| Age | Commit message (Collapse) | Author |
|---|
|
it introduces a regression with default routes & p2p interfaces.
Problem reported by naddy@
|
|
machine and restore the original behavior of RTM_ADD and RTM_DELETE
by always generating one message per locally configured address.
Tested by krw@, jca@ and florian@
|
|
priority.
Tested by krw@, jca@ and florian@
|
|
of rn_delete was changed). The mpath code gets a much better
rn_mpath_next() function that allows looping through the dupedkey list
based on prio, any or only active routes. This solves the issues seen
with failed deletes of down routes.
Commit this now so that it gets tested. Both sthen@ and blambert@ agree.
|
|
userland from playing with the local and broadcast flags.
ok claudio@
|
|
addresses from the per-ifp list.
While here document why enc(4) needs a link-layer address, or at
least something that seems to be one.
Found the hard way and fix tested by naddy@, ok mikeb@, henning@
|
|
interface, I suggest you have a look at the link-layer sockaddr
interface:
/*
* A Link-Level Sockaddr may specify the interface in one of two
* ways: either by means of a system-provided index number (computed
* anew and possibly differently on every reboot), or by a human-readable
* string such as "il0" (for managerial convenience).
[...]
*/
ifa_ifwithnet() was not only checking for the sdl_index in order
to get the corresponding ifp for AF_LINK sockaddr, it was also
iterating over all the addresses on your system! But in this
case, the `address' field of "struct sockaddr_dl" is an interface
name set by link_addr(3).
How can this work? Well because the kernel allocates an empty
`netmask' field for each interface's lladdr, so that you can
abuse a network comparison function to reimplement strcmp(3)...
So when the userland does not specify an interface index, try
harder to see if it passed an ifp name, but at least be explicit
and use ifunit().
Found the hard way by/ok sthen@
|
|
This pointer was only needed by rt_getifa() to find an address, so
turn it into a local variable.
ok henning@, bluhm@
|
|
crazyness only.
|
|
can be given to ifa_ifwithnet().
Handle this specific case directly and let ifa_ifwithnet() do only
one thing: iterate on all the addresses of all the interfaces in a
given routing domain to return the most specific matching address.
ok mikeb@
|
|
With r1.160 route.c needs #include <net/if_dl.h> because bsd.rd and
friends don't pull in netmpls/mpls.h which is how bsd[.mp] get it.
ok deraadt@ guenther@
|
|
function should not deal with link-layer addresses and here there's
no reason to do it.
ok mikeb@
|
|
connected routes to prefixes/hosts.
Since the introduction of rt_ifa_addloop(9) and rt_ifa_delloop(9),
rtinit() was just a wrapper, so use the underlying functions
directly and document them.
Inputs from and ok mikeb@, manpage tweaks from jmc@
|
|
Move these functions to a more generic place and make them reuse
existing code, they'll be soon used in IPv4 too.
Tested by André Lucas, Vigdis and sthen@, thanks!
ok sthen@
|
|
Instead of always copying ifa_flags to the routing entry flags when
creating a route by calling rtinit(), explicitly pass the RTF_CLONING
flag when required. This means ifa_flags are now *only* used to check
if an address has an associated route that was created by the kernel
auto-magically.
ok benno@
|
|
Rename and document rt_timer_count() into rt_timer_queue_count() to
be consistent with the other functions. Remove unused argument from
rt_timer_queue_destroy(), clean the definitions and finally use the
same order in NAME and DESCRIPTION as requested by jmc@.
ok henning@
|
|
coherent with the existing rtable_* functions and document it.
While here fix some other manpage glitches pointed out by jmc@.
|
|
link-layer address of an interface. This ugly structure is used
to export the interface's name and index, not only the link-layer
address as its name might suggest.
So instead reaching this descriptor by forcing and abusing the
position of the link-layer "struct ifaddr" in the per-interface
list, use the if_sadl pointer directly.
ok mikeb@, henning@
|
|
|
|
not needed for routes to host.
ok bluhm@, claudio@
|
|
new function, rt_sendmsg(). While here, in the v6 cases, pass the same
rtableid that was used for the request instead of dereferencing a pointer
after checking for it to be NULL.
ok krw@ on a previous version, ok bluhm@
|
|
now cause a EINVAL. The RTA_GENMASK and RTAX_GENMASK defines are kept for
compatibility reasons.
