summaryrefslogtreecommitdiffstats
path: root/sys/netinet
Commit message (Collapse)AuthorAgeFilesLines
* Potential fix for races shutting down callouts when unloadingsam2003-10-291-2/+6
| | | | | | | | | | the module. Previously we grabbed the mutex used by the callouts, then stopped the callout with callout_stop, but if the callout was already active and blocked by the mutex then it would continue later and reference the mutex after it was destroyed. Instead stop the callout first then lock. Supported by: FreeBSD Foundation
* o add locking to protect routing table refcnt manipulationssam2003-10-291-16/+18
| | | | | | | | | | o add some more debugging help for figuring out why folks are getting complaints about releasing routing table entries with a zero refcnt o fix comment that talked about spl's o remove duplicate define of DUMMYNET_DEBUG Supported by: FreeBSD Foundation
* add ECN support in layer-3.ume2003-10-295-35/+130
| | | | | | | | | - implement the tunnel egress rule in ip_ecn_egress() in ip_ecn.c. make ip{,6}_ecn_egress() return integer to tell the caller that this packet should be dropped. - handle ECN at fragment reassembly in ip_input.c and frag6.c. Obtained from: KAME
* ip6_savecontrol() argument is redundantume2003-10-291-1/+1
|
* Introduce the notion of "persistent mbuf tags"; these are tags that staysam2003-10-291-0/+1
| | | | | | | | | | | | | | with an mbuf until it is reclaimed. This is in contrast to tags that vanish when an mbuf chain passes through an interface. Persistent tags are used, for example, by MAC labels. Add an m_tag_delete_nonpersistent function to strip non-persistent tags from mbufs and use it to strip such tags from packets as they pass through the loopback interface and when turned around by icmp. This fixes problems with "tag leakage". Pointed out by: Jonathan Stone Reviewed by: Robert Watson
* speedup stream socket recv handling by tracking the tail ofsam2003-10-283-8/+8
| | | | | | | the mbuf chain instead of walking the list for each append Submitted by: ps/jayanth Obtained from: netbsd (jason thorpe)
* revert following unwanted changes:ume2003-10-252-26/+26
| | | | | | | - __packed to __attribute__((__packed__) - uintN_t back to u_intN_t Reported by: bde
* correct namespace pollution.ume2003-10-251-2/+1
| | | | Submitted by: bde
* remove the ip6r0_addr and ip6r0_slmap members from ip6_rthdr0{}ume2003-10-241-3/+2
| | | | | | according to rfc2292bis. Obtained from: KAME
* correct tab and order.ume2003-10-241-4/+4
|
* Switch Advanced Sockets API for IPv6 from RFC2292 to RFC3542ume2003-10-244-41/+42
| | | | | | | | | | (aka RFC2292bis). Though I believe this commit doesn't break backward compatibility againt existing binaries, it breaks backward compatibility of API. Now, the applications which use Advanced Sockets API such as telnet, ping6, mld6query and traceroute6 use RFC3542 API. Obtained from: KAME
* Reduce the number of tcp time_wait structs to maxsockets / 5; this ensuressilby2003-10-242-2/+2
| | | | | | | | | | | | that at most 20% of sockets can be in time_wait at one time, ensuring that time_wait sockets do not starve real connections from inpcb structures. No implementation change is needed, jlemon already implemented a nice LRU-ish algorithm for tcp_tw structure recycling. This should reduce the need for sysadmins to lower the default msl on busy servers.
* o restructure initialization code so data structures are setupsam2003-10-241-22/+34
| | | | | | | | | when loaded as a module o cleanup data structures on module unload when no application has been started (i.e. kldload, kldunload w/o mrtd) o remove extraneous unlocks immediately prior to destroying them Supported by: FreeBSD Foundation
* Change all SYSCTLS which are readonly and have a related TUNABLEsilby2003-10-213-5/+5
| | | | | from CTLFLAG_RD to CTLFLAG_RDTUN so that sysctl(8) can provide more useful error messages.
