| Age | Commit message (Collapse) | Author |
|---|
|
tables on top of a rdomain) but until now our code was a crazy mix so that
it was impossible to correctly use rtables in that case. Additionally pf(4)
only knows about rtables and not about rdomains. This is especially bad when
tracking (possibly conflicting) states in various domains.
This diff fixes all or most of these issues. It adds a lookup function to
get the rdomain id based on a rtable id. Makes pf understand rdomains and
allows pf to move packets between rdomains (it is similar to NAT).
Because pf states now track the rdomain id as well it is necessary to modify
the pfsync wire format. So old and new systems will not sync up.
A lot of help by dlg@, tested by sthen@, jsg@ and probably more
OK dlg@, mpf@, deraadt@
|
|
`OK' claudio
|
|
the mbuf got leaked when detaching an interface, spotted by theo.
fixed by me, diff refined by theo
eyeballed by claudio@
'go ahead, commit this' by theo@
|
|
the one planned to remove. Do this by going through the dupedkey list
looking for the right ifa. Problem found by and OK dlg, OK henning
|
|
even though adding an already existing routing table is not allowed.
Leak found by blambert@, fix by myself. OK blambert@
|
|
alternate routing table and separate them from other interfaces in distinct
routing tables. The same network can now be used in any doamin at the same
time without causing conflicts.
This diff is mostly mechanical and adds the necessary rdomain checks accross
net and netinet. L2 and IPv4 are mostly covered still missing pf and IPv6.
input and tested by jsg@, phessler@ and reyk@. "put it in" deraadt@
|
|
the rtfree panic seen by some people.
|
|
ok claudio@
|
|
code. In pf rtableid == -1 means don't change the rtableid because
of this rule. So it has to be signed int there. Before the value
is passed from pf to route it is always checked to be >= 0. Change
the type to int in pf and to u_int in netinet and netinet6 to make
the checks work. Otherwise -1 may be used as an array index and
the kernel crashes.
ok henning@
|
|
levels. This will allow for platforms where soft interrupt levels do not
map to real hardware interrupt levels to have soft ipl values overlapping
hard ipl values without breaking spl asserts.
|
|
the backout/disabling of the route link state tracking done a few days ago.
OK deraadt@
|
|
Switch the padding field into a MPLS one in rt_msghdr to store
relevant informations.
OK claudio@ laurent@
|
|
We can now act as edge node and allow ipv4 packets to
enter a Label Switched Path and not just forwarding
MPLS packets.
OK claudio@
|
|
Now it contains just the label as it must be.
This introduces a ugly hack in rtentry that will be removed
as soon as possible.
OK claudio@
|
|
added without an expilict priority. This allows to specify less prefered
interfaces that will only take over if the primary interface loses link.
OK deraadt@
|
|
which are considered down will no be marked ~RTF_UP and so multipath routing
will start to work as expected and not pump 50% of the traffic to nirvana.
Most of the magic happens in rn_mpath_reprio() which fiddles with the
routing table internals. The rest is more straight forward.
get it in deraadt@
|
|
not only over routes of the same prio. This makes it possible to modify
rt_mpath_matchgate() so that if only gateway is specified without a specific
priority it will scan the full list and not only the first routes.
This is also needed for upcoming link state tracking.
|
|
Really just the low-hanging fruit of (hopefully) forthcoming timeout
conversions.
ok art@, krw@
|
|
soon.
|
|
route prios. playing safe for 4.4-release, as not all parts of the system
deal correctly with route prios yet. ok claudio
|
|
and not on the routes with the right prio. So pick up the correct route by
calling rn_mpath_prio() first.
OK henning@
|
|
rtrequest1() everywhere now. OK henning@
|
|
OK henning@
|
|
claudio ok
|
|
and the one route with the lowest number wins. This will be used by the
routing daemons to resolve the synchronisations issue in case of conflicts.
The nasty bits of this are in the multipath code. If no priority is specified
the kernel will choose an appropriate priority.
