Age | Commit message (Collapse) | Author |
|
It is now possible to enable multicast routing in the kernel with
the sysctl option net.inet.ip.mforwarding=1
Based on intial work by msf@
help claudio@
ok claudio@ deraadt@
|
|
|
|
on the local network support them.
This adds a new socket option, SO_JUMBO, and a new route flag,
RTF_JUMBO. If _both_ the socket option is set and the route for the host
has RTF_JUMBO set, ip_output will fragment the packet to the largest
possible size for the link, ignoring the card's MTU.
The semantics of this feature will be evolving rapidly; talk to us
if you intend to use it.
ok deraadt@ marius@
|
|
ok henning
|
|
Information: http://netweb.usc.edu/pim/
From Pavlin Radoslavov <pavlin@icir.org>
ok deraadt@ brad@
|
|
- sync ip_mroute.c with NetBSD
- import some FreeBSD changes to MFC entry handling
- set im->im_vif correctly when sending IGMPMSG_WRONGVIF
- increment mrtstat.mrts_upcalls correctly
- return error from get_sg_cnt() if there is no matching forwarding entry
ok henning@ brad@ naddy@
|
|
their *source* IP address in addition to their destination address.
routing table "destination" now contains a "struct sockaddr_rtin"
for IPv4 instead of a "struct sockaddr_in".
the routing socket has been extended in a backward-compatible way.
todo: PMTU enhancements, IPv6. ok deraadt@ mcbride@
|
|
|
|
IPPROTO_PFSYNC -> 240
INADDR_PFSYNC_GROUP -> 224.0.0.240
ok deraadt@
|
|
Implemented as an in-kernel multicast IP protocol.
Turn it on like this:
# ifconfig pfsync0 up syncif fxp0
There is not yet any authentication on this protocol, so the syncif
must be on a trusted network. ie, a crossover cable between the two
firewalls.
NOTABLE CHANGES:
- A new index based on a unique (creatorid, stateid) tuple has been
added to the state tree.
- Updates now appear on the pfsync(4) interface; multiple updates may
be compressed into a single update.
- Applications which use bpf on pfsync(4) will need modification;
packets on pfsync no longer contains regular pf_state structs,
but pfsync_state structs which contain no pointers.
Much more to come.
ok deraadt@
|
|
Allows multiple hosts to share an IP address, providing high availability
and load balancing.
Based on code by mickey@, with additional help from markus@
and Marco_Pfatschbacher@genua.de
ok deraadt@
|
|
rescinded 22 July 1999. Proofed by myself and Theo.
|
|
|
|
patch based on parts from NetBSD submitted by goeran@cdg.chalmers.se
|
|
|
|
|
|
|
|
|
|
TCP/UDP HW checksumming if doing IP fragmentation. From NetBSD
|
|
|
|
|
|
|
|
|
|
|
|
okay art@ miod@
|
|
|
|
|
|
flag delayed to ip_output(). That halves the code and reduces most of
the route lookups. okay deraadt@
|
|
in some place sizeof(u_char), and in some place sizeof(int) were used.
previous code can cause problem in big endian machines.
now it always uses "int" (isakmpd uses int, so it should be okay)
set m_len properly on mcdonald-simple-ipsec-api getsockopt.
|
|
enforce type checking on IN6_ARE_ADDR_EQUAL.
|
|
be included.
neitnet6/{ip6,icmp6}.h includes #error statements only - i'll remove them
couple of days later.
|
|
on, which will be happy for the future. bindresvport_sa() for sockaddr *, too. docs later..
|
|
affected by net.inet.ipip.allow (the sysctl formerly known as
net.inet.ip4.allow), rename the VIF ipip_input to ipip_mroute_input.
|
|
|
|
|
|
net.inet.ip; perhaps they should be moved under net.inet.ipsec or some
such.
|
|
amount of time embryonic SAs will be kept before they have to be
initialized by key management (this only affects automated key
management).
|
|
follow-up commit).
|
|
|
|
|
|
|
|
|
|
replaces NRL IPv6 layer. reuses NRL pcb layer. no IPsec-on-v6 support.
see sys/netinet6/{TODO,IMPLEMENTATION} for more details.
GENERIC configuration should work fine as before. GENERIC.v6 works fine
as well, but you'll need KAME userland tools to play with IPv6 (will be
bringed into soon).
|
|
|
|
|
|
If you are going to use either of AH or ESP or both, enable these in
/etc/sysctl.conf. Also correct the IPSec debugging sysctl code, it is now
named net.inet.ip.encdebug. Some corrected function signatures too.
|
|
support, when IPSEC is compiled in. The default is disabled. Turn on with:
sysctl -w net.inet.ip4.allow=1
***Only*** do this if you are really knowing what you do!
This control does not control the tunnel modes of ESP and AH.
|
|
SA to be used, use this SA in ip_output if available. allow mobile road
warriors for bind SAs with wildcard dst and src addresses. check IPSEC
AUTH and ESP level when receiving packets, drop them if protection is
insufficient. add stats to show dropped packets because of insufficient
IPSEC protection. -- phew. this was all done in canada. dugsong and linh
provided the ride and company.
|
|
Let's not encourage the use of an obsolete convention.
|
|
a few extras that are just plain useful. Note that I used u_intxx_t instead of
the POSIX p1003.1g uintxx_t that those specs mandate, so as to not increase the
number of outside symbol definitions that in.h depends on.
|