| Age | Commit message (Collapse) | Author |
|---|
|
the relevant counters.
Ok mikeb@
|
|
This is another little step towards deprecating 'struct route{,_in6}'.
ok florian@
|
|
This means that no protection is needed to guarantee that the next hop
route wont be modified by CPU1 while CPU0 is dereferencing it in a L2
resolution functions.
While here also fix an ``ifa'' leak resulting in RTF_GATEWAY being always
invalid.
dlg@ likes it, inputs and ok bluhm@
|
|
This could result in a use after free if the route entry was holding
the last reference of the address descriptor.
ok jca@, bluhm@, claudio@
|
|
m_copym2 is fine duplicating an arbitrary chain of mbufs, while
m_dup_pkt wants to dup a packet with proper headers in the first
mbuf. ipsec copied the tail of an mbuf if any of the clusters are
shared or readonly, and swapped that tail with the result of m_copym2.
m_dup_pkt panics cos of that.
this makes ipsec duplicate the whole packet if any of the chain is
readonly.
found by naddy@ and mlarkin@
this fix is from visa@ who told me to commit it cos he's afk (sleeping)
tested by naddy@
|
|
IP_SENDSRCADDR == IP_RECVDSTADDR.
OK sthen@ jca@ bluhm@
|
|
ok mpi@ visa@
|
|
|
|
diff from jsg@
ok deraadt@, benno@
|
|
Reported by Heiko on bugs@.
ok stsp@, claudio@
|
|
route because of PMTU.
otto@ reported the issue and helped me tracking it down during more
than one month, he is the man!
mikeb@ figured out the bug was in the forwarding path.
ok mikeb@, deraadt@, claudio@
|
|
relevant counters with netstat -s -p tcp.
OK henning@
|
|
convert in_selectsrc() prototype to match.
Ok bluhm@ mpi@.
|
|
swapping between two syn caches for random reseeding anyway, this
feature can be added easily. When the cache is empty, there is an
opportunity to change the hash size. This allows an admin under
SYN flood attack to defend his machine.
Suggested by claudio@; OK jung@ claudio@ jmc@
|
|
OK claudio@ henning@
|
|
from leaking the multicast address.
beck@ found the hard way that this made his second CARP master use a
wrong MAC address.
This is part of a bigger diff from Florian Riehm who is currently
working on a proper solution to fix balancing modes.
ok beck@, bluhm@
|
|
This should theoretically be a no-op because we're freeing the PCB
right after, but it helps us debug a reference count problem found
by otto@.
ok mikeb@
|
|
OK mpi@ sashan@
|
|
removed from the table.
Currently the storage for L2 addresses is freed when an entry is
removed from the table. That means that we cannot access this
chunk of memory between RTM_DELETE and rtfree(9).
Note that this doesn't apply to MPLS because the associated storage
is currently released by the last rtfree(9).
ok mikeb@
|
|
triggered by updating a cached, but removed from the table, entry is
properly fixed.
Diff from dlg@, prodding deraadt@
|
|
instead of abusing RTF_CLONING.
Fix a leak reporeted by Aaron Riekenberg on misc@, ok sthen@
|
|
From Simon Mages, ok beck@, claudio@, bluhm@
|
|
Being able to add route entries without configured addresses is a nice
feature but this is not my fight. So I'd rather no add another pointer
to ``struct rtentry'' if I'm not removing another one.
|
|
addresses set on p2p interfaces.
Found the hardway by naddy@
|
|
This is consistent with the IPV6_UNICAST_HOPS behavior, and is the only
way to allow applications to completely control the TTL of outgoing
packets (else an application could temporariy send packets with the
default TTL, until it sets again IP_TTL ; this is harmful eg for GTSM).
ok bluhm@
|
|
IP_TTL can be reset by passing -1, IP_MINTTL can be reset by passing 0.
This is consistent with what Linux does and
IPV6_UNICAST_HOPS/IPV6_MINHOPCOUNT.
ok bluhm@
|
|
corresponding to a route.
ok florian@ on a previous version, input and ok bluhm@
|
|
entries) and net.inet.ip.arpdown (expire timer for unresolved entries)
ok mpi@
|
|
Requested by renato@, ok blumh@
|
|
|
|
Useful to implement GTSM support in daemons such as bgpd(8). Diff from
2013 revived by renato@. Input from bluhm@, ok bluhm@ deraadt@
|
|
its value for the SYN+ACK packet. This makes the IPV6_UNICAST_HOPS
socket option usable for incoming TCP connections.
tested by renato@; OK jca@
|
|
was overly complicated. Simplify the code without functional change.
OK jca@
|
|
instead of EHOSTUNREACH. On the latter, ip_forward can generate undesired
icmp errors - either pf generates those itself (block return), or there
shouldn't be any.
Bizarrely enough, ip_forward has EACCES handling with a comment specifically
pointing to packets blocked by pf, but the code in ip_output used EHOSTUNREACH
from day #1 on.
found & analyzed by Kristof Provost <kp at FreeBSD>, discussed at BSDcan
ok mpi millert
|
|
cannot be bound to by non-root users.
Ok millert@ bluhm@
|
|
The umb(4) driver provides support for USB MBIM devices.
Those devices establish connections via celluar networks such as
GPRS, UMTS, and LTE.
ok mpi@ sthen@
additional feedback from deraadt@ jmc@ stsp@ kettenis@
|
|
|
|
IP_SENDSRCADDR introduction easier.
Ok jca@
|
|
memory.
This will allow to unlink 'sruct rtentry' and 'struct ifaddr' to be able
to add route entries without needing an address.
ok sthen@, visa@, florian@
|
|
After writing data into this loop, it was spinning forever causing
a kernel hang. Detect the loop by counting how often the same mbuf
is spliced. If that happens 128 times, assume that there is a loop
and abort the splicing with ELOOP.
Bug found by tedu@; OK tedu@ millert@ benno@
|
|
in{,6}_ioctl() that do not deal with sockets.
This will allow to automagically configure interface addresses in
the kernel without too many layer violations.
Required by upcoming umb(4).
|
|
to ifconfig.
"llprio" allows one to set the priority of packets that do not go through
pf(4), as the case is for arp(4) or bpf(4).
ok sthen@ mikeb@
|
|
|
|
ok florian@, dlg@
|
|
It was only checked in balancing mode, which is currently broken, and is
no longer needed.
Discusssed with bluhm@ and Florian Riehm.
|
|
time_second is unix time so it can be affected by clock changes.
time_uptime is monotonic so it isnt affected by clock changes. that
in turn means route expiries wont jump with clock changes if set
against time_uptime.
the expiry is translated into unix time for export to userland though.
ok mpi@
|
|
Callers MUST do a route lookup before sending a packet.
Tested by Hrvoje Popovski, ok visa@, bluhm@
|
|
packet.
ok visa@, stsp@, sthen@
|
|
the packet has been feed to the pseudo-interfaces input handlers.
To fix that without introducing a layer violation we should be able to
disable HW-vlan on parent when in use with different pseudo-interfaces.
In the case of bridge(4) for example it makes no sense to let the interface
remove the VLAN header if the kernel has to add it back for every packet.
Fix issues reported by sebastia@ and markus@
From dlg@, ok claudio@
|
|
one.
|
