src - OpenBSD base system

Age	Commit message (Collapse)	Author
2005-09-29	Rework of multicast deletion code.	Marco Pfatschbacher
	The previous code could wrongly delete multicast groups on the parent interface. Now we forward only remembered delete requests to the carpdev. OK mcbride, mickey. "Get it in" deraadt.
2005-09-28	Enable RFC3390 by default and remove a few compile time options which	Brad Smith
	can be changed via sysctl's. ok markus@
2005-09-19	A few 'demon' -> 'daemon'.	Kenneth R Westerback
	ok deraadt@
2005-09-19	typo	Theo de Raadt

2005-09-19	Fix initialisation of baddynamicports.udp, busted since 1997, wow.	Theo de Raadt
	found by leonardo@iken.com.br
2005-08-31	Comment out KASSERT(mc != NULL) in carp_ether_delmulti. Because we mess with	Ryan Thomas McBride
	the multicast list elsewhere, it can occur under certain conditions (PR4475). ok deraadt@ mpf@
2005-08-11	New counter for not joined IPv4 multicast groups.	Marco Pfatschbacher
	Don't count link local scope multicast as not forwardable. This stops ips_cantforward growing on carp(4) networks. tested and ok mcbride@, ok markus@.
2005-08-11	don't accept SYN-only TCP options for established connections;	Markus Friedl
	cf FreeBSD-SA-05:15.tcp; ok claudio, mcbride
2005-08-05	don't panic for SADB_ADD w/o enc/auth, with and ok hshoexer@	Markus Friedl

2005-08-02	change the TCP reass queue from LIST to TAILQ;	Markus Friedl
	ok henning claudio fgsch krw
2005-08-02	use arc4random for random packet padding (largely acedemic because it is	Damien Miller
	deprecated anyway); ok hshoexer@
2005-07-31	Introduce bpf_mtap_af and bpf_mtap_hdr to be used when passing a mbuf chain	Christopher Pascoe
	to bpf with either an address family or other header added. These helpers only allocate a much smaller struct m_hdr on the stack when needed, rather than leaving 256 byte struct mbufs on the stack in deep call paths. Also removes a fair bit of duplicated code. commit now, tune after deraadt@
2005-07-31	Change the API for icmp_do_error so that it takes the mtu directly, rather	Christopher Pascoe
	than a pointer to struct ifnet containing it. Saves a 448 byte stack allocation in ip_forward which previously faked up a struct ifnet just for this purpose. idea ok deraadt millert
2005-07-25	minor whitespace cleanup	Christopher Pascoe

2005-07-14	More netccitt and netns removals; OK henning, brad, mickey	Uwe Stuehler

2005-07-04	remove TUBA, ok many	Markus Friedl

2005-06-30	implement PMTU checks from	Markus Friedl
	http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html i.e. don't act on ICMP-need-frag immediately if adhoc checks on the advertised mtu fail. the mtu update is delayed until a tcp retransmit happens. initial patch by Fernando Gont, tested by many.
2005-06-24	simplify port allocation in pcb_bind(); based on freebsd; ok claudio henning	Markus Friedl

2005-06-19	Don't reflect CARP's internal state via IFF_UP (which a user can modify), use	Christopher Pascoe
	IFF_RUNNING instead. Also, do not blindly restore flags onto an interface when returning to the running state. This eliminates the possibility that the kernel will bring the interface back up after a link state change on the physical interface, even though the user may have done an "ifconfig carpN down" in the meantime. Similarly two link state down events on the physical interface in succession could result in us never coming out of the INIT state. The master/backup state is still reported via link state information, so bgpd/ospfd, etc, should function as before. This also addresses PR4238. ok mpf@, ok with the idea etc henning@
2005-06-15	remove from "attempted source route ..." message; ok deraadt, mpf, henning, ↵	Markus Friedl
	millert
2005-06-10	make sure the IP packet contains a full struct ip_timestamp	Markus Friedl
	from art; ok deraadt, claudio, henning
2005-06-10	getsockopt(): allocate a mbuf cluster for large ipsec credentials	Markus Friedl
	fixes kernel panic from pr 4252; Stefan Miltchev; ok deraadt@
2005-06-08	netns bites the dust	Henning Brauer

2005-06-06	another leftover from the src routing adventure a year ago	Henning Brauer

