| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
ok gnezdo@ semarie@ mpi@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
code is copied from IPv4 and adapted. Some things are changed in
v4 to make it look similar.
- ip6_forward increases the noroute error counter, do that in
ip_forward, too.
- Pass more specific sockaddr_in6 to icmp6_mtudisc_clone().
- IPv6 may also use reject routes for IPsec PMTU clones.
- To pass a route_in6 to ip6_output_ipsec_send() introduce one in
ip6_forward(). That is the same what IPv4 does. Note
that dst and sin6 switch roles.
- Copy comments from ip_output_ipsec_send() to ip6_output_ipsec_send()
to make code similar.
- Implement dynamic IPv6 IPsec PMTU routes.
OK tobhe@
|
| |
|
|
|
|
|
| |
could use mbuf memory after freeing it. If m_pullup() allocates a
new mbuf, the caller uses the old pointer.
found and reported by Maxime Villard, thanks
OK claudio@ markus@ denis@
|
| |
|
|
| |
The best-guessed limits will be tested by trial.
|
| |
|
|
|
|
|
| |
Range violations are now consistently reported as EOPNOTSUPP.
Previously they were mixed with ENOPROTOOPT.
OK kn@
|
| |
|
|
| |
ok benno@ mortimer@
|
| |
|
|
| |
input & OK mpi@
|
| |
|
|
|
|
|
|
| |
interface address of the route as source address. To avoid using
link-local addresses in ICMP6 packets sent into networks where they
are out of scope, use the regular IPv6 source selection algorithm
also in this icmp6_reflect() case.
reported by sthen@; fix from Arnaud BRAND; OK claudio@
|
| |
|
|
|
|
| |
m_leadingspace() and m_trailingspace(). Convert all callers to call
directly the functions and remove the defines.
OK krw@, mpi@
|
| | |
|
| |
|
|
|
|
|
| |
these changes to the routing table have not been visible whereas the
RTM_DELETE of those routes have been. Remove this inconsistency.
Input and OK mpi@
OK henning@
|
| |
|
|
|
| |
in_pcb.h header file.
OK mpi@ visa@
|
| |
|
|
|
|
|
|
| |
It does not make sense to call if_get() again, just pass ifp as
parameter. Move the IFT_CARP check into the function instead of
doing it everywhere. Replace the inverted match variable logic
with simple returns.
OK mpi@ friehm@
|
| |
|
|
| |
OK deraadt@ florian@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
state as diverted. This is necessary for IP input to accept the
packet as ours. But it must not be used to match the ICMP packet
to a raw socket. Clear the PF_TAG_DIVERTED mbuf pf flag for the
special ICMP and ICMP6 packets in icmp_input_if() and icmp6_input().
The m_tag_delete_chain() caused an inconsistent PF_TAG_DIVERTED
mbuf pf flag and PACKET_TAG_PF_DIVERT mbuf tag which triggered an
assert in rip_input(). Deleting all mbuf tags can have undesired
side effects and is not necessary anymore since icmp_reflect() calls
m_resethdr(). Do not touch the mbuf tags and adjust the mbuf pf
flags for the correct behavior of rip_input() and rip6_input().
reported by Chris Eidem, James Turner, vicviq, Scott Vanderbilt
OK mpi@
|
| |
|
|
|
|
|
|
| |
for the Source Link-layer Address Options.
Merge nd6_rs_input() and nd6_ra_input() into one generic function that
does just that.
input & OK mpi
|
| |
|
|
|
|
|
|
|
|
| |
off the mbuf properties with m_resethdr(). It is a new packet,
especially M_LOOP indicating that it was running through lo(4)
should be cleared. Use the ph_loopcnt to prevent looping at the
upper end of the stack. Although not strictly necessary in icmp
reflect, it is a good idea to increase and check the counter here,
like in socket splicing.
OK mpi@ sashan@
|
| |
|
|
|
|
|
| |
from icmp6_reflect() to ip6_send_dispatch() when ip6_send() was
introduced. Move the comment that explains this flag also to the
place where it is used.
from sashan@
|
| |
|
|
|
|
| |
Exposes per-CPU counters to real parrallelism.
ok visa@, bluhm@, jca@
|
| |
|
|
|
|
| |
all the callers to call m_freem(9).
Support from deraadt@ and tedu@, ok visa@, bluhm@
|
| |
|
|
|
|
|
|
| |
retransmit timeout. Do not run path MTU discovery on local routes
as we never want that on loopback. For permanent ARP or ND entries
disable path MTU discovery as they use the same rt_expire field.
