| Age | Commit message (Collapse) | Author |
|---|
|
This is a common idiom when a list element has been found.
OK visa@ mpi@
|
|
route lookup to make it MP safe. Only set the mbuf header fields
that are needed. Validate the name input. Also use the same
variables in IPv4 and IPv6 functions and avoid unneccessary
initialization.
OK mpi@
|
|
lookup to make it MP safe. Only set the mbuf header fields that
are needed. Validate the name input.
OK mpi@
|
|
Not all of them need the NET_LOCK().
ok bluhm@
|
|
ip_local(), ip_slowtimo() and ip_drain() run without KERNEL_LOCK()
and NET_LOCK().
Input and OK mpi@, bluhm@
|
|
list traversal with LIST_FOREACH_SAFE().
OK bluhm@, mpi@
|
|
all the callers to call m_freem(9).
Support from deraadt@ and tedu@, ok visa@, bluhm@
|
|
Problem reported and fix tested by Hrvoje Popovski.
ok bluhm@, visa@
|
|
Especially in tcp_usrreq() connect detect the correct address family
based on the inp_flags instead of the sa_family user input.
OK mpi@
|
|
Tested by Hrvoje Popovski, ok bluhm@
|
|
in common checks for unix, inet, inet6 instead of partial checks
here and there. Some checks are already done at a higher layer,
but better be paranoid with user input.
OK claudio@ millert@
|
|
retransmit timeout. Do not run path MTU discovery on local routes
as we never want that on loopback. For permanent ARP or ND entries
disable path MTU discovery as they use the same rt_expire field.
This prevents that permanent routes and entries disappear.
bug analysis friehm@; OK mpi@
|
|
|
|
We know when pltime or vltime decrease to zero. Run nd6_expire then.
Input & OK mpi, bluhm
|
|
The interface congestion algorithm kills performance at this place,
with the large queues it never triggers.
OK mpi@ claudio@
|
|
of src/dst ip/port is unique for TCP. But if the socket is not
bound, the automatic bind by connect happens after the check. If
the socket has the SO_REUSEADDR flag, in_pcbbind() may select an
existing local port. Then we had two colliding TCP PCBs. This
resulted in a packet storm of ACK packets on loopback. The softnet
task was constantly holding the netlock and has a high priority,
so the system hung.
Do the in_pcbhashlookup() again after in_pcbbind(). This creates
sporadic "connect: Address already in use" errors instead of a hang.
bug report and testing Olivier Antoine; OK mpi@
|
|
kernel that uses it without the #ifdef guard.
OK bluhm
|
|
ICMP6_DST_UNREACH_NOTNEIGHBOR is ICMP6_DST_UNREACH_BEYONDSCOPE (RFC
1885 was obsoleted).
sthen grepped the ports sources to make sure nothing uses it.
OK millert, jca
|
|
Prompted by a bugreport by naddy that IPv6 autoconfiguration is broken
in the installer.
OK mpi, "go for it" deraadt
|
|
rtdeletemsg().
ok bluhm@
|
|
In the forwarding path, pf_test() is executed w/o KERNEL_LOCK() and
in case of divert end up calling sowakup(). However selwakup() and
csignal() are not yet ready to be executed w/o KERNEL_LOCK().
ok bluhm@
|
|
introduces a forward decl for socket. turns out the affected file doesn't
need ip_var.h, so remove it. then move the decl to the bottom to prevent
the problem from recurring.
bug report by Nick Briggs
ok mpi
|
|
With this we can also get rid of in6_prefix and in6_defrouter. They
are meaningless, the kernel no longer tracks this information.
Pointed out by & OK mpi
|
|
OK bluhm@
|
|
the inner IP packet into the internet queue. The IPv6 local delivery
code has a loop to deal with header chains. The idea is to use
this loop and avoid the queueing and rescheduling. The IPsec packet
will be processed in a single flow.
Merge the IP deliver loop from both IP versions into a single
ip_deliver() function that can handle both addresss families. This
allows to process an IP in IP header like a normal extension header.
If af != AF_UNSPEC, we are already in a deliver loop and have the
kernel look. Then we can just return the next protocol. Otherwise
we enqueue. The dequeue thread has the kernel lock and starts an
IP delivery loop.
