| Age | Commit message (Collapse) | Author |
|---|
|
Fix a problem found by Johan Huldtgren, ok phessler@
|
|
are converted to if_input(), this time without breaking parent-less setup.
ok sthen@, dlg@
|
|
as la will be NULL when rt is uninitialised which should cause
the function to return, but makes the code easier to follow.
ok mpi@ miod@
|
|
to the carp interface would end up enqueued without being decapsulated.
Found the hard way by shten@
|
|
No objection from reyk@, OK markus, hshoexer
|
|
returned by IPsec-enabled NICs; OK markus, hshoexer
|
|
|
|
|
|
ok mikeb
|
|
are converted to if_input().
ok dlg@, claudio@
|
|
interface instead of rewritting most of them.
This change is also needed for upcoming if_input() conversion.
As a bonus pseudo-driver attached on top of carp are now detached in
the right order.
ok claudio@, henning@
|
|
|
|
This code is largely unfinished and is not used for anything. The change
leaves identities as only objects referenced by ipsec_ref structure and
their handling requires some changes to support more advanced matching of
IPsec connections.
No objections from reyk and hshoexer, with and OK markus.
|
|
OK markus, hshoexer
|
|
OK markus, hshoexer
|
|
|
|
|
|
with niqueues.
this change is so big because there's a lot of code that takes
pointers to different input queues (eg, ether_input picks between
ipv4, ipv6, pppoe, arp, and mpls input queues) and falls through
to code to enqueue packets against the pointer. if i changed only
one of the input queues id have to add sepearate code paths, one
for ifqueues and one for niqueues in each of these places
by flipping all these input queues at once i can keep the currently
common code common.
testing by mpi@ sthen@ and rafael zalamena
ok mpi@ sthen@ claudio@ henning@
|
|
tested by (including some statistical measurement) and ok mikeb@
|
|
might be overwritten by pseudo-drivers.
ok dlg@, henning@
|
|
ok markus, hshoexer
|
|
resolution is completed to ml_init(9) API.
Tested by kspillner@, inputs & ok dlg@
|
|
skipping the wccp 2 header. Tested with Cisco ASA.
"looks correct" claudio
ok yasuoka
|
|
the Ethernet frame. Prevent an overflow reported by Henk Jan Agteresch
on bugs@.
|
|
have any direct symbols used. Tested for indirect use by compiling
amd64/i386/sparc64 kernels.
ok tedu@ deraadt@
|
|
is to clear the damn embedded scope.
At this point the receiving interface should not matter and will in the
future be cleared to prevent such layer violations.
This prevent exporting addresses with embedded scope to userland.
Found the hardway by and ok florian@
|
|
configured IP address when sending AD.
Previously ip_output() was doing this magic for us and ip6_output() was
failing, making it impossible to send AD if the parent did not have an
IPv6 address.
Fix a regression found the hardway by benno@ introduced by the move to
NOINET6 by default.
ok benno@, phessler@
|
|
of memory.
The key (destination) is only set once, when the route is inserted in
the routing table, and does not need to change afterward. The gateway
might change and rt_setgate() will do all the checks for you.
ok claudio@
|
|
reroll the loop to free its Ethernet multicast addresses when destroying
an interface.
Prevent a panic found the hard way by phessler@
ok henning@, pelikan@, phessler@
|
|
Requested by reyk@, dlg@ and OK mpi@, henning@
|
|
way garbage in the pad bytes does not perturb the outcome.
This fixes regress/sys/kern/bind.
OK mpi@, phessler@, reyk@
|
|
virtual interface table (vif). Will be used by netstat soon.
Looked over by guenther@
|
|
listen queue (backlog) limit or the memory shortage in syn-cache.
ok henning reyk claudio
|
|
to current code is that you can no longer call this with a NULL oldlenp
which does not make any sense. OK phessler, henning
Behaviour change pointed out by miod@
|
|
|
|
ok tedu@ claudio@
|
|
ARP information is of a different kind.
ok sthen@, claudio@
|
|
This unify some code and notify userland for free.
blambert@ agrees, ok bluhm@
|
|
email.
|
|
get userland notification for free.
ok blambert@, bluhm@
|
|
Instead check the error code returned by this function and let the
caller free the route entry when appropriate.
ok bluhm@
|
|
before <net/pfvar.h> or <net/if_pflog.h>. The kernel files can be
cleaned up next. Some sockaddr_union steps make it into here as well.
ok naddy
|
|
practice, be pragmatic and #include <sys/timeout.h> for
struct tcpb (glorious namespace violation)
ok kettenis millert sthen
|
|
The half-backed logic to find a parent interface before configuring an
address on a carp(4) interface is responsible for too many layers of
complexity resulting in various breakages everytime something change in
the stack.
So make carp(4) a bit less special. It now requires a parent interface
like all the other pseudo-devices.
ok mikeb@, dlg@, florian@, henning@
|
|
|
|
under _KERNEL, and adjust the one consumer (netstat) so that it requests
the exposure. Will take a few more rounds to get this right.
ok mikeb
|
|
changed or if we asked for it.
Should reduce the RTM_RESOLVE storm seeing by claudio@
With inputs from and ok mikeb@
|
|
ok claudio@, mikeb@, bluhm@
|
|
for the validity of a given outgoing route entry into a single function.
This change is inspired from FreeBSD r111767. The function introduced
here, rt_checkgate(), should hopefully die in a near future. Why should
it die? Well, it is way too late to do such validity checks: if your
kernel can ends up in ether_output() with an invalid route, please do
not let it try to find a new one that might do the job.
Go read this function if you're wondering why you're getting messages
like:
"arpresolve: X.X.X.X: route without link local address"
Since this horrible logic has survived 20 years of copy & past and small
modifications for workarounds without a single clear commit message, let's
assume it is full of dragons and try to play safe. This factorization is
not intended to change any behavior.
With much inputs from bluhm@, tested by weerd@ and florian@ on setups
with p2p IPv6 interfaces.
ok bluhm@, benno@, florian@
|
|
carp(4) has a hack to update its Ethernet address which was also
generating the corresponding IPv6 link-local address. Since the
removal of the NOINET6 flag, this link-local address was generated
even if no IPv6 address has been configured on the interface.
This unbreak carp setup without v6 addresses, found the hard way by
sebastia@.
ok sebastia@, benno@, stsp@, @phessler
|
