Age | Commit message (Collapse) | Author |
|
|
|
ln_hold or la_hold into temporary storage and null ln_hold or
la_hold before manually processing the mbuf chain. Discard the mbuf chain
if it is put back in the hold area.
ok claudio@ markus@
|
|
OK henning@
|
|
ok claudio theo
|
|
|
|
for pf(4) diverted packets; based on patch by Scot Loach; ok beck@
|
|
The option allows a socket to be bound to addresses which are not
local to the machine. In order to receive packets for these addresses
SO_BINDANY needs to be combined with matching outgoing pf(4) divert
rules, see pf.conf(5).
ok beck@
|
|
makes transparent proxies much easier; ok beck@, feedback claudio@
|
|
and the one route with the lowest number wins. This will be used by the
routing daemons to resolve the synchronisations issue in case of conflicts.
The nasty bits of this are in the multipath code. If no priority is specified
the kernel will choose an appropriate priority.
Looked at by a few people at n2k8 code is much older
|
|
simple on/off, allowing more control over how verbose the logging is.
This also allows you to do a further level of filtering in syslog.conf
if you need to.
Also add logging of state changes, inspired by diff provided by
Brian A. Seklecki in PR 5513. These messages are logged by default.
ok henning mpf deraadt
|
|
|
|
get a timestamp of when the datagram was accepted (by udp(4), for
example) rather than having to take a timestamp with gettimeofday(2)
when recv(2) returns - possibly several hundreds of microseconds later.
May be of use to those interested in precision network timing schemes
or QoS for media applications. Tested on alpha, amd64, i386 and sparc64.
manpage suggestions from jmc, ok deraadt
|
|
it by reading the queues head pointer. if that pointer is not null
then it takes splnet and dequeues a packet for handling. this is
bad because the ifqueue head is modified at splnet and the sofnet
handlers read it without holding splnet.
this removes that check of the head pointer and simply checks if
the dequeue gave us a packet or not before proceeding.
found while reading mpls code.
discussed with norby@ and henning@
ok mcbride@ henning@
|
|
crc in addition to the existing "oneshot" mode and use them to replace
ieee80211_crc_update() with the new ether_crc32_le_update(). Saves 1k
kernel bss + some code.
Mark the new ether_crc32_[lb]e_update functions as __pure for a
~25x speedup (on my i386 at least).
feedback and ok damien@
|
|
power of two.
use arc4random_bytes() when requesting more than a word of PRNG
output.
ok deraadt@
|
|
|
|
|
|
a set of incrementing integers (and not an arbitrary set of values) it
is possible to populate the array as we shuffle it in a single forward
pass. Clever optimisation from didickman AT gmail.com;
ok deraadt@ mcbride@
|
|
|
|
in the range 0 <= x < upper_bound
Please use this new API instead of "arc4random() % upper_bound", as it
avoids the "modulo bias" that favours small results when upper_bound is
not a power of two.
feedback deraadt@ mcbride@; ok deraadt@
|
|
shuffle. Upon allocation, swap-permute the new value to a random slot in
the 0..32K-1 th entry of the buffer as we move forward, ensuring randomness
but also satisfying the non-repeating property we need. Also avoid the value
of 0, since IP ID's of 0 are special. Inspired by Dillon's implementation.
We believe this is easier to read though, initializes with less bias, handles
the ID of 0 properly, and wins speed tests.
Thanks a lot to mcbride and djm for doing a bunch of statistical and speed
analysis, and comments from nordin
ok mcbride djm
|
|
OK mcbride@, mickey@
|
|
|
|
relying on the mbuf chain layout; with claudio@ and krw@; ok henning@
|
|
from the first ACK packet. Otherwise the server would use the
unscaled window size for the fist data it is sending.
ok markus@ dhartmei@
|
|
Instead of using the same IP on multiple interfaces, carp has to be
configured with the new "carpnodes" and "balancing" options.
# ifconfig carp0 carpnodes 1:0,2:100,3:100 balancing ip carpdev sis0 192.168.5.50
Please note, that this is a flag day for anyone using carp balancing.
You'll need to adjust your configuration accordingly.
Addititionally this diff adds IPv6 NDP balancing support.
Tested and OK mcbride@, reyk@.
Manpage help by jmc@.
|
|
ok claudio@ krw@ dlg@
|
|
directly instead of takeing the detour via rtrequest().
OK henning@ markus@
|
|
provide netstat(1) with data it needs; ok claudio reyk
|
|
OK deraadt@
|
|
change netstat to use them instead of accessing kvm for it. more
protocols will be added later.
discussed with deraadt@ claudio@ gilles@
ok deraadt@
|
|
ok millert
|
|
sys/dev/pci/pciide.c from naddy@
|
|
IPv4 interface address similar to arp_ifinit(). The main difference is
that we do not send out a gracious arp as the carp(4) is not ready to send
at that moment. This will make backup interface show up like the master ones.
OK mpf@ earlier version OK henning@ mcbride@
|
|
ok mpf@ henning@
|
|
sys/netinet/in_pcb.c and sys/net/bridgestp.c ok henning@
sys/dev/pci/bktr/* ok jakemsr@
|
|
|
|
so the resulting messages have ifindex set and the routing daemons can
correctly indentify that route as connected. ok mcbride
|
|
that is kept in a list per carp interface. This is the huge first
step necessary to make carp load balancing nice and easy. One carp
interface can now contain up to 32 virtual host instances.
This doesn't do anything useful yet, but here is how an ifconfig
for multiple entries now looks like:
# ifconfig carp2 carpnodes 5:0,6:100 192.168.5.88
carp2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:05
carp: carpdev sis0 advbase 1
state MASTER vhid 5 advskew 0
state BACKUP vhid 6 advskew 100
groups: carp
inet 192.168.5.88 netmask 0xffffff00 broadcast 192.168.5.255
OK mcbride@
|
|
OK hshoexer@
|
|
connect() which has completed and failed.. if connect() is called
again.. return the so_error instead of EINVAL; from Alexey Vatchenko
matches what other systems do now
ok millert henning
|
|
ok deraadt@ dlg@ henric@ mcbride@
|
|
and can happen on slow mp systems under a lot of network load; ok kettenis@
|
|
ok krw@
|
|
It is unlikely we will ever get a working replay protection,
so better keep it simple and robust.
The cookie allows us to detect our own advertisements,
thus it is now easy to deal with network loops and
non-simplex interfaces.
Zero feedback by the people who wanted this fixed.
OK henning@, markus@
|
|
ok gilles@
|
|
As with many of the last commits, looked at by chl@ in an earlier
version.
|
|
'Fixes' two cases where the zeroing did not cover all the memory
allocated.
As with many of the last commits, looked at by chl@ in an earlier
version.
|
|
|
|
In ip_esp.c all allocated memory is now zero'd in the
"malloc(sizeof(*tc) + alen ..." case. The +alen memory was not
initialized by the bzero() call. Noticed by chl@.
"Looks good" art@ "seems ok" chl@
|