| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
to current leaves because function may vanish the current node.
If parent RTA_GENMASK route has a clone (a "cloning clone"), an
rn_walktree_from() starting from parent will cause another walk
starting from clone. If a function is either rt_fixdelete() or
rt_fixchange(), this recursive walk may vanish the leaf that is
remembered by an outer walk (the "next leaf" above), panicing a
system when it resumes with an outer walk.
The following script paniced my single-user mode booted system:
: sysctl net.inet.ip.forwarding=1
: ipfw add 1 allow ip from any to any
: ifconfig lo0 127.1
: route add -net 10 -genmask 255.255.255.0 127.1
: telnet 10.1 # rt_fixchange() panic
: telnet 10.2
: telnet 10.1
: route delete -net 10 # rt_fixdelete() panic
For the time being, avoid these races by disallowing recursive
walks in rt_fixchange() and rt_fixdelete().
Also, make a slight optimization in the rtrequest(RTM_RESOLVE)
case: there is no reason to call rt_fixchange() in this case.
PR: kern/37606
MFC after: 5 days
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
the mbuf allocator flags {M_TRYWAIT, M_DONTWAIT}.
o Fix a bpf_compat issue where malloc() was defined to just call
bpf_alloc() and pass the 'canwait' flag(s) along. It's been changed
to call bpf_alloc() but pass the corresponding M_TRYWAIT or M_DONTWAIT
flag (and only one of those two).
Submitted by: Hiten Pandya <hiten@unixdaemons.com> (hiten->commit_count++)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
mbuf for a packet looping back to provide alignment guarantees for
KAME. Unfortunately, this code performs a direct copy of the header
rather than using a header copying primitive (largely because we have
sucky header copying primitives). This results in a multiple free
of the MAC label in the header when the same label data is freed
twice when the two mbufs with that header are freed. As a temporary
work-around, clear the initialized flag on the label to prevent the
duplicate free, which prevents panics on large unaligned loopback
IP and IPv6 data. The real fix is to improve and make use of proper
packet header copying routines here.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
| | |
|
| | |
|
| |
|
|
| |
Approved by: re
|
| |
|
|
|
|
|
|
|
| |
bridge.c nor if_ethersubr.c depend on IPFIREWALL.
Restore the use of fw_one_pass in if_ethersubr.c
ipfw.8 will be updated with a separate commit.
Approved by: re
|
| |
|
|
|
|
|
| |
I will put them back in after 5.0 is out.
Requested by: sam
Approved by: re
|
| | |
|
| |
|
|
|
| |
Replace 0 with NULL where appropriate.
Fix indentation and function headers.
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
No functional changes, but:
+ the mrouting module now should behave the same as the compiled-in
version (it did not before, some of the rsvp code was not loaded
properly);
+ netinet/ip_mroute.c is now truly optional;
+ removed some redundant/unused code;
+ changed many instances of '0' to NULL and INADDR_ANY as appropriate;
+ removed several static variables to make the code more SMP-friendly;
+ fixed some minor bugs in the mrouting code (mostly, incorrect return
values from functions).
This commit is also a prerequisite to the addition of support for PIM,
which i would like to put in before DP2 (it does not change any of
the existing APIs, anyways).
Note, in the process we found out that some device drivers fail to
properly handle changes in IFF_ALLMULTI, leading to interesting
behaviour when a multicast router is started. This bug is not
corrected by this commit, and will be fixed with a separate commit.
Detailed changes:
--------------------
netinet/ip_mroute.c all the above.
conf/files make ip_mroute.c optional
net/route.c fix mrt_ioctl hook
netinet/ip_input.c fix ip_mforward hook, move rsvp_input() here
together with other rsvp code, and a couple
of indentation fixes.
netinet/ip_output.c fix ip_mforward and ip_mcast_src hooks
netinet/ip_var.h rsvp function hooks
netinet/raw_ip.c hooks for mrouting and rsvp functions, plus
interface cleanup.
netinet/ip_mroute.h remove an unused and optional field from a struct
Most of the code is from Pavlin Radoslavov and the XORP project
Reviewed by: sam
MFC after: 1 week
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
o on input don't strip the Ethernet header from packets
o input packet handling is now done with if_input
o track changes to ether_ifattach/ether_ifdetach API
o track changes to bpf tapping
o call ether_ioctl for default handling of ioctl's
o use constants from net/ethernet.h where possible
Reviewed by: many
Approved by: re
|
| |
|
|
|
| |
Reviewed by: many
Approved by: re
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
drivers "tag packets" with an m_tag and the input packet handling recognizes
such packets and does the right thing
o track the number of active vlans on an interface; this lets lots of places
only do vlan-specific processing when needed
o track changes to ether_ifdetach/ether_ifattach
o track bpf changes
o eliminate the use of M_PROTO1 for communicating to drivers about tagged
packets
o eliminate the use of IFF_LINK0 for drivers communicating to the vlan code
that they support h/w tagging; replaced by explicit interface capabilities
o add ifnet capabilities for h/w tagging and support of "large mtu's"
o use new interface capabilities to auto-configure use of large mtu's and h/w
tagging
o add support for proper handling of promiscuous mode
o document driver/vlan communication conventions
Reviewed by: many
Approved by: re
|
| |
|
|
|
|
|
|
| |
o add if_input member for interface drivers to call through to pass packets "up"
o remove ethernet-specific function decls (moved to ethernet.h)
Reviewed by: many
Approved by: re
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ether_header; instead drivers are to leave the Ethernet header at the
front of the packet
o add declarations for netgraph and vlan hooks that were removed from ethernet.h
o change various in-file calling conventions to track change in input API
o fixup bridge support to handle Ethernet header no longer being stripped
o add consistency checks to ether_input to catch problems with the change
in the API; some of these may want to be moved to #ifdef DIAGNOSTIC at a
later time (though they are not too expensive to leave as is)
o change ether_demux to eliminate the passing of the Ethernet header; it is
now expected at the front of the packet a la ether_input
o add ether_sprintf compatibility shim
o change ether_ifattach API to remove "bpf supported param" and add a pointer
to the MAC address to be installed for the LL address (this is for future
changes to divest struct arpcom from struct ifnet)
o change ether_ifdetach API to remove "bpf support param"
Reviewed by: many
Approved by: re
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
o ETHER_* (ETHER_ALIGN, ETHER_MAX_FRAME, ETHER_CRC_LEN, etc.)
