Age | Commit message (Collapse) | Author |
|
This is for RFC3682 aka the TTL security hack - sender sets TTL to 255,
receiver checks no router on the way (or, no more than expected) reduced
the TTL. carp uses that technique already.
modeled after FreeBSD implementation.
ok claudio djm deraadt
|
|
when set on raw or udp sockets, userland receives the incoming packet's TTL
as ancillary data (cmsg shitz). modeled after the FreeBSD implementation.
ok claudio djm deraadt
|
|
Did these vendors really really really not think? Absolute morons.
|
|
|
|
virtual MAC address is set. Among other things, this makes route6d work
correctly on systems with carp interfaces.
In order to ensure backwards compatibility, we do not include IPv6
link-local addresses in generating the HMAC, but we accept HMACs with AND
without the link-local addresses. They will be added to the HMAC in a future
release.
In short: this change should only affect backwards compatibility for
IPv6 users who are manually adding link-local addresses on carp interfaces.
testing mtu@ todd@
ok mpf@ henning@ deraadt@
|
|
ok mpf@ henning@
|
|
physical interface shares a bridge with the interface that received it.
Patch based on a version from camield@
Fixes PR 5178.
OK mcbride@
|
|
we've won the MASTER election.
This seems to be necessary w/ some wacky L3 switches,
that only learn by looking at ARP packets.
Fixes PR 5148.
OK mcbride@
|
|
code. however, it is still cluttering up the kernel namespace a bit. it is
better gone.
ok claudio@
|
|
the INET6 code. With this it is possible to use e.g. IP_RECVIF to get the
incomming interface. SOCK_RAW is not affected by this.
Problem found and fixed by Michele 'mydecay' Marchetto. OK markus@
|
|
no functional change.
|
|
|
|
|
|
|
|
To minimise path disruptions, this implements recommendations made in RFC2992 -
the hash-threshold mechanism to select paths based on source/destination IP
address pairs, and inserts multipath routes in the middle of the route table.
To enable multipath distribution, use:
sysctl net.inet.ip.multipath=1
and/or:
sysctl net.inet6.ip6.multipath=1
testing norby@
ok claudio@ henning@ hshoexer@
|
|
|
|
parameter so they can work on alternate tables. table 0 hardcoded for
many callers yet, that will be adapted step by step.
input + ok claudio norby hshoexer
|
|
henning@ claudio@ ok
|
|
for clarity.
henning@ claudio@ ok
|
|
henning@ claudio@ ok
|
|
here, make sure they compile with or without IPSEC, you morons!
|
|
As a first user, move the global carp(4) demotion counter
into the interface group. Thus we have the possibility
to define which carp interfaces are demoted together.
Put the demotion counter into the reserved field of the carp header.
With this, we can have carp act smarter if multiple errors occur.
It now always takes over other carp peers, that are advertising
with a higher demote count. As a side effect, we can also have
group failovers without the need of running in preempt mode.
The protocol change does not break compability with older
implementations.
Collaborative work with mcbride@
OK mcbride@, henning@
|
|
we will randomly choose that stupid port, which NIC's are sometimes
programmed to eat invisibly; sthen@bootes.spacehopper.org, pr5139
|
|
Additionally add the IP_RECVIF option which returns the interface a packet
was received on. OK markus@ norby@
|
|
Another ipsec failover fix from nathanael at polymorpheus dot com.
ok hshoexer@
|
|
- use if_hardmtu for MTU ioctl handlers.
ok reyk@
|
|
|
|
the establish calls were bypassed or failed.
ok mpf@
|
|
for dumb non simplex interfaces, that receive packets they've just
sent. Fixes bug 5121.
OK deraadt@, mcbride@
|
|
need to save/restore it.
- inp->inp_laddr should be set _before_ calling pcb_disconnect().
otherwise pcb_disconnect() calls pcb_rehash() with the old laddr.
[ currently this is not a problem since the hash ignores laddr ]
tested by pedro
|
|
ok mcbride@ itojun@
|
|
ok deraadt millert
|
|
code breaks multicast on gif(4) interfaces and it is far better to configure
a real gif(4) tunnel instead of a multicast tunnel as the latter is almost
not manageable. OK norby@, mblamer@
|
|
cases harmless it is used by the IPv6 code. The result is that bgpd is unable
to assigning link local addresses to the correct interface. OK henning@
Fix for PR 5063.
|
|
ok claudio@
|
|
ok henning mcbride
|
|
outbound), using a new BIOCSDIRFILT ioctl;
guidance, feedback and ok canacar@
|
|
ok henning@
|
|
directly. rather provide a rt_lookup function for regular lookups,
and a rt_gettable for those that need access to the head for some reason.
the latter cases should be revisted later probably so that nothing outside
the routing core code accesses the heads at all...
tested claudio jolan me, ok claudio markus
|
|
|
|
|
|
|
|
|
|
the remainder of the network stack from splimp to splnet.
ok miod@
|
|
ok claudio, henning, brad, djm, tedu
|
|
-alias and netmask used at the same time. This resulted in a corrupted
routing table and a panic in rn_walktree after the interface was destroyed.
OK krw@ henning@
|
|
Add some f's; do comparison in host byte order.
OK mcbride@
|
|
OK markus@, "looks good" hshoexer@
|
|
Any pf(4) translation that modifies more than IP addresses,
was happening on the shared mbuf cluster. Thus we were
sending icmp errors with corrupted payload.
OK dhartmei@, markus@
|
|
|