Age | Commit message (Collapse) | Author |
|
It is unlikely we will ever get a working replay protection,
so better keep it simple and robust.
The cookie allows us to detect our own advertisements,
thus it is now easy to deal with network loops and
non-simplex interfaces.
Zero feedback by the people who wanted this fixed.
OK henning@, markus@
|
|
ok gilles@
|
|
As with many of the last commits, looked at by chl@ in an earlier
version.
|
|
'Fixes' two cases where the zeroing did not cover all the memory
allocated.
As with many of the last commits, looked at by chl@ in an earlier
version.
|
|
|
|
In ip_esp.c all allocated memory is now zero'd in the
"malloc(sizeof(*tc) + alen ..." case. The +alen memory was not
initialized by the bzero() call. Noticed by chl@.
"Looks good" art@ "seems ok" chl@
|
|
where obvious.
|
|
The multicast code is still a mess but will no longer crash the box.
With input from pascoe@ who hit the same bug.
OK markus@, henning@, mpf@ (on a previous version)
|
|
"looks ok" markus@
|
|
one entry for each multicast group and interface combination). this allows
you to run OSPF with more than 10 interfaces.
adapted from freebsd; ok claudio, henning, mpf
|
|
quite a while ago. Manpage and comment update by Matthew Dempsky.
OK jmc@
|
|
panics in ip_freemoptions(); ok claudio, henning, mpf
|
|
and is actually wrong in some cases, since we can enter
functions without taking the lock because the return value
of ipq_lock() isn't checked properly.
However, this needs to be revisited when we start calling
ip_drain() from the pool code when we are running out of
memory, but this isn't done currently.
OK art@, henning@
|
|
any carp group to master status.
ok dhartmei@
|
|
MGET* macros were changed to function calls, there wasn't any
need for the pool declarations and the inclusion of pool.h
From: tbert <bret.lambert@gmail.com>
|
|
because interfaces may disappear without notice causing use after free bugs.
Instead use the inm_ia->ia_ifp as a hint, struct in_ifaddr correctly tracks
removals of interfaces and invalidates ia_ifp in such cases.
looks good henning@ markus@
|
|
before it is removed from the multicast group in_delmulti() will try to
access the no longer available ifp.
We invalidate the ifa_ifp back pointer in the ifa in if_detach() now and use
the ifa_ifp in in_delmulti() instead of the internal inm_ifp. By doing it
this way we know if the interface was removed.
This fixes a kernel panic triggered by ospfd and gif(4) tunnels.
looks good henning@ reyk@
|
|
|
|
destination of the route belonging to the carp interface.
ok mpf@ claudio@
|
|
code and replace both with a RFC1948 based method, so TCP clients
now have monotonic ISN/timestamps. The server side uses completely
random ISN/timestamps and does time-wait recycling (on port reuse).
ok djm@, mcbride@; thanks to lots of testers
|
|
interface (ip-less parent).
tested by claudio and me
ok claudio@
|
|
be set to NULL as first in rtrequest1() for all host routes.
With and OK reyk@
|
|
not get build. the code looks at flags that used to be in mbuf tags, now
they are in the mbuf header, so we can check them unconditionally.
problem spotted by Daniel Roethlisberger <daniel@roe.ch>, ok ryan markus
|
|
|
|
OK mcbride@
|
|
we need a pointer to the inpcb to decide, which was not previously
passed to ip6_output, so this diff is a little bigger.
from itojun, ok ryan
|
|
OK mcbride@
|
|
found by itojun
|
|
decomissioned aeon ago. We will not miss it at all.
OK dlg@ henning@ and a lot of cheers by other in the room
|
|
boring details:
skip looking for ipsec tags and descending into ip_spd_lookup if there
are no ipsec flows, except in one case in ip_output (spotted by markus)
where we have to if we have a pcb. ip_spd_lookup has the shortcut already,
but there is enough work done before so that skipping that gains us about
5%. ok theo, markus
|
|
boring details:
pf used to use an mbuf tag to keep track of route-to etc, altq, tags,
routing table IDs, packets redirected to localhost etc. so each and every
packet going through pf got an mbuf tag. mbuf tags use malloc'd memory,
and that is knda slow.
instead, stuff the information into the mbuf header directly.
bridging soekris with just "pass" as ruleset went from 29 MBit/s to
58 MBit/s with that (before ryan's randomness fix, now it is even betterer)
thanks to chris for the test setup!
ok ryan ryan ckuethe reyk
|
|
ok dlg claudio
|
|
|
|
|
|
ok reyk@
|
|
|
|
ok reyk@
|
|
|
|
function as a macro.
ok reyk@ ja ja claudio@
|
|
|
|
|
|
prodded by art@ ja ja claudio@
|
|
"commit it" art@ ok claudio@
|
|
|
|
acked bytes and update the window accordingly
fix PR4278
OK henning@ markus@ claudio@
|
|
This first step makes it style(9) compliant.
Just a whitespace diff, no binary change.
OK claudio@ norby@
|
|
addresses in struct arpcom. this lets a nic driver easily see if it wants
allmulti behaviour, which in turn means we can clean some code up.
ok jason@ claudio@ norby@
|
|
|
|
|
|
|