| Age | Commit message (Collapse) | Author |
|---|
|
making RTM_INVALIDATE code path perform same check as RTM_DELETE does.
ok mpi@
|
|
ok cheloha@, visa@
|
|
ok dlg@, sthen@, millert@
|
|
set. These mpls routes use the rt_llinfo structure to store the MPLS label
and would confuse the arp and nd6 code.
OK bluhm@ anton@
Reported-by: syzbot+927e93a362f3ae33dd9c@syzkaller.appspotmail.com
|
|
then 1/8 of net.inet.ip.arptimeout the system will send out a arp request
about every 30 seconds until either the entry is updated or expired.
Not refreshing arp entries will result in packet drop every time a entry
expires which is not ideal for important gateway entries.
Came up with this after a discussion with deraadt@. OK benno@ deraadt@
|
|
the function is doing the same initialisation as arprequest().
OK bluhm@
|
|
ok visa@, tb@
|
|
the mbuf packet header. Otherwise, stale mbuf state related to the
ARP request packet might affect the fate of the ARP reply packet.
For example, I observed that for an ARP request to a carp IP, where the
underlying carpdev interface is part of a bridge, ARP replies were always
sent out on the carpdev interface, even if the corresponding ARP request
was received not on the carpdev but on a different bridge member interface.
This happened because the M_PROTO1 mbuf flag was set on the ARP request mbuf
when it left the bridge towards carp, and was still set on the ARP reply,
which reused the same mbuf, sent back towards the bridge. The bridge's loop
detection saw the M_PROTO1 flag and prevented the ARP reply from entering
the bridge, so the reply was instead sent out directly on the carpdev...
ok bluhm@ mpi@
|
|
continuous. The length of the hardware and protocol address are
provided in the network packet and have to be checked first. So
enforce that we only deal with internet over ethernet arp headers
with the address length filled correctly.
found by Maxime Villard; OK claudio@
|
|
of IFF* flags.
inputs from jmc@, ok bluhm@, visa@
|
|
ARP or ND timeout could delete local routes. Put an assert into
arptfree() and nd6_free() so this cannot happen again.
OK mpi@
|
|
Tested by Hrvoje Popovski, ok bluhm@
|
|
Prompted by a bugreport by naddy that IPv6 autoconfiguration is broken
in the installer.
OK mpi, "go for it" deraadt
|
|
rtdeletemsg().
ok bluhm@
|
|
them all in net/rtsock.c.
This allows to easily spot which functions are doing a copyout(9)
when dealing with the routing midlayer.
ok phessler@, bluhm@, dhill@, krw@, claudio@
|
|
of the network stack that are not yet ready to be executed in parallel or
where new sleeping points are not possible.
This first pass replace all the entry points leading to ip_output(). This
is done to not introduce new sleeping points when trying to acquire ART's
write lock, needed when a new L2 entry is created via the RT_RESOLVE.
Inputs from and ok bluhm@, ok dlg@
|
|
ok dlg@, jmatthew@
|
|
context.
Convert them to timeout_set_proc(9).
|
|
the ioff argument to pool_init() is unused and has been for many
years, so this replaces it with an ipl argument. because the ipl
will be set on init we no longer need pool_setipl.
most of these changes have been done with coccinelle using the spatch
below. cocci sucks at formatting code though, so i fixed that by hand.
the manpage and subr_pool.c bits i did myself.
ok tedu@ jmatthew@
@ipl@
expression pp;
expression ipl;
expression s, a, o, f, m, p;
@@
-pool_init(pp, s, a, o, f, m, p);
-pool_setipl(pp, ipl);
+pool_init(pp, s, a, ipl, f, m, p);
|
|
reference count.
rtable_iterate() frees the passed ``rt'' and returns the next one on the
multipath list or NULL if there's none.
ok dlg@
|
|
thank you to everyone who helped reviewed these diffs
ok mpi@
|
|
This means that no protection is needed to guarantee that the next hop
route wont be modified by CPU1 while CPU0 is dereferencing it in a L2
resolution functions.
While here also fix an ``ifa'' leak resulting in RTF_GATEWAY being always
invalid.
dlg@ likes it, inputs and ok bluhm@
|
|
removed from the table.