This prevents that permanent routes and entries disappear.
bug analysis friehm@; OK mpi@
|
| |
|
|
|
| |
over 10 years ago by RFC 4443. We are probably not going back.
OK deraadt, jca
|
| |
|
|
|
|
|
| |
With this we can also get rid of in6_prefix and in6_defrouter. They
are meaningless, the kernel no longer tracks this information.
Pointed out by & OK mpi
|
| |
|
|
|
|
|
|
| |
::1 as source address. It should be the link-local address of the
attached interface. The rtalloc() in icmp6_reflect() did not find
the correct local address. The IPv6 routing table does not use
sin6_scope_id, but the embedded scope. So do not recover the scope.
bug report Harald Dunkel; OK mpi@
|
| |
|
|
|
|
|
| |
ether_input(). Now we use mbuf tags instead of modifying the MAC
address.
ok mpi@
|
| |
|
|
|
|
| |
clang.
with tweak from and ok bluhm@
|
| |
|
|
|
|
| |
M_LOOP flag dance in ip6_output().
ok bluhm@, mpi@
|
| |
|
|
|
|
|
| |
change the pointer. Then *mp keeps the invalid pointer and it might
be used. Fix the potential use after free and also reset *mp in
other places to have less dangling pointers to freed mbufs.
OK mpi@ mikeb@
|
| |
|
|
|
| |
Merge these functions together and remove icmp6_rip6_input().
OK mpi@
|
| |
|
|
|
| |
No binary change.
OK mpi@
|
| |
|
|
|
| |
allows to simplify code used for both IPv4 and IPv6.
OK mikeb@ deraadt@
|
| |
|
|
|
|
| |
zero the buffers first. All the current objects appear to be safe,
however future changes might introduce structure pads.
Discussed with guenther, ok bluhm
|
| |
|
|
| |
OK mpi@
|
| |
|
|
| |
ok bluhm@
|
| |
|
|
| |
ok bluhm@
|
| |
|
|
| |
ok mpi@
|
| |
|
|
|
|
|
|
|
| |
Try to follow the existing examples. Some notes:
- don't implement counters_dec() yet, which could be used in two
similar chunks of code. Let's see if there are more users first.
- stop incrementing IPv6-specific mbuf stats, IPv4 has no equivalent.
Input from mpi@, ok bluhm@ mpi@
|
| |
|
|
|
|
|
|
| |
the netlock held. This also changes the prototypes of the *ctloutput
functions to take an mbuf instead of an mbuf pointer.
help, guidance from bluhm@ and mpi@
ok bluhm@
|
| |
|
|
|
|
| |
generating atomic fragments. So remove the code that sends them.
CVE-2016-10142 has been assigned to that issue.
OK visa@ mpi@
|
| |
|
|
| |
No functional change.
|
| |
|
|
|
|
|
|
|
|
|
| |
of the network stack that are not yet ready to be executed in parallel or
where new sleeping points are not possible.
This first pass replace all the entry points leading to ip_output(). This
is done to not introduce new sleeping points when trying to acquire ART's
write lock, needed when a new L2 entry is created via the RT_RESOLVE.
Inputs from and ok bluhm@, ok dlg@
|
| |
|
|
|
|
| |
This will allow to strengthen checks when userland adds a route.
ok phessler@, bluhm@
|
| |
|
|
|
|
|
| |
IPv4 dynamic route inherits the priority. Only clone from a valid
IPv6 route. Do not use splsoftnet() in IPv6. Some stylistic changes
to make the functions similar.
OK mpi@
|
| |
|
|
| |
From Rivo Nurges; OK claudio@ mpi@ phessler@
|
| |
|
|
|
|
|
| |
Timers configured via rt_timer_add(9) always run at IPL_SOFTNET, so
assert that rather than calling splsoftnet().
ok bluhm@
|
| |
|
|
|
|
| |
This is another little step towards deprecating 'struct route{,_in6}'.
ok bluhm@
|
| | |
|
| |
|
|
|
|
| |
Reported by Heiko on bugs@.
ok stsp@, claudio@
|
| |
|
|
|
|
| |
convert in_selectsrc() prototype to match.
Ok bluhm@ mpi@.
|
| | |
|
jsg
bluhm
gnezdo
nayden
denis
claudio
miko
dhill
florian
mpi
friehm
rzalamena
deraadt
jca
vgross