| Age | Commit message (Collapse) | Author |
|---|
|
The limit between the radix layer and the route layer is somewhat
vague, if it exists at all. This changes prevent rtrequest1(9) to
find and delete the root node (RNF_ROOT) when trying to delete a
non-existing default route:
# route delete 0.0.0.0
delete host 0.0.0.0
# route delete 0.0.0.0
route: writing to routing socket: No such process
delete host 0.0.0.0: not in table
Historically rn_delete() was a no-op when called with an internal
node as argument. But there's no reason to manipulate such node.
In a better world rn_match() would contain such check, but let's
change the perfect-match function for the moment as this fixes a
bug and many dragons are lurking in there.
Fix a regression introduced by the big refactoring of r1.40 and
reported by tobias@.
ok tobias@, claudio@, pelikan@
|
|
pipex and bridge. this puts KERNEL_LOCK/KERNEL_UNLOCK around the pipex
chunk till we can give it some mp love.
ok yasuoka@ mpi@
|
|
if a pseudo-interface is on a different rdomain than its parent.
Sorry for the inconvenience, I hope you'll fly again with us.
Regression reported by and ok semarie@, ok phessler@
|
|
|
|
ifp in order to access its ifih handlers.
So get rid of if_get() in the various ifih handlers we know the ifp is
live at this point.
ok dlg@
|
|
compatibility with 4.3BSD in September 1989.
*Pick your own definition for "temporary".
ok bluhm@, claudio@, dlg@
|
|
talking about (*ifp->if_output)().
ok claudio@, dlg@
|
|
after the Ethernet header in its own function and use it in bridge_input().
This should fix alignment issues kettenis@ is seeing.
ok bluhm@, claudio@
|
|
This prevents rtentry loops when rt->rt_gwroute points to rt leading
to an infamous "rtentry leak" panic, easily triggered by dhclient(8)
trying to remove a route after resuming a machine.
This bug is at least 20 years old! 4.4BSD-Lite2 had a fix for it in
its X.25 output routine but apparently it never made it into OpenBSD.
ok claudio@
|
|
tweaks and ok mpi@
|
|
In bridge(4) speak, broadcast-like packets are Ethernet Multicast
frames or Unicast for which the destination is unknown.
It makes sense to not retransmit broadcast-like packets on the interface
they were received but they still must be delivered to the network stack.
Problem reported by and ok jasper@
|
|
|
|
This fix some weird bridge(4) configurations involving pseudo-drivers
stacked on top of interfaces in a bridge.
Also simplifies the loop prevention logic to match bridge's input path.
Instead of using a tag per port/bridge simply flag output mbufs to make
sure only one copy per bridge go through bridge_output().
ok bluhm@, claudio@
|
|
Not all drivers make use of ether_output() and there's no real reason to
call it when no ARP resolution is needed. But in this case we still want
to make sure we're sending packets in the correct rdomain.
ok bluhm@, claudio@ as part of a larger diff.
|
|
an interface is destroyed or removed.
Since the introduction of ph_ifidx, as soon as a mbuf with an invalid
interface index is dequeued it will be freed.
ok claudio@, dlg@
|
|
Note that pseudo-drivers not using if_input() are not affected by this
conversion.
ok mikeb@, kettenis@, claudio@, dlg@
|
|
Most of the ARP layer already take an ifp pointer and this makes clear
wich chunks of code are messing with ac_enaddr.
Note that our Ethernet code assume that these pointer are interchangeable
since the first element of the "struct arpcom" is a "struct ifnet".
|
|
Move bridge_input() outside of ether_input() in order to duplicate packets
flowing through a bridge port before applying any transformation on mbufs.
This saves a various m_adj(9)/M_PREPEND(9) dances and remove the bridge(4)
hack from vlan(4).
Tested by mxb <mxb AT alumni DOT chalmers DOT se> and kettenis@
ok bluhm@
|
|
Do rule counter increments after state has been successfully
installed. This has an additional benefit of making error
handling a bit simpler.
OK mpi, bluhm
|
|
Pass the length to free(9), do not violate the radix/route layer and
set the gateway of a route a bit later to simplify error code path.
ok claudio@
|
|
receiving interface in the packet header of every mbuf.
The interface pointer should now be retrieved when necessary with
if_get(). If a NULL pointer is returned by if_get(), the interface
has probably been destroy/removed and the mbuf should be freed.
