summaryrefslogtreecommitdiffstats
path: root/sys/netinet (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Init a variable in the recently added carp_vhe_match() function clangjsg2015-10-141-2/+2
| | | | | | and mpi believe could be used uninitialised. ok mpi@
* Make use of rtisvalid(9) to check if local route entries match existingmpi2015-10-131-8/+4
| | | | | | configured addressses. ok mikeb@
* Simplify arptfree() to no longer look at the route entry's refcounter.mpi2015-10-131-17/+8
| | | | | | | | ARP entries with an expired timeout are now removed from the tree even if they are cached somehwere else. This also reduces differences with NDP. ok bluhm@
* Use rtisivalid(9) to check if the given (cached) route can be used.mpi2015-10-131-3/+3
| | | | | | | | | | | | | | | | | | Note that after calling rtalloc(9) we only check if a route has been returned or not and do not check for its validity. This cannot be improved without a massive refactoring. The kernel currently *do* use !RTF_UP route due to a mismatch between the value of ifp->if_link_state and the IFF_UP|IFF_RUNNING code. I'd explain the RTF_UP flag as follow: . If a cached route entry w/o RTF_UP is passed to ip{6,}_output(), . call rtalloc(9) to see if a better entry is present in the tree. This is enough to support MPATH and route cache invalidation. ok bluhm@
* Rename tame() to pledge(). This fairly interface has evolved to be morederaadt2015-10-091-4/+4
| | | | | | strict than anticipated. It allows a programmer to pledge/promise/covenant that their program will operate within an easily defined subset of the Unix environment, or it pays the price.
* easy size for free(); ok mpideraadt2015-10-071-2/+4
|
* Initialize the routing table before domains.mpi2015-10-072-6/+6
| | | | | | | | | | | | | | | | | | | | | | | The routing table is not an optional component of the network stack and initializing it inside the "routing domain" requires some ugly introspection in the domain interface. This put the rtable* layer at the same level of the if* level. These two subsystem are organized around the two global data structure used in the network stack: - the global &ifnet list, to be used in process context only, and - the routing table which can be read in interrupt context. This change makes the rtable_* layer domain-aware and extends the "struct domain" such that INET, INET6 and MPLS can specify the length of the binary key used in lookups. This allows us to keep, or move towards, AF-free route and rtable layers. While here stop the madness and pass the size of the maximum key length in *byte* to rn_inithead0(). ok claudio@, mikeb@
* Move route entry debug helpers where they belong.mpi2015-10-071-107/+1
|
* Revert if_oqdrops accounting changes done in kernel, per request from mpi@.uebayasi2015-10-051-1/+2
| | | | | | | | | | | | | (Especially adding IF_DROP() after IFQ_ENQUEUE() was completely wrong because IFQ_ENQUEUE() already does it. Oops.) After this revert, the situation becomes: - if_snd.ifq_drops is incremented in either IFQ_ENQUEUE() or IF_DROP(), but it is not shown to userland, and - if_data.ifi_oqdrops is shown to userland, but it is not incremented by anyone.