Currently the storage for L2 addresses is freed when an entry is
removed from the table. That means that we cannot access this
chunk of memory between RTM_DELETE and rtfree(9).
Note that this doesn't apply to MPLS because the associated storage
is currently released by the last rtfree(9).
ok mikeb@
|
|
triggered by updating a cached, but removed from the table, entry is
properly fixed.
Diff from dlg@, prodding deraadt@
|
|
instead of abusing RTF_CLONING.
Fix a leak reporeted by Aaron Riekenberg on misc@, ok sthen@
|
|
Being able to add route entries without configured addresses is a nice
feature but this is not my fight. So I'd rather no add another pointer
to ``struct rtentry'' if I'm not removing another one.
|
|
entries) and net.inet.ip.arpdown (expire timer for unresolved entries)
ok mpi@
|
|
memory.
This will allow to unlink 'sruct rtentry' and 'struct ifaddr' to be able
to add route entries without needing an address.
ok sthen@, visa@, florian@
|
|
to ifconfig.
"llprio" allows one to set the priority of packets that do not go through
pf(4), as the case is for arp(4) or bpf(4).
ok sthen@ mikeb@
|
|
ok florian@, dlg@
|
|
It was only checked in balancing mode, which is currently broken, and is
no longer needed.
Discusssed with bluhm@ and Florian Riehm.
|
|
time_second is unix time so it can be affected by clock changes.
time_uptime is monotonic so it isnt affected by clock changes. that
in turn means route expiries wont jump with clock changes if set
against time_uptime.
the expiry is translated into unix time for export to userland though.
ok mpi@
|
|
Callers MUST do a route lookup before sending a packet.
Tested by Hrvoje Popovski, ok visa@, bluhm@
|
|
one.
|
|
|
|
routines are call directly by ether_input().
ok visa@, dlg@
|
|
ok visa@
|
|
Since the rtalloc(9) rewrite no route lookup is done in this function so
there's no need for a destination or a rtable ID.
|
|
Since mpath is not enabled in RAMDISK, proxy ARP won't work there either.
ok bluhm@
|
|
ok bluhm@
|
|
This restore the previous behavior without looking at the reference
counter of route entries.
Static entries might not have a cloning route to re-create them and
when their timer expires they were completly gone as found the hardway
by matthieu@.
ok matthieu@
|
|
we can get the same info from the arp pool:
# vmstat -m | grep -e ^arp -e ^Name
Name Size Requests Fail InUse Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 56 84 0 6 1 0 1 1 0 8 0
Requests and InUse end up being the same:
# pstat -d d arp_allocated
arp_allocated at 0xffffffff81942084: 84
# pstat -d d arp_inuse
arp_inuse at 0xffffffff81942098: 6
ok bluhm@ claudio@ mpi@
|
|
when an ARP resolution has been done.
Should hopefully fix the "receive 1" panic reported by benno@ on bugs@.
ok claudio@, phessler@, benno@, bluhm@
|
|
Packets of types ARP and REVARP are now processed in the softnet task,
directly from ether_input() and without holding the KERNEL_LOCK.
Tested by many, ok dlg@
|
|
ok mpi
|
|
required to do the if_get/if_put dance around the log() calls. These
were the last users of rt_ifp.
OK mpi@ bluhm@
|
|
arp packet was recieved on the interface we expected. This is because
multicast and broadcast packets are sometimes forwarded on multiple
local interfaces. So simplify the checks and make them more generic
at the same time (in the SIN_PROXY case). For SIN_PROXY only the
interface holding the proxy arp route will answer to the requests.
OK mpi@
|
|
be the same as ifp or something is very broken. So remove this including
one more rt_ifp. OK mpi@
|
|
are not used anymore. This has to be done before any interface
fields become invalid.
As the route delete request cannot call if_get() anymore, pass down
the interface. Split rtrequest_delete() into a separate function
that may take an existing inteface.
OK mpi@
|
|
for failed route lookups. This is something that was maybe useful in the
90is but in this modern times it is just annoying and nothing expect it
anyway. OK mpi@, sthen@
|
