summaryrefslogtreecommitdiff
path: root/sys/netinet
AgeCommit message (Collapse)Author
2006-10-11implement IP_MINTTL socket option fo tcp socketsHenning Brauer
This is for RFC3682 aka the TTL security hack - sender sets TTL to 255, receiver checks no router on the way (or, no more than expected) reduced the TTL. carp uses that technique already. modeled after FreeBSD implementation. ok claudio djm deraadt
2006-10-11implement IP_RECVTTL socket option.Henning Brauer
when set on raw or udp sockets, userland receives the incoming packet's TTL as ancillary data (cmsg shitz). modeled after the FreeBSD implementation. ok claudio djm deraadt
2006-09-26udp port 664 is sometimes also stolen on the wire by ipmi/asf balony.Theo de Raadt
Did these vendors really really really not think? Absolute morons.
2006-09-21ugly trailing ws; from bret dot lambert at gmailOtto Moerbeek
2006-08-31Automatically add a IPv6 link-local address to carp interfaces when theRyan Thomas McBride
virtual MAC address is set. Among other things, this makes route6d work correctly on systems with carp interfaces. In order to ensure backwards compatibility, we do not include IPv6 link-local addresses in generating the HMAC, but we accept HMACs with AND without the link-local addresses. They will be added to the HMAC in a future release. In short: this change should only affect backwards compatibility for IPv6 users who are manually adding link-local addresses on carp interfaces. testing mtu@ todd@ ok mpf@ henning@ deraadt@
2006-08-28Make carp see all IPv6 address additions and remove dead code in carp_ioctl()Ryan Thomas McBride
ok mpf@ henning@
2006-08-21Answer ARP queries also for addresses on carp interfaces, if carpsMarco Pfatschbacher
physical interface shares a bridge with the interface that received it. Patch based on a version from camield@ Fixes PR 5178. OK mcbride@
2006-08-16Send out a second delayed gratuitous ARP request afterMarco Pfatschbacher
we've won the MASTER election. This seems to be necessary w/ some wacky L3 switches, that only learn by looking at ARP packets. Fixes PR 5148. OK mcbride@
2006-07-18get rid of arc network support. we have no users of it so this is deadDavid Gwynne
code. however, it is still cluttering up the kernel namespace a bit. it is better gone. ok claudio@
2006-07-17Call ip_savecontrol() in the multicast codepath of udp_input() similar toClaudio Jeker
the INET6 code. With this it is possible to use e.g. IP_RECVIF to get the incomming interface. SOCK_RAW is not affected by this. Problem found and fixed by Michele 'mydecay' Marchetto. OK markus@
2006-07-06u_quad_t -> u_int64_tBrad Smith
no functional change.
2006-06-30htonq() is not used, at allTheo de Raadt
2006-06-28No need to add function prototypes twice to a header file.Claudio Jeker
2006-06-18Whitespace, oops.Christopher Pascoe
2006-06-18Add support for equal-cost multipath IP.Christopher Pascoe
To minimise path disruptions, this implements recommendations made in RFC2992 - the hash-threshold mechanism to select paths based on source/destination IP address pairs, and inserts multipath routes in the middle of the route table. To enable multipath distribution, use: sysctl net.inet.ip.multipath=1 and/or: sysctl net.inet6.ip6.multipath=1 testing norby@ ok claudio@ henning@ hshoexer@
2006-06-17unbreak; from theoHenning Brauer
2006-06-16adjust functions dealing with the routing table to take a table ID asHenning Brauer
parameter so they can work on alternate tables. table 0 hardcoded for many callers yet, that will be adapted step by step. input + ok claudio norby hshoexer
2006-06-15Make number of varargs passed to ip_output match reality.Christopher Pascoe
henning@ claudio@ ok
2006-06-15Change cast of last vararg to ip_output to match what ip_output expects,Christopher Pascoe
for clarity. henning@ claudio@ ok
2006-06-15Make number of varargs passed to ip_output match reality.Christopher Pascoe
henning@ claudio@ ok
2006-06-06Put mrouting enable flag inside the right ifdef. If you change filesTheo de Raadt
here, make sure they compile with or without IPSEC, you morons!
