summaryrefslogtreecommitdiffstats
path: root/sys/netinet (follow)
Commit message (Collapse)AuthorAgeFilesLines
* make the syncache code respect (inherit) the ttl from the listening sockethenning2006-12-051-5/+5
| | | | when sending the synack response. ok markus
* do not install pmtu routes for transport mode SAs, as they do notmarkus2006-12-053-4/+25
| | | | the dest IP; PMTU debugging support; ok hshoexer
* rangecheck ttl on IP_TTL, collected dust in my treehenning2006-12-011-2/+5
|
* make use of multiple routing tables.henning2006-11-271-4/+15
| | | | | | hook up looking up routes in alternate tables to the packet forwarding path. alternate routing tables are mintained with route(8), table selection via pf. mostly hacked on a train ride with ryan some time ago, ok mcbride claudio
* The current implementation to handle control options is broken as soon asclaudio2006-11-271-21/+24
| | | | | | SO_REUSEADDR and multicast/broadcast comes into play. Model the ip_savecontrol handling after the rip_input version which works. Problem found by Simon Kelley. OK henning@ michele@
* Remove unneeded branch, no need to check if opts is != NULL just set it toclaudio2006-11-251-3/+2
| | | | NULL in any case.
* add support to tag ipsec traffic belonging to specific IKE-initiatedreyk2006-11-244-5/+44
| | | | | | | | | | | phase 2 traffic. this allows policy-based filtering of encrypted and unencrypted ipsec traffic with pf(4). see ipsec.conf(5) and isakmpd.conf(5) for details and examples. this is work in progress and still needs some testing and feedback, but it is safe to put it in now. ok hshoexer@
* in carp_attach, create the "carp" interface group, so that it is alwayshenning2006-11-161-1/+5
| | | | | | | and early in the boot process existant. needed by the rc scripts for carp demotion on the "carp" group. this used to work because pfsync0 was always there and member of said group; it has been broken on pfsync-less kernels for quite some time. ok mpf mcbride
* do not re-generate the timestamp modulation offset for SYN-ACK retransmits;markus2006-10-311-3/+4
| | | | this unbreaks TCP for high RTT (~3s); ok mcbride@
* implement IP_MINTTL socket option fo tcp socketshenning2006-10-114-4/+22
| | | | | | | | This is for RFC3682 aka the TTL security hack - sender sets TTL to 255, receiver checks no router on the way (or, no more than expected) reduced the TTL. carp uses that technique already. modeled after FreeBSD implementation. ok claudio djm deraadt
* implement IP_RECVTTL socket option.henning2006-10-114-5/+22
| | | | | | when set on raw or udp sockets, userland receives the incoming packet's TTL as ancillary data (cmsg shitz). modeled after the FreeBSD implementation. ok claudio djm deraadt
* udp port 664 is sometimes also stolen on the wire by ipmi/asf balony.deraadt2006-09-261-2/+2
| | | | Did these vendors really really really not think? Absolute morons.
* ugly trailing ws; from bret dot lambert at gmailotto2006-09-211-5/+5
|
* Automatically add a IPv6 link-local address to carp interfaces when themcbride2006-08-311-23/+64
| | | | | | | | | | | | | | | | virtual MAC address is set. Among other things, this makes route6d work correctly on systems with carp interfaces. In order to ensure backwards compatibility, we do not include IPv6 link-local addresses in generating the HMAC, but we accept HMACs with AND without the link-local addresses. They will be added to the HMAC in a future release. In short: this change should only affect backwards compatibility for IPv6 users who are manually adding link-local addresses on carp interfaces. testing mtu@ todd@ ok mpf@ henning@ deraadt@
* Make carp see all IPv6 address additions and remove dead code in carp_ioctl()mcbride2006-08-281-30/+3
| | | | ok mpf@ henning@
* Answer ARP queries also for addresses on carp interfaces, if carpsmpf2006-08-211-4/+14
| | | | | | | physical interface shares a bridge with the interface that received it. Patch based on a version from camield@ Fixes PR 5178. OK mcbride@
* Send out a second delayed gratuitous ARP request aftermpf2006-08-161-1/+11
| | | | | | | | we've won the MASTER election. This seems to be necessary w/ some wacky L3 switches, that only learn by looking at ARP packets. Fixes PR 5148. OK mcbride@
* get rid of arc network support. we have no users of it so this is deaddlg2006-07-181-126/+0
| | | | | | | code. however, it is still cluttering up the kernel namespace a bit. it is better gone. ok claudio@
* Call ip_savecontrol() in the multicast codepath of udp_input() similar toclaudio2006-07-171-1/+7
| | | | | | the INET6 code. With this it is possible to use e.g. IP_RECVIF to get the incomming interface. SOCK_RAW is not affected by this. Problem found and fixed by Michele 'mydecay' Marchetto. OK markus@
* u_quad_t -> u_int64_tbrad2006-07-062-44/+44
| | | | no functional change.
