| Age | Commit message (Collapse) | Author |
|---|
|
is really needed, instead of an ethernet header and selector.
ok mikeb henning mpf
|
|
to a radix_node struct.
The radix tree pushdown continues.
ok claudio@
|
|
in my tree for a while and I forgot what exactly triggered it, but in one
way or another this comes from the netbsd camp
ok benno mpf
|
|
figured out by and ok guenther
|
|
to connect to the carp address when the carpdev interface has
an ip address too in the non-default rdomain.
ok claudio
|
|
the advskew as the master down timeout.
OK henning.
|
|
1.175.
ok henning mpf
|
|
in the v6 input path. IP6_EXTHDR_GET() internally uses m_pulldown(),
which might return a pointer to a different mbuf in the chain.
In this case, carp_cksum() will be called with the wrong mbuf.
This fixes occasional checksum mismatches.
Problem found and initial fix by stsp@
OK stsp@
|
|
This lets carp delete IFF_PROMISC on its carpdev upon destroy.
Fix from Stefan Rinkes.
OK sthen, bluhm, deraadt.
|
|
mkay? ok ryan
|
|
that are not up. OK henning.
|
|
with advertisement intervals of less than a second.
This is needed in setups where takover times < 3s are needed.
Don't use this unless you really need it. Running with
too agressive timeouts might lead to false positive
takeovers.
OK mcbride, claudio.
|
|
OK claudio@
|
|
a special meaning and should only be set if the link state is not known
because it is considered as being up. Use LINK_STATE_INVALID instead.
OK mpf@ mcbride@ henning@
|
|
essentially identical; the only difference being that m_pullup2 is
capable of handling mbuf clusters, but called m_pullup for shorter
lengths (!).
testing dlg@ ok claudio@
|
|
The address hook was only registered for v4 addresses.
We now call hook_establish at interface creation time.
The hook is now disestablished upon interface destroy,
which plugs a tiny memleak.
While there remove redundancy in carp_set_addr6 and sync
it with carp_set_addr.
Bug noticed by todd@. OK sthen, mikeb (on an earlier version)
OK and some hints by camield@
|
|
and broadcast packets will be caught too; also we need to increment
the incoming packet counter as reminded by claudio. ok claudio mpf
|
|
Updating the HMAC from the carp_ioctl call does not see the newly
set IP address in the if_addrlist. The only chance for carp to see
the new address is via the address-hook callback. This change moves
the detection of address changes entirely into carp_addr_updated.
Furthermore, only call carp_hmac_prepare for the SIOCSVH case. This
second bug was the reason why the first one went unnoticed for such
a long time.
Problem found and debugging help by camield@.
OK camield@
|
|
With and OK phessler@
|
|
ok mcbide@ claudio@ henning@
|
|
be more explicit and force it in dst.
OK deraadt@, mcbride@
|
|
family checks before calling ifatoia/ifatoia6.
ok deraadt@, dlg@, mcbride@
|
|
timingsafe_bcmp().
ok deraadt@; committed over WPA.
|
|
removed. Extend carp demote logging to also show the reason for
the demote. Return EINVAL instead of ERANGE if a carpdemote request
is out range. Requested from otto.
OK mcbride, henning.
|
|
that router vendor doesn't default to classful routing any more, and there
really is no point in having a classful netmask and a subnetmask to split
it. we still do classful guesses on the netmask if it isn't supplied by
userland, but that's about it.
i decided to keep ia_netmask and kill ia_subnetmask which makes this diff
bigish, the classful ia_netmask wasn't really used all that much. the real
changes are in in.c, the rest is mostly s/ia_subnetmask/ia_netmask.
ok claudio dlg ryan
|
|
The demote counter can handle that.
This lets carp hosts with an identical demote count still know which
one is the designated master and prevents them from failing over
asymmetrically.
Since there is a demote handling bug in all releases prior to 4.6,
symmetric failover will only work against 4.6 (and newer) from now on.
OK henning@
|
|
From Gleydson Soares, OK beck@
|
|
E.g. give up the MASTER status if there's a host with a lower
demote count, even if it has a higher advskew.
