| Age | Commit message (Collapse) | Author |
|---|
|
compatibility with 4.3BSD in September 1989.
*Pick your own definition for "temporary".
ok bluhm@, claudio@, dlg@
|
|
receiving interface in the packet header of every mbuf.
The interface pointer should now be retrieved when necessary with
if_get(). If a NULL pointer is returned by if_get(), the interface
has probably been destroy/removed and the mbuf should be freed.
Such mechanism will simplify garbage collection of mbufs and limit
problems with dangling ifp pointers.
Tested by jmatthew@ and krw@, discussed with many.
ok mikeb@, bluhm@, dlg@
|
|
code to use sotopf() like tcp_usrreq() does. Also following
tcp_usrreq(), put more stuff under splsoftnet. And as a result
in-line code in udp_detach() and nuke udp_detach().
Most ideas from and ok mikeb@
|
|
fixes rekeying for l2tp/ipsec against multiple windows clients
and saves memory (for many SAs to same peers); feedback and ok mikeb@
|
|
ok mikeb
|
|
This code is largely unfinished and is not used for anything. The change
leaves identities as only objects referenced by ipsec_ref structure and
their handling requires some changes to support more advanced matching of
IPsec connections.
No objections from reyk and hshoexer, with and OK markus.
|
|
is to clear the damn embedded scope.
At this point the receiving interface should not matter and will in the
future be cleared to prevent such layer violations.
This prevent exporting addresses with embedded scope to userland.
Found the hardway by and ok florian@
|
|
ok mikeb@, krw@, bluhm@, tedu@
|
|
|
|
ok deraadt@ tedu@
|
|
for a multicast/broadcast destination address.
These checks have already been done in the Ethernet and IP layers and
the mbuf(9) should contain all the required information at this point.
But since we cannot trust this spaghetti stack, be paranoid and make
sure to set the flags in the IP input routines.
Use explicit comments, requested by deraadt@. ok claudio@
|
|
pf the state has to vanish immediately when the relay closes the
socket. To make this work reliably, the linkage between state and
socket must be established with the first packet. This packet could
be incomming or outgoing.
Link the pf state in the socket layer earlier. This makes all tests
in /usr/src/regress/sys/net/pf_divert pass.
OK henning@
|
|
ok mpi@ kspillner@
|
|
|
|
when the number of the hash entries reaches 75% of the table size.
ok dlg henning, 'commit in' claudio
|
|
state to the socket pcb. Add an additional assert to narrow down
the panics.
OK henning@
|
|
|
|
Pointed out by Ivan Solonin.
ok henning mpi jca
|
|
udp6_output().
ok henning@, reyk@, jca@
|
|
ever used to pass on uint32 (for ipsec). stop that madness and just pass
the uint32, 0 in all cases but the two that pass the ipsec flowinfo.
ok deraadt reyk guenther
|
|
error code and pass the resulting source address back to the caller
through a pointer, as suggested by chrisz. This gives us more readable
code, and eases the deletion of useless checks in the callers' error path.
Add a bunch of "0 -> NULL" conversions, while here.
ok chrisz@ mpi@
|
|
IP_SENDSRCADDR support. This reduces the differences with the
IPv6 version and kill some comments that are no longer true.
ok jca@, chrisz@, mikeb@
|
|
Avoid the confusion by using an appropriate name for the variable.
Note that since routing domain IDs are a subset of the set of routing
table IDs, the following idiom is correct:
rtableid = rdomain
But to get the routing domain ID corresponding to a given routing table
ID, you must call rtable_l2(9).
claudio@ likes it, ok mikeb@
|
|
socket.
OK claudio@
|
|
localhost connections.
The plan is to always use the routing table for addresses and routes
resolutions, so there is no future for an option that wants to bypass
it. This option has never been implemented for IPv6 anyway, so let's
just remove the IPv4 bits that you weren't aware of.
Tested a least by lteo@, guenther@ and chrisz@, ok mikeb@, benno@
|
|
Also fixes a possible memory leak where m doesn't get freed in bail case.
