| Age | Commit message (Collapse) | Author |
|---|
|
this allows mpls interfaces (mpe, mpw) to pass the rdomain they
wish the local label to be in, rather than have it implicitly forced
to 0 by these functions. right now they'll pass 0, but it will soon
be possible to have them rx packets in other rdomains.
previously the functions used ifp->if_rdomain for the rdomain.
everything other than mpls still passes ifp->if_rdomain.
ok mpi@
|
|
MPLS interfaces (ab)use rt_ifa_add for adding the local MPLS label
that they listen on for incoming packets, while every other use of
rt_ifa_add is for adding addresses on local interfaces. MPLS does
this cos the addresses involved are in basically the same shape as
ones used for setting up local addresses.
It is appropriate for interfaces to want RTF_MPATH on local addresses,
but in the MPLS case it means you can have multiple local things
listening on the same label, which doesn't actually work. mpe in
particular keeps track of in use labels to it can handle collisions,
however, mpw does not. It is currently possible to have multiple
mpw interfaces on the same local label, and sharing the same label
as mpe or possible normal forwarding labels.
Moving the RTF_MPATH flag out of rt_ifa_add means all the callers
that still want it need to pass it themselves. The mpe and mpw
callers are left alone without the flag, and will now get EEXIST
from rt_ifa_add when a label is already in use.
ok (and a huge amount of patience and help) mpi@
claudio@ is ok with the idea, but saw a much much earlier solution
to the problem
|
|
usrreq functions move the mbuf m_freem() logic to the release block
instead of distributing it over the switch statement. Then the
goto release in the initial check, whether the pcb still exists,
will not free the mbuf for the PRU_RCVD, PRU_RVCOOB, PRU_SENSE
command.
OK claudio@ mpi@ visa@
Reported-by: syzbot+8e7997d4036ae523c79c@syzkaller.appspotmail.com
|
|
input & OK mpi@
|
|
of some complicated match to convert them to ticks.
OK visa@ bluhm@ kn@
|
|
interface address of the route as source address. To avoid using
link-local addresses in ICMP6 packets sent into networks where they
are out of scope, use the regular IPv6 source selection algorithm
also in this icmp6_reflect() case.
reported by sthen@; fix from Arnaud BRAND; OK claudio@
|
|
carp interface. Move the check to the beginning of the function to
make it clear that there are no other side effects happening.
OK claudio
|
|
possible. Because of an optional payload maxlen bytes are used on the
m_align so that there is always enough space.
OK florian@
|
|
calls to m_get/M_GET calls because M_MOVE_PKTHDR() is initialising
the pkthdr and so it is not needed when allocation the header.
OK bluhm@
|
|
OK bluhm@
|
|
It was used by the original patricia tree.
OK mpi@
|
|
m_leadingspace() and m_trailingspace(). Convert all callers to call
directly the functions and remove the defines.
OK krw@, mpi@
|
|
rdomain now and are therefor rdomain save.
OK mpi@
|
|
rtable 255 is a valid routing table or domain id that wasn't handled
by the ip[6]_mroute code or by snmpd. The arrays in the ip[6]_mroute
code where off by one and didn't allocate space for rtable 255; snmpd
simply ignored rtable 255. All other places in the tree seem to
handle RT_TABLEID_MAX correctly.
OK florian@ benno@ henning@ deraadt@
|
|
Benno removed code to answer ICMP queries over 4 years ago.
Aham Brahmasmi (aham.brahmasmi AT gmx.com) points out
that we still joined the group though.
OK sthen, bluhm, kn
|
|
in raw IP delivery and UDP broadcast loops. There inpcbtable_mtx
is held and sorwakeup() is called within the loop. As sowakeup()
grabs the kernel lock, we have a lock ordering problem.
found by Hrvoje Popovski; OK deraadt@ mpi@
|
|
for netstat -a. Introduce a global mutex that protects the tables
and hashes for the internet PCBs. To detect detached PCB, set its
inp_socket field to NULL. This has to be protected by a per PCB
mutex. The protocol pointer has to be protected by the mutex as
netstat uses it.
Always take the kernel lock in in_pcbnotifyall() and in6_pcbnotify()
before the table mutex to avoid lock ordering problems in the notify
functions.
OK visa@
|
|
start locking the socket. An inp can be referenced by the PCB queue
and hashes, by a pf mbuf header, or by a pf state key.
OK visa@
|
|
what FreeBSD does. Remove old #if 0 version of inet6ctlerrmap.
OK mpi@
|
|
in6_pcb.c consistent, to ease comparing the code. Move all inet6
functions to in6_. Bring functions in both source files in same
order. Cleanup the include section. Now in_pcb.c is a superset
of in6_pcb.c. The latter contains all the special implementations.