OK mpi@
|
|
IPsec packets without additional enqueueing.
OK mpi@
|
|
buffers.
This is one step towards unlocking TCP input path. Note that all the
functions asserting for the socket lock are not necessarilly MP-safe.
All the fields of 'struct socket' aren't protected.
Introduce a new kernel-only kqueue hint, NOTE_SUBMIT, to be able to
tell when a filter needs to lock the underlying data structures. Logic
and name taken from NetBSD.
Tested by Hrvoje Popovski.
ok claudio@, bluhm@, mikeb@
|
|
a TDB from the hash table without actually free()ing it. That way we
can modify the TDB and then put it back in using puttdb().
ok claudio@
|
|
|
|
to ipip_input_if() and always pass the ifp. Only dump the packet
to bpf if we are called with a gif(4) interface.
OK mpi@
|
|
bugs could easily result in use-after-free or double free. Introduce
m_freemp() which automatically resets the pointer before freeing
it. So we have less dangling pointers in the kernel.
OK krw@ mpi@ claudio@
|
|
error. Make the ip_mforward() return value consistent. Simplify
the caller logic in ipv6_input() like in IPv4.
OK mpi@
|
|
in ipip_input_gif(). This prevents a use-after-free if there is a
bug in the IP input functions.
OK mpi@
|
|
try to remove a route from the table if it is and invalid cache.
This is a step towards decoupling code dealing with userland and kernel
inserted routes.
ok bluhm@
|
|
aren't protected by the NET_LOCK().
While here change lock assertions in rt_{set,put}gwroute(), the NET_LOCK()
is enough.
Tested by Hrvoje Popovski.
ok jmatthew@, claudio@
|
|
IPv4 & IPv6 dispatch functions outside the KERNEL_LOCK().
We currently rely on the NET_LOCK() serializing access to most global
data structures for that. IP input queues are no longer used in the
forwarding case. They still exist as boundary between the network and
transport layers because TCP/UDP & friends still need the KERNEL_LOCK().
Since we do not want to grab the NET_LOCK() for every packet, the
softnet thread will do it once before processing a batch. That means
the L2 processing path, which is currently running without lock, will
now run with the NET_LOCK().
IPsec isn't ready to run without KERNEL_LOCK(), so the softnet thread
will grab the KERNEL_LOCK() as soon as ``ipsec_in_use'' is set.
Tested by Hrvoje Popovski.
ok visa@, bluhm@, henning@
|
|
|
|
ether_input(). Now we use mbuf tags instead of modifying the MAC
address.
ok mpi@
|
|
This will help transitionning to an un-KERNEL_LOCK()ed IP
forwarding path.
Disucssed with bluhm@, ok claudio@
|
|
currently protected by the NET_LOCK().
They are not accessed in the hot path, so protecting them with a
mutex could be an option. However since we're now going to run
with a NET_LOCK() for some time, assert that it is held.
IPsec is not yet ready to run without KERNEL_LOCK(), so assert it
is held, even in the forwarding path.
Tested by sthen@, ok visa@, claudio@, bluhm@
|
|
upcoming diffs, no functional change.
OK mpi@
|
|
Grab the lock before calling carpdetach().
ok bluhm@
|
|
ifdef IPSEC to fix the clang build when IPSEC is not defined.
ok deraadt@ bluhm@
|
|
as the pr_input functions. Add an assert that IPv4 delivery ends
in IP proto done to assure that IPv4 protocol functions work like
IPv6.
OK mpi@
|
|
if at least one vhid is in state MASTER.
from Florian Riehm; OK florian@
|
|
and outer header. Reset values depending on the the mbuf when the
mbuf is adjusted. Check the length of the inner IP header with the
correct size in case of IPv6. Check the IPv4 header size including
IP options. For the IPIP statistics the inner header length has
to be subtracted from the packet size as the outer header has already
been stripped off.
OK mpi@
|
|
address family passed to ipip_input().
OK mpi@
|
|
and give them better names.
input and OK mikeb@
|
|
in ip6_local() to our IPv6 stack.
OK mikeb@
|
|
Free the options in icmp_input_if() after a successful call to
icmp_reflect().
bug report and analysis by Hendrik Gerlach
OK krw@ claudio@ phessler@
|
