| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
| |
It does not make sense to call if_get() again, just pass ifp as
parameter. Move the IFT_CARP check into the function instead of
doing it everywhere. Replace the inverted match variable logic
with simple returns.
OK mpi@ friehm@
|
| |
|
|
|
|
| |
scope check and clearing of the scope id into separate functions.
input & ok visa, mpi
|
| |
|
|
| |
OK tb
|
| |
|
|
|
|
|
|
|
| |
Hoist privilege check to the top and split out handling of
SIOCAIFADDR_IN6 and SIOCDIFADDR_IN6 into a separate function.
Merge tangled switches and simplify the code paths.
tested by hrvoje
ok visa
|
| |
|
|
|
|
|
| |
that only needs a read lock.
Tested by hrvoje
ok visa
|
| |
|
|
|
|
|
|
|
| |
for in_control(). Protect mrt6_ioctl() and nd6_ioctl() with a read
lock and in6_ioctl with the NET_LOCK() while establishing a single
exit point.
tested by kn
ok florian, mpi, visa
|
| |
|
|
| |
Found the hard way.
|
| |
|
|
|
|
|
| |
For the PRU_CONTROL bit the NET_LOCK surrounds in[6]_control() and
on the ENOTSUPP case we guard the driver if_ioctl functions.
OK mpi@
|
| |
|
|
|
|
|
|
| |
updated from userland that was marked duplicated or tentative.
Otherwise we would just lose the duplicated / tentative state and assume
that the address is now unique and usable.
OK kn
|
| |
|
|
| |
OK deraadt@ florian@
|
| |
|
|
|
|
| |
IPv4 we do the same and there are races that triggers it. Increment
the statistics counter for both.
from markus@; OK mpi@
|
| |
|
|
| |
From Raf Czlonka, ok sthen@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
slaacd(8).
RFC 7217 states (section 5, page 9):
| The Interface Identifier is finally obtained by taking as many
| bits from the RID value (computed in the previous step) as
| necessary, starting from the least significant bit.
Problem in slaacd pointed out by semarie@.
OK sthen, phessler
|
| |
|
|
|
|
|
| |
The account flag `ASU' will no longer be set but that makes suser()
mpsafe since it no longer mess with a per-process field.
No objection from millert@, ok tedu@, bluhm@
|
| |
|
|
| |
from semarie@, ok benno@
|
| |
|
|
|
|
|
|
|
|
| |
if you need to send an ipv6 packet with ip6_send(), there's no DF
bit in an ipv6 packet and no way to pass the ip6 options to ip6_output
to tell it to not allow fragmentation. this adds an M_IPV6_DF_OUT
"checksum" flag so something creating ipv6 packets a long way from
ip6_output can easily tell it to not allow fragmentation.
grumbling and ok claudio@
|
| |
|
|
|
|
|
|
|
| |
while here, give us support for mpls in gif on ipv6.
this moves all the gif handling into if_gif, eg, the mpls handling
is no longer in ip_etherip.c.
ok claudio@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Interface Identifiers with IPv6 Stateless Address Autoconfiguration."
"An IPv6 address configured using this method is stable within each
subnet, but the corresponding Interface Identifier changes when the
host moves from one network to another. This method is meant to be an
alternative to generating Interface Identifiers based on hardware
addresses."
OK naddy, sthen
|
| |
|
|
|
|
|
|
|
|
|
| |
the main new feature is gre keys, supported by the vnetid ioctls.
this also adds support for gre over ipv6, the use of hfsc, and
allows tx mitigation in the future.
this diff removes keepalive support, but i promised claudio@ and
patrick@ i would put it back after this goes in.
ok claudio@
|
| |
|
|
|
|
| |
It was not guaranteed that the mbuf data was not somewhere else in
the chain. So return an offset and do a proper mbuf pulldown.
found by Maxime Villard; from NetBSD; with markus@; OK deraadt@
|
| |
|
|
|
|
|
|
| |
packet through ip6_input() or from the routing table. In both cases
the KAME hack has added the embeded scope to the address, so it is
not necessary to fill the scope id again in rt6_flush(). Assert
that it is already there.
OK mpi@
|
| |
|
|
|
|
| |
ARP or ND timeout could delete local routes. Put an assert into
arptfree() and nd6_free() so this cannot happen again.
OK mpi@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
state as diverted. This is necessary for IP input to accept the
packet as ours. But it must not be used to match the ICMP packet
to a raw socket. Clear the PF_TAG_DIVERTED mbuf pf flag for the
special ICMP and ICMP6 packets in icmp_input_if() and icmp6_input().
