summaryrefslogtreecommitdiffstats
path: root/sys/netinet
Commit message (Collapse)AuthorAgeFilesLines
* Add RFC 3378 EtherIP support. This change makes it possible to add gifthompsa2005-12-212-0/+29
| | | | | | | | interfaces to bridges, which will then send and receive IP protocol 97 packets. Packets are Ethernet frames with an EtherIP header prepended. Obtained from: NetBSD MFC after: 2 weeks
* Use consistent indent character as other IPPROTO_* lines did.delphij2005-12-201-1/+1
|
* Add protocol number for SCTP.gnn2005-12-201-0/+1
| | | | | Submitted by: Randall Stewart rrs at cisco.com MFC after: 1 week
* Add a knob to suppress logging of attempts to modifyglebius2005-12-181-6/+11
| | | | | | permanent ARP entries. Submitted by: Andrew Alcheyev <buddy telenet.ru>
* Add descriptions for sysctl -d.emaste2005-12-161-5/+5
| | | | | Approved by: glebius Silence from: rwatson (mentor)
* Cleanup __FreeBSD_version.glebius2005-12-161-5/+0
|
* Use %t (ptrdiff_t modifier) to print a couple of pointer differences ratherjhb2005-12-151-2/+2
| | | | than casting them to int.
* Fix a bunch of SYSCTL_INT() that should have been SYSCTL_ULONG() tomux2005-12-143-6/+6
| | | | | | | match the type of the variable they are exporting. Spotted by: Thomas Hurst <tom@hur.st> MFC after: 3 days
* Add a new feature for optimizining ipfw rulesets - substitution of theglebius2005-12-132-5/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | action argument with the value obtained from table lookup. The feature is now applicable only to "pipe", "queue", "divert", "tee", "netgraph" and "ngtee" rules. An example usage: ipfw pipe 1000 config bw 1000Kbyte/s ipfw pipe 4000 config bw 4000Kbyte/s ipfw table 1 add x.x.x.x 1000 ipfw table 1 add x.x.x.y 4000 ipfw pipe tablearg ip from table(1) to any In the example above the rule will throw different packets to different pipes. TODO: - Support "skipto" action, but without searching all rules. - Improve parser, so that it warns about bad rules. These are: - "tablearg" argument to action, but no "table" in the rule. All traffic will be blocked. - "tablearg" argument to action, but "table" searches for entry with a specific value. All traffic will be blocked. - "tablearg" argument to action, and two "table" looks - for src and for dst. The last lookup will match.
* When we drop packet due to no space in output interface output queue, alsoglebius2005-12-061-0/+1
| | | | | | | increase the ifp->if_snd.ifq_drops. PR: 72440 Submitted by: ikob
* Optimize parallel processing of ipfw(4) rulesets eliminating the lockingglebius2005-12-061-71/+54
| | | | | | | | | | | | | | | | | | | | | of the radix lookup tables. Since several rnh_lookup() can run in parallel on the same table, we can piggyback on the shared locking provided by ipfw(4). However, the single entry cache in the ip_fw_table can't be used lockless, so it is removed. This pessimizes two cases: processing of bursts of similar packets and matching one packet against the same table several times during one ipfw_chk() lookup. To optimize the processing of similar packet bursts administrator should use stateful firewall. To optimize the second problem a solution will be provided soon. Details: o Since we piggyback on the ipfw(4) locking, and the latter is per-chain, the tables are moved from the global declaration to the struct ip_fw_chain. o The struct ip_fw_table is shrunk to one entry and thus vanished. o All table manipulating functions are extended to accept the struct ip_fw_chain * argument. o All table modifing functions use IPFW_WLOCK_ASSERT().
* Fix -Wundef.ru2005-12-041-1/+1
|
* obey opt_inet6.h and opt_ipsec.h in kernel build directory.ume2005-11-292-3/+3
| | | | Requested by: hrs
* Garbage-collect now unused struct _ipfw_insn_pipe and flush_pipe_ptrs(),glebius2005-11-292-44/+1
| | | | | thus removing a few XXXes. Document the ABI breakage in UPDATING.
