for INET6; diff from form, ok henning, bluhm, claudiomikeb2011-07-052-2/+14
|
* now of course I only noticed if_qflush is completely unused afterhenning2011-07-052-21/+2
| | | | adjusting it to the new world order in my tree... remove it, ok ryan claudio
* Say no to hand-rolled m_adj(). It also kills three XXX.claudio2011-07-041-4/+2
| | | | OK dlg@ henning@
* remove compat_svr4 support. ok deraadttedu2011-07-041-4/+4
|
* use mtod.dhill2011-07-043-6/+6
| | | | | | no change in binary "Sure" claudio@
* make sure RTM_IFINFO is sent when lo(4) handles SIOCSIFADDR; without thissthen2011-07-041-3/+7
| | | | | ospfd doesn't notice an interface added at runtime unless you ifconfig down+up. ok phessler@ claudio@
* Rename the pf_pdesc field rh_cnt to badopts as it is also used forbluhm2011-07-042-7/+7
| | | | | IPv4 options now. ok mcbride@ henning@
* IPv4 packets with IP options get dropped and no state is created.bluhm2011-07-041-11/+7
| | | | | | IPv6 packets with routing headers get also dropped. Use the same fix for them to avoid that a state is created. ok claudio@
* Bye bye pf_test6(). Only one pf_test function for both IPv4 and v6.claudio2011-07-043-303/+62
| | | | | | The functions were 95% identical anyway. While there use struct pf_addr in struct pf_divert instead of some union which is the same. OK bluhm@ mcbride@ and most probably henning@ as well
* LINK_STATE cleanup. It is no longer needed to special case carp(4).claudio2011-07-042-9/+6
| | | | | LINK_STATE_IS_UP() does the trick now for all cases. OK henning@ deraadt@
* there's no way we can use just a single workq task here. one task for all packets?tedu2011-07-042-4/+4
|
* bring in least-states load balancing algorithmzinke2011-07-034-44/+372
| | | | ok mcbride@ henning@
* In pf_setup_pdesc() the code for analysing TCP and UDP headers wasbluhm2011-07-031-95/+60
| | | | | | the same for v4 and v6. Deduplicate by moving the protocol switch after the address family switch. ok henning@ claudio@
* IFQ_CLASSIFY is also just schrapnelhenning2011-07-031-14/+1
|
* no traces of ALTQ_DECL to be found anywhere, thus kill the #defineshenning2011-07-031-3/+1
|
* reduce kernel compile time dramaticallyhenning2011-07-031-3/+3
| | | | | (you don't need to fix this file for it to compile. oups. forgotten in the last commit)
* garbage collect unused parameter to PFLOG_PACKEThenning2011-07-031-18/+13
| | | | | | i found this somewhere in my forest, I don't really remember writing it, the context indicates I did this in iceland... getting this is to make a 1000+ lines diff less painful (how do I always end up with those)
* Refactor the fragment handling in pf_setup_pdesc() so that AF_INETclaudio2011-07-032-40/+39
| | | | | | and AF_INET6 are doing the fragment handling the same way. Makes code more readable. With and OK bluhm@
* LINK_STATE_IS_UP() should consider LINK_STATE_UNKNOWN as an up state.claudio2011-07-031-2/+3
| | | | | | This is now possible because carp no longer uses LINK_STATE_UNKNOWN for a state that is considered down. This will simplify a lot of code. OK mpf@ mcbride@ henning@
* kqueue attach functions should return an errno or 0, not a plain 1. Fixnicm2011-07-023-6/+6
| | | | | | the obvious cases to return EINVAL and ENXIO. ok tedu deraadt
* The pf_headers union may also contain a mld_hdr or nd_neighbor_solicitbluhm2011-07-011-1/+3
| | | | | | struct. List those types explicitly to make sure that the union contains enough memory. Before we were just lucky. ok henning@
* always set sppp auth secret, as other code assumes it.tedu2011-06-291-5/+7
| | | | confirmed to fix paul stoeber's crash. ok deraadt sthen
* Set pd->af very early in pf_setup_pdesc() since the AF is used inclaudio2011-06-231-3/+2
| | | | | the pflog code and not setting it will cause a panic in pf_setup_pdesc(). Fixes dhill's crashes with funky v6 packets. OK bluhm@
* There is no need to handle fragmented TCP reset packets in a specialbluhm2011-06-213-17/+10
| | | | | way. Remove PFDESC_IP_REAS and pf_pdesc flags completely. ok claudio@ henning@
* More cleanup in pf_test/pf_test6 this time mostly the fragmentclaudio2011-06-204-109/+117
| | | | | handling. More to come to make the two codepathes a bit more identical. tested by many (esp. krw@ and sthen@) input and OK bluhm@
* pass the correct size to memsetjsg2011-06-181-2/+2
| | | | spotted by clang, ok matthew@
* KNF (no change in .o files)mcbride2011-06-142-16/+23
|
* When checking to see if a rule is referenced by any source-tracking nodes,sthen2011-06-021-2/+2
| | | | | actually check how many src nodes reference it, rather than checking the max_src_nodes for the rule which makes no sense. From Martin Pelikan.
