| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
| |
previously the driver only cared that a carp interface wasnt configured
as a carpdev. because the code only really works on ethernet, it makes
sense to restrict it.
ok visa@ mpi@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
currently carp uses a struct carp_if to hold an srp list head, which
is accessed by both if_carp in struct ifnet, and via the if input
handlers list.
this gets rid of some indirection by making if_carp itself the list
head, rather than a pointer to the list head via a struct carp_if.
it also makes accessing the list consistent by only using if_carp
to get to it.
ok mpi@
|
| |
|
|
|
|
|
|
|
| |
carp6_proto_input_if only handles packets "received" on real carp
interfaces, which the ethernet stack goes to a lot of trouble to
provide. since carp assumes ethernet, carp_proto_input_if can assume
the packets will come in right too.
ok mpi@
|
| |
|
|
|
|
| |
memory shortage. As it is invoked from a system call, it should
not fail and wait instead.
OK visa@ mpi@
|
| |
|
|
|
|
| |
be atomically read from any context.
ok bluhm@, visa@
|
| |
|
|
|
|
|
|
|
|
|
| |
this makes it like all our other protocol family input functions.
mpls_input always looks up the interface the mbuf was received on,
but it's always called by code that already has a reference to that
interface anyway. the result of this is a few less if_get/if_put
calls.
ok mpi@ bluhm@ visa@ claudio@
|
| |
|
|
|
| |
or other states more consistent.
OK visa@ sashan@ on a previous version
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
state as diverted. This is necessary for IP input to accept the
packet as ours. But it must not be used to match the ICMP packet
to a raw socket. Clear the PF_TAG_DIVERTED mbuf pf flag for the
special ICMP and ICMP6 packets in icmp_input_if() and icmp6_input().
The m_tag_delete_chain() caused an inconsistent PF_TAG_DIVERTED
mbuf pf flag and PACKET_TAG_PF_DIVERT mbuf tag which triggered an
assert in rip_input(). Deleting all mbuf tags can have undesired
side effects and is not necessary anymore since icmp_reflect() calls
m_resethdr(). Do not touch the mbuf tags and adjust the mbuf pf
flags for the correct behavior of rip_input() and rip6_input().
reported by Chris Eidem, James Turner, vicviq, Scott Vanderbilt
OK mpi@
|
| |
|
|
|
|
|
|
|
| |
The initialization of a secret SHA256 context for generating TCP
initial sequence numbers is moved out of tcp_set_iss_tsm used to
set up ISN for new connections and into tcp_init, sparing the
need for a global flag.
OK deraadt, visa, mpi
|
| |
|
|
|
|
|
|
| |
is set, pf_find_divert() cannot fail so put an assert there.
Explicitly check all possible divert types, panic in the default
case. For raw sockets call pf_find_divert() before of the socket
loop. Divert reply should not match on TCP or UDP listen sockets.
OK sashan@ visa@
|
| | |
|
| |
|
|
|
|
|
|
| |
security check prevents that the user accidentally configures
redirect where a divert-to would be appropriate. Instead of spreading
the logic into tcp and udp input, check the flag during PCB listen
lookup. This also reduces parameters of in_pcblookup_listen().
OK visa@
|
| |
|
|
| |
OK florian@
|
| |
|
|
|
|
|
|
|
|
| |
divert-to or divert-reply was active. If the address was also set,
it meant divert-to. Divert packet used a separate structure. This
is confusing and makes it hard to add new features. It is better
to have a divert type that explicitly says what is configured.
Adapt the pf rule struct in kernel and pfctl, no functional change.
Note that kernel and pfctl have to be updated together.
OK sashan@
|
| |
|
|
|
|
| |
mp-safe.
ok bluhm@, visa@
|
| |
|
|
|
|
|
| |
They have the same functionnality since friehm@ cleaned up
balancing code.
ok florian@, visa@, patrick@, bluhm@, jmatthew@
|
| |
|
|
|
|
|
| |
forwarding. It should never match and would cause MP locking
problems. While there remove an useless ifp parameter from
ip_output_ipsec_send().
from markus@; OK visa@ sashan@
|
| |
|
|
|
|
|
|
|
|
| |
to make it symmetric to the addrhook establish which is being done in
carp_clone_create(). This fixes the issue that carp does not recognize
address changes on the carp after an interface has detached, which could
cause issues like carp not recovering or even panics. Unfortunately
there are more bugs lurking in carp.
