summaryrefslogtreecommitdiff
path: root/sys/net/if_bridge.c
AgeCommit message (Collapse)Author
2004-10-09sizeof(struct ether_header) -> ETHER_HDR_LENBrad Smith
ok mcbride@
2004-08-18skip splx() for skiplookup; report Vafa D. Izadinia; ok henning, canacarMarkus Friedl
2004-06-21First step towards more sane time handling in the kernel -- this changesThorsten Lockert
things such that code that only need a second-resolution uptime or wall time, and used to get that from time.tv_secs or mono_time.tv_secs now get this from separate time_t globals time_second and time_uptime. ok art@ niklas@ nordin@
2004-06-21Get rid of pf_test_eh() wrapper.Ryan Thomas McBride
ok cedric@ henning@
2004-05-04Apply bridge filter rules to incoming packets destined to the local machine.Can Erkin Acar
Allows tagging of the incoming packets, and a single interface bridge to be actually useful for MAC level filtering/tagging. ok henning@
2004-05-04Remove useless ``elm'' argument from the SIMPLEQ_REMOVE_HEAD macro.Alexander Yurchenko
This matches our SLIST behaviour and NetBSD's SIMPLEQ as well. ok millert krw deraadt
2004-04-28make return-rst work on pure bridges. ok dhartmei@ henning@ mcbride@Cedric Berger
2004-02-10plug mbuf leak (ip_fragment() always free mbuf on error). tested by cedric,Jun-ichiro itojun Hagino
dhartmei ok
2004-02-02missing #if NPF > 0. ok henning@Cedric Berger
2003-12-17start spanning tree on ifconfig up; from Marco Pfatschbacher; ok jason@Markus Friedl
2003-12-16when a bridge filter rule specifies both src and dst mac address, we do notHenning Brauer
want to compare both against the packet's source address. works much better when we compare the dst address to the packet's dst address. ok camield@ canacar@ markus@ jason@
2003-12-16return error in ifc_destroy; ok deraadt, itojun, cedric, hshoexerMarkus Friedl
2003-12-03add support for ifconfig clone/destroy; ok henning deraadtMarkus Friedl
2003-10-02do not try to send incomplete fragments on ENOBUFS caseJun-ichiro itojun Hagino
(behavior change from 4.4bsd). dhartmei ok
2003-08-15change arguments to suser. suser now takes the process, and a flagsTed Unangst
argument. old cred only calls user suser_ucred. this will allow future work to more flexibly implement the idea of a root process. looks like something i saw in freebsd, but a little different. use of suser_ucred vs suser in file system code should be looked at again, for the moment semantics remain unchanged. review and input from art@ testing and further review miod@
2003-07-28typo. from cedricJun-ichiro itojun Hagino
2003-07-25do not flip ip_len/ip_off. pechkin and henning okJun-ichiro itojun Hagino
2003-06-30change that queue ID allocator so it always has the queues sorted by ID.Henning Brauer
that allows us to get rid of the "tagid" global which stored the highest tag ID in use. when allocating a new ID scan the list for a free slot and only use highest + 1 on failure instead of using highest + 1 from the beginning scanning for a dup afterwards. this prevents ID space fragmentation better. as a result this allows us do get rid of the pf_tag_purge() function completely and let pf_tag_unref() remove an entry once the reference counter reaches zero by itself. after all it makes for easier code and is about 50% faster. idea came up during a discussion on icb earlier today between cedric and myself, which itself was particulary inspired by Darren Reed questioning the need for pf_tag_purge on tech-net@netbsd. ok dhartmei@ cedric@
2003-06-30missing pf_tag_purge()Henning Brauer
cedric made me check
2003-06-25add a pf_tagname field to ifbrlreq and a pf_tag field to ifbrlnode.Henning Brauer
on bridge rule load translate tagnames to pf tags using pf_tagname2tag etc if packets match a bridge filter rule tag them using pf_tag_packet() with the given tag help dhartmei@ ok deraadt@ jason@ dhartmei@
2003-06-02nuke clause 3 & 4Jason Wright
2003-05-30KNF & ANSI, jason agreesHenning Brauer
2003-05-30o the timeout is int, not u_int32_tHenning Brauer
o check timeout for negative values and overflow ok tedu@ jason@
2003-05-03string fixes; tedu okTheo de Raadt
2003-03-31Protect tdb access w/ spltdb; Patrick LatifiTodd C. Miller
Since bridgeintr_frame() is called at splsoftnet() this isn't a big deal but should still be fixed. jason@ OK.