* First step in removing welding between ipfw(4) and dummynet.glebius2005-11-292-288/+285
| | | | | | | | | | | | | | | | | | | | | o Do not use ipfw_insn_pipe->pipe_ptr in locate_flowset(). The _ipfw_insn_pipe isn't touched by this commit to preserve ABI compatibility. o To optimize the lookup of the pipe/flowset in locate_flowset() introduce hashes for pipes and queues: - To preserve ABI compatibility utilize the place of global list pointer for SLIST_ENTRY. - Introduce locate_flowset(queue nr) and locate_pipe(pipe nr). o Rework all the dummynet code to deal with the hashes, not global lists. Also did some style(9) changes in the code blocks that were touched by this sweep: - Be conservative about flowset and pipe variable names on stack, use "fs" and "pipe" everywhere. - Cleanup whitespaces. - Sort variables. - Give variables more meaningful names. - Uppercase and dots in comments. - ENOMEM when malloc(9) failed.
* Fix prototype.ru2005-11-241-1/+1
|
* Fix for a bug that causes SACK scoreboard corruption when the limitps2005-11-211-6/+21
| | | | | | | | on holes per connection is reached. Reported by: Patrik Roos Submitted by: Mohan Srinivasan Reviewed by: Raja Mukerji, Noritoshi Demizu
* Remove 'ipprintfs' which were protected under DIAGNOSTIC. It doesn'tandre2005-11-192-36/+0
| | | | | | | | | | have any know to enable it from userland and could only be enabled by either setting it to 1 at compile time or through the kernel debugger. In the future it may be brought back as KTR tracing points. Discussed with: rwatson Sponsored by: TCP/IP Optimization Fundraise 2005
* Move MAX_IPOPTLEN and struct ipoption back into ip_var.h asandre2005-11-192-13/+13
| | | | | | | userland programs depend on it. Pointed out by: le Sponsored by: TCP/IP Optimization Fundraise 2005
* Consolidate all IP Options handling functions into ip_options.[ch] andandre2005-11-1814-681/+794
| | | | | | | | | | | | | | | | | | | | include ip_options.h into all files making use of IP Options functions. From ip_input.c rev 1.306: ip_dooptions(struct mbuf *m, int pass) save_rte(m, option, dst) ip_srcroute(m0) ip_stripoptions(m, mopt) From ip_output.c rev 1.249: ip_insertoptions(m, opt, phlen) ip_optcopy(ip, jp) ip_pcbopts(struct inpcb *inp, int optname, struct mbuf *m) No functional changes in this commit. Discussed with: rwatson Sponsored by: TCP/IP Optimization Fundraise 2005
* Purge layer specific mbuf flags on layer crossings to avoid confusingandre2005-11-181-1/+12
| | | | | | upper or lower layers. Sponsored by: TCP/IP Optimization Fundraise 2005
* Rework icmp_error() to deal with truncated IP packets fromandre2005-11-181-48/+54
| | | | | | ip_forward() when doing extended quoting in error messages. Sponsored by: TCP/IP Optimization Fundraise 2005
* In ip_forward() copy as much into the temporary error mbuf as weandre2005-11-181-3/+2
| | | | | | | | have free space in it. Allocate correct mbuf from the beginning. This allows icmp_error() to quote the entire TCP header in error messages. Sponsored by: TCP/IP Optimization Fundraise 2005
* MFOpenBSD 1.62:glebius2005-11-171-2/+4
| | | | | | | Prevent backup CARP hosts from replying to arp requests, fixes strangeness with some layer-3 switches. From Bill Marquette. Tested by: Kazuaki Oda <kaakun highway.ne.jp>
* Unbreak for !INET6 case.ru2005-11-141-1/+1
|
* - Store pointer to the link-level address right in "struct ifnet"ru2005-11-112-15/+14
| | | | | | | | | | rather than in ifindex_table[]; all (except one) accesses are through ifp anyway. IF_LLADDR() works faster, and all (except one) ifaddr_byindex() users were converted to use ifp->if_addr. - Stop storing a (pointer to) Ethernet address in "struct arpcom", and drop the IFP2ENADDR() macro; all users have been converted to use IF_LLADDR() instead.
