| Age | Commit message (Collapse) | Author |
|---|
|
manipulate alternate tables from userland. new tables are created
implicitely when an RTM_ADD for that table is seen.
ok norby claudio hshoexer
|
|
parameter so they can work on alternate tables. table 0 hardcoded for
many callers yet, that will be adapted step by step.
input + ok claudio norby hshoexer
|
|
remove the ugly routed hacks. OK henning@, hshoexer@
|
|
problem before: with this, we are no longer using the address family as
array index directly, since only 3 of 31 address fanilies actually attach
a table, but we're using an address family to array index translation (just
another array). there, 0 meant "does not attach a table", thus rt_gettable
has to return a null pointer. unfortunately we were using array index 0 for
whatever af attaches first, and since the list is backwards,, that used to
be ipsec - execpt on ipsec-less ramdisks, where it was inet6, and since
route show blindly iterates over all address families, and all those
without a table pointed to index 0, we got 28 or 29 copies of the v6 table.
i had that right initally, and then i borked it later... re-spotted by
claudio.
ok norby hshoexer claudio
|
|
'route show' dump out repeated copies of the v6 routing table on ramdisks.
on some architectures it spins forever doing this, on others it just
goes for a long time printing the v6 routes over and over before terminating.
spotted by jmc and krw, backout diff tested by beck.
|
|
As a first user, move the global carp(4) demotion counter
into the interface group. Thus we have the possibility
to define which carp interfaces are demoted together.
Put the demotion counter into the reserved field of the carp header.
With this, we can have carp act smarter if multiple errors occur.
It now always takes over other carp peers, that are advertising
with a higher demote count. As a side effect, we can also have
group failovers without the need of running in preempt mode.
The protocol change does not break compability with older
implementations.
Collaborative work with mcbride@
OK mcbride@, henning@
|
|
.. fixes proto display for the non zero case
ok claudio@
|
|
we trade higher memory consumption if the user doesn't use continous table
IDs, but in the worst case (table IDs 0 and 255, 64bit machine) that is 2KB
ok claudio ryan
|
|
|
|
-instead of staticaly declaring the heads, allocate memory for them
-add second dimension to the routing table head array, table ID
-space saver: do not use the AF as array index directly, but have an
AF->index translation array and only account for AFs actually attaching
a routing table
note that whil ethat allows for multiple routing table heads, nothing uses
taht yet.
tested by many, ok claudio reyk norby mcbride
|
|
OK henning@ norby@
|
|
msf@'s assistance with hexdumping, this bug was found.
do NOT access the wrong union member (sockaddr_in) when using v6 addresses
this fixes output errors when displaying v6 encap routes for ipsecctl, route,
and recently netstat
ok hshoexer@ markus@ claudio@ naddy@
|
|
mbuf flags so that the packet is sent out with a normal link local address
instead of a multicast or broadcast address. OK brad@
|
|
state limit and adaptive.end of 120% of the state limit.
Explicitly setting the adaptive timeouts will override the default,
and it can be disabled by setting both adaptive.start and adaptive.end to 0.
ok henning@
|
|
Another ipsec failover fix from nathanael at polymorpheus dot com.
ok hshoexer@
|
|
drivers report an active link state even if the interface is DOWN.
this should fix trunk with various ethernet devices.
ok brad@
|
|
|
|
more drivers.
ok reyk@
|
|
|
|
|
|
|
|
the establish calls were bypassed or failed.
ok mpf@
|
|
|
|
error counter. just silently drop them...
figured out by todd@, ok brad@
|
|
ok henning@
|
|
supporting ethernet jumbo frames. there's no standard for the size of
jumbo MTUs, so either let the driver set it's own value or use 9000
byte jumbo frames by default.
ok brad@
|
|
PR5122 Jann Fischer <jfi@openbsd.de>, thanks!
|
|
possible kernel panic. this happened to me by using tun(4) in layer 2
mode (link0 flag) as a trunk port for testing.
|
|
comparison of the TDB before collapsing multiple updates.
Another ipsec failover fix from Nathanael <list-openbsd-tech@polymorpheus.com>
|
|
the vlan priority. Relaxes the order of the vlanprio parameter in ifconfig.
OK claudio, brad, norby
|
|
work between little-endian and big-endian machines, and compare the spi
against SPI_RESERVED_MAX correctly.
Fix from Nathanael <list-openbsd-tech at polymorpheus dot com>
|
|
set up pfkey promiscuous mode.
Diff from Nathanael <list-openbsd-tech at polymorpheus dot com>
|
|
only bar under foo, not /bar as well.
secondly, when using "load anchor from" from a sub-anchor, the loading
point should be relative to the sub-anchor doing the load (unless absolute
paths are used, of course).
from Boris Polevoy. probably a -stable candidate.
|
|
pointer and a panic later on. Be more careful Claudio! OK henning@
|
|
cases harmless it is used by the IPv6 code. The result is that bgpd is unable
to assigning link local addresses to the correct interface. OK henning@
Fix for PR 5063.
|
|
altered chain. The cached tag may have already been freed via m_cat.
|
|
device. previously this was only done at config time, so vlan if's baudrate
could easily get out of sync with parent's. ok camield brad
|
|
instead of kvm access. OK henning@
|
|
This new rmx_refcnt can be used by route(8) to produce the same output
as netstat(1). OK henning@
|
|
|
|
outbound), using a new BIOCSDIRFILT ioctl;
guidance, feedback and ok canacar@
|
|
fbsd PR 93849 from Max Laier, ok claudio@
|
|
directly. rather provide a rt_lookup function for regular lookups,
and a rt_gettable for those that need access to the head for some reason.
the latter cases should be revisted later probably so that nothing outside
the routing core code accesses the heads at all...
tested claudio jolan me, ok claudio markus
|
|
interface that is removed. use that from if.c and if_tun.c instead of
re-implementing in the latter case. ok claudio
|
|
mbuf clusters if the packet is big enough. This should speed up tun(4) and
may help in other cases where long mbuf chains hurt.
Additionally switch the default tun(4) MTU to a more sane 1500 bytes.
TUNMTU is kept because it is used in userland.
Input and OK from brad@ and djm@
|
|
which optionally verifies that a packet is received on the interface
that holds the route back to the packet's source address. This makes
it an automatic ingress filter, but only when routing is fully
symmetric.
bugfix feedback claudio@; ok claudio@ and dhartmei@
|
|
|
|
ok miod@
|
|
|
|
|
