| Age | Commit message (Collapse) | Author |
|---|
|
essentially identical; the only difference being that m_pullup2 is
capable of handling mbuf clusters, but called m_pullup for shorter
lengths (!).
testing dlg@ ok claudio@
|
|
are dropped and when normal program flow occurs.
Change error return value of syn_cache_add() from 0 to -1 in order
to clearly communicate intent.
ok claudio@
|
|
discussed with and ok claudio
|
|
The address hook was only registered for v4 addresses.
We now call hook_establish at interface creation time.
The hook is now disestablished upon interface destroy,
which plugs a tiny memleak.
While there remove redundancy in carp_set_addr6 and sync
it with carp_set_addr.
Bug noticed by todd@. OK sthen, mikeb (on an earlier version)
OK and some hints by camield@
|
|
regardless of the rdomain the packet was received on. Explicitly
pass the rdomain to the tcp_respond() monstrosity to compensate
for said monstricism which led to this behavior.
ok claudio@
|
|
This fixes the problem of binding sockets to broadcast IPs in other
rdomains.
OK henning@
|
|
local network boradcast. While there kill some leftover AF_IMPLINK
checks.
OK henning@, sthen@
|
|
These sockets will only see broadcast sent to that particular address.
Some applications like samba use this feature.
Problem found and initial version by sthen@, OK sthen@, henning@
|
|
pass it to the correct raw ip input function if IPsec is disabled.
ok todd@ mpf@ mikeb@ blambert@ matthew@ deraadt@
|
|
implemented half of it. The additional part is:
- The pf state lookup for outgoing packets is optimized by using
mbuf->inp->state.
- For incomming tcp, udp, raw, raw6 packets the socket lookup always
is optimized by using mbuf->state->inp.
- All protocols establish the link for incomming packets.
- All protocols set the inp in the mbuf for outgoing packets.
This allows the linkage beginning with the first packet for
outgoing connections.
- In case of divert states, delete the state when the socket closes.
Otherwise new connections could match on old states instead of
being diverted to the listen socket.
ok henning@
|
|
confusing because both addresses and broadcast addresses are put
into the tree.
there are two types of local address lookup. the first is when the
socket layer wants a local address, the second is in ip_input when
the kernel is figuring out the packet is for it to process or
forward.
ip_input considers local addresses and broadcast addresses as local,
however, the handling of broadcast addresses is different depending
on whether ip_directedbcast is set. if if ip_directbcast is unset
then a packet coming in on any interface to any of the systems
broadcast addresses is considered local, otherwise the broadcast
packet must exist on the interface it was received on.
the code also needs to consider classful broadcast addresses so we
can continue some legacy applications (eg, netbooting old sparcs
that use rarp and bootparam requests to classful broadcast addresses
as per PR6382). this diff maintains that support, but restricts it
to packets that are broadcast on the link layer (eg, ethernet
broadcasted packets), and it only looks up addresses on the local
interface. we now only support classful broadcast addresses on local
interfaces to avoid weird side effects with packets routed to us.
the ip4 socket layer does lookups for local addresses with a wrapper
around the global address tree that rejects matches against broadcast
addresses. we now no longer support bind sockets to broadcast
addresses, no matter what the value of ip_directedbcast is.
ok henning@
testing (and possibly ok) claudio@
|
|
There is a massive issue with broadcast addrs because ifa_ifwithaddr()
handles them differently then in_iawithaddr().
|
|
|
|
of a connection originator. this allows one to query the source rdomain
with a SO_RTABLE socket option. figured out with reyk, ok claudio.
|
|
endless loops by IPcomp-quine attacks as discovered by Tavis Ormandy;
it also prevents nested IPcomp-IPIP-IPcomp attacks provied by matthew@;
feedback and ok matthew@, deraadt@, djm@, claudio@
|
|
ok dlg fondue-kinda-ok claudio
|
|
testing tcp flags.
ok henning@ claudio@
|
|
ok claudio krw
|
|
ok henning@ claudio@
|
|
on amd64
ok claudio@
|
|
in order to skip most of the reassembly logic and try to flush
available tcp segments to the socket, just split it off into its
own function and use it where appropriate.
ok claudio@ henning@
|
|
This fixes the NFS problems reported on the mailing list
and ensures that accepted sockets have correct socketbuffer
setting. OK blambert@, henning@
|
|
we don't need 7 f***ing copies of the same code to do the protocol checksums
(or not, depending on hw capabilities). claudio ok
|
|
the system is a multicast forwarder so move the code into that block
and save a few unneeded m_pullups. Found by dlg a long time ago.
OK dlg@
|
|
Same logic is already implemented in netinet6
OK henning@ deraadt@
|
|
and broadcast packets will be caught too; also we need to increment
the incoming packet counter as reminded by claudio. ok claudio mpf
|
|
ok sthen claudio dlg
|
|
no change in .o md5
"ok gcc" claudio@
|
|
classful broadcast so we can still netboot sparc and the like.
compat hack untested, i will deal with the fallout if there is any later
at the same time stop exporting in_iawithaddr, everything but ip_input
should (and now does) use ifa_ifwithaddr directly
ok dlg sthen and agreement from many
|
|
the latter is now much faster and the former becomes a wrapper + compat hacks
around the latter in a bit.
ok dlg sthen and "ah hai" from various in various bars here
|
|
was done earlier for routing sockets.
ok claudio@
|
|
|
|
work as you think it does, and the same can easily be achieved using pf
ok claudio dlg sthen theo
|
|
ok claudio@
|
|
Updating the HMAC from the carp_ioctl call does not see the newly
set IP address in the if_addrlist. The only chance for carp to see
the new address is via the address-hook callback. This change moves
the detection of address changes entirely into carp_addr_updated.
Furthermore, only call carp_hmac_prepare for the SIOCSVH case. This
second bug was the reason why the first one went unnoticed for such
a long time.
Problem found and debugging help by camield@.
OK camield@
|
|
and make it void.
ok henning@, markus@, mcbride@
|
|
of m_free(). The was no leak before as m_copym() and m_pullup()
are always called with the same length. But it is better to use
the correct function anyway.
ok henning@ mpf@ markus@
|
|
No binary change. OK otto@
|
|
explicit_bzero() where required
ok markus mikeb
|
|
The data received on the source socket will automatically be sent
on the drain socket. This allows to write relay daemons with zero
data copy.
ok markus@
|
|
|
|
With and OK phessler@
|
|
|
|
for dohooks() since it makes no sense to call the if_addrhooks when the
address assignment failed. Additionally only call ifa_add() in
in_ifinit() when no error happend. Fixes a carp(4) panic seen by dhill
and dlg. OK henning@, dlg@
|
|
ok mcbide@ claudio@ henning@
|
|
is new or an already existing one. for existing ones, call ifa_del first
tested by many as part of a larger diff, ok claudio dlg krw sthen
|
|
in_ifinit
tested by many as part of a larger diff, ok claudio dlg krw sthen
|
|
structure is fully set up
tested by many as part of a larger diff, ok claudio dlg sthen krw
|
|
in the mbuf my be improperly aligned. Whenever a function is
reinjecting packets from low level output functions into high level
output functions (like ip_output) it must be guaranteed that the
mbuf data is properliy aligned.
OK blambert@, deraadt@
|
|
hiding everything but the TCP_* options unless __BSD_VISIBLE. While
we're here, change the structure to use u_int32_t instead of u_int
to cut-off the types discussion.
ok tedu@, mikeb@
|
