summaryrefslogtreecommitdiff
path: root/sys/netinet
AgeCommit message (Collapse)Author
2012-09-20spltdb() was really just #define'd to be splsoftnet(); replace the formerBret Lambert
with the latter no change in md5 checksum of generated files ok claudio@ henning@
2012-09-19Make rt_lookup return a pointer to an rtentry struct instead ofBret Lambert
to a radix_node struct. The radix tree pushdown continues. ok claudio@
2012-09-19inherit IFCAP_CSUM_* from the parent interfaceHenning Brauer
in my tree for a while and I forgot what exactly triggered it, but in one way or another this comes from the netbsd camp ok benno mpf
2012-09-18sysctl calls shouldn't clobber route timers without spl protectionBret Lambert
the spl call in the icmp case may be too aggressive, but better safe than sorry ok claudio@
2012-09-18remove the SADB_X_SAFLAGS_{HALFIV,RANDOMPADDING,NOREPLAY} pfkey-API (not setMarkus Friedl
anywhere) as well as the matching TDBF_{HALFIV,RANDOMPADDING,NOREPLAY} code. ok mikeb@
2012-09-17add IPV6_RECVDSTPORT socket option, which enables us to get originalYASUOKA Masahiko
(= before divert) destination port of a UDP packet. The way to use this option is same as IP_RECVDSTPORT. from UMEZAWA Takeshi tweaks from jmc; ok henning bluhm
2012-09-15Improve POSIX/SUS compliance of <netdb.h>, <sys/socket.h>, and <sys/un.h>.Philip Guenthe
Much ports testing of various versions by naddy@ and jasper@ ok matthew@, miller@
2012-08-07Store the data used to generate an ICMP error message on a stackMike Belopuhov
instead of allocating a new mbuf. This is a third or fourth attempt to incorporate a change like this meaning a handful of people have lost their hair trying to make it work, namely dlg@, henning@, deraadt@, and thib@. Unfortunately the fixed version was never put back which is exceptionally unfortunate since the impact on performance is huge: it nearly doubles the forwarding performance on selected hardware in simple setups. So after being beaten in test and production environments on several architectures it's ready to be put back again. We're doing it early in the release cycle so that it will receive a good test exposure. ok derradt, henning
2012-07-17use IPsec flowinfo on pipex(4) to select the IPsec tunnel for sendingYASUOKA Masahiko
L2TP packets. ok markus henning
2012-07-16add IP_IPSECFLOWINFO option to sendmsg() and recvmsg(), so npppd(4)Markus Friedl
can use this to select the IPsec tunnel for sending L2TP packets. this fixes Windows (always binding to 1701) and Android clients (negotiating wildcard flows); feedback mpf@ and yasuoka@; ok henning@ and yasuoka@; ok jmc@ for the manpage
2012-07-133 line diff to fix divert using connections from local system.Claudio Jeker
OK henning@
2012-07-12Be way more careful when accessing a possibly cached route in_selectsrc()Claudio Jeker
since it may already been gone. Fixes panic seen by stsp@ when unplugging a used USB interface. Tested and OK stsp@
2012-07-10Instead of <arpa/inet.h> pulling in <netinet/in.h>, just copy in thePhilip Guenthe
three things that it needed from there: INET_ADDRSTRLEN, INET6_ADDRSTRLEN, and struct in_addr. Add protecting #ifndefs to netinet6?/in6?.h for those. ok deraadt@
2012-07-10in_scrubprefix needs the same netmask checking as in_addprefix (which wasClaudio Jeker
added in 1.40). This fixes a pathological case where in_scrubprefix would do the wrong thing. Found and reported by glebius@FreeBSD OK bluhm@
2012-07-08Instead of casting interface address pointers, use the macros NULLAlexander Bluhm
and ifatoia(). No binary diff. OK blambert@ henning@ claudio@
2012-07-08Add support for advertising dns servers and search paths in routerPeter Hessler
advertisements, according to RFC 6106. original diff from Stephane A. Sezer on tech@, many thanks! OK phessler@, todd@
2012-06-29Add support for the Extended (64-bit) Sequence Number as definedMike Belopuhov
in RFC4302 and RFC4303. Right now only software crypto engine is capable of doing it. Replay check was rewritten to implement algorithm described in the Appendix A of RFC4303 and the window size was increased to 64. Tested against OpenBSD, Linux (strongswan) and Windows. No objection from the usual suspects.
