| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
ok kettenis@, dhill@, visa@, jca@
|
| |
|
|
| |
OK mpi
|
| |
|
|
|
|
|
|
|
| |
Instead return EOPNOTSUPP and call it from ifioctl(). This will help
getting per-driver ioctl routines outside of need the NET_LOCK().
While here always return ENXIO when ``ifp'' is NULL.
ok visa@, florian@
|
| |
|
|
|
|
| |
functions to pave way for more fine grained locking.
Suggested by, comments & OK mpi
|
| | |
|
| |
|
|
|
|
|
| |
NOTE: code still runs with single softnet task. change definition of
SOFTNET_TASKS in net/if.c, if you want to have more than one softnet task
OK mpi@, OK phessler@
|
| |
|
|
| |
OK mpi, visa
|
| |
|
|
|
|
| |
Direction suggested by mpi
OK mpi, visa
|
| |
|
|
|
|
| |
This enforces an order and will allow us to get rid of the global list.
ok millert@, visa@, markus@
|
| |
|
|
|
|
|
|
|
| |
is set.
Accesses to IPsec global data structure are now serialized by the
NET_LOCK().
Tested by many, ok visa@, bluhm@
|
| |
|
|
|
|
|
|
|
| |
TCP_FACK was disabled by provos@ in June 1999.
TCP_FACK is an algorithm that decides that when something is lost, all
not SACKed packets until the most forward SACK are lost. It may be a
correct estimate, if network does not reorder packets.
OK visa@ mpi@ mikeb@
|
| |
|
|
| |
With input from Klemens Nanni, OK visa, mpi, bluhm
|
| |
|
|
| |
if_attach() enforces it is properly defined.
|
| |
|
|
| |
ok florian@, claudio@, bluhm@
|
| |
|
|
| |
OK deraadt, mpi, visa, job
|
| |
|
|
| |
ok florian@, claudio@, visa@, bluhm@
|
| |
|
|
|
|
|
|
|
|
| |
off the mbuf properties with m_resethdr(). It is a new packet,
especially M_LOOP indicating that it was running through lo(4)
should be cleared. Use the ph_loopcnt to prevent looping at the
upper end of the stack. Although not strictly necessary in icmp
reflect, it is a good idea to increase and check the counter here,
like in socket splicing.
OK mpi@ sashan@
|
| |
|
|
|
|
|
|
| |
while packets where being passed to IPsec tasks.
Found the hardway by Hrvoje Popovski.
ok phessler@, claudio@
|
| |
|
|
|
|
|
|
|
|
| |
Put more NET_ASSERT_LOCK() and document which globals it protects.
Add a mutex for pfkeyv2 globals.
Convert ipsp_delete_acquire() to timeout_set_proc().
Tested by Hrvoje Popovski, ok bluhm@ visa@
|
| | |
|
| |
|
|
|
|
| |
Exposes per-CPU counters to real parrallelism.
ok visa@, bluhm@, jca@
|
| |
|
|
|
| |
divert-packet. Bring back the loop over the global list to find
the divert socket.
|
| |
|
|
|
|
|
|
| |
It used a loop over the global list divbtable that would be hard
to make MP safe. The port net/dnsfilter does not work without this,
it should be converted to divert-to. Neither other ports nor base
use this filter feature.
ports checked by sthen@; OK mpi@ benno@
|
| |
|
|
|
|
|
| |
setting IP options.
Issue reported by Kapetanakis Giannis
OK mpi@
|
| |
|
|
|
| |
This is a common idiom when a list element has been found.
OK visa@ mpi@
|
| |
|
|
|
|
|
|
| |
route lookup to make it MP safe. Only set the mbuf header fields
that are needed. Validate the name input. Also use the same
variables in IPv4 and IPv6 functions and avoid unneccessary
initialization.
OK mpi@
|
| |
|
|
|
|
| |
lookup to make it MP safe. Only set the mbuf header fields that
are needed. Validate the name input.
OK mpi@
|
| |
|
|
|
|
| |
Not all of them need the NET_LOCK().
ok bluhm@
|
| |
|
|
|
|
|
| |
ip_local(), ip_slowtimo() and ip_drain() run without KERNEL_LOCK()
and NET_LOCK().
