| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
In particular, use LIST_* to preserve O(n) removal in rti_delete().
While here, clean up two malloc(9) calls.
Suggested by mpi@.
ok visa@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
currently protected by the NET_LOCK().
They are not accessed in the hot path, so protecting them with a
mutex could be an option. However since we're now going to run
with a NET_LOCK() for some time, assert that it is held.
IPsec is not yet ready to run without KERNEL_LOCK(), so assert it
is held, even in the forwarding path.
Tested by sthen@, ok visa@, claudio@, bluhm@
|
| |
|
|
|
|
|
|
|
| |
The umb(4) driver provides support for USB MBIM devices.
Those devices establish connections via celluar networks such as
GPRS, UMTS, and LTE.
ok mpi@ sthen@
additional feedback from deraadt@ jmc@ stsp@ kettenis@
|
| |
|
|
|
|
| |
an interface joined a specific multicast group.
ok phessler@, visa@, dlg@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
route entry in ART.
rt_plen() now represents the prefix length of a route entry and should
be used instead.
For now use a "struct sockaddr_in6" to represent the mask when needed,
this should be then replaced by the prefix length and RTA_NETMASK only
used for compatibility with userland.
ok claudio@
|
| |
|
|
|
|
| |
Get rid of an if_ref()/if_put() dance.
ok dlg@
|
| |
|
|
| |
ok claudio@, mikeb@, bluhm@
|
| |
|
|
|
|
|
|
|
|
| |
Instead of always copying ifa_flags to the routing entry flags when
creating a route by calling rtinit(), explicitly pass the RTF_CLONING
flag when required. This means ifa_flags are now *only* used to check
if an address has an associated route that was created by the kernel
auto-magically.
ok benno@
|
| |
|
|
|
|
|
|
|
|
|
| |
(unplugged). Even if it makes no sense to keep them around if the
interface is no more, we cannot safely remove them since pcb multicast
options might keep a pointer to them.
Fixes a user after free introduced by the multicast address linking
rewrite and reported by Alexey Suslikov, thanks!
ok claudio@
|
| |
|
|
|
|
| |
in IFP_TO_IA().
ok bluhm@, henning@, mikeb@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of linking multicast records to the first configured address of
the corresponding protocol, making this address and its position in the
global list special, add them to a new list directly linked to the
interface descriptor.
This new multicast address list is similar to the address list, all its
elements contain a protocol agnostic part. This design allows us to
be able to join a multicast group without necessarily having a configured
address. That means IPv6 multicast kludges are no longer needed.
Another benefit is to be able to add and remove an IP address from an
interface without worrying about multicast records. That means that the
global IPv4 list is no longer needed since the first configured address
of an interface is no longer special.
This new list might also be extended in the future to contain the
link-layer addresses used to configure hardware filters.
Tested by sthen@ and weerd@, ok mikeb@
|
| |
|
|
| |
ok mikeb@, ports@, henning@
|
| |
|
|
|
| |
multicast macros and in_ifaddr) that reference ifnet in some way;
looked over by deraadt, ok mpi
|
| |
|
|
| |
ok henning@, sthen@, mikeb@, deraadt@
|
| |
|
|
|
|
| |
global variables to in.h.
ok mikeb@, deraadt@
|
| | |
|
| |
|
|
|
|
|
|
|
| |
interface descriptor throught the first configured address in the
global list, this will help reducing the size of future diffs.
No object change.
ok sthen@
|
| |
|
|
|
|
|
| |
created a bunch of useless dependencies. Remove this implicit
inclusion and do an explicit #include <netinet6/in6_var.h> when it
is needed.
OK mpi@ henning@
|
| |
|
|
|
|
|
|
|
|
| |
interface to not depend on the global list of addresses.
For IPv4 the IP_TO_IA() macro still depends on the global list of
addresses because we want to be sure to grab the first configured
address of an interface, where the records are linked.
Tested by sthen@, ok henning@
|
| |
|
|
| |
OK mpi@
|
| |
|
|
|
|
| |
unconditionally for SIOCSIFADDR.
ok bluhm@, henning@
|
| | |
|
| |
|
|
|
|
| |
a gruesome union, to block the compiler from placing the struct
incorrectly aligned on stack frames
ok guenther
|
| |
|
|
|
|
|
|
| |
"af-to" a generic IP version translator for pf(4).
Not everything perfect yet but lets fix these things in the tree.
Insane amount of work done by sperreault@, mikeb@ and reyk@.
Looked over by mcbride@ henning@ and myself at eurobsdcon.
OK mcbride@ and general put it in from deraadt@
|
| |
|
|
|
| |
is new or an already existing one. for existing ones, call ifa_del first
tested by many as part of a larger diff, ok claudio dlg krw sthen
|
| |
|
|
|
| |
subnet of the classful network. at least, not since 1992.
ok mpf dlg bob
|
| |
|
|
|
|
|
|
|
|
|
| |
that router vendor doesn't default to classful routing any more, and there
really is no point in having a classful netmask and a subnetmask to split
it. we still do classful guesses on the netmask if it isn't supplied by
userland, but that's about it.
i decided to keep ia_netmask and kill ia_subnetmask which makes this diff
bigish, the classful ia_netmask wasn't really used all that much. the real
changes are in in.c, the rest is mostly s/ia_subnetmask/ia_netmask.
ok claudio dlg ryan
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
tables on top of a rdomain) but until now our code was a crazy mix so that
it was impossible to correctly use rtables in that case. Additionally pf(4)
only knows about rtables and not about rdomains. This is especially bad when
tracking (possibly conflicting) states in various domains.
This diff fixes all or most of these issues. It adds a lookup function to
get the rdomain id based on a rtable id. Makes pf understand rdomains and
allows pf to move packets between rdomains (it is similar to NAT).
Because pf states now track the rdomain id as well it is necessary to modify
the pfsync wire format. So old and new systems will not sync up.
A lot of help by dlg@, tested by sthen@, jsg@ and probably more
OK dlg@, mpf@, deraadt@
|
| |
|
|
|
|
|
|
|
| |
alternate routing table and separate them from other interfaces in distinct
routing tables. The same network can now be used in any doamin at the same
time without causing conflicts.
This diff is mostly mechanical and adds the necessary rdomain checks accross
net and netinet. L2 and IPv4 are mostly covered still missing pf and IPv6.
input and tested by jsg@, phessler@ and reyk@. "put it in" deraadt@
|
| |
|
|
| |
ok deraadt@ otto@
|
| |
|
|
|
|
|
| |
because interfaces may disappear without notice causing use after free bugs.
Instead use the inm_ia->ia_ifp as a hint, struct in_ifaddr correctly tracks
removals of interfaces and invalidates ia_ifp in such cases.
looks good henning@ markus@
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
- Keep track of allhost multicast address record we joined into
each in_ifaddr and delete it when an address is purged.
- Don't simply try to delete a multicast address record listed in the
ia_multiaddrs. It results a dangling pointer. Let whoever holds a
reference to it to delete it.
mcbride@ markus@ ok
|
| | |
|
| |
|
|
| |
rescinded 22 July 1999. Proofed by myself and Theo.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support.
see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine
as well, but you'll need KAME userland tools to play with IPv6 (will be
bringed into soon).
|
| | |
|
| |
|
cheloha
mpi
gerhard
deraadt
mikeb
bluhm
tedu
claudio
henning
dlg
miod
pascoe
itojun
millert
angelos
niklas