| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
if_attach() enforces it is properly defined.
|
| |
|
|
| |
ok florian@, claudio@, bluhm@
|
| |
|
|
| |
ok florian@, claudio@, visa@, bluhm@
|
| |
|
|
|
|
|
|
|
|
| |
off the mbuf properties with m_resethdr(). It is a new packet,
especially M_LOOP indicating that it was running through lo(4)
should be cleared. Use the ph_loopcnt to prevent looping at the
upper end of the stack. Although not strictly necessary in icmp
reflect, it is a good idea to increase and check the counter here,
like in socket splicing.
OK mpi@ sashan@
|
| |
|
|
|
|
|
| |
from icmp6_reflect() to ip6_send_dispatch() when ip6_send() was
introduced. Move the comment that explains this flag also to the
place where it is used.
from sashan@
|
| |
|
|
|
|
|
|
|
|
|
| |
- SIOCSIFPHYADDR
- SIOCSIFPHYADDR_IN6
- SIOCGIFPSRCADDR
- SIOCGIFPSRCADDR_IN6
- SIOCGIFPDSTADDR
- SIOCGIFPDSTADDR_IN6
ok bluhm@
|
| |
|
|
|
|
| |
Exposes per-CPU counters to real parrallelism.
ok visa@, bluhm@, jca@
|
| |
|
|
| |
wrap it.
|
| |
|
|
|
| |
divert-packet. Bring back the loop over the global list to find
the divert socket.
|
| |
|
|
|
|
|
|
| |
It used a loop over the global list divbtable that would be hard
to make MP safe. The port net/dnsfilter does not work without this,
it should be converted to divert-to. Neither other ports nor base
use this filter feature.
ports checked by sthen@; OK mpi@ benno@
|
| | |
|
| |
|
|
|
|
|
|
| |
route lookup to make it MP safe. Only set the mbuf header fields
that are needed. Validate the name input. Also use the same
variables in IPv4 and IPv6 functions and avoid unneccessary
initialization.
OK mpi@
|
| |
|
|
|
|
| |
Not all of them need the NET_LOCK().
ok bluhm@
|
| |
|
|
|
|
|
|
|
|
|
| |
get_last_resort_ifid() function because eww.
Also if your system is so constraint that you end up in
in6_get_rand_ifid() you don't deserve a random ifid that stays
stable over reboots.
Simplify code a bit since get_ifid() can no longer fail. It couldn't
fail before either because that code path was #if 0'ed.
While here sprinkle in some in6_ prefixes, pointed out by stsp.
OK stsp
|
| |
|
|
|
|
| |
all the callers to call m_freem(9).
Support from deraadt@ and tedu@, ok visa@, bluhm@
|
| |
|
|
|
|
| |
Problem reported and fix tested by Hrvoje Popovski.
ok bluhm@, visa@
|
| |
|
|
|
|
| |
Especially in tcp_usrreq() connect detect the correct address family
based on the inp_flags instead of the sa_family user input.
OK mpi@
|
| |
|
|
|
|
|
|
| |
sppp_update_ip6_addr() became the last user of n6_are_prefix_equal().
Since it compares /128 prefixes it doesn't need all the bells and
whistles and can be converted to a memcmp. Remove the now unused
n6_are_prefix_equal().
OK bluhm, mpi
|
| |
|
|
| |
Tested by Hrvoje Popovski, ok bluhm@
|
| |
|
|
|
|
|
| |
in common checks for unix, inet, inet6 instead of partial checks
here and there. Some checks are already done at a higher layer,
but better be paranoid with user input.
OK claudio@ millert@
|
| |
|
|
| |
OK mpi@
|
| |
|
|
|
|
|
|
| |
retransmit timeout. Do not run path MTU discovery on local routes
as we never want that on loopback. For permanent ARP or ND entries
disable path MTU discovery as they use the same rt_expire field.
This prevents that permanent routes and entries disappear.
bug analysis friehm@; OK mpi@
|
| | |
|
| |
|
|
| |
OK mpi
|
| |
|
|
|
| |
kernel.
OK mpi
|
| |
|
|
|
| |
kernel.
OK mpi
|
| |
|
|
|
| |
We know when pltime or vltime decrease to zero. Run nd6_expire then.
Input & OK mpi, bluhm
|
| |
|
|
|
|
| |
The interface congestion algorithm kills performance at this place,
with the large queues it never triggers.
OK mpi@ claudio@
|
| |
|
|
|
|
|
|
|
| |
task to the `softnettq`.
While here update comments and names to reflect reality after the removal
of router and prefix lists.
ok florian@, bluhm@
|
| | |
|
| |
|
|
|
|
| |
that nd6_free() advances the next pointer itself. Make nd6_free()
a void function and remove unused parameter gc.
OK florian@ millert@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
of src/dst ip/port is unique for TCP. But if the socket is not
bound, the automatic bind by connect happens after the check. If
the socket has the SO_REUSEADDR flag, in_pcbbind() may select an
existing local port. Then we had two colliding TCP PCBs. This
resulted in a packet storm of ACK packets on loopback. The softnet
task was constantly holding the netlock and has a high priority,
so the system hung.