* fixed a bug that uRPF does not work properly for an IPv6 packet bound for ↵suz2005-11-101-2/+8
| | | | | | | the sending machine itself (this is a bug introduced due to a change in ip6_input.c:Rev.1.83) Pointed out by: Sean McNeil and J.R.Oldroyd MFC after: 3 days
* Use sparse initializers for "struct domain" and "struct protosw",ru2005-11-094-139/+226
| | | | so they are easier to follow for the human being.
* Move the cloned interface list management in to if_clone. For some drivers thethompsa2005-11-081-3/+0
| | | | | | | | | | softc lists and associated mutex are now unused so these have been removed. Calling if_clone_detach() will now destroy all the cloned interfaces for the driver and in most cases is all thats needed to unload. Idea by: brooks Reviewed by: brooks
* Rework ARP retransmission algorythm so that ARP requests areglebius2005-11-081-30/+27
| | | | | | | | | | | | | | | retransmitted without suppression, while there is demand for such ARP entry. As before, retransmission is rate limited to one packet per second. Details: - Remove net.link.ether.inet.host_down_time - Do not set/clear RTF_REJECT flag on route, to avoid rt_check() returning error. We will generate error ourselves. - Return EWOULDBLOCK on first arp_maxtries failed requests , and return EHOSTDOWN/EHOSTUNREACH on further requests. - Retransmit ARP request always, independently from return code. Ratelimit to 1 pps.
* Retire MT_HEADER mbuf type and change its users to use MT_DATA.andre2005-11-029-17/+17
| | | | | | | | | | | | Having an additional MT_HEADER mbuf type is superfluous and redundant as nothing depends on it. It only adds a layer of confusion. The distinction between header mbuf's and data mbuf's is solely done through the m->m_flags M_PKTHDR flag. Non-native code is not changed in this commit. For compatibility MT_HEADER is mapped to MT_DATA. Sponsored by: TCP/IP Optimization Fundraise 2005
* Normalize a significant number of kernel malloc type names:rwatson2005-10-311-1/+1
| | | | | | | | | | | | | | | | | | | - Prefer '_' to ' ', as it results in more easily parsed results in memory monitoring tools such as vmstat. - Remove punctuation that is incompatible with using memory type names as file names, such as '/' characters. - Disambiguate some collisions by adding subsystem prefixes to some memory types. - Generally prefer lower case to upper case. - If the same type is defined in multiple architecture directories, attempt to use the same name in additional cases. Not all instances were caught in this change, so more work is required to finish this conversion. Similar changes are required for UMA zone names.
* Push the assignment of a new or updated so_qlimit from solisten()rwatson2005-10-301-4/+4
| | | | | | | | | | | | | | following the protocol pru_listen() call to solisten_proto(), so that it occurs under the socket lock acquisition that also sets SO_ACCEPTCONN. This requires passing the new backlog parameter to the protocol, which also allows the protocol to be aware of changes in queue limit should it wish to do something about the new queue limit. This continues a move towards the socket layer acting as a library for the protocol. Bump __FreeBSD_version due to a change in the in-kernel protocol interface. This change has been tested with IPv4 and UNIX domain sockets, but not other protocols.
* First fill in structure with valid values, and only then attach itglebius2005-10-281-2/+2
| | | | | | to the global list. Reviewed by: rwatson
* Since carp(4) interfaces presently are kinda fake yet possessyar2005-10-261-1/+1
| | | | | | | IP addresses, mark them with LOOPBACK so that routing daemons take them easy for link-state routing protocols. Reviewed by: glebius
* Fix build after in6_joingroup change. It remains unclear if DAD breaks CARPmlaier2005-10-221-2/+2
| | | | or not.
* In in_addprefix() compare not only route addresses, but their masks,glebius2005-10-221-8/+13
| | | | | | | | too. This fixes problem when connected prefixes overlap. Obtained from: OpenBSD (rev. 1.40 by claudio); [ I came to this fix myself, and then found out that OpenBSD had already fixed it the same way.]