"lets do it like this" claudio@
|
|
for localhost connections. discussed with deraadt@
|
|
use the routing table there's no future for an option that wants to
bypass it. This option has never been implemented for IPv6 anyway,
so let's just remove the IPv4 bits that you weren't aware of.
Tested by florian@, man pages inputs from jmc@, ok benno@
|
|
statistics sideeffects before. ok lteo naddy
|
|
are are lie, since the software engine emulates hardware offloading
and that is later indistinguishable. so kill the hw cksummed counters.
introduce software checksummed packet counters instead.
tcp/udp handles ip & ipvshit, ip cksum covered, 6 has no ip layer cksum.
as before we still have a miscounting bug for inbound with pf on, to be
fixed in the next step.
found by, prodding & ok naddy
|
|
in the base. Ports fixes to follow shortly for the two ports (gkrellm
and net-snmp) affected.
ok zhuk@ millert@
|
|
ok henning@, mikeb@
|
|
Still some important missing pieces, and this is not yet enabled.
OK bluhm@
|
|
already there, just compute it - it's dirt cheap. since that happens
very late in ip_output, the rest of the stack doesn't have to care about
checksums at all any more, if something needs to be checksummed, just
set the flag on the pkthdr mbuf to indicate so.
stop pre-computing the pseudo header checksum and incrementally updating it
in the tcp and udp stacks.
ok lteo florian
|
|
created a bunch of useless dependencies. Remove this implicit
inclusion and do an explicit #include <netinet6/in6_var.h> when it
is needed.
OK mpi@ henning@
|
|
interface. VXLAN is a UDP-based tunnelling protocol for overlaying
virtualized layer 2 networks over layer 3 networks. The implementation
is based on draft-mahalingam-dutt-dcops-vxlan-04 and has been tested
with other implementations in the wild.
put it in deraadt@
|
|
of tcp_input() and tcp_output() were very inconsistent. Especially
the so->so_pcb is NULL which can only happen after the inp has been
detached. The whole issue looks similar to the old panic:
pool_do_get(inpcbpl): free list modified.
http://marc.info/?l=openbsd-bugs&m=132630237316970&w=2
To get more information, add some asserts that guarantee the
consistency of the socket, inpcb, tcpcb linking. They should trigger
when an inp is taken from the pcb hashes after it has been freed.
OK henning@
|
|
of the IPL_NET. pf_test should be no longer called under IPL_NET as
well. The problem became evident after the related issue was brought
up by David Hill <dhill at mindcry ! org>.
With input from and OK mpi. Tested by David and me.
|
|
dropped by IPsec security policy.
input from and ok mikeb
|
|
OK claudio@
|
|
allow the assingment of &sa6_any. But rip6_ctlinput() could not
guarantee that as it casted away the const attribute when it passes
the pointer to in6_pcbnotify(). Replace sockaddr with const
sockaddr_in6 in the in6_pcbnotify() parameters. This reduces the
number of casts. Also adjust in6_pcbhashlookup() to handle the
const attribute correctly.
Input and OK claudio@
|
|
|
|
move them to the corresponding header with an appropriate comment if
necessary.
ok guenther@
|
|
into one block.
OK mpi@
|
|
instead of 0 for pointers. No binary change.
OK mpi@
|
|
three different ways. Use the same code in udp_usrreq() and
rip_usrreq() and rip6_usrreq(). This also fixes a pcb and socket
leak in udp_usrreq() in case soreserve() fails. Put an splsoftassert()
into in_pcballoc() for safety.
OK mpi@
|
|
reach the socket that the user has specified in pf.conf.
OK reyk@
|
|
avoid ugly casts.
OK krw@ tedu@
|
|
dhill.
ok krw@, mikeb@, tedu@ (implicit)
|
|
spliced and routed to loopback. The content of the pf header in
the mbuf was keeping the divert information on its way. Reinitialize
the whole packet header of the mbuf and remove the mbuf tags when
the packet gets spliced.
OK claudio@ markus@
|
