summaryrefslogtreecommitdiffstats
path: root/sys/netinet (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* The proliferation of "struct route" in all its flavors didn't makempi2014-11-252-29/+13
| | | | | | | | | | | | | | any good to our network stack. The most visible effect is the maze of #ifdef's and casts. But the real problem is the very fragile way of checking if a (cached) route entry is still valid or not. What should we do if the route jumped to another ifaddr or if its gateway has been changed? This change start the dance of "struct route" & friends removal by sending the completly useless "struct route_enc" to the bucket. Tweak & ok claudio@
* unifdef -USCOPEDROUTING, no object change.mpi2014-11-251-9/+1
|
* Rename rt_ifa_addloop() into rt_ifa_addlocal() and make it return anmpi2014-11-241-4/+4
| | | | | | error code on failure (unchecked for the moment). ok mikeb@, jmc@
* sizes for simple free cases. sizeof(*) and one case where len is clear.tedu2014-11-203-24/+24
|
* Yet more #include de-duplication.krw2014-11-204-16/+4
| | | | ok deraadt@ tedu@
* In TCP and UDP layers do not (ab)use the receiving interface to checkmpi2014-11-203-18/+12
| | | | | | | | | | | for a multicast/broadcast destination address. These checks have already been done in the Ethernet and IP layers and the mbuf(9) should contain all the required information at this point. But since we cannot trust this spaghetti stack, be paranoid and make sure to set the flags in the IP input routines. Use explicit comments, requested by deraadt@. ok claudio@
* funky spacing.mpi2014-11-201-2/+2
|
* Instead of playing hide-and-seek with the route to destination attachedmpi2014-11-201-85/+18
| | | | | | | | to p2p interfaces always mark them as Multipath. This way we can have multiple routes to the same destination as long as the local address is different. ok mikeb@
* move arc4random prototype to systm.h. more appropriate for most codetedu2014-11-1810-26/+11
| | | | to include that than rdnvar.h. ok deraadt dlg
* remove now unnecessary casts from hash update calls.tedu2014-11-161-8/+8
|
* use siphash in the in_pcb hashing. this mitigates it against floodingdlg2014-11-152-29/+89
| | | | | | | | | | | attacks. this is a textbook use of siphash. the idea of using siphash for this came from yasuoka-san, but i had the time to do it. he also tested and tweaked this diff. ok yasuoka@ mikeb@
* To implement transparent relays for connectionless protocols, thebluhm2014-11-092-2/+18
| | | | | | | | | | pf the state has to vanish immediately when the relay closes the socket. To make this work reliably, the linkage between state and socket must be established with the first packet. This packet could be incomming or outgoing. Link the pf state in the socket layer earlier. This makes all tests in /usr/src/regress/sys/net/pf_divert pass. OK henning@
* Let's just call a rdomain a rdomain.mpi2014-11-061-3/+3
| | | | ok dlg@
* mix the rtable into the hash for tcp sequence number generation.dlg2014-11-061-2/+3
| | | | ok tedu@ claudio@
* Did you ever wonder why loopback's ifas have a destination address?mpi2014-11-051-3/+1
| | | | | | | | | It is of course not to make your life more complicated when you are dealing with ifa_ifwithaddr()! It was to reuse the point-to-point code to add a route to 127.0.0.1. But now we have local routes and we don't need this hack anymore :) ok mikeb@ as part of a larger diff.
* Kill in_iawithaddr() and use ifa_ifwithaddr() directly.mpi2014-11-053-33/+26
| | | | | | | Note that ifa_ifwithaddr() might return a broadcast address, so if you don't want one make sure to filter them out. ok mikeb@
* Remove "pl" suffix on pool names.mpi2014-11-043-13/+9
| | | | ok dlg@, uebayasi@, mikeb@
* Fix kernel stack overflow by preventing carp_send_ad_all() from re-entrantgerhard2014-11-031-3/+12
| | | | | | | | calls. Also, when adjusting demote counts, don't call carp_send_ad_all() for every ifgroup with a demote count of 1 but rather call it only once after adjusting the demote counts of all ifgroups. ok bluhm@ mpf@
* Rename rtalloc1() into rtalloc(9) and convert its flags to only enablempi2014-11-015-18/+22
| | | | | | functionnality instead of a mix of enable/disable. ok bluhm@, jca@
* Select a proper source address when the bound address isyasuoka2014-10-281-4/+5
| | | | | | INADDR_BROADCAST the same as INADDR_ANY. ok mpi
* Fix indentation of closing brace.bluhm2014-10-241-2/+2
| | | | From Florian Riehm
* use sha512 instead of md5 for tcp isn. ok deraadttedu2014-10-201-15/+20
|
* Don't check for an empty list of interfaces. This is never true even ifmpi2014-10-141-6/+2
| | | | | | | you don't have a physical interface on your machine, so why rawip should be more clever^Wparanoid than the others? ok henning@, mikeb@
* Use rtfree() instead of RTFREE(), NULLify some free'd route pointers andmpi2014-10-145-26/+28
| | | | | | kill the macro. ok mikeb@, henning@
* Remove #ifdef SO_OOBINLINE, it is always defined.bluhm2014-10-081-6/+3
| | | | OK henning@
* Check if the outgoing route is associated to a broadcast address insteadmpi2014-10-081-3/+3
| | | | | | of doing a lookup on all the addresses of the outgoing interface. ok henning@
* Do not protect the SIOCSIFADDR call by splnet(). Drivers alreadympi2014-10-072-7/+6
| | | | | | | | | | | | raise it inside their ioctl handler (except for carp(4), what else?). In general, global structures manipulated in the softnet codepath only require a splsoftnet() protection when they are modified in process (ioctl) context. Also put some IPL_SOFNET asserts in functions accessing global structures. Previous version diff ok mikeb@, with inputs from and ok bluhm@
* There is no point in trying to purge the default host route formpi2014-10-021-4/+4
| | | | | | loopback interfaces because we no longer add it. ok claudio@
* Fix loopback related breakage introduced by the conversion of in_ouraddr()mpi2014-10-011-4/+4
| | | | | | | | | to use the routing table. Do not create a host route for loopback addresses apart from the local ones otherwise these addresses are not considered as part of the machine. Reported by deraadt@ and Heiko Zimmermann on bugs@.