2005-06-03	Hold a reference to the relevant struct in_ifaddr while a multicast address	Christopher Pascoe
	is bound on the interface. ok mcbride@ henning@
2005-05-28	Add SA replay counter synchronization to pfsync(4). Required for IPsec	Hakan Olsson
	failover gateways. ok mcbride@, "looks good" hshoexer@
2005-05-27	long overdue snprintf cleanup in kernfs related code	Hans-Joerg Hoexer
	ok cloder
2005-05-27	wrap some comments	Hans-Joerg Hoexer

2005-05-27	comment out unused PACKET_TAG_IPSEC_IN_CRYPTO_DONE code; ok hshoexer	Markus Friedl

2005-05-27	only access if_linkstatehooks inside splnet.	Marco Pfatschbacher
	with pascoe@
2005-05-27	Experimental support for opportunitic use of jumbograms where only some hosts	Ryan Thomas McBride
	on the local network support them. This adds a new socket option, SO_JUMBO, and a new route flag, RTF_JUMBO. If _both_ the socket option is set and the route for the host has RTF_JUMBO set, ip_output will fragment the packet to the largest possible size for the link, ignoring the card's MTU. The semantics of this feature will be evolving rapidly; talk to us if you intend to use it. ok deraadt@ marius@
2005-05-25	AESCTR support for ESP (RFC 3686); ok hshoexer	Markus Friedl

2005-05-24	add net.inet.ip.ifq for monitoring and changing ifqueue; similar to netbsd	Markus Friedl
	ok henning
2005-05-24	Ignore ICMP Source Quench messages meant for TCP connections. (Details in	Fernando Gont
	http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html) ok markus frantzen
2005-05-10	support NULL encryption for ESP; ok hshoexer, ho	Markus Friedl

2005-04-25	csum -> csum_flags	Brad Smith
	ok krw@ canacar@
2005-04-21	handle return value of snprintf correctly	Hans-Joerg Hoexer
	ok deraadt@
2005-04-20	Introduce if_linkstatehooks.	Marco Pfatschbacher
	This converts if_link_state_change() to a generic usable callback with dohooks(). OK henning@, camield@ Tested by camield@ and Alexey E. Suslikov
2005-04-16	re-register	Theo de Raadt

2005-04-12	handle PMTU for ipip SAs, too; ok hshoexer, cloder	Markus Friedl

2005-04-05	add tcp sack stats, similar to freebsd; ok deraadt	Markus Friedl

2005-03-28	add some const to ether_*. remove bonus prototypes this brought out.	Ted Unangst
	ok deraadt@
2005-03-15	- stop tearing down routes when the carp interface goes to backup in the	Ryan Thomas McBride
	carpdev case; block outgoing packets in carp_output() instead. - unbreak the "bow out on 'ifconfig down'" behaviour, allows instant failover on graceful halt/reboot to work again. ok mpf@ henning@
2005-03-13	fix a potential crash that could occur when CARP_LOG is being used.	Patrick Latifi
	ok mcbride
2005-03-12	make sure code and comment match	Markus Friedl

2005-03-09	from freebsd:	Markus Friedl
	1. set rcv_laststart/rcv_lastend after checking the tcp window 2. pass rcv_laststart and rcv_lastend on the stack (shrink tcp state) ok henning, djm
2005-03-07	Correctly compare routes in in_addprefix. If a netmask is supplied it needs	Claudio Jeker
	to be compared too -- 10/8 and 10/24 are not equal. This fixes a problem with overlapping networks reported by Simon Slaytor. OK henning@
2005-03-05	Remove code which enforces a advskew=0 for the case	Marco Pfatschbacher
	that carp shares the IP addresse with its physical interface. It's neither supported nor needed, since we have carpdev now. ok mcbride@
2005-03-04	- check th_ack against snd_una/max; from Raja Mukerji via hugh@	Markus Friedl
	- limit pool to tcp_sackhole_limit entries (sysctl-able) - stop sack option processing on pool_get errors - use SEQ_MIN/SEQ_MAX ok henning, hshoexer, deraadt
2005-03-01	Unbreak arp_input with carp; add back the call to carp_iamatch()	Ryan Thomas McBride
	which was removed in rev 1.57. This makes arpbalance work again, and ensures that only one carp host will reply to a given arp request. ok mpf@ pascoe@ dhartmei@ deraadt@