| Age | Commit message (Collapse) | Author |
|---|
|
ok markus, hshoexer
|
|
Since the removal of the link-layer ifa from "struct ifnet" it was
impossible to configure MPLS routes on mpe(4). Because just like
enc(4), mpe(4) was abusing the link-layer ifa to attach its route
entries.
So explicitly pass a "glue" ifa to the routing layer.
From Rafael Zalamena who discovered this the hardway, thanks!
ok claudio@
|
|
use of struct ifqueue for things handled by softnet. they instead
use an mbuf_queue (yay mpsafe) and wrap up the schednetisr and
if_congestion handling.
ok mpi@
|
|
its only used for the ip and ip6 network stack input queues, so it
seems unfair that every instance of ifqueue has to carry a pointer
around for this specific use case.
this moves the congestion marker to a kernel global. if we detect
that we're congested, we assume the whole system is busy and punish
all input queues.
marking a system as congested is done by setting the global to the
current value of ticks. as the system moves away from that value,
it moves away from being congested until the comparison fails.
written at s2k15
ok henning@ beck@ bluhm@ claudio@
|
|
"Look safe" henning@, ok florian@
|
|
SO_BINDANY socket, the new state didn't have a link of the socket's
pcb. So the incoming packets allowed by the state were mistakenly
forwarded and the pcb could not get them. Fix pf not to lost the link
of the pcb when the state is recreated.
ok bluhm mikeb
|
|
have any direct symbols used. Tested for indirect use by compiling
amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
|
to the multipath chain when removing routes. This fixes the sbin/route
testcases 17-19 and fixes an annoying opsfd bug because of routes
wrongly marked as multipath ones.
OK deraadt, mpi, sthen, benno, phessler
|
|
hfsc_qstats cope with a NULL ifp. Can happen when refering to nonexistant
interfaces from pf.conf. Problem noticed and fix tested by Kevin Chadwick
<ma1l1ists at yahoo.co.uk>, ok phessler benno
|
|
router solicitations. Send the router soliciation right away instead of
having a 60 second window between enabling SLAAC on the interface and the
router solicitation being sent.
ok florian@ stsp@ mpi@
|
|
code scanner. Changing return to break also fixes a failure to unlock.
Also fix a NULL check for that variable noticed by bluhm.
ok bluhm henning millert
|
|
(will panic) in bridge context; ok henning@
|
|
mean "prio is 0". This avoids the need for code changes in programs which add
pf rules (as was done in pfctl but not other programs) to handle the new
"check prio" functionality. Specifically this unbreaks ftp-proxy.
Use of #define rather than magic 0xff suggested by benno.
ok benno "if henning doesnt like it he can change it when he recovers from jet-lag"
(this file missed from previous commit, noticed by daniel@)
|
|
mean "prio is 0". This avoids the need for code changes in programs which add
pf rules (as was done in pfctl but not other programs) to handle the new
"check prio" functionality. Specifically this unbreaks ftp-proxy.
Use of #define rather than magic 0xff suggested by benno.
ok benno "if henning doesnt like it he can change it when he recovers from jet-lag"
|
|
define in sys/limits.h. OK guenther@
|
|
of different routing domains.
The same change has been applied to rt_if_track() in r1.205.
ok claudio@
|
|
is a debug tool change of semantics not considered problematic.
up until now, log(matches) forced logging on subsequent matching rules,
the actual logging used the log settings from that matched rule.
now, log(matches) causes subsequent matches to be logged with the log settings
from the log(matches) rule. in particular (this was the driving point),
log(matches, to pflog23) allows you to have the trace log going to a seperate
pflog interface, not clobbering your regular pflogs, actually not affecting
them at all.
long conversation with bluhm about it, which didn't lead to a single bit
changed in the diff but was very very helpful. ok bluhm as well.
|
|
of memory.
The key (destination) is only set once, when the route is inserted in
the routing table, and does not need to change afterward. The gateway
might change and rt_setgate() will do all the checks for you.
ok claudio@
|
|
- rename uiomove() to uiomovei() and update all its users.
- introduce uiomove(), which is similar to uiomovei() but with a size_t.
