| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
a set of incrementing integers (and not an arbitrary set of values) it
is possible to populate the array as we shuffle it in a single forward
pass. Clever optimisation from didickman AT gmail.com;
ok deraadt@ mcbride@
|
|
|
|
in the range 0 <= x < upper_bound
Please use this new API instead of "arc4random() % upper_bound", as it
avoids the "modulo bias" that favours small results when upper_bound is
not a power of two.
feedback deraadt@ mcbride@; ok deraadt@
|
|
shuffle. Upon allocation, swap-permute the new value to a random slot in
the 0..32K-1 th entry of the buffer as we move forward, ensuring randomness
but also satisfying the non-repeating property we need. Also avoid the value
of 0, since IP ID's of 0 are special. Inspired by Dillon's implementation.
We believe this is easier to read though, initializes with less bias, handles
the ID of 0 properly, and wins speed tests.
Thanks a lot to mcbride and djm for doing a bunch of statistical and speed
analysis, and comments from nordin
ok mcbride djm
|
|
OK mcbride@, mickey@
|
|
|
|
relying on the mbuf chain layout; with claudio@ and krw@; ok henning@
|
|
from the first ACK packet. Otherwise the server would use the
unscaled window size for the fist data it is sending.
ok markus@ dhartmei@
|
|
Instead of using the same IP on multiple interfaces, carp has to be
configured with the new "carpnodes" and "balancing" options.
# ifconfig carp0 carpnodes 1:0,2:100,3:100 balancing ip carpdev sis0 192.168.5.50
Please note, that this is a flag day for anyone using carp balancing.
You'll need to adjust your configuration accordingly.
Addititionally this diff adds IPv6 NDP balancing support.
Tested and OK mcbride@, reyk@.
Manpage help by jmc@.
|
|
ok claudio@ krw@ dlg@
|
|
directly instead of takeing the detour via rtrequest().
OK henning@ markus@
|
|
provide netstat(1) with data it needs; ok claudio reyk
|
|
OK deraadt@
|
|
change netstat to use them instead of accessing kvm for it. more
protocols will be added later.
discussed with deraadt@ claudio@ gilles@
ok deraadt@
|
|
ok millert
|
|
sys/dev/pci/pciide.c from naddy@
|
|
IPv4 interface address similar to arp_ifinit(). The main difference is
that we do not send out a gracious arp as the carp(4) is not ready to send
at that moment. This will make backup interface show up like the master ones.
OK mpf@ earlier version OK henning@ mcbride@
|
|
ok mpf@ henning@
|
|
sys/netinet/in_pcb.c and sys/net/bridgestp.c ok henning@
sys/dev/pci/bktr/* ok jakemsr@
|
|
|
|
so the resulting messages have ifindex set and the routing daemons can
correctly indentify that route as connected. ok mcbride
|
|
that is kept in a list per carp interface. This is the huge first
step necessary to make carp load balancing nice and easy. One carp
interface can now contain up to 32 virtual host instances.
This doesn't do anything useful yet, but here is how an ifconfig
for multiple entries now looks like:
# ifconfig carp2 carpnodes 5:0,6:100 192.168.5.88
carp2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5e:00:01:05
carp: carpdev sis0 advbase 1
state MASTER vhid 5 advskew 0
state BACKUP vhid 6 advskew 100
groups: carp
inet 192.168.5.88 netmask 0xffffff00 broadcast 192.168.5.255
OK mcbride@
|
|
OK hshoexer@
|
|
connect() which has completed and failed.. if connect() is called
again.. return the so_error instead of EINVAL; from Alexey Vatchenko
matches what other systems do now
ok millert henning
|
|
ok deraadt@ dlg@ henric@ mcbride@
|
|
and can happen on slow mp systems under a lot of network load; ok kettenis@
|
|
ok krw@
|
|
It is unlikely we will ever get a working replay protection,
so better keep it simple and robust.
The cookie allows us to detect our own advertisements,
thus it is now easy to deal with network loops and
non-simplex interfaces.
Zero feedback by the people who wanted this fixed.
OK henning@, markus@
|
|
ok gilles@
|
|
As with many of the last commits, looked at by chl@ in an earlier
version.
|
|
'Fixes' two cases where the zeroing did not cover all the memory
allocated.
As with many of the last commits, looked at by chl@ in an earlier
version.
|
|
|
|
In ip_esp.c all allocated memory is now zero'd in the
"malloc(sizeof(*tc) + alen ..." case. The +alen memory was not
initialized by the bzero() call. Noticed by chl@.
"Looks good" art@ "seems ok" chl@
|
|
where obvious.
|
|
The multicast code is still a mess but will no longer crash the box.
With input from pascoe@ who hit the same bug.
OK markus@, henning@, mpf@ (on a previous version)
|
|
"looks ok" markus@
|
|
one entry for each multicast group and interface combination). this allows
you to run OSPF with more than 10 interfaces.
adapted from freebsd; ok claudio, henning, mpf
|
|
quite a while ago. Manpage and comment update by Matthew Dempsky.
OK jmc@
|
|
panics in ip_freemoptions(); ok claudio, henning, mpf
|
|
and is actually wrong in some cases, since we can enter
functions without taking the lock because the return value
of ipq_lock() isn't checked properly.
However, this needs to be revisited when we start calling
ip_drain() from the pool code when we are running out of
memory, but this isn't done currently.
OK art@, henning@
|
|
any carp group to master status.
ok dhartmei@
|
|
MGET* macros were changed to function calls, there wasn't any
need for the pool declarations and the inclusion of pool.h
From: tbert <bret.lambert@gmail.com>
|
|
because interfaces may disappear without notice causing use after free bugs.
Instead use the inm_ia->ia_ifp as a hint, struct in_ifaddr correctly tracks
removals of interfaces and invalidates ia_ifp in such cases.
looks good henning@ markus@
|
|
before it is removed from the multicast group in_delmulti() will try to
access the no longer available ifp.
We invalidate the ifa_ifp back pointer in the ifa in if_detach() now and use
the ifa_ifp in in_delmulti() instead of the internal inm_ifp. By doing it
this way we know if the interface was removed.
This fixes a kernel panic triggered by ospfd and gif(4) tunnels.
looks good henning@ reyk@
|
|
|
|
destination of the route belonging to the carp interface.
ok mpf@ claudio@
|
|
code and replace both with a RFC1948 based method, so TCP clients
now have monotonic ISN/timestamps. The server side uses completely
random ISN/timestamps and does time-wait recycling (on port reuse).
ok djm@, mcbride@; thanks to lots of testers
|
|
interface (ip-less parent).
tested by claudio and me
ok claudio@
|
