| Age | Commit message (Collapse) | Author |
|---|
|
provide netstat(1) with data it needs; ok claudio reyk
|
|
change netstat to use them instead of accessing kvm for it. more
protocols will be added later.
discussed with deraadt@ claudio@ gilles@
ok deraadt@
|
|
ok krw@
|
|
and is actually wrong in some cases, since we can enter
functions without taking the lock because the return value
of ipq_lock() isn't checked properly.
However, this needs to be revisited when we start calling
ip_drain() from the pool code when we are running out of
memory, but this isn't done currently.
OK art@, henning@
|
|
MGET* macros were changed to function calls, there wasn't any
need for the pool declarations and the inclusion of pool.h
From: tbert <bret.lambert@gmail.com>
|
|
found by itojun
|
|
boring details:
skip looking for ipsec tags and descending into ip_spd_lookup if there
are no ipsec flows, except in one case in ip_output (spotted by markus)
where we have to if we have a pcb. ip_spd_lookup has the shortcut already,
but there is enough work done before so that skipping that gains us about
5%. ok theo, markus
|
|
boring details:
pf used to use an mbuf tag to keep track of route-to etc, altq, tags,
routing table IDs, packets redirected to localhost etc. so each and every
packet going through pf got an mbuf tag. mbuf tags use malloc'd memory,
and that is knda slow.
instead, stuff the information into the mbuf header directly.
bridging soekris with just "pass" as ruleset went from 29 MBit/s to
58 MBit/s with that (before ryan's randomness fix, now it is even betterer)
thanks to chris for the test setup!
ok ryan ryan ckuethe reyk
|
|
|
|
This provides a similar functionality as ARP balancing,
but also works for traffic that comes across routers.
IPv6 is supported as well.
The configuration scheme will change as soon we have sth better.
Also add support for changing the MAC address on carp(4)
interfaces. (code from mcbride)
Tested by pyr@ and reyk@
OK mcbride@
|
|
splnet/IF_DEQUEUE/splx; ok various people
|
|
hook up looking up routes in alternate tables to the packet forwarding path.
alternate routing tables are mintained with route(8), table selection via pf.
mostly hacked on a train ride with ryan some time ago, ok mcbride claudio
|
|
when set on raw or udp sockets, userland receives the incoming packet's TTL
as ancillary data (cmsg shitz). modeled after the FreeBSD implementation.
ok claudio djm deraadt
|
|
|
|
To minimise path disruptions, this implements recommendations made in RFC2992 -
the hash-threshold mechanism to select paths based on source/destination IP
address pairs, and inserts multipath routes in the middle of the route table.
To enable multipath distribution, use:
sysctl net.inet.ip.multipath=1
and/or:
sysctl net.inet6.ip6.multipath=1
testing norby@
ok claudio@ henning@ hshoexer@
|
|
parameter so they can work on alternate tables. table 0 hardcoded for
many callers yet, that will be adapted step by step.
input + ok claudio norby hshoexer
|
|
henning@ claudio@ ok
|
|
Additionally add the IP_RECVIF option which returns the interface a packet
was received on. OK markus@ norby@
|
|
|
|
the remainder of the network stack from splimp to splnet.
ok miod@
|
|
Any pf(4) translation that modifies more than IP addresses,
was happening on the shared mbuf cluster. Thus we were
sending icmp errors with corrupted payload.
OK dhartmei@, markus@
|
|
ok henning@
|
|
It is now possible to enable multicast routing in the kernel with
the sysctl option net.inet.ip.mforwarding=1
Based on intial work by msf@
help claudio@
ok claudio@ deraadt@
|
|
|
|
found by leonardo@iken.com.br
|
|
Don't count link local scope multicast as not forwardable.
This stops ips_cantforward growing on carp(4) networks.
tested and ok mcbride@, ok markus@.
|
|
than a pointer to struct ifnet containing it.
Saves a 448 byte stack allocation in ip_forward which previously faked up
a struct ifnet just for this purpose.
idea ok deraadt millert
|
|
millert
|
|
from art; ok deraadt, claudio, henning
|
|
ok henning
|
|
ok krw@ canacar@
|
|
|
|
Wait with the decrement until after the copy is done. Resolves checksum
mismatches on the embedded header, as reported by tcpdump.
ok markus@ itojun@
|
|
ok markus@
|
|
ok mcbride@ miod@ deraadt@
|
|
No need to reconfig kernel or rebuild userland stuff.
requested deraadt@, help beck@
|
|
ok cedric@ henning@
|
|
their *source* IP address in addition to their destination address.
routing table "destination" now contains a "struct sockaddr_rtin"
for IPv4 instead of a "struct sockaddr_in".
the routing socket has been extended in a backward-compatible way.
todo: PMTU enhancements, IPv6. ok deraadt@ mcbride@
|
|
from Patrick Latifi
|
|
|
|
|
|
|
|
|
|
(please test, especially PF portion)
|
|
rescinded 22 July 1999. Proofed by myself and Theo.
|
|
|
|
|
|
ok dhartmei@
|
|
ok henning@, deraadt@
|
|
Henric Jungheim. ok deraadt@
|
