summaryrefslogtreecommitdiffstats
path: root/sys/netinet (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Avoid a situation where we do not set the tcp persist timer afterbluhm2015-07-131-1/+27
| | | | | | | a zero window condition. If you send a 0-length packet, but there is data is the socket buffer, and neither the rexmt or persist timer is already set, then activate the persist timer. From FreeBSD revision 284941; OK deraadt@ markus@ mikeb@ claudio@
* Make KASSERT in tcp_input() less strict, tcpcb may be NULL.bluhm2015-07-101-2/+2
| | | | OK deraadt@
* Remove unused arguments and the associated code from nd6_nud_hint().mpi2015-07-091-2/+2
| | | | ok claudio@
* Pass an interface index instead of a pointer to in6_addr2scopeid().mpi2015-07-081-5/+5
| | | | ok millert@
* Use a new RTF_CONNECTED flag for interface (connected) routes.mpi2015-07-081-3/+4
| | | | | | | | | | | | | | | | | Recent changes to support multiple interface routes broke the assumption made by all our userland routing daemons concerning interface routes. Historically such routes had a "gateway" sockaddr of type AF_LINK. But to be able to support multiple interface routes as any other multipath routes, they now have a unique "gateway" sockaddr containing their corresponding IP address. This self-describing flag should avoid ambiguity when dealing with interface routes. Issue reported by <mxb AT alumni DOT chalmers DOT se> and benno@ ok claudio@, benno@
* Always use "ifp" instead of mixing it with "ac->ac_if" in in_arpinput().mpi2015-07-071-14/+14
|
* We're now creating a connected route for every configured address sompi2015-07-061-8/+2
| | | | there's no need to flag every address as IFA_ROUTE.
* No longer need to manually pass RTF_MPATH to rt_ifa_add(9).mpi2015-07-061-3/+3
|
* By design if_input_process() needs to hold a reference on the receivingmpi2015-07-022-13/+6
| | | | | | | | | ifp in order to access its ifih handlers. So get rid of if_get() in the various ifih handlers we know the ifp is live at this point. ok dlg@
* Get rid of the undocumented & temporary* m_copy() macro added formpi2015-06-305-16/+18
| | | | | | | | compatibility with 4.3BSD in September 1989. *Pick your own definition for "temporary". ok bluhm@, claudio@, dlg@
* Rename if_output() into if_enqueue() to avoid confusion with commentsmpi2015-06-301-2/+2
| | | | | | talking about (*ifp->if_output)(). ok claudio@, dlg@
* count if_ibytes in if_input like we do for if_ipackets.dlg2015-06-291-3/+1
| | | | tweaks and ok mpi@
* Increment if_ipackets in if_input().mpi2015-06-241-3/+1
| | | | | | | Note that pseudo-drivers not using if_input() are not affected by this conversion. ok mikeb@, kettenis@, claudio@, dlg@
* Pass a "struct ifnet *" instead of a "struct arpcom *" to arpresolve().mpi2015-06-232-8/+9
| | | | | | | | Most of the ARP layer already take an ifp pointer and this makes clear wich chunks of code are messing with ac_enaddr. Note that our Ethernet code assume that these pointer are interchangeable since the first element of the "struct arpcom" is a "struct ifnet".
