| Age | Commit message (Collapse) | Author |
|---|
|
of your system, put it on a diet and kill the superfluous logic.
ok mikeb@
|
|
any good to our network stack.
The most visible effect is the maze of #ifdef's and casts. But the
real problem is the very fragile way of checking if a (cached) route
entry is still valid or not. What should we do if the route jumped
to another ifaddr or if its gateway has been changed?
This change start the dance of "struct route" & friends removal by
sending the completly useless "struct route_enc" to the bucket.
Tweak & ok claudio@
|
|
|
|
error code on failure (unchecked for the moment).
ok mikeb@, jmc@
|
|
|
|
ok deraadt@ tedu@
|
|
for a multicast/broadcast destination address.
These checks have already been done in the Ethernet and IP layers and
the mbuf(9) should contain all the required information at this point.
But since we cannot trust this spaghetti stack, be paranoid and make
sure to set the flags in the IP input routines.
Use explicit comments, requested by deraadt@. ok claudio@
|
|
|
|
to p2p interfaces always mark them as Multipath. This way we can have
multiple routes to the same destination as long as the local address is
different.
ok mikeb@
|
|
to include that than rdnvar.h. ok deraadt dlg
|
|
|
|
attacks.
this is a textbook use of siphash.
the idea of using siphash for this came from yasuoka-san, but i had
the time to do it. he also tested and tweaked this diff.
ok yasuoka@ mikeb@
|
|
pf the state has to vanish immediately when the relay closes the
socket. To make this work reliably, the linkage between state and
socket must be established with the first packet. This packet could
be incomming or outgoing.
Link the pf state in the socket layer earlier. This makes all tests
in /usr/src/regress/sys/net/pf_divert pass.
OK henning@
|
|
ok dlg@
|
|
ok tedu@ claudio@
|
|
It is of course not to make your life more complicated when you are
dealing with ifa_ifwithaddr()! It was to reuse the point-to-point
code to add a route to 127.0.0.1. But now we have local routes and
we don't need this hack anymore :)
ok mikeb@ as part of a larger diff.
|
|
Note that ifa_ifwithaddr() might return a broadcast address, so if you
don't want one make sure to filter them out.
ok mikeb@
|
|
ok dlg@, uebayasi@, mikeb@
|
|
calls. Also, when adjusting demote counts, don't call carp_send_ad_all()
for every ifgroup with a demote count of 1 but rather call it only once
after adjusting the demote counts of all ifgroups.
ok bluhm@ mpf@
|
|
functionnality instead of a mix of enable/disable.
ok bluhm@, jca@
|
|
INADDR_BROADCAST the same as INADDR_ANY.
ok mpi
|
|
From Florian Riehm
|
|
|
|
you don't have a physical interface on your machine, so why rawip should
be more clever^Wparanoid than the others?
ok henning@, mikeb@
|
|
kill the macro.
ok mikeb@, henning@
|
|
OK henning@
|
|
of doing a lookup on all the addresses of the outgoing interface.
ok henning@
|
|
raise it inside their ioctl handler (except for carp(4), what else?).
In general, global structures manipulated in the softnet codepath only
require a splsoftnet() protection when they are modified in process
(ioctl) context.
Also put some IPL_SOFNET asserts in functions accessing global structures.
Previous version diff ok mikeb@, with inputs from and ok bluhm@
|
|
loopback interfaces because we no longer add it.
ok claudio@
|
|
to use the routing table.
Do not create a host route for loopback addresses apart from the local
ones otherwise these addresses are not considered as part of the machine.
Reported by deraadt@ and Heiko Zimmermann on bugs@.
|
|
fixes the kernel build when PIM is defined
|
|
...but the routing table!
Note that this lookup is redundant with the one done in in_ouraddr()
and we should be able to save this information instead of redoing a
lookup if we need to send an error message.
ok kspillner@, bluhm@, claudio@
|
|
in_ouraddr().
The lookup done in the forwarding case will hopefully be merged with
this one in the future.
ok kspillner@, bluhm@, claudio@
|
|
This workaround was needed when the interface link-local address was
still enabled by default to prevent immediate state transition on
interfaces without any configured addresses. This is not needed
anymore and removing the limitation allows to use carp(4) with
addresses like fe80::2%carp0.
discussed with some
ok mpi@ pelikan@
|
|
rely on "struct route" that should die.
ok claudio@
|
|
ok mpi@ kspillner@
|
|
ok miod@ mpi@
|
|
broadcast address is non null, add a broadcast entry flagged with
RTF_BROADCAST.
Re-use the existing logic to switch a route to prefix from an ifa
to another to also move this broadcast entry.
Prior to this change broadcast entries were simple clonned ARP entries,
that would be deleted once their timer expired since they would always
be incomplete.
With this change they are now persistant and identifiable with a new flag
This version of the diff prevent a corruption reported by millert@
ok mikeb@, florian@
|
|
use them for address lookups.
While here do let in_arpinput() overwrite local or broadcast entries.
ok mikeb@, florian@
|
|
with autoconf enabled.
If one is doing SLAAC one does already trust link local icmp6 so the
policy for icmp6 redirects should be the same.
pointed out by & OK bluhm@; OK henning@
|
|
the tree. Found by millert@.
|
|
need it.
OK mpi@
|
|
also adds a broadcast entry flagged with RTF_BROADCAST.
Prior to this change broadcast entries were simple clonned ARP entries,
that would be deleted once their timer expired since they would always
be incomplete.
With this change they are now persistant and identifiable with a new flag.
Committing early to be able to deal with any potential fallout before we
start relying on this.
ok florian@, mikeb@, henning@
|
|
|
|
code that comes with them.
ok mikeb@, henning@
|
|
adding local route entries.
This hack made sense when we didn't have the RTF_LOCAL flag, but since
some months it is set on every local route.
|
|
ok henning@, dlg@
|
|
28 but an ICMP packet can be as small as 8 bytes (e.g. an ICMP echo
request packet with no payload), so check against ICMP_MINLEN instead.
Prior to this fix, divert(4) would erroneously discard valid ICMP
packets that are shorter than 20 bytes.
ICMPv6 is not affected, so this change applies to ICMP over IPv4 only.
ok florian@ henning@
|
|
No object file change
ok florian@ henning@
|
|
|