Do the in_pcbhashlookup() again after in_pcbbind(). This creates
sporadic "connect: Address already in use" errors instead of a hang.
bug report and testing Olivier Antoine; OK mpi@
|
| |
|
|
|
| |
kernel that uses it without the #ifdef guard.
OK bluhm
|
| |
|
|
|
| |
over 10 years ago by RFC 4443. We are probably not going back.
OK deraadt, jca
|
| |
|
|
|
|
| |
rtdeletemsg().
ok bluhm@
|
| |
|
|
|
|
|
|
| |
In the forwarding path, pf_test() is executed w/o KERNEL_LOCK() and
in case of divert end up calling sowakup(). However selwakup() and
csignal() are not yet ready to be executed w/o KERNEL_LOCK().
ok bluhm@
|
| |
|
|
|
|
|
| |
longer tracks prefixes or default routers from router advertisements.
Pointed out by jmc.
ports tree grepping sthen, who only found nsh
OK mpi, sthen
|
| |
|
|
|
|
|
| |
With this we can also get rid of in6_prefix and in6_defrouter. They
are meaningless, the kernel no longer tracks this information.
Pointed out by & OK mpi
|
| |
|
|
|
|
|
|
|
| |
shall all be cleansed.
Remove sending of router solicitations and processing of router
advertisements from the kernel. It's handled by slaacd(8) these days.
Input & OK bluhm@, mpi@
|
| |
|
|
|
|
|
|
|
|
| |
advertisement processing and solicitation sending like we already did
for the non-install kernels.
Next step will be to tedu all that code from the kernel.
OK rpe@ for the installer bits
move forward deraadt@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the inner IP packet into the internet queue. The IPv6 local delivery
code has a loop to deal with header chains. The idea is to use
this loop and avoid the queueing and rescheduling. The IPsec packet
will be processed in a single flow.
Merge the IP deliver loop from both IP versions into a single
ip_deliver() function that can handle both addresss families. This
allows to process an IP in IP header like a normal extension header.
If af != AF_UNSPEC, we are already in a deliver loop and have the
kernel look. Then we can just return the next protocol. Otherwise
we enqueue. The dequeue thread has the kernel lock and starts an
IP delivery loop.
OK mpi@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
send it with a link local source address as well.
This helps upstream routers with their own source address
selection.
A reoccurring scenario is:
- gateway on fe80::1%if
- the gateway does not have an IP in the same prefix as our global address
When we want to talk to the outside world we first need to resolve the
gateway. We copy the source address from our outgoing packet to the
neighbor solicitation packet (a global address) and ask for layer2
information of a link local address.
The upstream router now needs to do source address selection of it's
own. Since we are coming from a global address and there is no address
from the same prefix the router uses another global address lying
around.
We then drop this with "ND packet from non-neighbor".
Reported over the years by a few people, most recently by Marc Peters
on bugs@ who confirmed that this fixes the problem.
OK stsp@, mpi@
|
| |
|
|
|
|
|
|
| |
m->m_pkthdr.ph_rtableid) after going to reroute in ip6_forward().
As this had been lost during refactoring, the old route was used
after pf has changed the routing table. Solution is to reset the
route, then it is not valid and will be reallocated.
from markus@; OK mpi@
|
| |
|
|
|
| |
IPsec packets without additional enqueueing.
OK mpi@
|
| |
|
|
|
|
|
|
| |
::1 as source address. It should be the link-local address of the
attached interface. The rtalloc() in icmp6_reflect() did not find
the correct local address. The IPv6 routing table does not use
sin6_scope_id, but the embedded scope. So do not recover the scope.
bug report Harald Dunkel; OK mpi@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
buffers.
This is one step towards unlocking TCP input path. Note that all the
functions asserting for the socket lock are not necessarilly MP-safe.
All the fields of 'struct socket' aren't protected.
Introduce a new kernel-only kqueue hint, NOTE_SUBMIT, to be able to
tell when a filter needs to lock the underlying data structures. Logic
and name taken from NetBSD.
Tested by Hrvoje Popovski.
ok claudio@, bluhm@, mikeb@
|
| |
|
|
|
|
|
| |
bugs could easily result in use-after-free or double free. Introduce
m_freemp() which automatically resets the pointer before freeing
it. So we have less dangling pointers in the kernel.
OK krw@ mpi@ claudio@
|
| |
|
|
|
|
| |
error. Make the ip_mforward() return value consistent. Simplify
the caller logic in ipv6_input() like in IPv4.
OK mpi@
|
| |
|
|
|
|
|
|
|
| |
try to remove a route from the table if it is and invalid cache.
This is a step towards decoupling code dealing with userland and kernel
inserted routes.
ok bluhm@
|
| |
|
|
|
|
| |
The same notification is already present in ARP.
From Jan Klemkow, ok bluhm@
|
mpi
bluhm
deraadt
florian