| Age | Commit message (Collapse) | Author |
|---|
|
interface. VXLAN is a UDP-based tunnelling protocol for overlaying
virtualized layer 2 networks over layer 3 networks. The implementation
is based on draft-mahalingam-dutt-dcops-vxlan-04 and has been tested
with other implementations in the wild.
put it in deraadt@
|
|
of an interface, named after its IPv6 equivalent.
Make use of it instead of removing addresses by hand when detaching
or destroying an interface. As a bonus, multicast records linked
to the just divorced^Wdetached interface are no longer leaked.
No objection from the gang, ok mikeb@
|
|
No functional change.
ok henning@, mikeb@
|
|
of tcp_input() and tcp_output() were very inconsistent. Especially
the so->so_pcb is NULL which can only happen after the inp has been
detached. The whole issue looks similar to the old panic:
pool_do_get(inpcbpl): free list modified.
http://marc.info/?l=openbsd-bugs&m=132630237316970&w=2
To get more information, add some asserts that guarantee the
consistency of the socket, inpcb, tcpcb linking. They should trigger
when an inp is taken from the pcb hashes after it has been freed.
OK henning@
|
|
ok bluhm@, henning@
|
|
ok mikeb@
|
|
ok bluhm@, mikeb@
|
|
OK mpi@
|
|
than iterating on the global list.
ok bluhm@
|
|
ok krw@, mikeb@
|
|
the moment because there might be at most one caller at a time, it
wont be so as soon as this part of the network stack is run in
parallel.
While here also reduce the difference with the icmp6 code adding a
redirect route.
ok mikeb@
|
|
from the interface on which the packet was received on instead of
filtering the global list.
ok bluhm@, henning@
|
|
ok mikeb@, sthen@, tedu@ (implied), doc bits ok jmc@
|
|
sure we add its descriptor back to the tree and interface list to keep
the various global structures consistent.
ok mikeb@, bluhm@
|
|
of incoming IPv4 packets with the SSRR or LSRR header option in
a m_tag rather than in a single static entry.
Use a new m_tag type, PACKET_TAG_SRCROUTE, for this and bump
PACKET_TAG_MAXSIZE accordingly.
Adapted from FreeBSD r135274 with inputs from bluhm@.
ok bluhm@, mikeb@
|
|
This is useful to aggregate data in the kernel from multiple sources
like writes and socket splicing. It avoids sending small packets.
From FreeBSD via David Hill; OK mikeb@ henning@
|
|
missing. Especially the IN6_IS_ADDR_LINKLOCAL() macro should not
be necessary in IPv4 only code. No binary change.
OK henning@ claudio@
|
|
ok mikeb@
|
|
|
|
to pass the destination address of the route to clone.
ok markus@, mikeb@
|
|
ok mikeb@, henning@
|
|
change.
ok mikeb@, henning@
|
|
and IPv6. The variable tp is not accessed between these two
assingments. intotcpcb() is a define without side effects. So use
the same code for IPv4 and IPv6.
OK claudio@ mpi@
|
|
|
|
is perfectly ok for the moment because there might be at most
one caller at a time, it wont be so as soon as this part of
the network stack is run in parallel.
ok henning@, mikeb@
|
|
of the IPL_NET. pf_test should be no longer called under IPL_NET as
well. The problem became evident after the related issue was brought
up by David Hill <dhill at mindcry ! org>.
With input from and OK mpi. Tested by David and me.
|
|
ok bluhm@
|
|
ifdef ENCDEBUG to make sure we don't use them elsewhere.
|
|
our addresses to reuse arplookup() and do only one list iteration.
Looks ok to claudio@, ok mikeb@
|
|
a flag. Rename the variable inpl_flags in tcp_input() to inpl_reverse
like in udp_input(). No binary change.
OK mikeb@
|
|
under some circumstances repair broken checksums on the way.
ok ryan naddy mikeb
.
redo most of the protocol (tcp/udp/...) checksum handling
-assume we have hardware checksum offloading. stop mucking with the
checksum in most of the stack
-stop checksum mucking in pf, just set a "needs checksumming" flag if needed
-in all output pathes, very late, if we figure out the outbound interface
doesn't have hw cksum offloading, do the cksum in software. this especially
makes the bridge path behave like a regular output path
-little special casing for bridge still required until the broadcast path
loses its disgusting shortcut hacks, but at least it's in one place now
and not all over the stack
in6_proto_cksum_out mostly written by krw@
started at k2k11 in iceland more than 1.5 years ago - yes it took that
long, this stuff is everything but easy.
this happens to fix the infamous pf rdr bug that made us turn off proto
cksum offloading on almost all interface drivers.
|
|
Jeff Ross and later by myself, both on remote systems..
|
|
structure is zeroed out before use. From David Hill <dhill at
mindcry ! org>; ok blambert claudio henning
|
|
Reported by naddy@
|
|
structure rather than doing various M_WAITOK allocations during
the *attach() functions, we always rely on them anyway.
ok mikeb@, uebayasi@
|
|
iterating once we found a matching address.
ok mpf@, yasuoka@, henning@
|
|
ok bluhm@, mikeb@
|
|
in4_cksum() instead of in_cksum(). This gets rid of the clunky
m_data/m_len dance, which was described as "disgusting" in the original
comments. :)
Tested on a small MPLS test network (since icmp_do_exthdr() is currently
only used by MPLS code, specifically mpls_do_error()).
ok bluhm henning mikeb
|
|
unify some return statements while here.
ok bluhm@, henning@
|
|
ok otto
|
|
dropped by IPsec security policy.
input from and ok mikeb
|
|
consumed by icmp_input(). As an exception, control packets that
belong to a connection to a local socket must go to pr_ctlinput().
Add a switch over the ICMP type to handle that.
OK markus@ henning@
|
|
clunky m_data/m_len dance needed by in_cksum().
Tested on amd64, hppa, i386, loongson, macppc, sgi, and sparc64.
Thanks to blambert@, bluhm@, and henning@ for help and feedback;
abieber@ for testing this diff independently on macppc; krw@ for access
to his hppa, sgi, and sparc64 test systems at t2k13; nick@ for helping
me figure out Ken's hppa so that I can test this diff. :)
ok blambert bluhm henning mikeb
|
|
|
|
was only done when a packet traveled up the stack from pf to
tcp_input(). Now also link the state and inpcb when the packet is
going down from tcp_output() to pf. As a consequence, divert-reply
states where the initial SYN does not get an answer, can be handled
more correctly.
This change is part of a larger diff that has been backed out in
2011. Bring the feature back in small steps to see when bad things
start to happen.
OK henning deraadt
|
|
into one block.
OK mpi@
|
|
even more of the kernel
fix formatting ugliness, whitespace only, obviously a copy & pasto
ok ryan
|
|
one so that we can use the real MAC address for carp(4) like an example
following.
ifconfig carp0 carpdev REALIF lladdr <real interface's lladdr>
ok reyk mcbride
|
|
|
|
OK claudio@
|
