summaryrefslogtreecommitdiff
path: root/sys/net/if_bridge.c
AgeCommit message (Collapse)Author
2006-03-25allow bpf(4) to ignore packets based on their direction (inbound orDamien Miller
outbound), using a new BIOCSDIRFILT ioctl; guidance, feedback and ok canacar@
2006-03-04With the exception of two other small uncommited diffs this movesBrad Smith
the remainder of the network stack from splimp to splnet. ok miod@
2006-01-23support PMTU-Discovery for link2 ipsec bridges; ok claudioMarkus Friedl
2006-01-05bzero buffers after malloc, or clear string buffer before strlcpy'ingTheo de Raadt
into them, if you are gonna copy it out to userland some ok dhartmei, some ok tedu
2006-01-04Remove redundant calls to bpfdetach.Can Erkin Acar
ok brad@
2005-10-09if the wireless hostap interface belongs to a bridge, learn the node'sReyk Floeter
address dynamically on this interface after successful association. this could speed wireless roaming to openbsd accesspoints. ok jason@, jsg@ can't see anything obectionable
2005-07-31Change the API for icmp_do_error so that it takes the mtu directly, ratherChristopher Pascoe
than a pointer to struct ifnet containing it. Saves a 448 byte stack allocation in ip_forward which previously faked up a struct ifnet just for this purpose. idea ok deraadt millert
2005-06-16no need for NVLAN; ok jason, brad, camielMarkus Friedl
2005-04-25csum -> csum_flagsBrad Smith
ok krw@ canacar@
2005-04-25Use ETHERTYPE_VLAN.Brad Smith
2004-12-23Simplify hashtable (de)allocation by moving it into the clone functions.Camiel Dobbelaar
ok mickey@ henning@, "looks good" markus@ jason@
2004-12-19Make it possible for carp to work on fddi and token ring again.Ryan Thomas McBride
ok pascoe@ mpf@
2004-12-17Reorder code in the ethernet output path, and enhance unicast addressChristopher Pascoe
matching in the bridge receive path to make CARP operate correctly on physical interfaces that are participating in a bridge. ok mcbride@ henning@ dlg@
2004-10-09sizeof(struct ether_header) -> ETHER_HDR_LENBrad Smith
ok mcbride@
2004-08-18skip splx() for skiplookup; report Vafa D. Izadinia; ok henning, canacarMarkus Friedl
2004-06-21First step towards more sane time handling in the kernel -- this changesThorsten Lockert
things such that code that only need a second-resolution uptime or wall time, and used to get that from time.tv_secs or mono_time.tv_secs now get this from separate time_t globals time_second and time_uptime. ok art@ niklas@ nordin@
2004-06-21Get rid of pf_test_eh() wrapper.Ryan Thomas McBride
ok cedric@ henning@
2004-05-04Apply bridge filter rules to incoming packets destined to the local machine.Can Erkin Acar
Allows tagging of the incoming packets, and a single interface bridge to be actually useful for MAC level filtering/tagging. ok henning@
2004-05-04Remove useless ``elm'' argument from the SIMPLEQ_REMOVE_HEAD macro.Alexander Yurchenko
This matches our SLIST behaviour and NetBSD's SIMPLEQ as well. ok millert krw deraadt
2004-04-28make return-rst work on pure bridges. ok dhartmei@ henning@ mcbride@Cedric Berger
2004-02-10plug mbuf leak (ip_fragment() always free mbuf on error). tested by cedric,Jun-ichiro itojun Hagino
dhartmei ok
2004-02-02missing #if NPF > 0. ok henning@Cedric Berger
2003-12-17start spanning tree on ifconfig up; from Marco Pfatschbacher; ok jason@Markus Friedl
2003-12-16when a bridge filter rule specifies both src and dst mac address, we do notHenning Brauer
want to compare both against the packet's source address. works much better when we compare the dst address to the packet's dst address. ok camield@ canacar@ markus@ jason@
2003-12-16return error in ifc_destroy; ok deraadt, itojun, cedric, hshoexerMarkus Friedl
2003-12-03add support for ifconfig clone/destroy; ok henning deraadtMarkus Friedl
2003-10-02do not try to send incomplete fragments on ENOBUFS caseJun-ichiro itojun Hagino
(behavior change from 4.4bsd). dhartmei ok
2003-08-15change arguments to suser. suser now takes the process, and a flagsTed Unangst
