| Age | Commit message (Collapse) | Author |
|---|
|
This unify some code and notify userland for free.
blambert@ agrees, ok bluhm@
|
|
Packets destinated to link-local addresses are looped back with embedded
scopes because we cannot restore them using the receiving interface (lo0).
Embedded scopes are needed by the routing table to match RTF_LOCAL routes,
but pf(4) never saw them and existing rules are likely to break without
teaching the rule engine about them, found by dlg@ the hard way.
So save and restore embedded scopes around pf_test() for packets going
through loopback.
ok dlg@, mikeb@
|
|
email.
|
|
make sure the default MTU is set for every address configured on the
ifp and not just the first one.
Regress test breakage reported by daniel@
|
|
interfaces.
When the kernel automagically configures IPv6 addresses on loopback
interfaces, start by assigning a link-local address and then try to
assign "::1".
Only the first configured loopback interface per rdomain can have the
"::1" address. But even if other loopback interfaces failed to get
this address, because it is already taken, give them a chance to have
a link-local address.
While here change in6_ifattach() to return an error value and remove
duplicated code.
Fix a regression introduced by the NOINET6 flag removal.
ok henning@, stsp@, florian@, benno@
|
|
when workqs were introduced, we provided a second argument so you
could pass a thing and some context to work on it in. there were
very few things that took advantage of the second argument, so when
i introduced pools i suggested removing it. since tasks were meant
to replace workqs, it was requested that we keep the second argument
to make porting from workqs to tasks easier.
now that workqs are gone, i had a look at the use of the second
argument again and found only one good use of it (vdsp(4) on sparc64
if you're interested) and a tiny handful of questionable uses. the
vast majority of tasks only used a single argument. i have since
modified all tasks that used two args to only use one, so now we
can remove the second argument.
so this is a mechanical change. all tasks only passed NULL as their
second argument, so we can just remove it.
ok krw@
|
|
get userland notification for free.
ok blambert@, bluhm@
|
|
before <net/pfvar.h> or <net/if_pflog.h>. The kernel files can be
cleaned up next. Some sockaddr_union steps make it into here as well.
ok naddy
|
|
|
|
reflect that IPv6 link-local addresses are no longer automagically
configured the first time an interface is brought up.
ok henning@, stsp@
|
|
Otherwise clean up code will never run.
OK mpi@, benno@, henning@
|
|
for the validity of a given outgoing route entry into a single function.
This change is inspired from FreeBSD r111767. The function introduced
here, rt_checkgate(), should hopefully die in a near future. Why should
it die? Well, it is way too late to do such validity checks: if your
kernel can ends up in ether_output() with an invalid route, please do
not let it try to find a new one that might do the job.
Go read this function if you're wondering why you're getting messages
like:
"arpresolve: X.X.X.X: route without link local address"
Since this horrible logic has survived 20 years of copy & past and small
modifications for workarounds without a single clear commit message, let's
assume it is full of dragons and try to play safe. This factorization is
not intended to change any behavior.
With much inputs from bluhm@, tested by weerd@ and florian@ on setups
with p2p IPv6 interfaces.
ok bluhm@, benno@, florian@
|
|
was enabled by default. Add AFATTACH/AFDETACH ioctls which enable/disable
an address family for an interface (currently used for IPv6 only).
New kernel needs new ifconfig for IPv6 configuration (address assignment
still works with old ifconfig making this easy to cross over).
Committing on behalf of henning@ who is currently lebensmittelvergiftet.
ok stsp, benno, mpi
|
|
splsoftnet().
|
|
|
|
long live the one true internet.
ok henning mikeb
|
|
Prodded by claudio@ and mikeb@
|
|
Output interface (port) selection for multicast traffic is not done via
route lookups. Instead the output ifp is registred when setsockopt(2)
is called with the IP{V6,}_MULTICAST_IF option. But since there is no
mechanism to invalidate such pointer stored in a pcb when an interface
is destroyed/removed, it might lead your kernel to fault.
Prevent a fault upon resume reported by frantisek holop, thanks!
ok mikeb@, claudio@
|
|
ok millert@, bluhm@
|
|
to decide whether or not to remove local routes.
