| Age | Commit message (Collapse) | Author |
|---|
|
|
|
you don't have a physical interface on your machine, so why rawip should
be more clever^Wparanoid than the others?
ok henning@, mikeb@
|
|
kill the macro.
ok mikeb@, henning@
|
|
OK henning@
|
|
of doing a lookup on all the addresses of the outgoing interface.
ok henning@
|
|
raise it inside their ioctl handler (except for carp(4), what else?).
In general, global structures manipulated in the softnet codepath only
require a splsoftnet() protection when they are modified in process
(ioctl) context.
Also put some IPL_SOFNET asserts in functions accessing global structures.
Previous version diff ok mikeb@, with inputs from and ok bluhm@
|
|
loopback interfaces because we no longer add it.
ok claudio@
|
|
to use the routing table.
Do not create a host route for loopback addresses apart from the local
ones otherwise these addresses are not considered as part of the machine.
Reported by deraadt@ and Heiko Zimmermann on bugs@.
|
|
fixes the kernel build when PIM is defined
|
|
...but the routing table!
Note that this lookup is redundant with the one done in in_ouraddr()
and we should be able to save this information instead of redoing a
lookup if we need to send an error message.
ok kspillner@, bluhm@, claudio@
|
|
in_ouraddr().
The lookup done in the forwarding case will hopefully be merged with
this one in the future.
ok kspillner@, bluhm@, claudio@
|
|
This workaround was needed when the interface link-local address was
still enabled by default to prevent immediate state transition on
interfaces without any configured addresses. This is not needed
anymore and removing the limitation allows to use carp(4) with
addresses like fe80::2%carp0.
discussed with some
ok mpi@ pelikan@
|
|
rely on "struct route" that should die.
ok claudio@
|
|
ok mpi@ kspillner@
|
|
ok miod@ mpi@
|
|
broadcast address is non null, add a broadcast entry flagged with
RTF_BROADCAST.
Re-use the existing logic to switch a route to prefix from an ifa
to another to also move this broadcast entry.
Prior to this change broadcast entries were simple clonned ARP entries,
that would be deleted once their timer expired since they would always
be incomplete.
With this change they are now persistant and identifiable with a new flag
This version of the diff prevent a corruption reported by millert@
ok mikeb@, florian@
|
|
use them for address lookups.
While here do let in_arpinput() overwrite local or broadcast entries.
ok mikeb@, florian@
|
|
with autoconf enabled.
If one is doing SLAAC one does already trust link local icmp6 so the
policy for icmp6 redirects should be the same.
pointed out by & OK bluhm@; OK henning@
|
|
the tree. Found by millert@.
|
|
need it.
OK mpi@
|
|
also adds a broadcast entry flagged with RTF_BROADCAST.
Prior to this change broadcast entries were simple clonned ARP entries,
that would be deleted once their timer expired since they would always
be incomplete.
With this change they are now persistant and identifiable with a new flag.
Committing early to be able to deal with any potential fallout before we
start relying on this.
ok florian@, mikeb@, henning@
|
|
|
|
code that comes with them.
ok mikeb@, henning@
|
|
adding local route entries.
This hack made sense when we didn't have the RTF_LOCAL flag, but since
some months it is set on every local route.
|
|
ok henning@, dlg@
|
|
28 but an ICMP packet can be as small as 8 bytes (e.g. an ICMP echo
request packet with no payload), so check against ICMP_MINLEN instead.
Prior to this fix, divert(4) would erroneously discard valid ICMP
packets that are shorter than 20 bytes.
ICMPv6 is not affected, so this change applies to ICMP over IPv4 only.
ok florian@ henning@
|
|
No object file change
ok florian@ henning@
|
|
|
|
This completes the transition. A cvs log and diff will tell the story
of why we went through this.
with david.dahlberg@fkie.fraunhofer.de and claudio
|
|
ok deraadt@, naddy@
|
|
when the number of the hash entries reaches 75% of the table size.
ok dlg henning, 'commit in' claudio
|
|
in the pkthdr directly.
ok henning@
|
|
now, so there is no need to calculate them before sending them to
userspace.
ok henning@
|
|
after discussions with beck deraadt kettenis.
