Age | Commit message (Collapse) | Author |
|
because interfaces may disappear without notice causing use after free bugs.
Instead use the inm_ia->ia_ifp as a hint, struct in_ifaddr correctly tracks
removals of interfaces and invalidates ia_ifp in such cases.
looks good henning@ markus@
|
|
before it is removed from the multicast group in_delmulti() will try to
access the no longer available ifp.
We invalidate the ifa_ifp back pointer in the ifa in if_detach() now and use
the ifa_ifp in in_delmulti() instead of the internal inm_ifp. By doing it
this way we know if the interface was removed.
This fixes a kernel panic triggered by ospfd and gif(4) tunnels.
looks good henning@ reyk@
|
|
|
|
destination of the route belonging to the carp interface.
ok mpf@ claudio@
|
|
code and replace both with a RFC1948 based method, so TCP clients
now have monotonic ISN/timestamps. The server side uses completely
random ISN/timestamps and does time-wait recycling (on port reuse).
ok djm@, mcbride@; thanks to lots of testers
|
|
interface (ip-less parent).
tested by claudio and me
ok claudio@
|
|
be set to NULL as first in rtrequest1() for all host routes.
With and OK reyk@
|
|
not get build. the code looks at flags that used to be in mbuf tags, now
they are in the mbuf header, so we can check them unconditionally.
problem spotted by Daniel Roethlisberger <daniel@roe.ch>, ok ryan markus
|
|
|
|
OK mcbride@
|
|
we need a pointer to the inpcb to decide, which was not previously
passed to ip6_output, so this diff is a little bigger.
from itojun, ok ryan
|
|
OK mcbride@
|
|
found by itojun
|
|
decomissioned aeon ago. We will not miss it at all.
OK dlg@ henning@ and a lot of cheers by other in the room
|
|
boring details:
skip looking for ipsec tags and descending into ip_spd_lookup if there
are no ipsec flows, except in one case in ip_output (spotted by markus)
where we have to if we have a pcb. ip_spd_lookup has the shortcut already,
but there is enough work done before so that skipping that gains us about
5%. ok theo, markus
|
|
boring details:
pf used to use an mbuf tag to keep track of route-to etc, altq, tags,
routing table IDs, packets redirected to localhost etc. so each and every
packet going through pf got an mbuf tag. mbuf tags use malloc'd memory,
and that is knda slow.
instead, stuff the information into the mbuf header directly.
bridging soekris with just "pass" as ruleset went from 29 MBit/s to
58 MBit/s with that (before ryan's randomness fix, now it is even betterer)
thanks to chris for the test setup!
ok ryan ryan ckuethe reyk
|
|
ok dlg claudio
|
|
|
|
|
|
ok reyk@
|
|
|
|
ok reyk@
|
|
|
|
function as a macro.
ok reyk@ ja ja claudio@
|
|
|
|
|
|
prodded by art@ ja ja claudio@
|
|
"commit it" art@ ok claudio@
|
|
|
|
acked bytes and update the window accordingly
fix PR4278
OK henning@ markus@ claudio@
|
|
This first step makes it style(9) compliant.
Just a whitespace diff, no binary change.
OK claudio@ norby@
|
|
addresses in struct arpcom. this lets a nic driver easily see if it wants
allmulti behaviour, which in turn means we can clean some code up.
ok jason@ claudio@ norby@
|
|
|
|
|
|
|
|
|
|
at least exhibit routing messages so it does not confuse the userland
routing daemons by routing table changes not reflected by messages on the
routing socket. effect would be bgpd using wrong nexthops for example, in
the worst case (that i actually ran into) blackholing traffic.
ok reyk claudio "looks correct" miod
|
|
|
|
This unbreaks carp reconfiguration.
OK henning@, mcbride@
|
|
This reduces group failover time to a few milliseconds.
Diff from Nathanael.
OK henning@
|
|
the problemantic IP address and a hopefully better reason message.
After discussion with dtucker@, "fine with me" deraadt@ some time ago
|
|
This provides a similar functionality as ARP balancing,
but also works for traffic that comes across routers.
IPv6 is supported as well.
The configuration scheme will change as soon we have sth better.
Also add support for changing the MAC address on carp(4)
interfaces. (code from mcbride)
Tested by pyr@ and reyk@
OK mcbride@
|
|
arplookup: unable to enter address for xxx.xxx.xxx.xxx
because it is absolutely useless in a modern world with cable modems
which leak arp packets over IP netblock zones; Anyone who used this as
a diagnostic for real problems has other tools to use; from discussion
with kitella, ok claudio
|
|
not used with Heimdal. Add UDP port 749 to DEFBADDYNAMICPORTS_UDP
for consistency with DEFBADDYNAMICPORTS_TCP. We retain some Kerberos
4 ports for people running Heimdal in Kerberos 4 compat mode.
OK deraadt@ beck@
|
|
moving the m_adj() down to prevent so that the ethernet header is preserved.
This fixes tcpdump on bridged gif(4) interfaces. OK mglocker@
|
|
OK mglocker@
|
|
ok kettenis@ cloder@ tom@ henning@
|
|
|
|
and passed around but never used. OK mglocker@
|
|
header.
- ipsec_input: fix mistake in IPv6 next-header chasing.
- ipsec_output: look for the position to insert AH more carefully.
- ip6_output: enable use of AH with extension headers.
avoid tunnellinng when source-routing header is present.
ok by deraad, naddy, hshoexer
|