argument. old cred only calls user suser_ucred. this will allow future work to more flexibly implement the idea of a root process. looks like something i saw in freebsd, but a little different. use of suser_ucred vs suser in file system code should be looked at again, for the moment semantics remain unchanged. review and input from art@ testing and further review miod@
2003-07-28typo. from cedricJun-ichiro itojun Hagino
2003-07-25do not flip ip_len/ip_off. pechkin and henning okJun-ichiro itojun Hagino
2003-06-30change that queue ID allocator so it always has the queues sorted by ID.Henning Brauer
that allows us to get rid of the "tagid" global which stored the highest tag ID in use. when allocating a new ID scan the list for a free slot and only use highest + 1 on failure instead of using highest + 1 from the beginning scanning for a dup afterwards. this prevents ID space fragmentation better. as a result this allows us do get rid of the pf_tag_purge() function completely and let pf_tag_unref() remove an entry once the reference counter reaches zero by itself. after all it makes for easier code and is about 50% faster. idea came up during a discussion on icb earlier today between cedric and myself, which itself was particulary inspired by Darren Reed questioning the need for pf_tag_purge on tech-net@netbsd. ok dhartmei@ cedric@
2003-06-30missing pf_tag_purge()Henning Brauer
cedric made me check
2003-06-25add a pf_tagname field to ifbrlreq and a pf_tag field to ifbrlnode.Henning Brauer
on bridge rule load translate tagnames to pf tags using pf_tagname2tag etc if packets match a bridge filter rule tag them using pf_tag_packet() with the given tag help dhartmei@ ok deraadt@ jason@ dhartmei@
2003-06-02nuke clause 3 & 4Jason Wright
2003-05-30KNF & ANSI, jason agreesHenning Brauer
2003-05-30o the timeout is int, not u_int32_tHenning Brauer
o check timeout for negative values and overflow ok tedu@ jason@
2003-05-03string fixes; tedu okTheo de Raadt
2003-03-31Protect tdb access w/ spltdb; Patrick LatifiTodd C. Miller
Since bridgeintr_frame() is called at splsoftnet() this isn't a big deal but should still be fixed. jason@ OK.
2003-03-11forward 8021Q packets with vlan header if the destination interface hasMarkus Friedl
IFCAP_VLAN_MTU capability. allows forwarding of vlan traffic over bridge(4) since these packets are larger then the mtu; ok jason@
2003-02-21Plug two mbuf leak on error bugs, one from dhartmei one from me.Jason Wright
2003-02-17enqueue the copy that was just made, not the original (probably fixes ↵Jason Wright
kernel/3097, waiting to hear).
2003-02-16KNFTheo de Raadt
2003-01-07apply the discover rule to bridge_output() as wellJason Wright
2003-01-07remove the altq classifier code which is replaced by pf and no longer used.Kenjiro Cho
ok henning@, deraadt@
2003-01-03Fix the unicast case call to bridge_rtupdate(), check that the -source-Jason Wright
interface is LEARNING not the destination.
2002-12-09NPF, not NFP (prevented outgoing bridge_ipsec() packets from being ↵Jason Wright
filtered); Darren Reed <avalon@coombs.anu.edu.au>
2002-12-09allow setting of ifcost with brconfig. enables selection of preferredMarkus Friedl
port/path to root bridge among several LANs. unlike ifpriority, which allows you to select designated port if serveral interfaces belong to the same LAN; ok jason@
2002-12-04spanning tree: flush dynamic mac cache if interface goes to theMarkus Friedl
blocking or disabled state. send packets only if interface is the forwarding state; comment from netbsd; with and ok jason@
2002-10-10Missing m_pullup() and mbuf corruption. This potentially causedDaniel Hartmeier
panic: m_copym0: m == 0 and not COPYALL and/or panic: m_copydata: null muf on bridges running pf with scrubbing enabled. Bug report, test vector and confirmation by Jon Morby. ok jason@, jasoni@
2002-08-07consistently check byte order of ether_type; pointed out by dhartmeiJason Wright