|
|
* you can #include <sys/endian.h> instead of <machine/endian.h>,
and ditto <endian.h> (fixes code that pulls in <sys/endian.h> first)
* those will always export the symbols that POSIX specified for
<endian.h>, including the new {be,le}{16,32,64}toh() set. c.f.
http://austingroupbugs.net/view.php?id=162
if __BSD_VISIBLE then you also get the symbols that our <machine/endian.h>
currently exports (ntohs, NTOHS, dlg's bemtoh*, etc)
* when doing POSIX compiles (not __BSD_VISIBLE), then <netinet/in.h> and
<arpa/inet.h> will *stop* exporting the extra symbols like BYTE_ORDER
and betoh*
ok deraadt@
|
|
machine and restore the original behavior of RTM_ADD and RTM_DELETE
by always generating one message per locally configured address.
This time, make sure the local route is removed during an address change,
since at least pppoe(4) do some funky magics with wildcard addresses that
might corrupt the routing tree, as found by naddy@
Also do not add a local route if the specified address is 0.0.0.0, to
prevent a tree corruption, as found by guenther@.
Putting this in now so that it gets tested, claudio@ agrees. Please
contact me if you find any route-related regression caused by this
change.
|
|
and let the stack take care of the checksums for reinjected outbound
packets.
Reinjected inbound packets will continue to have their checksums
calculated manually but we can now take advantage of in_proto_cksum_out
and in6_proto_cksum_out to streamline the way their checksums are done.
help from florian@ and henning@, feedback from naddy@
ok florian@ henning@
|
|
require the caller to do so. lteo needs that for divert soon, and is in line
with tcp/udp and the general approach that the rest of the stack should not
need to do anything regarding the cksums but setting the "needs it" flag.
ok lteo
|
|
state to the socket pcb. Add an additional assert to narrow down
the panics.
OK henning@
|
|
ok henning@ stu@, Yay! weerd@
|
|
unnecessarily allocating an mbuf tag to store the divert port, just pass
the divert port directly to divert_packet() or divert6_packet() as an
argument.
includes a style fix pointed out by bluhm@
ok bluhm@ henning@ reyk@
|
|
the various bpf_mtap_* are very similiar, they differ in what (and to some
extent how) they prepend something, and what copy function they pass to
bpf_catchpacket.
use an internal _bpf_mtap as "backend" for bpf_mtap and friends.
extend bpf_mtap_hdr so that it covers all common cases:
if dlen is 0, nothing gets prepended.
copy function can be given, if NULL the default bpf_mcopy is used.
adjust the existing bpf_mtap_hdr users to pass a NULL ptr for the copy fn.
re-implement bpf_mtap_af as simple wrapper for bpf_mtap_hdr.
re-implement bpf_mtap_ether using bpf_map_hdr
re-implement bpf_mtap_pflog as trivial bpf_mtap_hdr wrapper
ok bluhm benno
|
|
don't need to be married.
ok guenther miod beck jsing kettenis
|
|
mean?
ok deraadt@
|
|
an interface. Two other operations are performed when issuing a
SIOCDIFADDR{_IN6,} ioctl: call the address hook and the per-driver
ioctl function.
Since carp(4) relies on an address hook to recalculate its hash, make
sure to call this hook when IFXF_NOINET6 is set or when the rdomain is
changed.
ok henning@, mikeb@
|
|
|
|
Pointed out by Ivan Solonin.
ok henning mpi jca
|
|
it introduces a regression with default routes & p2p interfaces.
Problem reported by naddy@
|
|
machine and restore the original behavior of RTM_ADD and RTM_DELETE
by always generating one message per locally configured address.
Tested by krw@, jca@ and florian@
|
|
system.
Yes, this is ugly for the moment because OpenBSD prevents you from
binding a tcp socket to broadcast address and checking for a broadcast
address is... funny! If you've ever wondered why would lead people to
write:
ina.s_addr != ia->ia_addr.sin_addr.s_addr
instead of:
ina.s_addr == ia->ia_broadaddr.sin_addr.s_addr
Well this is because all the IPv4 addresses belonging to your lo(4)
interfaces match the second idiom. Hopefully we'll get rid of this
hack soon.
ok jca@, mikeb@
|
