summaryrefslogtreecommitdiffstats
path: root/sys/netinet
Commit message (Collapse)AuthorAgeFilesLines
* Make stream our stream reset implementationrrs2012-03-2913-215/+549
| | | | | | compliant to RFC6525. MFC after: 1 month
* Permit tcpdrop in VNET jails.zec2012-03-281-1/+1
| | | | | Submitted by: Miljenko Mikuc MFC after: 3 days
* Honor the net.inet.udp.checksum sysctl when using SCTP/UDP/IPv4tuexen2012-03-281-9/+35
| | | | | | encapsulation. MFCing requires MFCing http://svn.freebsd.org/changeset/base/233554 MFC after: 2 weeks
* Export the udp_cksum sysctl for upcoming SCTP work. Rather than always,bz2012-03-272-4/+6
| | | | | | | | | | | SCTP will only do IPv4 UDP checksum calculation as defined by the host policy. When tunneling SCTP always calculates the inner checksum already so not doing the outer UDP can save cycles. While here virtualize the variable. Requested by: tuexen MFC after: 2 weeks
* - Permit number of ipfw tables to be changed in runtime.melifaro2012-03-254-14/+101
| | | | | | | | | | | | | | | net.inet.ip.fw.tables_max is now read-write. - Bump IPFW_TABLES_MAX to 65535 Default number of tables is still 128 - Remove IPFW_TABLES_MAX from ipfw(8) code. Sponsored by Yandex LLC Approved by: kib(mentor) MFC after: 2 weeks
* Small cleanup of the code. No functional change (in FreeBSD kernel).tuexen2012-03-221-17/+20
| | | | MFC after: 1 week.
* Hide a few declarations from userland (including `struct inpcbgroup'). Thisrmh2012-03-171-1/+1
| | | | | | | | removes the dependency on <machine/param.h> which was introduced with SVN rev 222748 (due to CACHE_LINE_SIZE). Reviewed by: bde MFC after: 10 days
* Clean up, no functional change.tuexen2012-03-151-16/+11
| | | | MFC after: 3 days.
* Fix bugs which can result in a panic when an non-SCTP socket ittuexen2012-03-151-5/+5
| | | | | | used with an sctp_ system-call which expects an SCTP socket. MFC after: 3 days.
* Fix VNET build broken by r232865.melifaro2012-03-122-3/+3
| | | | Temporary remove the ability to assign different number of tables per VNET instance.
* This fixes PR 165210. Basically we justrrs2012-03-121-0/+1
| | | | | | | | | | add in the netgraph interface to the list of acceptable interfaces. A todo at the next IETF code blitz, though is we need to review why we screen interfaces, there was a reason ;-). PR: 165210 MFC after: 1 week
* - Add ipfw eXtended tables permitting radix to be used for any kind of keys.melifaro2012-03-125-92/+671
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Add support for IPv6 and interface extended tables - Make number of tables to be loader tunable in range 0..65534. - Use IP_FW3 opcode for all new extended table cmds No ABI changes are introduced. Old userland will see valid tables for IPv4 tables and no entries otherwise. Flush works for any table. IP_FW3 socket option is used to encapsulate all new opcodes: /* IP_FW3 header/opcodes */ typedef struct _ip_fw3_opheader { uint16_t opcode; /* Operation opcode */ uint16_t reserved[3]; /* Align to 64-bit boundary */ } ip_fw3_opheader; New opcodes added: IP_FW_TABLE_XADD, IP_FW_TABLE_XDEL, IP_FW_TABLE_XGETSIZE, IP_FW_TABLE_XLIST ipfw(8) table argument parsing behavior is changed: 'ipfw table 999 add host' now assumes 'host' to be interface name instead of hostname. New tunable: net.inet.ip.fw.tables_max controls number of table supported by ipfw in given VNET instance. 128 is still the default value. New syntax: ipfw add skipto tablearg ip from any to any via table(42) in ipfw add skipto tablearg ip from any to any via table(4242) out This is a bit hackish, special interface name '\1' is used to signal interface table number is passed in p.glob field. Sponsored by Yandex LLC Reviewed by: ae Approved by: ae (mentor) MFC after: 4 weeks
* Fix a warning reported by bz@tuexen2012-03-091-3/+3
| | | | MFC after: 3 days.
* Add support for stf interfaces.tuexen2012-03-091-0/+1
| | | | MFC after: 3days.
* Fix a bug reported by Peter Holm which results in a crash:tuexen2012-03-091-0/+9
| | | | | | | Verify in sctp_peeloff() that the socket is a one-to-many style SCTP socket. MFC after: 3 days.
