Age | Commit message (Collapse) | Author |
|
ok mpi@
|
|
ok mpi@
|
|
an interface joined a specific multicast group.
ok phessler@, visa@, dlg@
|
|
we can get the same info from the arp pool:
# vmstat -m | grep -e ^arp -e ^Name
Name Size Requests Fail InUse Pgreq Pgrel Npage Hiwat Minpg Maxpg Idle
arp 56 84 0 6 1 0 1 1 0 8 0
Requests and InUse end up being the same:
# pstat -d d arp_allocated
arp_allocated at 0xffffffff81942084: 84
# pstat -d d arp_inuse
arp_inuse at 0xffffffff81942098: 6
ok bluhm@ claudio@ mpi@
|
|
when an ARP resolution has been done.
Should hopefully fix the "receive 1" panic reported by benno@ on bugs@.
ok claudio@, phessler@, benno@, bluhm@
|
|
ok mikeb@, bluhm@
|
|
Problem reported by and diff tested by Fabian Raetz, thanks!
ok benno@, bluhm@
|
|
Packets of types ARP and REVARP are now processed in the softnet task,
directly from ether_input() and without holding the KERNEL_LOCK.
Tested by many, ok dlg@
|
|
This is needed in order to fully unlock ARP processing with carp(4)
interfaces as found the hardway by sthen@.
ok sthen@, dlg@
|
|
regression observed on avahi.
ok benno@
|
|
ok mpi
|
|
DES is insecure since brute force attacks are practical due to its
short key length.
This removes support for DES-CBC encryption in ESP and in IKE main
and quick mode from the kernel, isakmpd(8), ipsecctl(8), and iked(8).
ok mikeb@
|
|
|
|
This will allows for stricter checks inside rtdeletemsg() and it should be
up to the caller to decide if the route needs to be deleted or not.
ok vgross@
|
|
ok henning
|
|
route entry in ART.
rt_plen() now represents the prefix length of a route entry and should
be used instead.
For now use a "struct sockaddr_in6" to represent the mask when needed,
this should be then replaced by the prefix length and RTA_NETMASK only
used for compatibility with userland.
ok claudio@
|
|
(follow up on my earlier commit)
OK bluhm@
|
|
this avoids current recursion to pf_test() function. the change also
switches icmp_error()/icmp6_error() to use ip_send()/ip6_send() so
they are safe for PF.
The idea comes from Markus Friedl. bluhm, mikeb and mpi helped me
a lot to get it into shape.
OK bluhm@, mpi@
|
|
fallback to a SLIST.
ok dlg@, jasper@
|
|
|
|
|
|
required.
ok bluhm@ mpi@.
|
|
pf_inp_...() lookup, link and unlink functions as an interface.
Locking can be added to them later. Remove the first linking at
the beginning of tcp_input() and udp_input() as it is not necessary.
It will be done later anyway. That code was a relict, from the
time before I had added the second linking.
Input from mikeb@ and sashan@; OK sashan@
|
|
|
|
This commit is not removing the existing EtherIP part of gif(4) and
it keeps EtherIP of gif(4) working.
ok jbg@ sthen@ mpi@ reyk@ yasuoka@
|
|
|
|
collide with the statekey to inp unlinking.
OK sashan@ mpi@
|
|
ok sthen@
|
|
required to do the if_get/if_put dance around the log() calls. These
were the last users of rt_ifp.
OK mpi@ bluhm@
|
|
arp packet was recieved on the interface we expected. This is because
multicast and broadcast packets are sometimes forwarded on multiple
local interfaces. So simplify the checks and make them more generic
at the same time (in the SIN_PROXY case). For SIN_PROXY only the
interface holding the proxy arp route will answer to the requests.
OK mpi@
|
|
|
|
be the same as ifp or something is very broken. So remove this including
one more rt_ifp. OK mpi@
|
|
are not used anymore. This has to be done before any interface
fields become invalid.
As the route delete request cannot call if_get() anymore, pass down
the interface. Split rtrequest_delete() into a separate function
that may take an existing inteface.
OK mpi@
|
|
OK mpi@, bluhm@
|
|
for failed route lookups. This is something that was maybe useful in the
90is but in this modern times it is just annoying and nothing expect it
anyway. OK mpi@, sthen@
|
|
Deleting a RTF_CLONED entry without deleting its corresponding RTF_CLONING
entry wont help as it will be cloned the next time arplookup() is executed.
ok claudio@
|
|
them and they make everything so much harder with no gain. Remove the
ifp argument from mpls_input since it is not needed. On the input side
the lookup side is modified a bit when it comes to BOS handling.
Tested in a L3VPN setup with ldpd and bgpd. Commiting now so we can move
on with cleaning up rt_ifp usage. If this breaks L2VPN I will fix it once
reported. OK mpi@
|
|
ok bluhm@
|
|
ok millert@, bluhm@
|
|
|
|
layer will be turned mpsafe. We're not there yet.
Reported by David Hill, ok florian@
|
|
This simplifies the if_get()/if_put() dance.
Tested by jasper@
|
|
|
|
As a bonus this removes a "#if NCARP > 0", say yeah!
|
|
ok sashan@
|
|
Inputs from and ok florian@, ok sthen@, visa@, sashan@
|
|
|
|
Tested by and ok sthen@,
|
|
Tested by and ok sthen@, ok visa@
|
|
ip_output().
Note that ipmforwarding is not enabled by default.
|