summaryrefslogtreecommitdiff
path: root/sys/net
AgeCommit message (Collapse)Author
2015-08-03A recently added sanity check panic in pf_postprocess_addr() wasJonathan Gray
triggered for a reply-to rule. It turns out this case has been using uninitialised memory as if it were a valid pf pool. As the rest of the function assumes a valid pool for now just return. Problem reported by RD Thrush. ok jung@ mikeb@
2015-07-29Don't use mpls_input() as input handler anymore and instead call itRafael Zalamena
directly. Also protect non mp-safe functions while at it. ok mpi@.
2015-07-21Added OpenBSD CVS tag.Rafael Zalamena
2015-07-21No more AF_LINK addresses on the per-ifp address lists. ok mpi@Jeremie Courreges-Anglas
2015-07-21We don't do 'ARGSUSED' anymoreFlorian Obser
2015-07-21use curproc instead of proc0Florian Obser
pointed out by and OK bluhm@
2015-07-21Put the mbuf_list inside "#ifdef MPLS".Martin Pieuchot
reported by rpe@
2015-07-21- added /* FALLTHROUGH */ comments, typecasts (u_int32_t)-1, ...Alexandr Nedvedicky
ok mpi@
2015-07-20Use the kernel socket interface (sosend(9) etc) instead of shovingFlorian Obser
packets directly into the network stack with ip_output(). The locking is intentionally left as is and will be improved in another commit. Input / OK bluhm@, OK benno@
2015-07-20Remove splassert(IPL_NET) from if_input().Martin Pieuchot
if_input() has been designed to be able to safely handle a batch of packets from physical drivers to the network stack. Most of these drivers have an interrupt routine executed at IPL_NET and the check made sense during the conversion. However we also want to re-enqueue packets with if_input() from the network stack currently running at IPL_SOFTNET. ok claudio@
2015-07-20Implemented MPLS pseudowire (mpw(4)) to be used with VPLS and VPWS.Rafael Zalamena
ok mpi@, claudio@.
2015-07-20Kill NETISR_MPLS, from now on we will use interface input handlers to dealRafael Zalamena
with MPLS packets. ok mpi@, claudio@
2015-07-20Add some panics to default paths where code later assumes a non defaultJonathan Gray
path was taken. This both prevents warnings from clang and acts as a sanity check. ok mcbride@ henning@
2015-07-20INET6 is here to stay, so stop hauling around never-compiled codeRyan Thomas McBride
to optimize for an INET-only kernel, as well as the fantasy unicorn INET6-only kernel. (INET-only kernel still works) prompted by deraadt ok bluhm sashan
2015-07-19rule_item might leak, when pf_create_state() failssashan
OK @mcbride
2015-07-19potential memory leak in SIOCADDRULEsashan
ok mcbride@
2015-07-19unsinged variables should not be compared to be leq than 0 (unsigned a <= 0)sashan
ok mcbride@
2015-07-19unused arguments at pf_normalize_tcp_init() and pf_refragment6()sashan
OK deraadt.
2015-07-18pf_send_tcp() should also use unhandled_af()sashan
ok jsg@, ok mpi@
2015-07-18Raise SPL to SPL_NET before calling if_input() in vxlan_lookup().Kazuya Goda
ok reyk@ mpi@
2015-07-18NET_RT_DUMP is dumb and tries to iterates over all possible AF tablesMartin Pieuchot
of a given rtable if none is specified. In this case do not return an error if a table is missing for one of the ~30 funky AF defines we have in <sys/socket.h> Breakage found by and fix discussed with claudio@
2015-07-18msg.mpisashan
2015-07-18follow up changes on unknown AF handlingsashan
- PF should always use unhandled_af() - 0 is lame, AF_UNSPEC is profi ok bluhm@
2015-07-18There's no longer a need to force carp(4) interfaces to be the last onesMartin Pieuchot
in the &ifnet list of interfaces. carp(4) is slowly becoming less special. Should keep the carp interfaces in the correct order in ifconfig output as reported by Johan Huldtgren. ok florian@, claudio@, benno@
2015-07-18Abstract the routing table internals behind an rtable_* API.Martin Pieuchot
Code abusing the radix internals for the routing table should now includes <net/rtable.h> and only deal with "struct rtentry". Code using a radix tree for another purpose can still include <net/radix.h>. Inputs from and ok claudio@, mikeb@
2015-07-18Even if pf(4) is not compiled with SMALL_KERNEL add a define aroundMartin Pieuchot
rt_mpath_next() to document the difference in behavior between the multipath and non-multipath routing code. No that the same pattern is present in if_group_egress_build(). ok claudio@
2015-07-18INET/INET6 address family check should be unified in PFsashan
it also adds af_unhandled(), where it is currently missing. ok mcbride@
2015-07-18Packets that make it to ether_input that have M_VLANTAG set must be dropped.Claudio Jeker
vlan(4) clears M_VLANTAG when a tag matches but if the tag is still there it means that the vlan is not configured on the interface. Found with mpi@ and rzalamena@ while discussing various vlan troubles.
