| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
a gruesome union, to block the compiler from placing the struct
incorrectly aligned on stack frames
ok guenther
|
|
|
|
inside the NPF block. Fixes checksum issues seen on ramdisk kernels.
Initial diff by naddy@, tested and OK by many
|
|
dependent on ipsec.
puzzled how this went by since I did run full mkrs... pbly lost in my forest
of trees :(
report Amit Kulkarni <amitkulz at gmail.com>, fix me, ok kettenis beck krw
|
|
-assume we have hardware checksum offloading. stop mucking with the
checksum in most of the stack
-stop checksum mucking in pf, just set a "needs checksumming" flag if needed
-in all output pathes, very late, if we figure out the outbound interface
doesn't have hw cksum offloading, do the cksum in software. this especially
makes the bridge path behave like a regular output path
-little special casing for bridge still required until the broadcast path
loses its disgusting shortcut hacks, but at least it's in one place now
and not all over the stack
in6_proto_cksum_out mostly written by krw@
started at k2k11 in iceland more than 1.5 years ago - yes it took that
long, this stuff is everything but easy.
this happens to fix the infamous pf rdr bug that made us turn off proto
cksum offloading on almost all interface drivers.
ok camield sthen claudio, testing by many, thanks!
|
|
which packets (as in direction) of the traffic will be diverted
through the divert socket.
ok claudio@, henning@
|
|
with and without alignment.
Bug found by Clement Lecigne <clemun AT gmail DOT com>
OK claudio@
|
|
of to the bridge itself. This is ok, since an interface can only be part
of one bridge, and the parent bridge is easy to find from the bridgeport.
This way we can get rid of a lot of list walks, improving performance
and shortening the code.
ok henning stsp sthen reyk
|
|
are cleared as well; from hshoexer@, feedback and ok bluhm@, ok claudio@
|
|
with the latter
no change in md5 checksum of generated files
ok claudio@ henning@
|
|
ok deraadt@ miod@
|
|
OK henning@
|
|
(= before divert) destination port of a UDP packet. The way to use
this option is same as IP_RECVDSTPORT.
from UMEZAWA Takeshi
tweaks from jmc; ok henning bluhm
|
|
Much ports testing of various versions by naddy@ and jasper@
ok matthew@, miller@
|
|
Restores the ability to use privacy addresses for outgoing connections and
static addresses for incoming connections, which was broken by r1.62.
ok sperreault@
|
|
IPL_SOFTNET before it was factored out into a work queue task.
ok dlg
|
|
already exists.
5.1 and older did the right thing.
5.2 did not (mea culpa).
Now we're back to doing the right thing.
spotted by naddy. ok stsp.
|
|
flag. It is now called IFXF_INET6_NOPRIVACY. So IPv6 privacy
addresses are on by default without resetting the flag during
ifconfig down/up.
OK stsp@, sperreault@ (who wrote the same diff)
|
|
diff originally by stsp@
"please commit it" deraadt@
"don't care" stsp@
"don't like" bluhm@
|
|
can use this to select the IPsec tunnel for sending L2TP packets.
this fixes Windows (always binding to 1701) and Android clients
(negotiating wildcard flows); feedback mpf@ and yasuoka@;
ok henning@ and yasuoka@; ok jmc@ for the manpage
|
|
Also fix a memory management problem that was made obvious by this diff.
ok bluhm@, previous version ok @stsp
|
|
three things that it needed from there: INET_ADDRSTRLEN, INET6_ADDRSTRLEN,
and struct in_addr. Add protecting #ifndefs to netinet6?/in6?.h for those.
ok deraadt@
|
|
ifatoia6(). No binary diff.
OK henning@
|
|
all the symbols that POSIX says they must and fewer that they can't and,
most importantly, to not require a specific ordering of headers.
ports testing by naddy@
ok millert@ deraadt@
|
|
not only CONNECTED ones. It should also be called when RA with
a RouterLifetime set to 0 is sent to clear a redirect.
While here make sure we use correct priorities when installing
routes acquired via redirects.
comments & ok bluhm
|
|
with a neighbour advertisment sent to a multicast address;
nits & ok bluhm
|
|
|
|
should be sent in response to an IPv6 packet with RH0. Improve this a
bit further by filling in an icmp error pointer.
With sperreault, ok sperreault, sthen
|
|
expensive checks; ok sperreault, todd, sthen
|
|
input routine allowing us to bridge two IPv4 networks over an IPv6
link with gif(4).
ok henning, sthen, ok and tests phessler, "lets get this in!" todd
|
|
|
|
immediately and not go through the fragment queue.
See draft-gont-6man-ipv6-atomic-fragments-00.txt.
tested and ok sperreault@
|
|
and IPv6 stack.
ok sperreault@
|
|
than the autoconfprivacy bit, as per by RFC3484. Prevents privacy addresses
from being erroneously used as source address if the destination address is
in a different scope. Privacy addresses are still preferred over other source
addresses from the same scope.
Problem found by sthen, fix suggested by sperreault; ok sperreault
|
|
Fix a white space bug while there. No functional change.
ok mikeb@ robert@ henning@
|
|
packet with overlapping fragments.
ok henning@
|
|
wrong checks for local addresses and wrong packet forwarding in
environments with only one communication partner and changing
addresses or routes. Remove the #if 0 around the existing code to
make IPv6 behave like IPv4.
ok henning@
|
|
was already #if 0 and will never come back. Remove unused fragment
struct fields and sort the others.
ok henning@
|
|
ok henning@
|
|
from FreeBSD; ok henning@
|
|
I forgot the header file containing struct ip6q in the last commit.
|
|
ok henning@
|
|
cleaner to access the first member via ia_ifa instead of casting.
No binary change.
ok henning@ krw@
|
|
and TAILQ_EMPTY for accessing the nd_defrouter list. No funtional
change.
ok stsp@
|
|
ok claudio@ henning@ mikeb@
|
|
ok mikeb
|
|
OK sthend@
|
|
addresses. Fixes "duplicate IP6 address" warnings, appearing since we started
accepting IPv6 neighbour discovery packets on carp interfaces.
ok henning
|