The m_tag_delete_chain() caused an inconsistent PF_TAG_DIVERTED
mbuf pf flag and PACKET_TAG_PF_DIVERT mbuf tag which triggered an
assert in rip_input(). Deleting all mbuf tags can have undesired
side effects and is not necessary anymore since icmp_reflect() calls
m_resethdr(). Do not touch the mbuf tags and adjust the mbuf pf
flags for the correct behavior of rip_input() and rip6_input().
reported by Chris Eidem, James Turner, vicviq, Scott Vanderbilt
OK mpi@
|
| |
|
|
|
|
|
|
| |
is set, pf_find_divert() cannot fail so put an assert there.
Explicitly check all possible divert types, panic in the default
case. For raw sockets call pf_find_divert() before of the socket
loop. Divert reply should not match on TCP or UDP listen sockets.
OK sashan@ visa@
|
| |
|
|
|
|
|
|
|
|
| |
divert-to or divert-reply was active. If the address was also set,
it meant divert-to. Divert packet used a separate structure. This
is confusing and makes it hard to add new features. It is better
to have a divert type that explicitly says what is configured.
Adapt the pf rule struct in kernel and pfctl, no functional change.
Note that kernel and pfctl have to be updated together.
OK sashan@
|
| |
|
|
|
|
|
|
| |
packets.
Found by Hrvoje Popovski.
ok visa@, bluhm@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This prevents a use-after-free reported by Hrvoje Popovski where the
timeout function was already sleeping on the NET_LOCK() when ifconfig(8)
removed the enry from the table.
By iterating on a global list in the timeout routine we ensure that the
items are still valid when we process them. This also reduce differences
with ARP.
ok bluhm@, visa@
|
| |
|
|
|
|
| |
mp-safe.
ok bluhm@, visa@
|
| |
|
|
|
|
|
| |
They have the same functionnality since friehm@ cleaned up
balancing code.
ok florian@, visa@, patrick@, bluhm@, jmatthew@
|
| |
|
|
|
|
|
|
|
|
|
| |
interface index.
This assumption is true for the moment iff the route lookup *and* the
if_get() are done under KERNEL_LOCK(). This is not the case here.
Found the hardway by Hrvoje Popovski.
ok florian@, visa@, bluhm@
|
| |
|
|
|
|
| |
pr_input handlers without KERNEL_LOCK().
ok visa@
|
| |
|
|
|
| |
As a result, ip_ether.c now only deals with MPLS-in-IP. The next
commits will move & rename stuff to make this clear. ok visa@ mpi@
|
| |
|
|
|
|
|
| |
The INET6 entries are not needed, not documented (use net.inet.etherip)
and do not appear in sysctl(8) output.
ok mpi@
|
| |
|
|
|
| |
messages. Splassert was triggered by regress/sys/netinet6/frag6.
OK mpi@ sashan@ visa@
|
| |
|
|
| |
ok visa@, benno@
|
| |
|
|
|
|
|
|
| |
This will be used to first allow read-only ioctl(2) to be executed while
the softnet taskq is running. Then it will allows us to execute multiple
softnet taskq in parallel.
Tested by Hrvoje Popovski, ok kettenis@, sashan@, visa@, tb@
|
| |
|
|
|
|
|
|
|
| |
This lets the code run without KERNEL_LOCK() and NET_LOCK().
In addition, this patch reorganizes a part of the code, to move
some of the memory release operations outside the critical section.
Input and OK mpi@, OK florian@, an earlier version OK bluhm@
|
| |
|
|
| |
OK mpi
|
| |
|
|
|
|
|
|
|
| |
Instead return EOPNOTSUPP and call it from ifioctl(). This will help
getting per-driver ioctl routines outside of need the NET_LOCK().
While here always return ENXIO when ``ifp'' is NULL.
ok visa@, florian@
|
| |
|
|
|
|
|
|
| |
for the Source Link-layer Address Options.
Merge nd6_rs_input() and nd6_ra_input() into one generic function that
does just that.
input & OK mpi
|
| |
|
|
|
|
| |
functions to pave way for more fine grained locking.
Suggested by, comments & OK mpi
|
| |
|
|
|
| |
Also it does not change behaviour.
OK jca
|
| | |
|
| |
|
|
|
|
|
| |
NOTE: code still runs with single softnet task. change definition of
SOFTNET_TASKS in net/if.c, if you want to have more than one softnet task
OK mpi@, OK phessler@
|
| |
|
|
|
|
| |
Direction suggested by mpi
OK mpi, visa
|
| |
|
|
|
|
| |
and drop the now redundant allocation type M_FTABLE.
OK mikeb@, bluhm@, mpi@
|
| |
|
|
| |
OK bluhm@, mpi@
|
| |
|
|
|
|
|
|
|
| |
is set.
Accesses to IPsec global data structure are now serialized by the
NET_LOCK().
Tested by many, ok visa@, bluhm@
|
| |
|
|
| |
ok florian@, sthen@, jsg@
|
| |
|
|
| |
ok mpi@
|
bluhm
tb
florian
pirofti
dhill
mpi
dlg
jca
visa
sashan
jsg