| Age | Commit message (Collapse) | Author |
|---|
|
OK deraadt@ florian@
|
|
IPv4 we do the same and there are races that triggers it. Increment
the statistics counter for both.
from markus@; OK mpi@
|
|
From Raf Czlonka, ok sthen@
|
|
slaacd(8).
RFC 7217 states (section 5, page 9):
| The Interface Identifier is finally obtained by taking as many
| bits from the RID value (computed in the previous step) as
| necessary, starting from the least significant bit.
Problem in slaacd pointed out by semarie@.
OK sthen, phessler
|
|
The account flag `ASU' will no longer be set but that makes suser()
mpsafe since it no longer mess with a per-process field.
No objection from millert@, ok tedu@, bluhm@
|
|
from semarie@, ok benno@
|
|
if you need to send an ipv6 packet with ip6_send(), there's no DF
bit in an ipv6 packet and no way to pass the ip6 options to ip6_output
to tell it to not allow fragmentation. this adds an M_IPV6_DF_OUT
"checksum" flag so something creating ipv6 packets a long way from
ip6_output can easily tell it to not allow fragmentation.
grumbling and ok claudio@
|
|
while here, give us support for mpls in gif on ipv6.
this moves all the gif handling into if_gif, eg, the mpls handling
is no longer in ip_etherip.c.
ok claudio@
|
|
Interface Identifiers with IPv6 Stateless Address Autoconfiguration."
"An IPv6 address configured using this method is stable within each
subnet, but the corresponding Interface Identifier changes when the
host moves from one network to another. This method is meant to be an
alternative to generating Interface Identifiers based on hardware
addresses."
OK naddy, sthen
|
|
the main new feature is gre keys, supported by the vnetid ioctls.
this also adds support for gre over ipv6, the use of hfsc, and
allows tx mitigation in the future.
this diff removes keepalive support, but i promised claudio@ and
patrick@ i would put it back after this goes in.
ok claudio@
|
|
It was not guaranteed that the mbuf data was not somewhere else in
the chain. So return an offset and do a proper mbuf pulldown.
found by Maxime Villard; from NetBSD; with markus@; OK deraadt@
|
|
packet through ip6_input() or from the routing table. In both cases
the KAME hack has added the embeded scope to the address, so it is
not necessary to fill the scope id again in rt6_flush(). Assert
that it is already there.
OK mpi@
|
|
ARP or ND timeout could delete local routes. Put an assert into
arptfree() and nd6_free() so this cannot happen again.
OK mpi@
|
|
state as diverted. This is necessary for IP input to accept the
packet as ours. But it must not be used to match the ICMP packet
to a raw socket. Clear the PF_TAG_DIVERTED mbuf pf flag for the
special ICMP and ICMP6 packets in icmp_input_if() and icmp6_input().
The m_tag_delete_chain() caused an inconsistent PF_TAG_DIVERTED
mbuf pf flag and PACKET_TAG_PF_DIVERT mbuf tag which triggered an
assert in rip_input(). Deleting all mbuf tags can have undesired
side effects and is not necessary anymore since icmp_reflect() calls
m_resethdr(). Do not touch the mbuf tags and adjust the mbuf pf
flags for the correct behavior of rip_input() and rip6_input().
reported by Chris Eidem, James Turner, vicviq, Scott Vanderbilt
OK mpi@
|
|
is set, pf_find_divert() cannot fail so put an assert there.
Explicitly check all possible divert types, panic in the default
case. For raw sockets call pf_find_divert() before of the socket
loop. Divert reply should not match on TCP or UDP listen sockets.
OK sashan@ visa@
|
|
divert-to or divert-reply was active. If the address was also set,
it meant divert-to. Divert packet used a separate structure. This
is confusing and makes it hard to add new features. It is better
to have a divert type that explicitly says what is configured.
Adapt the pf rule struct in kernel and pfctl, no functional change.
Note that kernel and pfctl have to be updated together.
OK sashan@
|
|
packets.
Found by Hrvoje Popovski.
ok visa@, bluhm@
|
|
This prevents a use-after-free reported by Hrvoje Popovski where the
timeout function was already sleeping on the NET_LOCK() when ifconfig(8)
removed the enry from the table.