* Don't destroy a non-persistent table if referenced by src_nodes. Fixessthen2011-06-021-2/+2
| | | | | | a crash if max-src-* options are triggered both before and after a ruleset reload, when the rules are overloading to a non-persistent table. Discovered by and fix from Martin Pelikan.
* Don't do last minute changes to diffs. Revert the argument change toclaudio2011-05-251-5/+5
| | | | | | pf_scrub in the rule (no-state) case. Since the action (a) may be NULL for e.g. the implicit pass rule. Should fix the panics seen by other people.
* Merge pf_scrub_ip() and pf_scrub_ip6() into a single function. Callclaudio2011-05-243-27/+36
| | | | | | | pf_scrub with the right arugments in the rule case so that match rules will work as expected. As a benefit allow setting the tos on IPv6 packets as well. OK henning@
* Do not pass AF specific information to pf_test_rule() and PFLOG_PACKET()claudio2011-05-224-44/+52
| | | | | | | because either the info is already available in struct pd or easy to figure out. Makes pf_test() and pf_test6() even more similar (with the target to remove one of them in the near future). OK henning@
* Change 'set skip on <...>' to work with interface groups.sthen2011-05-201-6/+9
| | | | | | | | | | | | | | | | | | | | Feedback from various people, ok henning@ Previously if an interface type (without number), e.g. "set skip on vlan" or "set skip on em" was used, it would have the undocumented behaviour of matching any interface of that type. Now it will only match an interface which is a member of the named group. This results in some changed behaviour: If you currently use "set skip" with a physical interface type (e.g. "set skip on ix") you will need to add the interface to a group of that name: 'ifconfig ix0 group ix' or add 'group ix' to hostname.ix0. Interfaces cloned at runtime (e.g. lo, trunk, vlan, pppoe, carp, gif, mpe and others) default to being in a group named after the interface type, so for these interfaces there will be no change in behaviour unless you have deliberately changed groups, e.g. 'ifconfig carp456 -group carp'.
* exclude link local address from the dynamic interface address poolmikeb2011-05-173-8/+23
| | | | | | so that rules like "pass out on vr1 inet6 nat-to (vr1)" won't map to the non routable ipv6 link local address; with suggestions and ok claudio, henning
* bring back r1.189, but keep doing the ip csum unconditionally for now untilhenning2011-05-161-53/+34
| | | | the broadcast shortcut codepath is fixed. ok claudio
* Revert the pf->socket linking diff.oga2011-05-131-25/+2
| | | | | | | | | | | | | | | | | | | | | | | | | at least krw@, pirofti@ and todd@ have been seeing panics (todd and krw with xxxterm not sure about pirofti) involving pool corruption while using this commit. krw and todd confirm that this backout fixes the problem. ok blambert@ krw@, todd@ henning@ and kettenis@ Double link between pf states and sockets. Henning has already implemented half of it. The additional part is: - The pf state lookup for outgoing packets is optimized by using mbuf->inp->state. - For incomming tcp, udp, raw, raw6 packets the socket lookup always is optimized by using mbuf->state->inp. - All protocols establish the link for incomming packets. - All protocols set the inp in the mbuf for outgoing packets. This allows the linkage beginning with the first packet for outgoing connections. - In case of divert states, delete the state when the socket closes. Otherwise new connections could match on old states instead of being diverted to the listen socket. ok henning@
* when undeferring a packet, try to timeout_del first to check if youdlg2011-05-101-7/+14
| | | | | | | | | | | | | | actually removed it from the timeout wheel before releasing it. if timeout_del returns 0 then you know the timeout is about to run or is already running, meaning it will free itself so you dont have to. this handling is only done for the undefer paths at SOFTNET since it is higher than SOFTCLOCK which timeouts run from. it is possible for a timeout to start running at softclock and get interrupted by softnet. the undefer in process context blocks both these interrupts while it undefers, so it is impossible for the timeout to run and cause the list to be in this inconsistent state.
* Collapse m_pullup and m_pullup2 into a single function, as they'reblambert2011-05-041-2/+2
| | | | | | | | essentially identical; the only difference being that m_pullup2 is capable of handling mbuf clusters, but called m_pullup for shorter lengths (!). testing dlg@ ok claudio@
* Why precompute the route for the gre tunnel when ip_output can doclaudio2011-04-291-50/+5
| | | | | | | | that for you without the nasty side-effects of the precomputation? Fixes strange problems seen on directly connected tunnels and probably behaves a lot better. This still caches to route for subsequent packets. Testing and OK phessler
* Double link between pf states and sockets. Henning has alreadybluhm2011-04-241-2/+25
| | | | | | | | | | | | | | | | implemented half of it. The additional part is: - The pf state lookup for outgoing packets is optimized by using mbuf->inp->state. - For incomming tcp, udp, raw, raw6 packets the socket lookup always is optimized by using mbuf->state->inp. - All protocols establish the link for incomming packets. - All protocols set the inp in the mbuf for outgoing packets. This allows the linkage beginning with the first packet for outgoing connections. - In case of divert states, delete the state when the socket closes. Otherwise new connections could match on old states instead of being diverted to the listen socket. ok henning@
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.