Age | Commit message (Collapse) | Author |
|
route priority.
While here document a RTM_ADD message is only send to userland for
local entries.
ok mikeb@, florian@
|
|
the tree. Found by millert@.
|
|
processing of router advertisements was already in the kernel.
With this rtsol{,d}(8) is no longer necessary.
The kernel starts sending solicitations with
# ifconfig $IF inet6 autoconf
or
inet6 autoconf
in /etc/hostname.$IF.
input stsp@
much help & OK mpi@
tweaks & OK bluhm@
|
|
invalid. When such thing happens, it means that the address is no
longer configured on the system but still referenced by some routes.
So do not return such ifa in ifa_ifwithroute().
Fix a panic reported by Pierre Bardou.
ok mikeb@, henning@
|
|
also adds a broadcast entry flagged with RTF_BROADCAST.
Prior to this change broadcast entries were simple clonned ARP entries,
that would be deleted once their timer expired since they would always
be incomplete.
With this change they are now persistant and identifiable with a new flag.
Committing early to be able to deal with any potential fallout before we
start relying on this.
ok florian@, mikeb@, henning@
|
|
Those two functions take one dev_t argument, not int. Match declarations
with reality. No functional changes.
|
|
a magic number 4 since sometimes we can't fit a single packet
(jumbo frame) into 4 clusters.
OK dlg
|
|
|
|
ok florian@ henning@
|
|
Active Discovery Terminate packets.
ok mikeb@, henning@, phessler@
|
|
diff from benno@.
ok benno@, florian@
|
|
anchors for "once" rules: "In case this is the only rule in the
anchor, the anchor will be destroyed automatically after the rule
is matched." Employ an additional pointer pair to keep track of
the parent ruleset containing the anchor that we want to remove.
OK henning
|
|
that owns the anchor on the pf anchor stack. There's no reason why we
should check for depth here. As a side effect this makes sure that the
correct nested anchor gets it's counter bumped instead of the top most.
For the save/restore symmetry pf_step_out_of_anchor is made to always
restore previous value of the anchor rule. depth == 0 means what we a
at the top (main ruleset).
OK henning
|
|
start with a ruleset pointer assigned to pf_main_ruleset so that
pf_purge_rule doesn't get called with a NULL.
Prompted by the discussion with Alexandr Nedvedicky <alexandr !
nedvedicky at oracle ! com>.
OK henning
|
|
|
|
adding local route entries.
This hack made sense when we didn't have the RTF_LOCAL flag, but since
some months it is set on every local route.
|
|
aware of them.
Original commit message was:
Reserve the highest route priority for kernel-managed routes and prevent
userland from playing with the local and broadcast flags.
ok claudio@
|
|
for btintr(), as well as the also gone atintr() and clnlintr()
|
|
Even if in the end we would like to be more strict about what userland
can do with kernel-managed route entries, most of the tools out there
are not yet ready for this. Since RTF_LOCAL routes are for the moment
just like RTF_LLINFO routes without expire timer, allow userland tools
to remove/modify them. In case they are missing, the good old cloning
mechanism will recreate what you need.
bluhm@ and deraadt@ agree.
|
|
|
|
we can pull the space the mbuf layer used to do per interface accounting
out of struct if_data.
saves a hundredish bytes on every interface.
ok deraadt@ claudio@
|
|
checksum has to be recalculated before the packet is fragmented
again. Put a missing in6_proto_cksum_out() into pf_refragment6().
This makes run-regress-frag6 and run-regress-frag6-ext pass again.
From Matthias Pitzl; OK henning@
|
|
fixes the rewrite of an IPv6 header of an ICMP6 packet in the payload
of an ICMP6 error packet. Path MTU discovery with ping6 over pf
nat or rdr works again.
Found by src/regress/sys/net/pf_fragment make run-regress-fragping6
OK henning@
|
|
after discussions with beck deraadt kettenis.
|
|
|
|
farewell, then. has been #ifdef notyet for the last 19 years
|
|
machine and restore the original behavior of RTM_ADD and RTM_DELETE
by always generating one message per locally configured address.