* enclose IPv6 part with ifdef INET6.ume2003-10-202-4/+6
| | | | Obtained from: KAME
* correct linkmtu handling.ume2003-10-202-4/+22
| | | | Obtained from: KAME
* - add dom_if{attach,detach} framework.ume2003-10-173-10/+5
| | | | | | - transition to use ifp->if_afdata. Obtained from: KAME
* pfil hooks can modify packet contents so check if the destinationsam2003-10-161-1/+11
| | | | | | | | address has been changed when PFIL_HOOKS is enabled and, if it has, arrange for the proper action by ip*_forward. Supported by: FreeBSD Foundation Submitted by: Pyun YongHyeon
* Drop dummynet lock when calling back into the network stack to deliversam2003-10-161-0/+5
| | | | | | | packets. This eliminates a LOR with Giant that caused outbound pipes to fail. Supported by: FreeBSD Foundation
* Malloc buckets of size 128 have been having their 64-byte offsetmckusick2003-10-161-4/+7
| | | | | | | | | | | | | | | | | | trashed after being freed. This has caused several panics including kern/42277 related to soft updates. Jim Kuhn tracked the problem down to ipfw limit rule processing. In the expiry of dynamic rules, it is possible for an O_LIMIT_PARENT rule to be removed when it still has live children. When the children eventually do expire, a pointer to the (long gone) parent is dereferenced and a count decremented. Since this memory can, and is, allocated for other purposes (in the case of kern/42277 an inodedep structure), chaos ensues. The offset in question in inodedep is the offset of the 16 bit count field in the ipfw2 ipfw_dyn_rule. Submitted by: Jim Kuhn <jkuhn@sandvine.com> Reviewed by: "Evgueni V. Gavrilov" <aquatique@rusunix.org> Reviewed by: Ben Pfountz <netprince@vt.edu> MFC after: 1 week
* purge extraneous ';'ssam2003-10-151-3/+3
| | | | | Supported by: FreeBSD Foundation Noticed by: bde
* Lock ip forwarding route cache. While we're at it, remove the globalsam2003-10-143-37/+95
| | | | | | | variable ipforward_rt by introducing an ip_forward_cacheinval() call to use to invalidate the cache. Supported by: FreeBSD Foundation
* remove dangling ';'s` that were harmlesssam2003-10-141-2/+2
| | | | Supported by: FreeBSD Foundation
* - fix typo in comment.ume2003-10-072-5/+4
| | | | | | - style. Obtained from: KAME
* nuke unused ICMPV6CTL_NAMES and KEYCTL_NAMES macros.ume2003-10-071-24/+0
|
* return(code) -> return (code)ume2003-10-071-1/+1
| | | | Obtained from: KAME
* Locking for updates to routing table entries. Each rtentry gets a mutexsam2003-10-047-54/+87
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | that covers updates to the contents. Note this is separate from holding a reference and/or locking the routing table itself. Other/related changes: o rtredirect loses the final parameter by which an rtentry reference may be returned; this was never used and added unwarranted complexity for locking. o minor style cleanups to routing code (e.g. ansi-fy function decls) o remove the logic to bump the refcnt on the parent of cloned routes, we assume the parent will remain as long as the clone; doing this avoids a circularity in locking during delete o convert some timeouts to MPSAFE callouts Notes: 1. rt_mtx in struct rtentry is guarded by #ifdef _KERNEL as user-level applications cannot/do-no know about mutex's. Doing this requires that the mutex be the last element in the structure. A better solution is to introduce an externalized version of struct rtentry but this is a major task because of the intertwining of rtentry and other data structures that are visible to user applications. 2. There are known LOR's that are expected to go away with forthcoming work to eliminate many held references. If not these will be resolved prior to release. 3. ATM changes are untested. Sponsored by: FreeBSD Foundation Obtained from: BSD/OS (partly)
* hookup ctlinput for fast ipsec versions of esp+ah protocolssam2003-10-031-2/+2
| | | | Supported by: FreeBSD Foundation
* place some kernel-specific data structures under #ifdef _KERNELsam2003-10-031-0/+2
| | | | Sponsored by: FreeBSD Foundation
* Shorten 'bad gateway' AF_LINK message.bms2003-10-031-1/+1
