summaryrefslogtreecommitdiff
path: root/sys/netinet/ip_output.c
AgeCommit message (Collapse)Author
2016-09-04Prevent a NULL derefernce in ip_output().Martin Pieuchot
A race can happen if a task, like the watchog, sleeps too long keeping an ifp reference while the interface is detached. In this case a TCP timer will try to send packets with a cached route. Since the ifp is being detached if_get(9) returns NULL. Found the hardway by awolk@. ok bluhm@
2016-08-15replace the last uses of m_copym2 with m_dup_pkt.David Gwynne
ok mpi@ visa@
2016-07-01Allow resetting the IP_TTL and IP_MINTTL sockoptsJeremie Courreges-Anglas
IP_TTL can be reset by passing -1, IP_MINTTL can be reset by passing 0. This is consistent with what Linux does and IPV6_UNICAST_HOPS/IPV6_MINHOPCOUNT. ok bluhm@
2016-06-23when pf_test returns something but PF_PASS, set error to EACCESHenning Brauer
instead of EHOSTUNREACH. On the latter, ip_forward can generate undesired icmp errors - either pf generates those itself (block return), or there shouldn't be any. Bizarrely enough, ip_forward has EACCES handling with a comment specifically pointing to packets blocked by pf, but the code in ip_output used EHOSTUNREACH from day #1 on. found & analyzed by Kristof Provost <kp at FreeBSD>, discussed at BSDcan ok mpi millert
2016-05-31Inverse two conditions to not grabe the KERNEL_LOCK for every multicastMartin Pieuchot
packet. ok visa@, stsp@, sthen@
2016-05-04Preserve DiffServ value when fragmenting an ipv4 packet.Vincent Gross
Ok phessler@, henning@
2016-04-29Do not allow to change the routing table of a bound socket. ThisAlexander Bluhm
is not intended and will behave unexpectedly if the address is already used in another domain. It did not work anyway, as the PCB ended in the wrong hash bucket after changing the rtable. Fail with EBUSY if the socket is already bound and rehash the PCB if its rtable changes. input claudio@; OK mpi@
2016-04-18Unbreak RAMDISK, found by deraadt@Martin Pieuchot
2016-04-18Put a KERNEL_LOCK/UNLOCK dance around sections that still need someMartin Pieuchot
work in the forwarding path. Tested by Hrvoje Popovski, ok dlg@
2016-02-11Return ENOBUFS when bumping in the multicast max group membershipsJeremie Courreges-Anglas
This removes the only use of ETOOMANYREFS in our code, making intro(2) match reality. No software out there explicitely checks for ETOOMANYREFS in multicast code. Discussed with millert@ and mpi@ (who suggested using ENOBUFS)
2016-01-21Introduce in{,6}_hasmulti(), two functions to check in the hot path ifMartin Pieuchot
an interface joined a specific multicast group. ok phessler@, visa@, dlg@
2016-01-13Prevent a double if_put().Martin Pieuchot
ok mikeb@, bluhm@
2015-12-05upgrade tcp/ip to use the latest in C89 technology: memcpy.Ted Unangst
ok henning
2015-12-03deleting ip_insertoptions() prototype, which is no longer neededAlexandr Nedvedicky
(follow up on my earlier commit) OK bluhm@
2015-12-03add ifdef IPSEC for protoypes; requested by mpi@Markus Friedl
2015-12-03Remove broadcast matching from ifa_ifwithaddr(), use in_broadcast() whereVincent Gross
required. ok bluhm@ mpi@.
2015-12-02factor out ip_output_ipsec_{lookup,send}(); with & ok claudio@Markus Friedl
2015-12-02Kill the RT_REPORT flag to rtalloc() and stop sending RTM_MISS messagesClaudio Jeker
for failed route lookups. This is something that was maybe useful in the 90is but in this modern times it is just annoying and nothing expect it anyway. OK mpi@, sthen@
2015-12-01typo in commentmmcc
2015-11-26Use rtalloc(9) to look for a local address (RTF_LOCAL) in ip_setmoptions().Martin Pieuchot
This simplifies the if_get()/if_put() dance. Tested by jasper@
2015-11-19Grab the KERNEL_LOCK around ip_mforward(), in preparation for unlockingMartin Pieuchot
ip_output(). Note that ipmforwarding is not enabled by default.
