summaryrefslogtreecommitdiff
path: root/sys/netinet
AgeCommit message (Collapse)Author
2016-10-11Rename 'i' to 'hlen' for greater readability; ok millert, naddyMike Belopuhov
2016-10-06Remove redundant comments that say a function must be called atAlexander Bluhm
splsoftnet() if the function does a splsoftassert(IPL_SOFTNET) anyway.
2016-10-04One more timeout_set_proc(9) conversion.Martin Pieuchot
Found by Chris Jackman, thanks!
2016-10-04Convert timeouts that need a process context to timeout_set_proc(9).Martin Pieuchot
The current reason is that rtalloc_mpath(9) inside ip_output() might end up inserting a RTF_CLONED route and that require a write lock. ok kettenis@, bluhm@
2016-09-27Remove empty #ifdef and #ifndef blocksFrederic Cambus
OK natano@
2016-09-24use hashfree. from Mathieu -Ted Unangst
ok guenther
2016-09-24ANSIfy netinet/; from David HillChristian Weisgerber
2016-09-22Fix indentation. No binary change.Jonathan Gray
ok mpi@
2016-09-20Sprinkle splsoftnets in TDB timeout callbacks; ok bluhmMike Belopuhov
2016-09-19convert bcopy to memcpy. from david hill.Ted Unangst
2016-09-19For incomming connections keep the TF_NOPUSH flag if TCP_NOPUSH wasAlexander Bluhm
set on the listen socket. From David Hill; OK vgross@
2016-09-15move from RB macros to RBT functionsDavid Gwynne
shaves a bunch of bytes off kernels
2016-09-15all pools have their ipl set via pool_setipl, so fold it into pool_init.David Gwynne
the ioff argument to pool_init() is unused and has been for many years, so this replaces it with an ipl argument. because the ipl will be set on init we no longer need pool_setipl. most of these changes have been done with coccinelle using the spatch below. cocci sucks at formatting code though, so i fixed that by hand. the manpage and subr_pool.c bits i did myself. ok tedu@ jmatthew@ @ipl@ expression pp; expression ipl; expression s, a, o, f, m, p; @@ -pool_init(pp, s, a, o, f, m, p); -pool_setipl(pp, ipl); +pool_init(pp, s, a, ipl, f, m, p);
2016-09-13avoid extensive mbuf allocation for IPsec by replacing m_inject(4)Markus Friedl
with m_makespace(4) from freebsd; ok mpi@, bluhm@, mikeb@, dlg@
2016-09-07Rename rtable_mpath_next() into rtable_iterate() and make it do a properMartin Pieuchot
reference count. rtable_iterate() frees the passed ``rt'' and returns the next one on the multipath list or NULL if there's none. ok dlg@
2016-09-06pool_setipl for various netinet and netinet6 bitsDavid Gwynne
thank you to everyone who helped reviewed these diffs ok mpi@
2016-09-04Prevent a NULL derefernce in ip_output().Martin Pieuchot
A race can happen if a task, like the watchog, sleeps too long keeping an ifp reference while the interface is detached. In this case a TCP timer will try to send packets with a cached route. Since the ifp is being detached if_get(9) returns NULL. Found the hardway by awolk@. ok bluhm@
2016-09-04Implement a sockaddr_ntop() function that works like inet_ntop() but printsClaudio Jeker
sockaddrs. Works for all sockaddrs so can be used to print sockaddrs nicely. OK phessler@
2016-09-04Purge routes attached to an address when this address is removed.Martin Pieuchot
This is done to stop using stale ifa attached to routes, which is the easiest way to make rtisvalid(9) MP-safe. sthen@ and henning@ like it, ok claudio@
2016-09-03Reduce the factor of the limits derived form NMBCLUSTERS. We wantAlexander Bluhm
the additional clusters in the socket buffer and not elsewhere. OK claudio@
2016-09-03Reserve the BFD destination ports in baddynamicPeter Hessler
OK claudio@, henning@
2016-09-03Add support for a multipoint-to-multipoint mode in vxlan(4). In thisReyk Floeter
mode, vxlan(4) must be configured to accept any virtual network identifier with "vnetid any" and added to a bridge(4) or switch(4). This way the driver will dynamically learn the tunnel endpoints and their vnetids for the responses and can be used to dynamically bridge between VXLANs. It is also being used in combination with switch(4) and the OpenFlow tunnel classifiers. With input from yasuoka@ goda@ OK deraadt@ dlg@
2016-09-02Drop non-encapulated ESP packets using a UDP-encapsulating TDB, and addVincent Gross
the relevant counters. Ok mikeb@
2016-08-31Use 'sc_route{4,6}' directly instead of casting them to 'struct route *'.Martin Pieuchot
This is another little step towards deprecating 'struct route{,_in6}'. ok florian@
2016-08-22Make the ``rt_gwroute'' pointer of RTF_GATEWAY entries immutable.Martin Pieuchot
This means that no protection is needed to guarantee that the next hop route wont be modified by CPU1 while CPU0 is dereferencing it in a L2 resolution functions. While here also fix an ``ifa'' leak resulting in RTF_GATEWAY being always invalid. dlg@ likes it, inputs and ok bluhm@
2016-08-22Do not dereference ``rt->rt_ifa'' after calling rtfree(9).Martin Pieuchot
This could result in a use after free if the route entry was holding the last reference of the address descriptor. ok jca@, bluhm@, claudio@
2016-08-18fix panics caused by replacing m_copym2 with m_dup_pkt.David Gwynne
