| Age | Commit message (Collapse) | Author |
|---|
|
ok henning
|
|
|
|
implementation. it currently supports round robin mode with link state
checking, additional modes will be added later.
ok brad@, deraadt@
|
|
|
|
|
|
pass on mygroup ...
markus ok
|
|
|
|
useless layers of indirection and make the code way cleaner overall.
this is just the start, more to come...
worked very hard on by Ryan and me in Montreal last week, on the airplane to
vancouver and yesterday here in calgary. it hurt.
ok ryan theo
|
|
OK henning, krw, brad, moritz
|
|
ok dlg@ henning@
|
|
This converts if_link_state_change() to a generic usable
callback with dohooks().
OK henning@, camield@
Tested by camield@ and Alexey E. Suslikov
|
|
OK derradt@ tedu@
|
|
Kyunghwan KIM (prs 2117 and 2118) and Fredrik Widlund. ok deraadt
|
|
on the routing socket and notifying carp() of link changes.
ok brad@ mpf@
|
|
interface address -- and not the last one -- some alias. Also handle point to
point networks a bit more special.
With some input from markus@ OK markus@ henning@ fgsch@
|
|
The code is adopted from the FreeBSD netgraph-based Bluetooth
implementation by Maksim Yevmenkin <m_evmenkin@yahoo.com> but
all netgraph glue was replaced with usual BSD network stack
hooks. This is a work in progress. Only HCI layer works for now,
L2CAP and RFCOMM are on the way.
Help in testing from many, ok markus@.
|
|
the old ifgroups haven't been in use ever really, and the new
implementation is 3 months old today. theo ok (3 months ago)
|
|
list than physical interfaces. This makes ifa_ifwith* prefer a physical
interface over a CARP one.
This addresses the problem where a CARP interface in BACKUP state is
selected after a route change, resulting in a loss of communications
despite there being another interface available which is perfectly usable.
ok mcbride@ mpf@
|
|
ok markus@
|
|
dealing with a carp interface.
|
|
style as vlan(4). carp interfaces no longer require the physical interface
to be on the same subnet as the carp interface, or even that the physical
interface has an adress at all, so CARP can now be used on /30 networks.
ok deraadt@ henning@
|
|
|
|
|
|
a struct timeout to struct ifqueue so that each one has its own - it
is a per-queue thing. from chris pascoe
|
|
|
|
there is now a TAILQ with all interface groups as members, and
in struct ofnet there is only a pointer to the group structure stored
and not its name.
mostly hacked at c2k4 and somewhere over the atlantic ocean
ok markus mcbride
|
|
ok millert@
|
|
|
|
by "ifconfig fxp0 group foobar" "ifconfig xl0 group foobar"
these two interfaces are in one group.
Every interface has its if-family as default group.
idea/design from henning@, based on some work/disucssion from Joris Vink.
henning@, mcbride@ ok.
|
|
descriptions, configurable with ifconfig
help from various, ok deraadt@
|
|
|
|
- If the physical interface goes down or the link goes down,
the carp interface goes down as well.
- We treat this like the preemption holdoff with pfsync.
So if one of the carp interfaces is known to be bad (because the
physical interface it's associated with is bad), all the other carp
interfaces back off: they won't preempt, and their advskew goes to 240.
ok cedric@
|
|
is full, along with a timer that unsets it again after 10ms.
The input queue beeing full is a reliable indicator for CPU overload, and
this flag allows other subsystems to cope with the situation.
hacked with beck
ok kjc@ markus@ beck@
|
|
from otto@
- Fix signedness issue with unit numbers. Bug report from Thorsten Glaser
ok millert@ otto@
|
|
gets deleted; fixes pr 3649; ok henning, deraadt, dhartmei
|
|
|
|
then ifnet_addrs[ifp->if_index] leaks; if it's called after if_detach()
then if_free_sadl() does nothing; ok itojun
|
|
1) PF should do the right thing when unplugging/replugging or cloning/
destroying NICs.
2) Rules can be loaded in the kernel for not-yet-existing devices
(USB, PCMCIA, Cardbus). For example, it is valid to write:
"pass in on kue0" before kue USB is plugged in.
3) It is possible to write rules that apply to group of interfaces
(drivers), like "pass in on ppp all"
4) There is a new ":peer" modifier that completes the ":broadcast"
and ":network" modifiers.
5) There is a new ":0" modifier that will filter out interface aliases.
Can also be applied to DNS names to restore original PF behaviour.
6) The dynamic interface syntax (foo) has been vastly improved, and
now support multiple addresses, v4 and v6 addresses, and all userland
modifiers, like "pass in from (fxp0:network)"
7) Scrub rules now support the !if syntax.
8) States can be bound to the specific interface that created them or
to a group of interfaces for example:
- pass all keep state (if-bound)
- pass all keep state (group-bound)
- pass all keep state (floating)
9) The default value when only keep state is given can be selected by
using the "set state-policy" statement.
10) "pfctl -ss" will now print the interface scope of the state.
This diff change the pf_state structure slighltly, so you should
recompile your userland tools (pfctl, authpf, pflogd, tcpdump...)
Tested on i386, sparc, sparc64 by Ryan
Tested on macppc, sparc64 by Daniel
ok deraadt@ mcbride@
|
|
|
|
|
|
to check if interface exists, as (1) if_index will have different meaning
(2) ifindex2ifnet could become NULL when interface gets destroyed,
when we introduce dynamically-created interfaces. markus ok
|
|
|
|
|
|
|
|
allocation; tested on most archs
|
|
Allows multiple hosts to share an IP address, providing high availability
and load balancing.
Based on code by mickey@, with additional help from markus@
and Marco_Pfatschbacher@genua.de
ok deraadt@
|
|
|
|
makes routing lookups slightly more expensive, and serves no useful
purpose.
ok itojun@ tedu@
|
|
deraadt@ ok.
|
|
argument. old cred only calls user suser_ucred. this will allow future
work to more flexibly implement the idea of a root process. looks like
something i saw in freebsd, but a little different.
use of suser_ucred vs suser in file system code should be looked at again,
for the moment semantics remain unchanged.
review and input from art@ testing and further review miod@
|