Just moving arround, no code change intended.
OK mpi@
|
|
put the algorithm into a new function m_calchdrlen(). Also set an
uninitialized m_len to 0 in NFS code.
OK claudio@
|
|
created. Add a new function m_removehdr() do convert packet header
mbufs within the chain to regular mbufs. Assert that the mbuf at
the beginning of the chain has a packet header.
found by Maxime Villard in NetBSD; from markus@; OK claudio@
|
|
|
|
userland.
Inputs from markus@, ok sthen@
|
|
Reported by and ok sthen@
|
|
icmp6_error() still probably needs the NET_LOCK, as the call chain
icmp6_error -> icmp6_reflect -> rt_match -> rt_clone -> rtrequest
is possible.
The fragment discard loop in frag6_slowtimo and the other
cleanup bits in frag6_freef do not require it however. So
push the lock down into frag6_freef around icmp6_error.
Prompted by mpi. Discussed with bluhm and kn. Regress test help
by bluhm. Additional testing by kn.
ok kn@ visa@ mpi@
|
|
otherwise nd6_llinfo_settimer() might wrongly assume that a timeout is
already scheduled earlier and not schedule one itself. This in turn
lead to the neighbor cache no longer updating because neighbor
solicitations were not send.
Observed by many.
OK kn
|
|
an attribute of an address is changed.
For now it's used when IPv6 duplicate address detection finishes.
With this slaacd(8) can find out if a configured address is not
duplicated without the need to poll.
OK phessler, benno, claudio
|
|
dropped packets in the output path.
While here fix a memory leak when compression is not needed w/ IPcomp.
ok markus@
|
|
magic constant to panic() calls.
ok benno@ henning@ tb@
|
|
these changes to the routing table have not been visible whereas the
RTM_DELETE of those routes have been. Remove this inconsistency.
Input and OK mpi@
OK henning@
|
|
failes and then later on a in in6_get_ifid() a layer 2 address is
"borrowed" from from another interface.
Do the "borrowing" in in6_get_soii_ifid(), too so that semantically
opaque interface identifiers work for these kind of interfaces, too.
OK phessler, benno
|
|
tries to "borrow" one from another interface.
But then it checks if the U bit is set int the generated EUI64
address and rejects it.
On the other hand for interfaces that do have a layer 2 address this
check is skipped, so relax it for the "borrowing" case, too.
With this one gets stable link local addresses on e.g. gre(4)
interfaces on certain virtualisation environments depending which mac
addresses get picked for the vio(4) interfaces while previously we
would end up with a random IP on every reboot.
Reported by Aaron A. Glenn via phessler.
OK phessler, benno
|
|
with sendmsg(2) and MSG_OOB. Sync the code in udp, rip, and
rip6_usrreq. Add an inp NULL check in rip6_usrreq for consistency.
OK benno@ mpi@
|
|
rip{6,}_usrreq() since soreceive() will free it.
ok bluhm@
|
|
in_pcbconnect() to avoid the address family maze in syn_cache_get().
input claudio@; OK mpi@
|
|
ok visa@, tb@
|
|
OK tb@ visa@
|
|
functions.
discussed with and OK mpi@ visa@
|
|
OK visa@ mpi@
|
|
in_pcb.h header file.
OK mpi@ visa@
|
|
It does not make sense to call if_get() again, just pass ifp as
parameter. Move the IFT_CARP check into the function instead of
doing it everywhere. Replace the inverted match variable logic
with simple returns.
OK mpi@ friehm@
|
|
scope check and clearing of the scope id into separate functions.
input & ok visa, mpi
|
|
OK tb
|
|
Hoist privilege check to the top and split out handling of
SIOCAIFADDR_IN6 and SIOCDIFADDR_IN6 into a separate function.
Merge tangled switches and simplify the code paths.
tested by hrvoje
ok visa
|
|
that only needs a read lock.
Tested by hrvoje
ok visa
|
|
for in_control(). Protect mrt6_ioctl() and nd6_ioctl() with a read
lock and in6_ioctl with the NET_LOCK() while establishing a single
exit point.
tested by kn
ok florian, mpi, visa
|
|
Found the hard way.
|
|
For the PRU_CONTROL bit the NET_LOCK surrounds in[6]_control() and
on the ENOTSUPP case we guard the driver if_ioctl functions.
OK mpi@
|
|
updated from userland that was marked duplicated or tentative.
Otherwise we would just lose the duplicated / tentative state and assume
that the address is now unique and usable.
OK kn
|
