| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
ok bluhm@
|
| |
|
|
| |
ok semarie@, visa@
|
| |
|
|
|
|
|
|
| |
This redefines the ifp <-> bridge relationship. No lock can be
currently used across the multiples contexts where the bridge has
tentacles to protect a pointer, use an interface index.
Tested by various, ok dlg@, visa@
|
| |
|
|
|
|
| |
the mbuf to the next word length as it is required by the standard. Also use
the correct offset from the input mbuf.
OK visa@, input & OK bluhm@
|
| | |
|
| |
|
|
|
| |
of fiddling with the user supplied mbuf and then copy it at the end.
OK visa@
|
| |
|
|
|
|
| |
a lot easier to read. The if can simply return the error and so the else
branch is no longer needed.
Input and OK dhill@
|
| |
|
|
|
|
|
|
| |
passed to ip_pcbopts could be a cluster and so the size check is all wrong.
found by Greg Steuck; OK bluhm@
Reported-by: syzbot+c2543ae6b6692a5843e3@syzkaller.appspotmail.com
eVS: ----------------------------------------------------------------------
|
| |
|
|
|
|
| |
userland.
Inputs from markus@, ok sthen@
|
| |
|
|
|
|
|
|
| |
dropped packets in the output path.
While here fix a memory leak when compression is not needed w/ IPcomp.
ok markus@
|
| |
|
|
|
|
| |
IPv4 we do the same and there are races that triggers it. Increment
the statistics counter for both.
from markus@; OK mpi@
|
| |
|
|
|
|
|
| |
The account flag `ASU' will no longer be set but that makes suser()
mpsafe since it no longer mess with a per-process field.
No objection from millert@, ok tedu@, bluhm@
|
| |
|
|
|
|
|
| |
forwarding. It should never match and would cause MP locking
problems. While there remove an useless ifp parameter from
ip_output_ipsec_send().
from markus@; OK visa@ sashan@
|
| |
|
|
|
|
|
|
|
| |
is set.
Accesses to IPsec global data structure are now serialized by the
NET_LOCK().
Tested by many, ok visa@, bluhm@
|
| |
|
|
|
|
|
| |
setting IP options.
Issue reported by Kapetanakis Giannis
OK mpi@
|
| |
|
|
|
|
| |
all the callers to call m_freem(9).
Support from deraadt@ and tedu@, ok visa@, bluhm@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
currently protected by the NET_LOCK().
They are not accessed in the hot path, so protecting them with a
mutex could be an option. However since we're now going to run
with a NET_LOCK() for some time, assert that it is held.
IPsec is not yet ready to run without KERNEL_LOCK(), so assert it
is held, even in the forwarding path.
Tested by sthen@, ok visa@, claudio@, bluhm@
|
| |
|
|
|
| |
No binary change.
OK mpi@
|
| |
|
|
|
|
|
|
|
| |
constants.
The consensus is that if both operands are constant, we don't need
mallocarray. Reminded by tedu@
ok deraadt@
|
| |
|
|
| |
ok deraadt@
|
| |
|
|
| |
ok mpi@ bluhm@
|
| |
|
|
|
|
|
|
| |
the netlock held. This also changes the prototypes of the *ctloutput
functions to take an mbuf instead of an mbuf pointer.
help, guidance from bluhm@ and mpi@
ok bluhm@
|
| |
|
|
| |
ok bluhm@, kettenis@
|
| |
|
|
|
|
|
| |
domains. This is one step towards supporting to run more than one multicast
socket in different domains at the same time.
ok mpi@
|
| |
|
|
|
|
|
|
|
|
|
| |
of the network stack that are not yet ready to be executed in parallel or
where new sleeping points are not possible.
This first pass replace all the entry points leading to ip_output(). This
is done to not introduce new sleeping points when trying to acquire ART's
write lock, needed when a new L2 entry is created via the RT_RESOLVE.