* Change SYSINIT priorities so that ip_mroute_modevent() is executedzec2012-03-041-2/+2
| | | | | | | | | | before vnet_mroute_init(), since vnet_mroute_init() depends on mfchashsize tunable to be set, and that is done in in ip_mroute_modevent(). Apparently I broke that ordering with r208744 almost 2 years ago... PR: kern/162201 Submitted by: Stevan Markovic (mcafee.com) MFC after: 3 days
* Correct typo in the RFC number for the constants based on IANA assignmentsbz2012-03-041-2/+2
| | | | | | | for IPv6 Neighbor Discovery Option types for "IPv6 Router Advertisement Options for DNS Configuration". It is RFC 6106. MFC after: 3 days
* - Refresh dynamic tcp rule only if both sides answered keepalive packets.oleg2012-02-281-19/+27
| | | | | | - Remove some useless assignments. MFC after: 1 month
* lookup_dyn_rule_locked(): style(9) cleanupoleg2012-02-281-64/+62
| | | | MFC after: 1 month
* When using flowtable llentrys can outlive the interface with which they're ↵kmacy2012-02-231-16/+15
| | | | | | | | | | | associated at which the lle_tbl pointer points to freed memory and the llt_free pointer is no longer valid. Move the free pointer in to the llentry itself and update the initalization sites. MFC after: 2 weeks
* Don't use `m' after m_megapullup.ae2012-02-221-1/+1
| | | | | PR: kern/165373 MFC after: 3 days
* Remove two clang warnings.tuexen2012-02-181-1/+1
| | | | MFC after: 1 month.
* Merge multi-FIB IPv6 support from projects/multi-fibv6/head/:bz2012-02-174-8/+14
| | | | | | | | | | | | Extend the so far IPv4-only support for multiple routing tables (FIBs) introduced in r178888 to IPv6 providing feature parity. This includes an extended rtalloc(9) KPI for IPv6, the necessary adjustments to the network stack, and user land support as in netstat. Sponsored by: Cisco Systems, Inc. Reviewed by: melifaro (basically) MFC after: 10 days
* Fix PAWS (Protect Against Wrapped Sequence numbers) in cases whenbz2012-02-155-23/+54
| | | | | | | | | | | | | | | | | | | | hz >> 1000 and thus getting outside the timestamp clock frequenceny of 1ms < x < 1s per tick as mandated by RFC1323, leading to connection resets on idle connections. Always use a granularity of 1ms using getmicrouptime() making all but relevant callouts independent of hz. Use getmicrouptime(), not getmicrotime() as the latter may make a jump possibly breaking TCP nfsroot mounts having our timestamps move forward for more than 24.8 days in a second without having been idle for that long. PR: kern/61404 Reviewed by: jhb, mav, rrs Discussed with: silby, lstewart Sponsored by: Sandvine Incorporated (originally in 2011) MFC after: 6 weeks
* Fix a bug where the wrong protocol overhead was used. This can leadtuexen2012-02-141-25/+62
| | | | | | | | | to a deadlock of an association when an IPv6 socket was used to communcate with IPv4 and an ICMPv4 fragmentation needed message was received. While there, simplify the code a bit. MFC after: 3 days.
* Set vnet context in callouts and taskqueues.glebius2012-02-081-0/+8
| | | | PR: 164696
* Make the 'tcpwin' option of ipfw(8) accept ranges and lists.glebius2012-02-062-3/+17
| | | | Submitted by: sem
* Fix a typo which was already fixed by eadler in r227489. We missedtuexen2012-02-061-1/+1
| | | | | | to integrate this fix in our code base, so it was removed in r227755. MFC after: 3 days.
