| Age | Commit message (Collapse) | Author |
|---|
|
when the number of the hash entries reaches 75% of the table size.
ok dlg henning, 'commit in' claudio
|
|
state to the socket pcb. Add an additional assert to narrow down
the panics.
OK henning@
|
|
|
|
Pointed out by Ivan Solonin.
ok henning mpi jca
|
|
udp6_output().
ok henning@, reyk@, jca@
|
|
ever used to pass on uint32 (for ipsec). stop that madness and just pass
the uint32, 0 in all cases but the two that pass the ipsec flowinfo.
ok deraadt reyk guenther
|
|
error code and pass the resulting source address back to the caller
through a pointer, as suggested by chrisz. This gives us more readable
code, and eases the deletion of useless checks in the callers' error path.
Add a bunch of "0 -> NULL" conversions, while here.
ok chrisz@ mpi@
|
|
IP_SENDSRCADDR support. This reduces the differences with the
IPv6 version and kill some comments that are no longer true.
ok jca@, chrisz@, mikeb@
|
|
Avoid the confusion by using an appropriate name for the variable.
Note that since routing domain IDs are a subset of the set of routing
table IDs, the following idiom is correct:
rtableid = rdomain
But to get the routing domain ID corresponding to a given routing table
ID, you must call rtable_l2(9).
claudio@ likes it, ok mikeb@
|
|
socket.
OK claudio@
|
|
localhost connections.
The plan is to always use the routing table for addresses and routes
resolutions, so there is no future for an option that wants to bypass
it. This option has never been implemented for IPv6 anyway, so let's
just remove the IPv4 bits that you weren't aware of.
Tested a least by lteo@, guenther@ and chrisz@, ok mikeb@, benno@
|
|
Also fixes a possible memory leak where m doesn't get freed in bail case.
"lets do it like this" claudio@
|
|
for localhost connections. discussed with deraadt@
|
|
use the routing table there's no future for an option that wants to
bypass it. This option has never been implemented for IPv6 anyway,
so let's just remove the IPv4 bits that you weren't aware of.
Tested by florian@, man pages inputs from jmc@, ok benno@
|
|
statistics sideeffects before. ok lteo naddy
|
|
are are lie, since the software engine emulates hardware offloading
and that is later indistinguishable. so kill the hw cksummed counters.
introduce software checksummed packet counters instead.
tcp/udp handles ip & ipvshit, ip cksum covered, 6 has no ip layer cksum.
as before we still have a miscounting bug for inbound with pf on, to be
fixed in the next step.
found by, prodding & ok naddy
|
|
in the base. Ports fixes to follow shortly for the two ports (gkrellm
and net-snmp) affected.
ok zhuk@ millert@
|
|
ok henning@, mikeb@
|
|
Still some important missing pieces, and this is not yet enabled.
OK bluhm@
|
|
already there, just compute it - it's dirt cheap. since that happens
very late in ip_output, the rest of the stack doesn't have to care about
checksums at all any more, if something needs to be checksummed, just
set the flag on the pkthdr mbuf to indicate so.
stop pre-computing the pseudo header checksum and incrementally updating it
in the tcp and udp stacks.
ok lteo florian
|
|
created a bunch of useless dependencies. Remove this implicit
inclusion and do an explicit #include <netinet6/in6_var.h> when it
is needed.
OK mpi@ henning@
|
|
interface. VXLAN is a UDP-based tunnelling protocol for overlaying
virtualized layer 2 networks over layer 3 networks. The implementation
is based on draft-mahalingam-dutt-dcops-vxlan-04 and has been tested
with other implementations in the wild.
put it in deraadt@
|
|
of tcp_input() and tcp_output() were very inconsistent. Especially
the so->so_pcb is NULL which can only happen after the inp has been
detached. The whole issue looks similar to the old panic:
pool_do_get(inpcbpl): free list modified.
http://marc.info/?l=openbsd-bugs&m=132630237316970&w=2
To get more information, add some asserts that guarantee the
consistency of the socket, inpcb, tcpcb linking. They should trigger
when an inp is taken from the pcb hashes after it has been freed.
OK henning@
|
|
of the IPL_NET. pf_test should be no longer called under IPL_NET as
well. The problem became evident after the related issue was brought
up by David Hill <dhill at mindcry ! org>.