* Don't count IF_DROP()'ed packets as if_oerrors too.uebayasi2015-10-051-2/+1
| | | | | | mpi@ plans to clean-up IF_DROP()'s, but fix consistent use of it for now. OK dlg@
* add a comment above the rfc1948 code that mentions the rfc so it's easy to findtedu2015-10-021-1/+4
|
* Factors ou the route hashing code to implement Equal-Cost Multi-Pathmpi2015-09-281-14/+13
| | | | | | | | for ART. While here sync the two remaining mix() macros. ok chris@, dlg@
* Merge gif(4)'s tentacles in a single file.mpi2015-09-283-246/+2
| | | | | | Tested by <mxb AT alumni DOT chalmers DOT se>. ok dlg@
* Do not manually decrement rt's refcounter in arplookup() and let thempi2015-09-281-25/+35
| | | | | | callers rtfree(9) it. ok bluhm@
* Welcome etheranyaddr, cousin of etherbroadcastaddr.stsp2015-09-271-1/+2
| | | | | | Can be used to check if a MAC address is all zeros. Will be used by iwm(4) soon. ok kettenis@
* make carp_input mpsafe.dlg2015-09-271-78/+234
| | | | | | | | | | | | | | | | | | | | | there are three data structures involved here: the list of carp interfaces on a parent interface (struct carp_if) is now accessed via the if_ih cookie. its lifetime is managed by the if_ih_insert and if_ih_remove calls. the second is the interfaces (struct carp_softc) in the list above. these has been moved from being access via a TAILQ to an SRPL. modifications to the list are serialised by the kernel lock. the third is the list of vhost entries (struct carp_vhost_entry). these used to be in a LIST on each carp_softc, but have been moved to being accessed vian an SRPL. modifications to the list are serialised by the kernel lock. written at l2k15 tested by mpi@ and hrvoje popovski ok mpi@
* Ensure that RTF_LOCAL route entries always stay UP.mpi2015-09-251-2/+2
| | | | | | | | | | | Local route entries, being now attached to their corresponding interface, are susceptible to be brought DOWN when a link state change occurs. When this happens locally configured addresses are no longer reachable. So keep the previous (original) behavior by forcing such route entries to always be UP. ok sthen@, claudio@
* Always increment rt_use inside rtalloc(9) instead of doing it in somempi2015-09-232-4/+2
| | | | | | specific places. ok claudio@, benno@
* Remove inpt_lastport from struct inpcbtable, use local variablesvgross2015-09-222-17/+15
| | | | | | in in_pcbbind() and in6_pcbsetport() ok claudio@, with input from David Hill
* Fix uninitalized use of variable.claudio2015-09-161-2/+3
| | | | | Issue _17 found by Maxime Villard Brainy scanner. OK bluhm@
* There's no point in abstracting ifp->if_output() as long as pf_test()mpi2015-09-132-8/+8
| | | | | | needs to see lo0 in the output path. ok claudio@
* if_put() after if_get().mpi2015-09-131-1/+2
| | | | ok dlg@
* Get the default loopback interface pointer just after doing a routempi2015-09-131-2/+5
| | | | | | | | | lookup to ensure pf_test() is called with the same interface in the input annd output path for local traffic. Fix a regression reported by Heiko Zimmermann on bugs@, thanks! ok mikeb@, claudio@
* queue revarps to softnet so we can defer processing to a context withdlg2015-09-132-4/+9
| | | | | | the kernel lock. "do it" claudio@ mpi@
* consistently name the ifnet * that refers to the parent interfacedlg2015-09-121-50/+50
| | | | | | | | | ifp0, and the ifnet * that refers to the carp interface ifp. this makes it easier for me to read. it's probably not the right name for ifp0, but at least it's consistent. ok sthen@ bluhm@ mpi@ claudio@
* Now that rtrequest1(9) properly sets RTF_UP for newly added route,mpi2015-09-121-5/+4
| | | | | | stop passing it in every rt_ifa_add(9) calls. ok claudio@
* Stop overwriting the rt_ifp pointer of RTF_LOCAL routes with lo0ifp.mpi2015-09-122-19/+9
| | | | | | | | | Use instead the RTF_LOCAL flag to loop local traffic back to the corresponding protocol queue. With this change rt_ifp is now always the same as rt_ifa->ifa_ifp. ok claudio@
* Introduce if_input_local() a function to feed local traffic back tompi2015-09-122-4/+4
| | | | | | | | | | the protocol queues. It basically does what looutput() was doing but having a generic function will allow us to get rid of the loopback hack overwwritting the rt_ifp field of RTF_LOCAL routes. ok mikeb@, dlg@, claudio@
* Fix two cases where it was possible to call if_put with an uninitialized ifpclaudio2015-09-121-3/+3
| | | | Found by jsg@ with clang
* vhif_ifp in struct carp_ifs is set but never used. it can be trimmed.dlg2015-09-121-4/+1
| | | | ok claudio@ mpi@
* vhif_nvrs in carp_if is used to count the number of entries indlg2015-09-121-4/+2
| | | | | | | | | vhif_ifs so you can tell when that list is empty. you can use TAILQ_EMPTY to see if a list is empty though, so kill the count and use EMPTY instead. ok mpi@
* if_put after if_get in ip_savecontroldlg2015-09-111-1/+2
| | | | ok mpi@
* if_put after if_get in igmp_joingroupdlg2015-09-111-5/+7
| | | | ok mpi@ claudio@
* if_put() after if_get for ip_output. This became suddenly super trivial.claudio2015-09-111-2/+6
| | | | OK dlg@
* There is no need to do the route lookups twice just because of IPSec.claudio2015-09-111-114/+50
| | | | | Merge the two blocks into one that is executed before the IPSec tdb lookup. OK mpi@ which had a sent out a similar diff around 3 years ago.