2012-06-26Improve compliance for <arpa/inet.h> and <netinet/in.h> to define/declarePhilip Guenthe
all the symbols that POSIX says they must and fewer that they can't and, most importantly, to not require a specific ordering of headers. ports testing by naddy@ ok millert@ deraadt@
2012-05-12Fix tcpdump for etherip packets.Marco Pfatschbacher
bpf_mtap() needs to be called without the etherip_header. Idea to use a forward declaration for struct tdb by claudio. OK claudio@
2012-04-13unneccessary casts to unsigned; ok claudioTheo de Raadt
2012-04-11fix all the suser calls which pass an incorrect p_acflag argument;Mike Belopuhov
figured out by and ok guenther
2012-04-07Bring the rtable sockopt code in line with the setrtable() implementation.Claudio Jeker
While there change IP_RTABLE to SO_RTABLE. IP_RTABLE will die soon. With and OK guenther@
2012-04-04pipex hook in udp_usrreq() mistakenly assumed that `inp' is connected.YASUOKA Masahiko
It could not use the destination address properly, so it failed to find the pipex session. This bug caused LCP keepalive failures on some clients. found and tested by sebastia@ and mxb at alumni.chalmers.se. ok sthen
2012-03-30actually store the result of the pmtu-route lookup. otherwise weMarkus Friedl
don't have a MTU to announce in the icmp need fragment packet. this fixes PMTU-discovery for TCP over IPsec; ok mpf@, fries@
2012-03-17remove IP_JUMBO, SO_JUMBO, and RTF_JUMBO.David Gwynne
no objection from mcbride@ krw@ markus@ deraadt@
2012-03-15improve IPsec/ENC interaction:Markus Friedl
- ipip_input() recalculate the IP header checksum if the tos bits are changed after decapsulation. Otherwise these packets are dropped later in the stack. - ip_ecn_egress(): do not drop packets for IPsec if the outter packet of a Tunnel has the ECN-CE bit set (Congestion Experienced) and the inner packet does not indicate support ECN. - remove unused ip6_ecn_ingress(), ip6_ecn_egress() code ok mikeb@
2012-03-10Increase TCP's initial window to 10 * MSS or 14600 bytes as proposed inClaudio Jeker
draft-ietf-tcpm-initcwnd. net.inet.tcp.rfc3390 defaults to 2 now which uses the 10*MSS, setting it back to 1 brings back the old default of 4*MSS. OK sperreault@, henning@, sthen@, markus@
2012-03-06Check if route is still valid when getting the cached rt entry of a pcb.Claudio Jeker
While there make sure we do the lookup in the correct routing table. OK mikeb, henning and phessler
2012-02-24Correct the spelling of "transferred" and "transferring"Philip Guenthe
from Tobias Ulmer (tobiasu at tmux.org); ok jmc@, krw@
2012-01-11Put an splsoftassert(IPL_SOFTNET) into in_pcbdetach().Alexander Bluhm
ok mikeb@
2012-01-03To access the ifaddr of an in_ifaddr or in6_ifaddr struct, it isAlexander Bluhm
cleaner to access the first member via ia_ifa instead of casting. No binary change. ok henning@ krw@
2012-01-03When used with socket splicing, tcp_usrreq() might get called withAlexander Bluhm
a socket that has an inp but tp is NULL. The call stack for that is tcp_input() tcp_close() soisdisconnected() sorwakeup() somove() tcp_usrreq(PRU_RCVD). To avoid a NULL dereference, just return in that case. ok henning@
2011-12-29Escape hardware-checksumming if interface is in a bridge, this isChristiano F. Haesbaert
already done for UDP/TCP/ICMP. This fixes a problem where checksumming would not be computed if you have a bridge with at least one interface with hardware checksumming and another without. Discussed with sthen@ and henning@, this is somewhat a temporary fix, we should not have these special bridge cases in ip_output, as Henning said, the bridge must behave. But for that to work we need to poke the bridge harder, this problem has been seen by at least two users at: http://marc.info/?l=openbsd-misc&m=132391433319512&w=2 http://marc.info/?l=openbsd-misc&m=132234363030132&w=2 I promised to work on a better diff :-). ok henning@ sthen@ mikeb@
2011-12-22Fix RFC reference sectionsperreault
spotted by bluhm@, ok yasuoka@
2011-12-21Compute mandatory UDP checksum for IPv6 packetssperreault
ok yasuoka@ bluhm@
2011-12-19Fix checksum of UDP/TCP packets following RFC 3948. This is required forYASUOKA Masahiko
transport mode IPsec NAT-T. ok markus
2011-12-02Kill unused IFCAP_IPSEC and IFCAP_IPCOMP.Christiano F. Haesbaert
ok claudio@ henning@ mikeb@
2011-11-19Select a routing table according to the rdomain. Allows oneMike Belopuhov
to connect to the carp address when the carpdev interface has an ip address too in the non-default rdomain. ok claudio
2011-10-30In the advbase 0 case, we have to use three timesMarco Pfatschbacher
the advskew as the master down timeout. OK henning.