2015-07-18On systems with a full routing table (550k+), we often want to be able toPeter Hessler
look at the routes with a priority, or to display all routes that do not have a specific priority (normally, don't show bgp). OK mpi@ benno@ previous versions OK deraadt@ sthen@
2015-07-17Drop promiscuously received packets if the trunk(4) interface is notMartin Pieuchot
in promiscuous mode. The long story is that claudio@ had his ssh session reset multiple times in the hackroom because czarkoff@'s machine was sending reset. We figured out that the packet was reaching pf because of this missing check. pf would then not find any state and sent a reset. Analyzed with and ok phessler@, claudio@
2015-07-17remove obsolete INET kernel optionTed Unangst
2015-07-17Fix MPLS routing when receiving packet with multiple labels.rzalamena
ok claudio@, phessler@, mpi@
2015-07-17sa_family_t should not be confused with u_int8_tsashan
ok deraadt@, ok floarian@
2015-07-17fix the indentation of a block of code, no binary changeJonathan Gray
ok mikeb@ some time ago
2015-07-17manage spd entries by using the radix api directly instead ofBret Lambert
reaching around through the routing table original diff by myself, much improved by mikeb@ and mpi@ ok and testing mikeb@ mpi@
2015-07-17Pass the correct argument to bstp_notify_rtage().Martin Pieuchot
Problem found and fix provided by Ryota Ozaki, thanks! ok deraadt@, yasuoka@
2015-07-17Explicitly do EtherIP encapsulation in bridge_ifenqueue().Martin Pieuchot
The way gif(4) and bridge(4) are plugged together is disgusting but at least this makes the layer violation obvious. Fix a regression introduced by the M_PROTO1 loop prevention cleaning because gif(4) was abusing this flag to figure out if the packet was coming from a bridge(4). Thanks to goda@ for finding this! ok goda@, claudio@
2015-07-16Keep private definitions private.Martin Pieuchot
2015-07-16Kill IP_ROUTETOETHER.Martin Pieuchot
This pseudo-option is a hack to support return-rst on bridge(4). It passes Ethernet information via a "struct route" through ip_output(). "struct route" is slowly dying... ok claudio@, benno@
2015-07-16add missing malloc checkFlorian Obser
OK benno@
2015-07-16Fix rn_match and there for the expoerted lookup functions in radix.cClaudio Jeker
to never return the internal RNF_ROOT nodes. This removes the checks in the callee to verify that not an RNF_ROOT node was returned. OK mpi@
2015-07-16Expand ancient NTOHL/NTOHS/HTONS/HTONL macros.Martin Pieuchot
ok guenther@, henning@
2015-07-16Properly layer Router Solicitation code.Martin Pieuchot
Tweak and ok florian@
2015-07-15m_freem() can handle NULL, do not check for this condition beforehands.Theo de Raadt
ok stsp mpi
2015-07-08Linking the local socket to pf states went wrong when IPsec wasAlexander Bluhm
involved. For outgoing packets the IPsec layer did not clear the sending socket from the mbuf when the address changed. This resulted in strange state match and create behavior in pf. So clear the pf statekey and inp in the packet header for both directions when the address changes. Mark Patruck reported the bug, identified my problematic commit and tested the fix. OK mikeb@
2015-07-08Use a new RTF_CONNECTED flag for interface (connected) routes.Martin Pieuchot
Recent changes to support multiple interface routes broke the assumption made by all our userland routing daemons concerning interface routes. Historically such routes had a "gateway" sockaddr of type AF_LINK. But to be able to support multiple interface routes as any other multipath routes, they now have a unique "gateway" sockaddr containing their corresponding IP address. This self-describing flag should avoid ambiguity when dealing with interface routes. Issue reported by <mxb AT alumni DOT chalmers DOT se> and benno@ ok claudio@, benno@
2015-07-08RTF_LOCAL and RTF_BROADCAST must not be settable by userland.Martin Pieuchot
Note that current code is safe because an explicit check exists in route_output(). Pointed out by claudio@ while reviewing another diff.
2015-07-08MFREE(9) is dead, long live m_freem(9)!Martin Pieuchot
ok bluhm@, claudio@, dlg@
2015-07-07Do not return internal nodes to the upper layer in rn_lookup().Martin Pieuchot
The limit between the radix layer and the route layer is somewhat vague, if it exists at all. This changes prevent rtrequest1(9) to find and delete the root node (RNF_ROOT) when trying to delete a non-existing default route: # route delete 0.0.0.0 delete host 0.0.0.0 # route delete 0.0.0.0 route: writing to routing socket: No such process delete host 0.0.0.0: not in table Historically rn_delete() was a no-op when called with an internal node as argument. But there's no reason to manipulate such node. In a better world rn_match() would contain such check, but let's change the perfect-match function for the moment as this fixes a bug and many dragons are lurking in there. Fix a regression introduced by the big refactoring of r1.40 and reported by tobias@. ok tobias@, claudio@, pelikan@
2015-07-02most of the destinations for mbufs in ether_input are mpsafe except forDavid Gwynne
pipex and bridge. this puts KERNEL_LOCK/KERNEL_UNLOCK around the pipex chunk till we can give it some mp love. ok yasuoka@ mpi@