| Age | Commit message (Collapse) | Author |
|---|
|
when the number of the hash entries reaches 75% of the table size.
ok dlg henning, 'commit in' claudio
|
|
system.
Yes, this is ugly for the moment because OpenBSD prevents you from
binding a tcp socket to broadcast address and checking for a broadcast
address is... funny! If you've ever wondered why would lead people to
write:
ina.s_addr != ia->ia_addr.sin_addr.s_addr
instead of:
ina.s_addr == ia->ia_broadaddr.sin_addr.s_addr
Well this is because all the IPv4 addresses belonging to your lo(4)
interfaces match the second idiom. Hopefully we'll get rid of this
hack soon.
ok jca@, mikeb@
|
|
source address selection logic.
These hacks were only relevant for the NFS diskless boot code in order to
pick the local broadcast address of the only configured interface. So, be
explicit and set this address directly.
Tested by florian@, ok henning@, beck@, chrisz@
|
|
error code and pass the resulting source address back to the caller
through a pointer, as suggested by chrisz. This gives us more readable
code, and eases the deletion of useless checks in the callers' error path.
Add a bunch of "0 -> NULL" conversions, while here.
ok chrisz@ mpi@
|
|
IP_SENDSRCADDR support. This reduces the differences with the
IPv6 version and kill some comments that are no longer true.
ok jca@, chrisz@, mikeb@
|
|
localhost connections.
The plan is to always use the routing table for addresses and routes
resolutions, so there is no future for an option that wants to bypass
it. This option has never been implemented for IPv6 anyway, so let's
just remove the IPv4 bits that you weren't aware of.
Tested a least by lteo@, guenther@ and chrisz@, ok mikeb@, benno@
|
|
for later reuse in udp_output().
"Apart from that OK" claudio@
|
|
Make sure that in_pcbbind() is called from in_pcbconnect() by KASSERTing that
local port == 0 implies an unspecified local address.
OK claudio@
|
|
for localhost connections. discussed with deraadt@
|
|
use the routing table there's no future for an option that wants to
bypass it. This option has never been implemented for IPv6 anyway,
so let's just remove the IPv4 bits that you weren't aware of.
Tested by florian@, man pages inputs from jmc@, ok benno@
|
|
to a socket. When the application removed the socket, the pf state
would persist. A new connection did not hit the divert rule as the
state still grabed the packet. The solution is to unlink the
associated divert state when the socket gets destroyed. This is
possible as both are linked together and a divert state without
socket does not make sense.
OK mikeb@
|
|
in the base. Ports fixes to follow shortly for the two ports (gkrellm
and net-snmp) affected.
ok zhuk@ millert@
|
|
stack (factoid: by a bunch of people in my living room), some compatibility
#define's were created to shim incompatible inpcb access methods. There
was an understanding they would eventually be removed. Since they are
error prone, and 1999 is a long time ago, now they die.
ok mikeb claudio mpi
|
|
While there fix some white space errors. No functional change.
OK claudio@ phessler@
|
|
Still some important missing pieces, and this is not yet enabled.
OK bluhm@
|
|
macro. No binary change.
OK mpi@
|
|
created a bunch of useless dependencies. Remove this implicit
inclusion and do an explicit #include <netinet6/in6_var.h> when it
is needed.
OK mpi@ henning@
|
|
ok bluhm@, henning@
|
|
splsoftassert(IPL_SOFTNET) at the start of in_pcbdetach().
From David Hill
|
|
allow the assingment of &sa6_any. But rip6_ctlinput() could not
guarantee that as it casted away the const attribute when it passes
the pointer to in6_pcbnotify(). Replace sockaddr with const
sockaddr_in6 in the in6_pcbnotify() parameters. This reduces the
number of casts. Also adjust in6_pcbhashlookup() to handle the
const attribute correctly.
Input and OK claudio@
|
|
ok mikeb@, markus@
|
|
instead of 0 for pointers. No binary change.
OK mpi@
|
|
three different ways. Use the same code in udp_usrreq() and
rip_usrreq() and rip6_usrreq(). This also fixes a pcb and socket
leak in udp_usrreq() in case soreserve() fails. Put an splsoftassert()
into in_pcballoc() for safety.
OK mpi@
|
|
avoid ugly casts.
OK krw@ tedu@
|
|
ok millert@, haesbaert@, bluhm@
|
|
ifatoia6 macros do not check the source type. They just cast
anything. Remove needless casts and do not use those macros if the
source type does not match. Remove duplicate defines.
No binary change. OK kettenis@ krw@
|
|
No functional change.
OK millert@
|
|
case). On our platforms, sizeof(struct sockaddr) matches sizeof(struct
sockaddr_in) so this hasn't caused problems but it is still incorrect.
From Anthony Low. OK martynas@ bluhm@
|
|
pointer. Allows stricter type checking. No functional change.
OK claudio@
|
|
with the latter
no change in md5 checksum of generated files
ok claudio@ henning@
|
|
since it may already been gone. Fixes panic seen by stsp@ when unplugging
a used USB interface. Tested and OK stsp@
|
|
While there make sure we do the lookup in the correct routing table.
