| Age | Commit message (Collapse) | Author |
|---|
|
existing log in pf_state_key_attach() from the failed to the reuse
case.
OK mikeb@
|
|
has been moved to nd6_resolve().
ok visa@, millert@, florian@, sthen@
|
|
byte order. Spotted by Gleb Smirnoff (glebius@FreeBSD.org), thanks!
ok tedu
|
|
ok mglocker
|
|
ok sthen@, bluhm@
|
|
pf_test calls pf_refragment6 with dst=NULL, which is passed down to
rtable_match which attempts to dereference it.
|
|
ok bluhm@
|
|
This refactoring aims to reduce the number of places where a route entry is
inserted in the routing table.
ok bluhm@
|
|
Apparently nobody can hit this condition anymore or people do not
report bugs if their kernel do not panic.
ok dlg@, sashan@
|
|
note that this uses max_linkhdr as the adjustment arg. this follows
what the ip stack does when generating packets as it provides space
for link headers (like ethernet headers) to be prepended on the new
packet.
ok henning@
|
|
content and unlink the statekey.
This should allow us to find the reminding corner cases of packets
looped back in the stack.
ok dlg@
|
|
this is the second attempt to get it in, the first
attempt got backed out on Jan 31 2016
the change also contains fixes contributed by Stefan Kempf
in earlier iteration.
OK srhen@
|
|
We don't expect inbound packets to come to PF with statekey attached.
- I've also found missing call to pf_pkt_addr_changed() at various
places, which needs to get fixed to prevent KASSERT() from firing.
OK mpi@, sthen@
|
|
OK sthen@
|
|
OK mpi@ dlg@ sthen@
|
|
- yet another tiny step towards MP PF. This time we need to make sure
statekey attached to packet stays around, while accepted packet is
routed through IP stack.
this time I'm also bringing fix contributed by Stefan Kempf. Stefan's fix
makes sure we grab reference in m_dup_pkthdr()
OK bluhm@
|
|
----------------------------------------------------------------------
revision 1.961
date: 2015/12/22 13:33:26; author: sashan; state: Exp; lines: +153 -44;
commitid: oBRhtWcDV0ThviVT;
- yet another tiny step towards MP PF. This time we need to make sure
statekey attached to packet stays around, while accepted packet is
routed through IP stack.
OK mpi@, henning@
----------------------------------------------------------------------
there have been multiple reports of KASSERT(!pf_state_key_isvalid(sk)) being
triggered without much effort, so back this out for now.
|
|
statekey attached to packet stays around, while accepted packet is
routed through IP stack.
OK mpi@, henning@
|
|
NULL. inspired by Richard Procter <richard.n.procter@gmail.com>'s mail on
tech from Aug 17, but redone. ok sashan vgross
|
|
both af and naf (af-to case) are in the pf_pdesc
some code shuffling to actually set these before calling pf_change_ap/_icmp
inspired by Richard Procter <richard.n.procter@gmail.com>'s mail on tech
from Aug 17, but redone
ok bluhm vgross
|
|
local one. While we always intended to keep the logging in pf_test_rule
and pf_test so seperate that we don't end up with a wrong reason, this
is just too fragile and I can't even convince myself that it still is
right. pointed out by markus, ok bluhm benno
|
|
this avoids current recursion to pf_test() function. the change also
switches icmp_error()/icmp6_error() to use ip_send()/ip6_send() so
they are safe for PF.
The idea comes from Markus Friedl. bluhm, mikeb and mpi helped me
a lot to get it into shape.
OK bluhm@, mpi@
|
|
pf_inp_...() lookup, link and unlink functions as an interface.
Locking can be added to them later. Remove the first linking at
the beginning of tcp_input() and udp_input() as it is not necessary.
It will be done later anyway. That code was a relict, from the
time before I had added the second linking.
Input from mikeb@ and sashan@; OK sashan@
|
|
collide with the statekey to inp unlinking.
OK sashan@ mpi@
|
|
OK mpi@, bluhm@
|
|
for failed route lookups. This is something that was maybe useful in the
90is but in this modern times it is just annoying and nothing expect it
anyway. OK mpi@, sthen@
|
|
requested by sashan@
|
|
While here keep carp(4) bits under NCARP.
Tested by and ok sthen@, ok visa@
|
|
ok dlg@
|
|
implementation for ART based on the singly-linked list of route
entries.
|
|
ok bluhm@
|
|
always gets pointer to rule.
- pf_remove_src_node(): function should always remove matching src node,
regardless the sn->rule.ptr being NULL or valid rule
- sn->rule.ptr is never NULL, spotted by mpi and Richard Procter _von_ gmail.com
OK mpi@, OK mikeb@
|
|
ok mpi@ mikeb@ sthen@
|
|
specific places.
ok claudio@, benno@
|
|
needs to see lo0 in the output path.
ok claudio@
|
|
Use instead the RTF_LOCAL flag to loop local traffic back to the
corresponding protocol queue.
With this change rt_ifp is now always the same as rt_ifa->ifa_ifp.
ok claudio@
|
|
must reset pd->m to avoid a use after free.
OK sashan@ mikeb@
|
|
|
|
ifpp - XXX: just for statistics
ifpp is always NULL in all callers so that statistic confirms ifpp is
dying
OK mpi@
|
|
|
|
ok claudio@
|
|
Spotted by Dilli Paudel <dilli ! paudel at oracle ! com>
ok jung@, ok mikeb@
|
|
which are routed on behalf route-to action.
OK bluhm@
|
|
ok mpi@
|
|
path was taken. This both prevents warnings from clang and acts as a
sanity check.
ok mcbride@ henning@
|
|
to optimize for an INET-only kernel, as well as the fantasy unicorn
INET6-only kernel. (INET-only kernel still works)
prompted by deraadt
ok bluhm sashan
|
|
OK @mcbride
|
|
ok mcbride@
|
|
OK deraadt.
|
|
ok jsg@, ok mpi@
|