OK benno@ and agreed by dlg@
|
|
sprinkle 0 -> NULL where obvious
ok millert mpi
|
|
|
|
OK henning@
|
|
created a bunch of useless dependencies. Remove this implicit
inclusion and do an explicit #include <netinet6/in6_var.h> when it
is needed.
OK mpi@ henning@
|
|
ok krw@, mikeb@
|
|
slipped by on i386, but the zaurus doesn't automagically pick it up.
spotted by patrick
|
|
|
|
check for the reference counter.
ok mikeb@, miod@, pelikan@, kettenis@, krw@
|
|
ok claudio@
|
|
to a radix_node struct.
The radix tree pushdown continues.
ok claudio@
|
|
returns radix_node pointers, inside a new rt_mpath_next, which accepts
and returns rtentry pointers, and start using that instead.
ok claudio@
|
|
as functions that modify routing information shouldn't be interruptable by
network traffic.
Also make sure that both of those functions assert that they are called
at softnet. I'm reasonably sure that there shouldn't be any, but if there
is any codepath that was missed, we're going to be here for another 4 days
to deal with any fallout.
While here, move the multitude of "int s" declarations inside ifioctl to
the beginning of the function.
okay claudio@
|
|
|
|
ok blambert@ sthen@ henning@ claudio@
|
|
testing sthen@
ok sthen@ henning@ dlg@
|
|
testing sthen@
ok sthen@ henning@ dlg@
|
|
testing sthen@
ok sthen@ henning@ dlg@
|
|
|
|
LINK_STATE_IS_UP() does the trick now for all cases.
OK henning@ deraadt@
|
|
leads to corrupted memory; backout to await a better fix
|
|
malloc/bcopy/free, the way He Who Must Not Be Named intended.
"yes please" claudio@
|
|
to an interface any more, the kernel crashed with a null pointer
dereference. This situation could be created by a strange sequence
of route and ifconfig commands.
Now when a cloning route references a stale interface address and
rtrequest1(RTM_RESOLVE) has to create a cloned route, it does a
lookup for a valid interface address with the same ip address. The
new interface address and its interface are used for the new cloned
route and they replace the old ones at the cloning route.
ok claudio@, henning@
|
|
rtsock code can return a more reasonable error to the user.
OK henning
|
|
rn_mpath_capable(). Move code down into the mpath specific block.
Not all routing tables support multipath and therefor priorities.
|
|
This allows to run isakmpd/iked/ipsecctl in multiple rdomains
independently (with "route exec"); the kernel will pickup the rdomain
from the process context of the pfkey socket and load the flows and
SAs into the matching rdomain encap routing table. The network stack
also needs to pass the rdomain to the ipsec stack to lookup the
correct rdomain that belongs to an interface/mbuf/... You can now run
individual IPsec configs per rdomain or create IPsec VPNs between
multiple rdomains on the same machine ;). Note that a primary enc(4)
in addition to enc0 interface is required per rdomain, eg. enc1 rdomain 1.
Test by some people, mostly on existing "rdomain 0" setups. Was in
snaps for some days and people didn't complain.
ok claudio@ naddy@
|
|
the callback functions. This fixes a problem where dynamic routes in
different tables would not get deleted because the callback was doing
the remove on the wrong table.
OK henning@
|
|
|
|
traffic for this SA will appear on the specified enc interface instead
of enc0 and can be filtered and monitored separately. This will allow
to group individual ipsec policies to virtual interfaces and
simplifies monitoring and pf filtering with many ipsec policies a lot.
This diff includes the following changes:
- Store the enc interface unit (default 0) in the TDB of an SA and pass
it to the enc_getif() lookup when running the bpf or pf_test() handlers.
- Add the pfkey SADB_X_EXT_TAP extension to communicate the encX
interface unit for a specified SA between userland and kernel.
- Update enc(4) again to use an allocate array instead of the TAILQ to
lookup the matching enc interface in enc_getif() quickly.
Discussed with many, tested by a few, will need more testing & review.
ok deraadt@
|
