| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
i.e. don't act on ICMP-need-frag immediately if adhoc checks on the
advertised mtu fail. the mtu update is delayed until a tcp retransmit
happens. initial patch by Fernando Gont, tested by many.
|
|
|
|
IFF_RUNNING instead. Also, do not blindly restore flags onto an interface when
returning to the running state.
This eliminates the possibility that the kernel will bring the interface back
up after a link state change on the physical interface, even though the user
may have done an "ifconfig carpN down" in the meantime. Similarly two link
state down events on the physical interface in succession could result in us
never coming out of the INIT state.
The master/backup state is still reported via link state information, so
bgpd/ospfd, etc, should function as before.
This also addresses PR4238.
ok mpf@, ok with the idea etc henning@
|
|
millert
|
|
from art; ok deraadt, claudio, henning
|
|
fixes kernel panic from pr 4252; Stefan Miltchev; ok deraadt@
|
|
|
|
|
|
is bound on the interface.
ok mcbride@ henning@
|
|
failover gateways. ok mcbride@, "looks good" hshoexer@
|
|
ok cloder
|
|
|
|
|
|
with pascoe@
|
|
on the local network support them.
This adds a new socket option, SO_JUMBO, and a new route flag,
RTF_JUMBO. If _both_ the socket option is set and the route for the host
has RTF_JUMBO set, ip_output will fragment the packet to the largest
possible size for the link, ignoring the card's MTU.
The semantics of this feature will be evolving rapidly; talk to us
if you intend to use it.
ok deraadt@ marius@
|
|
|
|
ok henning
|
|
http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html)
ok markus frantzen
|
|
|
|
ok krw@ canacar@
|
|
ok deraadt@
|
|
This converts if_link_state_change() to a generic usable
callback with dohooks().
OK henning@, camield@
Tested by camield@ and Alexey E. Suslikov
|
|
|
|
|
|
|
|
ok deraadt@
|
|
carpdev case; block outgoing packets in carp_output() instead.
- unbreak the "bow out on 'ifconfig down'" behaviour, allows instant
failover on graceful halt/reboot to work again.
ok mpf@ henning@
|
|
ok mcbride
|
|
|
|
1. set rcv_laststart/rcv_lastend after checking the tcp window
2. pass rcv_laststart and rcv_lastend on the stack (shrink tcp state)
ok henning, djm
|
|
to be compared too -- 10/8 and 10/24 are not equal. This fixes a problem
with overlapping networks reported by Simon Slaytor.
OK henning@
|
|
that carp shares the IP addresse with its physical interface.
It's neither supported nor needed, since we have carpdev now.
ok mcbride@
|
|
- limit pool to tcp_sackhole_limit entries (sysctl-able)
- stop sack option processing on pool_get errors
- use SEQ_MIN/SEQ_MAX
ok henning, hshoexer, deraadt
|
|
which was removed in rev 1.57. This makes arpbalance work again, and
ensures that only one carp host will reply to a given arp request.
ok mpf@ pascoe@ dhartmei@ deraadt@
|
|
|
|
while t_rtt was 1-based), update callers
2. define and use TCP_RTT_BASE_SHIFT instead of the hardcoded 2.
3. add missing shifts when t_srtt/t_rttvar are used.
4. update the comments: t_srtt uses 5 bits of fraction (not 3)
and t_rttvar uses 4 bits
5. remove obsolete/unused macros TCP_RTT_SCALE and TCP_RTTVAR_SCALE
6. make sure rttmin is not > TCPTV_REXMTMAX
parts from netbsd, ok mcbride, henning
|
|
No functional change due to earlier check,
fix from Maxim Konovalov <maxim@macomnet.ru>
ok deraadt@ dhartmei@
|
|
- sturct -> struct (spotted by pedro)
- elimination of consecutive 'the' words
ok jmc@, henning@, krw@, robert@, some whining by jolan@
|
|
|
|
with an id10t error by yours truly.
|
|
ifp->if_flags & IFF_MULTICAST checks no longer protect against.
ok pascoe@ mpf@
|
|
use our carp_addr_updated callback to detect deletion and reconfigure
appropriately.
ok mcbride@
|
|
with an interface down avoid preempting after a reboot.
Pointed out by Stephen Marley <stephen.marley@catwoman.cl-is.com>
ok pascoe@ mpf@
|
|
|
|
Advertisements run through the carp interface first.
So we just take the address from ifp0.
While we're there,
also remove carp_macmatch6, which isn't used anymore.
Proposed by mcbride@
ok mcbride@, pascoe@
|
|
not addressed to the machine. If the destination is not a local address do a
route lookup for the original source address and use the returned interface
address. This solves problems seen on interfaces with multiple networks
defined. OK henning@ markus@
|
|
- Keep track of allhost multicast address record we joined into
each in_ifaddr and delete it when an address is purged.
- Don't simply try to delete a multicast address record listed in the
ia_multiaddrs. It results a dangling pointer. Let whoever holds a
reference to it to delete it.
mcbride@ markus@ ok
|
