| Age | Commit message (Collapse) | Author |
|---|
|
found by itojun
|
|
decomissioned aeon ago. We will not miss it at all.
OK dlg@ henning@ and a lot of cheers by other in the room
|
|
boring details:
skip looking for ipsec tags and descending into ip_spd_lookup if there
are no ipsec flows, except in one case in ip_output (spotted by markus)
where we have to if we have a pcb. ip_spd_lookup has the shortcut already,
but there is enough work done before so that skipping that gains us about
5%. ok theo, markus
|
|
boring details:
pf used to use an mbuf tag to keep track of route-to etc, altq, tags,
routing table IDs, packets redirected to localhost etc. so each and every
packet going through pf got an mbuf tag. mbuf tags use malloc'd memory,
and that is knda slow.
instead, stuff the information into the mbuf header directly.
bridging soekris with just "pass" as ruleset went from 29 MBit/s to
58 MBit/s with that (before ryan's randomness fix, now it is even betterer)
thanks to chris for the test setup!
ok ryan ryan ckuethe reyk
|
|
ok dlg claudio
|
|
|
|
|
|
ok reyk@
|
|
|
|
ok reyk@
|
|
|
|
function as a macro.
ok reyk@ ja ja claudio@
|
|
|
|
|
|
prodded by art@ ja ja claudio@
|
|
"commit it" art@ ok claudio@
|
|
|
|
acked bytes and update the window accordingly
fix PR4278
OK henning@ markus@ claudio@
|
|
This first step makes it style(9) compliant.
Just a whitespace diff, no binary change.
OK claudio@ norby@
|
|
addresses in struct arpcom. this lets a nic driver easily see if it wants
allmulti behaviour, which in turn means we can clean some code up.
ok jason@ claudio@ norby@
|
|
|
|
|
|
|
|
|
|
at least exhibit routing messages so it does not confuse the userland
routing daemons by routing table changes not reflected by messages on the
routing socket. effect would be bgpd using wrong nexthops for example, in
the worst case (that i actually ran into) blackholing traffic.
ok reyk claudio "looks correct" miod
|
|
|
|
This unbreaks carp reconfiguration.
OK henning@, mcbride@
|
|
This reduces group failover time to a few milliseconds.
Diff from Nathanael.
OK henning@
|
|
the problemantic IP address and a hopefully better reason message.
After discussion with dtucker@, "fine with me" deraadt@ some time ago
|
|
This provides a similar functionality as ARP balancing,
but also works for traffic that comes across routers.
IPv6 is supported as well.
The configuration scheme will change as soon we have sth better.
Also add support for changing the MAC address on carp(4)
interfaces. (code from mcbride)
Tested by pyr@ and reyk@
OK mcbride@
|
|
arplookup: unable to enter address for xxx.xxx.xxx.xxx
because it is absolutely useless in a modern world with cable modems
which leak arp packets over IP netblock zones; Anyone who used this as
a diagnostic for real problems has other tools to use; from discussion
with kitella, ok claudio
|
|
not used with Heimdal. Add UDP port 749 to DEFBADDYNAMICPORTS_UDP
for consistency with DEFBADDYNAMICPORTS_TCP. We retain some Kerberos
4 ports for people running Heimdal in Kerberos 4 compat mode.
OK deraadt@ beck@
|
|
moving the m_adj() down to prevent so that the ethernet header is preserved.
This fixes tcpdump on bridged gif(4) interfaces. OK mglocker@
|
|
OK mglocker@
|
|
ok kettenis@ cloder@ tom@ henning@
|
|
|
|
and passed around but never used. OK mglocker@
|
|
header.
- ipsec_input: fix mistake in IPv6 next-header chasing.
- ipsec_output: look for the position to insert AH more carefully.
- ip6_output: enable use of AH with extension headers.
avoid tunnellinng when source-routing header is present.
ok by deraad, naddy, hshoexer
|
|
|
|
compile and work. need to register pfkey whenever tcp md5 or ipsec is
defined, and the various ipsec encapsulations only if ipsec is defined.
ok theo
|
|
to the m_tag_delete_chain() function.
m_tag_free() and m_tag_unlink() are only used by m_tag_delete() and I see
no need to have these functions around.
m_tag_delete_chain() has a second argument to specifiy a starting point
from where the chain should be deleted. This feature is never used and is
more complex because it is not possible to remove a SLIST element without
doing a list walk. Instead use SLIST_FIRST() and SLIST_REMOVE_HEAD() to
remove all items from the list. OK dhartmei@
|
|
|
|
splnet/IF_DEQUEUE/splx; ok various people
|
|
to INET6 too, so move it outside. markus ok
|
|
|
|
(s6_addr16[1] filled)
ok dhartmei
|
|
|
|
the kernel still handles RFC2292 set/getsockopts, so that compiled binary
has no trouble running. userland sees RFC3542 symbols only on header file
so new code has to use RFC3542 API.
bump libc shlib minor for function additions.
tested on i386/amd64 by jmc, i386 by brad. checked by deraadt.
|
|
when sending the synack response. ok markus
|
|
the dest IP; PMTU debugging support; ok hshoexer
|