By iterating on a global list in the timeout routine we ensure that the
items are still valid when we process them. This also reduce differences
with ARP.
ok bluhm@, visa@
|
|
mp-safe.
ok bluhm@, visa@
|
|
They have the same functionnality since friehm@ cleaned up
balancing code.
ok florian@, visa@, patrick@, bluhm@, jmatthew@
|
|
interface index.
This assumption is true for the moment iff the route lookup *and* the
if_get() are done under KERNEL_LOCK(). This is not the case here.
Found the hardway by Hrvoje Popovski.
ok florian@, visa@, bluhm@
|
|
pr_input handlers without KERNEL_LOCK().
ok visa@
|
|
As a result, ip_ether.c now only deals with MPLS-in-IP. The next
commits will move & rename stuff to make this clear. ok visa@ mpi@
|
|
The INET6 entries are not needed, not documented (use net.inet.etherip)
and do not appear in sysctl(8) output.
ok mpi@
|
|
messages. Splassert was triggered by regress/sys/netinet6/frag6.
OK mpi@ sashan@ visa@
|
|
ok visa@, benno@
|
|
This will be used to first allow read-only ioctl(2) to be executed while
the softnet taskq is running. Then it will allows us to execute multiple
softnet taskq in parallel.
Tested by Hrvoje Popovski, ok kettenis@, sashan@, visa@, tb@
|
|
This lets the code run without KERNEL_LOCK() and NET_LOCK().
In addition, this patch reorganizes a part of the code, to move
some of the memory release operations outside the critical section.
Input and OK mpi@, OK florian@, an earlier version OK bluhm@
|
|
OK mpi
|
|
Instead return EOPNOTSUPP and call it from ifioctl(). This will help
getting per-driver ioctl routines outside of need the NET_LOCK().
While here always return ENXIO when ``ifp'' is NULL.
ok visa@, florian@
|
|
for the Source Link-layer Address Options.
Merge nd6_rs_input() and nd6_ra_input() into one generic function that
does just that.
input & OK mpi
|
|
functions to pave way for more fine grained locking.
Suggested by, comments & OK mpi
|
|
Also it does not change behaviour.
OK jca
|
|
|
|
NOTE: code still runs with single softnet task. change definition of
SOFTNET_TASKS in net/if.c, if you want to have more than one softnet task
OK mpi@, OK phessler@
|
|
Direction suggested by mpi
OK mpi, visa
|
|
and drop the now redundant allocation type M_FTABLE.
OK mikeb@, bluhm@, mpi@
|
|
OK bluhm@, mpi@
|
|
is set.
Accesses to IPsec global data structure are now serialized by the
NET_LOCK().
Tested by many, ok visa@, bluhm@
|
|
ok florian@, sthen@, jsg@
|
|
ok mpi@
|
|
if_attach() enforces it is properly defined.
|
|
ok florian@, claudio@, bluhm@
|
|
ok florian@, claudio@, visa@, bluhm@
|
|
off the mbuf properties with m_resethdr(). It is a new packet,
especially M_LOOP indicating that it was running through lo(4)
should be cleared. Use the ph_loopcnt to prevent looping at the
upper end of the stack. Although not strictly necessary in icmp
reflect, it is a good idea to increase and check the counter here,
like in socket splicing.
OK mpi@ sashan@
|
|
from icmp6_reflect() to ip6_send_dispatch() when ip6_send() was
introduced. Move the comment that explains this flag also to the
place where it is used.
from sashan@
|
|
- SIOCSIFPHYADDR
- SIOCSIFPHYADDR_IN6
- SIOCGIFPSRCADDR
- SIOCGIFPSRCADDR_IN6
- SIOCGIFPDSTADDR
- SIOCGIFPDSTADDR_IN6
ok bluhm@
|
|
Exposes per-CPU counters to real parrallelism.
ok visa@, bluhm@, jca@
|
|
wrap it.
|
|
divert-packet. Bring back the loop over the global list to find
the divert socket.
|