* Adapt bridge(4) to the new if_input() framework.mpi2015-06-231-17/+3
| | | | | | | | | | | | Move bridge_input() outside of ether_input() in order to duplicate packets flowing through a bridge port before applying any transformation on mbufs. This saves a various m_adj(9)/M_PREPEND(9) dances and remove the bridge(4) hack from vlan(4). Tested by mxb <mxb AT alumni DOT chalmers DOT se> and kettenis@ ok bluhm@
* Store a unique ID, an interface index, rather than a pointer to thempi2015-06-1616-58/+108
| | | | | | | | | | | | | | | receiving interface in the packet header of every mbuf. The interface pointer should now be retrieved when necessary with if_get(). If a NULL pointer is returned by if_get(), the interface has probably been destroy/removed and the mbuf should be freed. Such mechanism will simplify garbage collection of mbufs and limit problems with dangling ifp pointers. Tested by jmatthew@ and krw@, discussed with many. ok mikeb@, bluhm@, dlg@
* Use proper argument type for crp_callback functions; no functional change.mikeb2015-06-151-17/+11
|
* No need for an extra local variable; no functional change.mikeb2015-06-151-11/+9
|
* Use proper argument type for crp_callback functions; no functional change.mikeb2015-06-152-31/+22
|
* Move away from using hzto(9); OK dlgmikeb2015-06-112-22/+10
|
* Move carp-related logic from ether_output() into carp_start().mpi2015-06-082-26/+47
| | | | ok sthen@, phessler@
* Introduce unhandled_af() for cases where code conditionally doesjsg2015-06-072-4/+8
| | | | | | | | | | | something based on an address family and later assumes one of the paths was taken. This was initially just calls to panic until guenther suggested a function to reduce the amount of strings needed. This reduces the amount of noise with static analysers and acts as a sanity check. ok guenther@ bluhm@
* Replace a bunch of == 0 with == NULL in pointer tests. Nuke somekrw2015-06-078-87/+87
| | | | | | | annoying trailing, leading and embedded whitespace. No change to .o files. ok deraadt@
* Try harder to avoid (very unlikely) NULL pointer de-ref by tweakingkrw2015-06-051-32/+18
| | | | | | | | code to use sotopf() like tcp_usrreq() does. Also following tcp_usrreq(), put more stuff under splsoftnet. And as a result in-line code in udp_detach() and nuke udp_detach(). Most ideas from and ok mikeb@
* Take carp(4) out of ether_input().mpi2015-06-022-66/+79
| | | | | | Tested by <mxb AT alumni DOT chalmers DOT se>, thanks! ok bluhm@, dlg@
* Store the IP address of the corresponding ifa in the rt_gateway fieldmpi2015-05-261-5/+4
| | | | | | | | | | | | | | | of RTF_CLONING and RTF_BROASCAST routes to not create MPATH conflicts when IP address aliases are used. This change makes it possible to have multiple RTF_CLONING routes with the same priority. Note that any of the existing RTF_CLONING route might be used by the kernel to create a RTF_CLONED route which should not be a problem with aliases since they are attached to the same ifp. This unbreak address aliases since the kernel supports multiple connected routes for a subnet. Found the hardway by djm@, ok claudio@
* Do not create ARP entries for RTF_BROADCAST routes.mpi2015-05-261-15/+3
| | | | | | | | | | | | | | | | | This has been done because historically routes to broadcast addresses were cloned like any ARP entry. But for obvious reasons, no matching Ethernet address could ever be resolved. That's why we played tricks with the expire timer. Now that a RTF_BROADCAST route is created per configured IPv4 address, we need to differenciate duplicated one. And by not creating an ARP entry we are allowed to write the IP address in the rt_gateway field, which prevents MPATH conflicts. This change is part of a fix to unbreak aliases since the kernel support multiple connected routes for a subnet. Found the hardway by djm@, ok claudio@
* remove PACKET_TAG_IPSEC_PENDING_TDB, it is never set; ok mikeb@markus2015-05-231-18/+3
|
* introduce ipsec-id bundles and use them for ipsecflowinfo,markus2015-05-234-99/+177
| | | | | fixes rekeying for l2tp/ipsec against multiple windows clients and saves memory (for many SAs to same peers); feedback and ok mikeb@
* Correctly state the link state to INVALID when creating a carp interface.mpi2015-05-211-8/+11
| | | | | | | | | | | | Since vhe are allocated with M_ZERO and INIT is also defined to be 0, carp_set_state() would result in a no-op because of the state check. So explicitly initialize the state of a vhe to INIT and move the state check in carp_set_state_all() to prevent similar issues in the future. Problem and initial diff from Johan Ymerson, thanks! ok henning@
* Do not leak a rtentry if it is unusable.mpi2015-05-191-2/+4
| | | | Found by The Brainy Code Scanner from Maxime Villard.
