| Age | Commit message (Collapse) | Author |
|---|
|
diff from jsg@
ok deraadt@, benno@
|
|
Reported by Heiko on bugs@.
ok stsp@, claudio@
|
|
route because of PMTU.
otto@ reported the issue and helped me tracking it down during more
than one month, he is the man!
mikeb@ figured out the bug was in the forwarding path.
ok mikeb@, deraadt@, claudio@
|
|
relevant counters with netstat -s -p tcp.
OK henning@
|
|
convert in_selectsrc() prototype to match.
Ok bluhm@ mpi@.
|
|
swapping between two syn caches for random reseeding anyway, this
feature can be added easily. When the cache is empty, there is an
opportunity to change the hash size. This allows an admin under
SYN flood attack to defend his machine.
Suggested by claudio@; OK jung@ claudio@ jmc@
|
|
OK claudio@ henning@
|
|
from leaking the multicast address.
beck@ found the hard way that this made his second CARP master use a
wrong MAC address.
This is part of a bigger diff from Florian Riehm who is currently
working on a proper solution to fix balancing modes.
ok beck@, bluhm@
|
|
This should theoretically be a no-op because we're freeing the PCB
right after, but it helps us debug a reference count problem found
by otto@.
ok mikeb@
|
|
OK mpi@ sashan@
|
|
removed from the table.
Currently the storage for L2 addresses is freed when an entry is
removed from the table. That means that we cannot access this
chunk of memory between RTM_DELETE and rtfree(9).
Note that this doesn't apply to MPLS because the associated storage
is currently released by the last rtfree(9).
ok mikeb@
|
|
triggered by updating a cached, but removed from the table, entry is
properly fixed.
Diff from dlg@, prodding deraadt@
|
|
instead of abusing RTF_CLONING.
Fix a leak reporeted by Aaron Riekenberg on misc@, ok sthen@
|
|
From Simon Mages, ok beck@, claudio@, bluhm@
|
|
Being able to add route entries without configured addresses is a nice
feature but this is not my fight. So I'd rather no add another pointer
to ``struct rtentry'' if I'm not removing another one.
|
|
addresses set on p2p interfaces.
Found the hardway by naddy@
|
|
This is consistent with the IPV6_UNICAST_HOPS behavior, and is the only
way to allow applications to completely control the TTL of outgoing
packets (else an application could temporariy send packets with the
default TTL, until it sets again IP_TTL ; this is harmful eg for GTSM).
ok bluhm@
|
|
IP_TTL can be reset by passing -1, IP_MINTTL can be reset by passing 0.
This is consistent with what Linux does and
IPV6_UNICAST_HOPS/IPV6_MINHOPCOUNT.
ok bluhm@
|
|
corresponding to a route.
ok florian@ on a previous version, input and ok bluhm@
|
|
entries) and net.inet.ip.arpdown (expire timer for unresolved entries)
ok mpi@
|
|
Requested by renato@, ok blumh@
|
|
|
|
Useful to implement GTSM support in daemons such as bgpd(8). Diff from
2013 revived by renato@. Input from bluhm@, ok bluhm@ deraadt@
|
|
its value for the SYN+ACK packet. This makes the IPV6_UNICAST_HOPS
socket option usable for incoming TCP connections.
tested by renato@; OK jca@
|
|
was overly complicated. Simplify the code without functional change.
OK jca@
|
|
instead of EHOSTUNREACH. On the latter, ip_forward can generate undesired
icmp errors - either pf generates those itself (block return), or there
shouldn't be any.
Bizarrely enough, ip_forward has EACCES handling with a comment specifically
pointing to packets blocked by pf, but the code in ip_output used EHOSTUNREACH
from day #1 on.
found & analyzed by Kristof Provost <kp at FreeBSD>, discussed at BSDcan
ok mpi millert
|
|
cannot be bound to by non-root users.
Ok millert@ bluhm@
|
|
The umb(4) driver provides support for USB MBIM devices.
Those devices establish connections via celluar networks such as
GPRS, UMTS, and LTE.
ok mpi@ sthen@
additional feedback from deraadt@ jmc@ stsp@ kettenis@
|
|
|
|
IP_SENDSRCADDR introduction easier.
Ok jca@
|
|
memory.
This will allow to unlink 'sruct rtentry' and 'struct ifaddr' to be able
to add route entries without needing an address.
ok sthen@, visa@, florian@
|
|
After writing data into this loop, it was spinning forever causing
a kernel hang. Detect the loop by counting how often the same mbuf
is spliced. If that happens 128 times, assume that there is a loop
and abort the splicing with ELOOP.
Bug found by tedu@; OK tedu@ millert@ benno@
|
|
in{,6}_ioctl() that do not deal with sockets.
This will allow to automagically configure interface addresses in
the kernel without too many layer violations.
Required by upcoming umb(4).
|
|
to ifconfig.
"llprio" allows one to set the priority of packets that do not go through
pf(4), as the case is for arp(4) or bpf(4).
ok sthen@ mikeb@
|
|
|
|
ok florian@, dlg@
|
|
It was only checked in balancing mode, which is currently broken, and is
no longer needed.
Discusssed with bluhm@ and Florian Riehm.
|
|
time_second is unix time so it can be affected by clock changes.
time_uptime is monotonic so it isnt affected by clock changes. that
in turn means route expiries wont jump with clock changes if set
against time_uptime.
the expiry is translated into unix time for export to userland though.
ok mpi@
|
|
Callers MUST do a route lookup before sending a packet.
Tested by Hrvoje Popovski, ok visa@, bluhm@
|
|
packet.
ok visa@, stsp@, sthen@
|
|
the packet has been feed to the pseudo-interfaces input handlers.
To fix that without introducing a layer violation we should be able to
disable HW-vlan on parent when in use with different pseudo-interfaces.
In the case of bridge(4) for example it makes no sense to let the interface
remove the VLAN header if the kernel has to add it back for every packet.
Fix issues reported by sebastia@ and markus@
From dlg@, ok claudio@
|
|
one.
|
|
|
|
routines are call directly by ether_input().
ok visa@, dlg@
|
|
ok visa@
|
|
the srp_ref struct is used to track the location of the callers
hazard pointer so later calls to srp_follow and srp_enter already
know what to clear. this in turn means most of the caveats around
using srps go away. specifically, you can now:
- switch cpus while holding an srp ref
- ie, you can sleep while holding an srp ref
- you can take and release srp refs in any order
the original intent was to simplify use of the api when dealing
with complicated data structures. the caller now no longer has to
track the location of the srp a value was fetched from, the srp_ref
effectively does that for you.
srp lists have been refactored to use srp_refs instead of srpl_iter
structs.
this is in preparation of using srps inside the ART code. ART is a
complicated data structure, and lookups require overlapping holds
of srp references.
ok mpi@ jmatthew@
|
|
are now using the returned route for forwarding as well.
This restore the behavior of r1.274 when using mpath entries for
forwarding.
ok visa@, henning@
|
|
Ok phessler@, henning@
|
|
possible.
This reduce the number of lookups to 1 for non-multicast traffic when PF
is disable.
Tested by Hrvoje Popovski who confirmed that benchmark numbers are now as
good as with a single cache entry.
ok visa@, bluhm@
|
|
is not intended and will behave unexpectedly if the address is
already used in another domain. It did not work anyway, as the PCB
ended in the wrong hash bucket after changing the rtable. Fail
with EBUSY if the socket is already bound and rehash the PCB if its
rtable changes.
input claudio@; OK mpi@
|