With input from and OK mpi. Tested by David and me.
|
|
dropped by IPsec security policy.
input from and ok mikeb
|
|
OK claudio@
|
|
allow the assingment of &sa6_any. But rip6_ctlinput() could not
guarantee that as it casted away the const attribute when it passes
the pointer to in6_pcbnotify(). Replace sockaddr with const
sockaddr_in6 in the in6_pcbnotify() parameters. This reduces the
number of casts. Also adjust in6_pcbhashlookup() to handle the
const attribute correctly.
Input and OK claudio@
|
|
|
|
move them to the corresponding header with an appropriate comment if
necessary.
ok guenther@
|
|
into one block.
OK mpi@
|
|
instead of 0 for pointers. No binary change.
OK mpi@
|
|
three different ways. Use the same code in udp_usrreq() and
rip_usrreq() and rip6_usrreq(). This also fixes a pcb and socket
leak in udp_usrreq() in case soreserve() fails. Put an splsoftassert()
into in_pcballoc() for safety.
OK mpi@
|
|
reach the socket that the user has specified in pf.conf.
OK reyk@
|
|
avoid ugly casts.
OK krw@ tedu@
|
|
dhill.
ok krw@, mikeb@, tedu@ (implicit)
|
|
spliced and routed to loopback. The content of the pf header in
the mbuf was keeping the divert information on its way. Reinitialize
the whole packet header of the mbuf and remove the mbuf tags when
the packet gets spliced.
OK claudio@ markus@
|
|
the pointer to the statekey in the mbuf.
When an UDP socket is spliced, pf would use this key during ip_output()
although the packet went through two sockets in the meantime. Reset
the mbuf's statekey in tcp_input() and udp_input() to eliminate the
pointer to pf lingering in the socket buffers.
OK claudio@
|
|
ok yasuoka@
|
|
(= before divert) destination port of a UDP packet. The way to use
this option is same as IP_RECVDSTPORT.
from UMEZAWA Takeshi
tweaks from jmc; ok henning bluhm
|
|
L2TP packets.
ok markus henning
|
|
can use this to select the IPsec tunnel for sending L2TP packets.
this fixes Windows (always binding to 1701) and Android clients
(negotiating wildcard flows); feedback mpf@ and yasuoka@;
ok henning@ and yasuoka@; ok jmc@ for the manpage
|
|
It could not use the destination address properly, so it failed to
find the pipex session. This bug caused LCP keepalive failures on some
clients.
found and tested by sebastia@ and mxb at alumni.chalmers.se.
ok sthen
|
|
no objection from mcbride@ krw@ markus@ deraadt@
|
|
`net.pipex.enable' to enable PIPEX. By default, pipex is disabled
and it will not process packets from wire. Update man pages and
update HOWTO_PIPEX_NPPPD.txt for testers.
discussed with dlg@, ok deraadt@ mcbride@ claudio@
|
|
at least krw@, pirofti@ and todd@ have been seeing panics (todd and krw
with xxxterm not sure about pirofti) involving pool corruption while
using this commit.
krw and todd confirm that this backout fixes the problem.
ok blambert@ krw@, todd@ henning@ and kettenis@
Double link between pf states and sockets. Henning has
already implemented half of it. The additional part is: -
The pf state lookup for outgoing packets is optimized by
using mbuf->inp->state.
- For incomming tcp, udp, raw, raw6 packets the socket
lookup always is optimized by using mbuf->state->inp.
- All protocols establish the link for incomming packets.
- All protocols set the inp in the mbuf for outgoing packets.
This allows the linkage beginning with the first packet
for outgoing connections.
- In case of divert states, delete the state when the socket
closes. Otherwise new connections could match on old
states instead of being diverted to the listen socket.
ok henning@
|
|
essentially identical; the only difference being that m_pullup2 is
capable of handling mbuf clusters, but called m_pullup for shorter
lengths (!).
testing dlg@ ok claudio@
|
|
This fixes the problem of binding sockets to broadcast IPs in other
rdomains.
OK henning@
|
|
implemented half of it. The additional part is:
- The pf state lookup for outgoing packets is optimized by using
mbuf->inp->state.
- For incomming tcp, udp, raw, raw6 packets the socket lookup always
is optimized by using mbuf->state->inp.
- All protocols establish the link for incomming packets.
- All protocols set the inp in the mbuf for outgoing packets.
This allows the linkage beginning with the first packet for
outgoing connections.
- In case of divert states, delete the state when the socket closes.
Otherwise new connections could match on old states instead of
being diverted to the listen socket.
ok henning@
|
|
ok claudio krw
|
|
was done earlier for routing sockets.
ok claudio@
|
