| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
| |
to its own function and merge the two switches in in_ioctl_change_ifaddr().
Finally: each ioctl has its own case and privilege check.
ok visa
As an aside, an audit of the ports tree has shown that we should continue
to support the legacy ioctls SIOCSIF{,BRD,DST}ADDR, SIOCSIFNETMASK despite
the fact that they have been deprecated for the better part of two decades
and FreeBSD dropped support 7 years ago. Too many ports still rely on them.
Thanks to sthen and visa for their help with that.
|
| |
|
|
|
| |
in_pcb.h header file.
OK mpi@ visa@
|
| |
|
|
|
| |
rdomain. Move the printf to the end of the pcb lookup functions.
OK tb@ mpi@ visa@
|
| |
|
|
|
|
| |
So in in_pcbresize() the variant without _SAFE of the TAILQ_FOREACH
macro is sufficient.
OK tb@ mpi@ visa@
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Some more code shuffling to get rid of one switch in in_ioctl().
This way there is one case for each of SIOCSIFBRDADDR, SIOCSIFDSTADDR
and SIOCSIFNETMASK, starting with a privilege check before any global
data is modified.
ok visa
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
and in_ioctl_change_ifaddr(). This way there is one case per ioctl
starting with a privilege check before any global data is modified.
The code paths are now straightforward. Some code duplication between
SIOCSIFADDR and SIOCAIFADDR, but that can be addressed later.
tested by hrvoje
ok visa
|
| |
|
|
|
|
|
|
| |
handling of SIOCAIFADDR, SIOCDIFADDR, SIOCSIFADDR into a separate
function, analogously to what was done in in6_ioctl().
tested by hrvoje
ok visa
|
| |
|
|
|
|
|
|
| |
two big switches in this function. Error out early in the default case
without grabbing the NET_LOCK() and move SIOCSIFNETMASK a bit up. This
will reduce the noise in an upcoming diff.
ok visa
|
| |
|
|
|
|
|
|
| |
It does not make sense to call if_get() again, just pass ifp as
parameter. Move the IFT_CARP check into the function instead of
doing it everywhere. Replace the inverted match variable logic
with simple returns.
OK mpi@ friehm@
|
| |
|
|
|
|
| |
timeout is blocking on the NET_LOCK().
Issue reported by Harald Dunkel, ok visa@, bluhm@
|
| |
|
|
| |
OK mikeb@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
switches for protocol and address family. Move this code to the
specific functions from where the common function is called.
As a consequence the raw ip input functions can never be called
from udp_input() anymore. If IPsec is disabled, the functions
ah6_input(), esp6_input(), and ipcomp6_input() do not start processing
the header chain. The raw ip input functions are called with the
mbuf and offset pointers from the protocol walking loop which is
the usual behavior.
OK mpi@ markus@
|
| |
|
|
|
|
| |
next extension header is within the packet length. Also check at
the end that the IPv4 headers are not longer than the packet.
reported by Maxime Villard; from markus@ via NetBSD; OK mpi@
|
| |
|
|
| |
from markus@; OK mpi@
|
| |
|
|
| |
from markus@; OK mpi@
|
| |
|
|
|
|
| |
implemented as slow and fast protocol user requests. Replace that
with a proper timer debug implementation.
OK visa@
|
| |
|
|
| |
with and OK markus@
|
| |
|
|
| |
with and OK markus@; input mpi@
|
| |
|
|
|
|
| |
the delack timer had a different implementation. Use the same
mechanism for all TCP timer.
OK mpi@ visa@
|
| |
|
|
|
|
|
|
|
|
| |
This could happen during fragment reassembly. Better check if we
are dealing with the first mbuf of the chain.
m_adj() changes the length of the mbuf, obviously. So when using
this length to calulate the amount of adjustment, do not calculate
it again after m_adj() with wrong input. Use a temporary variable
to save the value.
from Maxime Villard, NetBSD; OK markus@ claudio@
|
| |
|
|
|
|
| |
that only needs the read lock.
ok visa, mpi
|
| |
|
|
|
|
|
|
|
|
| |
protected: mrt_ioctl() and in_ioctl(). The former has no other callers
and only needs a read lock. The latter will need refactoring to reduce
the lock's scope further. In a first step, establish a single exit point
and protect most of the function body with the NET_LOCK() while removing
the NET_LOCK() from a handful of callers.
suggested by & ok mpi, ok visa
|
| |
|
|
| |
Found the hard way.
|
| |
|
|
|
|
|
| |
For the PRU_CONTROL bit the NET_LOCK surrounds in[6]_control() and
on the ENOTSUPP case we guard the driver if_ioctl functions.
OK mpi@
|
| |
|
|
|
|
|
|
| |
disabled as there were some stability issues. It seems that the
crashes were fixed when reference counting for pf states was
implemented. Se reenable this code. Apart from the performance
improvement it also makes corner cases for pf divert-to more reliable.