This time, make sure the local route is removed during an address change,
since at least pppoe(4) do some funky magics with wildcard addresses that
might corrupt the routing tree, as found by naddy@
Also do not add a local route if the specified address is 0.0.0.0, to
prevent a tree corruption, as found by guenther@.
Putting this in now so that it gets tested, claudio@ agrees. Please
contact me if you find any route-related regression caused by this
change.
|
|
spotted by Kent R. Spillner <kspillner acm org>
|
|
bluetooth support doesn't work and isn't going anywhere. the current
design is a dead end, and should not be the basis for any future support.
general consensus says to whack it so as to not mislead the unwary.
|
|
accept rtadvs on that interface. the global net.inet6.ip6.accept_rtadv
sysctl just doesn't cut it, even tho the spec wants that - but in their
little absurd world, a host just has one interface by definition anyway...
the sysctlgoes away.
lots of head scratching, brain cell elemination etc from bluhm benno stsp
florian, excitement from simon and todd, ok bluhm stsp benno florian
|
|
pipex_session_req.
|
|
bpf listeners on a vlan interface don't expect to see a vlan header (you
expect those on the underlaying if). since we no longer prepend an ethernet
header to later throw it away and prepend an ether_vlan_header, we prepend
a ether_vlan_header right away. to unconfuse bpf listeners we need to cut
the 4 extra bytes out, which is what bpf_mtap_stripvlan does.
problem noticed by dlg with dhcrelay, ok benno dlg
|
|
|
|
|
|
|
|
ether_vlan_header to make it a regular ether_header while copying into
the bpf buffer.
add bpf_mtap_stripvlan, which is a 1-line wrapper around _bpf_mtap passing
this copy function in.
ok benno
|
|
unnecessarily allocating an mbuf tag to store the divert port, just pass
the divert port directly to divert_packet() or divert6_packet() as an
argument.
includes a style fix pointed out by bluhm@
ok bluhm@ henning@ reyk@
|
|
blambert@, henning@, lteo@
|
|
ok guenther
|
|
here any more
|
|
now that it is a trivial wrapper around the extended bpf_mtap_hdr, we can
use bpf_mtap_hdr directly. added benefit: pflog_bpfcopy doesn't need to
be exported any more and can stay private to if_pflog.c
ok benno bluhm reyk
|
|
the various bpf_mtap_* are very similiar, they differ in what (and to some
extent how) they prepend something, and what copy function they pass to
bpf_catchpacket.
use an internal _bpf_mtap as "backend" for bpf_mtap and friends.
extend bpf_mtap_hdr so that it covers all common cases:
if dlen is 0, nothing gets prepended.
copy function can be given, if NULL the default bpf_mcopy is used.
adjust the existing bpf_mtap_hdr users to pass a NULL ptr for the copy fn.
re-implement bpf_mtap_af as simple wrapper for bpf_mtap_hdr.
re-implement bpf_mtap_ether using bpf_map_hdr
re-implement bpf_mtap_pflog as trivial bpf_mtap_hdr wrapper
ok bluhm benno
|
|
don't need to be married.
ok guenther miod beck jsing kettenis
|
|
via if_rxring things. this effectively deprecates the third argument
for MCLGETI and m_clget and makes the mbuf layer no longer care about
interfaces and simplifies the allocation paths.
the timeout used to measure livelock has been moved to net/if.c.
ok mpi@
|
|
out of the mbuf layer, and break the assumption that an interface will
only have a single ring per mbuf cluster size.
mpi@ is ok with moving this forward
|
|
|
|
|
|
|
|
Fix a panic when trying to remove a route with the magical 0.0.0.0
destination.
looks ok to claudio@
|
|
This fixes the "integer divide fault trap" bug caused by the second malloc
skipping a beat and leaving the amount of allocated queues equal to zero.
tested by me, ok henning mikeb
|