* Allow multiple connected/interface routes to exist at the same time.claudio2015-05-152-139/+5
| | | | | | | | | | | Use the existing multipath code. Switch away from using the ifa address when making the cloning route and instead put a dummy sockaddr_dl route in. With this it is possible to use the same network on multiple interfaces at the same time. So if wireless and ethernet share the same network the system will use the wired connection as long as there is link. Still missing is builtin proxy-arp for the other interface IPs to allow hitless failover. OK mpi@
* Give carp(4) interfaces their own low priority. The change should notclaudio2015-05-151-1/+2
| | | | | | change behaviour for now but will allow to share the same address with the parent interface without major hacks. OK mpi@
* Remove a NULL check in carp_set_ifp() as we always pass a valid ifpmpi2015-05-151-58/+54
| | | | | | pointer to this function. ok claudio@
* test mbuf pointers against NULL not 0jsg2015-05-137-20/+20
| | | | ok krw@ miod@
* MPLS also needs a definition for etherip_output(), fix build withoutmpi2015-05-121-2/+2
| | | | bridge.
* Include the timestamp TCP option in keep alive packets as well.mikeb2015-05-071-8/+17
| | | | | | | | | | According to RFC 7323 "once TSopt has been successfully negotiated, ... [it] MUST be sent in every non-<RST> segment for the duration of the connection." Which means that keep alives which are just ACK packets must include that too. Pointed out and tested by Lauri Tirkkonen <lotheac at iki ! fi>, thanks! ok mpi
* Merge two identical if() statements in ipsp_acquire_sa(). Themillert2015-04-301-11/+7
| | | | | change in ip_spd.c 1.59 makes it appear that there is a cut & pasto. OK mikeb@
* Make sure to overwrite sdl_type after calling ether_ifattach().mpi2015-04-281-1/+2
| | | | Fix a problem found by Johan Huldtgren, ok phessler@
* Add the necessary glue to keep carp(4) working while other pseudo-driversmpi2015-04-221-14/+23
| | | | | | are converted to if_input(), this time without breaking parent-less setup. ok sthen@, dlg@
* Init rt to NULL in arpresolve(). Not a problem in practicejsg2015-04-221-2/+2
| | | | | | | as la will be NULL when rt is uninitialised which should cause the function to return, but makes the code easier to follow. ok mpi@ miod@
* Revert previous. Packets going through carp_input() but not destinatedmpi2015-04-211-12/+9
| | | | | | to the carp interface would end up enqueued without being decapsulated. Found the hard way by shten@
* Stubs and support code for NIC-enabled IPsec bite the dust.mikeb2015-04-178-267/+111
| | | | No objection from reyk@, OK markus, hshoexer
* Remove unused ipsp_parse_headers that was supposed to parse packetsmikeb2015-04-171-219/+1
| | | | returned by IPsec-enabled NICs; OK markus, hshoexer
* Remove unsupported SADB_X_IDENTTYPE_CONNECTION; OK markus, hshoexermikeb2015-04-171-2/+1
|
* ipa_inp_next is unused; via mikeb@markus2015-04-161-2/+1
|
* remove unfinished/unused support for socket-attached ipsec-policiesmarkus2015-04-168-739/+27
| | | | ok mikeb
* Add the necessary glue to keep carp(4) working while other pseudo-driversmpi2015-04-151-9/+12
| | | | | | are converted to if_input(). ok dlg@, claudio@
* Use ether_ifattach() and ether_ifdetach() when cloning/destroying anmpi2015-04-151-23/+5
| | | | | | | | | | | interface instead of rewritting most of them. This change is also needed for upcoming if_input() conversion. As a bonus pseudo-driver attached on top of carp are now detached in the right order. ok claudio@, henning@
* make ipsp_address thread safe; ok mpimikeb2015-04-148-111/+201
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.