Prevent from having a NULL ifp pointer in the routing table when an
address present in another rdomain is removed from an interface.
ok bluhm@
|
|
ok mikeb@, krw@, bluhm@, tedu@
|
|
|
|
error code on failure (unchecked for the moment).
ok mikeb@, jmc@
|
|
- Unicast packets sent to any local address will have their interface
set to loobpack.
- In order to differentiate traffic from interfaces having identical
link-local addresses, provide the scoped addresses to pf(4).
- Update the icmp6 state lookup logic to match scoped MLL addresses.
- Remove a shortcut in ip6_input() that bypasses pf and always look
for an RTF_LOCAL route.
Packets sent to multicast addresses still retain their original
interface due to the fact that local multicast packet delivering
does not use if_output.
This makes ping6 to link-local addresses work even with pf enabled
and "set skip" on loopbacks, reported by Pieter Verberne.
Debugged, analysed and tested with mikeb@.
ok mikeb@, henning@, sthen@
|
|
for a multicast/broadcast destination address.
These checks have already been done in the Ethernet and IP layers and
the mbuf(9) should contain all the required information at this point.
But since we cannot trust this spaghetti stack, be paranoid and make
sure to set the flags in the IP input routines.
Use explicit comments, requested by deraadt@. ok claudio@
|
|
interfaces with an IPv6 address.
ok henning@, mikeb@, deraadt@
|
|
ok miod@
|
|
to include that than rdnvar.h. ok deraadt dlg
|
|
Tweaks and ok florian@
|
|
pf the state has to vanish immediately when the relay closes the
socket. To make this work reliably, the linkage between state and
socket must be established with the first packet. This packet could
be incomming or outgoing.
Link the pf state in the socket layer earlier. This makes all tests
in /usr/src/regress/sys/net/pf_divert pass.
OK henning@
|
|
functionnality instead of a mix of enable/disable.
ok bluhm@, jca@
|
|
If there is a tie then a carp interface is not allowed to win even if
it has an address with a longer bitwise match. This allows reliable IPv6
communication between carp master and backup across a shared IPv6 subnet.
Consider the carp address 2001:DB8:10::14, which is configured on firewall A
(in carp master state) and firewall B (in carp backup state), each of which
has another address in the same prefix on a non-carp interface (A has
2001:DB8:10::1 and B has 2001:DB8:10::11). In this setup, A would use
2001:DB8:10::14 as source address when sending neighbour solicitations to B.
Since 2001:DB8:10::14 is a local address from B's point of view, B never
replied to the neighbour solicitations sent by A.
With this change A uses 2001:DB8:10::1 as source address instead.
ok mpi@
|
|
you don't have a physical interface on your machine, so why rawip should
be more clever^Wparanoid than the others?
ok henning@, mikeb@
|
|
kill the macro.
ok mikeb@, henning@
|
|
raise it inside their ioctl handler (except for carp(4), what else?).
In general, global structures manipulated in the softnet codepath only
require a splsoftnet() protection when they are modified in process
(ioctl) context.
Also put some IPL_SOFNET asserts in functions accessing global structures.
Previous version diff ok mikeb@, with inputs from and ok bluhm@
|
|
rely on "struct route" that should die.
ok claudio@
|
|
|
|
Regression from r1.81 which switched from workq to taskq and incorrectly
assumed duplicate addresses would be impossible with taskq. We ended
up re-adding the SLAAC address whenever a privacy address expired.
ok bluhm@
|
|
ok miod@ mpi@
|
|
in kernel and user land.
OK florian@ mpi@
|
|
with autoconf enabled.
If one is doing SLAAC one does already trust link local icmp6 so the
policy for icmp6 redirects should be the same.
pointed out by & OK bluhm@; OK henning@
|
|
pointed out & OK bluhm@
|
|
processing of router advertisements was already in the kernel.
With this rtsol{,d}(8) is no longer necessary.
The kernel starts sending solicitations with
# ifconfig $IF inet6 autoconf
or
inet6 autoconf
in /etc/hostname.$IF.
input stsp@
much help & OK mpi@
tweaks & OK bluhm@
|
|
|
|
|
|
|
|
adding local route entries.
This hack made sense when we didn't have the RTF_LOCAL flag, but since
some months it is set on every local route.
|
|
No object file change
ok florian@ henning@
|
|
|
|
in the pkthdr directly.
ok henning@
|
