| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Introduce EVFILT_NETDEV to report network device changes.
|
|
|
|
|
|
| |
appear in /dev. Interface hardware ioctls (not protocol or routing) can
be performed on the descriptor. The SIOCGIFCONF ioctl may be performed
on the special /dev/network node.
|
|
|
|
| |
assist any future locking efforts.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
+ implement "limit" rules, which permit to limit the number of sessions
between certain host pairs (according to masks). These are a special
type of stateful rules, which might be of interest in some cases.
See the ipfw manpage for details.
+ merge the list pointers and ipfw rule descriptors in the kernel, so
the code is smaller, faster and more readable. This patch basically
consists in replacing "foo->rule->bar" with "rule->bar" all over
the place.
I have been willing to do this for ages!
MFC after: 1 week
|
| |
|
|
|
|
| |
Obtained from: NetBSD
|
| |
|
| |
|
|
|
|
|
|
|
| |
If the process drops its super-user privileges, we certainly don't
want to allow it to modify routing tables.
Discussed with: rwatson
|
|
|
|
|
|
| |
Yes this really is rather silly and the implementation is overkill given
that you are only allowed one of them, but NetBSD implements cloning on
this device and it's a less cluttered example of cloning then most.
|
|
|
|
| |
which can only do checksum offloading in one direction.
|
|
|
|
| |
a network device has, and which ones are enabled.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Note ALL MODULES MUST BE RECOMPILED
make the kernel aware that there are smaller units of scheduling than the
process. (but only allow one thread per process at this time).
This is functionally equivalent to teh previousl -current except
that there is a thread associated with each process.
Sorry john! (your next MFC will be a doosie!)
Reviewed by: peter@freebsd.org, dillon@freebsd.org
X-MFC after: ha ha ha ha
|
|
|
|
|
|
|
|
| |
arguments to some functions.
Obtained from: NetBSD
Reviewed by: peter
MFC after: 2 weeks
|
| |
|
|
|
|
|
|
|
| |
IPV4 code. For now they will still have some in the developing stuff (IPv6)
Submitted by: Keiichi SHIMA / <keiichi@iij.ad.jp>
Obtained from: KAME
|
| |
|
|
|
|
| |
warning and remove a previously existing off-by-one error.
|
|
|
|
|
|
|
| |
ifnet_addrs[i - 1] -> ifaddr_byindex(i)
ifindex2ifnet[i] -> ifnet_byindex(i)
This is intended to ease the conversion to SMPng.
|
|
|
|
| |
no functional change in this commit.
|
|
|
|
|
|
|
| |
interfaces must now always enable VLAN support.
Reviewed by: jlemon
MFC after: 3 weeks
|
|
|
|
|
|
| |
device.
Submitted by: Maksim Yevmenkin <myevmenk@digisle.net>
|
|
|
|
|
|
| |
to make ip use the standard protosw structure again.
Obtained from: Well, KAME I guess.
|
|
|
|
|
|
|
|
|
|
| |
Allow non-superuser to open, listen to, and send safe commands on the
routing socket. Superuser priviledge is required for all commands
but RTM_GET.
Lose `setuid root' bit of route(8).
Reviewed by: wollman, dd
|
|
|
|
|
|
| |
or IFF_BROADCAST. If it's not, the IFF_MULTICAST is removed.
This is in line with how NetBSD & OpenBSD do it.
|
|
|
|
|
| |
PR: 29967
Submitted by: Joseph Mallett <jmallett@xMach.org>
|
|
|
|
|
| |
Submitted by: BDE
MFC after: 2 weeks
|
|
|
|
|
|
| |
(lazy allocation)
MFC after: 13 days
|
|
|
|
|
|
| |
May need more review in light of SMP.
MFC after: 2 weeks
|
|
|
|
|
|
|
|
| |
into sadb_x_sa2_sequence from sadb_x_sa2_reserved3 in the sadb_x_sa2
structure. Also the output of setkey is changed. sequence number
of the sadb is replaced to the end of the output.