o M_HASFCS for drivers to indicate packets include FCS
o remove global declarations for ng_ether* and vlan_* since these
represent a private contract between the if_ethersubr.c code and
certain parts of the system that should not normally be abused
o add ether_* declarations that were elsewhere
o remove ETHER_BPF_* since they are no longer used with the parameter
no longer passed to ether_ifattach and ether_ifdetach
Reviewed by: many
Approved by: re
|
| |
|
|
|
|
|
|
|
|
| |
o introduce BPF_TAP and BPF_MTAP macros to hide implementation details and
ease code portability
o use m_getcl where appropriate
Reviewed by: many
Approved by: re
Obtained from: NetBSD (multiple link type support)
|
| |
|
|
|
|
|
| |
o add interface capabilities for vlan use and to signal jumbo frame support
Reviewed by: many
Approved by: re
|
| |
|
|
| |
Verified by: md5
|
| | |
|
| |
|
|
|
| |
The flag is sometimes unset if the interface has IPv6 link-local
address only.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
printf("%s%d: blah", ifp->if_name, ifp->if_xname).
|
| |
|
|
|
|
|
|
|
|
|
| |
labeling checks and operations as with other network interfaces.
Eventually, if it proves desirable, we might want to offer special
casing of this or other tunnel interfaces where we have an existing
label of interest, rather than treating it as though it's an
entirely fresh mbuf in the incoming/outgoing encapsulation directions.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
| |
|
|
|
|
| |
b{copy,zero,cmp} functions anymore.
Spotted by: FlexeLint.
|
| |
|
|
|
|
|
|
|
| |
transmission checks; when it is received, label the packet appropriately.
Although we don't have a local FDDI setup to test this with, the
labeling and checks are identical to other interface classes.
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
| |
|
|
|
|
|
|
|
|
| |
appropriate interface transmission checks and delivery labeling. While
we don't have a local ATM configuration, this code is almost identical
to all other interface classes.
Approved by: re
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
|
| |
|
|
|
|
| |
Be consistent about functions being static.
Verified by: md5 hash of generated .o file.
|
| |
|
|
|
| |
Obtained from: KAME
MFC after: 3 weeks
|
| |
|
|
|
|
|
| |
- NULL != 0
Obtained from: KAME
MFC after: 3 weeks
|
| |
|
|
|
| |
Obtained from: KAME
MFC after: 3 weeks
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
- set IFF_UP on SIOCSIFADDR. be consistent with others.
- set if_addrlen explicitly (just in case)
- multi destination mode is long gone.
- missing break statement
- add gif_set_tunnel(), so that we can set tunnel address from within the
kernel at ease.
- encap_attach/detach dynamically on ioctls
- move encap_attach() to dedicated function in in*_gif.c
Obtained from: KAME
MFC after: 3 weeks
|
| |
|
|
| |
Spotted by: FlexeLint
|
| |
|
|
| |
Spotted by: FlexeLint.
|
| |
|
|
| |
for use by "Fast IPsec"
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
o instead of a list of mbufs use a list of m_tag structures a la openbsd
o for netgraph et. al. extend the stock openbsd m_tag to include a 32-bit
ABI/module number cookie
o for openbsd compatibility define a well-known cookie MTAG_ABI_COMPAT and
use this in defining openbsd-compatible m_tag_find and m_tag_get routines
o rewrite KAME use of aux mbufs in terms of packet tags
o eliminate the most heavily used aux mbufs by adding an additional struct
inpcb parameter to ip_output and ip6_output to allow the IPsec code to
locate the security policy to apply to outbound packets
o bump __FreeBSD_version so code can be conditionalized
o fixup ipfilter's call to ip_output based on __FreeBSD_version
Reviewed by: julian, luigi (silent), -arch, -net, darren
Approved by: julian, silence from everyone else
Obtained from: openbsd (mostly)
MFC after: 1 month
|
| |
|
|
|
|
| |
RFC2407/IANA assignment. This change breaks binary
compatibility. So, you need to recompile IPsec related
applications.
|
| |
|
|
|
|
|
|
| |
going to bridge.c:bdg_forward(). The header can be munged even if the
mbuf does not /appear/ to change.
PR: kern/42465
MFC after: 4 days
|
| |
|
|
|
| |
to uintptr_t rather than u_int to avoid warnings on
64 bits architectures.
|
| |
|
|
|
|
|
|
|
| |
dereference the struct sigio pointer without any locking. Change
fgetown() to take a reference to the pointer instead of a copy of the
pointer and call SIGIO_LOCK() before copying the pointer and
dereferencing it.
Reviewed by: rwatson
|