m_copym2 is fine duplicating an arbitrary chain of mbufs, while m_dup_pkt wants to dup a packet with proper headers in the first mbuf. ipsec copied the tail of an mbuf if any of the clusters are shared or readonly, and swapped that tail with the result of m_copym2. m_dup_pkt panics cos of that. this makes ipsec duplicate the whole packet if any of the chain is readonly. found by naddy@ and mlarkin@ this fix is from visa@ who told me to commit it cos he's afk (sleeping) tested by naddy@
2016-08-16Add IP_SENDSRCADDR cmsg for UDP sockets. As suggested by sthen@,Vincent Gross
IP_SENDSRCADDR == IP_RECVDSTADDR. OK sthen@ jca@ bluhm@
2016-08-15replace the last uses of m_copym2 with m_dup_pkt.David Gwynne
ok mpi@ visa@
2016-08-04Commit in6_selectsrc() split again, with missing assignment fixed.Vincent Gross
2016-07-25fix revision 1.290 of sys/netinet/ip_carp.c.Sebastian Benoit
diff from jsg@ ok deraadt@, benno@
2016-07-22Revert in_selectsrc() refactoring, it breaks IPv6.Martin Pieuchot
Reported by Heiko on bugs@. ok stsp@, claudio@
2016-07-22Fix a double rtfree(9) triggered when IPSEC inserts a more specificMartin Pieuchot
route because of PMTU. otto@ reported the issue and helped me tracking it down during more than one month, he is the man! mikeb@ figured out the bug was in the forwarding path. ok mikeb@, deraadt@, claudio@
2016-07-20To tune the TCP SYN cache we need more information. Print theAlexander Bluhm
relevant counters with netstat -s -p tcp. OK henning@
2016-07-20Split in6_selectsrc() into a low-level part and a pcb-level part, andVincent Gross
convert in_selectsrc() prototype to match. Ok bluhm@ mpi@.
2016-07-20Make the size for the syn cache hash array tunable. As we areAlexander Bluhm
swapping between two syn caches for random reseeding anyway, this feature can be added easily. When the cache is empty, there is an opportunity to change the hash size. This allows an admin under SYN flood attack to defend his machine. Suggested by claudio@; OK jung@ claudio@ jmc@
2016-07-19Plug an mbuf leak in the error path of tcp signature in tcp_output().Alexander Bluhm
OK claudio@ henning@
2016-07-19Fix the check supposed to prevent 'ip' and 'ip-stealth' balancing modesMartin Pieuchot
from leaking the multicast address. beck@ found the hard way that this made his second CARP master use a wrong MAC address. This is part of a bigger diff from Florian Riehm who is currently working on a proper solution to fix balancing modes. ok beck@, bluhm@
2016-07-19NULLify a route pointer after calling rtfree(9).Martin Pieuchot
This should theoretically be a no-op because we're freeing the PCB right after, but it helps us debug a reference count problem found by otto@. ok mikeb@
2016-07-18Hide pf internals by moving code from in_ouraddr() to pf_ouraddr().Alexander Bluhm
OK mpi@ sashan@
2016-07-14Prevent a use-after-free by not updating an ARP entry that has beenMartin Pieuchot
removed from the table. Currently the storage for L2 addresses is freed when an entry is removed from the table. That means that we cannot access this chunk of memory between RTM_DELETE and rtfree(9). Note that this doesn't apply to MPLS because the associated storage is currently released by the last rtfree(9). ok mikeb@
2016-07-13Move ARP processing back to the KERNEL_LOCK()ed task until the raceMartin Pieuchot
triggered by updating a cached, but removed from the table, entry is properly fixed. Diff from dlg@, prodding deraadt@
2016-07-13Introduce RTF_MULTICAST and flag corresponding IPv6 routes as suchMartin Pieuchot
instead of abusing RTF_CLONING. Fix a leak reporeted by Aaron Riekenberg on misc@, ok sthen@
2016-07-11Do not increase the size of the socket buffer under memory pressure.Martin Pieuchot
From Simon Mages, ok beck@, claudio@, bluhm@
2016-07-11Revert the introduction of ``rt_addr''.Martin Pieuchot
Being able to add route entries without configured addresses is a nice feature but this is not my fight. So I'd rather no add another pointer to ``struct rtentry'' if I'm not removing another one.
2016-07-05Do not use ``rt_addr'' in in{6,}_selectsrc() it doesn't work with magicMartin Pieuchot
addresses set on p2p interfaces. Found the hardway by naddy@
2016-07-01Make accepted sockets inherit IP_TTL from the listening socket.Jeremie Courreges-Anglas
This is consistent with the IPV6_UNICAST_HOPS behavior, and is the only way to allow applications to completely control the TTL of outgoing packets (else an application could temporariy send packets with the default TTL, until it sets again IP_TTL ; this is harmful eg for GTSM). ok bluhm@
2016-07-01Allow resetting the IP_TTL and IP_MINTTL sockoptsJeremie Courreges-Anglas
IP_TTL can be reset by passing -1, IP_MINTTL can be reset by passing 0. This is consistent with what Linux does and IPV6_UNICAST_HOPS/IPV6_MINHOPCOUNT. ok bluhm@
2016-06-30Use ``rt_addr'' rather than ``rt_ifa'' to get the source addressMartin Pieuchot
corresponding to a route. ok florian@ on a previous version, input and ok bluhm@
2016-06-28Add sysctl for arp timers: net.inet.ip.arptimeout (expire timer for resolvedChris Cappuccio
entries) and net.inet.ip.arpdown (expire timer for unresolved entries) ok mpi@