Obtained from: KAME
|
|
|
|
|
|
|
| |
particularly nice that IPSEC inserts a zero-length mbuf into the
chain, and that bug should be fixed too, but interfaces should be
robust to bad input.
Print the interface name when TUNDEBUG()ing about dropping an mbuf.
|
|
|
|
|
|
| |
PR: kern/29336
Submitted by: Richard Andrades <richard@xebeo.com>
MFC after: 1 month
|
|
|
|
| |
Use our bpf.h instead of tcpdump.org's to build libpcap.
|
|
|
|
|
|
|
|
| |
This is to be friendly with non-IPv6 peer (If the peer complains due to
lack of IPv6CP, drop IPv6CP). This basically implements "RXJ+" state
transition in the RFC.
Obtained from: NetBSD
|
|
|
|
| |
Submitted by: fenner
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
effect, which would cause unnecessary route deletion:
* Unfortunately, this has the obnoxious
* property of also triggering for insertion /above/ a pre-existing network
* route and clones. Sigh. This may be fixed some day.
The effect has been even worse, because recent versions of route.c set
the parent rtentry for cloned routes from an interface-direct route.
For example, suppose that we have an interface "ne0" that has an IPv4
subnet "10.0.0.0/24". Then we may have a cloned route like 10.0.0.1
on the interface, whose parent route is 10.0.0.0/24 (to the interface
ne0). Now, when we add the default route (i.e. 0.0.0.0/0),
rt_fixchange() will remove the cloned route 10.0.0.1. The (bad) effect
also prevents rt_setgate from configuring rt_gwroute, which would not
be an intended behavior.
As suggested in the comments to rt_fixchange(), we need stricter check
in the function, to prevent unintentional route deletion.
This fix also solve the "IPV6 panic?" problem in nd6_timer().
Submitted by: JINMEI Tatuya <jinmei@isl.rdc.toshiba.co.jp>
MFC after: 4 days
|
|
|
|
|
|
|
| |
vlan_unconfig()-ing an interface on which multicast groups have been
joined. Instead, keep the list of groups around (and, in fact, allow
changing of the membership list) and re-join them when the vlan interface
is reassociated with a lower level interface.
|
|
|
|
|
|
| |
a privately #defined IFT_8021_VLAN.
MFC after: 3 days
|
|
|
|
| |
Reported by: markp
|
|
|
|
|
| |
Obtained from: KAME
MFC after: 1 week
|
|
|
|
|
|
|
|
|
|
|
| |
- Remove gif dependencies from stf.
- Make gif and stf into modules
- Make gif cloneable.
PR: kern/27983
Reviewed by: ru, ume
Obtained from: NetBSD
MFC after: 1 week
|
|
|
|
|
|
| |
Reviewed by: ru, ume
Obtained from: NetBSD
MFC after: 1 week
|
|
|
|
|
|
| |
Submitted by: itojun
Obtained from: KAME
MFC after: 10 days
|
|
|
|
|
|
|
|
|
|
|
|
| |
of tunclose() rather than the end, and tunopen() grabbed that unit
before tunclose() finished (one process is allocating it while another
is freeing it!).
It may be worth hanging some sort of rw mutex around all specinfo
calls where d_close and the detach handler get a write lock and all
other functions get a read lock. This would guarantee certain levels
of ``atomicity'' (is that a word?) that people may expect (I believe
Solaris does something like this).
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
requirements(RFC1573, interface MIB). This change for 4.4BSD was
first introduced in if_ethersubr.c:1.17->1.18.
BTW, iflastchange on all of IFs are inconsistent. e.g.
ether, tun: update
fddi, tokenring, ppp: not update
I'll make patch later.
Obtained from: KAME
MFC after: 2 weeks
|
| |
|
|
|
|
| |
Apply style(9).
|
|
|
|
|
| |
PR: 25006
MFC after: 2 weeks
|