* sync with KAME regarding NDPsuz2005-10-211-1/+5
| | | | | | | | | | | | - introduced fine-grain-timer to manage ND-caches and IPv6 Multicast-Listeners - supports Router-Preference <draft-ietf-ipv6-router-selection-07.txt> - better prefix lifetime management - more spec-comformant DAD advertisement - updated RFC/internet-draft revisions Obtained from: KAME Reviewed by: ume, gnn MFC after: 2 month
* Convert if (tp->t_state == TCPS_LISTEN) panic() into a KASSERT.rwatson2005-10-192-8/+4
| | | | MFC after: 2 weeks
* Change the reference counting to count the number of cloned interfaces for eachthompsa2005-10-121-1/+2
| | | | | | | | | | | | | | | cloner. This ensures that ifc->ifc_units is not prematurely freed in if_clone_detach() before the clones are destroyed, resulting in memory modified after free. This could be triggered with if_vlan. Assert that all cloners have been destroyed when freeing the memory. Change all simple cloners to destroy their clones with ifc_simple_destroy() on module unload so the reference count is properly updated. This also cleans up the interface destroy routines and allows future optimisation. Discussed with: brooks, pjd, -current Reviewed by: brooks
* o INP_ONESBCAST is inpcb.inp_vflag flag not inp_flags. The confusionmaxim2005-10-122-3/+3
| | | | | | | | | with IP_PORTRANGE_HIGH leads to the incorrect checksum calculation. PR: kern/87306 Submitted by: Rickard Lind Reviewed by: bms MFC after: 2 weeks
* Unbreak the net.inet6.tcp6.getcred sysctl.philip2005-10-122-6/+6
| | | | | | This makes inetd/auth work again in IPv6 setups. Pointy hat to: ume/KAME
* When bridging is enabled and an ARP request is recieved on a member interface,thompsa2005-10-041-1/+1
| | | | | | | | | | | | | | | | | the arp code will search all local interfaces for a match. This triggers a kernel log if the bridge has been assigned an address. arp: ac:de:48:18:83:3d is using my IP address 192.168.0.142! bridge0: flags=8041<UP,RUNNING,MULTICAST> mtu 1500 inet 192.168.0.142 netmask 0xffffff00 ether ac:de:48:18:83:3d Silence this warning for 6.0 to stop unnecessary bug reports, the code will need to be reworked. Approved by: mlaier (mentor) MFC after: 3 days
* Correct brainfart in SO_BINTIME test.andre2005-10-041-1/+1
| | | | | Pointed out by: nate Pointy hat to: andre
* Make SO_BINTIME timestamps available on raw_ip sockets.andre2005-10-041-1/+1
| | | | Sponsored by: TCP/IP Optimization Fundraise 2005
* Unlock Giant symmetrically with respect to lock acquire order as that'srwatson2005-10-031-1/+1
| | | | | | | generally nicer. Spotted by: johan MFC after: 1 week
* Acquire Giant conditionally in in_addmulti() and in_delmulti() based onrwatson2005-10-031-0/+9
| | | | | | | | | | | whether the interface being accessed is IFF_NEEDSGIANT or not. This avoids lock order reversals when calling into the interface ioctl handler, which could potentially lead to deadlock. The long term solution is to eliminate non-MPSAFE network drivers. Discussed with: jhb MFC after: 1 week
* o Teach sysctl_drop() how to deal with the sockets in TIME_WAIT state.maxim2005-10-022-2/+10
| | | | | | | | This is a special case because tcp_twstart() destroys a tcp control block via tcp_discardcb() so we cannot call tcp_drop(struct *tcpcb) on such connections. Use tcp_twclose() instead. MFC after: 5 days
* Remove bridge(4) from the tree. if_bridge(4) is a full functionalmlaier2005-09-274-28/+3
| | | | | | | | replacement and has additional features which make it superior. Discussed on: -arch Reviewed by: thompsa X-MFC-after: never (RELENG_6 as transition period)
* Implement IP_DONTFRAG IP socket option enabling the Don't Fragmentandre2005-09-265-2/+24
| | | | | | | | | | | | flag on IP packets. Currently this option is only repected on udp and raw ip sockets. On tcp sockets the DF flag is controlled by the path MTU discovery option. Sending a packet larger than the MTU size of the egress interface returns an EMSGSIZE error. Discussed with: rwatson Sponsored by: TCP/IP Optimization Fundraise 2005
OpenPOWER on IntegriCloud