ok bluhm@
|
| |
|
|
| |
ok bluhm@
|
| |
|
|
|
|
| |
This will allows us to get rid of the list.
ok visa@
|
| |
|
|
|
|
| |
pr_input handlers without KERNEL_LOCK().
ok visa@
|
| |
|
|
| |
ok visa@ mpi@
|
| |
|
|
| |
ok visa@ mpi@
|
| |
|
|
| |
ok visa@ mpi@
|
| |
|
|
|
| |
While here, drop the declaration in headers, since the variable is used
in a single file. ok visa@ mpi@
|
| |
|
|
|
| |
Those functions only handle MPLS-in-IP packets, it makes little sense to
count those as ethernet-in-IP. ok visa@ mpi@
|
| |
|
|
|
| |
As a result, ip_ether.c now only deals with MPLS-in-IP. The next
commits will move & rename stuff to make this clear. ok visa@ mpi@
|
| |
|
|
|
|
|
|
|
| |
gif(4) now depends on etherip(4) but this is a temporary drawback: we
can get rid of etherip_init(), called from the protocol switch, and
ip_ether.c should stop using etherip counters once it is clear that this
file doesn't handle ethernet-in-IP any more.
ok visa@ as part of a larger diff, ok mpi@
|
| |
|
|
| |
ok visa@ as part of a larger diff, ok mpi@
|
| |
|
|
|
|
|
| |
One step needed to completely remove ethernet-in-IP support from gif(4).
No functional changes.
ok visa@ as part of a larger diff, ok mpi@
|
| | |
|
| |
|
|
| |
ok bluhm@, visa@
|
| |
|
|
|
|
|
|
| |
This will be used to first allow read-only ioctl(2) to be executed while
the softnet taskq is running. Then it will allows us to execute multiple
softnet taskq in parallel.
Tested by Hrvoje Popovski, ok kettenis@, sashan@, visa@, tb@
|
| |
|
|
| |
Input and OK jca@, OK florian@
|
| |
|
|
|
|
|
|
|
|
|
| |
calls in tcp_input(). When I added this code for socket splicing,
I have missed that they may be called indirectly through functions.
Although not strictly necessary since we have the sosplice thread,
put that flag consistently when we want to prevent that tcp_output()
is called in the middle of tcp_input(). As soisconnected(),
soisdisconnected(), and socantrcvmore() call the wakeup functions
from tcp_input(), set the TF_BLOCKOUTPUT flag around them.
OK visa@
|
| |
|
|
| |
OK bluhm@, mpi@
|
| |
|
|
|
|
| |
This is a preliminary step for using percpu counters with the data.
OK mpi@
|
| | |
|
| |
|
|
| |
ok kettenis@, dhill@, visa@, jca@
|
| |
|
|
| |
OK mpi
|
| |
|
|
|
|
|
|
|
| |
Instead return EOPNOTSUPP and call it from ifioctl(). This will help
getting per-driver ioctl routines outside of need the NET_LOCK().
While here always return ENXIO when ``ifp'' is NULL.
ok visa@, florian@
|
| |
|
|
|
|
| |
functions to pave way for more fine grained locking.
Suggested by, comments & OK mpi
|
| | |
|
| |
|
|
|
|
|
| |
NOTE: code still runs with single softnet task. change definition of
SOFTNET_TASKS in net/if.c, if you want to have more than one softnet task
OK mpi@, OK phessler@
|
| |
|
|
| |
OK mpi, visa
|
| |
|
|
|
|
| |
Direction suggested by mpi
OK mpi, visa
|
| |
|
|
|
|
| |
This enforces an order and will allow us to get rid of the global list.
ok millert@, visa@, markus@
|
| |
|
|
|
|
|
|
|
| |
is set.
Accesses to IPsec global data structure are now serialized by the
NET_LOCK().
Tested by many, ok visa@, bluhm@
|
| |
|
|
|
|
|
|
|
| |
TCP_FACK was disabled by provos@ in June 1999.
TCP_FACK is an algorithm that decides that when something is lost, all
not SACKed packets until the most forward SACK are lost. It may be a
correct estimate, if network does not reorder packets.
OK visa@ mpi@ mikeb@
|
dlg
bluhm
mpi
mikeb
nayden
patrick
jca
visa
florian
sashan
job