OK henning@
|
| |
|
|
| |
OK millert@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the mbuf packet header. Otherwise, stale mbuf state related to the
ARP request packet might affect the fate of the ARP reply packet.
For example, I observed that for an ARP request to a carp IP, where the
underlying carpdev interface is part of a bridge, ARP replies were always
sent out on the carpdev interface, even if the corresponding ARP request
was received not on the carpdev but on a different bridge member interface.
This happened because the M_PROTO1 mbuf flag was set on the ARP request mbuf
when it left the bridge towards carp, and was still set on the ARP reply,
which reused the same mbuf, sent back towards the bridge. The bridge's loop
detection saw the M_PROTO1 flag and prevented the ARP reply from entering
the bridge, so the reply was instead sent out directly on the carpdev...
ok bluhm@ mpi@
|
| |
|
|
| |
OK visa@
|
| |
|
|
|
|
| |
the caller would leak a mbuf. Convert carp_prepare_ad() to a void
function and remove the error check.
reported by Maxime Villard; OK mpi@
|
| |
|
|
|
|
| |
IPv4 we do the same and there are races that triggers it. Increment
the statistics counter for both.
from markus@; OK mpi@
|
| |
|
|
|
| |
if the tcpcb exits.
OK mpi@
|
| |
|
|
|
| |
the packet length.
found by Maxime Villard; from FreeBSD; OK procter@ markus@
|
| |
|
|
|
|
|
|
| |
continuous. The length of the hardware and protocol address are
provided in the network packet and have to be checked first. So
enforce that we only deal with internet over ethernet arp headers
with the address length filled correctly.
found by Maxime Villard; OK claudio@
|
| |
|
|
| |
This needs to go back to the drawing board.
|
| |
|
|
| |
ok mpi@
|
| |
|
|
|
|
|
| |
The account flag `ASU' will no longer be set but that makes suser()
mpsafe since it no longer mess with a per-process field.
No objection from millert@, ok tedu@, bluhm@
|
| | |
|
| |
|
|
|
|
|
|
|
| |
while here, give us support for mpls in gif on ipv6.
this moves all the gif handling into if_gif, eg, the mpls handling
is no longer in ip_etherip.c.
ok claudio@
|
| |
|
|
|
|
|
| |
as loopback interfaces for each rdomain (including lo0). This is done when
the interface is brought up. This is now also done by default (either on
attach of lo0 or when creating the rdomain).
OK mpi@
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
the main new feature is gre keys, supported by the vnetid ioctls.
this also adds support for gre over ipv6, the use of hfsc, and
allows tx mitigation in the future.
this diff removes keepalive support, but i promised claudio@ and
patrick@ i would put it back after this goes in.
ok claudio@
|
| |
|
|
|
|
|
| |
Introduce bridge_ourether() and move carp(4)-specific SRPL code inside
carp_ourether().
ok bluhm@
|
| |
|
|
|
|
|
|
| |
having mobileip in gre makes it hard to cut gre up. the current mobileip
code is also broken, so this is def and improvement. it also makes it
easy to disable and remove mobileip in the future.
ok claudio@ henning@
|
| |
|
|
|
|
|
|
| |
pr_fasttimo. That is the reason why we have two timeout mechanisms
with complicated ticks calculation. Move the delay ACK timeout to
milliseconds and remove some ticks and hz mess from the others.
This makes it easier to see the actual values.
OK florian@ dhill@ dlg@
|
| |
|
|
|
|
|
|
|
|
|
| |
netlock, timers may still run after they have been disarmed. Deleting
the timeout is not sufficient to cancel them, but the code from 4.4
BSD is assuming this.
The solution is to add a flag for every timer to see whether it has
been armed or canceled. Remove the TF_DEAD check as tcp_canceltimers()
is called before the reaper timer is fired. Cancelation works
reliably now.
OK mpi@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
- Declare global array ipseczeroes containing zeroes constant.
- The proto parameter contains the address family, so call it af.
- Remove an unused if block, just keep the else.
- If m_copyback(M_NOWAIT) fails, return with error instead of working
with an inconsistent mbuf.
- ip6_nxt is u_int8_t, no need to clear the high bits.
- The offset and next protocol are advanced for all extension
headers, move it after the switch.
- ah_massage_headers() returns an errno, call the variable error.
OK procter@
|
| |
|
|
|
| |
remove the #ifdef KPROF which seems to be unused since that year.
OK mpi@
|
| |
|
|
|
| |
inp cannot be NULL. Remove the useless if in tcp_usrreq().
OK mpi@
|
tb
bluhm
mpi
reyk
florian
pirofti
dhill
stsp
claudio
benno
dlg
procter