2011-10-24Lower carp demote count on interface detach, fixes a bug introduced by rev ↵Camiel Dobbelaar
1.175. ok henning mpf
2011-10-16Use m_pullup() instead of IP6_EXTHDR_GET() to get the carp headerMarco Pfatschbacher
in the v6 input path. IP6_EXTHDR_GET() internally uses m_pulldown(), which might return a pointer to a different mbuf in the chain. In this case, carp_cksum() will be called with the wrong mbuf. This fixes occasional checksum mismatches. Problem found and initial fix by stsp@ OK stsp@
2011-10-15Respect the ToS setting in tcp syn+ack for IPv4, still need to fix forChristiano F. Haesbaert
IPv6. ok claudio@
2011-10-13Since the IPv6 madness is not enough introduce NAT64 -- which is actuallyClaudio Jeker
"af-to" a generic IP version translator for pf(4). Not everything perfect yet but lets fix these things in the tree. Insane amount of work done by sperreault@, mikeb@ and reyk@. Looked over by mcbride@ henning@ and myself at eurobsdcon. OK mcbride@ and general put it in from deraadt@
2011-09-18Fix various format string types to as a minimum match the width of theMiod Vallat
variables being processed. ok bluhm@ henning@
2011-09-06Properly initialize struct carp_if (especially vhif_nvrs) with M_ZERO.Marco Pfatschbacher
This lets carp delete IFF_PROMISC on its carpdev upon destroy. Fix from Stefan Rinkes. OK sthen, bluhm, deraadt.
2011-07-09begone, fucking rotten appletalk shit. ok roomHenning Brauer
2011-07-08mark carp advertisements to be queued at priority 6. losing them is bad,Henning Brauer
mkay? ok ryan
2011-07-08Include PIPEX in kernel by default. And add new sysctl variableYASUOKA Masahiko
`net.pipex.enable' to enable PIPEX. By default, pipex is disabled and it will not process packets from wire. Update man pages and update HOWTO_PIPEX_NPPPD.txt for testers. discussed with dlg@, ok deraadt@ mcbride@ claudio@
2011-07-07Replace the cruddy old sys/net/zlib.[ch]. We now use the sys/lib/libzTheo de Raadt
code. Missing chunks of the API are imported from the libc version, with a few #ifdef's to port it into the kernel environment. The bootblocks already used the newer code, and should encounter no surprises since there are so few changes to the existing files. In the kernel, ipcomp and kernel ppp are changed to the new API. ipcomp has been tested. ok tedu the brave
2011-07-06Add sysctl net.inet.tcp.always_keepalive, when this is set the systemStuart Henderson
behaves as if SO_KEEPALIVE was set on all TCP sockets, forcing keepalives to be sent every net.inet.tcp.keepidle half-seconds. In conjunction with a keepidle value greatly reduced from the default, this can be useful for keeping sessions open if you are stuck on a network with short NAT or firewall timeouts. Feedback from various people, ok henning@ claudio@