2003-03-11forward 8021Q packets with vlan header if the destination interface hasMarkus Friedl
IFCAP_VLAN_MTU capability. allows forwarding of vlan traffic over bridge(4) since these packets are larger then the mtu; ok jason@
2003-02-21Plug two mbuf leak on error bugs, one from dhartmei one from me.Jason Wright
2003-02-17enqueue the copy that was just made, not the original (probably fixes ↵Jason Wright
kernel/3097, waiting to hear).
2003-02-16KNFTheo de Raadt
2003-01-07apply the discover rule to bridge_output() as wellJason Wright
2003-01-07remove the altq classifier code which is replaced by pf and no longer used.Kenjiro Cho
ok henning@, deraadt@
2003-01-03Fix the unicast case call to bridge_rtupdate(), check that the -source-Jason Wright
interface is LEARNING not the destination.
2002-12-09NPF, not NFP (prevented outgoing bridge_ipsec() packets from being ↵Jason Wright
filtered); Darren Reed <avalon@coombs.anu.edu.au>
2002-12-09allow setting of ifcost with brconfig. enables selection of preferredMarkus Friedl
port/path to root bridge among several LANs. unlike ifpriority, which allows you to select designated port if serveral interfaces belong to the same LAN; ok jason@
2002-12-04spanning tree: flush dynamic mac cache if interface goes to theMarkus Friedl
blocking or disabled state. send packets only if interface is the forwarding state; comment from netbsd; with and ok jason@
2002-10-10Missing m_pullup() and mbuf corruption. This potentially causedDaniel Hartmeier
panic: m_copym0: m == 0 and not COPYALL and/or panic: m_copydata: null muf on bridges running pf with scrubbing enabled. Bug report, test vector and confirmation by Jon Morby. ok jason@, jasoni@
2002-08-07consistently check byte order of ether_type; pointed out by dhartmeiJason Wright
2002-07-02make it compile w/ ipsec and no pf ; smth that was left for homeworkMichael Shalayeff
2002-07-01Fix really long standing bug with fetching address cache entries:Jason Wright
handle ifbac_len == 0 as per the man page; Benny Holmgren <bigfoot@astrakan.hig.se>
2002-06-30allocate sockaddr_dl for ifnet in if_alloc_sadl(), as we don't always knowJun-ichiro itojun Hagino
the size of sockaddr_dl on if_attach() - for instance, see ether_ifattach(). from netbsd. fgs ok
2002-06-15unnecessary () on castJason Wright
2002-06-15Transparent IPsec processing on the bridge; for now works only withAngelos D. Keromytis
static keys.
2002-06-11splassert(IPL_NET) where comment says that we should.Artur Grabowski
2002-06-10prevent mbuf leak on icmp_do_error() failure.Jun-ichiro itojun Hagino
NOTE: under 4.4BSD mbuf coding discipline, once you pass mbuf to a function like f(m), you no longer have ownership of the mbuf. the mbuf will always be freed by the called function f(). by keeping the programming rule you have less chance of memory leak.
2002-06-09don't need device.hJason Wright
2002-06-08use consistent style in function declarationsjasoni
2002-06-08If a IP packet is too large for the outgoing interface and DF is set,jasoni
drop the packet and send a icmp needfrag.. blessed by jason@
2002-06-07Move all duplicated enqueueing code into one function,jasoni
bridge_ifenqueu(). - ok jason@, dhartmei@
2002-05-31respect rmx_mtu (cached PMTUD result) on outbound. deraadt/angelos okJun-ichiro itojun Hagino
2002-05-28refragment ip packets if too large for the outgoing interfacejasoni
- ok jason@, dhartmei@