| Age | Commit message (Collapse) | Author |
|---|
|
A single forwarding cache is not the answer. The answer is 42... err PF!
ok bluhm@
|
|
(we got lucky before, because the variable that used to be checked was
always available)
OK bluhm@
|
|
state key is linked to a socket inp.
OK mpi@ henning@
|
|
anycast address.
This will allow us to split ip6_input() in two parts using a queue
in the middle.
ok jca@, florian@, bluhm@
|
|
to store a field in an extra variable that is only accessed twice.
OK mpi@
|
|
destination as per RFC4213.
We're not in 1999 anymore, what was earlier a "stronger check than
RFC1933" is now a best practice. This matches the behavior of the
reject (R) routes added by default by netstart(8).
ok jca@, florian@, claudio@, bluhm@
|
|
This function will help splitting the IPv6 input path in two, in
order to run the first part without KERNEL_LOCK() held.
Tested by Hrvoje Popovski, ok bluhm@
|
|
|
|
This sysctl is a no-op, read-only since it was introduced. There are no
plans to support IPv4-mapped addresses on OpenBSD, thus this sysctl is
meaningless.
Noticed by djm@, ok claudio@ mpi@ sthen@ henning@
|
|
ok sthen@, visa@
|
|
when the next packet needs to be forwarded, just like if the route
was invalid.
ok mikeb@, claudio@
|
|
ok jca@, phessler@, mikeb@
|
|
ok bluhm@ jca@
|
|
ok beck@ deraadt@
|
|
an interface joined a specific multicast group.
ok phessler@, visa@, dlg@
|
|
|
|
this avoids current recursion to pf_test() function. the change also
switches icmp_error()/icmp6_error() to use ip_send()/ip6_send() so
they are safe for PF.
The idea comes from Markus Friedl. bluhm, mikeb and mpi helped me
a lot to get it into shape.
OK bluhm@, mpi@
|
|
descriptor.
Allow to get rid of two if_ref() in the output paths.
ok dlg@
|
|
ABI form for the sake of existing programs. no programs from that era have
been able to run for quite some time. Kill it all.
ok deraadt florian millert mpi
(I believe this is my first IPv6 diff. Future, here I come!)
|
|
ok mpi@ bluhm@
|
|
While here add two missing ``rtableid'' checks in in6_selectsrc().
ok bluhm@
|
|
configured addressses.
ok mikeb@
|
|
|
|
ok mikeb@
|
|
This pseudo-option is a hack to support return-rst on bridge(4). It
passes Ethernet information via a "struct route" through ip_output().
"struct route" is slowly dying...
ok claudio@, benno@
|
|
receiving interface in the packet header of every mbuf.
The interface pointer should now be retrieved when necessary with
if_get(). If a NULL pointer is returned by if_get(), the interface
has probably been destroy/removed and the mbuf should be freed.
Such mechanism will simplify garbage collection of mbufs and limit
problems with dangling ifp pointers.
Tested by jmatthew@ and krw@, discussed with many.
ok mikeb@, bluhm@, dlg@
|
|
|
|
with niqueues.
this change is so big because there's a lot of code that takes
pointers to different input queues (eg, ether_input picks between
ipv4, ipv6, pppoe, arp, and mpls input queues) and falls through
to code to enqueue packets against the pointer. if i changed only
one of the input queues id have to add sepearate code paths, one
for ifqueues and one for niqueues in each of these places
by flipping all these input queues at once i can keep the currently
common code common.
testing by mpi@ sthen@ and rafael zalamena
ok mpi@ sthen@ claudio@ henning@
|
|
have any direct symbols used. Tested for indirect use by compiling
amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
|
multicast interface table (mif6). Will be used by netstat soon.
Looked over by guenther@
|
|
with the ip6intrq.
ok claudio@
|
|
states for external traffic through a link-local address.
Found the hard way and fix tested by bluhm@.
|
|
Packets destinated to link-local addresses are looped back with embedded
scopes because we cannot restore them using the receiving interface (lo0).
Embedded scopes are needed by the routing table to match RTF_LOCAL routes,
but pf(4) never saw them and existing rules are likely to break without
teaching the rule engine about them, found by dlg@ the hard way.
So save and restore embedded scopes around pf_test() for packets going
through loopback.
ok dlg@, mikeb@
|
|
|
|
long live the one true internet.
ok henning mikeb
|
|
ok mikeb@, krw@, bluhm@, tedu@
|
|
- Unicast packets sent to any local address will have their interface
set to loobpack.
- In order to differentiate traffic from interfaces having identical
link-local addresses, provide the scoped addresses to pf(4).
- Update the icmp6 state lookup logic to match scoped MLL addresses.
- Remove a shortcut in ip6_input() that bypasses pf and always look
for an RTF_LOCAL route.
Packets sent to multicast addresses still retain their original
interface due to the fact that local multicast packet delivering
does not use if_output.
This makes ping6 to link-local addresses work even with pf enabled
and "set skip" on loopbacks, reported by Pieter Verberne.
Debugged, analysed and tested with mikeb@.
ok mikeb@, henning@, sthen@
|
|
for a multicast/broadcast destination address.
These checks have already been done in the Ethernet and IP layers and
the mbuf(9) should contain all the required information at this point.
But since we cannot trust this spaghetti stack, be paranoid and make
sure to set the flags in the IP input routines.
Use explicit comments, requested by deraadt@. ok claudio@
|
|
kill the macro.
ok mikeb@, henning@
|
|
rely on "struct route" that should die.
ok claudio@
|
|
|
|
don't need to be married.
ok guenther miod beck jsing kettenis
|
|
|
|
receiving pointer -> index conversion. No functional change.
ok claudio@, mikeb@, lteo@
|
|
Avoid the confusion by using an appropriate name for the variable.
Note that since routing domain IDs are a subset of the set of routing
table IDs, the following idiom is correct:
rtableid = rdomain
But to get the routing domain ID corresponding to a given routing table
ID, you must call rtable_l2(9).
claudio@ likes it, ok mikeb@
|
|
ok bluhm@, mikeb@
|
|
ok bluhm@
|
|
stack should still scan for IPv6 type 0 routing headers. There are
OpenBSD routers running without pf and there are plenty of legacy
implementations supporting RH0.
Bring back the function ip6_check_rh0hdr() that I removed a month
ago. As an improvement to the prevoius solution, only scan the
header chain in ip6_input() if the packet has not been inspected
by pf. Both implementations drop packets with RH0 anywhere in the
extension header chain.
OK mikeb@ henning@
|
|
network to presentation format to inet_ntop().
The few remaining functions will be soon converted.
ok mikeb@, deraadt@ and moral support from henning@
|
|
ports tree grep run by sthen
|
