Age | Commit message (Collapse) | Author |
|
etherip encapsulation; unbreaks remote ipsec bridges; ok claudio;
additional testing Renaud Allard
|
|
instead of open/close events. Fixes PR 5457 where
an extra open event arrived due to an authentication
timeout/retransmission and confused things. Tested
by RD Thrush and mpf@, discussions and ok mpf@
|
|
OK claudio@ jason@
|
|
addresses in struct arpcom. this lets a nic driver easily see if it wants
allmulti behaviour, which in turn means we can clean some code up.
ok jason@ claudio@ norby@
|
|
makes carp(4) fail-over work over bridge(4). OK michele@ jason@
|
|
in ip6_input(), but pf_test6() is called from bridge code as well.
ok dhartmei@ henning@ deraadt@ claudio@
|
|
drop all packets with routing headers unless the matching rule explicitly
specifies 'allow-opts'.
ok dhartmei@ henning@ deraadt@ claudio@
|
|
|
|
|
|
It shouldn't make a difference, but some
ioctl-callers don't initialize the ifreq properly.
Fixes a panic w/ tun(4) on trunk(4).
OK reyk@, claudio@
|
|
for future work. also move the repeated tx start code into a common
function.
parts of it are merged from FreeBSD's trunk(4) port. oh, wait... they
renamed it to 'lagg(4)' because a little green guy from Cizzco-Eeeh
told them "trunk is for VLANs, trunk is for VLANs". Bad FreeBSD, don't
listen to the little green guy from Cizzco-Eeeh!
ok claudio@
|
|
ok dlg@
|
|
|
|
|
|
double free. Found and tested by Stefan Schmieta. OK markus@ mbalmer@
|
|
Use the proper in_ifscrub() / in_ifinit() calls for
address changes to generate routing messages.
The correct way to set the default route now
needs the -ifp option, e.g.
route add default -ifp pppoe0 0.0.0.1
Since the route is set right after bringing
the interface up, it still works w/out -ifp though.
Changes mostly from NetBSD.
Tested by Matthias Bauer and bluhm@
OK canacar@
|
|
m_prepend() should never be called directly, use M_PREPEND() instead.
Doing so simplifies the code. Tested by fkr@ and Paul de Weerd.
OK henning@
|
|
|
|
|
|
This reduces group failover time to a few milliseconds.
Diff from Nathanael.
OK henning@
|
|
Instead, keep the proc pointer in it and put the selinfo on a list
in struct proc in selrecord. Then clean up the list when leaving
sys_select and sys_poll.
miod@ ok, testing by many, including Bobs spamd boxes.
|
|
ok deraadt
|
|
passed; makes it less of nfs kind of code; henning@ ok
|
|
OK claudio@
|
|
we had to put this workaround in since /etc/rc used to use the exit code
if "ifconfig pflog0" to decide wether we run on a kernel with pflog support.
rc has been fixed to explicitely create pflog0 when pf and pflogd are
enabled in November 2006, so now is the time to remove this compat hack.
pplz who haven't updated rc since 2006/11/16 lose pflogd. ok ryan theo
|
|
This provides a similar functionality as ARP balancing,
but also works for traffic that comes across routers.
IPv6 is supported as well.
The configuration scheme will change as soon we have sth better.
Also add support for changing the MAC address on carp(4)
interfaces. (code from mcbride)
Tested by pyr@ and reyk@
OK mcbride@
|
|
Previously the descriptor was locked only after
an interface is set, leading to a race condition.
Reported by Jon Steel < jon.steel at esentire com >
tested by otto@, looks correct deraadt@
|
|
need uvm/uvm_extern.h to get at uvmexp. oops.
|
|
to 200,000 instead of the conservative 100,000; ok dhartmei beck
tested by ckuethe
|
|
tunnels.
Additional testing by Marc Winiger. OK kjc@ mbalmer@
|
|
ok claudio@
|
|
Don't allow the userland to fiddle with flags reserved by the driver.
Noticed by Ingo Schwarze.
|
|
ok dharthmei@, henning@
|
|
via TUNSIFINFO. ppp(8) was happily clearing the RUNNING flag and so all
incomming packets where dropped. Issue reported by irix <at> ukr <dot> net.
While there check that the mtu is in a valid range -- stolen from SIOCSIFMTU
case.
|
|
From FreeBSD
|
|
ok kettenis@ cloder@ tom@ henning@
|
|
OK tedu@
|
|
|
|
and passed around but never used. OK mglocker@
|
|
this allows an atomic read and reset counters, instead of read, reset in a
later ioctl and lose everything in between.
use the previously unused of pr->action. When it is set to PF_GET_CLR_CNTR,
the ioctl requires write permissions and counters are reset after they have
been copied out to userland.
obsoletes DIOCCLRRULECTRS, which only works for the main ruleset, but not
within anchors (yeah, that's how it all started)
ok dhartmei, mcbride and theo agree as well
|
|
|
|
ip6_dst (i'm bit skeptical about checksumming when the box is not the
final destination).
drop IPv6 jumbograms, as it could cause various funny symptoms due to
ip6_plen being 0 (yup, we should properly handle it instead).
ok by deraadt, naddy, hshoexer
|
|
- if the interface was auto-created by opening a /dev/tun* device it will
auto-destroy on close. This is comparable to ifconfig tun0 destroy and
will remove all routes and addresses associated with the interface.
- if the interface was created by ifconfig(8) or hostname.if(5) the interface
is persistent -- it is just marked as not running. Especially routes are no
longer removed when the interface is closed. This is useful for static
setups like the server side of a ssh vpn or static qemu session.
This behaviour is more logic then the half done cleanup that is currently done.
OK mpf@
|
|
with at least two ports are always handled as full fuplex links. this
change will allow trunks as edge ports in a rstp bridge(4).
ok brad@ pyr@
|
|
these flags on close. OK mpf@
|
|
compile and work. need to register pfkey whenever tcp md5 or ipsec is
defined, and the various ipsec encapsulations only if ipsec is defined.
ok theo
|
|
|
|
this fix PR 5056
discussed with camield@
OK camield@ claudio@ henning@
|
|
Requested by brad@
|
|
|