Age | Commit message (Collapse) | Author |
|
syn_cache_get() is not neccessary. Also make the abort label
consistent to resetandabort and free the mbuf there.
OK mpi@
|
|
Found by and ok jsg@, ok markus@
|
|
dropped packets in the output path.
While here fix a memory leak when compression is not needed w/ IPcomp.
ok markus@
|
|
magic constant to panic() calls.
ok benno@ henning@ tb@
|
|
route socket is flooded with those messages. Instead maek sure that the
removal of the dynamic route that can happen is actually also sent to
the routing socket.
OK mpi@ henning@
|
|
these changes to the routing table have not been visible whereas the
RTM_DELETE of those routes have been. Remove this inconsistency.
Input and OK mpi@
OK henning@
|
|
ok markus@
|
|
callbacks to be able to count dropped packet.
Having more generic statistics will help troubleshooting problems
with specific tunnels. Per-TDB counters are coming once all the
refactoring bits are in.
ok markus@
|
|
why it was necessary.
OK bluhm@
'ok but watch for fallouts' mpi@
|
|
with sendmsg(2) and MSG_OOB. Sync the code in udp, rip, and
rip6_usrreq. Add an inp NULL check in rip6_usrreq for consistency.
OK benno@ mpi@
|
|
rip{6,}_usrreq() since soreceive() will free it.
ok bluhm@
|
|
ok visa@ as part of a larger bigger diff
|
|
the global inpcb queue and hashes.
OK visa@ mpi@ as part of a larger diff
|
|
in_pcbconnect() to avoid the address family maze in syn_cache_get().
input claudio@; OK mpi@
|
|
ok bluhm
|
|
found the hard way by krw@
|
|
Instead introduce two flags to deal with global lock recursion. This
is necessary until we get per-socket lock.
Req. by and ok visa@
|
|
ok visa@, tb@
|
|
was NULL and nothing was traced. So save the old tcpcb and use
that to retrieve some information. Note that otb may be freed and
must not be dereferenced. Use a heuristic for cases where the
address family is in the IP header but not provided in the PCB.
OK visa@
|
|
Multicast lacked receive destination port. Better use a function
and do it all in one place. The pipex chunk does not use the
options, so it can happen before. Adding the udp header length to
the ip header length was done inconsistently. Do it explicitly
when needed.
OK mpi@ visa@
|
|
OK tb@ visa@
|
|
locking.
ok visa@, bluhm@
|
|
from markus@; OK mpi@
|
|
functions.
discussed with and OK mpi@ visa@
|
|
the hashmask. For the resize calculations it is clearer to use the
field inpt_size.
OK visa@ mpi@
|
|
now unused 'ifra' from in_ioctl().
Discussed with mpi and visa
|
|
to its own function and merge the two switches in in_ioctl_change_ifaddr().
Finally: each ioctl has its own case and privilege check.
ok visa
As an aside, an audit of the ports tree has shown that we should continue
to support the legacy ioctls SIOCSIF{,BRD,DST}ADDR, SIOCSIFNETMASK despite
the fact that they have been deprecated for the better part of two decades
and FreeBSD dropped support 7 years ago. Too many ports still rely on them.
Thanks to sthen and visa for their help with that.
|
|
in_pcb.h header file.
OK mpi@ visa@
|
|
rdomain. Move the printf to the end of the pcb lookup functions.
OK tb@ mpi@ visa@
|
|
So in in_pcbresize() the variant without _SAFE of the TAILQ_FOREACH
macro is sufficient.
OK tb@ mpi@ visa@
|
|
|
|
Some more code shuffling to get rid of one switch in in_ioctl().
This way there is one case for each of SIOCSIFBRDADDR, SIOCSIFDSTADDR
and SIOCSIFNETMASK, starting with a privilege check before any global
data is modified.
ok visa
|
|
|
|
and in_ioctl_change_ifaddr(). This way there is one case per ioctl
starting with a privilege check before any global data is modified.
The code paths are now straightforward. Some code duplication between
SIOCSIFADDR and SIOCAIFADDR, but that can be addressed later.
tested by hrvoje
ok visa
|
|
handling of SIOCAIFADDR, SIOCDIFADDR, SIOCSIFADDR into a separate
function, analogously to what was done in in6_ioctl().
tested by hrvoje
ok visa
|
|
two big switches in this function. Error out early in the default case
without grabbing the NET_LOCK() and move SIOCSIFNETMASK a bit up. This
will reduce the noise in an upcoming diff.
ok visa
|
|
It does not make sense to call if_get() again, just pass ifp as
parameter. Move the IFT_CARP check into the function instead of
doing it everywhere. Replace the inverted match variable logic
with simple returns.
OK mpi@ friehm@
|
|
timeout is blocking on the NET_LOCK().
Issue reported by Harald Dunkel, ok visa@, bluhm@
|
|
OK mikeb@
|
|
switches for protocol and address family. Move this code to the
specific functions from where the common function is called.
As a consequence the raw ip input functions can never be called
from udp_input() anymore. If IPsec is disabled, the functions
ah6_input(), esp6_input(), and ipcomp6_input() do not start processing
the header chain. The raw ip input functions are called with the
mbuf and offset pointers from the protocol walking loop which is
the usual behavior.
OK mpi@ markus@
|
|
next extension header is within the packet length. Also check at
the end that the IPv4 headers are not longer than the packet.
reported by Maxime Villard; from markus@ via NetBSD; OK mpi@
|
|
from markus@; OK mpi@
|
|
from markus@; OK mpi@
|
|
implemented as slow and fast protocol user requests. Replace that
with a proper timer debug implementation.
OK visa@
|
|
with and OK markus@
|
|
with and OK markus@; input mpi@
|
|
the delack timer had a different implementation. Use the same
mechanism for all TCP timer.
OK mpi@ visa@
|
|
This could happen during fragment reassembly. Better check if we
are dealing with the first mbuf of the chain.
m_adj() changes the length of the mbuf, obviously. So when using
this length to calulate the amount of adjustment, do not calculate
it again after m_adj() with wrong input. Use a temporary variable
to save the value.
from Maxime Villard, NetBSD; OK markus@ claudio@
|
|
that only needs the read lock.
ok visa, mpi
|
|
protected: mrt_ioctl() and in_ioctl(). The former has no other callers
and only needs a read lock. The latter will need refactoring to reduce
the lock's scope further. In a first step, establish a single exit point
and protect most of the function body with the NET_LOCK() while removing
the NET_LOCK() from a handful of callers.
suggested by & ok mpi, ok visa
|