| Age | Commit message (Collapse) | Author |
|---|
|
it by reading the queues head pointer. if that pointer is not null
then it takes splnet and dequeues a packet for handling. this is
bad because the ifqueue head is modified at splnet and the sofnet
handlers read it without holding splnet.
this removes that check of the head pointer and simply checks if
the dequeue gave us a packet or not before proceeding.
found while reading mpls code.
discussed with norby@ and henning@
ok mcbride@ henning@
|
|
power of two.
use arc4random_bytes() when requesting more than a word of PRNG
output.
ok deraadt@
|
|
cmsg's, including alignments, ie. the sum of CMSG_SPACE()'s. any other
interpretation would be in violation of various unix specifications.
RFC3542 section 20.2 is totally and completely wrong -- it is not
allowed to over-ride the specification of msg_controllen, since the
intent is that one could mix-and-match various types of cmsg's and an
exact match is therefore required. ok kettenis, tested by many
|
|
ok jsing@
|
|
hostname starts with a digit. ok mcbride
|
|
the current route, so make sure RTF_LLINFO is still set; fixes pr 5711;
with krw@ and claudio@; ok jsing@
|
|
m_copydata() on it.
Bug report and fix from Todd Carson.
|
|
Instead of using the same IP on multiple interfaces, carp has to be
configured with the new "carpnodes" and "balancing" options.
# ifconfig carp0 carpnodes 1:0,2:100,3:100 balancing ip carpdev sis0 192.168.5.50
Please note, that this is a flag day for anyone using carp balancing.
You'll need to adjust your configuration accordingly.
Addititionally this diff adds IPv6 NDP balancing support.
Tested and OK mcbride@, reyk@.
Manpage help by jmc@.
|
|
ok claudio@ krw@ dlg@
|
|
provide netstat(1) with data it needs; ok claudio reyk
|
|
ok claudio gilles
|
|
sys/dev/pci/pciide.c from naddy@
|
|
sys/netinet/in_pcb.c and sys/net/bridgestp.c ok henning@
sys/dev/pci/bktr/* ok jakemsr@
|
|
ok krw@
|
|
where obvious.
|
|
- if we have curly braces within #if directive, we will have problem with
matching using vi "%" command
- without curly braces it becomes ambiguous which statement is within which
effect of which "if" statement
ok mcbride@
|
|
some I found afterwards, ok dlg
|
|
we need a pointer to the inpcb to decide, which was not previously
passed to ip6_output, so this diff is a little bigger.
from itojun, ok ryan
|
|
from itojun@
|
|
|
|
many assumptions were made about the way the various list types are
implemented.
lots of suggestions and help from otto and miod.
ok otto@
|
|
boring details:
pf used to use an mbuf tag to keep track of route-to etc, altq, tags,
routing table IDs, packets redirected to localhost etc. so each and every
packet going through pf got an mbuf tag. mbuf tags use malloc'd memory,
and that is knda slow.
instead, stuff the information into the mbuf header directly.
bridging soekris with just "pass" as ruleset went from 29 MBit/s to
58 MBit/s with that (before ryan's randomness fix, now it is even betterer)
thanks to chris for the test setup!
ok ryan ryan ckuethe reyk
|
|
headers, regardless of forwarding path. It's the sane thing to do.
ip6_check_rthdr0() function from claudio@
ok deraadt@ claudio@ henning@
|
|
more then 10 headers nested.
OK deraadt@ henning@ mcbride@
|
|
|
|
because turtles are slow but reliable and trustworthy, packets stays
on the net for a long period of time. bigger turtles can stay much longer.
that is the hidden secret reason for the name of KAME project (i'm lying).
j> some IETFers need to be sent to bondage/SM club and spanked/whipped
j> by thousands of dominas and then chopped into million peaces by samurai
j> swords.
t> maybe that is what they actually want, and that is why they
t> fucked RFC1883 and put rosemary's baby into RFC2460.
j> I am king of IETF now, and tomorrow i may become beggar on the IETF venue
j> hotel corridor.
http://www.secdev.org/conf/IPv6_RH_security-csw07.pdf
ok by myself, deraadt@, <samurais at kame.net>
|
|
This provides a similar functionality as ARP balancing,
but also works for traffic that comes across routers.
IPv6 is supported as well.
The configuration scheme will change as soon we have sth better.
Also add support for changing the MAC address on carp(4)
interfaces. (code from mcbride)
Tested by pyr@ and reyk@
OK mcbride@
|
|
|
|
ok kettenis@ cloder@ tom@ henning@
|
|
and passed around but never used. OK mglocker@
|
|
header.
- ipsec_input: fix mistake in IPv6 next-header chasing.
- ipsec_output: look for the position to insert AH more carefully.
- ip6_output: enable use of AH with extension headers.
avoid tunnellinng when source-routing header is present.
ok by deraad, naddy, hshoexer
|
|
|
|
|
|
PR 34994+35333
|
|
splnet/IF_DEQUEUE/splx; ok various people
|
|
we will use rhlen uninitialized). checked with kame
|
|
with interface-local multicast addr in ip6_dst. by jinmei@kame
|
|
|
|
|
|
the kernel still handles RFC2292 set/getsockopts, so that compiled binary
has no trouble running. userland sees RFC3542 symbols only on header file
so new code has to use RFC3542 API.
bump libc shlib minor for function additions.
tested on i386/amd64 by jmc, i386 by brad. checked by deraadt.
|
|
|
|
|
|
|
|
|
|
hook up looking up routes in alternate tables to the packet forwarding path.
alternate routing tables are mintained with route(8), table selection via pf.
mostly hacked on a train ride with ryan some time ago, ok mcbride claudio
|
|
deraadt ok. manpage nit by jmc.
|
|
|
|
(to sync up with more recent IPv6 spec)
ok from: deraadt mcbride
|
|
|
|
|