Such mechanism will simplify garbage collection of mbufs and limit
problems with dangling ifp pointers.
Tested by jmatthew@ and krw@, discussed with many.
ok mikeb@, bluhm@, dlg@
|
|
in my case dhclient(8), races with ifconfig(8) to free the descriptors
of the joined multicast groups.
While here reduce the difference with carp(4).
ok dms@
|
|
ok lteo@
|
|
|
|
|
|
now that all drivers and pseudo-drivers are using if_input().
if_input() is reentrant and is now the only place where we set `rcvif'.
|
|
ok dlg@
|
|
vlan_start().
ok sthen@, phessler@
|
|
ok sthen@, phessler@
|
|
something based on an address family and later assumes one of the paths
was taken. This was initially just calls to panic until guenther
suggested a function to reduce the amount of strings needed.
This reduces the amount of noise with static analysers and acts
as a sanity check.
ok guenther@ bluhm@
|
|
routes.
Since such routes are also flagged with RTF_LLINFO various code path
assume correctly that they contain valid ARP or ND information.
This fixes the "arpresolve: unresolved and rt_expire == 0" issue
reported on tech@ by mxb <mxb AT alumni DOT chalmers DOT se>.
ok claudio@, phessler@
|
|
Reshuffle the code around a bit and greatly improve error handling
fixing a few bugs along the way.
Problem reported by and fix was written with Alexandr Nedvedicky.
OK henning
|
|
ok mpi, kettenis
|
|
using table or dynamic interface addresses for source-hash. Also
avoid calling arc4random_uniform() with upper_bound == 0.
ok mikeb
|
|
allocates mbufs at IPL_SOFTTTY, which is above the IPL_NET the mbuf layer protects itself at.
recent improvements to diagnostics in pools and mbufs now panic
instead of letting these things silently corrupt.
this reworks the ppp handling in the tty layer so it has its own
private pool to allocate packet memory out of. these packets get
built and then queued for softnet to process. softnet dequeues the
packet and attaches it to mbufs as external storage before handing
it on to the rest of the stack.
this was reported on bugs@ and tested by both Walter Daugherity and
Martin van den Nieuwelaar
ok deraadt@ mpi@
|
|
|
|
ok jasper@, bluhm@
|
|
Tested by <mxb AT alumni DOT chalmers DOT se>, thanks!
ok bluhm@, dlg@
|
|
Tested by Norman Golisz and <mxb AT alumni DOT chalmers DOT se>, thanks!
ok bluhm@
|
|
ok dlg@
|
|
vlan header out of the packet.
fixes rx on top of trunks on top of nics that dont do hw vlan tagging.
ok mpi@
|
|
Since we've strengthened the ICMP state matching procedure during lookup
to only match packets against states set up in a particular direction, we
need to make sure we don't create states on packets that would otherwise
be flowing in the direction opposite to the direction of the state and
prevent further packets from matching the created state due to strict
rules imposed by the ICMP direction check.
Problem reported by Alexandr Nedvedicky, alexandr.nedvedicky-at-oracle.com.
Discussed with reyk@; OK henning
|
|
of RTF_CLONING and RTF_BROASCAST routes to not create MPATH conflicts
when IP address aliases are used.
This change makes it possible to have multiple RTF_CLONING routes with
the same priority. Note that any of the existing RTF_CLONING route
might be used by the kernel to create a RTF_CLONED route which should
not be a problem with aliases since they are attached to the same ifp.
This unbreak address aliases since the kernel supports multiple connected
routes for a subnet.
Found the hardway by djm@, ok claudio@
|
|
This makes rt_mpath_conflict() work as expected when adding routes
with the same destination and the same netmask.
With and ok claudio@
|
|
the second (unused) argument of the input packet handlers.
ok dlg@
|
|
change it from feeding the ethertype of the packet (which is almost
certainly an ip packet or vlan packet, so not that variable) to the
number of packets about to be processed.
ok deraadt@ mpi@
|
|
from brad@ and tested locally.
|
|
from markus@
sorry for the mixup
|
|
(triggered by bgpd).
ok marku@s, mikeb@
|
|
fixes rekeying for l2tp/ipsec against multiple windows clients
and saves memory (for many SAs to same peers); feedback and ok mikeb@
|