* Add new socket options: TCP_KEEPINIT, TCP_KEEPIDLE, TCP_KEEPINTVL andglebius2012-02-057-24/+103
| | | | | | | TCP_KEEPCNT, that allow to control initial timeout, idle time, idle re-send interval and idle send count on a per-socket basis. Reviewed by: andre, bz, lstewart
* o Provide functions carp_ifa_addroute()/carp_ifa_delroute()glebius2012-02-011-24/+41
| | | | | | | | | | to cleanup routes from a single ifa. o Implement carp_addroute()/carp_delroute() via above functions. o Call carp_ifa_delroute() in the carp_detach() to avoid junk routes left in routing table, in case if user removes an address in a MASTER state. [1] Reported by: az [1]
* a variable was erroneously declared as 32 bit instead of 64.luigi2012-01-271-1/+1
| | | | MFC after: 3 days
* Remove unused variable.glebius2012-01-241-3/+0
|
* Make #error messages string-literals and remove punctuation.bz2012-01-223-3/+3
| | | | | | Reported by: bde (for ip_divert) Reviewed by: bde MFC after: 3 days
* Fix ip_divert handling of inet and inet6 and module building some more.bz2012-01-221-3/+1
| | | | | | | | Properly sort the "carp" case in modules/Makefile after it was renamed. Reported by: bde (most) Reviewed by: bde MFC after: 3 days
* Clean up some #endif comments removing from short sections. Add #endifbz2012-01-223-15/+14
| | | | | | | | | | | | comments to longer, also refining strange ones. Properly use #ifdef rather than #if defined() where possible. Four #if defined(PCBGROUP) occurances (netinet and netinet6) were ignored to avoid conflicts with eventually upcoming changes for RSS. Reported by: bde (most) Reviewed by: bde MFC after: 3 days
* Remove a superfluous INET6 check (no opt_inet6.h included anyway).bz2012-01-201-1/+1
| | | | MFC after: 3 days
* Fix a problem when using the CBAPI.tuexen2012-01-201-2/+1
| | | | While there, remove an old comment which does not apply anymore.
* Drop support for SIOCSIFADDR, SIOCSIFNETMASK, SIOCSIFBRDADDR, SIOCSIFDSTADDRglebius2012-01-161-76/+6
| | | | | | | ioctl commands. PR: 163524 Reviewed by: net
* Two cleanups. No functional change.tuexen2012-01-152-3/+3
|
* Fix two bugs, which result in a panic when calling getsockopt()tuexen2012-01-141-2/+2
| | | | | | | using SCTP_RECVINFO or SCTP_NXTINFO. Reported by Clement Lecigne and forwarded to us by zi@. MFC after: 3 days.
* Bunch of fixes to pfsync(4) module load/unload:glebius2012-01-091-20/+0
| | | | | | | | | | | | | | | | | | | | | o Make the pfsync.ko actually usable. Before this change loading it didn't register protosw, so was a nop. However, a module /boot/kernel did confused users. o Rewrite the way we are joining multicast group: - Move multicast initialization/destruction to separate functions. - Don't allocate memory if we aren't going to join a multicast group. - Use modern API for joining/leaving multicast group. - Now the utterly wrong pfsync_ifdetach() isn't needed. o Move module initialization from SYSINIT(9) to moduledata_t method. o Refuse to unload module, unless asked forcibly. o Improve a bit some FreeBSD porting code: - Use separate malloc type. - Simplify swi sheduling. This change is probably wrong from VIMAGE viewpoint, however pfsync wasn't VIMAGE-correct before this change, too. Glanced at by: bz
* Make it possible to use alternative source hardware addressglebius2012-01-081-10/+19
| | | | | | | | | | | | | in the ARP datagram generated by arprequest(). If caller doesn't supply the address, then it is either picked from CARP or hardware address of the interface is taken. While here, make several minor fixes: - Hold IF_ADDR_RLOCK(ifp) while traversing address list. - Remove not true comment. - Access internet address and mask via in_ifaddr fields, rather than ifaddr.
* Provide IA_MASKSIN() macro similar to IA_SIN() and IA_DSTSIN().glebius2012-01-081-0/+1
|
* Move arprequest() declaration to if_ether.h.glebius2012-01-082-2/+2
|
* Add an SCTP sysctl "blackhole", similar to the one for TCP.tuexen2012-01-084-5/+32
| | | | | | | | | | If set to 1, no ABORT is sent back in response to an incoming INIT. If set to 2, no ABORT is sent back in response to an out of the blue packet. If set to 0 (the default), ABORTs are sent. Discussed with rrs@. MFC after: 1 month.
* Retire the SCTP sysctl "strict_init". We always perform the validationtuexen2012-01-073-16/+3
| | | | | and there is no reason to make is configuarable. Discussed with rrs@.
* Improve the handling of received INITs. Send an ABORT whentuexen2012-01-071-100/+65
| | | | | | | not accepting the connection. Also fix a crash, which could happen when the user closed the socket. MFC after: 1 month.
* - Fix sysctl descriptioneadler2012-01-071-1/+1
| | | | | | PR: 163623 Submitted by: Eugene Grosbein <eugen@eg.sd.rdtc.ru> Approved by: bz
* Use NULL instead of 0.tuexen2012-01-061-1/+1
| | | | MFC after: 1 month.
* Always release the inp lock before returning from tcp_detach.np2012-01-061-1/+3
| | | | MFC after: 5 days
OpenPOWER on IntegriCloud