| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
after discussions with beck deraadt kettenis.
|
| |
|
|
|
|
|
| |
require the caller to do so. lteo needs that for divert soon, and is in line
with tcp/udp and the general approach that the rest of the stack should not
need to do anything regarding the cksums but setting the "needs it" flag.
ok lteo
|
| |
|
|
|
|
| |
ever used to pass on uint32 (for ipsec). stop that madness and just pass
the uint32, 0 in all cases but the two that pass the ipsec flowinfo.
ok deraadt reyk guenther
|
| |
|
|
|
| |
nothing except in_proto_cksum_out() uses it any more, and that's a good
thing. was on tech for 3 months, discussed with many
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Avoid the confusion by using an appropriate name for the variable.
Note that since routing domain IDs are a subset of the set of routing
table IDs, the following idiom is correct:
rtableid = rdomain
But to get the routing domain ID corresponding to a given routing table
ID, you must call rtable_l2(9).
claudio@ likes it, ok mikeb@
|
| |
|
|
|
|
|
|
|
|
|
| |
localhost connections.
The plan is to always use the routing table for addresses and routes
resolutions, so there is no future for an option that wants to bypass
it. This option has never been implemented for IPv6 anyway, so let's
just remove the IPv4 bits that you weren't aware of.
Tested a least by lteo@, guenther@ and chrisz@, ok mikeb@, benno@
|
| |
|
|
| |
for localhost connections. discussed with deraadt@
|
| |
|
|
|
|
|
|
| |
use the routing table there's no future for an option that wants to
bypass it. This option has never been implemented for IPv6 anyway,
so let's just remove the IPv4 bits that you weren't aware of.
Tested by florian@, man pages inputs from jmc@, ok benno@
|
| |
|
|
|
|
|
|
|
|
| |
are are lie, since the software engine emulates hardware offloading
and that is later indistinguishable. so kill the hw cksummed counters.
introduce software checksummed packet counters instead.
tcp/udp handles ip & ipvshit, ip cksum covered, 6 has no ip layer cksum.
as before we still have a miscounting bug for inbound with pf on, to be
fixed in the next step.
found by, prodding & ok naddy
|
| |
|
|
| |
into consistent locations; ok henning@
|
| |
|
|
|
|
|
|
|
|
|
| |
(unplugged). Even if it makes no sense to keep them around if the
interface is no more, we cannot safely remove them since pcb multicast
options might keep a pointer to them.
Fixes a user after free introduced by the multicast address linking
rewrite and reported by Alexey Suslikov, thanks!
ok claudio@
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
instead of variable arguments.
Allows stricter type checking by the compiler at call sites and also
saves a bit of code size on some platforms (e.g., ~200 bytes on
amd64).
ok mikeb
|
| | |
|
| |
|
|
| |
ok mikeb@, ports@, henning@
|
| |
|
|
|
|
|
|
|
|
|
| |
always in the first mbuf of an mbuf chain.
Thanks to henning@ and bluhm@ for their work on checksums at b2k13,
which allowed this fix to be very straightforward compared to earlier
versions.
help/feedback bluhm@ henning@
OK henning@ naddy@
|
| |
|
|
|
|
| |
cksum needs to be 0'd before, pf does that now (just like in the tcp/udp
case) and nothing else uses the icmp "offloading" yet.
with & ok bluhm
|
| |
|
|
|
|
|
|
|
|
| |
already there, just compute it - it's dirt cheap. since that happens
very late in ip_output, the rest of the stack doesn't have to care about
checksums at all any more, if something needs to be checksummed, just
set the flag on the pkthdr mbuf to indicate so.
stop pre-computing the pseudo header checksum and incrementally updating it
in the tcp and udp stacks.
ok lteo florian
|
| |
|
|
|
|
|
|
|
| |
interface descriptor throught the first configured address in the
global list, this will help reducing the size of future diffs.
No object change.
ok sthen@
|
| |
|
|
|
|
| |
to pass the destination address of the route to clone.
ok markus@, mikeb@
|
| |
|
|
|
|
| |
change.
ok mikeb@, henning@
|
| |
|
|
|
|
|
|
| |
of the IPL_NET. pf_test should be no longer called under IPL_NET as
well. The problem became evident after the related issue was brought
up by David Hill <dhill at mindcry ! org>.
With input from and OK mpi. Tested by David and me.
|
| |
|
|
| |
ok bluhm@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
under some circumstances repair broken checksums on the way.
ok ryan naddy mikeb
.
redo most of the protocol (tcp/udp/...) checksum handling
-assume we have hardware checksum offloading. stop mucking with the
checksum in most of the stack
-stop checksum mucking in pf, just set a "needs checksumming" flag if needed
-in all output pathes, very late, if we figure out the outbound interface
doesn't have hw cksum offloading, do the cksum in software. this especially
makes the bridge path behave like a regular output path
-little special casing for bridge still required until the broadcast path
loses its disgusting shortcut hacks, but at least it's in one place now
and not all over the stack
in6_proto_cksum_out mostly written by krw@
started at k2k11 in iceland more than 1.5 years ago - yes it took that
long, this stuff is everything but easy.
this happens to fix the infamous pf rdr bug that made us turn off proto
cksum offloading on almost all interface drivers.
|
| |
|
|
| |
ok otto
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
clunky m_data/m_len dance needed by in_cksum().