OK mikeb, henning and phessler
|
|
ok mikeb@
|
|
the issue in our kernel was the broadcast address calculated on the /31
caused a ton of checks for use of broadcast addresses to kick in and
prevent one of the two addresses on the /31 from being used.
this diff basically detects if a /31 has been configured and doesnt
configure a broadcast address for it, which makes the ips usable
for normal traffic.
i wrote this so i could interoperate with "carrier" network gear
better, and sthen wants it so he can conserve address space use.
the further special casing of broadcast address handling was from claudio@
ok claudio@ markus@ sthen@ henning@
|
|
ok claudio@
|
|
The functions were 95% identical anyway. While there use struct pf_addr
in struct pf_divert instead of some union which is the same.
OK bluhm@ mcbride@ and most probably henning@ as well
|
|
specify the outgoing interface with a multicast option up. Doing
this before the route lookup allows multicast traffic to work even
when the default 224/4 reject route is installed. Raw IP and IPv6
already had this behaviour.
Based on work by Christiano F. Haesbaert. OK sthen@
|
|
at least krw@, pirofti@ and todd@ have been seeing panics (todd and krw
with xxxterm not sure about pirofti) involving pool corruption while
using this commit.
krw and todd confirm that this backout fixes the problem.
ok blambert@ krw@, todd@ henning@ and kettenis@
Double link between pf states and sockets. Henning has
already implemented half of it. The additional part is: -
The pf state lookup for outgoing packets is optimized by
using mbuf->inp->state.
- For incomming tcp, udp, raw, raw6 packets the socket
lookup always is optimized by using mbuf->state->inp.
- All protocols establish the link for incomming packets.
- All protocols set the inp in the mbuf for outgoing packets.
This allows the linkage beginning with the first packet
for outgoing connections.
- In case of divert states, delete the state when the socket
closes. Otherwise new connections could match on old
states instead of being diverted to the listen socket.
ok henning@
|
|
This fixes the problem of binding sockets to broadcast IPs in other
rdomains.
OK henning@
|
|
These sockets will only see broadcast sent to that particular address.
Some applications like samba use this feature.
Problem found and initial version by sthen@, OK sthen@, henning@
|
|
implemented half of it. The additional part is:
- The pf state lookup for outgoing packets is optimized by using
mbuf->inp->state.
- For incomming tcp, udp, raw, raw6 packets the socket lookup always
is optimized by using mbuf->state->inp.
- All protocols establish the link for incomming packets.
- All protocols set the inp in the mbuf for outgoing packets.
This allows the linkage beginning with the first packet for
outgoing connections.
- In case of divert states, delete the state when the socket closes.
Otherwise new connections could match on old states instead of
being diverted to the listen socket.
ok henning@
|
|
confusing because both addresses and broadcast addresses are put
into the tree.
there are two types of local address lookup. the first is when the
socket layer wants a local address, the second is in ip_input when
the kernel is figuring out the packet is for it to process or
forward.
ip_input considers local addresses and broadcast addresses as local,
however, the handling of broadcast addresses is different depending
on whether ip_directedbcast is set. if if ip_directbcast is unset
then a packet coming in on any interface to any of the systems
broadcast addresses is considered local, otherwise the broadcast
packet must exist on the interface it was received on.
the code also needs to consider classful broadcast addresses so we
can continue some legacy applications (eg, netbooting old sparcs
that use rarp and bootparam requests to classful broadcast addresses
as per PR6382). this diff maintains that support, but restricts it
to packets that are broadcast on the link layer (eg, ethernet
broadcasted packets), and it only looks up addresses on the local
interface. we now only support classful broadcast addresses on local
interfaces to avoid weird side effects with packets routed to us.
the ip4 socket layer does lookups for local addresses with a wrapper
around the global address tree that rejects matches against broadcast
addresses. we now no longer support bind sockets to broadcast
addresses, no matter what the value of ip_directedbcast is.
ok henning@
testing (and possibly ok) claudio@
|
|
There is a massive issue with broadcast addrs because ifa_ifwithaddr()
handles them differently then in_iawithaddr().
|
|
the latter is now much faster and the former becomes a wrapper + compat hacks
around the latter in a bit.
ok dlg sthen and "ah hai" from various in various bars here
|
|
and make it possible to bind sockets (including listening sockets!)
to rtables and not just rdomains. This changes the name of the
system calls, socket option, and ioctl. After building with this
you should remove the files /usr/share/man/cat2/[gs]etrdomain.0.
Since this removes the existing [gs]etrdomain() system calls, the
libc major is bumped.
Written by claudio@, criticized^Wcritiqued by me
|
|
accept flags for report and nocloning. Move the rtableid into struct route
(with a minor twist for now) and make a few more codepathes rdomain aware.
Appart from the pf.c and route.c bits the diff is mostly mechanical.
More to come...
OK michele, henning
|
|
With input from oga@ and krw@
ok oga@ krw@ thib@ markus@ mk@
|
|
so put it in struct process instead of struct proc. While at it,
move the p_emul member inside struct proc so that it gets copied
automatically instead of requiring manual assignment.
ok deraadt@
|
|
catch the libc major bump per request from deraadt@
Diff by reyk.
ok guenther@
|
|
needed so that the route and inp lookups done in TCP and UDP know where
to look. Additionally in_pcbnotifyall() and tcp_respond() got a rdomain
argument as well for similar reasons. With this tcp seems to be now
fully rdomain save and no longer leaks single packets into the main domain.
Looks good markus@, henning@
|
