| Age | Commit message (Collapse) | Author |
|---|
|
which allows us to modify ifnet structure in a relatively safe way;
discussed with deraadt, ok mpi
|
|
ok deraadt@
|
|
|
|
ok deraadt
|
|
ok mikeb@, henning@, deraadt@, brad@, miod@
|
|
Found by LLVM/Clang Static Analyzer.
ok benno@ henning@
|
|
rule even if the latter had no prio flag. Fix match rules with
prio to work as expected.
Found by Roman Kravchuk; reported and tested by Alexey Suslikov;
OK henning@
|
|
ok tedu
|
|
While here add a comment explaining detach hooks' order of execution when
destroying/detaching an interface.
|
|
|
|
Found by LLVM/Clang Static Analyzer.
ok henning@ mikeb@ bluhm@
|
|
more like the original conditional.
if this doesnt fix rd thrushs panic, then this should be reverted to
r1.85.
|
|
kernel diagnostic assertion \"sotoinpcb(inp->inp_socket) == inp\"
failed: file "../../../../netinet/tcp_input.c", line 646
Will think of a better fix.
|
|
stack should still scan for IPv6 type 0 routing headers. There are
OpenBSD routers running without pf and there are plenty of legacy
implementations supporting RH0.
Bring back the function ip6_check_rh0hdr() that I removed a month
ago. As an improvement to the prevoius solution, only scan the
header chain in ip6_input() if the packet has not been inspected
by pf. Both implementations drop packets with RH0 anywhere in the
extension header chain.
OK mikeb@ henning@
|
|
from erik at halon dot se, ok benno phessler benno
|
|
things, setups with ipsec+ifbound.
The sympthon was that local IPSec packets (tunnel->tunnel) would not
match state after the latest pf_find_state() changes. The first packet
would go through, but the subsequent ones would fail the match and
collide later with the existing state.
ok henning@ markus@
|
|
Move address assignment to process context. This uses a workq at
present, conversion to taskq is on my todo list (discussed with dlg).
Instead of rummaging around in sockaddr_in6 structs, use the proper
netinet6 APIs to configure addresses.
Deal with IFID collisions instead of ignoring them. The whole point of
IPv6CP is to avoid IFID collisions. Use arc4random() during IFID generation.
Assign destination address to /128 point-to-point links.
tested by me and sthen with pppoe(4)
ok sthen
|
|
ok benno
|
|
ok henning benno
|
|
cheers to sthen@ and krw@ for properly dealing with the fallout of my
first commit.
|
|
< 0" seen by RD Thrush, http://article.gmane.org/gmane.os.openbsd.bugs/20113
where he has a long-running process using bpf which is active at the time of
panic. krw@ agrees with reverting for now.
|
|
network to presentation format to inet_ntop().
The few remaining functions will be soon converted.
ok mikeb@, deraadt@ and moral support from henning@
|
|
with "ticks - start > interval" because the latter copes with the ticks
value wrapping.
pointed out by guenther@
ok krw@
|
|
the rx ring was last allowed to grow and then assigned to it. it
is erroneous to do this because mcl_grown is a u_int and ticks is an
int.
this makes mcl_grown an int, and follows the idiom in kern_timeout.c
of going "thing - ticks < diff", which better copes with ticks
wrapping around and being used to calculate relative intervals.
ok pirofti@ guenther@
|
|
they must be appended to the head of the list. It doesn't really matter
right now since most of our pseudo drivers use their own custom detach
procedure, but teach vlan(4) to do the right thing since more conversion
are coming.
ok deraadt@
|
|
detach hook when the parent interface is destroy/removed.
ok reyk@
|
|
ok sthen
|
|
This is a modified version of oldtbr_timeout() with a timeout for each
HFSC enabled interface. We can now safely include <sys/timeout.h> in
net/hfsc.h without breaking the build.
tested by naddy, ok henning claudio deraadt
|
|
tested by naddy, ok deraadt
|
|
alignment architectures. Use m_copydata() instead of mtod().
OK deraadt@
|
|
From Anders Berggren (anders AT halon DOT se), thanks.
OK henning, benno
|
|
to 64 bit. Increase the routing message version from 4 to 5. Add
a small compatibility layer that allows to set routes with old user
land and new kernel. Old kernel with new user land does not work.
The compatibility layer ist not perfect, but it allows to configure
addresses with old ifconfig and new kernel. Route get also works
in this setup. dhclient hangs as messages for interface address
changes with old version are not generated.
OK claudio@
|
|
|
|
This is a modified version of oldtbr_timeout() with a timeout for each
HFSC enabled interface.
ok henning claudio
|
|
ok henning@
|
|
|
|
selection process fails; ok henning
|
|
a configured IPv4 address but iterates on its private list instead.
ok deraadt@
|
|
miod@ cannot find two boards using the same media.
With precious punctuation review from guenther@, thanks!
ok deraadt@, henning@
|
|
the incorrect pf_change_ap call; while here make the tcp case use
pf_change_ap since it shares the same properties. ok henning
|
|
ok claudio
|
|
global variables to in6.h.
ok deraadt@
|
|
obviously only used in the kernel) behind #ifdef _KERNEL
|
|
|
|
as a payload of icmp error messages; makes traceroute6 operate
across a nat64 gateway.
prompted by sthen, ok henning
|
|
global variables to in.h.
ok mikeb@, deraadt@
|
|
changing it. fixes an icmp to icmpv6 translation regression found
by todd and sthen.
ok henning sthen
|
|
intended after the ICMP/ICMPv6 checksum is zeroed in pf_cksum(). This
resolves an issue found by sthen@ where ICMP traffic with nat-to failed
due to incorrect checksums.
Fix tested by sthen@ and myself
OK henning@
|
|
|
|
"do it" deraadt@
|