Inputs from and ok bluhm@, ok dlg@
|
| |
|
|
|
|
| |
blocks have been merged in r1.292.
ok claudio@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
each counter is identified by an enum value which correspond to the
original members of the udpstat struct.
udpstat_inc(udps_foo) replaces udpstat.udps_foo++ for the actual
updates. udpstat_inc is a thin wrapper around counters_inc.
counters are still returned to userland via the udpstat struct for
now.
ok mpi@ mikeb@ deraadt@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In order to stop abusing lo0 for all rdomains, a new loopback interface
will be created every time a rdomain is created. The unit number will
be the same as the rdomain, i.e. lo1 will be attached to rdomain 1.
If this loopback interface is already in use it wont be possible to create
the corresponding rdomain.
In order to know which lo(4) interface is attached to a rdomain, its index
is stored in the rtable/rdomain map.
This is a long overdue since the introduction of rtable/rdomain. It also
fixes a recent regression due to resetting the rdomain of an incoming
packet reported by semarie@, Andreas Bartelt and Nils Frohberg.
ok claudio@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
each counter is identified by an enum value which correspond to the
original members of the ipstat struct.
ipstat_inc(ips_foo) replaces ipstat.ips_foo++ for the actual updates.
ipstat_inc is a thin wrapper around counters_inc.
counters are still returned to userland via the ipstat struct for now.
ok mpi@ mikeb@
|
| |
|
|
|
|
|
|
|
|
|
| |
A race can happen if a task, like the watchog, sleeps too long keeping
an ifp reference while the interface is detached. In this case a TCP
timer will try to send packets with a cached route. Since the ifp is
being detached if_get(9) returns NULL.
Found the hardway by awolk@.
ok bluhm@
|
| |
|
|
| |
ok mpi@ visa@
|
| |
|
|
|
|
|
|
| |
IP_TTL can be reset by passing -1, IP_MINTTL can be reset by passing 0.
This is consistent with what Linux does and
IPV6_UNICAST_HOPS/IPV6_MINHOPCOUNT.
ok bluhm@
|
| |
|
|
|
|
|
|
|
|
|
| |
instead of EHOSTUNREACH. On the latter, ip_forward can generate undesired
icmp errors - either pf generates those itself (block return), or there
shouldn't be any.
Bizarrely enough, ip_forward has EACCES handling with a comment specifically
pointing to packets blocked by pf, but the code in ip_output used EHOSTUNREACH
from day #1 on.
found & analyzed by Kristof Provost <kp at FreeBSD>, discussed at BSDcan
ok mpi millert
|
| |
|
|
|
|
| |
packet.
ok visa@, stsp@, sthen@
|
| |
|
|
| |
Ok phessler@, henning@
|
| |
|
|
|
|
|
|
|
| |
is not intended and will behave unexpectedly if the address is
already used in another domain. It did not work anyway, as the PCB
ended in the wrong hash bucket after changing the rtable. Fail
with EBUSY if the socket is already bound and rehash the PCB if its
rtable changes.
input claudio@; OK mpi@
|
| | |
|
| |
|
|
|
|
| |
work in the forwarding path.
Tested by Hrvoje Popovski, ok dlg@
|
| |
|
|
|
|
|
|
| |
This removes the only use of ETOOMANYREFS in our code, making intro(2)
match reality. No software out there explicitely checks for ETOOMANYREFS
in multicast code.
Discussed with millert@ and mpi@ (who suggested using ENOBUFS)
|
| |
|
|
|
|
| |
an interface joined a specific multicast group.
ok phessler@, visa@, dlg@
|
| |
|
|
| |
ok mikeb@, bluhm@
|
| |
|
|
| |
ok henning
|
| |
|
|
|
|
| |
(follow up on my earlier commit)
OK bluhm@
|
| | |
|
| |
|
|
|
|
| |
required.
ok bluhm@ mpi@.
|
| | |
|
| |
|
|
|
|
| |
for failed route lookups. This is something that was maybe useful in the
90is but in this modern times it is just annoying and nothing expect it
anyway. OK mpi@, sthen@
|
| | |
|
| |
|
|
|
|
| |
This simplifies the if_get()/if_put() dance.
Tested by jasper@
|
| |
|
|
|
|
| |
ip_output().
Note that ipmforwarding is not enabled by default.
|
tobhe
mpi
claudio
bluhm
visa
dhill
jca
rzalamena
dlg
henning
vgross
tedu
sashan
markus
mmcc