* htonq() is not used, at allderaadt2006-06-301-23/+1
|
* No need to add function prototypes twice to a header file.claudio2006-06-281-6/+1
|
* Whitespace, oops.pascoe2006-06-181-2/+2
|
* Add support for equal-cost multipath IP.pascoe2006-06-184-20/+33
| | | | | | | | | | | | | | To minimise path disruptions, this implements recommendations made in RFC2992 - the hash-threshold mechanism to select paths based on source/destination IP address pairs, and inserts multipath routes in the middle of the route table. To enable multipath distribution, use: sysctl net.inet.ip.multipath=1 and/or: sysctl net.inet6.ip6.multipath=1 testing norby@ ok claudio@ henning@ hshoexer@
* unbreak; from theohenning2006-06-171-3/+3
|
* adjust functions dealing with the routing table to take a table ID ashenning2006-06-166-22/+27
| | | | | | parameter so they can work on alternate tables. table 0 hardcoded for many callers yet, that will be adapted step by step. input + ok claudio norby hshoexer
* Change cast of last vararg to ip_output to match what ip_output expects,pascoe2006-06-151-3/+3
| | | | | | for clarity. henning@ claudio@ ok
* Make number of varargs passed to ip_output match reality.pascoe2006-06-152-5/+5
| | | | henning@ claudio@ ok
* Put mrouting enable flag inside the right ifdef. If you change filesderaadt2006-06-061-2/+5
| | | | here, make sure they compile with or without IPSEC, you morons!
* Introduce attributes to interface groups.mpf2006-06-022-30/+91
| | | | | | | | | | | | | | | | | | As a first user, move the global carp(4) demotion counter into the interface group. Thus we have the possibility to define which carp interfaces are demoted together. Put the demotion counter into the reserved field of the carp header. With this, we can have carp act smarter if multiple errors occur. It now always takes over other carp peers, that are advertising with a higher demote count. As a side effect, we can also have group failovers without the need of running in preempt mode. The protocol change does not break compability with older implementations. Collaborative work with mcbride@ OK mcbride@, henning@
* Put ASF/IPMI port 623 into the bad dynamic udp table, because otherwisederaadt2006-05-301-2/+2
| | | | | we will randomly choose that stupid port, which NIC's are sometimes programmed to eat invisibly; sthen@bootes.spacehopper.org, pr5139
* Make savecontrol functions more generic and use them now for raw IP too.claudio2006-05-297-84/+115
| | | | | Additionally add the IP_RECVIF option which returns the interface a packet was received on. OK markus@ norby@
* Only preemptively increase the replay counter for outbound TDBs.mcbride2006-05-282-6/+6
| | | | | | Another ipsec failover fix from nathanael at polymorpheus dot com. ok hshoexer@
* - remove ETHER_MAX_LEN_JUMBO and ETHERMTU_JUMBO.brad2006-05-281-3/+1
| | | | | | - use if_hardmtu for MTU ioctl handlers. ok reyk@
* rename jumbo mtu to if_hardmtu; ok brad reykderaadt2006-05-262-10/+9
|
* Check for NULL cookies before calling hook_disestablish(). Just in casekrw2006-05-221-3/+4
| | | | | | the establish calls were bypassed or failed. ok mpf@
* Add a duplicate check for our own advertisements. This is necessarympf2006-05-181-1/+43
| | | | | | for dumb non simplex interfaces, that receive packets they've just sent. Fixes bug 5121. OK deraadt@, mcbride@
* - pcbflags is not modified in pcb_(dis)connect, so there's nomarkus2006-05-161-11/+3
| | | | | | | | need to save/restore it. - inp->inp_laddr should be set _before_ calling pcb_disconnect(). otherwise pcb_disconnect() calls pcb_rehash() with the old laddr. [ currently this is not a problem since the hash ignores laddr ] tested by pedro
* fix corruption of pim register packets. From Hideki ONO, thanks!hshoexer2006-05-111-2/+2
| | | | ok mcbride@ itojun@
* use underscore variants of _BYTE_ORDER macros which are always definedtedu2006-04-277-44/+44
| | | | ok deraadt millert
* Remove virtual tunnel support from the mrouting code. The virtual tunnelclaudio2006-04-253-121/+6
| | | | | | code breaks multicast on gif(4) interfaces and it is far better to configure a real gif(4) tunnel instead of a multicast tunnel as the latter is almost not manageable. OK norby@, mblamer@
* Routes announced via rt_missmsg() do not have rtm_index set. While in mostclaudio2006-04-221-2/+2
| | | | | | cases harmless it is used by the IPv6 code. The result is that bgpd is unable to assigning link local addresses to the correct interface. OK henning@ Fix for PR 5063.
* fix a typonorby2006-03-301-2/+2
| | | | ok claudio@
* if_link_state_change() is more appropriate here.camield2006-03-261-2/+2
| | | | ok henning mcbride
* allow bpf(4) to ignore packets based on their direction (inbound ordjm2006-03-258-17/+23
| | | | | outbound), using a new BIOCSDIRFILT ioctl; guidance, feedback and ok canacar@
* Set a carp MAC address of 00:00:00:00:00:00 if no vhid is assigned.mcbride2006-03-231-2/+4
| | | | ok henning@
* prevent anything outside rote.c from accessing the routing table headshenning2006-03-222-7/+8
| | | | | | | | directly. rather provide a rt_lookup function for regular lookups, and a rt_gettable for those that need access to the head for some reason. the latter cases should be revisted later probably so that nothing outside the routing core code accesses the heads at all... tested claudio jolan me, ok claudio markus
* mbuf use-after-free; ok henning, djm, bradmarkus2006-03-121-2/+6
|
* advertisment -> advertisement; from leonardo chiquitto filhojmc2006-03-071-3/+3
|
* Use more queue macros rather than doing it by hand; ok otto@ krw@miod2006-03-059-92/+89
|
Copyright © 1996 – 2023 Jason A. Donenfeld. All Rights Reverse Engineered.