Input and OK mpi@, bluhm@
|
| |
|
|
|
|
| |
list traversal with LIST_FOREACH_SAFE().
OK bluhm@, mpi@
|
| |
|
|
|
|
| |
all the callers to call m_freem(9).
Support from deraadt@ and tedu@, ok visa@, bluhm@
|
| |
|
|
|
|
| |
Problem reported and fix tested by Hrvoje Popovski.
ok bluhm@, visa@
|
| |
|
|
|
|
| |
Especially in tcp_usrreq() connect detect the correct address family
based on the inp_flags instead of the sa_family user input.
OK mpi@
|
| |
|
|
| |
Tested by Hrvoje Popovski, ok bluhm@
|
| |
|
|
|
|
|
| |
in common checks for unix, inet, inet6 instead of partial checks
here and there. Some checks are already done at a higher layer,
but better be paranoid with user input.
OK claudio@ millert@
|
| |
|
|
|
|
|
|
| |
retransmit timeout. Do not run path MTU discovery on local routes
as we never want that on loopback. For permanent ARP or ND entries
disable path MTU discovery as they use the same rt_expire field.
This prevents that permanent routes and entries disappear.
bug analysis friehm@; OK mpi@
|
| | |
|
| |
|
|
|
| |
We know when pltime or vltime decrease to zero. Run nd6_expire then.
Input & OK mpi, bluhm
|
| |
|
|
|
|
| |
The interface congestion algorithm kills performance at this place,
with the large queues it never triggers.
OK mpi@ claudio@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
of src/dst ip/port is unique for TCP. But if the socket is not
bound, the automatic bind by connect happens after the check. If
the socket has the SO_REUSEADDR flag, in_pcbbind() may select an
existing local port. Then we had two colliding TCP PCBs. This
resulted in a packet storm of ACK packets on loopback. The softnet
task was constantly holding the netlock and has a high priority,
so the system hung.
Do the in_pcbhashlookup() again after in_pcbbind(). This creates
sporadic "connect: Address already in use" errors instead of a hang.
bug report and testing Olivier Antoine; OK mpi@
|
| |
|
|
|
| |
kernel that uses it without the #ifdef guard.
OK bluhm
|
| |
|
|
|
|
|
| |
ICMP6_DST_UNREACH_NOTNEIGHBOR is ICMP6_DST_UNREACH_BEYONDSCOPE (RFC
1885 was obsoleted).
sthen grepped the ports sources to make sure nothing uses it.
OK millert, jca
|
| |
|
|
|
|
| |
Prompted by a bugreport by naddy that IPv6 autoconfiguration is broken
in the installer.
OK mpi, "go for it" deraadt
|
| |
|
|
|
|
| |
rtdeletemsg().
ok bluhm@
|
| |
|
|
|
|
|
|
| |
In the forwarding path, pf_test() is executed w/o KERNEL_LOCK() and
in case of divert end up calling sowakup(). However selwakup() and
csignal() are not yet ready to be executed w/o KERNEL_LOCK().
ok bluhm@
|
| |
|
|
|
|
|
|
| |
introduces a forward decl for socket. turns out the affected file doesn't
need ip_var.h, so remove it. then move the decl to the bottom to prevent
the problem from recurring.
bug report by Nick Briggs
ok mpi
|
| |
|
|
|
|
|
| |
With this we can also get rid of in6_prefix and in6_defrouter. They
are meaningless, the kernel no longer tracks this information.
Pointed out by & OK mpi
|
| |
|
|
| |
OK bluhm@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
the inner IP packet into the internet queue. The IPv6 local delivery
code has a loop to deal with header chains. The idea is to use
this loop and avoid the queueing and rescheduling. The IPsec packet
will be processed in a single flow.
Merge the IP deliver loop from both IP versions into a single
ip_deliver() function that can handle both addresss families. This
allows to process an IP in IP header like a normal extension header.
If af != AF_UNSPEC, we are already in a deliver loop and have the
kernel look. Then we can just return the next protocol. Otherwise
we enqueue. The dequeue thread has the kernel lock and starts an
IP delivery loop.
OK mpi@
|
| |
|
|
|
| |
IPsec packets without additional enqueueing.
OK mpi@
|
mpi
florian
sashan
job
mikeb
bluhm
visa
tj
tedu