Age | Commit message (Collapse) | Author |
|
Don't count link local scope multicast as not forwardable.
This stops ips_cantforward growing on carp(4) networks.
tested and ok mcbride@, ok markus@.
|
|
cf FreeBSD-SA-05:15.tcp; ok claudio, mcbride
|
|
|
|
ok henning claudio fgsch krw
|
|
deprecated anyway); ok hshoexer@
|
|
to bpf with either an address family or other header added.
These helpers only allocate a much smaller struct m_hdr on the stack when
needed, rather than leaving 256 byte struct mbufs on the stack in deep
call paths. Also removes a fair bit of duplicated code.
commit now, tune after deraadt@
|
|
than a pointer to struct ifnet containing it.
Saves a 448 byte stack allocation in ip_forward which previously faked up
a struct ifnet just for this purpose.
idea ok deraadt millert
|
|
|
|
|
|
|
|
http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
i.e. don't act on ICMP-need-frag immediately if adhoc checks on the
advertised mtu fail. the mtu update is delayed until a tcp retransmit
happens. initial patch by Fernando Gont, tested by many.
|
|
|
|
IFF_RUNNING instead. Also, do not blindly restore flags onto an interface when
returning to the running state.
This eliminates the possibility that the kernel will bring the interface back
up after a link state change on the physical interface, even though the user
may have done an "ifconfig carpN down" in the meantime. Similarly two link
state down events on the physical interface in succession could result in us
never coming out of the INIT state.
The master/backup state is still reported via link state information, so
bgpd/ospfd, etc, should function as before.
This also addresses PR4238.
ok mpf@, ok with the idea etc henning@
|
|
millert
|
|
from art; ok deraadt, claudio, henning
|
|
fixes kernel panic from pr 4252; Stefan Miltchev; ok deraadt@
|
|
|
|
|
|
is bound on the interface.
ok mcbride@ henning@
|
|
failover gateways. ok mcbride@, "looks good" hshoexer@
|
|
ok cloder
|
|
|
|
|
|
with pascoe@
|
|
on the local network support them.
This adds a new socket option, SO_JUMBO, and a new route flag,
RTF_JUMBO. If _both_ the socket option is set and the route for the host
has RTF_JUMBO set, ip_output will fragment the packet to the largest
possible size for the link, ignoring the card's MTU.
The semantics of this feature will be evolving rapidly; talk to us
if you intend to use it.
ok deraadt@ marius@
|
|
|
|
ok henning
|
|
http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html)
ok markus frantzen
|
|
|
|
ok krw@ canacar@
|
|
ok deraadt@
|
|
This converts if_link_state_change() to a generic usable
callback with dohooks().
OK henning@, camield@
Tested by camield@ and Alexey E. Suslikov
|
|
|
|
|
|
|
|
ok deraadt@
|
|
carpdev case; block outgoing packets in carp_output() instead.
- unbreak the "bow out on 'ifconfig down'" behaviour, allows instant
failover on graceful halt/reboot to work again.
ok mpf@ henning@
|
|
ok mcbride
|
|
|
|
1. set rcv_laststart/rcv_lastend after checking the tcp window
2. pass rcv_laststart and rcv_lastend on the stack (shrink tcp state)
ok henning, djm
|
|
to be compared too -- 10/8 and 10/24 are not equal. This fixes a problem
with overlapping networks reported by Simon Slaytor.
OK henning@
|
|
that carp shares the IP addresse with its physical interface.
It's neither supported nor needed, since we have carpdev now.
ok mcbride@
|
|
- limit pool to tcp_sackhole_limit entries (sysctl-able)
- stop sack option processing on pool_get errors
- use SEQ_MIN/SEQ_MAX
ok henning, hshoexer, deraadt
|
|
which was removed in rev 1.57. This makes arpbalance work again, and
ensures that only one carp host will reply to a given arp request.
ok mpf@ pascoe@ dhartmei@ deraadt@
|
|
|
|
while t_rtt was 1-based), update callers
2. define and use TCP_RTT_BASE_SHIFT instead of the hardcoded 2.
3. add missing shifts when t_srtt/t_rttvar are used.
4. update the comments: t_srtt uses 5 bits of fraction (not 3)
and t_rttvar uses 4 bits
5. remove obsolete/unused macros TCP_RTT_SCALE and TCP_RTTVAR_SCALE
6. make sure rttmin is not > TCPTV_REXMTMAX
parts from netbsd, ok mcbride, henning
|
|
No functional change due to earlier check,
fix from Maxim Konovalov <maxim@macomnet.ru>
ok deraadt@ dhartmei@
|
|
- sturct -> struct (spotted by pedro)
- elimination of consecutive 'the' words
ok jmc@, henning@, krw@, robert@, some whining by jolan@
|
|
|
|
with an id10t error by yours truly.
|