2006-06-02Introduce attributes to interface groups.Marco Pfatschbacher
As a first user, move the global carp(4) demotion counter into the interface group. Thus we have the possibility to define which carp interfaces are demoted together. Put the demotion counter into the reserved field of the carp header. With this, we can have carp act smarter if multiple errors occur. It now always takes over other carp peers, that are advertising with a higher demote count. As a side effect, we can also have group failovers without the need of running in preempt mode. The protocol change does not break compability with older implementations. Collaborative work with mcbride@ OK mcbride@, henning@
2006-05-30Put ASF/IPMI port 623 into the bad dynamic udp table, because otherwiseTheo de Raadt
we will randomly choose that stupid port, which NIC's are sometimes programmed to eat invisibly; sthen@bootes.spacehopper.org, pr5139
2006-05-29Make savecontrol functions more generic and use them now for raw IP too.Claudio Jeker
Additionally add the IP_RECVIF option which returns the interface a packet was received on. OK markus@ norby@
2006-05-28Only preemptively increase the replay counter for outbound TDBs.Ryan Thomas McBride
Another ipsec failover fix from nathanael at polymorpheus dot com. ok hshoexer@
2006-05-28- remove ETHER_MAX_LEN_JUMBO and ETHERMTU_JUMBO.Brad Smith
- use if_hardmtu for MTU ioctl handlers. ok reyk@
2006-05-26rename jumbo mtu to if_hardmtu; ok brad reykTheo de Raadt
2006-05-22Check for NULL cookies before calling hook_disestablish(). Just in caseKenneth R Westerback
the establish calls were bypassed or failed. ok mpf@
2006-05-18Add a duplicate check for our own advertisements. This is necessaryMarco Pfatschbacher
for dumb non simplex interfaces, that receive packets they've just sent. Fixes bug 5121. OK deraadt@, mcbride@
2006-05-16- pcbflags is not modified in pcb_(dis)connect, so there's noMarkus Friedl
need to save/restore it. - inp->inp_laddr should be set _before_ calling pcb_disconnect(). otherwise pcb_disconnect() calls pcb_rehash() with the old laddr. [ currently this is not a problem since the hash ignores laddr ] tested by pedro
2006-05-11fix corruption of pim register packets. From Hideki ONO, thanks!Hans-Joerg Hoexer
ok mcbride@ itojun@
2006-04-27use underscore variants of _BYTE_ORDER macros which are always definedTed Unangst
ok deraadt millert
2006-04-25Remove virtual tunnel support from the mrouting code. The virtual tunnelClaudio Jeker
code breaks multicast on gif(4) interfaces and it is far better to configure a real gif(4) tunnel instead of a multicast tunnel as the latter is almost not manageable. OK norby@, mblamer@
2006-04-22Routes announced via rt_missmsg() do not have rtm_index set. While in mostClaudio Jeker
cases harmless it is used by the IPv6 code. The result is that bgpd is unable to assigning link local addresses to the correct interface. OK henning@ Fix for PR 5063.
2006-03-30fix a typoEsben Norby
ok claudio@
2006-03-26if_link_state_change() is more appropriate here.Camiel Dobbelaar
ok henning mcbride
2006-03-25allow bpf(4) to ignore packets based on their direction (inbound orDamien Miller
outbound), using a new BIOCSDIRFILT ioctl; guidance, feedback and ok canacar@
2006-03-23Set a carp MAC address of 00:00:00:00:00:00 if no vhid is assigned.Ryan Thomas McBride
ok henning@
2006-03-22prevent anything outside rote.c from accessing the routing table headsHenning Brauer
directly. rather provide a rt_lookup function for regular lookups, and a rt_gettable for those that need access to the head for some reason. the latter cases should be revisted later probably so that nothing outside the routing core code accesses the heads at all... tested claudio jolan me, ok claudio markus
2006-03-12mbuf use-after-free; ok henning, djm, bradMarkus Friedl
2006-03-07advertisment -> advertisement; from leonardo chiquitto filhoJason McIntyre
2006-03-05Use more queue macros rather than doing it by hand; ok otto@ krw@Miod Vallat
2006-03-05revert unrelated change that snuck into the last commit.Brad Smith
2006-03-04With the exception of two other small uncommited diffs this movesBrad Smith
the remainder of the network stack from splimp to splnet. ok miod@
2006-02-26unbreak tcp window update (restore 4.4lite code); netbsd pr 13952;Markus Friedl
ok claudio, henning, brad, djm, tedu
2006-02-21Fix a panic reported by D.Snezhkov by issuing an ifconfig command withClaudio Jeker
-alias and netmask used at the same time. This resulted in a corrupted routing table and a panic in rn_walktree after the interface was destroyed. OK krw@ henning@
2006-01-28Fix hmac calculation.Marco Pfatschbacher
Add some f's; do comparison in host byte order. OK mcbride@
2006-01-13Path MTU discovery for NAT-T.Marco Pfatschbacher
OK markus@, "looks good" hshoexer@
2006-01-03m_pullup the same amount we copied, not just the IP header.Marco Pfatschbacher
Any pf(4) translation that modifies more than IP addresses, was happening on the shared mbuf cluster. Thus we were sending icmp errors with corrupted payload. OK dhartmei@, markus@
2005-12-23Remove unnecessary #ifdef MROUTING blocks. OK brad@ markus@Claudio Jeker