Tested on amd64, hppa, i386, loongson, macppc, sgi, and sparc64.
Thanks to blambert@, bluhm@, and henning@ for help and feedback;
abieber@ for testing this diff independently on macppc; krw@ for access
to his hppa, sgi, and sparc64 test systems at t2k13; nick@ for helping
me figure out Ken's hppa so that I can test this diff. :)
ok blambert bluhm henning mikeb
|
| |
|
|
|
| |
ok mikeb@, haesbaert@
jajaja miod@
|
| |
|
|
|
|
|
| |
sysctl declarations, move variables and functions used in only
one place in their corresponding file. No functional change.
No objection from markus@, ok mikeb@
|
| |
|
|
|
|
|
| |
move them to the corresponding header with an appropriate comment if
necessary.
ok guenther@
|
| |
|
|
| |
ok mikeb@, markus@
|
| | |
|
| |
|
|
|
| |
inside the NPF block. Fixes checksum issues seen on ramdisk kernels.
Initial diff by naddy@, tested and OK by many
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
-assume we have hardware checksum offloading. stop mucking with the
checksum in most of the stack
-stop checksum mucking in pf, just set a "needs checksumming" flag if needed
-in all output pathes, very late, if we figure out the outbound interface
doesn't have hw cksum offloading, do the cksum in software. this especially
makes the bridge path behave like a regular output path
-little special casing for bridge still required until the broadcast path
loses its disgusting shortcut hacks, but at least it's in one place now
and not all over the stack
in6_proto_cksum_out mostly written by krw@
started at k2k11 in iceland more than 1.5 years ago - yes it took that
long, this stuff is everything but easy.
this happens to fix the infamous pf rdr bug that made us turn off proto
cksum offloading on almost all interface drivers.
ok camield sthen claudio, testing by many, thanks!
|
| |
|
|
|
|
|
|
|
|
| |
of to the bridge itself. This is ok, since an interface can only be part
of one bridge, and the parent bridge is easy to find from the bridgeport.
This way we can get rid of a lot of list walks, improving performance
and shortening the code.
ok henning stsp sthen reyk
|
| |
|
|
|
|
|
|
| |
with the latter
no change in md5 checksum of generated files
ok claudio@ henning@
|
| |
|
|
|
|
|
| |
can use this to select the IPsec tunnel for sending L2TP packets.
this fixes Windows (always binding to 1701) and Android clients
(negotiating wildcard flows); feedback mpf@ and yasuoka@;
ok henning@ and yasuoka@; ok jmc@ for the manpage
|
| | |
|
| |
|
|
|
| |
While there change IP_RTABLE to SO_RTABLE. IP_RTABLE will die soon.
With and OK guenther@
|
| |
|
|
|
| |
don't have a MTU to announce in the icmp need fragment packet.
this fixes PMTU-discovery for TCP over IPsec; ok mpf@, fries@
|
| |
|
|
| |
no objection from mcbride@ krw@ markus@ deraadt@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
already done for UDP/TCP/ICMP. This fixes a problem where checksumming
would not be computed if you have a bridge with at least one interface
with hardware checksumming and another without.
Discussed with sthen@ and henning@, this is somewhat a temporary fix,
we should not have these special bridge cases in ip_output, as Henning
said, the bridge must behave. But for that to work we need to poke the
bridge harder, this problem has been seen by at least two users at:
http://marc.info/?l=openbsd-misc&m=132391433319512&w=2
http://marc.info/?l=openbsd-misc&m=132234363030132&w=2
I promised to work on a better diff :-).
ok henning@ sthen@ mikeb@
|
| |
|
|
| |
ok claudio@ henning@ mikeb@
|
| |
|
|
|
|
| |
The functions were 95% identical anyway. While there use struct pf_addr
in struct pf_divert instead of some union which is the same.
OK bluhm@ mcbride@ and most probably henning@ as well
|
| |
|
|
|
|
|
|
| |
level that allows one to retrieve the original routing domain
of UDP datagrams diverted by the pf via "divert-to" with a
recvmsg(2).
ok claudio
|
| |
|
|
|
|
|
|
| |
this is not allowed according to Stevens and RFCs 5735 and 1122.
Suggestion to use ENETUNREACH from claudio.
OK phessler@, claudio@
|
| |
|
|
| |
discussed with and ok claudio
|
| |
|
|
|
|
| |
This fixes the problem of binding sockets to broadcast IPs in other
rdomains.
OK henning@
|
| |
|
|
| |
ok dlg fondue-kinda-ok claudio
|
| |
|
|
| |
ok claudio krw
|
| |
|
|
|
| |
we don't need 7 f***ing copies of the same code to do the protocol checksums
(or not, depending on hw capabilities). claudio ok
|
tedu
henning
mpi
sthen
naddy
matthew
mikeb
lteo
sf
deraadt
claudio
camield
blambert
markus
dlg
haesbaert
weerd