2015-11-11Store the index of the lo0 interface instead of a pointer to itsMartin Pieuchot
descriptor. Allow to get rid of two if_ref() in the output paths. ok dlg@
2015-11-03Disable TCP/UDP TX hardware checksumming if an IPv4 packet containsChristian Weisgerber
IP options or if an IPv6 packet contains header extensions. Required by cnmac(4) and a sensible precautionary measure in general. ok visa@, mikeb@
2015-10-24Convert some if_ref() to if_get().Martin Pieuchot
ok claudio@
2015-10-20add a new getsockopt option IP_IPDEFTTL to retrieve the default ttl.Sebastian Benoit
this can be used as an alternative to sysctl net.inet.ip.ttl, in programs that use pledge(). ok reyk@, "Like this" deraadt@
2015-10-19Stop checking for RTF_UP directly, call rtisvalid(9) instead.Martin Pieuchot
While here add a missing ``rtableid'' check in in_selectsrc(). ok bluhm@
2015-10-13Use rtisivalid(9) to check if the given (cached) route can be used.Martin Pieuchot
Note that after calling rtalloc(9) we only check if a route has been returned or not and do not check for its validity. This cannot be improved without a massive refactoring. The kernel currently *do* use !RTF_UP route due to a mismatch between the value of ifp->if_link_state and the IFF_UP|IFF_RUNNING code. I'd explain the RTF_UP flag as follow: . If a cached route entry w/o RTF_UP is passed to ip{6,}_output(), . call rtalloc(9) to see if a better entry is present in the tree. This is enough to support MPATH and route cache invalidation. ok bluhm@
2015-10-07easy size for free(); ok mpiTheo de Raadt
2015-09-23Always increment rt_use inside rtalloc(9) instead of doing it in someMartin Pieuchot
specific places. ok claudio@, benno@
2015-09-13There's no point in abstracting ifp->if_output() as long as pf_test()Martin Pieuchot
needs to see lo0 in the output path. ok claudio@
2015-09-13Get the default loopback interface pointer just after doing a routeMartin Pieuchot
lookup to ensure pf_test() is called with the same interface in the input annd output path for local traffic. Fix a regression reported by Heiko Zimmermann on bugs@, thanks! ok mikeb@, claudio@
2015-09-12Stop overwriting the rt_ifp pointer of RTF_LOCAL routes with lo0ifp.Martin Pieuchot
Use instead the RTF_LOCAL flag to loop local traffic back to the corresponding protocol queue. With this change rt_ifp is now always the same as rt_ifa->ifa_ifp. ok claudio@
2015-09-12Introduce if_input_local() a function to feed local traffic back toMartin Pieuchot
the protocol queues. It basically does what looutput() was doing but having a generic function will allow us to get rid of the loopback hack overwwritting the rt_ifp field of RTF_LOCAL routes. ok mikeb@, dlg@, claudio@
2015-09-12Fix two cases where it was possible to call if_put with an uninitialized ifpClaudio Jeker
Found by jsg@ with clang
2015-09-11if_put() after if_get for ip_output. This became suddenly super trivial.Claudio Jeker
OK dlg@
2015-09-11There is no need to do the route lookups twice just because of IPSec.Claudio Jeker
Merge the two blocks into one that is executed before the IPSec tdb lookup. OK mpi@ which had a sent out a similar diff around 3 years ago.
2015-09-03Revert (again!) the two uses of rtisvalid(9), they break NFS!Martin Pieuchot
Found the hardway by naddy@
2015-09-03Convert ip{,6}_output() (cached) route entry checks to rtisvalid(9).Martin Pieuchot
This introduces a behavior change as we now reject !RTF_UP routes to output packets. This stricter check exposed a bug in the setup of new routes and was the reason for the previous revert. This should be now fixed by r1.229 of sys/net/route.c . ok bluhm@
2015-09-02Revert the two uses of rtisvalid(9) for the moment, it breaks dhclient(8)Martin Pieuchot
configured networks on RAMDISK kernels. The problem is that the default route installed by dhclient(8) does not have the RTF_UP flag in this environement and rtisvalid(9) doesn't allow you to use a RTF_DOWN route.
2015-09-01Convert ip{,6}_output() (cached) route entry checks to rtisvalid(9).Martin Pieuchot
ok bluhm@
2015-08-31`encif' should only be used under #ifdef NPF.Martin Pieuchot
Reported by jsg@, ok deraadt@
2015-07-16Kill IP_ROUTETOETHER.Martin Pieuchot
This pseudo-option is a hack to support return-rst on bridge(4). It passes Ethernet information via a "struct route" through ip_output(). "struct route" is slowly dying... ok claudio@, benno@
2015-07-15m_freem() can handle NULL, do not check for this condition beforehands.Theo de Raadt
ok stsp mpi
2015-06-30Get rid of the undocumented & temporary* m_copy() macro added forMartin Pieuchot
compatibility with 4.3BSD in September 1989. *Pick your own definition for "temporary". ok bluhm@, claudio@, dlg@
2015-06-16Store a unique ID, an interface index, rather than a pointer to theMartin Pieuchot
receiving interface in the packet header of every mbuf. The interface pointer should now be retrieved when necessary with if_get(). If a NULL pointer is returned by if_get(), the interface has probably been destroy/removed and the mbuf should be freed. Such mechanism will simplify garbage collection of mbufs and limit problems with dangling ifp pointers. Tested by jmatthew@ and krw@, discussed with many. ok mikeb@, bluhm@, dlg@
2015-06-07Replace a bunch of == 0 with == NULL in pointer tests. Nuke someKenneth R Westerback
annoying trailing, leading and embedded whitespace. No change to .o files. ok deraadt@
2015-05-23remove PACKET_TAG_IPSEC_PENDING_TDB, it is never set; ok mikeb@Markus Friedl
2015-05-13test mbuf pointers against NULL not 0Jonathan Gray
ok krw@ miod@
2015-04-17Stubs and support code for NIC-enabled IPsec bite the dust.Mike Belopuhov
No objection from reyk@, OK markus, hshoexer
2015-04-16remove unfinished/unused support for socket-attached ipsec-policiesMarkus Friedl
ok mikeb