* add back the sys/sysctl.h include removed in rev 1.60jsg2014-09-301-1/+2
| | | | fixes the kernel build when PIM is defined
* Do not use the global list of IPv4 addresses in icmp_reflect()...mpi2014-09-301-31/+28
| | | | | | | | | | ...but the routing table! Note that this lookup is redundant with the one done in in_ouraddr() and we should be able to save this information instead of redoing a lookup if we need to send an error message. ok kspillner@, bluhm@, claudio@
* Use the routing table instead of the RB-tree for address lookups inmpi2014-09-301-3/+9
| | | | | | | | | in_ouraddr(). The lookup done in the forwarding case will hopefully be merged with this one in the future. ok kspillner@, bluhm@, claudio@
* Remove a limitation that ignored IPv6 link-local addresses on carp(4).reyk2014-09-281-3/+2
| | | | | | | | | | | This workaround was needed when the interface link-local address was still enabled by default to prevent immediate state transition on interfaces without any configured addresses. This is not needed anymore and removing the limitation allows to use carp(4) with addresses like fe80::2%carp0. discussed with some ok mpi@ pelikan@
* Kill rtalloc() and update rtalloc1() and rtalloc_mpath() to no longermpi2014-09-274-11/+18
| | | | | | rely on "struct route" that should die. ok claudio@
* remove uneeded proc.h includesjsg2014-09-148-16/+8
| | | | ok mpi@ kspillner@
* remove uneeded route.h includesjsg2014-09-086-12/+7
| | | | ok miod@ mpi@
* When a route to prefix (connected route) is added, if its associatedmpi2014-09-031-19/+45
| | | | | | | | | | | | | | | | | | broadcast address is non null, add a broadcast entry flagged with RTF_BROADCAST. Re-use the existing logic to switch a route to prefix from an ifa to another to also move this broadcast entry. Prior to this change broadcast entries were simple clonned ARP entries, that would be deleted once their timer expired since they would always be incomplete. With this change they are now persistant and identifiable with a new flag This version of the diff prevent a corruption reported by millert@ ok mikeb@, florian@
* Make sure broadcast entries won't be freed by the arp timer so we canmpi2014-09-031-2/+15
| | | | | | | | use them for address lookups. While here do let in_arpinput() overwrite local or broadcast entries. ok mikeb@, florian@
* Nuke net.inet6.icmp6.rediraccept and allow redirects on interfacesflorian2014-08-271-4/+3
| | | | | | | with autoconf enabled. If one is doing SLAAC one does already trust link local icmp6 so the policy for icmp6 redirects should be the same. pointed out by & OK bluhm@; OK henning@
* Revert the addition of broadcast addresses, it apparently also corruptsmpi2014-08-261-13/+1
| | | | the tree. Found by millert@.
* Move splnet() in in_ifinit() to protect less code that does notbluhm2014-08-231-10/+5
| | | | | need it. OK mpi@
* When a local route entry is added for an ifa having a broadcast address,mpi2014-08-191-1/+13
| | | | | | | | | | | | | | | also adds a broadcast entry flagged with RTF_BROADCAST. Prior to this change broadcast entries were simple clonned ARP entries, that would be deleted once their timer expired since they would always be incomplete. With this change they are now persistant and identifiable with a new flag. Committing early to be able to deal with any potential fallout before we start relying on this. ok florian@, mikeb@, henning@
* No need for raw_cb.hmpi2014-08-141-2/+1
|
* Kill MRT_{ADD,DEL}_BW_UPCALL interfaces and the bandwidth monitoringmpi2014-08-143-701/+4
| | | | | | code that comes with them. ok mikeb@, henning@
* Use the RTF_LOCAL flag instead of abusing the RTF_LLINFO flag whenmpi2014-08-111-2/+2
| | | | | | | adding local route entries. This hack made sense when we didn't have the RTF_LOCAL flag, but since some months it is set on every local route.
* Convert ARP llinfo allocation to pool(9).mpi2014-08-111-3/+8
| | | | ok henning@, dlg@
* Fix the length check for reinjected ICMP packets: sizeof(struct icmp) islteo2014-08-101-2/+2
| | | | | | | | | | | | 28 but an ICMP packet can be as small as 8 bytes (e.g. an ICMP echo request packet with no payload), so check against ICMP_MINLEN instead. Prior to this fix, divert(4) would erroneously discard valid ICMP packets that are shorter than 20 bytes. ICMPv6 is not affected, so this change applies to ICMP over IPv4 only. ok florian@ henning@
* Rename p_hdrlen to min_hdrlen to better reflect its purpose.lteo2014-08-101-6/+6
| | | | | No object file change ok florian@ henning@
* Fewer <netinet/in_systm.h> !mpi2014-07-2227-54/+27
|
* In the next step, stop accepting the nibble-swapped protocol for 5.6.deraadt2014-07-142-17/+6
| | | | | | This completes the transition. A cvs log and diff will tell the story of why we went through this. with david.dahlberg@fkie.fraunhofer.de and claudio
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.