| Age | Commit message (Collapse) | Author |
|---|
|
This unify some code and notify userland for free.
blambert@ agrees, ok bluhm@
|
|
email.
|
|
get userland notification for free.
ok blambert@, bluhm@
|
|
Instead check the error code returned by this function and let the
caller free the route entry when appropriate.
ok bluhm@
|
|
before <net/pfvar.h> or <net/if_pflog.h>. The kernel files can be
cleaned up next. Some sockaddr_union steps make it into here as well.
ok naddy
|
|
practice, be pragmatic and #include <sys/timeout.h> for
struct tcpb (glorious namespace violation)
ok kettenis millert sthen
|
|
The half-backed logic to find a parent interface before configuring an
address on a carp(4) interface is responsible for too many layers of
complexity resulting in various breakages everytime something change in
the stack.
So make carp(4) a bit less special. It now requires a parent interface
like all the other pseudo-devices.
ok mikeb@, dlg@, florian@, henning@
|
|
|
|
under _KERNEL, and adjust the one consumer (netstat) so that it requests
the exposure. Will take a few more rounds to get this right.
ok mikeb
|
|
changed or if we asked for it.
Should reduce the RTM_RESOLVE storm seeing by claudio@
With inputs from and ok mikeb@
|
|
ok claudio@, mikeb@, bluhm@
|
|
for the validity of a given outgoing route entry into a single function.
This change is inspired from FreeBSD r111767. The function introduced
here, rt_checkgate(), should hopefully die in a near future. Why should
it die? Well, it is way too late to do such validity checks: if your
kernel can ends up in ether_output() with an invalid route, please do
not let it try to find a new one that might do the job.
Go read this function if you're wondering why you're getting messages
like:
"arpresolve: X.X.X.X: route without link local address"
Since this horrible logic has survived 20 years of copy & past and small
modifications for workarounds without a single clear commit message, let's
assume it is full of dragons and try to play safe. This factorization is
not intended to change any behavior.
With much inputs from bluhm@, tested by weerd@ and florian@ on setups
with p2p IPv6 interfaces.
ok bluhm@, benno@, florian@
|
|
carp(4) has a hack to update its Ethernet address which was also
generating the corresponding IPv6 link-local address. Since the
removal of the NOINET6 flag, this link-local address was generated
even if no IPv6 address has been configured on the interface.
This unbreak carp setup without v6 addresses, found the hard way by
sebastia@.
ok sebastia@, benno@, stsp@, @phessler
|
|
ioctl(2)s are an exception to this rule. This makes clear that ifa
cannot be used initialized as found by jsg@ with gcc/clang.
ok krw@, bluhm@, jca@
|
|
|
|
|
|
|
|
long live the one true internet.
ok henning mikeb
|
|
|
|
Prodded by claudio@ and mikeb@
|
|
Output interface (port) selection for multicast traffic is not done via
route lookups. Instead the output ifp is registred when setsockopt(2)
is called with the IP{V6,}_MULTICAST_IF option. But since there is no
mechanism to invalidate such pointer stored in a pcb when an interface
is destroyed/removed, it might lead your kernel to fault.
Prevent a fault upon resume reported by frantisek holop, thanks!
ok mikeb@, claudio@
|
|
ok deraadt@ tedu@
|
|
ok millert@, bluhm@
|
|
ok mikeb@, krw@, bluhm@, tedu@
|
|
of your system, put it on a diet and kill the superfluous logic.
ok mikeb@
|
|
any good to our network stack.
The most visible effect is the maze of #ifdef's and casts. But the
real problem is the very fragile way of checking if a (cached) route
entry is still valid or not. What should we do if the route jumped
to another ifaddr or if its gateway has been changed?
This change start the dance of "struct route" & friends removal by
sending the completly useless "struct route_enc" to the bucket.
Tweak & ok claudio@
|
|
|
|
error code on failure (unchecked for the moment).
ok mikeb@, jmc@
|
|
|
|
ok deraadt@ tedu@
|
|
for a multicast/broadcast destination address.
These checks have already been done in the Ethernet and IP layers and
the mbuf(9) should contain all the required information at this point.
But since we cannot trust this spaghetti stack, be paranoid and make
sure to set the flags in the IP input routines.
Use explicit comments, requested by deraadt@. ok claudio@
|
|
|
|
to p2p interfaces always mark them as Multipath. This way we can have
multiple routes to the same destination as long as the local address is
different.
ok mikeb@
|
|
to include that than rdnvar.h. ok deraadt dlg
|
|
|
|
attacks.
this is a textbook use of siphash.
the idea of using siphash for this came from yasuoka-san, but i had
the time to do it. he also tested and tweaked this diff.
ok yasuoka@ mikeb@
|
|
pf the state has to vanish immediately when the relay closes the
socket. To make this work reliably, the linkage between state and
socket must be established with the first packet. This packet could
be incomming or outgoing.
Link the pf state in the socket layer earlier. This makes all tests
in /usr/src/regress/sys/net/pf_divert pass.
OK henning@
|
|
ok dlg@
|
|
ok tedu@ claudio@
|
|
It is of course not to make your life more complicated when you are
dealing with ifa_ifwithaddr()! It was to reuse the point-to-point
code to add a route to 127.0.0.1. But now we have local routes and
we don't need this hack anymore :)
ok mikeb@ as part of a larger diff.
|
|
Note that ifa_ifwithaddr() might return a broadcast address, so if you
don't want one make sure to filter them out.
ok mikeb@
|
|
ok dlg@, uebayasi@, mikeb@
|
|
calls. Also, when adjusting demote counts, don't call carp_send_ad_all()
for every ifgroup with a demote count of 1 but rather call it only once
after adjusting the demote counts of all ifgroups.
ok bluhm@ mpf@
|
|
functionnality instead of a mix of enable/disable.
ok bluhm@, jca@
|
|
INADDR_BROADCAST the same as INADDR_ANY.
ok mpi
|
|
From Florian Riehm
|
|
|
|
you don't have a physical interface on your machine, so why rawip should
be more clever^Wparanoid than the others?
ok henning@, mikeb@
|
|
kill the macro.
ok mikeb@, henning@
|
|
OK henning@
|
