Age | Commit message (Collapse) | Author |
|
OK markus@, "looks good" hshoexer@
|
|
Any pf(4) translation that modifies more than IP addresses,
was happening on the shared mbuf cluster. Thus we were
sending icmp errors with corrupted payload.
OK dhartmei@, markus@
|
|
|
|
the mbuf before encryption. otherwise mbufs with M_EXT but w/o M_CLUSTER
get modified; ok hshoexer
|
|
|
|
so we must start to use u_int; ok cloder
|
|
data immediately. otherwise we would ignore RST for delayed acks;
ok deraadt, dhartmei
|
|
OK mcbride@
|
|
router so back out the routing stuff to pre-eurobsdcon where my machine
doesn't crash immediately.
i am happy to test diffs and report success/failures but i am not happy
to have instantaneous crashes when i reboot with a new kernel that was
compiled from pristine sources.
if you are going to be an elitist asshole then you could at least make
sure your code works.
ok and "be crass towards them" deraadt@
|
|
but go through a provided wrapper.
also provide rt_lookup() instead of doing the lookup manually in many places.
ryan ok
|
|
A bug introduced in -r 1.4 led lower priotorized hosts
switching to MASTER state for a short time at bootup,
if preemption was enabled.
OK mcbride@
|
|
alias address order on the interface irrelevant.
prodding by henning@, ok mpf@
|
|
|
|
ok henning@
|
|
|
|
the result to determine which carp interface should answer rather than
simply using the ip address.
Fixes breakage debugged by Matt Bradford <m.bradford@isrc.qut.edu.au>
'just commit' deraadt@
|
|
with both sack and md5 options in SYN.
|
|
freed.
ok canacar deraadt
|
|
ok mpf@
|
|
in the data part for the data from the previously distinct tags.
look up the tag early and carry a pointer to it around.
makes the code easier and saves some tag lookups and thus helps performance,
as proven by tests run by Schberle Dniel <Schoeberle.Daniel@aamtech.hu>
Initially hacked up somewhere over the atlantic ocean in an A330
early testing reyk and moritz, "put it in" theo
|
|
It is now possible to enable multicast routing in the kernel with
the sysctl option net.inet.ip.mforwarding=1
Based on intial work by msf@
help claudio@
ok claudio@ deraadt@
|
|
The previous code could wrongly delete multicast groups
on the parent interface. Now we forward only remembered
delete requests to the carpdev.
OK mcbride, mickey. "Get it in" deraadt.
|
|
can be changed via sysctl's.
ok markus@
|
|
ok deraadt@
|
|
|
|
found by leonardo@iken.com.br
|
|
the multicast list elsewhere, it can occur under certain conditions (PR4475).
ok deraadt@ mpf@
|
|
Don't count link local scope multicast as not forwardable.
This stops ips_cantforward growing on carp(4) networks.
tested and ok mcbride@, ok markus@.
|
|
cf FreeBSD-SA-05:15.tcp; ok claudio, mcbride
|
|
|
|
ok henning claudio fgsch krw
|
|
deprecated anyway); ok hshoexer@
|
|
to bpf with either an address family or other header added.
These helpers only allocate a much smaller struct m_hdr on the stack when
needed, rather than leaving 256 byte struct mbufs on the stack in deep
call paths. Also removes a fair bit of duplicated code.
commit now, tune after deraadt@
|
|
than a pointer to struct ifnet containing it.
Saves a 448 byte stack allocation in ip_forward which previously faked up
a struct ifnet just for this purpose.
idea ok deraadt millert
|
|
|
|
|
|
|
|
http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
i.e. don't act on ICMP-need-frag immediately if adhoc checks on the
advertised mtu fail. the mtu update is delayed until a tcp retransmit
happens. initial patch by Fernando Gont, tested by many.
|
|
|
|
IFF_RUNNING instead. Also, do not blindly restore flags onto an interface when
returning to the running state.
This eliminates the possibility that the kernel will bring the interface back
up after a link state change on the physical interface, even though the user
may have done an "ifconfig carpN down" in the meantime. Similarly two link
state down events on the physical interface in succession could result in us
never coming out of the INIT state.
The master/backup state is still reported via link state information, so
bgpd/ospfd, etc, should function as before.
This also addresses PR4238.
ok mpf@, ok with the idea etc henning@
|
|
millert
|
|
from art; ok deraadt, claudio, henning
|
|
fixes kernel panic from pr 4252; Stefan Miltchev; ok deraadt@
|
|
|
|
|
|
is bound on the interface.
ok mcbride@ henning@
|
|
failover gateways. ok mcbride@, "looks good" hshoexer@
|
|
ok cloder
|
|
|
|
|