| Age | Commit message (Collapse) | Author |
|---|
|
if the mac address is not for the interface, it must be multicast
or broadcast. this is instead of if the packet is not
multicast/broadcast, it must be for the interface.
this allows ethernet interfaces to have multicast mac addresses
without having to special case it themselves. eg, carp load balancing
should become easier with this.
ok mpi@
|
|
ok jsg@
|
|
according to small bits of cisco doco, multicast can be implemented
on mgre using head-end replication. that isnt implemented, but the
flags do allow ipv6 addresses to be added to the interface.
|
|
outgoing state key is the same. In this case the reverse link loops
to the same state key. The assertion in pf_state_key_link_reverse()
did not expect this and the kernel crashed.
bug reported and fix tested by Johan Huldtgren; OK sashan@ visa@
|
|
affects the bpfioctl() and bpfclose() path.
lock assertion reported and fix tested by Pierre Emeriaud; OK visa@
|
|
This needs to go back to the drawing board.
|
|
|
|
i was assigning to ip dst to both the key src and dst, which meant
no traffic matched and it fell through the network stacks ipip
processing.
based on some excellent investigation by andreas bartelt.
|
|
this relies on ifconfig tunneladdr
|
|
ok mpi@
|
|
suggested by mpi@
|
|
in practice this means NET_ASSERT_LOCKED() near the lists and trees
holding the different types of gre interfaces.
suggested by mpi@
|
|
mgre is different to gre in that the tunnel only needs configuration
for a local address, and the address inside the tunnel is configured
on it is a subnet. other addresses on that subnet get mapped to a
tunnel endpoint and send there.
at the moment that mechanism is the routing table, using non-gateway
host routes with the tunnel endpoint as the gateway address.
the tunnel address configuration is ugly and confusing atm, but
should improve soon.
ok mpi@ who has some suggestions i can do in the tree.
|
|
|
|
|
|
|
|
route entry.
This makes sure we pass the correct size to free(9).
Reproted by and ok dlg@
|
|
|
|
NVGRE is short for Network Virtualization Using Generic Routing
Encapsulation.
it provides an overlay ethernet network with multiple ip peers,
rather than a tunnel to a single peer like egre(4) provides. unlike
egre the vnetid is mandantory and always 24 bits. it offers similar
functionality to vxlan(4).
|
|
|
|
|
|
entry that has been cloned from a different RTF_CLONING route.
Bug report & ok friehm@
|
|
internet control, so we can too.
|
|
when enabled, the 32bit key on gre a packet is split into a 24bit
key and an 8 bit flow id. this allows better use of multipath links
if the intermediate routers feed the gre key into their hashing
algorithms. because gre can encapsulate pretty much anything, it
can be non-trivial for a router to reach into a payload to harvest
entropy for feeding into a hashing algorithm. having the endpoints
do it and feed it into the gre header is a lot simpler.
this allows interoperationg with cisco gre tunnels with key entropy
enabled. this was tested against a csr1000v.
also, this arrangement coincides with how nvgre works, so it paves
the way for supporting that protocol.
right now the driver relies on the flowid in mbufs to populate the
packet field. this generally means that pf should be enabled to
provide the flowid.
|
|
|
|
ok mpi@
|
|
The account flag `ASU' will no longer be set but that makes suser()
mpsafe since it no longer mess with a per-process field.
No objection from millert@, ok tedu@, bluhm@
|
|
|
|
|
|
|
|
|
|
|
|
|
|
i found out how to do this while reading the freebsd stf(4) driver.
|
|
pf_match_rule() must remember current anchor before descents
towards leaf. it must restore anchor as it ascents towards root.
Bug pointed out and fix also tested by Matthias Pitzl from genua.
OK bluhm@
|
|
makes the code a bit more straightforward
|
|
it's new so there's no existing configs to be compat with.
|
|
this also changes the wccp handling to peek into it's payload to
determine whether it is wccp 1 or 2. wccp1 says the gre header is
followed by ipv4, while wccp2 says there's a small header before
the ipv4 packet. the wccp2 header cannot have 4 in the first nibble,
while ipv4 must have 4 in the first nibble. the code now looks at
the nibble to determine whether it should strip the wccp2 header
or not.
|
|
this lets us look up the gre(4) interface before looking at the
protocols it might be carrying.
|
|
this is a port of the change made to if_etherip.c r1.35 to allow
addresses to be configured before the tunnel is configured.
|
|
this is a port of the change made to if_etherip.c r1.35 to allow
addresses to be configured before the tunnel is configured.
this rollback is particularly annoying on gre with keepalives.
keepalives rely on the interface rdomain and tunnel rdomain to be
the same, which the rolled back semantics checked. now it is possible
to create an invalid configuration and not get any feedback about
it.
|
|
this is a port of the change made to if_etherip.c r1.35 to allow
addresses to be configured before the tunnel is configured.
|
|
this avoids allocating a mobileip_softc on the stack to build a key
for looking up interfaces with on packet input. struct ifnet inside
mobileip_softc is "quite large", and may blow the 2k limit one day.
|
|
our network drivers have a feature where if you configure an address
on the interface, it implicitly brings the interface up. i changed
etherip so you could only change the tunnel configuration while it
down, but maintained the implicit up behaviour. bringing the tunnel
up also relied on having valid configuration, ie, tunnel addreses
must be configured otherwise up will fail.
this means people who have address config in their hostname.etherip
files before config for the tunnel addresses will have problems.
firstly, the address wont be configured because falling through to
the interface up fails because the tunnel isnt configured correctly,
and that error makes the address config roll back. secondly, config
that relies on configuring the address to bring the interface up
will fail because there's no explicit up after the tunnel config.
this diff rolls the tunnel config back to keeping the interface on
a list, and allowing config at any time. the caveat to this is that
it makes mpsafety hard because inconsistent intermediate states are
visible when packets are being processed.
|
|
|
|
|
|
allows filtering on the priority of the route. All routes up to
the specified value will be passed.
ok claudio, ok henning previous version, feedback and manpage from
sthen.
|
|
triggered by djm's dhclient on vether on bridge setup
ok djm benno claudio
|
|
to in_up_loopback(). There is an issue when doing ifconfig lo0 127.0.0.1/8
the system ends up with 2 127.0.0.1 routes which breaks things like smptd.
Found by tb@
|
|
ok claudio@, jmatthew@
|