At the moment this shouldn't cause any change, but this is a
first step towards the removal of the
"bump the advskew to 240 in case of errors" hack,
without breaking backward compatibility.
OK henning@
|
|
alternate routing table and separate them from other interfaces in distinct
routing tables. The same network can now be used in any doamin at the same
time without causing conflicts.
This diff is mostly mechanical and adds the necessary rdomain checks accross
net and netinet. L2 and IPv4 are mostly covered still missing pf and IPv6.
input and tested by jsg@, phessler@ and reyk@. "put it in" deraadt@
|
|
no carpdev configured.
I don't see how we can run into this at all, but let's
leave this test for a a little extra safety.
OK henning@
|
|
gets bigger than 255. OK henning@
|
|
even the unicast address of the remote carp peer. this especially
helps when the multicast carp advertisements are causing problems in
the network (some crappy switches don't do well with multicast), there
are conflicts with VRRP, or the policy of the network does not allow
multicast (most Internet eXchange points didn't allow carped OpenBGP
routers because of the multicast advertisements).
discussed with many
ok mpf@
|
|
Reduces the amount of dmesg noise.
Tested and OK mcbride@
|
|
ok deraadt@
|
|
and the one route with the lowest number wins. This will be used by the
routing daemons to resolve the synchronisations issue in case of conflicts.
The nasty bits of this are in the multipath code. If no priority is specified
the kernel will choose an appropriate priority.
Looked at by a few people at n2k8 code is much older
|
|
simple on/off, allowing more control over how verbose the logging is.
This also allows you to do a further level of filtering in syslog.conf
if you need to.
Also add logging of state changes, inspired by diff provided by
Brian A. Seklecki in PR 5513. These messages are logged by default.
ok henning mpf deraadt
|
|
OK mcbride@, mickey@
|
|
Instead of using the same IP on multiple interfaces, carp has to be
configured with the new "carpnodes" and "balancing" options.
# ifconfig carp0 carpnodes 1:0,2:100,3:100 balancing ip carpdev sis0 192.168.5.50
Please note, that this is a flag day for anyone using carp balancing.
You'll need to adjust your configuration accordingly.
Addititionally this diff adds IPv6 NDP balancing support.
Tested and OK mcbride@, reyk@.
Manpage help by jmc@.
|
|
ok claudio@ krw@ dlg@
|
|
provide netstat(1) with data it needs; ok claudio reyk
|
|
IPv4 interface address similar to arp_ifinit(). The main difference is
that we do not send out a gracious arp as the carp(4) is not ready to send
at that moment. This will make backup interface show up like the master ones.
OK mpf@ earlier version OK henning@ mcbride@
|
|
ok mpf@ henning@
|
|
so the resulting messages have ifindex set and the routing daemons can
correctly indentify that route as connected. ok mcbride
|
|
that is kept in a list per carp interface. This is the huge first
step necessary to make carp load balancing nice and easy. One carp
interface can now contain up to 32 virtual host instances.
This doesn't do anything useful yet, but here is how an ifconfig
for multiple entries now looks like:
# ifconfig carp2 carpnodes 5:0,6:100 192.168.5.88
carp2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:05
carp: carpdev sis0 advbase 1
state MASTER vhid 5 advskew 0
state BACKUP vhid 6 advskew 100
groups: carp
inet 192.168.5.88 netmask 0xffffff00 broadcast 192.168.5.255
OK mcbride@
|
|
ok deraadt@ dlg@ henric@ mcbride@
|
|
ok krw@
|
|
It is unlikely we will ever get a working replay protection,
so better keep it simple and robust.
The cookie allows us to detect our own advertisements,
thus it is now easy to deal with network loops and
non-simplex interfaces.
Zero feedback by the people who wanted this fixed.
OK henning@, markus@
|
|
The multicast code is still a mess but will no longer crash the box.
With input from pascoe@ who hit the same bug.
OK markus@, henning@, mpf@ (on a previous version)
|
|
one entry for each multicast group and interface combination). this allows
you to run OSPF with more than 10 interfaces.
adapted from freebsd; ok claudio, henning, mpf
|
|
quite a while ago. Manpage and comment update by Matthew Dempsky.
OK jmc@
|