- rewrite uiomovei() as an uiomove() wrapper.
ok kettenis@
|
|
no real compat issue since we're using spare bytes.
old -> new ends up with set prio (0, 0) equivalent
new -> old is entirely harmless, old ignores the prios.
requested by Alexey Suslikov <alexey.suslikov at gmail>
ok phessler pelikan dlg
|
|
i. e. on vlan interfaces, it is useful to be able to match on it -
effectively matching on classification done elsewhere.
i thought i had long implemented that, but chrisz@ asking for it made
me notice that wasn't the case.
tests by chrisz, ok phessler pelikan
|
|
OK mpi@
|
|
ALTQ version has been on tech@ for years, people were generally ok with it.
ok henning
|
|
was setting max_win to 0 and discarded retransmitted SYN-ACK segments
without wscale if the original SYN contained a wscale option.
with gerhard@, ok henning@
|
|
of a single mbuf. this forces us to batch work between the hardware
rx handlers and the stack.
this includes a converstion of bge from ether_input to if_input.
ok claudio@ pelikan@ mpi@
|
|
ok mpi@
|
|
recieving ring to the stack.
if_input() is at the moment a drop-in replacement for ether_input_mbuf()
but will let us stack pseudo-driver in a nice way in order to no longer
call ether_input() recursively.
ok pelikan@, reyk@, blambert@, henning@
|
|
if we ever do sth like RED again it almost certainly won't be RED; the code
isn't even in a state to be useful as documentation/hint, and even if it
was it could be retrieved from the attic.
|
|
ok mpi pelikan
|
|
the 3WHS is completed, establish the backend connection. The trigger
for "3WHS completed" is the reception of the first ACK. However, we
should not proceed if that ACK also has RST or FIN set.
ACK+RST part pointed out by Kojedzinszky Richard <krichy at tvnetwork hu>
ok mikeb dlg phessler claudio
|
|
fixes some compiler warnings, tested by amd64 base build
ok beck
|
|
prio from the vlan header to our pf priority levels. This fixes the
mapping in the bridge code.
ok henning
|
|
prio from the vlan header to our pf priority levels. This fixes the
mapping on the ouput path.
ok henning
|
|
When mapping 802.1p prio from the vlan header to our priority levels, we
have to swap 0 and 1, since in 802.1p, 1 is the lowest prio, and 0 the
2nd lowest. But 2..7 are in the expected order!
Pointed out to me at BSDcan and I forgot by whom, sorry for that and the
delay. ok phessler pelikan
|
|
everything in the kernel for everybody anyway, can as well use the
opportunity to move the block with the IF_* macros down next to the IFQ_*
versions; has always been slightly confusing - was like that due to the
long gone ALTQ versions of these macros. claudio agrees.
|
|
|
|
especially given that these are the only users of these macros.
ok claudio
|
|
ok claudio@
|
|
checking for actual conflict.
ok claudio@, henning@
|
|
SIOCIFAFATTACH is a noop
SIOCIFAFDETACH calls in_ifdetach(), thus removing all AF_INET addresses
ok phessler theo
|
|
Packets destinated to link-local addresses are looped back with embedded
scopes because we cannot restore them using the receiving interface (lo0).
Embedded scopes are needed by the routing table to match RTF_LOCAL routes,
but pf(4) never saw them and existing rules are likely to break without
teaching the rule engine about them, found by dlg@ the hard way.
So save and restore embedded scopes around pf_test() for packets going
through loopback.
ok dlg@, mikeb@
|
|
nmap is broken, as reported by kent fritz.
pending further investigation, we should keep nmap working until a
better fix is developed for the original problem.
|
|
email.
|
|
the start time so the next read behaves the same.
from Simon Mages
|
|
interfaces.
When the kernel automagically configures IPv6 addresses on loopback
interfaces, start by assigning a link-local address and then try to
assign "::1".
Only the first configured loopback interface per rdomain can have the
"::1" address. But even if other loopback interfaces failed to get
this address, because it is already taken, give them a chance to have
a link-local address.
While here change in6_ifattach() to return an error value and remove
duplicated code.
Fix a regression introduced by the NOINET6 flag removal.
ok henning@, stsp@, florian@, benno@
|
|
Allow to use different size than the default of 32K.
ok henning@, stsp@, florian@, benno@ as part of a larger diff.
|
|
when workqs were introduced, we provided a second argument so you
could pass a thing and some context to work on it in. there were
very few things that took advantage of the second argument, so when
i introduced pools i suggested removing it. since tasks were meant
to replace workqs, it was requested that we keep the second argument
to make porting from workqs to tasks easier.
now that workqs are gone, i had a look at the use of the second
argument again and found only one good use of it (vdsp(4) on sparc64
if you're interested) and a tiny handful of questionable uses. the
vast majority of tasks only used a single argument. i have since
modified all tasks that used two args to only use one, so now we
can remove the second argument.
so this is a mechanical change. all tasks only passed NULL as their
second argument, so we can just remove it.
ok krw@
|
|
Instead check the error code returned by this function and let the
caller free the route entry when appropriate.
ok bluhm@
|
|
before <net/pfvar.h> or <net/if_pflog.h>. The kernel files can be
cleaned up next. Some sockaddr_union steps make it into here as well.
ok naddy
|
|
from Fabian Raetz
|