Looked at by a few people at n2k8 code is much older
|
|
seen by krw. This is a prerequisite for upcomming routing priorities:
Always compare the nexthop if one is specified even if it is a non-multipath
route. This mostly affects "route delete" and it will not remove the last
route if previous delete is redone. OK henning@
|
|
before returning rt_tables[id][af2rtafidx[af]. when you created tables
and left a hole (0 and 2 exist, 1 does not) it is possible to hit that
case. issue found & ok claudio
|
|
all the original ones did, the recently added ones for labels per interface
didn't. no cookie for reyk ;(
ok deraadt
|
|
net/if_enc.h instead.
ok todd@ and probably claudio who's in the train.
|
|
-remove useless casts
-MALLOC/FREE -> malloc/free
-use M_ZERO where appropriate instead of seperate bzero
feedback & ok krw, hshoexer
|
|
which will be used for new interface routes. For example,
ifconfig em0 10.1.1.0 255.255.255.0 rtlabel RING_1
will set the new interface address and attach the route label RING_1 to
the corresponding route.
manpage bits from jmc@
ok claudio@ henning@
|
|
|
|
|
|
routes did not carefully check if the route lookup succeded or not and so
rn_mpath_next(rn) blowed up because rn was NULL. Check if rnh_lookup succeded
before touching rn in anyway. OK norby@ initial diff by hshoexer@
|
|
previous route that may not have been inserted with the -mpath flag.
Similarly, when removing a multipath route and leaving only one route,
clear the RTF_MPATH flag so this is clear.
ok claudio@
|
|
parameter so they can work on alternate tables. table 0 hardcoded for
many callers yet, that will be adapted step by step.
input + ok claudio norby hshoexer
|
|
problem before: with this, we are no longer using the address family as
array index directly, since only 3 of 31 address fanilies actually attach
a table, but we're using an address family to array index translation (just
another array). there, 0 meant "does not attach a table", thus rt_gettable
has to return a null pointer. unfortunately we were using array index 0 for
whatever af attaches first, and since the list is backwards,, that used to
be ipsec - execpt on ipsec-less ramdisks, where it was inet6, and since
route show blindly iterates over all address families, and all those
without a table pointed to index 0, we got 28 or 29 copies of the v6 table.
i had that right initally, and then i borked it later... re-spotted by
claudio.
ok norby hshoexer claudio
|
|
'route show' dump out repeated copies of the v6 routing table on ramdisks.
on some architectures it spins forever doing this, on others it just
goes for a long time printing the v6 routes over and over before terminating.
spotted by jmc and krw, backout diff tested by beck.
|
|
we trade higher memory consumption if the user doesn't use continous table
IDs, but in the worst case (table IDs 0 and 255, 64bit machine) that is 2KB
ok claudio ryan
|
|
|
|
-instead of staticaly declaring the heads, allocate memory for them
-add second dimension to the routing table head array, table ID
-space saver: do not use the AF as array index directly, but have an
AF->index translation array and only account for AFs actually attaching
a routing table
note that whil ethat allows for multiple routing table heads, nothing uses
taht yet.
tested by many, ok claudio reyk norby mcbride
|
|
ok henning@
|
|
pointer and a panic later on. Be more careful Claudio! OK henning@
|
|
cases harmless it is used by the IPv6 code. The result is that bgpd is unable
to assigning link local addresses to the correct interface. OK henning@
Fix for PR 5063.
|
|
directly. rather provide a rt_lookup function for regular lookups,
and a rt_gettable for those that need access to the head for some reason.
the latter cases should be revisted later probably so that nothing outside
the routing core code accesses the heads at all...
tested claudio jolan me, ok claudio markus
|
|
interface that is removed. use that from if.c and if_tun.c instead of
re-implementing in the latter case. ok claudio
|
|
a 200+ lines diff, but no binary change.
|
|
code. no binary change.
|
|
as the previous changes from a train ride to frankfurt a bit over a week ago
|
|
change every time a line is added or removed. no functional change.
|