* Convert _TM_ flags to TAME_ flags, collapsing the entire mappingderaadt2015-09-111-2/+2
| | | | | | layer because the strings select the right options. Mechanical conversion. ok guenther
* When pf modifies a TCP packet, it sets the M_TCP_CSUM_OUT flag inbluhm2015-09-111-2/+2
| | | | | | | | | | | | | | | | | the mbuf packet header. If the packet and is later dropped in ip6_forward(), the TCP mbuf is copied and passed to icmp6_error(). IPv6 uses m_copym() and M_PREPEND() which preserve the packet header. The inherited M_TCP_CSUM_OUT flag generates ICMP6 packets with an incorrect checksum. So reset the csum_flags when packets are generated by icmp6_reflect() or icmp6_redirect_output(). IPv4 does m_copydata() into a fresh mbuf. There m_inithdr() clears the packet header, so the problem does not occur. But setting the csum_flags explicitly also makes sense for icmp_send(). Do not or M_ICMP_CSUM_OUT to a value that is 0 because of some function calls before. OK mpi@ lteo@
* Stricter checks on sockaddr content when binding PF_INET sockets.vgross2015-09-111-7/+3
| | | | Ok mpi@
* if_put after if_get.dlg2015-09-111-10/+13
| | | | ok claudio@
* Only include <sys/tame.h> in the .c files that need itguenther2015-09-111-1/+2
| | | | ok deraadt@ miod@
* Kill yet another argument to functions in IPv6. This time ip6_output'sclaudio2015-09-115-10/+10
| | | | | | | ifpp - XXX: just for statistics ifpp is always NULL in all callers so that statistic confirms ifpp is dying OK mpi@
* in6_embedscope() needs to lose some weight. Remove the last argument.claudio2015-09-113-11/+11
| | | | | | | | | In all but two calls NULL is passed and in the other 2 cases the ifp is only used to maybe feed it to in6_selecthlim() to select the hoplimit for the link. Since in6_embedscope() only works on link-local addresses it does not matter what hop limit we select since the destination is directly reachable. OK florian@ mpi@
* It is time to put inet6 on a diet. Use the flensing knife and cut outclaudio2015-09-103-8/+8
| | | | | the 3rd argument of in6_recoverscope() and make it return void. OK dlg@ mikeb@
* pass a cookie argument to interface input handlers that can be usedmikeb2015-09-101-5/+5
| | | | | | | to pass additional context or transient data with the similar life time. ok mpi, suggestions, hand holding and ok from dlg
* if_put after if_get.dlg2015-09-101-29/+51
| | | | ok claudio@
* Only half of the IPv6 source address was used as input for the synbluhm2015-09-101-11/+11
| | | | | | | cache hash. That makes it trivial to create syn cache collisions. Take the full address, xor it with random data and put it into the hash function. OK markus@
* move the if input handler list to an SRP list.dlg2015-09-101-22/+5
| | | | | | | | | | | | instead of having every driver that manipulates the ifih list understand SRPLs, this moves that processing into if_ih_insert and if_ih_remove functions. we rely on the kernel lock to serialise the modifications to the list. tested by mpi@ ok mpi@ claudio@ mikeb@
* correctly hold and put a reference to the revarp ifp while tryingdlg2015-09-101-14/+13
| | | | | | to get nfs working. ok claudio@
* move the guts of igmp_input into a igmp_input_if function and calldlg2015-09-101-13/+23
| | | | | | | it with the reference from if_get held so we can if_put it easly after the guts have run. ok claudio@
* if_put after if_get in icmp input.dlg2015-09-101-10/+22
| | | | | | | | instead of chasing all the ways out of icmp_input, rename it to icmp_input_if and call it from a wrapper that gets the ifp and puts it after icmp_input_if call. ok claudio@