| | | | Submitted by: green
* Make arp_rtrequest()'s 'bad gateway' messages slightly more informative,bms2003-10-031-1/+4
| | | | | | to aid me in tracking down LLINFO inconsistencies in the routing table. Discussed with: fenner
* Only delete the route if arplookup() tried to create it. Do not deletebms2003-10-031-8/+13
| | | | | | | | | RTF_STATIC routes. Do not check for RTF_HOST so as to avoid being DoSed when an RTF_GENMASK route exists in the table. Add a more verbose comment about exactly what this code does. Submitted by: ru
* By popular demand, added the "static ARP" per-interface option.ru2003-10-011-2/+4
|
* add /*CONSTCOND*/ to reduce diffs against latest KAME.ume2003-09-252-6/+6
| | | | Obtained from: KAME
* Fix a logic error in the check to see if arplookup() should free the route.bms2003-09-241-2/+1
| | | | | Noticed by: Mike Hogsett Reviewed by: ru
* o update PFIL_HOOKS support to current API used by netbsdsam2003-09-233-42/+30
| | | | | | | | | | | o revamp IPv4+IPv6+bridge usage to match API changes o remove pfil_head instances from protosw entries (no longer used) o add locking o bump FreeBSD version for 3rd party modules Heavy lifting by: "Max Laier" <max@love2party.net> Supported by: FreeBSD Foundation Obtained from: NetBSD (bits of pfil.h and pfil.c)
* Fix a bug in arplookup(), whereby a hostile party on a locallybms2003-09-231-6/+14
| | | | | | | | attached network could exhaust kernel memory, and cause a system panic, by sending a flood of spoofed ARP requests. Approved by: jake (mentor) Reported by: Apple Product Security <product-security@apple.com>
* Grrr...add the Skinny alias code forgotten in the last commit.marcus2003-09-231-0/+338
|
* Add Cisco Skinny Station protocol support to libalias, natd, and ppp.marcus2003-09-236-1/+30
| | | | | | | | | | | | | | | Skinny is the protocol used by Cisco IP phones to talk to Cisco Call Managers. With this code, one can use a Cisco IP phone behind a FreeBSD NAT gateway. Currently, having the Call Manager behind the NAT gateway is not supported. More information on enabling Skinny support in libalias, natd, and ppp can be found in those applications' manpages. PR: 55843 Reviewed by: ru Approved by: ru MFC after: 30 days
* Bandaid locking change: mark static rule mutex recursive so re-entry whensam2003-09-171-1/+2
| | | | | | | sending an ICMP packet doesn't cause a panic. A better solution is needed; possibly defering the transmit to a dedicated thread. Observed by: "Aaron Wohl" <freebsd@soith.com>
* shuffle code so we don't "continue" and miss a needed unlock operationsam2003-09-171-4/+2
| | | | Observed by: Wiktor Niesiobedzki <w@evip.pl>
* Add locking.sam2003-09-171-164/+309
| | | | | | | | o change timeout to MPSAFE callout o restructure rule deletion to deal with locking requirements o replace static buffer used for ipfw control operations with malloc'd storage Sponsored by: FreeBSD Foundation
* Minor fixups + add locking.sam2003-09-171-65/+120
| | | | | | | | | o change time to MPSAFE callout o make debug printfs conditional on DUMMYNET_DEBUG and runtime controllable by net.inet.ip.dummynet.debug o make boot-time printf dependent on bootverbose Sponsored by: FreeBSD Foundation
* Fix a bunch of off-by-one errors in the range checking code.ru2003-09-112-4/+4
|
* Fixed -Wpointer-arith warning.ru2003-09-091-1/+1
| | | | | Submitted by: Stefan Farfeleder PR: bin/56653
* mdoc(7): Use the new feature of the .In macro.ru2003-09-081-2/+2
|
* Add locking.sam2003-09-061-135/+237
| | | | | | | | Special thanks to Pavlin Radoslavov <pavlin@icir.org> for testing and fixing numerous problems. Sponsored by: FreeBSD Foundation Reviewed by: Pavlin Radoslavov <pavlin@icir.org>
* lock ip fragment queuessam2003-09-051-0/+18
| | | | | Submitted by: Robert Watson <rwatson@freebsd.org> Obtained from: BSD/OS
* o add lockingsam2003-09-051-37/+67
| | | | | | | o move the global divsrc socket address to a local variable instead of locking it Sponsored by: FreeBSD Foundation
* PR: kern/56343bms2003-09-031-1/+3
| | | | | Reviewed by: tjr Approved by: jake (mentor)
OpenPOWER on IntegriCloud